Merge changes from topic "feature/imx8m-csu" into integration
* changes:
style(imx8m): add parenthesis to CSU_HP_REG
feat(imx8mp): restrict peripheral access to secure world
feat(imx8mp): set and lock almost all peripherals as non-secure
feat(imx8mm): restrict peripheral access to secure world
feat(imx8mm): set and lock almost all peripherals as non-secure
feat(imx8m): add defines for csu_sa access security
feat(imx8m): add imx csu_sa enum type defines for imx8m
fix(imx8m): fix CSU_SA_REG to work with all sa registers
diff --git a/.cz-adapter.cjs b/.cz-adapter.cjs
new file mode 100644
index 0000000..26aaeb2
--- /dev/null
+++ b/.cz-adapter.cjs
@@ -0,0 +1,15 @@
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/*
+ * A workaround for:
+ *
+ * https://github.com/conventional-changelog/commitlint/issues/3949
+ */
+
+exports.prompter = async (inquirerIns, commit) => {
+ ; (await import('@commitlint/cz-commitlint')).prompter(inquirerIns, commit)
+}
diff --git a/.cz.json b/.cz.json
index 556c39f..969a73b 100644
--- a/.cz.json
+++ b/.cz.json
@@ -1,3 +1,3 @@
{
- "path": "@commitlint/cz-commitlint"
+ "path": "./.cz-adapter.cjs"
}
diff --git a/.husky/commit-msg b/.husky/commit-msg
index c1c9600..b5d407b 100755
--- a/.husky/commit-msg
+++ b/.husky/commit-msg
@@ -1,7 +1,4 @@
#!/bin/sh
-# shellcheck source=./_/husky.sh
-. "$(dirname "$0")/_/husky.sh"
-
"$(dirname "$0")/commit-msg.gerrit" "$@"
"$(dirname "$0")/commit-msg.commitlint" "$@"
diff --git a/.husky/pre-commit b/.husky/pre-commit
index afcb1f6..f438ddb 100755
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@@ -1,6 +1,3 @@
#!/bin/sh
-# shellcheck source=./_/husky.sh
-. "$(dirname "$0")/_/husky.sh"
-
"$(dirname "$0")/pre-commit.copyright" "$@"
diff --git a/Makefile b/Makefile
index 6a1ea99..800346a 100644
--- a/Makefile
+++ b/Makefile
@@ -155,11 +155,9 @@
endif
else ifeq ($($(ARCH)-cc-id),gnu-gcc)
- ifeq ($(ENABLE_LTO),1)
- # Enable LTO only for aarch64
- ifeq (${ARCH},aarch64)
- LTO_CFLAGS = -flto
- endif
+ # Enable LTO only for aarch64
+ ifeq (${ARCH},aarch64)
+ LTO_CFLAGS = $(if $(filter-out 0,$(ENABLE_LTO)),-flto)
endif
endif #(clang)
@@ -325,6 +323,7 @@
ifeq ($(ENABLE_LTO),1)
ifeq (${ARCH},aarch64)
TF_LDFLAGS += -flto -fuse-linker-plugin
+ TF_LDFLAGS += -flto-partition=one
endif
endif #(ENABLE_LTO)
@@ -1146,6 +1145,7 @@
HARDEN_SLS \
HW_ASSISTED_COHERENCY \
MEASURED_BOOT \
+ DICE_PROTECTION_ENVIRONMENT \
DRTM_SUPPORT \
NS_TIMER_SWITCH \
OVERRIDE_LIBC \
@@ -1185,6 +1185,7 @@
COT_DESC_IN_DTB \
USE_SP804_TIMER \
PSA_FWU_SUPPORT \
+ PSA_FWU_METADATA_FW_STORE_DESC \
ENABLE_MPMM \
ENABLE_MPMM_FCONF \
FEATURE_DETECTION \
@@ -1312,6 +1313,7 @@
HW_ASSISTED_COHERENCY \
LOG_LEVEL \
MEASURED_BOOT \
+ DICE_PROTECTION_ENVIRONMENT \
DRTM_SUPPORT \
NS_TIMER_SWITCH \
PL011_GENERIC_UART \
@@ -1360,6 +1362,7 @@
NR_OF_FW_BANKS \
NR_OF_IMAGES_IN_FW_BANK \
PSA_FWU_SUPPORT \
+ PSA_FWU_METADATA_FW_STORE_DESC \
ENABLE_BRBE_FOR_NS \
ENABLE_TRBE_FOR_NS \
ENABLE_SYS_REG_TRACE_FOR_NS \
diff --git a/bl31/bl31_main.c b/bl31/bl31_main.c
index c8cc2c7..9807817 100644
--- a/bl31/bl31_main.c
+++ b/bl31/bl31_main.c
@@ -83,7 +83,7 @@
/*******************************************************************************
* Simple function to initialise all BL31 helper libraries.
******************************************************************************/
-void __init bl31_lib_init(void)
+static void __init bl31_lib_init(void)
{
cm_init();
}
diff --git a/bl31/bl31_traps.c b/bl31/bl31_traps.c
index d14a91e..f1b1fa6 100644
--- a/bl31/bl31_traps.c
+++ b/bl31/bl31_traps.c
@@ -97,7 +97,7 @@
* NOTE: This piece of code must be reviewed every release to ensure that
* we keep up with new ARCH features which introduces a new SPSR bit.
*/
-static u_register_t create_spsr(u_register_t old_spsr, unsigned int target_el)
+u_register_t create_spsr(u_register_t old_spsr, unsigned int target_el)
{
u_register_t new_spsr = 0;
u_register_t sctlr;
diff --git a/bl31/ehf.c b/bl31/ehf.c
index 5b78ebb..3a14635 100644
--- a/bl31/ehf.c
+++ b/bl31/ehf.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -203,10 +203,20 @@
* one stashed earlier if there are no more to deactivate.
*/
cur_pri_idx = get_pe_highest_active_idx(pe_data);
- if (cur_pri_idx == EHF_INVALID_IDX)
+
+#if GIC600_ERRATA_WA_2384374
+ if (cur_pri_idx == EHF_INVALID_IDX) {
+ old_mask = plat_ic_deactivate_priority(pe_data->init_pri_mask);
+ } else {
+ old_mask = plat_ic_deactivate_priority(priority);
+ }
+#else
+ if (cur_pri_idx == EHF_INVALID_IDX) {
old_mask = plat_ic_set_priority_mask(pe_data->init_pri_mask);
- else
+ } else {
old_mask = plat_ic_set_priority_mask(priority);
+ }
+#endif
if (old_mask > priority) {
ERROR("Deactivation priority (0x%x) lower than Priority Mask (0x%x)\n",
diff --git a/bl31/interrupt_mgmt.c b/bl31/interrupt_mgmt.c
index 68c7f10..a2b2c06 100644
--- a/bl31/interrupt_mgmt.c
+++ b/bl31/interrupt_mgmt.c
@@ -34,7 +34,7 @@
*
* All other bits are reserved and SBZ.
******************************************************************************/
-typedef struct intr_type_desc {
+typedef struct {
interrupt_type_handler_t handler;
u_register_t scr_el3[2];
uint32_t flags;
diff --git a/changelog.yaml b/changelog.yaml
index 5696291..3875a48 100644
--- a/changelog.yaml
+++ b/changelog.yaml
@@ -544,6 +544,9 @@
- title: Raspberry Pi 4
scope: rpi4
+ - title: Raspberry Pi 5
+ scope: rpi5
+
- title: Renesas
scope: renesas
@@ -804,6 +807,9 @@
deprecated:
- lib/psa
+ - title: DICE Protection Environment
+ scope: dice
+
- title: Context Management
scope: context-mgmt
diff --git a/docs/about/maintainers.rst b/docs/about/maintainers.rst
index 2ae92d7..6d34339 100644
--- a/docs/about/maintainers.rst
+++ b/docs/about/maintainers.rst
@@ -817,6 +817,8 @@
^^^^^^^^^^^^^^^^^^^^^^^
:|M|: Sumit Garg <sumit.garg@linaro.org>
:|G|: `b49020`_
+:|M|: Masahisa Kojima <kojima.masahisa@socionext.com>
+:|G|: `masahisak`_
:|F|: docs/plat/synquacer.rst
:|F|: plat/socionext/synquacer/
@@ -976,6 +978,7 @@
.. _lachitp: https://github.com/lachitp
.. _marex: https://github.com/marex
.. _masahir0y: https://github.com/masahir0y
+.. _masahisak: https://github.com/masahisak
.. _michalsimek: https://github.com/michalsimek
.. _mmind: https://github.com/mmind
.. _MrVan: https://github.com/MrVan
diff --git a/docs/about/release-information.rst b/docs/about/release-information.rst
index 654d65f..d814104 100644
--- a/docs/about/release-information.rst
+++ b/docs/about/release-information.rst
@@ -81,8 +81,6 @@
| | Date | after | |
| | | Release | |
+================================+=============+=========+=========================================================+
-| Mbedtls-2.x | 2.10 | 2.10 | Support for TF-A builds with Mbedtls-2.x will be removed|
-+--------------------------------+-------------+---------+---------------------------------------------------------+
| STM32MP15_OPTEE_RSV_SHM | 2.10 | 3.0 | OP-TEE manages its own memory on STM32MP15 |
+--------------------------------+-------------+---------+---------------------------------------------------------+
@@ -103,4 +101,4 @@
--------------
-*Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/components/firmware-update.rst b/docs/components/firmware-update.rst
index 1ba1e1c..eda7852 100644
--- a/docs/components/firmware-update.rst
+++ b/docs/components/firmware-update.rst
@@ -494,4 +494,4 @@
.. _Universally Unique Identifier: https://tools.ietf.org/rfc/rfc4122.txt
.. |Flow Diagram| image:: ../resources/diagrams/fwu_flow.png
.. |FWU state machine| image:: ../resources/diagrams/fwu_states.png
-.. _PSA FW update specification: https://developer.arm.com/documentation/den0118/a/
+.. _PSA FW update specification: https://developer.arm.com/documentation/den0118/latest/
diff --git a/docs/components/platform-interrupt-controller-API.rst b/docs/components/platform-interrupt-controller-API.rst
index 4de39d1..8cd4bae 100644
--- a/docs/components/platform-interrupt-controller-API.rst
+++ b/docs/components/platform-interrupt-controller-API.rst
@@ -282,9 +282,28 @@
that it's overwriting.
In case of Arm standard platforms using GIC, the implementation of the API
-inserts to order memory updates before updating mask, then writes to the GIC
-*Priority Mask Register*, and make sure memory updates are visible before
-potential trigger due to mask update.
+inserts barriers to order memory updates before updating mask,
+then writes to the GIC *Priority Mask Register*, and make sure memory updates
+are visible before potential trigger due to mask update.
+
+Function: unsigned int plat_ic_deactivate_priority(unsigned int id); [optional]
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+ Argument : unsigned int
+ Return : int
+
+This API performs the operations of plat_ic_set_priority_mask along with
+calling the errata workaround gicv3_apply_errata_wa_2384374(). This is
+performed when priority mask is restored to it's older value. This API returns
+the current priority value that it's overwriting.
+
+In case of Arm standard platforms using GIC, the implementation of the API
+inserts barriers to order memory updates before updating mask, then writes
+to the GIC *Priority Mask Register*, and make sure memory updates
+are visible before potential trigger due to mask update, and
+applies 2384374 GIC errata workaround to process pending interrupt packets.
.. _plat_ic_get_interrupt_id:
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index ccb45a8..5733214 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -793,12 +793,17 @@
- ``ERRATA_X3_2615812``: This applies errata 2615812 workaround to Cortex-X3
CPU. This needs to be enabled only for revisions r0p0, r1p0 and r1p1 of the
- CPU, it is still open.
+ CPU, it is fixed in r1p2.
- ``ERRATA_X3_2641945``: This applies errata 2641945 workaround to Cortex-X3
CPU. This needs to be enabled only for revisions r0p0 and r1p0 of the CPU.
It is fixed in r1p1.
+- ``ERRATA_X3_2701951``: This applies erratum 2701951 workaround to Cortex-X3
+ CPU and affects system configurations that do not use an ARM interconnect
+ IP. This needs to be applied to revisions r0p0, r1p0 and r1p1. It is fixed
+ in r1p2.
+
- ``ERRATA_X3_2742421``: This applies errata 2742421 workaround to
Cortex-X3 CPU. This needs to be enabled only for revisions r0p0, r1p0 and
r1p1. It is fixed in r1p2.
@@ -811,6 +816,16 @@
CPU. This needs to be enabled only for revisions r0p0, r1p0 and r1p1 of the
CPU. It is fixed in r1p2.
+For Cortex-X4, the following errata build flags are defined :
+
+- ``ERRATA_X4_2701112``: This applies erratum 2701112 workaround to Cortex-X4
+ CPU and affects system configurations that do not use an Arm interconnect IP.
+ This needs to be enabled for revisions r0p0 and is fixed in r0p1.
+ The workaround for this erratum is not implemented in EL3, but the flag can
+ be enabled/disabled at the platform level. The flag is used when the errata ABI
+ feature is enabled and can assist the Kernel in the process of
+ mitigation of the erratum.
+
For Cortex-A510, the following errata build flags are defined :
- ``ERRATA_A510_1922240``: This applies errata 1922240 workaround to
@@ -876,14 +891,40 @@
For Cortex-A715, the following errata build flags are defined :
+- ``ERRATA_A715_2331818``: This applies errata 2331818 workaround to
+ Cortex-A715 CPU. This needs to be enabled for revisions r0p0 and r1p0.
+ It is fixed in r1p1.
+
+- ``ERRATA_A715_2344187``: This applies errata 2344187 workaround to
+ Cortex-A715 CPU. This needs to be enabled for revisions r0p0 and r1p0. It is
+ fixed in r1p1.
+
+- ``ERRATA_A715_2413290``: This applies errata 2413290 workaround to
+ Cortex-A715 CPU. This needs to be enabled only for revision r1p0 and
+ when SPE(Statistical profiling extension)=True. The errata is fixed
+ in r1p1.
+
+- ``ERRATA_A715_2420947``: This applies errata 2420947 workaround to
+ Cortex-A715 CPU. This needs to be enabled only for revision r1p0.
+ It is fixed in r1p1.
+
+- ``ERRATA_A715_2429384``: This applies errata 2429384 workaround to
+ Cortex-A715 CPU. This needs to be enabled for revision r1p0. There is no
+ workaround for revision r0p0. It is fixed in r1p1.
+
- ``ERRATA_A715_2561034``: This applies errata 2561034 workaround to
Cortex-A715 CPU. This needs to be enabled only for revision r1p0.
It is fixed in r1p1.
+For Cortex-A720, the following errata build flags are defined :
+
+- ``ERRATA_A720_2926083``: This applies errata 2926083 workaround to
+ Cortex-A720 CPU. This needs to be enabled for revisions r0p0 and r0p1.
+ It is fixed in r0p2.
+
-- ``ERRATA_A715_2701951``: This applies erratum 2701951 workaround to Cortex-A715
- CPU and affects system configurations that do not use an ARM interconnect
- IP. This needs to be applied to revisions r0p0, r1p0 and r1p1. It is fixed
- in r1p2.
+- ``ERRATA_A720_2940794``: This applies errata 2940794 workaround to
+ Cortex-A720 CPU. This needs to be enabled for revisions r0p0 and r0p1.
+ It is fixed in r0p2.
DSU Errata Workarounds
----------------------
diff --git a/docs/design/firmware-design.rst b/docs/design/firmware-design.rst
index ba97264..fa06c8e 100644
--- a/docs/design/firmware-design.rst
+++ b/docs/design/firmware-design.rst
@@ -645,6 +645,35 @@
Data structures used in the BL31 cold boot interface
''''''''''''''''''''''''''''''''''''''''''''''''''''
+In the cold boot flow, ``entry_point_info`` is used to represent the execution
+state of an image; that is, the state of general purpose registers, PC, and
+SPSR.
+
+There are two variants of this structure, for AArch64:
+
+.. code:: c
+
+ typedef struct entry_point_info {
+ param_header_t h;
+ uintptr_t pc;
+ uint32_t spsr;
+
+ aapcs64_params_t args;
+ }
+
+and, AArch32:
+
+.. code:: c
+
+ typedef struct entry_point_info {
+ param_header_t h;
+ uintptr_t pc;
+ uint32_t spsr;
+
+ uintptr_t lr_svc;
+ aapcs32_params_t args;
+ } entry_point_info_t;
+
These structures are designed to support compatibility and independent
evolution of the structures and the firmware images. For example, a version of
BL31 that can interpret the BL3x image information from different versions of
@@ -662,13 +691,17 @@
uint8_t type; /* type of the structure */
uint8_t version; /* version of this structure */
uint16_t size; /* size of this structure in bytes */
- uint32_t attr; /* attributes: unused bits SBZ */
+ uint32_t attr; /* attributes */
} param_header_t;
-The structures using this format are ``entry_point_info``, ``image_info`` and
-``bl31_params``. The code that allocates and populates these structures must set
-the header fields appropriately, and the ``SET_PARAM_HEAD()`` a macro is defined
-to simplify this action.
+In `entry_point_info`, Bits 0 and 5 of ``attr`` field are used to encode the
+security state; in other words, whether the image is to be executed in Secure,
+Non-Secure, or Realm mode.
+
+Other structures using this format are ``image_info`` and ``bl31_params``. The
+code that allocates and populates these structures must set the header fields
+appropriately, the ``SET_PARAM_HEAD()`` macro is defined to simplify this
+action.
Required CPU state for BL31 Warm boot initialization
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/docs/design/trusted-board-boot.rst b/docs/design/trusted-board-boot.rst
index 10fb7fb..f10d2e7 100644
--- a/docs/design/trusted-board-boot.rst
+++ b/docs/design/trusted-board-boot.rst
@@ -84,20 +84,20 @@
- **Root of trust key**
- The private part of this key is used to sign the BL2 content certificate and
- the trusted key certificate. The public part is the ROTPK.
+ The private part of this key is used to sign the trusted boot firmware
+ certificate and the trusted key certificate. The public part is the ROTPK.
- **Trusted world key**
The private part is used to sign the key certificates corresponding to the
secure world images (SCP_BL2, BL31 and BL32). The public part is stored in
- one of the extension fields in the trusted world certificate.
+ one of the extension fields in the trusted key certificate.
- **Non-trusted world key**
The private part is used to sign the key certificate corresponding to the
- non secure world image (BL33). The public part is stored in one of the
- extension fields in the trusted world certificate.
+ non-secure world image (BL33). The public part is stored in one of the
+ extension fields in the trusted key certificate.
- **BL3X keys**
@@ -116,10 +116,11 @@
The following certificates are used to authenticate the images.
-- **BL2 content certificate**
+- **Trusted boot firmware certificate**
- It is self-signed with the private part of the ROT key. It contains a hash
- of the BL2 image.
+ It is self-signed with the private part of the ROT key. It contains a hash of
+ the BL2 image and hashes of various firmware configuration files
+ (TB_FW_CONFIG, HW_CONFIG, FW_CONFIG).
- **Trusted key certificate**
@@ -127,45 +128,48 @@
public part of the trusted world key and the public part of the non-trusted
world key.
-- **SCP_BL2 key certificate**
+- **SCP firmware key certificate**
It is self-signed with the trusted world key. It contains the public part of
the SCP_BL2 key.
-- **SCP_BL2 content certificate**
+- **SCP firmware content certificate**
It is self-signed with the SCP_BL2 key. It contains a hash of the SCP_BL2
image.
-- **BL31 key certificate**
+- **SoC firmware key certificate**
It is self-signed with the trusted world key. It contains the public part of
the BL31 key.
-- **BL31 content certificate**
+- **SoC firmware content certificate**
- It is self-signed with the BL31 key. It contains a hash of the BL31 image.
+ It is self-signed with the BL31 key. It contains hashes of the BL31 image and
+ its configuration file (SOC_FW_CONFIG).
-- **BL32 key certificate**
+- **Trusted OS key certificate**
It is self-signed with the trusted world key. It contains the public part of
the BL32 key.
-- **BL32 content certificate**
+- **Trusted OS content certificate**
- It is self-signed with the BL32 key. It contains a hash of the BL32 image.
+ It is self-signed with the BL32 key. It contains hashes of the BL32 image(s)
+ and its configuration file(s) (TOS_FW_CONFIG).
-- **BL33 key certificate**
+- **Non-trusted firmware key certificate**
It is self-signed with the non-trusted world key. It contains the public
part of the BL33 key.
-- **BL33 content certificate**
+- **Non-trusted firmware content certificate**
- It is self-signed with the BL33 key. It contains a hash of the BL33 image.
+ It is self-signed with the BL33 key. It contains hashes of the BL33 image and
+ its configuration file (NT_FW_CONFIG).
-The SCP_BL2 and BL32 certificates are optional, but they must be present if the
-corresponding SCP_BL2 or BL32 images are present.
+The SCP firmware and Trusted OS certificates are optional, but they must be
+present if the corresponding SCP_BL2 or BL32 images are present.
The following diagram summarizes the part of the TBBR CoT enforced by BL2. Some
images (SCP, debug certificates, secure partitions, configuration files) are not
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 37545ce..f817da0 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -706,6 +706,13 @@
This option defaults to 0.
+- ``DICE_PROTECTION_ENVIRONMENT``: Boolean flag to specify the measured boot
+ backend when ``MEASURED_BOOT`` is enabled. The default value is ``0``. When
+ set to ``1`` then measurements and additional metadata collected during the
+ measured boot process are sent to the DICE Protection Environment for storage
+ and processing. A certificate chain, which represents the boot state of the
+ device, can be queried from the DPE.
+
- ``MARCH_DIRECTIVE``: used to pass a -march option from the platform build
options to the compiler. An example usage:
@@ -1340,12 +1347,21 @@
This flag is used in defining the firmware update metadata structure. This
flag is by default set to '1'.
+- ``PSA_FWU_METADATA_FW_STORE_DESC``: To be enabled when the FWU
+ metadata contains image description. The default value is 1.
+
+ The version 2 of the FWU metadata allows for an opaque metadata
+ structure where a platform can choose to not include the firmware
+ store description in the metadata structure. This option indicates
+ if the firmware store description, which provides information on
+ the updatable images is part of the structure.
+
--------------
*Copyright (c) 2019-2024, Arm Limited. All rights reserved.*
.. _DEN0115: https://developer.arm.com/docs/den0115/latest
-.. _PSA FW update specification: https://developer.arm.com/documentation/den0118/a/
+.. _PSA FW update specification: https://developer.arm.com/documentation/den0118/latest/
.. _PSA DRTM specification: https://developer.arm.com/documentation/den0113/a
.. _GCC: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html
.. _Clang: https://clang.llvm.org/docs/DiagnosticsReference.html
diff --git a/docs/getting_started/prerequisites.rst b/docs/getting_started/prerequisites.rst
index 573abdf..9053e34 100644
--- a/docs/getting_started/prerequisites.rst
+++ b/docs/getting_started/prerequisites.rst
@@ -79,6 +79,10 @@
- mbed TLS == 3.4.1 (tag: ``mbedtls-3.4.1``)
+The following libraries are required for DICE Protection Environment support:
+
+- QCBOR == 1.2 (tag: ``v1.2``)
+
These tools are optional:
- Device Tree Compiler (DTC) >= 1.4.7
@@ -184,7 +188,7 @@
--------------
-*Copyright (c) 2021-2023, Arm Limited. All rights reserved.*
+*Copyright (c) 2021-2024, Arm Limited. All rights reserved.*
.. _Arm Developer website: https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/downloads
.. _Gerrit Code Review: https://www.gerritcodereview.com/
diff --git a/docs/glossary.rst b/docs/glossary.rst
index 679de2b..c02e938 100644
--- a/docs/glossary.rst
+++ b/docs/glossary.rst
@@ -40,6 +40,9 @@
Common Vulnerabilities and Exposures. A CVE document is commonly used to
describe a publicly-known security vulnerability.
+ DICE
+ Device Identifier Composition Engine
+
DCE
DRTM Configuration Environment
@@ -52,6 +55,9 @@
DRTM
Dynamic Root of Trust for Measurement
+ DPE
+ DICE Protection Environment
+
DS-5
Arm Development Studio 5
diff --git a/docs/index.rst b/docs/index.rst
index cdb237a..c05c0a5 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -95,4 +95,4 @@
.. _System Control and Management Interface (SCMI): http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
.. _Software Delegated Exception Interface (SDEI): http://infocenter.arm.com/help/topic/com.arm.doc.den0054a/ARM_DEN0054A_Software_Delegated_Exception_Interface.pdf
.. _SMC Calling Convention: https://developer.arm.com/docs/den0028/latest
-.. _PSA FW update specification: https://developer.arm.com/documentation/den0118/a/
+.. _PSA FW update specification: https://developer.arm.com/documentation/den0118/latest/
diff --git a/docs/license.rst b/docs/license.rst
index 80f1118..8996105 100644
--- a/docs/license.rst
+++ b/docs/license.rst
@@ -85,6 +85,17 @@
See the original `Linux MIT license`_.
+- Some source files originating from the `Open Profile for DICE`_ project.
+ These files are licensed under the Apache License, Version 2.0, which is a
+ permissive license compatible with BSD-3-Clause. Any contributions to this
+ code must also be made under the terms of `Apache License 2.0`_.
+ These files are:
+
+ - ``include/lib/dice/dice.h``
+
.. _FreeBSD: http://www.freebsd.org
.. _Linux MIT license: https://raw.githubusercontent.com/torvalds/linux/master/LICENSES/preferred/MIT
.. _SCC: http://www.simple-cc.org/
+.. _Open Profile for DICE: https://pigweed.googlesource.com/open-dice/
+.. _Apache License 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
+
diff --git a/docs/plat/index.rst b/docs/plat/index.rst
index 43f4898..35cc27d 100644
--- a/docs/plat/index.rst
+++ b/docs/plat/index.rst
@@ -38,6 +38,7 @@
qti-msm8916
rpi3
rpi4
+ rpi5
rcar-gen3
rz-g2
rockchip
diff --git a/docs/plat/rpi5.rst b/docs/plat/rpi5.rst
new file mode 100644
index 0000000..f2e1b9f
--- /dev/null
+++ b/docs/plat/rpi5.rst
@@ -0,0 +1,78 @@
+Raspberry Pi 5
+==============
+
+The `Raspberry Pi 5`_ is a single-board computer that contains four
+Arm Cortex-A76 cores.
+
+This port is a minimal BL31 implementation capable of booting 64-bit EL2
+payloads such as Linux and EDK2.
+
+**IMPORTANT NOTE**: This port isn't secure. All of the memory used is DRAM,
+which is available from both the Non-secure and Secure worlds. The SoC does
+not seem to feature a secure memory controller of any kind, so portions of
+DRAM can't be protected properly from the Non-secure world.
+
+Build
+------------------
+
+To build this platform, run:
+
+.. code:: shell
+
+ CROSS_COMPILE=aarch64-linux-gnu- make PLAT=rpi5 DEBUG=1
+
+The firmware will be generated at ``build/rpi5/debug/bl31.bin``.
+
+The following build options are supported:
+
+- ``RPI3_DIRECT_LINUX_BOOT``: Enabled by default. Allows direct boot of the Linux
+ kernel from the firmware.
+
+- ``PRELOADED_BL33_BASE``: Used to specify the fixed address of a BL33 binary
+ that has been preloaded by earlier boot stages (VPU). Useful for bundling
+ BL31 and BL33 in the same ``armstub`` image (e.g. TF-A + EDK2).
+
+- ``RPI3_PRELOADED_DTB_BASE``: This option allows to specify the fixed address of
+ a DTB in memory. Can only be used if ``device_tree_address=`` is present in
+ config.txt.
+
+- ``RPI3_RUNTIME_UART``: Indicates whether TF-A should use the debug UART for
+ runtime messages or not. ``-1`` (default) disables the option, any other value
+ enables it.
+
+Usage
+------------------
+
+Copy the firmware binary to the first FAT32 partition of a supported boot media
+(SD, USB) and append ``armstub=bl31.bin`` to config.txt, or just rename the
+file to ``armstub8-2712.bin``.
+
+No other config options or files are required by the firmware alone, this will
+depend on the payload you intend to run.
+
+For Linux, you must also place an appropriate DTB and kernel in the boot
+partition. This has been validated with a copy of Raspberry Pi OS.
+
+The VPU will preload a BL33 AArch64 image named either ``kernel_2712.img`` or
+``kernel8.img``, which can be overridden by adding a ``kernel=filename`` option
+to config.txt.
+
+Kernel and DTB load addresses are also chosen by the VPU and can be changed with
+``kernel_address=`` and ``device_tree_address=`` in config.txt. If TF-A was built
+with ``PRELOADED_BL33_BASE`` or ``RPI3_PRELOADED_DTB_BASE``, setting those config
+options may be necessary.
+
+By default, all boot stages print messages to the dedicated UART debug port.
+Configuration is ``115200 8n1``.
+
+Design
+------------------
+
+This port is largely based on the RPi 4 one.
+
+The boot process is essentially the same, the only notable difference being that
+all VPU blobs have been moved into EEPROM (former start4.elf & fixup4.dat). There's
+also a custom BL31 TF-A armstub included for PSCI, which can be replaced with this
+port.
+
+.. _Raspberry Pi 5: https://www.raspberrypi.com/products/raspberry-pi-5/
diff --git a/docs/plat/st/stm32mp1.rst b/docs/plat/st/stm32mp1.rst
index b6e4b0d..39a43ee 100644
--- a/docs/plat/st/stm32mp1.rst
+++ b/docs/plat/st/stm32mp1.rst
@@ -115,8 +115,9 @@
make stm32mp15_trusted_defconfig
make DEVICE_TREE=stm32mp157c-ev1 all
-OP-TEE (optional)
-_________________
+OP-TEE (recommended)
+____________________
+OP-TEE is the default BL32 supported for STMicroelectronics platforms.
.. code:: bash
@@ -125,9 +126,10 @@
CFG_EMBED_DTB_SOURCE_FILE=stm32mp157c-ev1.dts
-TF-A BL32 (SP_min)
-__________________
+TF-A BL32 (SP_min) (not recommended)
+____________________________________
If you choose not to use OP-TEE, you can use TF-A SP_min.
+This is not the recommended BL32 to use, and will have very limited support.
To build TF-A BL32, and its device tree file:
.. code:: bash
@@ -217,4 +219,4 @@
.. _STM32MP1 Series: https://www.st.com/en/microcontrollers-microprocessors/stm32mp1-series.html
.. _STM32MP1 part number codification: https://wiki.st.com/stm32mpu/wiki/STM32MP15_microprocessor#Part_number_codification
-*Copyright (c) 2023, STMicroelectronics - All Rights Reserved*
+*Copyright (c) 2023-2024, STMicroelectronics - All Rights Reserved*
diff --git a/docs/plat/st/stm32mpus.rst b/docs/plat/st/stm32mpus.rst
index 931dd57..ab6d8fe 100644
--- a/docs/plat/st/stm32mpus.rst
+++ b/docs/plat/st/stm32mpus.rst
@@ -45,6 +45,8 @@
- ``STM32MP_UART_PROGRAMMER``
- ``STM32MP_USB_PROGRAMMER``
+Only one storage or serial device should be selected in the build command line,
+to save space and not overflow SYSRAM size, or else the platform won't build or boot.
Other configuration flags:
@@ -75,4 +77,4 @@
--------------
-*Copyright (c) 2023, STMicroelectronics - All Rights Reserved*
+*Copyright (c) 2023-2024, STMicroelectronics - All Rights Reserved*
diff --git a/docs/plat/xilinx-versal-net.rst b/docs/plat/xilinx-versal-net.rst
index 3f31d40..e9dd772 100644
--- a/docs/plat/xilinx-versal-net.rst
+++ b/docs/plat/xilinx-versal-net.rst
@@ -53,3 +53,46 @@
- `5` : SGI 5
- `6` : SGI 6 (Default)
- `7` : SGI 7
+
+Reference DEN0028E SMC calling convention
+------------------------------------------
+
+Allocated subranges of Function Identifier to SIP services
+-----------------------------------------------------------
+
++-----------------------+-------------------------------------------------------+
+| SMC Function | Identifier Service type |
++-----------------------+------------------------------+------------------------+
+| 0xC2000000-0xC200FFFF | Fast SMC64 SiP Service Calls as per SMCCC Section 6.1 |
++-----------------------+-------------------------------------------------------+
+
+IPI SMC call ranges
+-------------------------------------------------------------
+
++---------------------------+-----------------------------------------------------------+
+| SMC Function Identifier | Service type |
++---------------------------+-----------------------------------------------------------+
+| 0xc2001000-0xc2001FFF | Fast SMC64 SiP Service call range used for AMD-Xilinx IPI |
++---------------------------+-----------------------------------------------------------+
+
+PM SMC call ranges
+--------------------------------------------------------
+
++---------------------------+---------------------------------------------------------------------------+
+| SMC Function Identifier | Service type |
++---------------------------+---------------------------------------------------------------------------+
+| 0xc2000000-0xc2000FFF | Fast SMC64 SiP Service call range used for AMD-Xilinx Platform Management |
++---------------------------+---------------------------------------------------------------------------+
+
+SMC function IDs for SiP Service queries
+----------------------------------------------
+
++--------------+--------------+--------------+
+| Service | Call UID | Revision |
++--------------+--------------+--------------+
+| SiP Service | 0x8200_FF01 | 0x8200_FF03 |
++--------------+--------------+--------------+
+
+Call UID Query – Returns a unique identifier of the service provider.
+
+Revision Query – Returns revision details of the service implementor.
diff --git a/docs/plat/xilinx-versal.rst b/docs/plat/xilinx-versal.rst
index aa094f7..072329a 100644
--- a/docs/plat/xilinx-versal.rst
+++ b/docs/plat/xilinx-versal.rst
@@ -76,3 +76,46 @@
data structure is passed in the ```PMC_GLOBAL_GLOB_GEN_STORAGE4``` register.
The register is free to be used by other software once the TF-A is bringing up
further firmware images.
+
+Reference DEN0028E SMC calling convention
+------------------------------------------
+
+Allocated subranges of Function Identifier to SIP services
+----------------------------------------------------------
+
++-----------------------+-------------------------------------------------------+
+| SMC Function | Identifier Service type |
++-----------------------+-------------------------------------------------------+
+| 0xC2000000-0xC200FFFF | Fast SMC64 SiP Service Calls as per SMCCC Section 6.1 |
++-----------------------+-------------------------------------------------------+
+
+IPI SMC call ranges
+-------------------
+
++---------------------------+-----------------------------------------------------------+
+| SMC Function Identifier | Service type |
++---------------------------+-----------------------------------------------------------+
+| 0xc2001000-0xc2001FFF | Fast SMC64 SiP Service call range used for AMD-Xilinx IPI |
++---------------------------+-----------------------------------------------------------+
+
+PM SMC call ranges
+------------------
+
++---------------------------+---------------------------------------------------------------------------+
+| SMC Function Identifier | Service type |
++---------------------------+---------------------------------------------------------------------------+
+| 0xc2000000-0xc2000FFF | Fast SMC64 SiP Service call range used for AMD-Xilinx Platform Management |
++---------------------------+---------------------------------------------------------------------------+
+
+SMC function IDs for SiP Service queries
+----------------------------------------
+
++--------------+--------------+--------------+
+| Service | Call UID | Revision |
++--------------+--------------+--------------+
+| SiP Service | 0x8200_FF01 | 0x8200_FF03 |
++--------------+--------------+--------------+
+
+Call UID Query – Returns a unique identifier of the service provider.
+
+Revision Query – Returns revision details of the service implementor.
diff --git a/docs/plat/xilinx-zynqmp.rst b/docs/plat/xilinx-zynqmp.rst
index 4fe0d2f..c8ba27f 100644
--- a/docs/plat/xilinx-zynqmp.rst
+++ b/docs/plat/xilinx-zynqmp.rst
@@ -166,3 +166,55 @@
- TF-A build command:
make CROSS_COMPILE=aarch64-none-elf- PLAT=zynqmp RESET_TO_BL31=1
bl31 CUSTOM_PKG_PATH=<...>
+
+Reference DEN0028E SMC calling convention
+------------------------------------------
+
+Allocated subranges of Function Identifier to SIP services
+------------------------------------------------------------
+
++-----------------------+-------------------------------------------------------+
+| SMC Function | Identifier Service type |
++-----------------------+-------------------------------------------------------+
+| 0xC2000000-0xC200FFFF | Fast SMC64 SiP Service Calls as per SMCCC Section 6.1 |
++-----------------------+-------------------------------------------------------+
+
+IPI SMC call ranges
+-------------------
+
++---------------------------+-----------------------------------------------------------+
+| SMC Function Identifier | Service type |
++---------------------------+-----------------------------------------------------------+
+| 0xc2001000-0xc2001FFF | Fast SMC64 SiP Service call range used for AMD-Xilinx IPI |
++---------------------------+-----------------------------------------------------------+
+
+PM SMC call ranges
+------------------
+
++---------------------------+---------------------------------------------------------------------------+
+| SMC Function Identifier | Service type |
++---------------------------+---------------------------------------------------------------------------+
+| 0xc2000000-0xc2000FFF | Fast SMC64 SiP Service call range used for AMD-Xilinx Platform Management |
++---------------------------+---------------------------------------------------------------------------+
+
+SMC function IDs for SiP Service queries
+----------------------------------------
+
++--------------+--------------+--------------+
+| Service | Call UID | Revision |
++--------------+--------------+--------------+
+| SiP Service | 0x8200_FF01 | 0x8200_FF03 |
++--------------+--------------+--------------+
+
+Call UID Query – Returns a unique identifier of the service provider.
+
+Revision Query – Returns revision details of the service implementor.
+
+CUSTOM SIP service support
+--------------------------
+
++-------------+------------+------------+
+| Service | 32-bit | 64-bit |
++-------------+------------+------------+
+| SiP Service | 0x82002000 | 0xC2002000 |
++-------------+------------+------------+
diff --git a/docs/threat_model/firmware_threat_model/threat_model.rst b/docs/threat_model/firmware_threat_model/threat_model.rst
index 63bdc8a..f8e4f7d 100644
--- a/docs/threat_model/firmware_threat_model/threat_model.rst
+++ b/docs/threat_model/firmware_threat_model/threat_model.rst
@@ -623,6 +623,62 @@
| | UART interface(s). |
+------------------------+-----------------------------------------------------+
++------------------------+-----------------------------------------------------+
+| ID | 16 |
++========================+=====================================================+
+| Threat | | **An attacker could analyse the timing behaviour |
+| | of implemented methods in the system to infer |
+| | sensitive information.** |
+| | |
+| | | A timing side-channel attack is a type of attack |
+| | that exploits variations in the time it takes a |
+| | system to perform different operations. This |
+| | form of attack focuses on analyzing the time- |
+| | related information leakage that occurs during |
+| | the execution of cryptographic algorithms or |
+| | other security-sensitive processes. By observing |
+| | these timing differences, an attacker can gain |
+| | insights into the internal workings of a system |
+| | and potentially extract sensitive information. |
+| | Sensitive information that, when revealed even |
+| | partially, could heighten the susceptibility to |
+| | traditional attacks like brute-force attacks. |
++------------------------+-----------------------------------------------------+
+| Diagram Elements | DF2 |
++------------------------+-----------------------------------------------------+
+| Affected TF-A | BL1, BL2, BL31 |
+| Components | |
++------------------------+-----------------------------------------------------+
+| Assets | Sensitive Data |
++------------------------+-----------------------------------------------------+
+| Threat Agent | AppDebug |
++------------------------+-----------------------------------------------------+
+| Threat Type | Information Disclosure |
++------------------------+------------------+----------------+-----------------+
+| Application | Server | IoT | Mobile |
++------------------------+------------------+----------------+-----------------+
+| Impact | Critical (5) | Critical (5) | Critical (5) |
++------------------------+------------------+----------------+-----------------+
+| Likelihood | Critical (5) | Critical (5) | Critical (5) |
++------------------------+------------------+----------------+-----------------+
+| Total Risk Rating | Critical (25) | Critical (25) | Critical (25) |
++------------------------+------------------+----------------+-----------------+
+| Mitigations | | Ensure that the execution time of critical |
+| | operations is constant and independent of |
+| | secret data. This prevents attackers from |
+| | exploiting timing differences to infer |
+| | information about sensitive data. |
+| | |
+| | | Introduce random delays/timing jitter or dummy |
+| | operations to make the timing behavior of program|
+| | execution less predictable. This can disrupt the |
+| | correlation between the execution time and |
+| | sensitive data. |
+| | |
++------------------------+-----------------------------------------------------+
+| Mitigations | | Not implemented |
+| implemented? | |
++------------------------+-----------------------------------------------------+
.. _Boot Firmware Threats:
diff --git a/drivers/arm/css/sds/sds.c b/drivers/arm/css/sds/sds.c
index a5e6389..91f0a27 100644
--- a/drivers/arm/css/sds/sds.c
+++ b/drivers/arm/css/sds/sds.c
@@ -250,7 +250,7 @@
uintptr_t sds_mem_base = sds_regions[region_id].base;
if (!IS_SDS_REGION_VALID(sds_mem_base)) {
- WARN("SDS: No valid SDS Memory Region found\n");
+ VERBOSE("SDS: No valid SDS Memory Region found\n");
return SDS_ERR_FAIL;
}
diff --git a/drivers/arm/gic/v3/gic600_multichip.c b/drivers/arm/gic/v3/gic600_multichip.c
index a4786bb..5e44aa9 100644
--- a/drivers/arm/gic/v3/gic600_multichip.c
+++ b/drivers/arm/gic/v3/gic600_multichip.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2024, Arm Limited. All rights reserved.
* Copyright (c) 2022-2023, NVIDIA Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -75,7 +75,7 @@
panic();
}
- /* Poll till PUP is zero before intiating write */
+ /* Poll till PUP is zero before initiating write */
gicd_dchipr_wait_for_power_update_progress(base);
write_gicd_dchipr(base, read_gicd_dchipr(base) |
diff --git a/drivers/arm/gic/v3/gicv3_main.c b/drivers/arm/gic/v3/gicv3_main.c
index 3190f66..8ea164c 100644
--- a/drivers/arm/gic/v3/gicv3_main.c
+++ b/drivers/arm/gic/v3/gicv3_main.c
@@ -1321,6 +1321,31 @@
}
/*******************************************************************************
+ * This function restores the PMR register to old value and also triggers
+ * gicv3_apply_errata_wa_2384374() that flushes the GIC buffer allowing any
+ * pending interrupts to processed. Returns the original PMR.
+ ******************************************************************************/
+unsigned int gicv3_deactivate_priority(unsigned int mask)
+{
+
+ unsigned int old_mask, proc_num;
+ uintptr_t gicr_base;
+
+ old_mask = gicv3_set_pmr(mask);
+
+ proc_num = plat_my_core_pos();
+ gicr_base = gicv3_driver_data->rdistif_base_addrs[proc_num];
+ assert(gicr_base != 0UL);
+
+ /* Add DSB to ensure visibility of System register writes */
+ dsb();
+
+ gicv3_apply_errata_wa_2384374(gicr_base);
+
+ return old_mask;
+}
+
+/*******************************************************************************
* This function delegates the responsibility of discovering the corresponding
* Redistributor frames to each CPU itself. It is a modified version of
* gicv3_rdistif_base_addrs_probe() and is executed by each CPU in the platform
diff --git a/drivers/arm/mhu/mhu_v3_x.c b/drivers/arm/mhu/mhu_v3_x.c
new file mode 100644
index 0000000..118c608
--- /dev/null
+++ b/drivers/arm/mhu/mhu_v3_x.c
@@ -0,0 +1,475 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <stdbool.h>
+#include <stdint.h>
+
+#include "mhu_v3_x.h"
+
+#include "mhu_v3_x_private.h"
+
+/*
+ * Get the device base from the device struct. Return an error if the dev is
+ * invalid.
+ */
+static enum mhu_v3_x_error_t get_dev_base(const struct mhu_v3_x_dev_t *dev,
+ union _mhu_v3_x_frame_t **base)
+{
+ if (dev == NULL) {
+ return MHU_V_3_X_ERR_INVALID_PARAM;
+ }
+
+ /* Ensure driver has been initialized */
+ if (dev->is_initialized == false) {
+ return MHU_V_3_X_ERR_NOT_INIT;
+ }
+
+ *base = (union _mhu_v3_x_frame_t *)dev->base;
+
+ return MHU_V_3_X_ERR_NONE;
+}
+
+enum mhu_v3_x_error_t mhu_v3_x_driver_init(struct mhu_v3_x_dev_t *dev)
+{
+ uint32_t aidr = 0;
+ uint8_t mhu_major_rev;
+ union _mhu_v3_x_frame_t *p_mhu;
+
+ if (dev == NULL) {
+ return MHU_V_3_X_ERR_INVALID_PARAM;
+ }
+
+ /* Return if already initialized */
+ if (dev->is_initialized == true) {
+ return MHU_V_3_X_ERR_NONE;
+ }
+
+ p_mhu = (union _mhu_v3_x_frame_t *)dev->base;
+
+ /* Read revision from MHU hardware */
+ if (dev->frame == MHU_V3_X_PBX_FRAME) {
+ aidr = p_mhu->pbx_frame.pbx_ctrl_page.pbx_aidr;
+ } else if (dev->frame == MHU_V3_X_MBX_FRAME) {
+ aidr = p_mhu->mbx_frame.mbx_ctrl_page.mbx_aidr;
+ } else {
+ /* Only PBX and MBX frames are supported. */
+ return MHU_V_3_X_ERR_UNSUPPORTED;
+ }
+
+ /* Read the MHU Architecture Major Revision */
+ mhu_major_rev =
+ ((aidr & MHU_ARCH_MAJOR_REV_MASK) >> MHU_ARCH_MAJOR_REV_OFF);
+
+ /* Return error if the MHU major revision is not 3 */
+ if (mhu_major_rev != MHU_MAJOR_REV_V3) {
+ /* Unsupported MHU version */
+ return MHU_V_3_X_ERR_UNSUPPORTED_VERSION;
+ }
+
+ /* Read the MHU Architecture Minor Revision */
+ dev->subversion =
+ ((aidr & MHU_ARCH_MINOR_REV_MASK) >> MHU_ARCH_MINOR_REV_MASK);
+
+ /* Return error if the MHU minor revision is not 0 */
+ if (dev->subversion != MHU_MINOR_REV_3_0) {
+ /* Unsupported subversion */
+ return MHU_V_3_X_ERR_UNSUPPORTED_VERSION;
+ }
+
+ /* Initialize the Postbox/Mailbox to remain in operational state */
+ if (dev->frame == MHU_V3_X_PBX_FRAME) {
+ p_mhu->pbx_frame.pbx_ctrl_page.pbx_ctrl |= MHU_V3_OP_REQ;
+ } else if (dev->frame == MHU_V3_X_MBX_FRAME) {
+ p_mhu->mbx_frame.mbx_ctrl_page.mbx_ctrl |= MHU_V3_OP_REQ;
+ } else {
+ /* Only PBX and MBX frames are supported. */
+ return MHU_V_3_X_ERR_UNSUPPORTED;
+ }
+
+ dev->is_initialized = true;
+
+ return MHU_V_3_X_ERR_NONE;
+}
+
+enum mhu_v3_x_error_t mhu_v3_x_get_num_channel_implemented(
+ const struct mhu_v3_x_dev_t *dev,
+ enum mhu_v3_x_channel_type_t ch_type, uint8_t *num_ch)
+{
+ enum mhu_v3_x_error_t status;
+ union _mhu_v3_x_frame_t *p_mhu;
+
+ if (num_ch == NULL) {
+ return MHU_V_3_X_ERR_INVALID_PARAM;
+ }
+
+ /* Get dev->base if it is valid or return an error if dev is not */
+ status = get_dev_base(dev, &p_mhu);
+ if (status != MHU_V_3_X_ERR_NONE) {
+ return status;
+ }
+
+ /* Only doorbell channel is supported */
+ if (ch_type != MHU_V3_X_CHANNEL_TYPE_DBCH) {
+ return MHU_V_3_X_ERR_UNSUPPORTED;
+ }
+
+ /* Read the number of channels implemented in the MHU */
+ if (dev->frame == MHU_V3_X_PBX_FRAME) {
+ *num_ch = (p_mhu->pbx_frame.pbx_ctrl_page.pbx_dbch_cfg0 + 1);
+ } else if (dev->frame == MHU_V3_X_MBX_FRAME) {
+ *num_ch = (p_mhu->mbx_frame.mbx_ctrl_page.mbx_dbch_cfg0 + 1);
+ } else {
+ /* Only PBX and MBX frames are supported. */
+ return MHU_V_3_X_ERR_UNSUPPORTED;
+ }
+
+ return MHU_V_3_X_ERR_NONE;
+}
+
+enum mhu_v3_x_error_t mhu_v3_x_doorbell_clear(const struct mhu_v3_x_dev_t *dev,
+ const uint32_t channel, uint32_t flags)
+{
+ union _mhu_v3_x_frame_t *p_mhu;
+ struct _mhu_v3_x_mdbcw_reg_t *mdbcw_reg;
+ enum mhu_v3_x_error_t status;
+
+ /* Get dev->base if it is valid or return an error if dev is not */
+ status = get_dev_base(dev, &p_mhu);
+ if (status != MHU_V_3_X_ERR_NONE) {
+ return status;
+ }
+
+ /* Only MBX can clear the Doorbell channel */
+ if (dev->frame != MHU_V3_X_MBX_FRAME) {
+ return MHU_V_3_X_ERR_INVALID_PARAM;
+ }
+
+ p_mhu = (union _mhu_v3_x_frame_t *)dev->base;
+ mdbcw_reg = (struct _mhu_v3_x_mdbcw_reg_t *)
+ &(p_mhu->mbx_frame.mdbcw_page);
+
+ /* Clear the bits in the doorbell channel */
+ mdbcw_reg[channel].mdbcw_clr |= flags;
+
+ return MHU_V_3_X_ERR_NONE;
+}
+
+enum mhu_v3_x_error_t mhu_v3_x_doorbell_write(const struct mhu_v3_x_dev_t *dev,
+ const uint32_t channel, uint32_t flags)
+{
+ union _mhu_v3_x_frame_t *p_mhu;
+ struct _mhu_v3_x_pdbcw_reg_t *pdbcw_reg;
+ enum mhu_v3_x_error_t status;
+
+ /* Get dev->base if it is valid or return an error if dev is not */
+ status = get_dev_base(dev, &p_mhu);
+ if (status != MHU_V_3_X_ERR_NONE) {
+ return status;
+ }
+
+ /* Only PBX can set the Doorbell channel value */
+ if (dev->frame != MHU_V3_X_PBX_FRAME) {
+ return MHU_V_3_X_ERR_INVALID_PARAM;
+ }
+
+ p_mhu = (union _mhu_v3_x_frame_t *)dev->base;
+
+ pdbcw_reg = (struct _mhu_v3_x_pdbcw_reg_t *)
+ &(p_mhu->pbx_frame.pdbcw_page);
+
+ /* Write the value to the doorbell channel */
+ pdbcw_reg[channel].pdbcw_set |= flags;
+
+ return MHU_V_3_X_ERR_NONE;
+}
+
+enum mhu_v3_x_error_t mhu_v3_x_doorbell_read(const struct mhu_v3_x_dev_t *dev,
+ const uint32_t channel, uint32_t *flags)
+{
+ union _mhu_v3_x_frame_t *p_mhu;
+ enum mhu_v3_x_error_t status;
+ struct _mhu_v3_x_mdbcw_reg_t *mdbcw_reg;
+ struct _mhu_v3_x_pdbcw_reg_t *pdbcw_reg;
+
+ if (flags == NULL) {
+ return MHU_V_3_X_ERR_INVALID_PARAM;
+ }
+
+ /* Get dev->base if it is valid or return an error if dev is not */
+ status = get_dev_base(dev, &p_mhu);
+ if (status != MHU_V_3_X_ERR_NONE) {
+ return status;
+ }
+
+ p_mhu = (union _mhu_v3_x_frame_t *)dev->base;
+
+ if (dev->frame == MHU_V3_X_PBX_FRAME) {
+ pdbcw_reg = (struct _mhu_v3_x_pdbcw_reg_t *)
+ &(p_mhu->pbx_frame.pdbcw_page);
+
+ /* Read the value from Postbox Doorbell status register */
+ *flags = pdbcw_reg[channel].pdbcw_st;
+ } else if (dev->frame == MHU_V3_X_MBX_FRAME) {
+ mdbcw_reg = (struct _mhu_v3_x_mdbcw_reg_t *)
+ &(p_mhu->mbx_frame.mdbcw_page);
+
+ /* Read the value from Mailbox Doorbell status register */
+ *flags = mdbcw_reg[channel].mdbcw_st;
+ } else {
+ /* Only PBX and MBX frames are supported. */
+ return MHU_V_3_X_ERR_UNSUPPORTED;
+ }
+
+ return MHU_V_3_X_ERR_NONE;
+}
+
+enum mhu_v3_x_error_t mhu_v3_x_doorbell_mask_set(
+ const struct mhu_v3_x_dev_t *dev, const uint32_t channel,
+ uint32_t flags)
+{
+ union _mhu_v3_x_frame_t *p_mhu;
+ struct _mhu_v3_x_mdbcw_reg_t *mdbcw_reg;
+ enum mhu_v3_x_error_t status;
+
+ /* Get dev->base if it is valid or return an error if dev is not */
+ status = get_dev_base(dev, &p_mhu);
+ if (status != MHU_V_3_X_ERR_NONE) {
+ return status;
+ }
+
+ /* Doorbell channel mask is not applicable for PBX */
+ if (dev->frame != MHU_V3_X_MBX_FRAME) {
+ return MHU_V_3_X_ERR_INVALID_PARAM;
+ }
+
+ p_mhu = (union _mhu_v3_x_frame_t *)dev->base;
+
+ mdbcw_reg = (struct _mhu_v3_x_mdbcw_reg_t *)
+ &(p_mhu->mbx_frame.mdbcw_page);
+
+ /* Set the Doorbell channel mask */
+ mdbcw_reg[channel].mdbcw_msk_set |= flags;
+
+ return MHU_V_3_X_ERR_NONE;
+}
+
+enum mhu_v3_x_error_t mhu_v3_x_doorbell_mask_clear(
+ const struct mhu_v3_x_dev_t *dev, const uint32_t channel,
+ uint32_t flags)
+{
+ union _mhu_v3_x_frame_t *p_mhu;
+ struct _mhu_v3_x_mdbcw_reg_t *mdbcw_reg;
+ enum mhu_v3_x_error_t status;
+
+ /* Get dev->base if it is valid or return an error if dev is not */
+ status = get_dev_base(dev, &p_mhu);
+ if (status != MHU_V_3_X_ERR_NONE) {
+ return status;
+ }
+
+ /* Doorbell channel mask is not applicable for PBX */
+ if (dev->frame != MHU_V3_X_MBX_FRAME) {
+ return MHU_V_3_X_ERR_INVALID_PARAM;
+ }
+
+ p_mhu = (union _mhu_v3_x_frame_t *)dev->base;
+
+ mdbcw_reg = (struct _mhu_v3_x_mdbcw_reg_t *)
+ &(p_mhu->mbx_frame.mdbcw_page);
+
+ /* Clear the Doorbell channel mask */
+ mdbcw_reg[channel].mdbcw_msk_clr = flags;
+
+ return MHU_V_3_X_ERR_NONE;
+}
+
+enum mhu_v3_x_error_t mhu_v3_x_doorbell_mask_get(
+ const struct mhu_v3_x_dev_t *dev, const uint32_t channel,
+ uint32_t *flags)
+{
+ union _mhu_v3_x_frame_t *p_mhu;
+ struct _mhu_v3_x_mdbcw_reg_t *mdbcw_reg;
+ enum mhu_v3_x_error_t status;
+
+ if (flags == NULL) {
+ return MHU_V_3_X_ERR_INVALID_PARAM;
+ }
+
+ /* Get dev->base if it is valid or return an error if dev is not */
+ status = get_dev_base(dev, &p_mhu);
+ if (status != MHU_V_3_X_ERR_NONE) {
+ return status;
+ }
+
+ /* Doorbell channel mask is not applicable for PBX */
+ if (dev->frame != MHU_V3_X_MBX_FRAME) {
+ return MHU_V_3_X_ERR_INVALID_PARAM;
+ }
+
+ p_mhu = (union _mhu_v3_x_frame_t *)dev->base;
+
+ mdbcw_reg = (struct _mhu_v3_x_mdbcw_reg_t *)
+ &(p_mhu->mbx_frame.mdbcw_page);
+
+ /* Save the Doorbell channel mask status */
+ *flags = mdbcw_reg[channel].mdbcw_msk_st;
+
+ return MHU_V_3_X_ERR_NONE;
+}
+
+enum mhu_v3_x_error_t mhu_v3_x_channel_interrupt_enable(
+ const struct mhu_v3_x_dev_t *dev, const uint32_t channel,
+ enum mhu_v3_x_channel_type_t ch_type)
+{
+ enum mhu_v3_x_error_t status;
+
+ union _mhu_v3_x_frame_t *p_mhu;
+ struct _mhu_v3_x_pdbcw_reg_t *pdbcw_reg;
+ struct _mhu_v3_x_mdbcw_reg_t *mdbcw_reg;
+
+ /* Get dev->base if it is valid or return an error if dev is not */
+ status = get_dev_base(dev, &p_mhu);
+ if (status != MHU_V_3_X_ERR_NONE) {
+ return status;
+ }
+
+ /* Only doorbell channel is supported */
+ if (ch_type != MHU_V3_X_CHANNEL_TYPE_DBCH) {
+ return MHU_V_3_X_ERR_UNSUPPORTED;
+ }
+
+ p_mhu = (union _mhu_v3_x_frame_t *)dev->base;
+
+ if (dev->frame == MHU_V3_X_PBX_FRAME) {
+ pdbcw_reg = (struct _mhu_v3_x_pdbcw_reg_t *)
+ &(p_mhu->pbx_frame.pdbcw_page);
+
+ /*
+ * Enable this doorbell channel to generate interrupts for
+ * transfer acknowledge events.
+ */
+ pdbcw_reg[channel].pdbcw_int_en = MHU_V3_X_PDBCW_INT_X_TFR_ACK;
+
+ /*
+ * Enable this doorbell channel to contribute to the PBX
+ * combined interrupt.
+ */
+ pdbcw_reg[channel].pdbcw_ctrl = MHU_V3_X_PDBCW_CTRL_PBX_COMB_EN;
+ } else if (dev->frame == MHU_V3_X_MBX_FRAME) {
+ mdbcw_reg = (struct _mhu_v3_x_mdbcw_reg_t *)
+ &(p_mhu->mbx_frame.mdbcw_page);
+
+ /*
+ * Enable this doorbell channel to contribute to the MBX
+ * combined interrupt.
+ */
+ mdbcw_reg[channel].mdbcw_ctrl = MHU_V3_X_MDBCW_CTRL_MBX_COMB_EN;
+ } else {
+ /* Only PBX and MBX frames are supported. */
+ return MHU_V_3_X_ERR_UNSUPPORTED;
+ }
+
+ return MHU_V_3_X_ERR_NONE;
+}
+
+enum mhu_v3_x_error_t mhu_v3_x_channel_interrupt_disable(
+ const struct mhu_v3_x_dev_t *dev, const uint32_t channel,
+ enum mhu_v3_x_channel_type_t ch_type)
+{
+ enum mhu_v3_x_error_t status;
+
+ union _mhu_v3_x_frame_t *p_mhu;
+ struct _mhu_v3_x_pdbcw_reg_t *pdbcw_reg;
+ struct _mhu_v3_x_mdbcw_reg_t *mdbcw_reg;
+
+ /* Get dev->base if it is valid or return an error if dev is not */
+ status = get_dev_base(dev, &p_mhu);
+ if (status != MHU_V_3_X_ERR_NONE) {
+ return status;
+ }
+
+ /* Only doorbell channel is supported */
+ if (ch_type != MHU_V3_X_CHANNEL_TYPE_DBCH) {
+ return MHU_V_3_X_ERR_UNSUPPORTED;
+ }
+
+ p_mhu = (union _mhu_v3_x_frame_t *)dev->base;
+
+ if (dev->frame == MHU_V3_X_PBX_FRAME) {
+ pdbcw_reg = (struct _mhu_v3_x_pdbcw_reg_t *)
+ &(p_mhu->pbx_frame.pdbcw_page);
+
+ /* Clear channel transfer acknowledge event interrupt */
+ pdbcw_reg[channel].pdbcw_int_clr = MHU_V3_X_PDBCW_INT_X_TFR_ACK;
+
+ /* Disable channel transfer acknowledge event interrupt */
+ pdbcw_reg[channel].pdbcw_int_en &=
+ ~(MHU_V3_X_PDBCW_INT_X_TFR_ACK);
+
+ /*
+ * Disable this doorbell channel from contributing to the PBX
+ * combined interrupt.
+ */
+ pdbcw_reg[channel].pdbcw_ctrl &=
+ ~(MHU_V3_X_PDBCW_CTRL_PBX_COMB_EN);
+ } else if (dev->frame == MHU_V3_X_MBX_FRAME) {
+ mdbcw_reg = (struct _mhu_v3_x_mdbcw_reg_t *)
+ &(p_mhu->mbx_frame.mdbcw_page);
+
+ /*
+ * Disable this doorbell channel from contributing to the MBX
+ * combined interrupt.
+ */
+ mdbcw_reg[channel].mdbcw_ctrl &=
+ ~(MHU_V3_X_MDBCW_CTRL_MBX_COMB_EN);
+ } else {
+ /* Only PBX and MBX frames are supported. */
+ return MHU_V_3_X_ERR_UNSUPPORTED;
+ }
+
+ return MHU_V_3_X_ERR_NONE;
+}
+
+enum mhu_v3_x_error_t mhu_v3_x_channel_interrupt_clear(
+ const struct mhu_v3_x_dev_t *dev, const uint32_t channel,
+ enum mhu_v3_x_channel_type_t ch_type)
+{
+ enum mhu_v3_x_error_t status;
+ union _mhu_v3_x_frame_t *p_mhu;
+ struct _mhu_v3_x_pdbcw_reg_t *pdbcw_reg;
+
+ /* Get dev->base if it is valid or return an error if dev is not */
+ status = get_dev_base(dev, &p_mhu);
+ if (status != MHU_V_3_X_ERR_NONE) {
+ return status;
+ }
+
+ /* Only doorbell channel is supported */
+ if (ch_type != MHU_V3_X_CHANNEL_TYPE_DBCH) {
+ return MHU_V_3_X_ERR_UNSUPPORTED;
+ }
+
+ /*
+ * Only postbox doorbell channel transfer acknowledge interrupt can be
+ * cleared manually.
+ *
+ * To clear MBX interrupt the unmasked status must be cleared using
+ * mhu_v3_x_doorbell_clear.
+ */
+ if (dev->frame != MHU_V3_X_PBX_FRAME) {
+ return MHU_V_3_X_ERR_INVALID_PARAM;
+ }
+
+ p_mhu = (union _mhu_v3_x_frame_t *)dev->base;
+ pdbcw_reg = (struct _mhu_v3_x_pdbcw_reg_t *)&(
+ p_mhu->pbx_frame.pdbcw_page);
+
+ /* Clear channel transfer acknowledge event interrupt */
+ pdbcw_reg[channel].pdbcw_int_clr |= 0x1;
+
+ return MHU_V_3_X_ERR_NONE;
+}
diff --git a/drivers/arm/mhu/mhu_v3_x.h b/drivers/arm/mhu/mhu_v3_x.h
new file mode 100644
index 0000000..a3a1950
--- /dev/null
+++ b/drivers/arm/mhu/mhu_v3_x.h
@@ -0,0 +1,226 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef MHU_V3_X_H
+#define MHU_V3_X_H
+
+#include <stdbool.h>
+#include <stdint.h>
+
+/* MHU Architecture Major Revision 3 */
+#define MHU_MAJOR_REV_V3 U(0x2)
+/* MHU Architecture Minor Revision 0 */
+#define MHU_MINOR_REV_3_0 U(0x0)
+
+/* MHU Architecture Major Revision offset */
+#define MHU_ARCH_MAJOR_REV_OFF U(0x4)
+/* MHU Architecture Major Revision mask */
+#define MHU_ARCH_MAJOR_REV_MASK (U(0xf) << MHU_ARCH_MAJOR_REV_OFF)
+
+/* MHU Architecture Minor Revision offset */
+#define MHU_ARCH_MINOR_REV_OFF U(0x0)
+/* MHU Architecture Minor Revision mask */
+#define MHU_ARCH_MINOR_REV_MASK (U(0xf) << MHU_ARCH_MINOR_REV_OFF)
+
+/* MHUv3 PBX/MBX Operational Request offset */
+#define MHU_V3_OP_REQ_OFF U(0)
+/* MHUv3 PBX/MBX Operational Request */
+#define MHU_V3_OP_REQ (U(1) << MHU_V3_OP_REQ_OFF)
+
+/**
+ * MHUv3 error enumeration types
+ */
+enum mhu_v3_x_error_t {
+ /* No error */
+ MHU_V_3_X_ERR_NONE,
+ /* MHU driver not initialized */
+ MHU_V_3_X_ERR_NOT_INIT,
+ /* MHU driver alreary initialized */
+ MHU_V_3_X_ERR_ALREADY_INIT,
+ /* MHU Revision not supported error */
+ MHU_V_3_X_ERR_UNSUPPORTED_VERSION,
+ /* Operation not supported */
+ MHU_V_3_X_ERR_UNSUPPORTED,
+ /* Invalid parameter */
+ MHU_V_3_X_ERR_INVALID_PARAM,
+ /* General MHU driver error */
+ MHU_V_3_X_ERR_GENERAL,
+};
+
+/**
+ * MHUv3 channel types
+ */
+enum mhu_v3_x_channel_type_t {
+ /* Doorbell channel */
+ MHU_V3_X_CHANNEL_TYPE_DBCH,
+ /* Channel type count */
+ MHU_V3_X_CHANNEL_TYPE_COUNT,
+};
+
+/**
+ * MHUv3 frame types
+ */
+enum mhu_v3_x_frame_t {
+ /* MHUv3 postbox frame */
+ MHU_V3_X_PBX_FRAME,
+ /* MHUv3 mailbox frame */
+ MHU_V3_X_MBX_FRAME,
+};
+
+/**
+ * MHUv3 device structure
+ */
+struct mhu_v3_x_dev_t {
+ /* Base address of the MHUv3 frame */
+ uintptr_t base;
+ /* Type of the MHUv3 frame */
+ enum mhu_v3_x_frame_t frame;
+ /* Minor revision of the MHUv3 */
+ uint32_t subversion;
+ /* Flag to indicate if the MHUv3 is initialized */
+ bool is_initialized;
+};
+
+/**
+ * Initializes the MHUv3
+ *
+ * dev MHU device struct mhu_v3_x_dev_t
+ *
+ * Returns mhu_v3_x_error_t error code
+ */
+enum mhu_v3_x_error_t mhu_v3_x_driver_init(struct mhu_v3_x_dev_t *dev);
+
+/**
+ * Returns the number of channels implemented
+ *
+ * dev MHU device struct mhu_v3_x_dev_t
+ * ch_type MHU channel type mhu_v3_x_channel_type_t
+ * num_ch Pointer to the variable that will store the value
+ *
+ * Returns mhu_v3_x_error_t error code
+ */
+enum mhu_v3_x_error_t mhu_v3_x_get_num_channel_implemented(
+ const struct mhu_v3_x_dev_t *dev, enum mhu_v3_x_channel_type_t ch_type,
+ uint8_t *num_ch);
+
+/**
+ * Clear flags from a doorbell channel
+ *
+ * dev MHU device struct mhu_v3_x_dev_t
+ * channel Doorbell channel number
+ * flags Flags to be cleared from the channel
+ *
+ * Returns mhu_v3_x_error_t error code
+ */
+enum mhu_v3_x_error_t mhu_v3_x_doorbell_clear(const struct mhu_v3_x_dev_t *dev,
+ const uint32_t channel, uint32_t flags);
+
+/**
+ * Write flags to a doorbell channel
+ *
+ * dev MHU device struct mhu_v3_x_dev_t
+ * channel Doorbell channel number
+ * flags Flags to be written to the channel
+ *
+ * Returns mhu_v3_x_error_t error code
+ */
+enum mhu_v3_x_error_t mhu_v3_x_doorbell_write(const struct mhu_v3_x_dev_t *dev,
+ const uint32_t channel, uint32_t flags);
+
+/**
+ * Read value from a doorbell channel
+ *
+ * dev MHU device struct mhu_v3_x_dev_t
+ * channel Doorbell channel number
+ * flags Pointer to the variable that will store the flags read from the
+ * channel
+ *
+ * Returns mhu_v3_x_error_t error code
+ */
+enum mhu_v3_x_error_t mhu_v3_x_doorbell_read(const struct mhu_v3_x_dev_t *dev,
+ const uint32_t channel, uint32_t *flags);
+
+/**
+ * Set bits in a doorbell channel mask which is used to disable interrupts for
+ * received flags corresponding to the mask
+ *
+ * dev MHU device struct mhu_v3_x_dev_t
+ * channel Doorbell channel number
+ * flags Flags to set mask bits in this doorbell channel
+ *
+ * Returns mhu_v3_x_error_t error code
+ */
+enum mhu_v3_x_error_t mhu_v3_x_doorbell_mask_set(
+ const struct mhu_v3_x_dev_t *dev, const uint32_t channel,
+ uint32_t flags);
+
+/**
+ * Clear bits in a doorbell channel mask which is used to disable interrupts
+ * for received flags corresponding to the mask
+ *
+ * dev MHU device struct mhu_v3_x_dev_t
+ * channel Doorbell channel number
+ * flags Flags to clear mask bits in this doorbell channel
+ *
+ * Returns mhu_v3_x_error_t error code
+ */
+enum mhu_v3_x_error_t mhu_v3_x_doorbell_mask_clear(
+ const struct mhu_v3_x_dev_t *dev, const uint32_t channel, uint32_t flags);
+
+/**
+ * Get the mask of a doorbell channel which is used to disable interrupts for
+ * received flags corresponding to the mask
+ *
+ * dev MHU device struct mhu_v3_x_dev_t
+ * channel Doorbell channel number
+ * flags Pointer to the variable that will store the flags read from the
+ * mask value
+ *
+ * Returns mhu_v3_x_error_t error code
+ */
+enum mhu_v3_x_error_t mhu_v3_x_doorbell_mask_get(
+ const struct mhu_v3_x_dev_t *dev, const uint32_t channel, uint32_t *flags);
+
+/**
+ * Enable the channel interrupt
+ *
+ * dev MHU device struct mhu_v3_x_dev_t
+ * channel Doorbell channel number
+ * ch_type MHU channel type mhu_v3_x_channel_type_t
+ *
+ * Returns mhu_v3_x_error_t error code
+ */
+enum mhu_v3_x_error_t mhu_v3_x_channel_interrupt_enable(
+ const struct mhu_v3_x_dev_t *dev, const uint32_t channel,
+ enum mhu_v3_x_channel_type_t ch_type);
+
+/**
+ * Disable the channel interrupt
+ *
+ * dev MHU device struct mhu_v3_x_dev_t
+ * channel Doorbell channel number
+ * ch_type MHU channel type mhu_v3_x_channel_type_t
+ *
+ * Returns mhu_v3_x_error_t error code
+ */
+enum mhu_v3_x_error_t mhu_v3_x_channel_interrupt_disable(
+ const struct mhu_v3_x_dev_t *dev, const uint32_t channel,
+ enum mhu_v3_x_channel_type_t ch_type);
+
+/**
+ * Clear the channel interrupt
+ *
+ * dev MHU device struct mhu_v3_x_dev_t
+ * channel Doorbell channel number
+ * ch_type MHU channel type mhu_v3_x_channel_type_t
+ *
+ * Returns mhu_v3_x_error_t error code
+ */
+enum mhu_v3_x_error_t mhu_v3_x_channel_interrupt_clear(
+ const struct mhu_v3_x_dev_t *dev, const uint32_t channel,
+ enum mhu_v3_x_channel_type_t ch_type);
+
+#endif /* MHU_V3_X_H */
diff --git a/drivers/arm/mhu/mhu_v3_x_private.h b/drivers/arm/mhu/mhu_v3_x_private.h
new file mode 100644
index 0000000..9594a2a
--- /dev/null
+++ b/drivers/arm/mhu/mhu_v3_x_private.h
@@ -0,0 +1,222 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef MHU_V3_X_PRIVATE_H
+#define MHU_V3_X_PRIVATE_H
+
+#include <stdint.h>
+
+/* Flag for PDBCW Interrupt Transfer Acknowledgment */
+#define MHU_V3_X_PDBCW_INT_X_TFR_ACK 0x1
+
+/* Flag for PDBCW CTRL Postbox combined interrupts enable */
+#define MHU_V3_X_PDBCW_CTRL_PBX_COMB_EN 0x1
+
+/* Flag for MDBCW CTRL Mailbox combined interrupts enable */
+#define MHU_V3_X_MDBCW_CTRL_MBX_COMB_EN 0x1
+
+/**
+ * Postbox control page structure
+ */
+struct _mhu_v3_x_pbx_ctrl_reg_t {
+ /* Offset: 0x000 (R/ ) Postbox Block Identifier */
+ const volatile uint32_t pbx_blk_id;
+ /* Offset: 0x004 (R/ ) Reserved */
+ const volatile uint8_t reserved_0[0x10 - 0x04];
+ /* Offset: 0x010 (R/ ) Postbox Feature Support 0 */
+ const volatile uint32_t pbx_feat_spt0;
+ /* Offset: 0x014 (R/ ) Postbox Feature Support 1 */
+ const volatile uint32_t pbx_feat_spt1;
+ /* Offset: 0x018 (R/ ) Reserved */
+ const volatile uint8_t reserved_1[0x20 - 0x18];
+ /* Offset: 0x020 (R/ ) Postbox Doorbell Channel Configuration 0 */
+ const volatile uint32_t pbx_dbch_cfg0;
+ /* Offset: 0x024 (R/ ) Reserved */
+ const volatile uint8_t reserved_2[0x30 - 0x24];
+ /* Offset: 0x030 (R/ ) Postbox FIFO Channel Configuration 0 */
+ const volatile uint32_t pbx_ffch_cfg0;
+ /* Offset: 0x034 (R/ ) Reserved */
+ const volatile uint8_t reserved_3[0x40 - 0x34];
+ /* Offset: 0x040 (R/ ) Postbox Fast Channel Configuration 0 */
+ const volatile uint32_t pbx_fch_cfg0;
+ /* Offset: 0x044 (R/ ) Reserved */
+ const volatile uint8_t reserved_4[0x100 - 0x44];
+ /* Offset: 0x100 (R/W) Postbox control */
+ volatile uint32_t pbx_ctrl;
+ /* Offset: 0x164 (R/ ) Reserved */
+ const volatile uint8_t reserved_5[0x400 - 0x104];
+ /*
+ * Offset: 0x400 (R/ ) Postbox Doorbell Channel Interrupt Status n,
+ * where n is 0 - 3.
+ */
+ const volatile uint32_t pbx_dbch_int_st[4];
+ /*
+ * Offset: 0x410 (R/ ) Postbox FIFO Channel <n> Interrupt Status n,
+ * where n is 0 - 1.
+ */
+ const volatile uint32_t pbx_ffch_int_st[2];
+ /* Offset: 0x418 (R/ ) Reserved */
+ const uint8_t reserved_6[0xFC8 - 0x418];
+ /* Offset: 0xFC8 (R/ ) Postbox Implementer Identification Register */
+ const volatile uint32_t pbx_iidr;
+ /* Offset: 0xFCC (R/ ) Postbox Architecture Identification Register */
+ const volatile uint32_t pbx_aidr;
+ /*
+ * Offset: 0xFD0 (R/ ) Postbox Implementation Defined Identification
+ * Register n, where n is 0 - 11.
+ */
+ const volatile uint32_t impl_def_id[12];
+};
+
+/**
+ * Postbox doorbell channel window page structure
+ */
+struct _mhu_v3_x_pdbcw_reg_t {
+ /* Offset: 0x000 (R/ ) Postbox Doorbell Channel Window Status */
+ const volatile uint32_t pdbcw_st;
+ /* Offset: 0x004 (R/ ) Reserved */
+ const uint8_t reserved_0[0xC - 0x4];
+ /* Offset: 0x00C ( /W) Postbox Doorbell Channel Window Set */
+ volatile uint32_t pdbcw_set;
+ /*
+ * Offset: 0x010 (R/ ) Postbox Doorbell Channel Window Interrupt Status
+ */
+ const volatile uint32_t pdbcw_int_st;
+ /*
+ * Offset: 0x014 ( /W) Postbox Doorbell Channel Window Interrupt Clear
+ */
+ volatile uint32_t pdbcw_int_clr;
+ /*
+ * Offset: 0x018 (R/W) Postbox Doorbell Channel Window Interrupt Enable
+ */
+ volatile uint32_t pdbcw_int_en;
+ /* Offset: 0x01C (R/W) Postbox Doorbell Channel Window Control */
+ volatile uint32_t pdbcw_ctrl;
+};
+
+/**
+ * Postbox structure
+ */
+struct _mhu_v3_x_pbx {
+ /* Postbox Control */
+ struct _mhu_v3_x_pbx_ctrl_reg_t pbx_ctrl_page;
+ /* Postbox Doorbell Channel Window */
+ struct _mhu_v3_x_pdbcw_reg_t pdbcw_page;
+};
+
+/**
+ * Mailbox control page structure
+ */
+struct _mhu_v3_x_mbx_ctrl_reg_t {
+ /* Offset: 0x000 (R/ ) Mailbox Block Identifier */
+ const volatile uint32_t mbx_blk_id;
+ /* Offset: 0x004 (R/ ) Reserved */
+ const volatile uint8_t reserved_0[0x10 - 0x04];
+ /* Offset: 0x010 (R/ ) Mailbox Feature Support 0 */
+ const volatile uint32_t mbx_feat_spt0;
+ /* Offset: 0x014 (R/ ) Mailbox Feature Support 1 */
+ const volatile uint32_t mbx_feat_spt1;
+ /* Offset: 0x018 (R/ ) Reserved */
+ const volatile uint8_t reserved_1[0x20 - 0x18];
+ /* Offset: 0x020 (R/ ) Mailbox Doorbell Channel Configuration 0 */
+ const volatile uint32_t mbx_dbch_cfg0;
+ /* Offset: 0x024 (R/ ) Reserved */
+ const volatile uint8_t reserved_2[0x30 - 0x24];
+ /* Offset: 0x030 (R/ ) Mailbox FIFO Channel Configuration 0 */
+ const volatile uint32_t mbx_ffch_cfg0;
+ /* Offset: 0x034 (R/ ) Reserved */
+ const volatile uint8_t reserved_4[0x40 - 0x34];
+ /* Offset: 0x040 (R/ ) Mailbox Fast Channel Configuration 0 */
+ const volatile uint32_t mbx_fch_cfg0;
+ /* Offset: 0x044 (R/ ) Reserved */
+ const volatile uint8_t reserved_5[0x100 - 0x44];
+ /* Offset: 0x100 (R/W) Mailbox control */
+ volatile uint32_t mbx_ctrl;
+ /* Offset: 0x104 (R/ ) Reserved */
+ const volatile uint8_t reserved_6[0x140 - 0x104];
+ /* Offset: 0x140 (R/W) Mailbox Fast Channel control */
+ volatile uint32_t mbx_fch_ctrl;
+ /* Offset: 0x144 (R/W) Mailbox Fast Channel Group Interrupt Enable */
+ volatile uint32_t mbx_fcg_int_en;
+ /* Offset: 0x148 (R/ ) Reserved */
+ const volatile uint8_t reserved_7[0x400 - 0x148];
+ /*
+ * Offset: 0x400 (R/ ) Mailbox Doorbell Channel Interrupt Status n,
+ * where n = 0 - 3.
+ */
+ const volatile uint32_t mbx_dbch_int_st[4];
+ /*
+ * Offset: 0x410 (R/ ) Mailbox FIFO Channel Interrupt Status n, where
+ * n = 0 - 1.
+ */
+ const volatile uint32_t mbx_ffch_int_st[2];
+ /* Offset: 0x418 (R/ ) Reserved */
+ const volatile uint8_t reserved_8[0x470 - 0x418];
+ /* Offset: 0x470 (R/ ) Mailbox Fast Channel Group Interrupt Status */
+ const volatile uint32_t mbx_fcg_int_st;
+ /* Offset: 0x474 (R/ ) Reserved */
+ const volatile uint8_t reserved_9[0x480 - 0x474];
+ /*
+ * Offset: 0x480 (R/ ) Mailbox Fast Channel Group <n> Interrupt Status,
+ * where n = 0 - 31.
+ */
+ const volatile uint32_t mbx_fch_grp_int_st[32];
+ /* Offset: 0x500 (R/ ) Reserved */
+ const volatile uint8_t reserved_10[0xFC8 - 0x500];
+ /* Offset: 0xFC8 (R/ ) Mailbox Implementer Identification Register */
+ const volatile uint32_t mbx_iidr;
+ /* Offset: 0xFCC (R/ ) Mailbox Architecture Identification Register */
+ const volatile uint32_t mbx_aidr;
+ /*
+ * Offset: 0xFD0 (R/ ) Mailbox Implementation Defined Identification
+ * Register n, where n is 0 - 11.
+ */
+ const volatile uint32_t impl_def_id[12];
+};
+
+/**
+ * Mailbox doorbell channel window page structure
+ */
+struct _mhu_v3_x_mdbcw_reg_t {
+ /* Offset: 0x000 (R/ ) Mailbox Doorbell Channel Window Status */
+ const volatile uint32_t mdbcw_st;
+ /* Offset: 0x004 (R/ ) Mailbox Doorbell Channel Window Status Masked */
+ const volatile uint32_t mdbcw_st_msk;
+ /* Offset: 0x008 ( /W) Mailbox Doorbell Channel Window Clear */
+ volatile uint32_t mdbcw_clr;
+ /* Offset: 0x00C (R/ ) Reserved */
+ const volatile uint8_t reserved_0[0x10 - 0x0C];
+ /* Offset: 0x010 (R/ ) Mailbox Doorbell Channel Window Mask Status */
+ const volatile uint32_t mdbcw_msk_st;
+ /* Offset: 0x014 ( /W) Mailbox Doorbell Channel Window Mask Set */
+ volatile uint32_t mdbcw_msk_set;
+ /* Offset: 0x018 ( /W) Mailbox Doorbell Channel Window Mask Clear */
+ volatile uint32_t mdbcw_msk_clr;
+ /* Offset: 0x01C (R/W) Mailbox Doorbell Channel Window Control */
+ volatile uint32_t mdbcw_ctrl;
+};
+
+/**
+ * Mailbox structure
+ */
+struct _mhu_v3_x_mbx {
+ /* Mailbox control */
+ struct _mhu_v3_x_mbx_ctrl_reg_t mbx_ctrl_page;
+ /* Mailbox Doorbell Channel Window */
+ struct _mhu_v3_x_mdbcw_reg_t mdbcw_page;
+};
+
+/**
+ * MHUv3 frame type
+ */
+union _mhu_v3_x_frame_t {
+ /* Postbox Frame */
+ struct _mhu_v3_x_pbx pbx_frame;
+ /* Mailbox Frame */
+ struct _mhu_v3_x_mbx mbx_frame;
+};
+
+#endif /* MHU_V3_X_PRIVATE_H */
diff --git a/drivers/arm/mhu/mhu_wrapper_v3_x.c b/drivers/arm/mhu/mhu_wrapper_v3_x.c
new file mode 100644
index 0000000..b3d51e3
--- /dev/null
+++ b/drivers/arm/mhu/mhu_wrapper_v3_x.c
@@ -0,0 +1,462 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>
+
+#include <drivers/arm/mhu.h>
+
+#include "mhu_v3_x.h"
+
+#define MHU_NOTIFY_VALUE U(1234)
+
+#ifndef ALIGN_UP
+#define ALIGN_UP(num, align) (((num) + ((align) - 1)) & ~((align) - 1))
+#endif
+
+/*
+ * MHUv3 Wrapper utility macros
+ */
+#define IS_ALIGNED(val, align) (val == ALIGN_UP(val, align))
+
+/*
+ * MHU devices for host:
+ * HSE: Host to Secure Enclave (sender device)
+ * SEH: Secure Enclave to Host (receiver device)
+ */
+struct mhu_v3_x_dev_t mhu_hse_dev = {0, MHU_V3_X_PBX_FRAME};
+struct mhu_v3_x_dev_t mhu_seh_dev = {0, MHU_V3_X_MBX_FRAME};
+
+/* MHUv3 driver error to MHUv3 wrapper error mapping */
+static enum mhu_error_t error_mapping_to_mhu_error_t(enum mhu_v3_x_error_t err)
+{
+ switch (err) {
+ case MHU_V_3_X_ERR_NONE:
+ return MHU_ERR_NONE;
+
+ case MHU_V_3_X_ERR_NOT_INIT:
+ return MHU_ERR_NOT_INIT;
+
+ case MHU_V_3_X_ERR_UNSUPPORTED_VERSION:
+ return MHU_ERR_UNSUPPORTED_VERSION;
+
+ case MHU_V_3_X_ERR_UNSUPPORTED:
+ return MHU_ERR_UNSUPPORTED;
+
+ case MHU_V_3_X_ERR_INVALID_PARAM:
+ return MHU_ERR_INVALID_ARG;
+
+ default:
+ return MHU_ERR_GENERAL;
+ }
+}
+
+static enum mhu_error_t signal_and_wait_for_clear(
+ void *mhu_sender_dev, uint32_t value)
+{
+ enum mhu_v3_x_error_t err;
+ struct mhu_v3_x_dev_t *dev;
+ uint8_t num_channels;
+ uint32_t read_val;
+
+ dev = (struct mhu_v3_x_dev_t *)mhu_sender_dev;
+
+ if ((dev == NULL) || (dev->base == 0)) {
+ return MHU_ERR_INVALID_ARG;
+ }
+
+ err = mhu_v3_x_get_num_channel_implemented(dev,
+ MHU_V3_X_CHANNEL_TYPE_DBCH, &num_channels);
+ if (err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(err);
+ }
+
+ /* Wait for any pending acknowledgment from transmitter side */
+ do {
+ err = mhu_v3_x_doorbell_read(dev, num_channels - 1, &read_val);
+ if (err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(err);
+ }
+ } while ((read_val & value) == value);
+
+ /* Use the last channel to notify that a transfer is ready */
+ err = mhu_v3_x_doorbell_write(dev, num_channels - 1, value);
+ if (err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(err);
+ }
+
+ /* Wait until receiver side acknowledges the transfer */
+ do {
+ err = mhu_v3_x_doorbell_read(dev, num_channels - 1, &read_val);
+ if (err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(err);
+ }
+ } while ((read_val & value) == value);
+
+ return error_mapping_to_mhu_error_t(MHU_V_3_X_ERR_NONE);
+}
+
+static enum mhu_error_t wait_for_signal(
+ void *mhu_receiver_dev, uint32_t value)
+{
+ enum mhu_v3_x_error_t err;
+ struct mhu_v3_x_dev_t *dev;
+ uint32_t read_val;
+ uint8_t num_channels;
+
+ dev = (struct mhu_v3_x_dev_t *)mhu_receiver_dev;
+
+ if ((dev == NULL) || (dev->base == 0)) {
+ return MHU_ERR_INVALID_ARG;
+ }
+
+ err = mhu_v3_x_get_num_channel_implemented(dev,
+ MHU_V3_X_CHANNEL_TYPE_DBCH, &num_channels);
+ if (err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(err);
+ }
+
+ do {
+ err = mhu_v3_x_doorbell_read(dev, num_channels - 1, &read_val);
+ if (err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(err);
+ }
+ } while (read_val != value);
+
+ return error_mapping_to_mhu_error_t(err);
+}
+
+static enum mhu_error_t clear_and_wait_for_signal(
+ void *mhu_receiver_dev, uint32_t value)
+{
+ enum mhu_v3_x_error_t err;
+ struct mhu_v3_x_dev_t *dev;
+ uint8_t num_channels;
+
+ dev = (struct mhu_v3_x_dev_t *)mhu_receiver_dev;
+
+ if ((dev == NULL) || (dev->base == 0)) {
+ return MHU_ERR_INVALID_ARG;
+ }
+
+ err = mhu_v3_x_get_num_channel_implemented(dev,
+ MHU_V3_X_CHANNEL_TYPE_DBCH, &num_channels);
+ if (err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(err);
+ }
+
+ /* Clear all channels */
+ for (int i = 0; i < num_channels; i++) {
+ err = mhu_v3_x_doorbell_clear(dev, i, UINT32_MAX);
+ if (err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(err);
+ }
+ }
+
+ return wait_for_signal(mhu_receiver_dev, value);
+}
+
+static enum mhu_error_t validate_buffer_params(uintptr_t buf_addr)
+{
+ if ((buf_addr == 0) || (!IS_ALIGNED(buf_addr, sizeof(uint32_t)))) {
+ return MHU_ERR_INVALID_ARG;
+ }
+
+ return MHU_ERR_NONE;
+}
+
+enum mhu_error_t mhu_init_sender(uintptr_t mhu_sender_base)
+{
+ enum mhu_v3_x_error_t err;
+ struct mhu_v3_x_dev_t *dev;
+ uint8_t num_ch;
+ uint32_t ch;
+
+ assert(mhu_sender_base != (uintptr_t)NULL);
+
+ mhu_hse_dev.base = mhu_sender_base;
+ dev = (struct mhu_v3_x_dev_t *)&mhu_hse_dev;
+
+ /* Initialize MHUv3 */
+ err = mhu_v3_x_driver_init(dev);
+ if (err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(err);
+ }
+
+ /* Read the number of doorbell channels implemented in the MHU */
+ err = mhu_v3_x_get_num_channel_implemented(
+ dev, MHU_V3_X_CHANNEL_TYPE_DBCH, &num_ch);
+ if (err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(err);
+ } else if (num_ch < 2) {
+ /* This wrapper requires at least two channels implemented */
+ return MHU_ERR_UNSUPPORTED;
+ }
+
+ /*
+ * The sender polls the postbox doorbell channel window status register
+ * to get notified about successful transfer. So, disable the doorbell
+ * channel's contribution to postbox combined interrupt.
+ *
+ * Also, clear and disable the postbox doorbell channel transfer
+ * acknowledge interrupt.
+ */
+ for (ch = 0; ch < num_ch; ch++) {
+ err = mhu_v3_x_channel_interrupt_disable(
+ dev, ch, MHU_V3_X_CHANNEL_TYPE_DBCH);
+ if (err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(err);
+ }
+ }
+
+ return MHU_ERR_NONE;
+}
+
+enum mhu_error_t mhu_init_receiver(uintptr_t mhu_receiver_base)
+{
+ enum mhu_v3_x_error_t err;
+ struct mhu_v3_x_dev_t *dev;
+ uint32_t ch;
+ uint8_t num_ch;
+
+ assert(mhu_receiver_base != (uintptr_t)NULL);
+
+ mhu_seh_dev.base = mhu_receiver_base;
+ dev = (struct mhu_v3_x_dev_t *)&mhu_seh_dev;
+
+ /* Initialize MHUv3 */
+ err = mhu_v3_x_driver_init(dev);
+ if (err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(err);
+ }
+
+ /* Read the number of doorbell channels implemented in the MHU */
+ err = mhu_v3_x_get_num_channel_implemented(
+ dev, MHU_V3_X_CHANNEL_TYPE_DBCH, &num_ch);
+ if (err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(err);
+ } else if (num_ch < 2) {
+ /* This wrapper requires at least two channels implemented */
+ return MHU_ERR_UNSUPPORTED;
+ }
+
+ /* Mask all channels except the notifying channel */
+ for (ch = 0; ch < (num_ch - 1); ch++) {
+ /* Mask interrupts on channels used for data */
+ err = mhu_v3_x_doorbell_mask_set(dev, ch, UINT32_MAX);
+ if (err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(err);
+ }
+ }
+
+ /* Unmask doorbell notification channel interrupt */
+ err = mhu_v3_x_doorbell_mask_clear(dev, (num_ch - 1), UINT32_MAX);
+ if (err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(err);
+ }
+
+ /*
+ * Enable the doorbell channel's contribution to mailbox combined
+ * interrupt.
+ */
+ err = mhu_v3_x_channel_interrupt_enable(dev, (num_ch - 1),
+ MHU_V3_X_CHANNEL_TYPE_DBCH);
+ if (err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(err);
+ }
+
+ return MHU_ERR_NONE;
+}
+
+/*
+ * Public function. See mhu.h
+ *
+ * The basic steps of transferring a message:
+ * 1. Send the size of the payload on Channel 0. It is the very first Bytes of
+ * the transfer. Continue with Channel 1.
+ * 2. Send the payload, writing the channels one after the other (4 Bytes
+ * each). The last available channel is reserved for controlling the
+ * transfer. When the last channel is reached or no more data is left, STOP.
+ * 3. Notify the receiver using the last channel and wait for acknowledge. If
+ * there is still data to transfer, jump to step 2. Otherwise, proceed.
+ *
+ */
+enum mhu_error_t mhu_send_data(const uint8_t *send_buffer, size_t size)
+{
+ enum mhu_error_t mhu_err;
+ enum mhu_v3_x_error_t mhu_v3_err;
+ uint8_t num_channels;
+ uint8_t chan;
+ uint32_t *buffer;
+ struct mhu_v3_x_dev_t *dev;
+
+ if (size == 0) {
+ return MHU_ERR_NONE;
+ }
+
+ dev = (struct mhu_v3_x_dev_t *)&mhu_hse_dev;
+ chan = 0;
+
+ if ((dev == NULL) || (dev->base == 0)) {
+ return MHU_ERR_INVALID_ARG;
+ }
+
+ mhu_err = validate_buffer_params((uintptr_t)send_buffer);
+ if (mhu_err != MHU_ERR_NONE) {
+ return mhu_err;
+ }
+
+ mhu_v3_err = mhu_v3_x_get_num_channel_implemented(dev,
+ MHU_V3_X_CHANNEL_TYPE_DBCH, &num_channels);
+ if (mhu_v3_err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(mhu_v3_err);
+ }
+
+ /* First send the size of the actual message. */
+ mhu_v3_err = mhu_v3_x_doorbell_write(dev, chan, (uint32_t)size);
+ if (mhu_v3_err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(mhu_v3_err);
+ }
+ chan++;
+
+ buffer = (uint32_t *)send_buffer;
+ for (size_t i = 0; i < size; i += 4) {
+ mhu_v3_err = mhu_v3_x_doorbell_write(dev, chan, *buffer++);
+ if (mhu_v3_err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(mhu_v3_err);
+ }
+
+ if (++chan == (num_channels - 1)) {
+ /* Use the last channel to notify transfer complete */
+ mhu_err = signal_and_wait_for_clear(
+ dev, MHU_NOTIFY_VALUE);
+ if (mhu_err != MHU_ERR_NONE) {
+ return mhu_err;
+ }
+ chan = 0;
+ }
+ }
+
+ if (chan != 0) {
+ /* Use the last channel to notify transfer complete */
+ mhu_err = signal_and_wait_for_clear(dev, MHU_NOTIFY_VALUE);
+ if (mhu_err != MHU_ERR_NONE) {
+ return mhu_err;
+ }
+ }
+
+ return MHU_ERR_NONE;
+}
+
+/*
+ * Public function. See mhu.h
+ *
+ * The basic steps of receiving a message:
+ * 1. Read the size of the payload from Channel 0. It is the very first
+ * 4 Bytes of the transfer. Continue with Channel 1.
+ * 2. Receive the payload, read the channels one after the other
+ * (4 Bytes each). The last available channel is reserved for controlling
+ * the transfer.
+ * When the last channel is reached clear all the channels
+ * (also sending an acknowledge on the last channel).
+ * 3. If there is still data to receive wait for a notification on the last
+ * channel and jump to step 2 as soon as it arrived. Otherwise, proceed.
+ *
+ */
+enum mhu_error_t mhu_receive_data(uint8_t *receive_buffer, size_t *size)
+{
+ enum mhu_error_t mhu_err;
+ enum mhu_v3_x_error_t mhu_v3_err;
+ uint32_t msg_len;
+ uint8_t num_channels;
+ uint8_t chan;
+ uint32_t *buffer;
+ struct mhu_v3_x_dev_t *dev;
+
+ dev = (struct mhu_v3_x_dev_t *)&mhu_seh_dev;
+ chan = 0;
+
+ mhu_err = validate_buffer_params((uintptr_t)receive_buffer);
+ if (mhu_err != MHU_ERR_NONE) {
+ return mhu_err;
+ }
+
+ mhu_v3_err = mhu_v3_x_get_num_channel_implemented(dev,
+ MHU_V3_X_CHANNEL_TYPE_DBCH, &num_channels);
+ if (mhu_v3_err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(mhu_v3_err);
+ }
+
+ /* Busy wait for incoming reply */
+ mhu_err = wait_for_signal(dev, MHU_NOTIFY_VALUE);
+ if (mhu_err != MHU_ERR_NONE) {
+ return mhu_err;
+ }
+
+ /* The first word is the length of the actual message. */
+ mhu_v3_err = mhu_v3_x_doorbell_read(dev, chan, &msg_len);
+ if (mhu_v3_err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(mhu_v3_err);
+ }
+ chan++;
+
+ if (*size < msg_len) {
+ /* Message buffer too small */
+ *size = msg_len;
+ return MHU_ERR_BUFFER_TOO_SMALL;
+ }
+
+ buffer = (uint32_t *)receive_buffer;
+ for (size_t i = 0; i < msg_len; i += 4) {
+ mhu_v3_err = mhu_v3_x_doorbell_read(dev, chan, buffer++);
+ if (mhu_v3_err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(mhu_v3_err);
+ }
+
+ /* Only wait for next transfer if still missing data. */
+ if (++chan == (num_channels - 1) && (msg_len - i) > 4) {
+ /* Busy wait for next transfer */
+ mhu_err = clear_and_wait_for_signal(
+ dev, MHU_NOTIFY_VALUE);
+ if (mhu_err != MHU_ERR_NONE) {
+ return mhu_err;
+ }
+ chan = 0;
+ }
+ }
+
+ /* Clear all channels */
+ for (uint8_t i = U(0); i < num_channels; i++) {
+ mhu_v3_err = mhu_v3_x_doorbell_clear(dev, i, UINT32_MAX);
+ if (mhu_v3_err != MHU_V_3_X_ERR_NONE) {
+ return error_mapping_to_mhu_error_t(mhu_v3_err);
+ }
+ }
+
+ *size = msg_len;
+
+ return MHU_ERR_NONE;
+}
+
+size_t mhu_get_max_message_size(void)
+{
+ enum mhu_v3_x_error_t err;
+ uint8_t num_channels;
+
+ err = mhu_v3_x_get_num_channel_implemented(&mhu_seh_dev,
+ MHU_V3_X_CHANNEL_TYPE_DBCH, &num_channels);
+
+ assert(err == MHU_V_3_X_ERR_NONE);
+ assert(num_channels != U(0));
+ /*
+ * Returns only usable size of memory. As one channel is specifically
+ * used to inform about the size of payload, discard it from available
+ * memory size.
+ */
+ return (num_channels - 1) * sizeof(uint32_t);
+}
diff --git a/drivers/arm/rss/rss_comms.mk b/drivers/arm/rss/rss_comms.mk
index c1c994b..0d1e308 100644
--- a/drivers/arm/rss/rss_comms.mk
+++ b/drivers/arm/rss/rss_comms.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2022, Arm Limited. All rights reserved.
+# Copyright (c) 2022-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -13,10 +13,22 @@
rss_comms_protocol_pointer_access.c \
)
+# Default to MHUv2 if PLAT_MHU_VERSION undefined
+PLAT_MHU_VERSION ?= 2
+
+ifeq (${PLAT_MHU_VERSION}, 3)
+RSS_COMMS_SOURCES += $(addprefix drivers/arm/mhu/, \
+ mhu_v3_x.c \
+ mhu_wrapper_v3_x.c \
+ )
+else ifeq (${PLAT_MHU_VERSION}, 2)
RSS_COMMS_SOURCES += $(addprefix drivers/arm/mhu/, \
mhu_v2_x.c \
mhu_wrapper_v2_x.c \
)
+else
+$(error Unsupported MHU version)
+endif
PLAT_INCLUDES += -Idrivers/arm/rss \
-Idrivers/arm/mhu
diff --git a/drivers/auth/auth_mod.c b/drivers/auth/auth_mod.c
index 608866c..8c5ff9d 100644
--- a/drivers/auth/auth_mod.c
+++ b/drivers/auth/auth_mod.c
@@ -328,7 +328,6 @@
unsigned int data_len, len, i;
unsigned int plat_nv_ctr;
int rc;
- bool is_trial_run = false;
/* Get the counter value from current image. The AM expects the IPM
* to return the counter value as a DER encoded integer */
@@ -388,9 +387,14 @@
return 1;
} else if (*cert_nv_ctr > plat_nv_ctr) {
#if PSA_FWU_SUPPORT && IMAGE_BL2
- is_trial_run = fwu_is_trial_run_state();
+ if (fwu_get_active_bank_state() == FWU_BANK_STATE_ACCEPTED) {
+ *need_nv_ctr_upgrade = true;
+ } else {
+ *need_nv_ctr_upgrade = false;
+ }
+#else
+ *need_nv_ctr_upgrade = true;
#endif /* PSA_FWU_SUPPORT && IMAGE_BL2 */
- *need_nv_ctr_upgrade = !is_trial_run;
}
return 0;
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index a2c6430..2bb23f9 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015-2023, Arm Limited. All rights reserved.
+# Copyright (c) 2015-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -19,16 +19,15 @@
MBEDTLS_MINOR=$(shell grep -hP "define MBEDTLS_VERSION_MINOR" ${MBEDTLS_DIR}/include/mbedtls/*.h | grep -oe '\([0-9.]*\)')
$(info MBEDTLS_VERSION_MAJOR is [${MBEDTLS_MAJOR}] MBEDTLS_VERSION_MINOR is [${MBEDTLS_MINOR}])
+ifneq (${MBEDTLS_MAJOR}, 3)
+ $(error Error: TF-A only supports MbedTLS versions > 3.x)
+endif
+
# Specify mbed TLS configuration file
-ifeq (${MBEDTLS_MAJOR}, 2)
- $(info Deprecation Notice: Please migrate to Mbedtls version 3.x (refer to TF-A documentation for the exact version number))
- MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-2.h>"
-else ifeq (${MBEDTLS_MAJOR}, 3)
- ifeq (${PSA_CRYPTO},1)
- MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/psa_mbedtls_config.h>"
- else
- MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-3.h>"
- endif
+ifeq (${PSA_CRYPTO},1)
+ MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/psa_mbedtls_config.h>"
+else
+ MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-3.h>"
endif
$(eval $(call add_define,MBEDTLS_CONFIG_FILE))
@@ -42,11 +41,13 @@
cipher.c \
cipher_wrap.c \
constant_time.c \
+ hash_info.c \
memory_buffer_alloc.c \
oid.c \
platform.c \
platform_util.c \
bignum.c \
+ bignum_core.c \
gcm.c \
md.c \
pk.c \
@@ -59,28 +60,17 @@
ecp_curves.c \
ecp.c \
rsa.c \
+ rsa_alt_helpers.c \
x509.c \
x509_crt.c \
)
-ifeq (${MBEDTLS_MAJOR}, 2)
- LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \
- rsa_internal.c \
- )
-else ifeq (${MBEDTLS_MAJOR}, 3)
- LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \
- bignum_core.c \
- rsa_alt_helpers.c \
- hash_info.c \
- )
-
- # Currently on Mbedtls-3 there is outstanding bug due to usage
- # of redundant declaration[1], So disable redundant-decls
- # compilation flag to avoid compilation error when compiling with
- # Mbedtls-3.
- # [1]: https://github.com/Mbed-TLS/mbedtls/issues/6910
- LIBMBEDTLS_CFLAGS += -Wno-error=redundant-decls
-endif
+# Currently on Mbedtls-3 there is outstanding bug due to usage
+# of redundant declaration[1], So disable redundant-decls
+# compilation flag to avoid compilation error when compiling with
+# Mbedtls-3.
+# [1]: https://github.com/Mbed-TLS/mbedtls/issues/6910
+LIBMBEDTLS_CFLAGS += -Wno-error=redundant-decls
ifeq (${PSA_CRYPTO},1)
LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \
diff --git a/drivers/fwu/fwu.c b/drivers/fwu/fwu.c
index ff432be..b6f06e0 100644
--- a/drivers/fwu/fwu.c
+++ b/drivers/fwu/fwu.c
@@ -24,6 +24,17 @@
CASSERT((offsetof(struct fwu_metadata, crc_32) == 0),
crc_32_must_be_first_member_of_structure);
+/*
+ * Ensure that the NR_OF_FW_BANKS selected by the platform is not
+ * zero and not greater than the maximum number of banks allowed
+ * by the specification.
+ */
+CASSERT((NR_OF_FW_BANKS > 0) && (NR_OF_FW_BANKS <= NR_OF_MAX_FW_BANKS),
+ assert_fwu_num_banks_invalid_value);
+
+#define FWU_METADATA_VERSION 2U
+#define FWU_FW_STORE_DESC_OFFSET 0x20U
+
static struct fwu_metadata metadata;
static bool is_metadata_initialized __unused;
@@ -51,16 +62,54 @@
/*******************************************************************************
* Check the sanity of FWU metadata.
*
- * return -1 on error, otherwise 0
+ * return -EINVAL on error, otherwise 0
******************************************************************************/
static int fwu_metadata_sanity_check(void)
{
- /* ToDo: add more conditions for sanity check */
- if ((metadata.active_index >= NR_OF_FW_BANKS) ||
- (metadata.previous_active_index >= NR_OF_FW_BANKS)) {
- return -1;
+ if (metadata.version != FWU_METADATA_VERSION) {
+ WARN("Incorrect FWU Metadata version of %u\n",
+ metadata.version);
+ return -EINVAL;
+ }
+
+ if (metadata.active_index >= NR_OF_FW_BANKS) {
+ WARN("Active Index value(%u) greater than the configured value(%d)",
+ metadata.active_index, NR_OF_FW_BANKS);
+ return -EINVAL;
+ }
+
+ if (metadata.previous_active_index >= NR_OF_FW_BANKS) {
+ WARN("Previous Active Index value(%u) greater than the configured value(%d)",
+ metadata.previous_active_index, NR_OF_FW_BANKS);
+ return -EINVAL;
+ }
+
+#if PSA_FWU_METADATA_FW_STORE_DESC
+ if (metadata.fw_desc.num_banks != NR_OF_FW_BANKS) {
+ WARN("Number of Banks(%u) in FWU Metadata different from the configured value(%d)",
+ metadata.fw_desc.num_banks, NR_OF_FW_BANKS);
+ return -EINVAL;
}
+ if (metadata.fw_desc.num_images != NR_OF_IMAGES_IN_FW_BANK) {
+ WARN("Number of Images(%u) in FWU Metadata different from the configured value(%d)",
+ metadata.fw_desc.num_images, NR_OF_IMAGES_IN_FW_BANK);
+ return -EINVAL;
+ }
+
+ if (metadata.desc_offset != FWU_FW_STORE_DESC_OFFSET) {
+ WARN("Descriptor Offset(0x%x) in the FWU Metadata not equal to 0x20\n",
+ metadata.desc_offset);
+ return -EINVAL;
+ }
+#else
+ if (metadata.desc_offset != 0U) {
+ WARN("Descriptor offset has non zero value of 0x%x\n",
+ metadata.desc_offset);
+ return -EINVAL;
+ }
+#endif
+
return 0;
}
@@ -133,28 +182,80 @@
}
/*******************************************************************************
- * The system runs in the trial run state if any of the images in the active
- * firmware bank has not been accepted yet.
+ * Check for an alternate bank for the platform to boot from. This function will
+ * mostly be called whenever the count of the number of times a platform boots
+ * in the Trial State exceeds a pre-set limit.
+ * The function first checks if the platform can boot from the previously active
+ * bank. If not, it tries to find another bank in the accepted state.
+ * And finally, if both the checks fail, as a last resort, it tries to find
+ * a valid bank.
*
- * Returns true if the system is running in the trial state.
+ * Returns the index of a bank to boot, else returns invalid index
+ * INVALID_BOOT_IDX.
******************************************************************************/
-bool fwu_is_trial_run_state(void)
+uint32_t fwu_get_alternate_boot_bank(void)
{
- bool trial_run = false;
+ uint32_t i;
- assert(is_metadata_initialized);
+ /* First check if the previously active bank can be used */
+ if (metadata.bank_state[metadata.previous_active_index] ==
+ FWU_BANK_STATE_ACCEPTED) {
+ return metadata.previous_active_index;
+ }
- for (unsigned int i = 0U; i < NR_OF_IMAGES_IN_FW_BANK; i++) {
- struct fwu_image_entry *entry = &metadata.img_entry[i];
- struct fwu_image_properties *img_props =
- &entry->img_props[metadata.active_index];
- if (img_props->accepted == 0) {
- trial_run = true;
- break;
+ /* Now check for any other bank in the accepted state */
+ for (i = 0U; i < NR_OF_FW_BANKS; i++) {
+ if (i == metadata.active_index ||
+ i == metadata.previous_active_index) {
+ continue;
+ }
+
+ if (metadata.bank_state[i] == FWU_BANK_STATE_ACCEPTED) {
+ return i;
}
}
- return trial_run;
+ /*
+ * No accepted bank found. Now try booting from a valid bank.
+ * Give priority to the previous active bank.
+ */
+ if (metadata.bank_state[metadata.previous_active_index] ==
+ FWU_BANK_STATE_VALID) {
+ return metadata.previous_active_index;
+ }
+
+ for (i = 0U; i < NR_OF_FW_BANKS; i++) {
+ if (i == metadata.active_index ||
+ i == metadata.previous_active_index) {
+ continue;
+ }
+
+ if (metadata.bank_state[i] == FWU_BANK_STATE_VALID) {
+ return i;
+ }
+ }
+
+ return INVALID_BOOT_IDX;
+}
+
+/*******************************************************************************
+ * The platform can be in one of Valid, Invalid or Accepted states.
+ *
+ * Invalid - One or more images in the bank are corrupted, or partially
+ * overwritten. The bank is not to be used for booting.
+ *
+ * Valid - All images of the bank are valid but at least one image has not
+ * been accepted. This implies that the platform is in Trial State.
+ *
+ * Accepted - All images of the bank are valid and accepted.
+ *
+ * Returns the state of the current active bank
+ ******************************************************************************/
+uint32_t fwu_get_active_bank_state(void)
+{
+ assert(is_metadata_initialized);
+
+ return metadata.bank_state[metadata.active_index];
}
const struct fwu_metadata *fwu_get_metadata(void)
diff --git a/drivers/measured_boot/rss/dice_prot_env.c b/drivers/measured_boot/rss/dice_prot_env.c
new file mode 100644
index 0000000..81a21d1
--- /dev/null
+++ b/drivers/measured_boot/rss/dice_prot_env.c
@@ -0,0 +1,193 @@
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <stdint.h>
+#include <string.h>
+
+#include <psa/crypto_types.h>
+#include <psa/crypto_values.h>
+
+#include <common/debug.h>
+#include <drivers/auth/crypto_mod.h>
+#include <drivers/measured_boot/rss/dice_prot_env.h>
+#include <lib/cassert.h>
+#include <lib/psa/dice_protection_environment.h>
+
+#include <platform_def.h>
+
+#define DPE_ALG_SHA512 0
+#define DPE_ALG_SHA384 1
+#define DPE_ALG_SHA256 2
+
+#if DPE_ALG_ID == DPE_ALG_SHA512
+#define CRYPTO_MD_ID CRYPTO_MD_SHA512
+#define PSA_CRYPTO_MD_ID PSA_ALG_SHA_512
+#elif DPE_ALG_ID == DPE_ALG_SHA384
+#define CRYPTO_MD_ID CRYPTO_MD_SHA384
+#define PSA_CRYPTO_MD_ID PSA_ALG_SHA_384
+#elif DPE_ALG_ID == DPE_ALG_SHA256
+#define CRYPTO_MD_ID CRYPTO_MD_SHA256
+#define PSA_CRYPTO_MD_ID PSA_ALG_SHA_256
+#else
+# error Invalid DPE hash algorithm.
+#endif /* DPE_ALG_ID */
+
+/* Ensure that computed hash values fits into the DiceInputValues structure */
+CASSERT(DICE_HASH_SIZE >= DPE_DIGEST_SIZE,
+ assert_digest_size_bigger_than_allocated_buffer);
+
+static int initial_context_handle;
+
+static void map_metadata_to_dice_inputs(struct dpe_metadata *metadata,
+ DiceInputValues *dice_inputs)
+{
+ /* Hash of the content certificate signing key (public part) */
+ memcpy(dice_inputs->authority_hash, metadata->signer_id,
+ DPE_DIGEST_SIZE);
+
+ /* SW type string identifier */
+ assert(metadata->sw_type_size < DICE_CODE_DESCRIPTOR_MAX_SIZE);
+ dice_inputs->code_descriptor = metadata->sw_type;
+ dice_inputs->code_descriptor_size = metadata->sw_type_size;
+}
+
+void dpe_init(struct dpe_metadata *metadata)
+{
+ assert(metadata != NULL);
+
+ /* Init the non-const members of the metadata structure */
+ while (metadata->id != DPE_INVALID_ID) {
+ /* Terminating 0 character is not needed due to CBOR encoding */
+ metadata->sw_type_size =
+ strlen((const char *)&metadata->sw_type);
+ metadata++;
+ }
+
+ plat_dpe_get_context_handle(&initial_context_handle);
+}
+
+int dpe_measure_and_record(struct dpe_metadata *metadata,
+ uintptr_t data_base, uint32_t data_size,
+ uint32_t data_id)
+{
+ static int current_context_handle;
+ DiceInputValues dice_inputs = { 0 };
+ int new_parent_context_handle;
+ int new_context_handle;
+ dpe_error_t ret;
+ int rc;
+
+ assert(metadata != NULL);
+
+ /* Get the metadata associated with this image. */
+ while ((metadata->id != DPE_INVALID_ID) && (metadata->id != data_id)) {
+ metadata++;
+ }
+
+ /* If image is not present in metadata array then skip */
+ if (metadata->id == DPE_INVALID_ID) {
+ return 0;
+ }
+
+ /* Calculate hash */
+ rc = crypto_mod_calc_hash(CRYPTO_MD_ID,
+ (void *)data_base, data_size,
+ dice_inputs.code_hash);
+ if (rc != 0) {
+ return rc;
+ }
+
+ map_metadata_to_dice_inputs(metadata, &dice_inputs);
+
+ /* Only at the first call */
+ if (current_context_handle == 0) {
+ current_context_handle = initial_context_handle;
+ }
+
+ VERBOSE("Calling dpe_derive_context, image_id: %d\n", metadata->id);
+ ret = dpe_derive_context(current_context_handle,
+ metadata->cert_id,
+ metadata->retain_parent_context,
+ metadata->allow_new_context_to_derive,
+ metadata->create_certificate,
+ &dice_inputs,
+ 0, /* target_locality */
+ false, /* return_certificate */
+ true, /* allow_new_context_to_export */
+ false, /* export_cdi */
+ &new_context_handle,
+ &new_parent_context_handle,
+ NULL, 0, NULL, /* new_certificate_* */
+ NULL, 0, NULL); /* exported_cdi_* */
+ if (ret == DPE_NO_ERROR) {
+ current_context_handle = new_parent_context_handle;
+ if (metadata->allow_new_context_to_derive == true) {
+ /* Share new_context_handle with child component:
+ * e.g: BL2, BL33.
+ */
+ VERBOSE("Share new_context_handle with child: 0x%x\n",
+ new_context_handle);
+ plat_dpe_share_context_handle(&new_context_handle);
+ }
+ } else {
+ ERROR("dpe_derive_context failed: %d\n", ret);
+ }
+
+ return (ret == DPE_NO_ERROR) ? 0 : -1;
+}
+
+int dpe_set_signer_id(struct dpe_metadata *metadata,
+ const void *pk_oid,
+ const void *pk_ptr,
+ size_t pk_len)
+{
+ unsigned char hash_data[CRYPTO_MD_MAX_SIZE];
+ int rc;
+ bool hash_calc_done = false;
+
+ assert(metadata != NULL);
+
+ /*
+ * Do an exhaustive search over the platform metadata to find
+ * all images whose key OID matches the one passed in argument.
+ *
+ * Note that it is not an error if do not get any matches.
+ * The platform may decide not to measure all of the images
+ * in the system.
+ */
+ while (metadata->id != DPE_INVALID_ID) {
+ /* Get the metadata associated with this key-oid */
+ if (metadata->pk_oid == pk_oid) {
+ if (hash_calc_done == false) {
+ /* Calculate public key hash */
+ rc = crypto_mod_calc_hash(CRYPTO_MD_ID,
+ (void *)pk_ptr,
+ pk_len, hash_data);
+ if (rc != 0) {
+ return rc;
+ }
+
+ hash_calc_done = true;
+ }
+
+ /*
+ * Fill the signer-ID field with the newly/already
+ * computed hash of the public key and update its
+ * signer ID size field with compile-time decided
+ * digest size.
+ */
+ (void)memcpy(metadata->signer_id,
+ hash_data,
+ DPE_DIGEST_SIZE);
+ metadata->signer_id_size = DPE_DIGEST_SIZE;
+ }
+
+ metadata++;
+ }
+
+ return 0;
+}
diff --git a/drivers/measured_boot/rss/dice_prot_env.mk b/drivers/measured_boot/rss/dice_prot_env.mk
new file mode 100644
index 0000000..c5a35e0
--- /dev/null
+++ b/drivers/measured_boot/rss/dice_prot_env.mk
@@ -0,0 +1,29 @@
+#
+# Copyright (c) 2024, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+# Hash algorithm for DICE Protection Environment
+# SHA-256 (or stronger) is required.
+DPE_HASH_ALG := sha256
+
+ifeq (${DPE_HASH_ALG}, sha512)
+ DPE_ALG_ID := DPE_ALG_SHA512
+ DPE_DIGEST_SIZE := 64U
+else ifeq (${DPE_HASH_ALG}, sha384)
+ DPE_ALG_ID := DPE_ALG_SHA384
+ DPE_DIGEST_SIZE := 48U
+else
+ DPE_ALG_ID := DPE_ALG_SHA256
+ DPE_DIGEST_SIZE := 32U
+endif #DPE_HASH_ALG
+
+# Set definitions for DICE Protection Environment
+$(eval $(call add_defines,\
+ $(sort \
+ DPE_ALG_ID \
+ DPE_DIGEST_SIZE \
+)))
+
+DPE_SOURCES += drivers/measured_boot/rss/dice_prot_env.c
diff --git a/drivers/measured_boot/rss/qcbor.mk b/drivers/measured_boot/rss/qcbor.mk
new file mode 100644
index 0000000..2146e5d
--- /dev/null
+++ b/drivers/measured_boot/rss/qcbor.mk
@@ -0,0 +1,23 @@
+#
+# Copyright (c) 2024, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+# TF-A was tested with v1.2 version of QCBOR
+
+ifeq (${QCBOR_DIR},)
+ $(error Error: QCBOR_DIR not set)
+endif
+
+QCBOR_SOURCES += ${QCBOR_DIR}/src/qcbor_encode.c \
+ ${QCBOR_DIR}/src/qcbor_decode.c \
+ ${QCBOR_DIR}/src/UsefulBuf.c
+
+QCBOR_INCLUDES += ${QCBOR_DIR}/inc
+
+# Floating point numbers are not used, so disable the support.
+# This reduces the library size as well.
+$(eval $(call add_define,QCBOR_DISABLE_FLOAT_HW_USE))
+$(eval $(call add_define,USEFULBUF_DISABLE_ALL_FLOAT))
+$(eval $(call add_define,QCBOR_DISABLE_PREFERRED_FLOAT))
diff --git a/drivers/measured_boot/rss/rss_measured_boot.c b/drivers/measured_boot/rss/rss_measured_boot.c
index 258aa8d..c44ec73 100644
--- a/drivers/measured_boot/rss/rss_measured_boot.c
+++ b/drivers/measured_boot/rss/rss_measured_boot.c
@@ -128,7 +128,7 @@
while (metadata_ptr->id != RSS_MBOOT_INVALID_ID) {
/* Get the metadata associated with this key-oid */
if (metadata_ptr->pk_oid == pk_oid) {
- if (!hash_calc_done) {
+ if (hash_calc_done == false) {
/* Calculate public key hash */
rc = crypto_mod_calc_hash(CRYPTO_MD_ID,
(void *)pk_ptr,
diff --git a/drivers/partition/partition.c b/drivers/partition/partition.c
index 555fe7f..888a824 100644
--- a/drivers/partition/partition.c
+++ b/drivers/partition/partition.c
@@ -190,11 +190,11 @@
static int load_mbr_entries(uintptr_t image_handle)
{
mbr_entry_t mbr_entry;
- int i;
+ unsigned int i;
list.entry_count = MBR_PRIMARY_ENTRY_NUMBER;
- for (i = 0; i < list.entry_count; i++) {
+ for (i = 0U; i < list.entry_count; i++) {
load_mbr_entry(image_handle, &mbr_entry, i);
list.list[i].start = mbr_entry.first_lba * 512;
list.list[i].length = mbr_entry.sector_nums * 512;
@@ -244,7 +244,7 @@
return result;
}
- for (i = 0; i < (unsigned int)list.entry_count; i++) {
+ for (i = 0U; i < list.entry_count; i++) {
result = load_gpt_entry(image_handle, &entry);
if (result != 0) {
VERBOSE("Failed to load gpt entry data(%u) error is (%i)\n",
@@ -441,9 +441,9 @@
*/
const partition_entry_t *get_partition_entry(const char *name)
{
- int i;
+ unsigned int i;
- for (i = 0; i < list.entry_count; i++) {
+ for (i = 0U; i < list.entry_count; i++) {
if (strcmp(name, list.list[i].name) == 0) {
return &list.list[i];
}
@@ -452,14 +452,15 @@
}
/*
- * Try retrieving a partition table entry based on the GUID.
+ * Try retrieving a partition table entry based on the partition type GUID.
*/
-const partition_entry_t *get_partition_entry_by_type(const uuid_t *type_uuid)
+const partition_entry_t *get_partition_entry_by_type(
+ const struct efi_guid *type_guid)
{
- int i;
+ unsigned int i;
- for (i = 0; i < list.entry_count; i++) {
- if (guidcmp(type_uuid, &list.list[i].type_guid) == 0) {
+ for (i = 0U; i < list.entry_count; i++) {
+ if (guidcmp(type_guid, &list.list[i].type_guid) == 0) {
return &list.list[i];
}
}
@@ -468,14 +469,15 @@
}
/*
- * Try retrieving a partition table entry based on the UUID.
+ * Try retrieving a partition table entry based on the unique partition GUID.
*/
-const partition_entry_t *get_partition_entry_by_uuid(const uuid_t *part_uuid)
+const partition_entry_t *get_partition_entry_by_guid(
+ const struct efi_guid *part_guid)
{
- int i;
+ unsigned int i;
- for (i = 0; i < list.entry_count; i++) {
- if (guidcmp(part_uuid, &list.list[i].part_guid) == 0) {
+ for (i = 0U; i < list.entry_count; i++) {
+ if (guidcmp(part_guid, &list.list[i].part_guid) == 0) {
return &list.list[i];
}
}
diff --git a/drivers/rpi3/rng/rpi3_rng.c b/drivers/rpi3/rng/rpi3_rng.c
index b6bf005..16733e1 100644
--- a/drivers/rpi3/rng/rpi3_rng.c
+++ b/drivers/rpi3/rng/rpi3_rng.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -11,6 +11,19 @@
#include <rpi_hw.h>
+#define RPI3_RNG_CTRL_OFFSET ULL(0x00000000)
+#define RPI3_RNG_STATUS_OFFSET ULL(0x00000004)
+#define RPI3_RNG_DATA_OFFSET ULL(0x00000008)
+#define RPI3_RNG_INT_MASK_OFFSET ULL(0x00000010)
+/* Enable/disable RNG */
+#define RPI3_RNG_CTRL_ENABLE U(0x1)
+#define RPI3_RNG_CTRL_DISABLE U(0x0)
+/* Number of currently available words */
+#define RPI3_RNG_STATUS_NUM_WORDS_SHIFT U(24)
+#define RPI3_RNG_STATUS_NUM_WORDS_MASK U(0xFF)
+/* Value to mask interrupts caused by the RNG */
+#define RPI3_RNG_INT_MASK_DISABLE U(0x1)
+
/* Initial amount of values to discard */
#define RNG_WARMUP_COUNT U(0x40000)
diff --git a/drivers/st/clk/stm32mp1_clk.c b/drivers/st/clk/stm32mp1_clk.c
index c9c3c5f..818fd85 100644
--- a/drivers/st/clk/stm32mp1_clk.c
+++ b/drivers/st/clk/stm32mp1_clk.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2018-2022, STMicroelectronics - All Rights Reserved
+ * Copyright (C) 2018-2024, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: GPL-2.0+ OR BSD-3-Clause
*/
@@ -2326,6 +2326,17 @@
}
#endif /* STM32MP_SHARED_RESOURCES */
+void stm32mp1_clk_mcuss_protect(bool enable)
+{
+ uintptr_t rcc_base = stm32mp_rcc_base();
+
+ if (enable) {
+ mmio_setbits_32(rcc_base + RCC_TZCR, RCC_TZCR_MCKPROT);
+ } else {
+ mmio_clrbits_32(rcc_base + RCC_TZCR, RCC_TZCR_MCKPROT);
+ }
+}
+
static void sync_earlyboot_clocks_state(void)
{
unsigned int idx;
diff --git a/drivers/st/mmc/stm32_sdmmc2.c b/drivers/st/mmc/stm32_sdmmc2.c
index be722f3..66988d7 100644
--- a/drivers/st/mmc/stm32_sdmmc2.c
+++ b/drivers/st/mmc/stm32_sdmmc2.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2023, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2018-2024, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -129,7 +129,11 @@
#define DT_SDMMC2_COMPAT "st,stm32-sdmmc2"
#endif
+#if STM32MP13 || STM32MP15
#define SDMMC_FIFO_SIZE 64U
+#else
+#define SDMMC_FIFO_SIZE 1024U
+#endif
#define STM32MP_MMC_INIT_FREQ U(400000) /*400 KHz*/
#define STM32MP_SD_NORMAL_SPEED_MAX_FREQ U(25000000) /*25 MHz*/
diff --git a/include/arch/aarch64/arch.h b/include/arch/aarch64/arch.h
index 8a4c071..ee86b7e 100644
--- a/include/arch/aarch64/arch.h
+++ b/include/arch/aarch64/arch.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
* Copyright (c) 2020-2022, NVIDIA Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -1401,6 +1401,8 @@
#define RGSR_EL1 S3_0_C1_C0_5
#define GCR_EL1 S3_0_C1_C0_6
+#define GCR_EL1_RRND_BIT (UL(1) << 16)
+
/*******************************************************************************
* Armv8.5 - Random Number Generator Registers
******************************************************************************/
diff --git a/include/bl31/bl31.h b/include/bl31/bl31.h
index 1d58ef9..ed5374e 100644
--- a/include/bl31/bl31.h
+++ b/include/bl31/bl31.h
@@ -22,6 +22,5 @@
void bl31_register_rmm_init(int32_t (*func)(void));
void bl31_warm_entrypoint(void);
void bl31_main(void);
-void bl31_lib_init(void);
#endif /* BL31_H */
diff --git a/include/bl31/sync_handle.h b/include/bl31/sync_handle.h
index ae61f31..394252b 100644
--- a/include/bl31/sync_handle.h
+++ b/include/bl31/sync_handle.h
@@ -58,6 +58,8 @@
/* Handler for injecting UNDEF exception to lower EL */
void inject_undef64(cpu_context_t *ctx);
+u_register_t create_spsr(u_register_t old_spsr, unsigned int target_el);
+
/* Prototypes for system register emulation handlers provided by platforms. */
int plat_handle_impdef_trap(uint64_t esr_el3, cpu_context_t *ctx);
int plat_handle_rng_trap(uint64_t esr_el3, cpu_context_t *ctx);
diff --git a/include/drivers/arm/gicv3.h b/include/drivers/arm/gicv3.h
index cf6a746..bfda31b 100644
--- a/include/drivers/arm/gicv3.h
+++ b/include/drivers/arm/gicv3.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -588,6 +588,7 @@
void gicv3_set_interrupt_pending(unsigned int id, unsigned int proc_num);
void gicv3_clear_interrupt_pending(unsigned int id, unsigned int proc_num);
unsigned int gicv3_set_pmr(unsigned int mask);
+unsigned int gicv3_deactivate_priority(unsigned int mask);
void gicv3_get_component_prodid_rev(const uintptr_t gicd_base,
unsigned int *gic_prod_id,
diff --git a/include/drivers/auth/mbedtls/mbedtls_config-2.h b/include/drivers/auth/mbedtls/mbedtls_config-2.h
deleted file mode 100644
index 01e261a..0000000
--- a/include/drivers/auth/mbedtls/mbedtls_config-2.h
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * Copyright (c) 2015-2022, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-#ifndef MBEDTLS_CONFIG_H
-#define MBEDTLS_CONFIG_H
-
-/*
- * Key algorithms currently supported on mbed TLS libraries
- */
-#define TF_MBEDTLS_RSA 1
-#define TF_MBEDTLS_ECDSA 2
-#define TF_MBEDTLS_RSA_AND_ECDSA 3
-
-#define TF_MBEDTLS_USE_RSA (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA \
- || TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
-#define TF_MBEDTLS_USE_ECDSA (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA \
- || TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
-
-/*
- * Hash algorithms currently supported on mbed TLS libraries
- */
-#define TF_MBEDTLS_SHA256 1
-#define TF_MBEDTLS_SHA384 2
-#define TF_MBEDTLS_SHA512 3
-
-/*
- * Configuration file to build mbed TLS with the required features for
- * Trusted Boot
- */
-
-#define MBEDTLS_PLATFORM_MEMORY
-#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-/* Prevent mbed TLS from using snprintf so that it can use tf_snprintf. */
-#define MBEDTLS_PLATFORM_SNPRINTF_ALT
-
-#define MBEDTLS_PKCS1_V21
-
-#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
-#define MBEDTLS_X509_CHECK_KEY_USAGE
-#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
-
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-
-#define MBEDTLS_BASE64_C
-#define MBEDTLS_BIGNUM_C
-
-#define MBEDTLS_ERROR_C
-#define MBEDTLS_MD_C
-
-#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
-#define MBEDTLS_OID_C
-
-#define MBEDTLS_PK_C
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
-
-#define MBEDTLS_PLATFORM_C
-
-#if TF_MBEDTLS_USE_ECDSA
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_ECP_NO_INTERNAL_RNG
-#endif
-#if TF_MBEDTLS_USE_RSA
-#define MBEDTLS_RSA_C
-#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
-#endif
-
-#define MBEDTLS_SHA256_C
-
-/*
- * If either Trusted Boot or Measured Boot require a stronger algorithm than
- * SHA-256, pull in SHA-512 support.
- */
-#if (TF_MBEDTLS_HASH_ALG_ID != TF_MBEDTLS_SHA256) /* TBB hash algo */
-#define MBEDTLS_SHA512_C
-#else
- /* TBB uses SHA-256, what about measured boot? */
-#if defined(TF_MBEDTLS_MBOOT_USE_SHA512)
-#define MBEDTLS_SHA512_C
-#endif
-#endif
-
-#define MBEDTLS_VERSION_C
-
-#define MBEDTLS_X509_USE_C
-#define MBEDTLS_X509_CRT_PARSE_C
-
-#if TF_MBEDTLS_USE_AES_GCM
-#define MBEDTLS_AES_C
-#define MBEDTLS_CIPHER_C
-#define MBEDTLS_GCM_C
-#endif
-
-/* MPI / BIGNUM options */
-#define MBEDTLS_MPI_WINDOW_SIZE 2
-
-#if TF_MBEDTLS_USE_RSA
-#if TF_MBEDTLS_KEY_SIZE <= 2048
-#define MBEDTLS_MPI_MAX_SIZE 256
-#else
-#define MBEDTLS_MPI_MAX_SIZE 512
-#endif
-#else
-#define MBEDTLS_MPI_MAX_SIZE 256
-#endif
-
-/* Memory buffer allocator options */
-#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 8
-
-/*
- * Prevent the use of 128-bit division which
- * creates dependency on external libraries.
- */
-#define MBEDTLS_NO_UDBL_DIVISION
-
-#ifndef __ASSEMBLER__
-/* System headers required to build mbed TLS with the current configuration */
-#include <stdlib.h>
-#include <mbedtls/check_config.h>
-#endif
-
-/*
- * Determine Mbed TLS heap size
- * 13312 = 13*1024
- * 11264 = 11*1024
- * 7168 = 7*1024
- */
-#if TF_MBEDTLS_USE_ECDSA
-#define TF_MBEDTLS_HEAP_SIZE U(13312)
-#elif TF_MBEDTLS_USE_RSA
-#if TF_MBEDTLS_KEY_SIZE <= 2048
-#define TF_MBEDTLS_HEAP_SIZE U(7168)
-#else
-#define TF_MBEDTLS_HEAP_SIZE U(11264)
-#endif
-#endif
-
-/*
- * Warn if errors from certain functions are ignored.
- *
- * The warnings are always enabled (where supported) for critical functions
- * where ignoring the return value is almost always a bug. This macro extends
- * the warnings to more functions.
- */
-#define MBEDTLS_CHECK_RETURN_WARNING
-
-#endif /* MBEDTLS_CONFIG_H */
diff --git a/include/drivers/fwu/fwu.h b/include/drivers/fwu/fwu.h
index 9f18e22..18e8a31 100644
--- a/include/drivers/fwu/fwu.h
+++ b/include/drivers/fwu/fwu.h
@@ -9,8 +9,15 @@
#include <stdbool.h>
+#define FWU_BANK_STATE_ACCEPTED 0xFCU
+#define FWU_BANK_STATE_VALID 0xFEU
+#define FWU_BANK_STATE_INVALID 0xFFU
+
+#define INVALID_BOOT_IDX 0xFFFFFFFFU
+
void fwu_init(void);
-bool fwu_is_trial_run_state(void);
+uint32_t fwu_get_active_bank_state(void);
+uint32_t fwu_get_alternate_boot_bank(void);
const struct fwu_metadata *fwu_get_metadata(void);
#endif /* FWU_H */
diff --git a/include/drivers/fwu/fwu_metadata.h b/include/drivers/fwu/fwu_metadata.h
index 2e88de5..b441300 100644
--- a/include/drivers/fwu/fwu_metadata.h
+++ b/include/drivers/fwu/fwu_metadata.h
@@ -4,7 +4,7 @@
* SPDX-License-Identifier: BSD-3-Clause
*
* FWU metadata information as per the specification section 4.1:
- * https://developer.arm.com/documentation/den0118/a/
+ * https://developer.arm.com/documentation/den0118/latest/
*
*/
@@ -14,11 +14,13 @@
#include <stdint.h>
#include <tools_share/uuid.h>
+#define NR_OF_MAX_FW_BANKS 4
+
/* Properties of image in a bank */
-struct fwu_image_properties {
+struct fwu_image_bank_info {
- /* UUID of the image in this bank */
- uuid_t img_uuid;
+ /* GUID of the image in this bank */
+ struct efi_guid img_guid;
/* [0]: bit describing the image acceptance status –
* 1 means the image is accepted
@@ -34,17 +36,40 @@
/* Image entry information */
struct fwu_image_entry {
- /* UUID identifying the image type */
- uuid_t img_type_uuid;
+ /* GUID identifying the image type */
+ struct efi_guid img_type_guid;
- /* UUID of the storage volume where the image is located */
- uuid_t location_uuid;
+ /* GUID of the storage volume where the image is located */
+ struct efi_guid location_guid;
- /* Properties of images with img_type_uuid in the different FW banks */
- struct fwu_image_properties img_props[NR_OF_FW_BANKS];
+ /* Properties of images with img_type_guid in the different FW banks */
+ struct fwu_image_bank_info img_bank_info[NR_OF_FW_BANKS];
} __packed;
+/* Firmware Image descriptor */
+struct fwu_fw_store_descriptor {
+
+ /* Number of Banks */
+ uint8_t num_banks;
+
+ /* Reserved */
+ uint8_t reserved;
+
+ /* Number of images per bank */
+ uint16_t num_images;
+
+ /* Size of image_entry(all banks) in bytes */
+ uint16_t img_entry_size;
+
+ /* Size of image bank info structure in bytes */
+ uint16_t bank_info_entry_size;
+
+ /* Array of fwu_image_entry structs */
+ struct fwu_image_entry img_entry[NR_OF_IMAGES_IN_FW_BANK];
+
+} __packed;
+
/*
* FWU metadata filled by the updater and consumed by TF-A for
* various purposes as below:
@@ -66,8 +91,25 @@
/* Previous bank index with which device booted successfully */
uint32_t previous_active_index;
+ /* Size of the entire metadata in bytes */
+ uint32_t metadata_size;
+
+ /* Offset of the image descriptor structure */
+ uint16_t desc_offset;
+
+ /* Reserved */
+ uint16_t reserved1;
+
+ /* Bank state */
+ uint8_t bank_state[NR_OF_MAX_FW_BANKS];
+
+ /* Reserved */
+ uint32_t reserved2;
+
+#if PSA_FWU_METADATA_FW_STORE_DESC
/* Image entry information */
- struct fwu_image_entry img_entry[NR_OF_IMAGES_IN_FW_BANK];
+ struct fwu_fw_store_descriptor fw_desc;
+#endif
} __packed;
diff --git a/include/drivers/measured_boot/event_log/event_log.h b/include/drivers/measured_boot/event_log/event_log.h
index 794d613..b44526a 100644
--- a/include/drivers/measured_boot/event_log/event_log.h
+++ b/include/drivers/measured_boot/event_log/event_log.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -43,51 +43,6 @@
#define MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
-/*
- * Each event log entry has some metadata (i.e. a string) that identifies
- * what is measured.These macros define these strings.
- * Note that these strings follow the standardization recommendations
- * defined in the Arm Server Base Security Guide (a.k.a. SBSG, Arm DEN 0086),
- * where applicable. They should not be changed in the code.
- * Where the SBSG does not make recommendations, we are free to choose any
- * naming convention.
- * The key thing is to choose meaningful strings so that when the TPM event
- * log is used in attestation, the different components can be identified.
- */
-#define EVLOG_BL2_STRING "BL_2"
-#define EVLOG_BL31_STRING "SECURE_RT_EL3"
-#if defined(SPD_opteed)
-#define EVLOG_BL32_STRING "SECURE_RT_EL1_OPTEE"
-#elif defined(SPD_tspd)
-#define EVLOG_BL32_STRING "SECURE_RT_EL1_TSPD"
-#elif defined(SPD_tlkd)
-#define EVLOG_BL32_STRING "SECURE_RT_EL1_TLKD"
-#elif defined(SPD_trusty)
-#define EVLOG_BL32_STRING "SECURE_RT_EL1_TRUSTY"
-#else
-#define EVLOG_BL32_STRING "SECURE_RT_EL1_UNKNOWN"
-#endif
-#define EVLOG_BL32_EXTRA1_STRING "SECURE_RT_EL1_OPTEE_EXTRA1"
-#define EVLOG_BL32_EXTRA2_STRING "SECURE_RT_EL1_OPTEE_EXTRA2"
-#define EVLOG_BL33_STRING "BL_33"
-#define EVLOG_FW_CONFIG_STRING "FW_CONFIG"
-#define EVLOG_HW_CONFIG_STRING "HW_CONFIG"
-#define EVLOG_NT_FW_CONFIG_STRING "NT_FW_CONFIG"
-#define EVLOG_SCP_BL2_STRING "SYS_CTRL_2"
-#define EVLOG_SOC_FW_CONFIG_STRING "SOC_FW_CONFIG"
-#define EVLOG_STM32_STRING "STM32"
-#define EVLOG_TB_FW_CONFIG_STRING "TB_FW_CONFIG"
-#define EVLOG_TOS_FW_CONFIG_STRING "TOS_FW_CONFIG"
-#define EVLOG_RMM_STRING "RMM"
-#define EVLOG_SP1_STRING "SP1"
-#define EVLOG_SP2_STRING "SP2"
-#define EVLOG_SP3_STRING "SP3"
-#define EVLOG_SP4_STRING "SP4"
-#define EVLOG_SP5_STRING "SP5"
-#define EVLOG_SP6_STRING "SP6"
-#define EVLOG_SP7_STRING "SP7"
-#define EVLOG_SP8_STRING "SP8"
-
typedef struct {
unsigned int id;
const char *name;
diff --git a/include/drivers/measured_boot/metadata.h b/include/drivers/measured_boot/metadata.h
new file mode 100644
index 0000000..5e17a83
--- /dev/null
+++ b/include/drivers/measured_boot/metadata.h
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef METADATA_H
+#define METADATA_H
+
+/* Minimum measurement value size that can be requested to store */
+#define MEASUREMENT_VALUE_MIN_SIZE 32U
+/* Maximum measurement value size that can be requested to store */
+#define MEASUREMENT_VALUE_MAX_SIZE 64U
+/* Minimum signer id size that can be requested to store */
+#define SIGNER_ID_MIN_SIZE MEASUREMENT_VALUE_MIN_SIZE
+/* Maximum signer id size that can be requested to store */
+#define SIGNER_ID_MAX_SIZE MEASUREMENT_VALUE_MAX_SIZE
+/* The theoretical maximum image version is: "255.255.65535\0" */
+#define VERSION_MAX_SIZE 14U
+/* Example sw_type: "BL_2, BL_33, etc." */
+#define SW_TYPE_MAX_SIZE 32U
+
+/*
+ * Images, measured during the boot process, have some associated metadata.
+ * One of these types of metadata is the image identifier strings. These macros
+ * define these strings. They are used across the different measured boot
+ * backends.
+ * Note that these strings follow the standardization recommendations
+ * defined in the Arm Server Base Security Guide (a.k.a. SBSG, Arm DEN 0086),
+ * where applicable. They should not be changed in the code.
+ * Where the SBSG does not make recommendations, we are free to choose any
+ * naming convention.
+ * The key thing is to choose meaningful strings so that when the measured boot
+ * metadata is used in attestation, the different components can be identified.
+ */
+#define MBOOT_BL2_IMAGE_STRING "BL_2"
+#define MBOOT_BL31_IMAGE_STRING "SECURE_RT_EL3"
+#if defined(SPD_opteed)
+#define MBOOT_BL32_IMAGE_STRING "SECURE_RT_EL1_OPTEE"
+#elif defined(SPD_tspd)
+#define MBOOT_BL32_IMAGE_STRING "SECURE_RT_EL1_TSPD"
+#elif defined(SPD_tlkd)
+#define MBOOT_BL32_IMAGE_STRING "SECURE_RT_EL1_TLKD"
+#elif defined(SPD_trusty)
+#define MBOOT_BL32_IMAGE_STRING "SECURE_RT_EL1_TRUSTY"
+#elif defined(SPD_spmd)
+#define MBOOT_BL32_IMAGE_STRING "SECURE_RT_EL1_SPMD"
+#else
+#define MBOOT_BL32_IMAGE_STRING "SECURE_RT_EL1_UNKNOWN"
+#endif /* SPD_opteed */
+#define MBOOT_BL32_EXTRA1_IMAGE_STRING "SECURE_RT_EL1_OPTEE_EXTRA1"
+#define MBOOT_BL32_EXTRA2_IMAGE_STRING "SECURE_RT_EL1_OPTEE_EXTRA2"
+#define MBOOT_BL33_IMAGE_STRING "BL_33"
+#define MBOOT_FW_CONFIG_STRING "FW_CONFIG"
+#define MBOOT_HW_CONFIG_STRING "HW_CONFIG"
+#define MBOOT_NT_FW_CONFIG_STRING "NT_FW_CONFIG"
+#define MBOOT_SCP_BL2_IMAGE_STRING "SYS_CTRL_2"
+#define MBOOT_SOC_FW_CONFIG_STRING "SOC_FW_CONFIG"
+#define MBOOT_STM32_STRING "STM32"
+#define MBOOT_TB_FW_CONFIG_STRING "TB_FW_CONFIG"
+#define MBOOT_TOS_FW_CONFIG_STRING "TOS_FW_CONFIG"
+#define MBOOT_RMM_IMAGE_STRING "RMM"
+#define MBOOT_SP1_STRING "SP1"
+#define MBOOT_SP2_STRING "SP2"
+#define MBOOT_SP3_STRING "SP3"
+#define MBOOT_SP4_STRING "SP4"
+#define MBOOT_SP5_STRING "SP5"
+#define MBOOT_SP6_STRING "SP6"
+#define MBOOT_SP7_STRING "SP7"
+#define MBOOT_SP8_STRING "SP8"
+
+#endif /* METADATA_H */
diff --git a/include/drivers/measured_boot/rss/dice_prot_env.h b/include/drivers/measured_boot/rss/dice_prot_env.h
new file mode 100644
index 0000000..6f754f5
--- /dev/null
+++ b/include/drivers/measured_boot/rss/dice_prot_env.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef DICE_PROT_ENV_H
+#define DICE_PROT_ENV_H
+
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include <drivers/measured_boot/metadata.h>
+
+#define DPE_INVALID_ID UINT32_MAX
+
+struct dpe_metadata {
+ unsigned int id;
+ uint32_t cert_id;
+ uint8_t signer_id[SIGNER_ID_MAX_SIZE];
+ size_t signer_id_size;
+ uint8_t version[VERSION_MAX_SIZE];
+ size_t version_size;
+ uint8_t sw_type[SW_TYPE_MAX_SIZE];
+ size_t sw_type_size;
+ bool allow_new_context_to_derive;
+ bool retain_parent_context;
+ bool create_certificate;
+ void *pk_oid;
+};
+
+void dpe_init(struct dpe_metadata *metadata);
+
+/* Returns 0 in case of success otherwise -1. */
+int dpe_measure_and_record(struct dpe_metadata *metadata,
+ uintptr_t data_base, uint32_t data_size,
+ uint32_t data_id);
+
+int dpe_set_signer_id(struct dpe_metadata *metadata,
+ const void *pk_oid, const void *pk_ptr, size_t pk_len);
+
+/* Child components inherit their first valid context handle from their parents.
+ * How to share context handle is platform specific.
+ */
+void plat_dpe_share_context_handle(int *ctx_handle);
+void plat_dpe_get_context_handle(int *ctx_handle);
+
+#endif /* DICE_PROT_ENV_H */
diff --git a/include/drivers/measured_boot/rss/rss_measured_boot.h b/include/drivers/measured_boot/rss/rss_measured_boot.h
index 7ab517c..38f7d4e 100644
--- a/include/drivers/measured_boot/rss/rss_measured_boot.h
+++ b/include/drivers/measured_boot/rss/rss_measured_boot.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -10,27 +10,10 @@
#include <stdint.h>
#include <common/debug.h>
-#include <measured_boot.h>
+#include <drivers/measured_boot/metadata.h>
#define RSS_MBOOT_INVALID_ID UINT32_MAX
-/*
- * Each boot measurement has some metadata (i.e. a string) that identifies
- * what was measured and how. The sw_type field of the rss_mboot_metadata
- * structure represents the role of the software component that was measured.
- * The below macros define strings suitable for the sw_type.
- * The key thing is to choose meaningful strings so that when the attestation
- * token is verified, then the different components can be identified.
- */
-#define RSS_MBOOT_BL2_STRING "BL_2"
-#define RSS_MBOOT_BL31_STRING "SECURE_RT_EL3"
-#define RSS_MBOOT_HW_CONFIG_STRING "HW_CONFIG"
-#define RSS_MBOOT_FW_CONFIG_STRING "FW_CONFIG"
-#define RSS_MBOOT_TB_FW_CONFIG_STRING "TB_FW_CONFIG"
-#define RSS_MBOOT_SOC_FW_CONFIG_STRING "SOC_FW_CONFIG"
-#define RSS_MBOOT_RMM_STRING "RMM"
-
-
struct rss_mboot_metadata {
unsigned int id;
uint8_t slot;
diff --git a/include/drivers/partition/partition.h b/include/drivers/partition/partition.h
index d567d4c..9e22d34 100644
--- a/include/drivers/partition/partition.h
+++ b/include/drivers/partition/partition.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -41,13 +41,15 @@
typedef struct partition_entry_list {
partition_entry_t list[PLAT_PARTITION_MAX_ENTRIES];
- int entry_count;
+ unsigned int entry_count;
} partition_entry_list_t;
int load_partition_table(unsigned int image_id);
const partition_entry_t *get_partition_entry(const char *name);
-const partition_entry_t *get_partition_entry_by_type(const uuid_t *type_guid);
-const partition_entry_t *get_partition_entry_by_uuid(const uuid_t *part_uuid);
+const partition_entry_t *get_partition_entry_by_type(
+ const struct efi_guid *type_guid);
+const partition_entry_t *get_partition_entry_by_guid(
+ const struct efi_guid *part_guid);
const partition_entry_list_t *get_partition_entry_list(void);
void partition_init(unsigned int image_id);
int gpt_partition_init(void);
diff --git a/include/drivers/rpi3/mailbox/rpi3_mbox.h b/include/drivers/rpi3/mailbox/rpi3_mbox.h
index c107440..33458e3 100644
--- a/include/drivers/rpi3/mailbox/rpi3_mbox.h
+++ b/include/drivers/rpi3/mailbox/rpi3_mbox.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2019-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -16,6 +16,22 @@
uint32_t tags[0];
} rpi3_mbox_request_t;
+/* VideoCore -> ARM */
+#define RPI3_MBOX0_READ_OFFSET ULL(0x00000000)
+#define RPI3_MBOX0_PEEK_OFFSET ULL(0x00000010)
+#define RPI3_MBOX0_SENDER_OFFSET ULL(0x00000014)
+#define RPI3_MBOX0_STATUS_OFFSET ULL(0x00000018)
+#define RPI3_MBOX0_CONFIG_OFFSET ULL(0x0000001C)
+/* ARM -> VideoCore */
+#define RPI3_MBOX1_WRITE_OFFSET ULL(0x00000020)
+#define RPI3_MBOX1_PEEK_OFFSET ULL(0x00000030)
+#define RPI3_MBOX1_SENDER_OFFSET ULL(0x00000034)
+#define RPI3_MBOX1_STATUS_OFFSET ULL(0x00000038)
+#define RPI3_MBOX1_CONFIG_OFFSET ULL(0x0000003C)
+/* Mailbox status constants */
+#define RPI3_MBOX_STATUS_FULL_MASK U(0x80000000) /* Set if full */
+#define RPI3_MBOX_STATUS_EMPTY_MASK U(0x40000000) /* Set if empty */
+
#define RPI3_MBOX_BUFFER_SIZE U(256)
/* Constants to perform a request/check the status of a request. */
diff --git a/include/drivers/st/stm32mp1_clk.h b/include/drivers/st/stm32mp1_clk.h
index e2395bc..93ec1c5 100644
--- a/include/drivers/st/stm32mp1_clk.h
+++ b/include/drivers/st/stm32mp1_clk.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2022, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2018-2024, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -32,6 +32,8 @@
void stm32mp1_clk_rcc_regs_lock(void);
void stm32mp1_clk_rcc_regs_unlock(void);
+void stm32mp1_clk_mcuss_protect(bool enable);
+
#ifdef STM32MP_SHARED_RESOURCES
void stm32mp1_register_clock_parents_secure(unsigned long id);
#endif
diff --git a/include/lib/cpus/aarch64/cortex_a715.h b/include/lib/cpus/aarch64/cortex_a715.h
index 366894d..c7f50db 100644
--- a/include/lib/cpus/aarch64/cortex_a715.h
+++ b/include/lib/cpus/aarch64/cortex_a715.h
@@ -13,6 +13,11 @@
#define CORTEX_A715_BHB_LOOP_COUNT U(38)
/*******************************************************************************
+ * CPU Auxiliary Control register 1 specific definitions.
+ ******************************************************************************/
+#define CORTEX_A715_CPUACTLR_EL1 S3_0_C15_C1_0
+
+/*******************************************************************************
* CPU Auxiliary Control register 2 specific definitions.
******************************************************************************/
#define CORTEX_A715_CPUACTLR2_EL1 S3_0_C15_C1_1
@@ -22,6 +27,11 @@
******************************************************************************/
#define CORTEX_A715_CPUECTLR_EL1 S3_0_C15_C1_4
+#define CORTEX_A715_CPUPSELR_EL3 S3_6_C15_C8_0
+#define CORTEX_A715_CPUPCR_EL3 S3_6_C15_C8_1
+#define CORTEX_A715_CPUPOR_EL3 S3_6_C15_C8_2
+#define CORTEX_A715_CPUPMR_EL3 S3_6_C15_C8_3
+
/*******************************************************************************
* CPU Power Control register specific definitions
******************************************************************************/
diff --git a/include/lib/cpus/aarch64/cortex_a720.h b/include/lib/cpus/aarch64/cortex_a720.h
index 47bbbc0..fb27f79 100644
--- a/include/lib/cpus/aarch64/cortex_a720.h
+++ b/include/lib/cpus/aarch64/cortex_a720.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,6 +13,16 @@
#define CORTEX_A720_BHB_LOOP_COUNT U(132)
/*******************************************************************************
+ * CPU Auxiliary Control register 1 specific definitions.
+ ******************************************************************************/
+#define CORTEX_A720_CPUACTLR_EL1 S3_0_C15_C1_0
+
+/*******************************************************************************
+ * CPU Auxiliary Control register 2 specific definitions.
+ ******************************************************************************/
+#define CORTEX_A720_CPUACTLR2_EL1 S3_0_C15_C1_1
+
+/*******************************************************************************
* CPU Extended Control register specific definitions
******************************************************************************/
#define CORTEX_A720_CPUECTLR_EL1 S3_0_C15_C1_4
diff --git a/include/lib/dice/dice.h b/include/lib/dice/dice.h
new file mode 100644
index 0000000..cf54942
--- /dev/null
+++ b/include/lib/dice/dice.h
@@ -0,0 +1,166 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License"); you may not
+// use this file except in compliance with the License. You may obtain a copy of
+// the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations under
+// the License.
+
+#ifndef DICE_DICE_H_
+#define DICE_DICE_H_
+
+#include <stddef.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define DICE_CDI_SIZE 32
+#define DICE_HASH_SIZE 64
+#define DICE_HIDDEN_SIZE 64
+#define DICE_INLINE_CONFIG_SIZE 64
+#define DICE_PRIVATE_KEY_SEED_SIZE 32
+#define DICE_ID_SIZE 20
+
+typedef enum {
+ kDiceResultOk,
+ kDiceResultInvalidInput,
+ kDiceResultBufferTooSmall,
+ kDiceResultPlatformError,
+} DiceResult;
+
+typedef enum {
+ kDiceModeNotInitialized,
+ kDiceModeNormal,
+ kDiceModeDebug,
+ kDiceModeMaintenance,
+} DiceMode;
+
+typedef enum {
+ kDiceConfigTypeInline,
+ kDiceConfigTypeDescriptor,
+} DiceConfigType;
+
+// Contains a full set of input values describing the target program or system.
+// See the Open Profile for DICE specification for a detailed explanation of
+// these inputs.
+//
+// Fields:
+// code_hash: A hash or similar representation of the target code.
+// code_descriptor: An optional descriptor to be included in the certificate.
+// This descriptor is opaque to the DICE flow and is included verbatim
+// in the certificate with no validation. May be null.
+// code_descriptor_size: The size in bytes of |code_descriptor|.
+// config_type: Indicates how to interpret the remaining config-related
+// fields. If the type is 'inline', then the 64 byte configuration input
+// value must be provided in |config_value| and |config_descriptor| is
+// ignored. If the type is 'descriptor', then |config_descriptor| is
+// hashed to get the configuration input value and |config_value| is
+// ignored.
+// config_value: A 64-byte configuration input value when |config_type| is
+// kDiceConfigTypeInline. Otherwise, this field is ignored.
+// config_descriptor: A descriptor to be hashed for the configuration input
+// value when |config_type| is kDiceConfigTypeDescriptor. Otherwise,
+// this field is ignored and may be null.
+// config_descriptor_size: The size in bytes of |config_descriptor|.
+// authority_hash: A hash or similar representation of the authority used to
+// verify the target code. If the code is not verified or the authority
+// is implicit, for example hard coded as part of the code currently
+// executing, then this value should be set to all zero bytes.
+// authority_descriptor: An optional descriptor to be included in the
+// certificate. This descriptor is opaque to the DICE flow and is
+// included verbatim in the certificate with no validation. May be null.
+// authority_descriptor_size: The size in bytes of |authority_descriptor|.
+// mode: The current operating mode.
+// hidden: Additional input which will not appear in certificates. If this is
+// not used it should be set to all zero bytes.
+typedef struct DiceInputValues_ {
+ uint8_t code_hash[DICE_HASH_SIZE];
+ const uint8_t* code_descriptor;
+ size_t code_descriptor_size;
+ DiceConfigType config_type;
+ uint8_t config_value[DICE_INLINE_CONFIG_SIZE];
+ const uint8_t* config_descriptor;
+ size_t config_descriptor_size;
+ uint8_t authority_hash[DICE_HASH_SIZE];
+ const uint8_t* authority_descriptor;
+ size_t authority_descriptor_size;
+ DiceMode mode;
+ uint8_t hidden[DICE_HIDDEN_SIZE];
+} DiceInputValues;
+
+// Derives a |cdi_private_key_seed| from a |cdi_attest| value. On success
+// populates |cdi_private_key_seed| and returns kDiceResultOk.
+DiceResult DiceDeriveCdiPrivateKeySeed(
+ void* context, const uint8_t cdi_attest[DICE_CDI_SIZE],
+ uint8_t cdi_private_key_seed[DICE_PRIVATE_KEY_SEED_SIZE]);
+
+// Derives an |id| from a |cdi_public_key| value. Because public keys can vary
+// in length depending on the algorithm, the |cdi_public_key_size| in bytes must
+// be provided. When interpreted as an integer, |id| is big-endian. On success
+// populates |id| and returns kDiceResultOk.
+DiceResult DiceDeriveCdiCertificateId(void* context,
+ const uint8_t* cdi_public_key,
+ size_t cdi_public_key_size,
+ uint8_t id[DICE_ID_SIZE]);
+
+// Executes the main DICE flow.
+//
+// Given a full set of input values and the current CDI values, computes the
+// next CDI values and a matching certificate. See the Open Profile for DICE
+// specification for a detailed explanation of this flow.
+// In certain cases, the caller may not need to generate the CDI certificate.
+// The caller should signal this by setting the certificate parameters to
+// null/zero values appropriately.
+//
+// Parameters:
+// context: Context provided by the caller that is opaque to this library
+// but is passed through to the integration-provided operations in
+// dice/ops.h. The value is, therefore, integration-specific and may be
+// null.
+// current_cdi_attest, current_cdi_seal: The current CDI values as produced
+// by a previous DICE flow. If this is the first DICE flow in a system,
+// the Unique Device Secret (UDS) should be used for both of these
+// arguments.
+// input_values: A set of input values describing the target program or
+// system.
+// next_cdi_certificate_buffer_size: The size in bytes of the buffer pointed
+// to by the |next_cdi_certificate| argument. This should be set to zero
+// if next CDI certificate should not be computed.
+// next_cdi_certificate: On success, will be populated with the generated
+// certificate, up to |next_cdi_certificate_buffer_size| in size. If the
+// certificate cannot fit in the buffer, |next_cdi_certificate_size| is
+// populated with the required size and kDiceResultBufferTooSmall is
+// returned. This should be set to NULL if next CDI certificate should
+// not be computed.
+// next_cdi_certificate_actual_size: On success, will be populated with the
+// size, in bytes, of the certificate data written to
+// |next_cdi_certificate|. If kDiceResultBufferTooSmall is returned, will
+// be populated with the required buffer size. This should be set to NULL
+// if next CDI certificate should not be computed.
+// next_cdi_attest: On success, will be populated with the next CDI value for
+// attestation.
+// next_cdi_seal: On success, will be populated with the next CDI value for
+// sealing.
+DiceResult DiceMainFlow(void* context,
+ const uint8_t current_cdi_attest[DICE_CDI_SIZE],
+ const uint8_t current_cdi_seal[DICE_CDI_SIZE],
+ const DiceInputValues* input_values,
+ size_t next_cdi_certificate_buffer_size,
+ uint8_t* next_cdi_certificate,
+ size_t* next_cdi_certificate_actual_size,
+ uint8_t next_cdi_attest[DICE_CDI_SIZE],
+ uint8_t next_cdi_seal[DICE_CDI_SIZE]);
+
+#ifdef __cplusplus
+} // extern "C"
+#endif
+
+#endif // DICE_DICE_H_
diff --git a/include/lib/el3_runtime/aarch64/context.h b/include/lib/el3_runtime/aarch64/context.h
index d5bd890..44efee5 100644
--- a/include/lib/el3_runtime/aarch64/context.h
+++ b/include/lib/el3_runtime/aarch64/context.h
@@ -7,6 +7,7 @@
#ifndef CONTEXT_H
#define CONTEXT_H
+#include <lib/el3_runtime/context_el2.h>
#include <lib/el3_runtime/cpu_data.h>
#include <lib/utils_def.h>
@@ -157,102 +158,11 @@
*/
#define CTX_EL1_SYSREGS_END CTX_MTE_REGS_END
-/*
- * EL2 register set
- */
-
-#if CTX_INCLUDE_EL2_REGS
-/* For later discussion
- * ICH_AP0R<n>_EL2
- * ICH_AP1R<n>_EL2
- * AMEVCNTVOFF0<n>_EL2
- * AMEVCNTVOFF1<n>_EL2
- * ICH_LR<n>_EL2
- */
-#define CTX_EL2_SYSREGS_OFFSET (CTX_EL1_SYSREGS_OFFSET + CTX_EL1_SYSREGS_END)
-
-#define CTX_ACTLR_EL2 U(0x0)
-#define CTX_AFSR0_EL2 U(0x8)
-#define CTX_AFSR1_EL2 U(0x10)
-#define CTX_AMAIR_EL2 U(0x18)
-#define CTX_CNTHCTL_EL2 U(0x20)
-#define CTX_CNTVOFF_EL2 U(0x28)
-#define CTX_CPTR_EL2 U(0x30)
-#define CTX_DBGVCR32_EL2 U(0x38)
-#define CTX_ELR_EL2 U(0x40)
-#define CTX_ESR_EL2 U(0x48)
-#define CTX_FAR_EL2 U(0x50)
-#define CTX_HACR_EL2 U(0x58)
-#define CTX_HCR_EL2 U(0x60)
-#define CTX_HPFAR_EL2 U(0x68)
-#define CTX_HSTR_EL2 U(0x70)
-#define CTX_ICC_SRE_EL2 U(0x78)
-#define CTX_ICH_HCR_EL2 U(0x80)
-#define CTX_ICH_VMCR_EL2 U(0x88)
-#define CTX_MAIR_EL2 U(0x90)
-#define CTX_MDCR_EL2 U(0x98)
-#define CTX_PMSCR_EL2 U(0xa0)
-#define CTX_SCTLR_EL2 U(0xa8)
-#define CTX_SPSR_EL2 U(0xb0)
-#define CTX_SP_EL2 U(0xb8)
-#define CTX_TCR_EL2 U(0xc0)
-#define CTX_TPIDR_EL2 U(0xc8)
-#define CTX_TTBR0_EL2 U(0xd0)
-#define CTX_VBAR_EL2 U(0xd8)
-#define CTX_VMPIDR_EL2 U(0xe0)
-#define CTX_VPIDR_EL2 U(0xe8)
-#define CTX_VTCR_EL2 U(0xf0)
-#define CTX_VTTBR_EL2 U(0xf8)
-
-// Only if MTE registers in use
-#define CTX_TFSR_EL2 U(0x100)
-
-// Starting with Armv8.6
-#define CTX_HDFGRTR_EL2 U(0x108)
-#define CTX_HAFGRTR_EL2 U(0x110)
-#define CTX_HDFGWTR_EL2 U(0x118)
-#define CTX_HFGITR_EL2 U(0x120)
-#define CTX_HFGRTR_EL2 U(0x128)
-#define CTX_HFGWTR_EL2 U(0x130)
-#define CTX_CNTPOFF_EL2 U(0x138)
-
-// Starting with Armv8.4
-#define CTX_CONTEXTIDR_EL2 U(0x140)
-#define CTX_TTBR1_EL2 U(0x148)
-#define CTX_VDISR_EL2 U(0x150)
-#define CTX_VSESR_EL2 U(0x158)
-#define CTX_VNCR_EL2 U(0x160)
-#define CTX_TRFCR_EL2 U(0x168)
-
-// Starting with Armv8.5
-#define CTX_SCXTNUM_EL2 U(0x170)
-
-// Register for FEAT_HCX
-#define CTX_HCRX_EL2 U(0x178)
-
-// Starting with Armv8.9
-#define CTX_TCR2_EL2 U(0x180)
-#define CTX_POR_EL2 U(0x188)
-#define CTX_PIRE0_EL2 U(0x190)
-#define CTX_PIR_EL2 U(0x198)
-#define CTX_S2PIR_EL2 U(0x1a0)
-#define CTX_GCSCR_EL2 U(0x1a8)
-#define CTX_GCSPR_EL2 U(0x1b0)
-
-/* Align to the next 16 byte boundary */
-#define CTX_EL2_SYSREGS_END U(0x1c0)
-
-#endif /* CTX_INCLUDE_EL2_REGS */
-
/*******************************************************************************
* Constants that allow assembler code to access members of and the 'fp_regs'
* structure at their correct offsets.
******************************************************************************/
-#if CTX_INCLUDE_EL2_REGS
-# define CTX_FPREGS_OFFSET (CTX_EL2_SYSREGS_OFFSET + CTX_EL2_SYSREGS_END)
-#else
# define CTX_FPREGS_OFFSET (CTX_EL1_SYSREGS_OFFSET + CTX_EL1_SYSREGS_END)
-#endif
#if CTX_INCLUDE_FPREGS
#define CTX_FP_Q0 U(0x0)
#define CTX_FP_Q1 U(0x10)
@@ -293,10 +203,10 @@
#define CTX_FPREGS_END U(0x220) /* Align to the next 16 byte boundary */
#else
#define CTX_FPREGS_END U(0x210) /* Align to the next 16 byte boundary */
-#endif
+#endif /* CTX_INCLUDE_AARCH32_REGS */
#else
#define CTX_FPREGS_END U(0)
-#endif
+#endif /* CTX_INCLUDE_FPREGS */
/*******************************************************************************
* Registers related to CVE-2018-3639
@@ -373,9 +283,7 @@
/* Constants to determine the size of individual context structures */
#define CTX_GPREG_ALL (CTX_GPREGS_END >> DWORD_SHIFT)
#define CTX_EL1_SYSREGS_ALL (CTX_EL1_SYSREGS_END >> DWORD_SHIFT)
-#if CTX_INCLUDE_EL2_REGS
-# define CTX_EL2_SYSREGS_ALL (CTX_EL2_SYSREGS_END >> DWORD_SHIFT)
-#endif
+
#if CTX_INCLUDE_FPREGS
# define CTX_FPREG_ALL (CTX_FPREGS_END >> DWORD_SHIFT)
#endif
@@ -403,15 +311,6 @@
*/
DEFINE_REG_STRUCT(el1_sysregs, CTX_EL1_SYSREGS_ALL);
-
-/*
- * AArch64 EL2 system register context structure for preserving the
- * architectural state during world switches.
- */
-#if CTX_INCLUDE_EL2_REGS
-DEFINE_REG_STRUCT(el2_sysregs, CTX_EL2_SYSREGS_ALL);
-#endif
-
/*
* AArch64 floating point register context structure for preserving
* the floating point state during switches from one security state to
@@ -460,19 +359,24 @@
gp_regs_t gpregs_ctx;
el3_state_t el3state_ctx;
el1_sysregs_t el1_sysregs_ctx;
-#if CTX_INCLUDE_EL2_REGS
- el2_sysregs_t el2_sysregs_ctx;
-#endif
+
#if CTX_INCLUDE_FPREGS
fp_regs_t fpregs_ctx;
#endif
cve_2018_3639_t cve_2018_3639_ctx;
+
#if CTX_INCLUDE_PAUTH_REGS
pauth_t pauth_ctx;
#endif
+
#if CTX_INCLUDE_MPAM_REGS
mpam_t mpam_ctx;
#endif
+
+#if CTX_INCLUDE_EL2_REGS
+ el2_sysregs_t el2_sysregs_ctx;
+#endif
+
} cpu_context_t;
/*
@@ -512,28 +416,30 @@
*/
CASSERT(CTX_GPREGS_OFFSET == __builtin_offsetof(cpu_context_t, gpregs_ctx),
assert_core_context_gp_offset_mismatch);
+
+CASSERT(CTX_EL3STATE_OFFSET == __builtin_offsetof(cpu_context_t, el3state_ctx),
+ assert_core_context_el3state_offset_mismatch);
+
CASSERT(CTX_EL1_SYSREGS_OFFSET == __builtin_offsetof(cpu_context_t, el1_sysregs_ctx),
assert_core_context_el1_sys_offset_mismatch);
-#if CTX_INCLUDE_EL2_REGS
-CASSERT(CTX_EL2_SYSREGS_OFFSET == __builtin_offsetof(cpu_context_t, el2_sysregs_ctx),
- assert_core_context_el2_sys_offset_mismatch);
-#endif
+
#if CTX_INCLUDE_FPREGS
CASSERT(CTX_FPREGS_OFFSET == __builtin_offsetof(cpu_context_t, fpregs_ctx),
assert_core_context_fp_offset_mismatch);
-#endif
-CASSERT(CTX_EL3STATE_OFFSET == __builtin_offsetof(cpu_context_t, el3state_ctx),
- assert_core_context_el3state_offset_mismatch);
+#endif /* CTX_INCLUDE_FPREGS */
+
CASSERT(CTX_CVE_2018_3639_OFFSET == __builtin_offsetof(cpu_context_t, cve_2018_3639_ctx),
assert_core_context_cve_2018_3639_offset_mismatch);
+
#if CTX_INCLUDE_PAUTH_REGS
CASSERT(CTX_PAUTH_REGS_OFFSET == __builtin_offsetof(cpu_context_t, pauth_ctx),
assert_core_context_pauth_offset_mismatch);
-#endif
+#endif /* CTX_INCLUDE_PAUTH_REGS */
+
#if CTX_INCLUDE_MPAM_REGS
CASSERT(CTX_MPAM_REGS_OFFSET == __builtin_offsetof(cpu_context_t, mpam_ctx),
assert_core_context_mpam_offset_mismatch);
-#endif
+#endif /* CTX_INCLUDE_MPAM_REGS */
/*
* Helper macro to set the general purpose registers that correspond to
diff --git a/include/lib/el3_runtime/context_el2.h b/include/lib/el3_runtime/context_el2.h
new file mode 100644
index 0000000..4ad9634
--- /dev/null
+++ b/include/lib/el3_runtime/context_el2.h
@@ -0,0 +1,319 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CONTEXT_EL2_H
+#define CONTEXT_EL2_H
+
+#ifndef __ASSEMBLER__
+/*******************************************************************************
+ * EL2 Registers:
+ * AArch64 EL2 system register context structure for preserving the
+ * architectural state during world switches.
+ ******************************************************************************/
+#if CTX_INCLUDE_EL2_REGS
+typedef struct el2_common_regs {
+ uint64_t actlr_el2;
+ uint64_t afsr0_el2;
+ uint64_t afsr1_el2;
+ uint64_t amair_el2;
+ uint64_t cnthctl_el2;
+ uint64_t cntvoff_el2;
+ uint64_t cptr_el2;
+ uint64_t dbgvcr32_el2;
+ uint64_t elr_el2;
+ uint64_t esr_el2;
+ uint64_t far_el2;
+ uint64_t hacr_el2;
+ uint64_t hcr_el2;
+ uint64_t hpfar_el2;
+ uint64_t hstr_el2;
+ uint64_t icc_sre_el2;
+ uint64_t ich_hcr_el2;
+ uint64_t ich_vmcr_el2;
+ uint64_t mair_el2;
+ uint64_t mdcr_el2;
+ uint64_t pmscr_el2;
+ uint64_t sctlr_el2;
+ uint64_t spsr_el2;
+ uint64_t sp_el2;
+ uint64_t tcr_el2;
+ uint64_t tpidr_el2;
+ uint64_t ttbr0_el2;
+ uint64_t vbar_el2;
+ uint64_t vmpidr_el2;
+ uint64_t vpidr_el2;
+ uint64_t vtcr_el2;
+ uint64_t vttbr_el2;
+} el2_common_regs_t;
+
+typedef struct el2_mte_regs {
+ uint64_t tfsr_el2;
+} el2_mte_regs_t;
+
+typedef struct el2_fgt_regs {
+ uint64_t hdfgrtr_el2;
+ uint64_t hafgrtr_el2;
+ uint64_t hdfgwtr_el2;
+ uint64_t hfgitr_el2;
+ uint64_t hfgrtr_el2;
+ uint64_t hfgwtr_el2;
+} el2_fgt_regs_t;
+
+typedef struct el2_ecv_regs {
+ uint64_t cntpoff_el2;
+} el2_ecv_regs_t;
+
+typedef struct el2_vhe_regs {
+ uint64_t contextidr_el2;
+ uint64_t ttbr1_el2;
+} el2_vhe_regs_t;
+
+typedef struct el2_ras_regs {
+ uint64_t vdisr_el2;
+ uint64_t vsesr_el2;
+} el2_ras_regs_t;
+
+typedef struct el2_neve_regs {
+ uint64_t vncr_el2;
+} el2_neve_regs_t;
+
+typedef struct el2_trf_regs {
+ uint64_t trfcr_el2;
+} el2_trf_regs_t;
+
+typedef struct el2_csv2_regs {
+ uint64_t scxtnum_el2;
+} el2_csv2_regs_t;
+
+typedef struct el2_hcx_regs {
+ uint64_t hcrx_el2;
+} el2_hcx_regs_t;
+
+typedef struct el2_tcr2_regs {
+ uint64_t tcr2_el2;
+} el2_tcr2_regs_t;
+
+typedef struct el2_sxpoe_regs {
+ uint64_t por_el2;
+} el2_sxpoe_regs_t;
+
+typedef struct el2_sxpie_regs {
+ uint64_t pire0_el2;
+ uint64_t pir_el2;
+} el2_sxpie_regs_t;
+
+typedef struct el2_s2pie_regs {
+ uint64_t s2pir_el2;
+} el2_s2pie_regs_t;
+
+typedef struct el2_gcs_regs {
+ uint64_t gcscr_el2;
+ uint64_t gcspr_el2;
+} el2_gcs_regs_t;
+
+typedef struct el2_sysregs {
+
+ el2_common_regs_t common;
+
+#if ENABLE_FEAT_MTE
+ el2_mte_regs_t mte;
+#endif
+
+#if ENABLE_FEAT_FGT
+ el2_fgt_regs_t fgt;
+#endif
+
+#if ENABLE_FEAT_ECV
+ el2_ecv_regs_t ecv;
+#endif
+
+#if ENABLE_FEAT_VHE
+ el2_vhe_regs_t vhe;
+#endif
+
+#if ENABLE_FEAT_RAS
+ el2_ras_regs_t ras;
+#endif
+
+#if CTX_INCLUDE_NEVE_REGS
+ el2_neve_regs_t neve;
+#endif
+
+#if ENABLE_TRF_FOR_NS
+ el2_trf_regs_t trf;
+#endif
+
+#if ENABLE_FEAT_CSV2_2
+ el2_csv2_regs_t csv2;
+#endif
+
+#if ENABLE_FEAT_HCX
+ el2_hcx_regs_t hcx;
+#endif
+
+#if ENABLE_FEAT_TCR2
+ el2_tcr2_regs_t tcr2;
+#endif
+
+#if (ENABLE_FEAT_S1POE || ENABLE_FEAT_S2POE)
+ el2_sxpoe_regs_t sxpoe;
+#endif
+
+#if (ENABLE_FEAT_S1PIE || ENABLE_FEAT_S2PIE)
+ el2_sxpie_regs_t sxpie;
+#endif
+
+#if ENABLE_FEAT_S2PIE
+ el2_s2pie_regs_t s2pie;
+#endif
+
+#if ENABLE_FEAT_GCS
+ el2_gcs_regs_t gcs;
+#endif
+
+} el2_sysregs_t;
+
+/*
+ * Macros to access members related to individual features of the el2_sysregs_t
+ * structures.
+ */
+#define read_el2_ctx_common(ctx, reg) (((ctx)->common).reg)
+
+#define write_el2_ctx_common(ctx, reg, val) ((((ctx)->common).reg) \
+ = (uint64_t) (val))
+
+#if ENABLE_FEAT_MTE
+#define read_el2_ctx_mte(ctx, reg) (((ctx)->mte).reg)
+#define write_el2_ctx_mte(ctx, reg, val) ((((ctx)->mte).reg) \
+ = (uint64_t) (val))
+#else
+#define read_el2_ctx_mte(ctx, reg) ULL(0)
+#define write_el2_ctx_mte(ctx, reg, val)
+#endif /* ENABLE_FEAT_MTE */
+
+#if ENABLE_FEAT_FGT
+#define read_el2_ctx_fgt(ctx, reg) (((ctx)->fgt).reg)
+#define write_el2_ctx_fgt(ctx, reg, val) ((((ctx)->fgt).reg) \
+ = (uint64_t) (val))
+#else
+#define read_el2_ctx_fgt(ctx, reg) ULL(0)
+#define write_el2_ctx_fgt(ctx, reg, val)
+#endif /* ENABLE_FEAT_FGT */
+
+#if ENABLE_FEAT_ECV
+#define read_el2_ctx_ecv(ctx, reg) (((ctx)->ecv).reg)
+#define write_el2_ctx_ecv(ctx, reg, val) ((((ctx)->ecv).reg) \
+ = (uint64_t) (val))
+#else
+#define read_el2_ctx_ecv(ctx, reg) ULL(0)
+#define write_el2_ctx_ecv(ctx, reg, val)
+#endif /* ENABLE_FEAT_ECV */
+
+#if ENABLE_FEAT_VHE
+#define read_el2_ctx_vhe(ctx, reg) (((ctx)->vhe).reg)
+#define write_el2_ctx_vhe(ctx, reg, val) ((((ctx)->vhe).reg) \
+ = (uint64_t) (val))
+#else
+#define read_el2_ctx_vhe(ctx, reg) ULL(0)
+#define write_el2_ctx_vhe(ctx, reg, val)
+#endif /* ENABLE_FEAT_VHE */
+
+#if ENABLE_FEAT_RAS
+#define read_el2_ctx_ras(ctx, reg) (((ctx)->ras).reg)
+#define write_el2_ctx_ras(ctx, reg, val) ((((ctx)->ras).reg) \
+ = (uint64_t) (val))
+#else
+#define read_el2_ctx_ras(ctx, reg) ULL(0)
+#define write_el2_ctx_ras(ctx, reg, val)
+#endif /* ENABLE_FEAT_RAS */
+
+#if CTX_INCLUDE_NEVE_REGS
+#define read_el2_ctx_neve(ctx, reg) (((ctx)->neve).reg)
+#define write_el2_ctx_neve(ctx, reg, val) ((((ctx)->neve).reg) \
+ = (uint64_t) (val))
+#else
+#define read_el2_ctx_neve(ctx, reg) ULL(0)
+#define write_el2_ctx_neve(ctx, reg, val)
+#endif /* CTX_INCLUDE_NEVE_REGS */
+
+#if ENABLE_TRF_FOR_NS
+#define read_el2_ctx_trf(ctx, reg) (((ctx)->trf).reg)
+#define write_el2_ctx_trf(ctx, reg, val) ((((ctx)->trf).reg) \
+ = (uint64_t) (val))
+#else
+#define read_el2_ctx_trf(ctx, reg) ULL(0)
+#define write_el2_ctx_trf(ctx, reg, val)
+#endif /* ENABLE_TRF_FOR_NS */
+
+#if ENABLE_FEAT_CSV2_2
+#define read_el2_ctx_csv2_2(ctx, reg) (((ctx)->csv2).reg)
+#define write_el2_ctx_csv2_2(ctx, reg, val) ((((ctx)->csv2).reg) \
+ = (uint64_t) (val))
+#else
+#define read_el2_ctx_csv2_2(ctx, reg) ULL(0)
+#define write_el2_ctx_csv2_2(ctx, reg, val)
+#endif /* ENABLE_FEAT_CSV2_2 */
+
+#if ENABLE_FEAT_HCX
+#define read_el2_ctx_hcx(ctx, reg) (((ctx)->hcx).reg)
+#define write_el2_ctx_hcx(ctx, reg, val) ((((ctx)->hcx).reg) \
+ = (uint64_t) (val))
+#else
+#define read_el2_ctx_hcx(ctx, reg) ULL(0)
+#define write_el2_ctx_hcx(ctx, reg, val)
+#endif /* ENABLE_FEAT_HCX */
+
+#if ENABLE_FEAT_TCR2
+#define read_el2_ctx_tcr2(ctx, reg) (((ctx)->tcr2).reg)
+#define write_el2_ctx_tcr2(ctx, reg, val) ((((ctx)->tcr2).reg) \
+ = (uint64_t) (val))
+#else
+#define read_el2_ctx_tcr2(ctx, reg) ULL(0)
+#define write_el2_ctx_tcr2(ctx, reg, val)
+#endif /* ENABLE_FEAT_TCR2 */
+
+#if (ENABLE_FEAT_S1POE || ENABLE_FEAT_S2POE)
+#define read_el2_ctx_sxpoe(ctx, reg) (((ctx)->sxpoe).reg)
+#define write_el2_ctx_sxpoe(ctx, reg, val) ((((ctx)->sxpoe).reg) \
+ = (uint64_t) (val))
+#else
+#define read_el2_ctx_sxpoe(ctx, reg) ULL(0)
+#define write_el2_ctx_sxpoe(ctx, reg, val)
+#endif /*(ENABLE_FEAT_S1POE || ENABLE_FEAT_S2POE) */
+
+#if (ENABLE_FEAT_S1PIE || ENABLE_FEAT_S2PIE)
+#define read_el2_ctx_sxpie(ctx, reg) (((ctx)->sxpie).reg)
+#define write_el2_ctx_sxpie(ctx, reg, val) ((((ctx)->sxpie).reg) \
+ = (uint64_t) (val))
+#else
+#define read_el2_ctx_sxpie(ctx, reg) ULL(0)
+#define write_el2_ctx_sxpie(ctx, reg, val)
+#endif /*(ENABLE_FEAT_S1PIE || ENABLE_FEAT_S2PIE) */
+
+#if ENABLE_FEAT_S2PIE
+#define read_el2_ctx_s2pie(ctx, reg) (((ctx)->s2pie).reg)
+#define write_el2_ctx_s2pie(ctx, reg, val) ((((ctx)->s2pie).reg) \
+ = (uint64_t) (val))
+#else
+#define read_el2_ctx_s2pie(ctx, reg) ULL(0)
+#define write_el2_ctx_s2pie(ctx, reg, val)
+#endif /* ENABLE_FEAT_S2PIE */
+
+#if ENABLE_FEAT_GCS
+#define read_el2_ctx_gcs(ctx, reg) (((ctx)->gcs).reg)
+#define write_el2_ctx_gcs(ctx, reg, val) ((((ctx)->gcs).reg) \
+ = (uint64_t) (val))
+#else
+#define read_el2_ctx_gcs(ctx, reg) ULL(0)
+#define write_el2_ctx_gcs(ctx, reg, val)
+#endif /* ENABLE_FEAT_GCS */
+
+#endif /* CTX_INCLUDE_EL2_REGS */
+/******************************************************************************/
+
+#endif /* __ASSEMBLER__ */
+
+#endif /* CONTEXT_EL2_H */
diff --git a/include/lib/psa/dice_protection_environment.h b/include/lib/psa/dice_protection_environment.h
new file mode 100644
index 0000000..61b6482
--- /dev/null
+++ b/include/lib/psa/dice_protection_environment.h
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef DICE_PROTECTION_ENVIRONMENT_H
+#define DICE_PROTECTION_ENVIRONMENT_H
+
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include <dice.h>
+
+/* Additional defines for max size limit. These limits are set by DPE in RSS. */
+#define DICE_AUTHORITY_DESCRIPTOR_MAX_SIZE 64
+#define DICE_CONFIG_DESCRIPTOR_MAX_SIZE 64
+#define DICE_CODE_DESCRIPTOR_MAX_SIZE 32
+
+typedef int32_t dpe_error_t;
+
+#define DPE_NO_ERROR ((dpe_error_t)0)
+#define DPE_INTERNAL_ERROR ((dpe_error_t)1)
+#define DPE_INVALID_COMMAND ((dpe_error_t)2)
+#define DPE_INVALID_ARGUMENT ((dpe_error_t)3)
+#define DPE_ARGUMENT_NOT_SUPPORTED ((dpe_error_t)4)
+#define DPE_SESSION_EXHAUSTED ((dpe_error_t)5)
+
+/* Custom values in RSS based DPE implementation */
+#define DPE_INSUFFICIENT_MEMORY ((dpe_error_t)128)
+#define DPE_ERR_CBOR_FORMATTING ((dpe_error_t)129)
+
+/**
+ * Client facing API. Parameters are according to the DPE spec version r0.9
+ *
+ * \brief Performs the DICE computation to derive a new context and optionally
+ * creates an intermediate certificate. Software component measurement
+ * must be provided in dice_inputs.
+ *
+ * \param[in] context_handle Input context handle for the DPE
+ * context.
+ * \param[in] cert_id Logical certificate id to which derived
+ * context belongs to.
+ * \param[in] retain_parent_context Flag to indicate whether to retain the
+ * parent context. True only if a client
+ * will call further DPE commands on the
+ * same context.
+ * \param[in] allow_new_context_to_derive Flag to indicate whether derived context
+ * can derive further. True only if the
+ * new context will load further components.
+ * \param[in] create_certificate Flag to indicate whether to create an
+ * intermediate certificate. True only if
+ * it is the last component in the layer.
+ * \param[in] dice_inputs DICE input values.
+ * \param[in] target_locality Identifies the locality to which the
+ * derived context will be bound. Could be
+ * MHU id.
+ * \param[in] return_certificate Indicates whether to return the generated
+ * certificate when create_certificate is true.
+ * \param[in] allow_new_context_to_export Indicates whether the DPE permits export of
+ * the CDI from the newly derived context.
+ * \param[in] export_cdi Indicates whether to export derived CDI.
+ * \param[out] new_context_handle New handle for the derived context.
+ * \param[out] new_parent_context_handle New handle for the parent context.
+ * \param[out] new_certificate_buf If create_certificate and return_certificate
+ * are both true, this argument holds the new
+ * certificate generated for the new context
+ * \param[in] new_certificate_buf_size Size of the allocated buffer for
+ * new certificate.
+ * \param[out] new_certificate_actual_size Actual size of the new certificate.
+ * \param[out] exported_cdi_buf If export_cdi is true, this is the
+ * exported CDI value.
+ * \param[in] exported_cdi_buf_size Size of the allocated buffer for
+ * exported cdi.
+ * \param[out] exported_cdi_actual_size Actual size of the exported cdi.
+ *
+ * \return Returns error code of type dpe_error_t
+ */
+dpe_error_t dpe_derive_context(int context_handle,
+ uint32_t cert_id,
+ bool retain_parent_context,
+ bool allow_new_context_to_derive,
+ bool create_certificate,
+ const DiceInputValues *dice_inputs,
+ int32_t target_locality,
+ bool return_certificate,
+ bool allow_new_context_to_export,
+ bool export_cdi,
+ int *new_context_handle,
+ int *new_parent_context_handle,
+ uint8_t *new_certificate_buf,
+ size_t new_certificate_buf_size,
+ size_t *new_certificate_actual_size,
+ uint8_t *exported_cdi_buf,
+ size_t exported_cdi_buf_size,
+ size_t *exported_cdi_actual_size);
+
+#endif /* DICE_PROTECTION_ENVIRONMENT_H */
diff --git a/include/lib/psa/measured_boot.h b/include/lib/psa/measured_boot.h
index af624a6..79cdfa0 100644
--- a/include/lib/psa/measured_boot.h
+++ b/include/lib/psa/measured_boot.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -14,21 +14,6 @@
#include "psa/error.h"
-/* Minimum measurement value size that can be requested to store */
-#define MEASUREMENT_VALUE_MIN_SIZE 32U
-/* Maximum measurement value size that can be requested to store */
-#define MEASUREMENT_VALUE_MAX_SIZE 64U
-/* Minimum signer id size that can be requested to store */
-#define SIGNER_ID_MIN_SIZE MEASUREMENT_VALUE_MIN_SIZE
-/* Maximum signer id size that can be requested to store */
-#define SIGNER_ID_MAX_SIZE MEASUREMENT_VALUE_MAX_SIZE
-/* The theoretical maximum image version is: "255.255.65535\0" */
-#define VERSION_MAX_SIZE 14U
-/* Example sw_type: "BL_2, BL_33, etc." */
-#define SW_TYPE_MAX_SIZE 20U
-#define NUM_OF_MEASUREMENT_SLOTS 32U
-
-
/**
* Extends and stores a measurement to the requested slot.
*
diff --git a/include/lib/psa/psa_manifest/sid.h b/include/lib/psa/psa_manifest/sid.h
index 7183112..6c15656 100644
--- a/include/lib/psa/psa_manifest/sid.h
+++ b/include/lib/psa/psa_manifest/sid.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -17,7 +17,10 @@
/******** PSA_SP_MEASURED_BOOT ********/
#define RSS_MEASURED_BOOT_HANDLE (0x40000110U)
-/******** PSA_SP_DELAGATED_ATTESTATION ********/
+/******** PSA_SP_DELEGATED_ATTESTATION ********/
#define RSS_DELEGATED_SERVICE_HANDLE (0x40000111U)
+/******** PSA_SP_DICE_PROTECTION_ENVIRONMENT ********/
+#define RSS_DPE_SERVICE_HANDLE (0x40000112U)
+
#endif /* PSA_MANIFEST_SID_H */
diff --git a/include/plat/arm/common/arm_tzc_dram.ld.S b/include/plat/arm/common/arm_tzc_dram.ld.S
index c790bb9..08990f6 100644
--- a/include/plat/arm/common/arm_tzc_dram.ld.S
+++ b/include/plat/arm/common/arm_tzc_dram.ld.S
@@ -18,6 +18,9 @@
ASSERT(. == ALIGN(PAGE_SIZE),
"ARM_EL3_TZC_DRAM_BASE address is not aligned on a page boundary.")
.el3_tzc_dram (NOLOAD) : ALIGN(PAGE_SIZE) {
+ __PLAT_SPMC_SHMEM_DATASTORE_START__ = .;
+ *(.arm_spmc_shmem_datastore)
+ __PLAT_SPMC_SHMEM_DATASTORE_END__ = .;
__EL3_SEC_DRAM_START__ = .;
*(.arm_el3_tzc_dram)
__EL3_SEC_DRAM_UNALIGNED_END__ = .;
diff --git a/include/plat/arm/common/plat_arm.h b/include/plat/arm/common/plat_arm.h
index 4c425a7..828d43a 100644
--- a/include/plat/arm/common/plat_arm.h
+++ b/include/plat/arm/common/plat_arm.h
@@ -290,6 +290,12 @@
int arm_get_mbedtls_heap(void **heap_addr, size_t *heap_size);
#if MEASURED_BOOT
+#if DICE_PROTECTION_ENVIRONMENT
+int arm_set_nt_fw_info(int *ctx_handle);
+int arm_set_tb_fw_info(int *ctx_handle);
+int arm_get_tb_fw_info(int *ctx_handle);
+#else
+/* Specific to event log backend */
int arm_set_tos_fw_info(uintptr_t log_addr, size_t log_size);
int arm_set_nt_fw_info(
/*
@@ -304,6 +310,7 @@
size_t log_max_size);
int arm_get_tb_fw_info(uint64_t *log_addr, size_t *log_size,
size_t *log_max_size);
+#endif /* DICE_PROTECTION_ENVIRONMENT */
#endif /* MEASURED_BOOT */
/*
diff --git a/include/plat/common/plat_drtm.h b/include/plat/common/plat_drtm.h
index e96e719..07545a6 100644
--- a/include/plat/common/plat_drtm.h
+++ b/include/plat/common/plat_drtm.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -17,7 +17,7 @@
typedef struct {
bool tpm_based_hash_support;
- uint32_t firmware_hash_algorithm;
+ uint16_t firmware_hash_algorithm;
} plat_drtm_tpm_features_t;
typedef struct {
@@ -26,7 +26,7 @@
} __attribute__((packed)) drtm_mem_region_t;
/*
- * Memory region descriptor table structure as per DRTM beta0 section 3.13
+ * Memory region descriptor table structure as per DRTM 1.0 section 3.13
* Table 11 MEMORY_REGION_DESCRIPTOR_TABLE
*/
typedef struct {
diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h
index 4d1b1c1..4fe3620 100644
--- a/include/plat/common/platform.h
+++ b/include/plat/common/platform.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -136,6 +136,7 @@
void plat_ic_set_interrupt_pending(unsigned int id);
void plat_ic_clear_interrupt_pending(unsigned int id);
unsigned int plat_ic_set_priority_mask(unsigned int mask);
+unsigned int plat_ic_deactivate_priority(unsigned int mask);
unsigned int plat_ic_get_interrupt_id(unsigned int raw);
/*******************************************************************************
@@ -242,7 +243,7 @@
int bl1_plat_handle_pre_image_load(unsigned int image_id);
int bl1_plat_handle_post_image_load(unsigned int image_id);
-#if MEASURED_BOOT
+#if (MEASURED_BOOT || DICE_PROTECTION_ENVIRONMENT)
void bl1_plat_mboot_init(void);
void bl1_plat_mboot_finish(void);
#else
@@ -252,7 +253,7 @@
static inline void bl1_plat_mboot_finish(void)
{
}
-#endif /* MEASURED_BOOT */
+#endif /* MEASURED_BOOT || DICE_PROTECTION_ENVIRONMENT */
/*******************************************************************************
* Mandatory BL2 functions
@@ -272,7 +273,7 @@
/*******************************************************************************
* Optional BL2 functions (may be overridden)
******************************************************************************/
-#if MEASURED_BOOT
+#if (MEASURED_BOOT || DICE_PROTECTION_ENVIRONMENT)
void bl2_plat_mboot_init(void);
void bl2_plat_mboot_finish(void);
#else
@@ -282,7 +283,7 @@
static inline void bl2_plat_mboot_finish(void)
{
}
-#endif /* MEASURED_BOOT */
+#endif /* MEASURED_BOOT || DICE_PROTECTION_ENVIRONMENTs */
/*******************************************************************************
* Mandatory BL2 at EL3 functions: Must be implemented
diff --git a/include/plat/nuvoton/common/npcm845x_arm_def.h b/include/plat/nuvoton/common/npcm845x_arm_def.h
index 5a44907..df3ad24 100644
--- a/include/plat/nuvoton/common/npcm845x_arm_def.h
+++ b/include/plat/nuvoton/common/npcm845x_arm_def.h
@@ -149,7 +149,16 @@
ARM_AP_TZC_DRAM1_SIZE - 1U)
/* Define the Access permissions for Secure peripherals to NS_DRAM */
+#if ARM_CRYPTOCELL_INTEG
+/*
+ * Allow Secure peripheral to read NS DRAM when integrated with CryptoCell.
+ * This is required by CryptoCell to authenticate BL33 which is loaded
+ * into the Non Secure DDR.
+ */
+#define ARM_TZC_NS_DRAM_S_ACCESS TZC_REGION_S_RD
+#else
#define ARM_TZC_NS_DRAM_S_ACCESS TZC_REGION_S_NONE
+#endif /* ARM_CRYPTOCELL_INTEG */
#ifdef SPD_opteed
/*
@@ -310,7 +319,7 @@
BL_RO_DATA_END - BL_RO_DATA_BASE, \
MT_RO_DATA | EL3_PAS)
#else
-#define ARM_MAP_BL_RO MAP_REGION_FLAT( \
+#define ARM_MAP_BL_RO_NOT_USED MAP_REGION_FLAT( \
BL_CODE_BASE, BL_CODE_END - BL_CODE_BASE, \
MT_CODE | EL3_PAS)
#endif /* SEPARATE_CODE_AND_RODATA */
@@ -474,9 +483,9 @@
#define NEW_SRAM_ALLOCATION
#ifdef NEW_SRAM_ALLOCATION
- #define BL31_BASE 0x20001000
+ #define BL31_BASE 0x02000000
#else
- #define BL31_BASE 0x20001000
+ #define BL31_BASE 0x02001000
#endif /* NEW_SRAM_ALLOCATION */
#define BL31_LIMIT BL2_BASE /* PLAT_ARM_MAX_BL31_SIZE */
@@ -502,6 +511,7 @@
* no SPD and no SPM-MM, as they are the only ones that can be used as BL32.
*/
#if defined(SPD_none) && !SPM_MM
+#error BL32_BASE is not defined
#undef BL32_BASE
#endif /* SPD_none && !SPM_MM */
diff --git a/include/plat/nuvoton/common/plat_macros.S b/include/plat/nuvoton/common/plat_macros.S
index 08f9feb..549db39 100644
--- a/include/plat/nuvoton/common/plat_macros.S
+++ b/include/plat/nuvoton/common/plat_macros.S
@@ -41,7 +41,8 @@
* BL31.
*/
.macro plat_crash_print_regs
- /* TODO */
+plat_print_gic_regs
+/*print_cci_regs*/
.endm
#endif /* PLAT_MACROS_S */
diff --git a/include/services/drtm_svc.h b/include/services/drtm_svc.h
index 69b314f..f0d3c63 100644
--- a/include/services/drtm_svc.h
+++ b/include/services/drtm_svc.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022 Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024 Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -54,10 +54,10 @@
(((_fid) >= ARM_DRTM_SVC_VERSION) && ((_fid) <= ARM_DRTM_SVC_LOCK_TCB_HASH))
/* ARM DRTM Service Calls version numbers */
-#define ARM_DRTM_VERSION_MAJOR U(0)
+#define ARM_DRTM_VERSION_MAJOR U(1)
#define ARM_DRTM_VERSION_MAJOR_SHIFT 16
#define ARM_DRTM_VERSION_MAJOR_MASK U(0x7FFF)
-#define ARM_DRTM_VERSION_MINOR U(1)
+#define ARM_DRTM_VERSION_MINOR U(0)
#define ARM_DRTM_VERSION_MINOR_SHIFT 0
#define ARM_DRTM_VERSION_MINOR_MASK U(0xFFFF)
@@ -74,7 +74,7 @@
#define ARM_DRTM_FEAT_ID_MASK ULL(0xff)
/*
- * Definitions for DRTM features as per DRTM beta0 section 3.3,
+ * Definitions for DRTM features as per DRTM 1.0 section 3.3,
* Table 6 DRTM_FEATURES
*/
#define ARM_DRTM_TPM_FEATURES_PCR_SCHEMA_SHIFT U(33)
@@ -87,7 +87,7 @@
#define ARM_DRTM_TPM_FEATURES_TPM_HASH_SUPPORTED ULL(0x1)
#define ARM_DRTM_TPM_FEATURES_FW_HASH_SHIFT U(0)
-#define ARM_DRTM_TPM_FEATURES_FW_HASH_MASK ULL(0xFFFFFFFF)
+#define ARM_DRTM_TPM_FEATURES_FW_HASH_MASK ULL(0xFFFF)
#define ARM_DRTM_TPM_FEATURES_FW_HASH_SHA256 ULL(0xB)
#define ARM_DRTM_TPM_FEATURES_FW_HASH_SHA384 ULL(0xC)
#define ARM_DRTM_TPM_FEATURES_FW_HASH_SHA512 ULL(0xD)
diff --git a/include/tools_share/tbbr_oid.h b/include/tools_share/tbbr_oid.h
index 9881d1a..1a2e355 100644
--- a/include/tools_share/tbbr_oid.h
+++ b/include/tools_share/tbbr_oid.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -170,6 +170,12 @@
#define SOC_FW_CONFIG_KEY_OID SOC_FW_CONTENT_CERT_PK_OID
#define HW_CONFIG_KEY_OID ZERO_OID
+#define SCP_BL2_IMAGE_KEY_OID SCP_FW_CONTENT_CERT_PK_OID
+#define BL32_IMAGE_KEY_OID TRUSTED_OS_FW_CONTENT_CERT_PK_OID
+#define TOS_FW_CONFIG_KEY_OID TRUSTED_OS_FW_CONTENT_CERT_PK_OID
+#define BL33_IMAGE_KEY_OID NON_TRUSTED_FW_CONTENT_CERT_PK_OID
+#define NT_FW_CONFIG_KEY_OID NON_TRUSTED_FW_CONTENT_CERT_PK_OID
+
#ifdef PLAT_DEF_OID
#include <platform_oid.h>
#endif
diff --git a/lib/cpus/aarch64/cortex_a715.S b/lib/cpus/aarch64/cortex_a715.S
index 0faa276..a5be22d 100644
--- a/lib/cpus/aarch64/cortex_a715.S
+++ b/lib/cpus/aarch64/cortex_a715.S
@@ -26,9 +26,71 @@
wa_cve_2022_23960_bhb_vector_table CORTEX_A715_BHB_LOOP_COUNT, cortex_a715
#endif /* WORKAROUND_CVE_2022_23960 */
-workaround_runtime_start cortex_a715, ERRATUM(2561034), ERRATA_A715_2561034
+workaround_reset_start cortex_a715, ERRATUM(2331818), ERRATA_A715_2331818
+ sysreg_bit_set CORTEX_A715_CPUACTLR2_EL1, BIT(20)
+workaround_reset_end cortex_a715, ERRATUM(2331818)
+
+check_erratum_ls cortex_a715, ERRATUM(2331818), CPU_REV(1, 0)
+
+workaround_reset_start cortex_a715, ERRATUM(2344187), ERRATA_A715_2344187
+ /* GCR_EL1 is only present with FEAT_MTE2. */
+ mrs x1, ID_AA64PFR1_EL1
+ ubfx x0, x1, ID_AA64PFR1_EL1_MTE_SHIFT, #4
+ cmp x0, #MTE_IMPLEMENTED_ELX
+ bne #1f
+ sysreg_bit_set GCR_EL1, GCR_EL1_RRND_BIT
+
+1:
+ /* Mitigation upon ERETAA and ERETAB. */
+ mov x0, #2
+ msr CORTEX_A715_CPUPSELR_EL3, x0
+ isb
+ ldr x0, =0xd69f0bff
+ msr CORTEX_A715_CPUPOR_EL3, x0
+ ldr x0, =0xfffffbff
+ msr CORTEX_A715_CPUPMR_EL3, x0
+ mov x1, #0
+ orr x1, x1, #(1<<0)
+ orr x1, x1, #(3<<4)
+ orr x1, x1, #(0xf<<6)
+ orr x1, x1, #(1<<13)
+ orr x1, x1, #(1<<53)
+ msr CORTEX_A715_CPUPCR_EL3, x1
+workaround_reset_end cortex_a715, ERRATUM(2344187)
+
+check_erratum_ls cortex_a715, ERRATUM(2344187), CPU_REV(1, 0)
+
+workaround_reset_start cortex_a715, ERRATUM(2413290), ERRATA_A715_2413290
+/* Erratum 2413290 workaround is required only if SPE is enabled */
+#if ENABLE_SPE_FOR_NS != 0
+ /* Check if Static profiling extension is implemented or present. */
+ mrs x1, id_aa64dfr0_el1
+ ubfx x0, x1, ID_AA64DFR0_PMS_SHIFT, #4
+ cbz x0, 1f
+ /* Apply the workaround by setting CPUACTLR_EL1[58:57] = 0b11. */
+ sysreg_bit_set CORTEX_A715_CPUACTLR_EL1, BIT(57)
+ sysreg_bit_set CORTEX_A715_CPUACTLR_EL1, BIT(58)
+1:
+#endif
+workaround_reset_end cortex_a715, ERRATUM(2413290)
+
+check_erratum_range cortex_a715, ERRATUM(2413290), CPU_REV(1,0), CPU_REV(1, 0)
+
+workaround_reset_start cortex_a715, ERRATUM(2420947), ERRATA_A715_2420947
+ sysreg_bit_set CORTEX_A715_CPUACTLR2_EL1, BIT(33)
+workaround_reset_end cortex_a715, ERRATUM(2420947)
+
+check_erratum_range cortex_a715, ERRATUM(2420947), CPU_REV(1, 0), CPU_REV(1, 0)
+
+workaround_reset_start cortex_a715, ERRATUM(2429384), ERRATA_A715_2429384
+ sysreg_bit_set CORTEX_A715_CPUACTLR2_EL1, BIT(27)
+workaround_reset_end cortex_a715, ERRATUM(2429384)
+
+check_erratum_range cortex_a715, ERRATUM(2429384), CPU_REV(1, 0), CPU_REV(1, 0)
+
+workaround_reset_start cortex_a715, ERRATUM(2561034), ERRATA_A715_2561034
sysreg_bit_set CORTEX_A715_CPUACTLR2_EL1, BIT(26)
-workaround_runtime_end cortex_a715, ERRATUM(2561034), NO_ISB
+workaround_reset_end cortex_a715, ERRATUM(2561034)
check_erratum_range cortex_a715, ERRATUM(2561034), CPU_REV(1, 0), CPU_REV(1, 0)
diff --git a/lib/cpus/aarch64/cortex_a720.S b/lib/cpus/aarch64/cortex_a720.S
index 4b28fdb..53a1b78 100644
--- a/lib/cpus/aarch64/cortex_a720.S
+++ b/lib/cpus/aarch64/cortex_a720.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -26,6 +26,28 @@
wa_cve_2022_23960_bhb_vector_table CORTEX_A720_BHB_LOOP_COUNT, cortex_a720
#endif /* WORKAROUND_CVE_2022_23960 */
+workaround_reset_start cortex_a720, ERRATUM(2926083), ERRATA_A720_2926083
+/* Erratum 2926083 workaround is required only if SPE is enabled */
+#if ENABLE_SPE_FOR_NS != 0
+ /* Check if Static profiling extension is implemented or present. */
+ mrs x1, id_aa64dfr0_el1
+ ubfx x0, x1, ID_AA64DFR0_PMS_SHIFT, #4
+ cbz x0, 1f
+ /* Apply the workaround by setting CPUACTLR_EL1[58:57] = 0b11. */
+ sysreg_bit_set CORTEX_A720_CPUACTLR_EL1, BIT(57)
+ sysreg_bit_set CORTEX_A720_CPUACTLR_EL1, BIT(58)
+1:
+#endif
+workaround_reset_end cortex_a720, ERRATUM(2926083)
+
+check_erratum_ls cortex_a720, ERRATUM(2926083), CPU_REV(0, 1)
+
+workaround_reset_start cortex_a720, ERRATUM(2940794), ERRATA_A720_2940794
+ sysreg_bit_set CORTEX_A720_CPUACTLR2_EL1, BIT(37)
+workaround_reset_end cortex_a720, ERRATUM(2940794)
+
+check_erratum_ls cortex_a720, ERRATUM(2940794), CPU_REV(0, 1)
+
workaround_reset_start cortex_a720, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
#if IMAGE_BL31
/*
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index 0b4ed6b..872f6c7 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk
@@ -795,13 +795,17 @@
CPU_FLAG_LIST += ERRATA_X3_2372204
# Flag to apply erratum 2615812 workaround on powerdown. This erratum applies
-# to revisions r0p0, r1p0, r1p1 of the Cortex-X3 cpu, it is still open.
+# to revisions r0p0, r1p0, r1p1 of the Cortex-X3 cpu, it is fixed in r1p2.
CPU_FLAG_LIST += ERRATA_X3_2615812
# Flag to apply erratum 2641945 workaround on reset. This erratum applies
# to revisions r0p0 and r1p0 of the Cortex-X3 cpu, it is fixed in r1p1.
CPU_FLAG_LIST += ERRATA_X3_2641945
+# Flag to apply erratum 2701951 workaround for non-arm interconnect ip.
+# This erratum applies to revisions r0p0, r1p0, and r1p1. Its is fixed in r1p2.
+CPU_FLAG_LIST += ERRATA_X3_2701951
+
# Flag to apply erratum 2742421 workaround on reset. This erratum applies
# to revisions r0p0, r1p0 and r1p1 of the Cortex-X3 cpu, it is fixed in r1p2.
CPU_FLAG_LIST += ERRATA_X3_2742421
@@ -814,6 +818,11 @@
# to revisions r0p0, r1p0, r1p1 of the Cortex-X3 cpu, it is fixed in r1p2.
CPU_FLAG_LIST += ERRATA_X3_2779509
+# Flag to apply erratum 2701112 workaround for platforms that do not use an
+# Arm interconnect IP. This erratum applies to revisions r0p0 of the Cortex-X4
+# cpu and is fixed in r0p1.
+CPU_FLAG_LIST += ERRATA_X4_2701112
+
# Flag to apply erratum 1922240 workaround during reset. This erratum applies
# to revision r0p0 of the Cortex-A510 cpu and is fixed in r0p1.
CPU_FLAG_LIST += ERRATA_A510_1922240
@@ -907,13 +916,37 @@
# This erratum applies to revisions r0p0, r0p1. Fixed in r0p2.
CPU_FLAG_LIST += ERRATA_V2_2801372
+# Flag to apply erratum 2331818 workaround during reset. This erratum applies
+# to revisions r0p0 and r1p0. It is fixed in r1p1.
+CPU_FLAG_LIST += ERRATA_A715_2331818
+
+# Flag to apply erratum 2344187 workaround during reset. This erratum applies
+# to revisions r0p0, and r1p0. It is fixed in r1p1.
+CPU_FLAG_LIST += ERRATA_A715_2344187
+
+# Flag to apply erratum 2413290 workaround during reset. This erratum applies
+# only to revision r1p0. It is fixed in r1p1.
+CPU_FLAG_LIST += ERRATA_A715_2413290
+
+# Flag to apply erratum 2420947 workaround during reset. This erratum applies
+# only to revision r1p0. It is fixed in r1p1.
+CPU_FLAG_LIST += ERRATA_A715_2420947
+
+# Flag to apply erratum 2429384 workaround during reset. This erratum applies
+# to revision r1p0. There is no workaround for r0p0. It is fixed in r1p1.
+CPU_FLAG_LIST += ERRATA_A715_2429384
+
# Flag to apply erratum 2561034 workaround during reset. This erratum applies
# only to revision r1p0. It is fixed in r1p1.
CPU_FLAG_LIST += ERRATA_A715_2561034
-# Flag to apply erratum 2701951 workaround for non-arm interconnect ip.
-# This erratum applies to revisions r0p0, r1p0, and r1p1. Its is fixed in r1p2.
-CPU_FLAG_LIST += ERRATA_A715_2701951
+# Flag to apply erratum 2926083 workaround during reset. This erratum applies
+# to revisions r0p0 and r0p1. It is fixed in r0p2.
+CPU_FLAG_LIST += ERRATA_A720_2926083
+
+# Flag to apply erratum 2940794 workaround during reset. This erratum applies
+# to revisions r0p0 and r0p1. It is fixed in r0p2.
+CPU_FLAG_LIST += ERRATA_A720_2940794
# Flag to apply DSU erratum 798953. This erratum applies to DSUs revision r0p0.
# Applying the workaround results in higher DSU power consumption on idle.
diff --git a/lib/el3_runtime/aarch64/context_mgmt.c b/lib/el3_runtime/aarch64/context_mgmt.c
index 922b2cf..ee94dfd 100644
--- a/lib/el3_runtime/aarch64/context_mgmt.c
+++ b/lib/el3_runtime/aarch64/context_mgmt.c
@@ -123,8 +123,8 @@
scr_el3 |= get_scr_el3_from_routing_model(SECURE);
#endif
- /* Allow access to Allocation Tags when mte is set*/
- if (is_feat_mte_supported()) {
+ /* Allow access to Allocation Tags when FEAT_MTE2 is implemented and enabled. */
+ if (is_feat_mte2_supported()) {
scr_el3 |= SCR_ATA_BIT;
}
@@ -193,8 +193,10 @@
/* SCR_NS: Set the NS bit */
scr_el3 |= SCR_NS_BIT;
- /* Allow access to Allocation Tags when MTE is implemented. */
- scr_el3 |= SCR_ATA_BIT;
+ /* Allow access to Allocation Tags when FEAT_MTE2 is implemented and enabled. */
+ if (is_feat_mte2_supported()) {
+ scr_el3 |= SCR_ATA_BIT;
+ }
#if !CTX_INCLUDE_PAUTH_REGS
/*
@@ -262,10 +264,10 @@
* Initialize SCTLR_EL2 context register using Endianness value
* taken from the entrypoint attribute.
*/
- u_register_t sctlr_el2 = (EP_GET_EE(ep->h.attr) != 0U) ? SCTLR_EE_BIT : 0UL;
- sctlr_el2 |= SCTLR_EL2_RES1;
- write_ctx_reg(get_el2_sysregs_ctx(ctx), CTX_SCTLR_EL2,
- sctlr_el2);
+ u_register_t sctlr_el2_val = (EP_GET_EE(ep->h.attr) != 0U) ? SCTLR_EE_BIT : 0UL;
+ sctlr_el2_val |= SCTLR_EL2_RES1;
+ write_el2_ctx_common(get_el2_sysregs_ctx(ctx), sctlr_el2, sctlr_el2_val);
+
if (is_feat_hcx_supported()) {
/*
@@ -276,7 +278,7 @@
* this feature if not properly initialized, especially when
* it comes to those bits that enable/disable traps.
*/
- write_ctx_reg(get_el2_sysregs_ctx(ctx), CTX_HCRX_EL2,
+ write_el2_ctx_hcx(get_el2_sysregs_ctx(ctx), hcrx_el2,
HCRX_EL2_INIT_VAL);
}
@@ -286,13 +288,14 @@
* systems unaware of FEAT_FGT do not get trapped due to their lack
* of initialization for this feature.
*/
- write_ctx_reg(get_el2_sysregs_ctx(ctx), CTX_HFGITR_EL2,
+ write_el2_ctx_fgt(get_el2_sysregs_ctx(ctx), hfgitr_el2,
HFGITR_EL2_INIT_VAL);
- write_ctx_reg(get_el2_sysregs_ctx(ctx), CTX_HFGRTR_EL2,
+ write_el2_ctx_fgt(get_el2_sysregs_ctx(ctx), hfgrtr_el2,
HFGRTR_EL2_INIT_VAL);
- write_ctx_reg(get_el2_sysregs_ctx(ctx), CTX_HFGWTR_EL2,
+ write_el2_ctx_fgt(get_el2_sysregs_ctx(ctx), hfgwtr_el2,
HFGWTR_EL2_INIT_VAL);
}
+
#endif /* CTX_INCLUDE_EL2_REGS */
manage_extensions_nonsecure(ctx);
@@ -330,9 +333,9 @@
* These bits are set in the gicv3 driver. Losing them (especially the
* SRE bit) is problematic for all worlds. Henceforth recreate them.
*/
- u_register_t icc_sre_el2 = ICC_SRE_DIB_BIT | ICC_SRE_DFB_BIT |
+ u_register_t icc_sre_el2_val = ICC_SRE_DIB_BIT | ICC_SRE_DFB_BIT |
ICC_SRE_EN_BIT | ICC_SRE_SRE_BIT;
- write_ctx_reg(el2_ctx, CTX_ICC_SRE_EL2, icc_sre_el2);
+ write_el2_ctx_common(el2_ctx, icc_sre_el2, icc_sre_el2_val);
#endif /* CTX_INCLUDE_EL2_REGS */
/* Start with a clean SCR_EL3 copy as all relevant values are set */
@@ -958,8 +961,8 @@
scr_el3 = read_ctx_reg(get_el3state_ctx(ctx),
CTX_SCR_EL3);
- if (((scr_el3 & SCR_HCE_BIT) != 0U)
- || (el2_implemented != EL_IMPL_NONE)) {
+ if (el2_implemented != EL_IMPL_NONE) {
+
/*
* If context is not being used for EL2, initialize
* HCRX_EL2 with its init value here.
@@ -985,29 +988,32 @@
write_hfgrtr_el2(HFGRTR_EL2_INIT_VAL);
write_hfgwtr_el2(HFGWTR_EL2_INIT_VAL);
}
- }
-
- if ((scr_el3 & SCR_HCE_BIT) != 0U) {
- /* Use SCTLR_EL1.EE value to initialise sctlr_el2 */
- sctlr_elx = read_ctx_reg(get_el1_sysregs_ctx(ctx),
- CTX_SCTLR_EL1);
- sctlr_elx &= SCTLR_EE_BIT;
- sctlr_elx |= SCTLR_EL2_RES1;
+ /* Condition to ensure EL2 is being used. */
+ if ((scr_el3 & SCR_HCE_BIT) != 0U) {
+ /* Use SCTLR_EL1.EE value to initialise sctlr_el2 */
+ sctlr_elx = read_ctx_reg(get_el1_sysregs_ctx(ctx),
+ CTX_SCTLR_EL1);
+ sctlr_elx &= SCTLR_EE_BIT;
+ sctlr_elx |= SCTLR_EL2_RES1;
#if ERRATA_A75_764081
- /*
- * If workaround of errata 764081 for Cortex-A75 is used
- * then set SCTLR_EL2.IESB to enable Implicit Error
- * Synchronization Barrier.
- */
- sctlr_elx |= SCTLR_IESB_BIT;
-#endif
- write_sctlr_el2(sctlr_elx);
- } else if (el2_implemented != EL_IMPL_NONE) {
- init_nonsecure_el2_unused(ctx);
+ /*
+ * If workaround of errata 764081 for Cortex-A75
+ * is used then set SCTLR_EL2.IESB to enable
+ * Implicit Error Synchronization Barrier.
+ */
+ sctlr_elx |= SCTLR_IESB_BIT;
+#endif /* ERRATA_A75_764081 */
+ write_sctlr_el2(sctlr_elx);
+ } else {
+ /*
+ * (scr_el3 & SCR_HCE_BIT==0)
+ * EL2 implemented but unused.
+ */
+ init_nonsecure_el2_unused(ctx);
+ }
}
}
-
cm_el1_sysregs_context_restore(security_state);
cm_set_next_eret_context(security_state);
}
@@ -1016,26 +1022,26 @@
static void el2_sysregs_context_save_fgt(el2_sysregs_t *ctx)
{
- write_ctx_reg(ctx, CTX_HDFGRTR_EL2, read_hdfgrtr_el2());
+ write_el2_ctx_fgt(ctx, hdfgrtr_el2, read_hdfgrtr_el2());
if (is_feat_amu_supported()) {
- write_ctx_reg(ctx, CTX_HAFGRTR_EL2, read_hafgrtr_el2());
+ write_el2_ctx_fgt(ctx, hafgrtr_el2, read_hafgrtr_el2());
}
- write_ctx_reg(ctx, CTX_HDFGWTR_EL2, read_hdfgwtr_el2());
- write_ctx_reg(ctx, CTX_HFGITR_EL2, read_hfgitr_el2());
- write_ctx_reg(ctx, CTX_HFGRTR_EL2, read_hfgrtr_el2());
- write_ctx_reg(ctx, CTX_HFGWTR_EL2, read_hfgwtr_el2());
+ write_el2_ctx_fgt(ctx, hdfgwtr_el2, read_hdfgwtr_el2());
+ write_el2_ctx_fgt(ctx, hfgitr_el2, read_hfgitr_el2());
+ write_el2_ctx_fgt(ctx, hfgrtr_el2, read_hfgrtr_el2());
+ write_el2_ctx_fgt(ctx, hfgwtr_el2, read_hfgwtr_el2());
}
static void el2_sysregs_context_restore_fgt(el2_sysregs_t *ctx)
{
- write_hdfgrtr_el2(read_ctx_reg(ctx, CTX_HDFGRTR_EL2));
+ write_hdfgrtr_el2(read_el2_ctx_fgt(ctx, hdfgrtr_el2));
if (is_feat_amu_supported()) {
- write_hafgrtr_el2(read_ctx_reg(ctx, CTX_HAFGRTR_EL2));
+ write_hafgrtr_el2(read_el2_ctx_fgt(ctx, hafgrtr_el2));
}
- write_hdfgwtr_el2(read_ctx_reg(ctx, CTX_HDFGWTR_EL2));
- write_hfgitr_el2(read_ctx_reg(ctx, CTX_HFGITR_EL2));
- write_hfgrtr_el2(read_ctx_reg(ctx, CTX_HFGRTR_EL2));
- write_hfgwtr_el2(read_ctx_reg(ctx, CTX_HFGWTR_EL2));
+ write_hdfgwtr_el2(read_el2_ctx_fgt(ctx, hdfgwtr_el2));
+ write_hfgitr_el2(read_el2_ctx_fgt(ctx, hfgitr_el2));
+ write_hfgrtr_el2(read_el2_ctx_fgt(ctx, hfgrtr_el2));
+ write_hfgwtr_el2(read_el2_ctx_fgt(ctx, hfgwtr_el2));
}
#if CTX_INCLUDE_MPAM_REGS
@@ -1148,38 +1154,37 @@
static void el2_sysregs_context_save_gic(el2_sysregs_t *ctx)
{
#if defined(SPD_spmd) && SPMD_SPM_AT_SEL2
- write_ctx_reg(ctx, CTX_ICC_SRE_EL2, read_icc_sre_el2());
+ write_el2_ctx_common(ctx, icc_sre_el2, read_icc_sre_el2());
#else
u_register_t scr_el3 = read_scr_el3();
write_scr_el3(scr_el3 | SCR_NS_BIT);
isb();
- write_ctx_reg(ctx, CTX_ICC_SRE_EL2, read_icc_sre_el2());
+ write_el2_ctx_common(ctx, icc_sre_el2, read_icc_sre_el2());
write_scr_el3(scr_el3);
isb();
-
#endif
- write_ctx_reg(ctx, CTX_ICH_HCR_EL2, read_ich_hcr_el2());
- write_ctx_reg(ctx, CTX_ICH_VMCR_EL2, read_ich_vmcr_el2());
+ write_el2_ctx_common(ctx, ich_hcr_el2, read_ich_hcr_el2());
+ write_el2_ctx_common(ctx, ich_vmcr_el2, read_ich_vmcr_el2());
}
static void el2_sysregs_context_restore_gic(el2_sysregs_t *ctx)
{
#if defined(SPD_spmd) && SPMD_SPM_AT_SEL2
- write_icc_sre_el2(read_ctx_reg(ctx, CTX_ICC_SRE_EL2));
+ write_icc_sre_el2(read_el2_ctx_common(ctx, icc_sre_el2));
#else
u_register_t scr_el3 = read_scr_el3();
write_scr_el3(scr_el3 | SCR_NS_BIT);
isb();
- write_icc_sre_el2(read_ctx_reg(ctx, CTX_ICC_SRE_EL2));
+ write_icc_sre_el2(read_el2_ctx_common(ctx, icc_sre_el2));
write_scr_el3(scr_el3);
isb();
#endif
- write_ich_hcr_el2(read_ctx_reg(ctx, CTX_ICH_HCR_EL2));
- write_ich_vmcr_el2(read_ctx_reg(ctx, CTX_ICH_VMCR_EL2));
+ write_ich_hcr_el2(read_el2_ctx_common(ctx, ich_hcr_el2));
+ write_ich_vmcr_el2(read_el2_ctx_common(ctx, ich_vmcr_el2));
}
/* -----------------------------------------------------
@@ -1190,70 +1195,70 @@
*/
static void el2_sysregs_context_save_common(el2_sysregs_t *ctx)
{
- write_ctx_reg(ctx, CTX_ACTLR_EL2, read_actlr_el2());
- write_ctx_reg(ctx, CTX_AFSR0_EL2, read_afsr0_el2());
- write_ctx_reg(ctx, CTX_AFSR1_EL2, read_afsr1_el2());
- write_ctx_reg(ctx, CTX_AMAIR_EL2, read_amair_el2());
- write_ctx_reg(ctx, CTX_CNTHCTL_EL2, read_cnthctl_el2());
- write_ctx_reg(ctx, CTX_CNTVOFF_EL2, read_cntvoff_el2());
- write_ctx_reg(ctx, CTX_CPTR_EL2, read_cptr_el2());
+ write_el2_ctx_common(ctx, actlr_el2, read_actlr_el2());
+ write_el2_ctx_common(ctx, afsr0_el2, read_afsr0_el2());
+ write_el2_ctx_common(ctx, afsr1_el2, read_afsr1_el2());
+ write_el2_ctx_common(ctx, amair_el2, read_amair_el2());
+ write_el2_ctx_common(ctx, cnthctl_el2, read_cnthctl_el2());
+ write_el2_ctx_common(ctx, cntvoff_el2, read_cntvoff_el2());
+ write_el2_ctx_common(ctx, cptr_el2, read_cptr_el2());
if (CTX_INCLUDE_AARCH32_REGS) {
- write_ctx_reg(ctx, CTX_DBGVCR32_EL2, read_dbgvcr32_el2());
+ write_el2_ctx_common(ctx, dbgvcr32_el2, read_dbgvcr32_el2());
}
- write_ctx_reg(ctx, CTX_ELR_EL2, read_elr_el2());
- write_ctx_reg(ctx, CTX_ESR_EL2, read_esr_el2());
- write_ctx_reg(ctx, CTX_FAR_EL2, read_far_el2());
- write_ctx_reg(ctx, CTX_HACR_EL2, read_hacr_el2());
- write_ctx_reg(ctx, CTX_HCR_EL2, read_hcr_el2());
- write_ctx_reg(ctx, CTX_HPFAR_EL2, read_hpfar_el2());
- write_ctx_reg(ctx, CTX_HSTR_EL2, read_hstr_el2());
- write_ctx_reg(ctx, CTX_MAIR_EL2, read_mair_el2());
- write_ctx_reg(ctx, CTX_MDCR_EL2, read_mdcr_el2());
- write_ctx_reg(ctx, CTX_SCTLR_EL2, read_sctlr_el2());
- write_ctx_reg(ctx, CTX_SPSR_EL2, read_spsr_el2());
- write_ctx_reg(ctx, CTX_SP_EL2, read_sp_el2());
- write_ctx_reg(ctx, CTX_TCR_EL2, read_tcr_el2());
- write_ctx_reg(ctx, CTX_TPIDR_EL2, read_tpidr_el2());
- write_ctx_reg(ctx, CTX_TTBR0_EL2, read_ttbr0_el2());
- write_ctx_reg(ctx, CTX_VBAR_EL2, read_vbar_el2());
- write_ctx_reg(ctx, CTX_VMPIDR_EL2, read_vmpidr_el2());
- write_ctx_reg(ctx, CTX_VPIDR_EL2, read_vpidr_el2());
- write_ctx_reg(ctx, CTX_VTCR_EL2, read_vtcr_el2());
- write_ctx_reg(ctx, CTX_VTTBR_EL2, read_vttbr_el2());
+ write_el2_ctx_common(ctx, elr_el2, read_elr_el2());
+ write_el2_ctx_common(ctx, esr_el2, read_esr_el2());
+ write_el2_ctx_common(ctx, far_el2, read_far_el2());
+ write_el2_ctx_common(ctx, hacr_el2, read_hacr_el2());
+ write_el2_ctx_common(ctx, hcr_el2, read_hcr_el2());
+ write_el2_ctx_common(ctx, hpfar_el2, read_hpfar_el2());
+ write_el2_ctx_common(ctx, hstr_el2, read_hstr_el2());
+ write_el2_ctx_common(ctx, mair_el2, read_mair_el2());
+ write_el2_ctx_common(ctx, mdcr_el2, read_mdcr_el2());
+ write_el2_ctx_common(ctx, sctlr_el2, read_sctlr_el2());
+ write_el2_ctx_common(ctx, spsr_el2, read_spsr_el2());
+ write_el2_ctx_common(ctx, sp_el2, read_sp_el2());
+ write_el2_ctx_common(ctx, tcr_el2, read_tcr_el2());
+ write_el2_ctx_common(ctx, tpidr_el2, read_tpidr_el2());
+ write_el2_ctx_common(ctx, ttbr0_el2, read_ttbr0_el2());
+ write_el2_ctx_common(ctx, vbar_el2, read_vbar_el2());
+ write_el2_ctx_common(ctx, vmpidr_el2, read_vmpidr_el2());
+ write_el2_ctx_common(ctx, vpidr_el2, read_vpidr_el2());
+ write_el2_ctx_common(ctx, vtcr_el2, read_vtcr_el2());
+ write_el2_ctx_common(ctx, vttbr_el2, read_vttbr_el2());
}
static void el2_sysregs_context_restore_common(el2_sysregs_t *ctx)
{
- write_actlr_el2(read_ctx_reg(ctx, CTX_ACTLR_EL2));
- write_afsr0_el2(read_ctx_reg(ctx, CTX_AFSR0_EL2));
- write_afsr1_el2(read_ctx_reg(ctx, CTX_AFSR1_EL2));
- write_amair_el2(read_ctx_reg(ctx, CTX_AMAIR_EL2));
- write_cnthctl_el2(read_ctx_reg(ctx, CTX_CNTHCTL_EL2));
- write_cntvoff_el2(read_ctx_reg(ctx, CTX_CNTVOFF_EL2));
- write_cptr_el2(read_ctx_reg(ctx, CTX_CPTR_EL2));
+ write_actlr_el2(read_el2_ctx_common(ctx, actlr_el2));
+ write_afsr0_el2(read_el2_ctx_common(ctx, afsr0_el2));
+ write_afsr1_el2(read_el2_ctx_common(ctx, afsr1_el2));
+ write_amair_el2(read_el2_ctx_common(ctx, amair_el2));
+ write_cnthctl_el2(read_el2_ctx_common(ctx, cnthctl_el2));
+ write_cntvoff_el2(read_el2_ctx_common(ctx, cntvoff_el2));
+ write_cptr_el2(read_el2_ctx_common(ctx, cptr_el2));
if (CTX_INCLUDE_AARCH32_REGS) {
- write_dbgvcr32_el2(read_ctx_reg(ctx, CTX_DBGVCR32_EL2));
+ write_dbgvcr32_el2(read_el2_ctx_common(ctx, dbgvcr32_el2));
}
- write_elr_el2(read_ctx_reg(ctx, CTX_ELR_EL2));
- write_esr_el2(read_ctx_reg(ctx, CTX_ESR_EL2));
- write_far_el2(read_ctx_reg(ctx, CTX_FAR_EL2));
- write_hacr_el2(read_ctx_reg(ctx, CTX_HACR_EL2));
- write_hcr_el2(read_ctx_reg(ctx, CTX_HCR_EL2));
- write_hpfar_el2(read_ctx_reg(ctx, CTX_HPFAR_EL2));
- write_hstr_el2(read_ctx_reg(ctx, CTX_HSTR_EL2));
- write_mair_el2(read_ctx_reg(ctx, CTX_MAIR_EL2));
- write_mdcr_el2(read_ctx_reg(ctx, CTX_MDCR_EL2));
- write_sctlr_el2(read_ctx_reg(ctx, CTX_SCTLR_EL2));
- write_spsr_el2(read_ctx_reg(ctx, CTX_SPSR_EL2));
- write_sp_el2(read_ctx_reg(ctx, CTX_SP_EL2));
- write_tcr_el2(read_ctx_reg(ctx, CTX_TCR_EL2));
- write_tpidr_el2(read_ctx_reg(ctx, CTX_TPIDR_EL2));
- write_ttbr0_el2(read_ctx_reg(ctx, CTX_TTBR0_EL2));
- write_vbar_el2(read_ctx_reg(ctx, CTX_VBAR_EL2));
- write_vmpidr_el2(read_ctx_reg(ctx, CTX_VMPIDR_EL2));
- write_vpidr_el2(read_ctx_reg(ctx, CTX_VPIDR_EL2));
- write_vtcr_el2(read_ctx_reg(ctx, CTX_VTCR_EL2));
- write_vttbr_el2(read_ctx_reg(ctx, CTX_VTTBR_EL2));
+ write_elr_el2(read_el2_ctx_common(ctx, elr_el2));
+ write_esr_el2(read_el2_ctx_common(ctx, esr_el2));
+ write_far_el2(read_el2_ctx_common(ctx, far_el2));
+ write_hacr_el2(read_el2_ctx_common(ctx, hacr_el2));
+ write_hcr_el2(read_el2_ctx_common(ctx, hcr_el2));
+ write_hpfar_el2(read_el2_ctx_common(ctx, hpfar_el2));
+ write_hstr_el2(read_el2_ctx_common(ctx, hstr_el2));
+ write_mair_el2(read_el2_ctx_common(ctx, mair_el2));
+ write_mdcr_el2(read_el2_ctx_common(ctx, mdcr_el2));
+ write_sctlr_el2(read_el2_ctx_common(ctx, sctlr_el2));
+ write_spsr_el2(read_el2_ctx_common(ctx, spsr_el2));
+ write_sp_el2(read_el2_ctx_common(ctx, sp_el2));
+ write_tcr_el2(read_el2_ctx_common(ctx, tcr_el2));
+ write_tpidr_el2(read_el2_ctx_common(ctx, tpidr_el2));
+ write_ttbr0_el2(read_el2_ctx_common(ctx, ttbr0_el2));
+ write_vbar_el2(read_el2_ctx_common(ctx, vbar_el2));
+ write_vmpidr_el2(read_el2_ctx_common(ctx, vmpidr_el2));
+ write_vpidr_el2(read_el2_ctx_common(ctx, vpidr_el2));
+ write_vtcr_el2(read_el2_ctx_common(ctx, vtcr_el2));
+ write_vttbr_el2(read_el2_ctx_common(ctx, vttbr_el2));
}
/*******************************************************************************
@@ -1272,8 +1277,8 @@
el2_sysregs_context_save_common(el2_sysregs_ctx);
el2_sysregs_context_save_gic(el2_sysregs_ctx);
- if (is_feat_mte2_supported()) {
- write_ctx_reg(el2_sysregs_ctx, CTX_TFSR_EL2, read_tfsr_el2());
+ if (is_feat_mte_supported()) {
+ write_el2_ctx_mte(el2_sysregs_ctx, tfsr_el2, read_tfsr_el2());
}
#if CTX_INCLUDE_MPAM_REGS
@@ -1288,51 +1293,57 @@
}
if (is_feat_ecv_v2_supported()) {
- write_ctx_reg(el2_sysregs_ctx, CTX_CNTPOFF_EL2, read_cntpoff_el2());
+ write_el2_ctx_ecv(el2_sysregs_ctx, cntpoff_el2, read_cntpoff_el2());
}
if (is_feat_vhe_supported()) {
- write_ctx_reg(el2_sysregs_ctx, CTX_CONTEXTIDR_EL2, read_contextidr_el2());
- write_ctx_reg(el2_sysregs_ctx, CTX_TTBR1_EL2, read_ttbr1_el2());
+ write_el2_ctx_vhe(el2_sysregs_ctx, contextidr_el2,
+ read_contextidr_el2());
+ write_el2_ctx_vhe(el2_sysregs_ctx, ttbr1_el2, read_ttbr1_el2());
}
if (is_feat_ras_supported()) {
- write_ctx_reg(el2_sysregs_ctx, CTX_VDISR_EL2, read_vdisr_el2());
- write_ctx_reg(el2_sysregs_ctx, CTX_VSESR_EL2, read_vsesr_el2());
+ write_el2_ctx_ras(el2_sysregs_ctx, vdisr_el2, read_vdisr_el2());
+ write_el2_ctx_ras(el2_sysregs_ctx, vsesr_el2, read_vsesr_el2());
}
if (is_feat_nv2_supported()) {
- write_ctx_reg(el2_sysregs_ctx, CTX_VNCR_EL2, read_vncr_el2());
+ write_el2_ctx_neve(el2_sysregs_ctx, vncr_el2, read_vncr_el2());
}
if (is_feat_trf_supported()) {
- write_ctx_reg(el2_sysregs_ctx, CTX_TRFCR_EL2, read_trfcr_el2());
+ write_el2_ctx_trf(el2_sysregs_ctx, trfcr_el2, read_trfcr_el2());
}
- /* CSV2 version 2 and above */
if (is_feat_csv2_2_supported()) {
- write_ctx_reg(el2_sysregs_ctx, CTX_SCXTNUM_EL2, read_scxtnum_el2());
+ write_el2_ctx_csv2_2(el2_sysregs_ctx, scxtnum_el2,
+ read_scxtnum_el2());
}
if (is_feat_hcx_supported()) {
- write_ctx_reg(el2_sysregs_ctx, CTX_HCRX_EL2, read_hcrx_el2());
+ write_el2_ctx_hcx(el2_sysregs_ctx, hcrx_el2, read_hcrx_el2());
}
+
if (is_feat_tcr2_supported()) {
- write_ctx_reg(el2_sysregs_ctx, CTX_TCR2_EL2, read_tcr2_el2());
+ write_el2_ctx_tcr2(el2_sysregs_ctx, tcr2_el2, read_tcr2_el2());
}
+
if (is_feat_sxpie_supported()) {
- write_ctx_reg(el2_sysregs_ctx, CTX_PIRE0_EL2, read_pire0_el2());
- write_ctx_reg(el2_sysregs_ctx, CTX_PIR_EL2, read_pir_el2());
- }
- if (is_feat_s2pie_supported()) {
- write_ctx_reg(el2_sysregs_ctx, CTX_S2PIR_EL2, read_s2pir_el2());
+ write_el2_ctx_sxpie(el2_sysregs_ctx, pire0_el2, read_pire0_el2());
+ write_el2_ctx_sxpie(el2_sysregs_ctx, pir_el2, read_pir_el2());
}
+
if (is_feat_sxpoe_supported()) {
- write_ctx_reg(el2_sysregs_ctx, CTX_POR_EL2, read_por_el2());
+ write_el2_ctx_sxpoe(el2_sysregs_ctx, por_el2, read_por_el2());
}
+
+ if (is_feat_s2pie_supported()) {
+ write_el2_ctx_s2pie(el2_sysregs_ctx, s2pir_el2, read_s2pir_el2());
+ }
+
if (is_feat_gcs_supported()) {
- write_ctx_reg(el2_sysregs_ctx, CTX_GCSPR_EL2, read_gcspr_el2());
- write_ctx_reg(el2_sysregs_ctx, CTX_GCSCR_EL2, read_gcscr_el2());
+ write_el2_ctx_gcs(el2_sysregs_ctx, gcscr_el2, read_gcspr_el2());
+ write_el2_ctx_gcs(el2_sysregs_ctx, gcspr_el2, read_gcscr_el2());
}
}
@@ -1352,8 +1363,8 @@
el2_sysregs_context_restore_common(el2_sysregs_ctx);
el2_sysregs_context_restore_gic(el2_sysregs_ctx);
- if (is_feat_mte2_supported()) {
- write_tfsr_el2(read_ctx_reg(el2_sysregs_ctx, CTX_TFSR_EL2));
+ if (is_feat_mte_supported()) {
+ write_tfsr_el2(read_el2_ctx_mte(el2_sysregs_ctx, tfsr_el2));
}
#if CTX_INCLUDE_MPAM_REGS
@@ -1368,50 +1379,57 @@
}
if (is_feat_ecv_v2_supported()) {
- write_cntpoff_el2(read_ctx_reg(el2_sysregs_ctx, CTX_CNTPOFF_EL2));
+ write_cntpoff_el2(read_el2_ctx_ecv(el2_sysregs_ctx, cntpoff_el2));
}
if (is_feat_vhe_supported()) {
- write_contextidr_el2(read_ctx_reg(el2_sysregs_ctx, CTX_CONTEXTIDR_EL2));
- write_ttbr1_el2(read_ctx_reg(el2_sysregs_ctx, CTX_TTBR1_EL2));
+ write_contextidr_el2(read_el2_ctx_vhe(el2_sysregs_ctx,
+ contextidr_el2));
+ write_ttbr1_el2(read_el2_ctx_vhe(el2_sysregs_ctx, ttbr1_el2));
}
if (is_feat_ras_supported()) {
- write_vdisr_el2(read_ctx_reg(el2_sysregs_ctx, CTX_VDISR_EL2));
- write_vsesr_el2(read_ctx_reg(el2_sysregs_ctx, CTX_VSESR_EL2));
+ write_vdisr_el2(read_el2_ctx_ras(el2_sysregs_ctx, vdisr_el2));
+ write_vsesr_el2(read_el2_ctx_ras(el2_sysregs_ctx, vsesr_el2));
}
if (is_feat_nv2_supported()) {
- write_vncr_el2(read_ctx_reg(el2_sysregs_ctx, CTX_VNCR_EL2));
+ write_vncr_el2(read_el2_ctx_neve(el2_sysregs_ctx, vncr_el2));
}
+
if (is_feat_trf_supported()) {
- write_trfcr_el2(read_ctx_reg(el2_sysregs_ctx, CTX_TRFCR_EL2));
+ write_trfcr_el2(read_el2_ctx_trf(el2_sysregs_ctx, trfcr_el2));
}
- /* CSV2 version 2 and above */
if (is_feat_csv2_2_supported()) {
- write_scxtnum_el2(read_ctx_reg(el2_sysregs_ctx, CTX_SCXTNUM_EL2));
+ write_scxtnum_el2(read_el2_ctx_csv2_2(el2_sysregs_ctx,
+ scxtnum_el2));
}
if (is_feat_hcx_supported()) {
- write_hcrx_el2(read_ctx_reg(el2_sysregs_ctx, CTX_HCRX_EL2));
+ write_hcrx_el2(read_el2_ctx_hcx(el2_sysregs_ctx, hcrx_el2));
}
+
if (is_feat_tcr2_supported()) {
- write_tcr2_el2(read_ctx_reg(el2_sysregs_ctx, CTX_TCR2_EL2));
+ write_tcr2_el2(read_el2_ctx_tcr2(el2_sysregs_ctx, tcr2_el2));
}
+
if (is_feat_sxpie_supported()) {
- write_pire0_el2(read_ctx_reg(el2_sysregs_ctx, CTX_PIRE0_EL2));
- write_pir_el2(read_ctx_reg(el2_sysregs_ctx, CTX_PIR_EL2));
- }
- if (is_feat_s2pie_supported()) {
- write_s2pir_el2(read_ctx_reg(el2_sysregs_ctx, CTX_S2PIR_EL2));
+ write_pire0_el2(read_el2_ctx_sxpie(el2_sysregs_ctx, pire0_el2));
+ write_pir_el2(read_el2_ctx_sxpie(el2_sysregs_ctx, pir_el2));
}
+
if (is_feat_sxpoe_supported()) {
- write_por_el2(read_ctx_reg(el2_sysregs_ctx, CTX_POR_EL2));
+ write_por_el2(read_el2_ctx_sxpoe(el2_sysregs_ctx, por_el2));
}
+
+ if (is_feat_s2pie_supported()) {
+ write_s2pir_el2(read_el2_ctx_s2pie(el2_sysregs_ctx, s2pir_el2));
+ }
+
if (is_feat_gcs_supported()) {
- write_gcscr_el2(read_ctx_reg(el2_sysregs_ctx, CTX_GCSCR_EL2));
- write_gcspr_el2(read_ctx_reg(el2_sysregs_ctx, CTX_GCSPR_EL2));
+ write_gcscr_el2(read_el2_ctx_gcs(el2_sysregs_ctx, gcscr_el2));
+ write_gcspr_el2(read_el2_ctx_gcs(el2_sysregs_ctx, gcspr_el2));
}
}
#endif /* CTX_INCLUDE_EL2_REGS */
diff --git a/lib/extensions/pmuv3/aarch64/pmuv3.c b/lib/extensions/pmuv3/aarch64/pmuv3.c
index 61fc47d..71aa303 100644
--- a/lib/extensions/pmuv3/aarch64/pmuv3.c
+++ b/lib/extensions/pmuv3/aarch64/pmuv3.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -24,11 +24,11 @@
void pmuv3_enable(cpu_context_t *ctx)
{
#if CTX_INCLUDE_EL2_REGS
- u_register_t mdcr_el2;
+ u_register_t mdcr_el2_val;
- mdcr_el2 = read_ctx_reg(get_el2_sysregs_ctx(ctx), CTX_MDCR_EL2);
- mdcr_el2 = init_mdcr_el2_hpmn(mdcr_el2);
- write_ctx_reg(get_el2_sysregs_ctx(ctx), CTX_MDCR_EL2, mdcr_el2);
+ mdcr_el2_val = read_el2_ctx_common(get_el2_sysregs_ctx(ctx), mdcr_el2);
+ mdcr_el2_val = init_mdcr_el2_hpmn(mdcr_el2_val);
+ write_el2_ctx_common(get_el2_sysregs_ctx(ctx), mdcr_el2, mdcr_el2_val);
#endif /* CTX_INCLUDE_EL2_REGS */
}
diff --git a/lib/psa/dice_protection_environment.c b/lib/psa/dice_protection_environment.c
new file mode 100644
index 0000000..44a5848
--- /dev/null
+++ b/lib/psa/dice_protection_environment.c
@@ -0,0 +1,370 @@
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <qcbor/qcbor_decode.h>
+#include <qcbor/qcbor_encode.h>
+#include <qcbor/qcbor_spiffy_decode.h>
+
+#include <common/debug.h>
+#include <dice.h>
+#include <dice_protection_environment.h>
+#include <psa/client.h>
+#include <psa_manifest/sid.h>
+
+enum dpe_command_id_t {
+ /* Standard commands */
+ DPE_GET_PROFILE = 1,
+ DPE_OPEN_SESSION = 2,
+ DPE_CLOSE_SESSION = 3,
+ DPE_SYNC_SESSION = 4,
+ DPE_EXPORT_SESSION = 5,
+ DPE_IMPORT_SESSION = 6,
+ DPE_INITIALIZE_CONTEXT = 7,
+ DPE_DERIVE_CONTEXT = 8,
+ DPE_CERTIFY_KEY = 9,
+ DPE_SIGN = 10,
+ DPE_SEAL = 11,
+ DPE_UNSEAL = 12,
+ DPE_DERIVE_SEALING_PUBLIC_KEY = 13,
+ DPE_ROTATE_CONTEXT_HANDLE = 14,
+ DPE_DESTROY_CONTEXT = 15,
+};
+
+enum dice_input_labels_t {
+ DICE_CODE_HASH = 1,
+ DICE_CODE_DESCRIPTOR = 2,
+ DICE_CONFIG_TYPE = 3,
+ DICE_CONFIG_VALUE = 4,
+ DICE_CONFIG_DESCRIPTOR = 5,
+ DICE_AUTHORITY_HASH = 6,
+ DICE_AUTHORITY_DESCRIPTOR = 7,
+ DICE_MODE = 8,
+ DICE_HIDDEN = 9,
+};
+
+enum dpe_derive_context_input_labels_t {
+ DPE_DERIVE_CONTEXT_CONTEXT_HANDLE = 1,
+ DPE_DERIVE_CONTEXT_RETAIN_PARENT_CONTEXT = 2,
+ DPE_DERIVE_CONTEXT_ALLOW_NEW_CONTEXT_TO_DERIVE = 3,
+ DPE_DERIVE_CONTEXT_CREATE_CERTIFICATE = 4,
+ DPE_DERIVE_CONTEXT_NEW_SESSION_INITIATOR_HANDSHAKE = 5,
+ DPE_DERIVE_CONTEXT_INPUT_DATA = 6,
+ DPE_DERIVE_CONTEXT_INTERNAL_INPUTS = 7,
+ DPE_DERIVE_CONTEXT_TARGET_LOCALITY = 8,
+ DPE_DERIVE_CONTEXT_RETURN_CERTIFICATE = 9,
+ DPE_DERIVE_CONTEXT_ALLOW_NEW_CONTEXT_TO_EXPORT = 10,
+ DPE_DERIVE_CONTEXT_EXPORT_CDI = 11,
+ /* enum values 256 and onwards are reserved for custom arguments */
+ DPE_DERIVE_CONTEXT_CERT_ID = 256,
+};
+
+enum dpe_derive_context_output_labels_t {
+ DPE_DERIVE_CONTEXT_NEW_CONTEXT_HANDLE = 1,
+ DPE_DERIVE_CONTEXT_NEW_SESSION_RESPONDER_HANDSHAKE = 2,
+ DPE_DERIVE_CONTEXT_PARENT_CONTEXT_HANDLE = 3,
+ DPE_DERIVE_CONTEXT_NEW_CERTIFICATE = 4,
+ DPE_DERIVE_CONTEXT_EXPORTED_CDI = 5,
+};
+
+struct derive_context_input_t {
+ int context_handle;
+ uint32_t cert_id;
+ bool retain_parent_context;
+ bool allow_new_context_to_derive;
+ bool create_certificate;
+ const DiceInputValues *dice_inputs;
+ int32_t target_locality;
+ bool return_certificate;
+ bool allow_new_context_to_export;
+ bool export_cdi;
+};
+
+struct derive_context_output_t {
+ int new_context_handle;
+ int new_parent_context_handle;
+ const uint8_t *new_certificate;
+ size_t new_certificate_size;
+ const uint8_t *exported_cdi;
+ size_t exported_cdi_size;
+};
+
+static void encode_dice_inputs(QCBOREncodeContext *encode_ctx,
+ const DiceInputValues *input)
+{
+ /* Wrap the DICE inputs into a byte string */
+ QCBOREncode_BstrWrapInMapN(encode_ctx, DPE_DERIVE_CONTEXT_INPUT_DATA);
+
+ /* Inside the byte string the DICE inputs are encoded as a map */
+ QCBOREncode_OpenMap(encode_ctx);
+
+ QCBOREncode_AddBytesToMapN(encode_ctx, DICE_CODE_HASH,
+ (UsefulBufC) { input->code_hash,
+ sizeof(input->code_hash) });
+
+ QCBOREncode_AddBytesToMapN(encode_ctx, DICE_CODE_DESCRIPTOR,
+ (UsefulBufC) { input->code_descriptor,
+ input->code_descriptor_size });
+
+ QCBOREncode_AddInt64ToMapN(encode_ctx, DICE_CONFIG_TYPE,
+ input->config_type);
+
+ if (input->config_type == kDiceConfigTypeInline) {
+ QCBOREncode_AddBytesToMapN(encode_ctx, DICE_CONFIG_VALUE,
+ (UsefulBufC) { input->config_value,
+ sizeof(input->config_value) });
+ } else {
+ QCBOREncode_AddBytesToMapN(encode_ctx, DICE_CONFIG_DESCRIPTOR,
+ (UsefulBufC) { input->config_descriptor,
+ input->config_descriptor_size });
+ }
+
+ QCBOREncode_AddBytesToMapN(encode_ctx, DICE_AUTHORITY_HASH,
+ (UsefulBufC) { input->authority_hash,
+ sizeof(input->authority_hash) });
+
+ QCBOREncode_AddBytesToMapN(encode_ctx, DICE_AUTHORITY_DESCRIPTOR,
+ (UsefulBufC) { input->authority_descriptor,
+ input->authority_descriptor_size });
+
+ QCBOREncode_AddInt64ToMapN(encode_ctx, DICE_MODE, input->mode);
+
+ QCBOREncode_AddBytesToMapN(encode_ctx, DICE_HIDDEN,
+ (UsefulBufC) { input->hidden,
+ sizeof(input->hidden) });
+
+ QCBOREncode_CloseMap(encode_ctx);
+ QCBOREncode_CloseBstrWrap2(encode_ctx, true, NULL);
+}
+
+static QCBORError encode_derive_context(const struct derive_context_input_t *args,
+ UsefulBuf buf,
+ UsefulBufC *encoded_buf)
+{
+ QCBOREncodeContext encode_ctx;
+
+ QCBOREncode_Init(&encode_ctx, buf);
+
+ QCBOREncode_OpenArray(&encode_ctx);
+ QCBOREncode_AddUInt64(&encode_ctx, DPE_DERIVE_CONTEXT);
+
+ /* Encode DeriveContext command */
+ QCBOREncode_OpenMap(&encode_ctx);
+ QCBOREncode_AddBytesToMapN(&encode_ctx,
+ DPE_DERIVE_CONTEXT_CONTEXT_HANDLE,
+ (UsefulBufC) { &args->context_handle,
+ sizeof(args->context_handle) });
+ QCBOREncode_AddUInt64ToMapN(&encode_ctx,
+ DPE_DERIVE_CONTEXT_CERT_ID,
+ args->cert_id);
+ QCBOREncode_AddBoolToMapN(&encode_ctx,
+ DPE_DERIVE_CONTEXT_RETAIN_PARENT_CONTEXT,
+ args->retain_parent_context);
+ QCBOREncode_AddBoolToMapN(&encode_ctx,
+ DPE_DERIVE_CONTEXT_ALLOW_NEW_CONTEXT_TO_DERIVE,
+ args->allow_new_context_to_derive);
+ QCBOREncode_AddBoolToMapN(&encode_ctx,
+ DPE_DERIVE_CONTEXT_CREATE_CERTIFICATE,
+ args->create_certificate);
+ encode_dice_inputs(&encode_ctx, args->dice_inputs);
+ QCBOREncode_AddBytesToMapN(&encode_ctx,
+ DPE_DERIVE_CONTEXT_TARGET_LOCALITY,
+ (UsefulBufC) { &args->target_locality,
+ sizeof(args->target_locality) });
+ QCBOREncode_AddBoolToMapN(&encode_ctx,
+ DPE_DERIVE_CONTEXT_RETURN_CERTIFICATE,
+ args->return_certificate);
+ QCBOREncode_AddBoolToMapN(&encode_ctx,
+ DPE_DERIVE_CONTEXT_ALLOW_NEW_CONTEXT_TO_EXPORT,
+ args->allow_new_context_to_export);
+ QCBOREncode_AddBoolToMapN(&encode_ctx,
+ DPE_DERIVE_CONTEXT_EXPORT_CDI,
+ args->export_cdi);
+ QCBOREncode_CloseMap(&encode_ctx);
+
+ QCBOREncode_CloseArray(&encode_ctx);
+
+ return QCBOREncode_Finish(&encode_ctx, encoded_buf);
+}
+
+static QCBORError decode_derive_context_response(UsefulBufC encoded_buf,
+ struct derive_context_output_t *args,
+ dpe_error_t *dpe_err)
+{
+ QCBORDecodeContext decode_ctx;
+ UsefulBufC out;
+ int64_t response_dpe_err;
+
+ QCBORDecode_Init(&decode_ctx, encoded_buf, QCBOR_DECODE_MODE_NORMAL);
+
+ QCBORDecode_EnterArray(&decode_ctx, NULL);
+
+ /* Get the error code from the response. DPE returns int32_t */
+ QCBORDecode_GetInt64(&decode_ctx, &response_dpe_err);
+ *dpe_err = (dpe_error_t)response_dpe_err;
+
+ /* Decode DeriveContext response if successful */
+ if (*dpe_err == DPE_NO_ERROR) {
+ QCBORDecode_EnterMap(&decode_ctx, NULL);
+
+ QCBORDecode_GetByteStringInMapN(&decode_ctx,
+ DPE_DERIVE_CONTEXT_NEW_CONTEXT_HANDLE,
+ &out);
+ if (out.len != sizeof(args->new_context_handle)) {
+ return QCBORDecode_Finish(&decode_ctx);
+ }
+ memcpy(&args->new_context_handle, out.ptr, out.len);
+
+ QCBORDecode_GetByteStringInMapN(&decode_ctx,
+ DPE_DERIVE_CONTEXT_PARENT_CONTEXT_HANDLE,
+ &out);
+ if (out.len != sizeof(args->new_parent_context_handle)) {
+ return QCBORDecode_Finish(&decode_ctx);
+ }
+ memcpy(&args->new_parent_context_handle, out.ptr, out.len);
+
+ QCBORDecode_GetByteStringInMapN(&decode_ctx,
+ DPE_DERIVE_CONTEXT_NEW_CERTIFICATE,
+ &out);
+ args->new_certificate = out.ptr;
+ args->new_certificate_size = out.len;
+
+ QCBORDecode_GetByteStringInMapN(&decode_ctx,
+ DPE_DERIVE_CONTEXT_EXPORTED_CDI,
+ &out);
+ args->exported_cdi = out.ptr;
+ args->exported_cdi_size = out.len;
+
+ QCBORDecode_ExitMap(&decode_ctx);
+ }
+
+ QCBORDecode_ExitArray(&decode_ctx);
+
+ return QCBORDecode_Finish(&decode_ctx);
+}
+
+static int32_t dpe_client_call(const char *cmd_input, size_t cmd_input_size,
+ char *cmd_output, size_t *cmd_output_size)
+{
+ int32_t err;
+
+ psa_invec in_vec[] = {
+ { cmd_input, cmd_input_size },
+ };
+ psa_outvec out_vec[] = {
+ { cmd_output, *cmd_output_size },
+ };
+
+ err = psa_call(RSS_DPE_SERVICE_HANDLE, 0,
+ in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
+
+ if (err == PSA_SUCCESS) {
+ *cmd_output_size = out_vec[0].len;
+ }
+
+ return err;
+}
+
+dpe_error_t dpe_derive_context(int context_handle,
+ uint32_t cert_id,
+ bool retain_parent_context,
+ bool allow_new_context_to_derive,
+ bool create_certificate,
+ const DiceInputValues *dice_inputs,
+ int32_t target_locality,
+ bool return_certificate,
+ bool allow_new_context_to_export,
+ bool export_cdi,
+ int *new_context_handle,
+ int *new_parent_context_handle,
+ uint8_t *new_certificate_buf,
+ size_t new_certificate_buf_size,
+ size_t *new_certificate_actual_size,
+ uint8_t *exported_cdi_buf,
+ size_t exported_cdi_buf_size,
+ size_t *exported_cdi_actual_size)
+{
+ int32_t service_err;
+ dpe_error_t dpe_err;
+ QCBORError qcbor_err;
+ UsefulBufC encoded_buf;
+ UsefulBuf_MAKE_STACK_UB(cmd_buf, 612);
+
+ const struct derive_context_input_t in_args = {
+ context_handle,
+ cert_id,
+ retain_parent_context,
+ allow_new_context_to_derive,
+ create_certificate,
+ dice_inputs,
+ target_locality,
+ return_certificate,
+ allow_new_context_to_export,
+ export_cdi,
+ };
+ struct derive_context_output_t out_args;
+
+ /*
+ * Validate the output params here because they are not sent to the
+ * service. Input params are validated by the DPE service.
+ */
+ if ((new_context_handle == NULL) ||
+ (retain_parent_context == true && new_parent_context_handle == NULL) ||
+ (return_certificate == true &&
+ (new_certificate_buf == NULL || new_certificate_actual_size == NULL)) ||
+ (export_cdi == true &&
+ (exported_cdi_buf == NULL || exported_cdi_actual_size == NULL))) {
+ return DPE_INVALID_ARGUMENT;
+ }
+
+ qcbor_err = encode_derive_context(&in_args, cmd_buf, &encoded_buf);
+ if (qcbor_err != QCBOR_SUCCESS) {
+ return DPE_INTERNAL_ERROR;
+ }
+
+ service_err = dpe_client_call(encoded_buf.ptr, encoded_buf.len,
+ cmd_buf.ptr, &cmd_buf.len);
+ if (service_err != 0) {
+ return DPE_INTERNAL_ERROR;
+ }
+
+ qcbor_err = decode_derive_context_response(UsefulBuf_Const(cmd_buf),
+ &out_args, &dpe_err);
+ if (qcbor_err != QCBOR_SUCCESS) {
+ return DPE_INTERNAL_ERROR;
+ } else if (dpe_err != DPE_NO_ERROR) {
+ return dpe_err;
+ }
+
+ /* Copy returned values into caller's memory */
+ *new_context_handle = out_args.new_context_handle;
+
+ if (retain_parent_context == true) {
+ *new_parent_context_handle = out_args.new_parent_context_handle;
+ }
+
+ if (return_certificate == true) {
+ if (out_args.new_certificate_size > new_certificate_buf_size) {
+ return DPE_INVALID_ARGUMENT;
+ }
+
+ memcpy(new_certificate_buf, out_args.new_certificate,
+ out_args.new_certificate_size);
+ *new_certificate_actual_size = out_args.new_certificate_size;
+ }
+
+ if (export_cdi == true) {
+ if (out_args.exported_cdi_size > exported_cdi_buf_size) {
+ return DPE_INVALID_ARGUMENT;
+ }
+
+ memcpy(exported_cdi_buf, out_args.exported_cdi,
+ out_args.exported_cdi_size);
+ *exported_cdi_actual_size = out_args.exported_cdi_size;
+ }
+
+ return DPE_NO_ERROR;
+}
diff --git a/lib/psa/measured_boot.c b/lib/psa/measured_boot.c
index 38990b5..ff1f45d 100644
--- a/lib/psa/measured_boot.c
+++ b/lib/psa/measured_boot.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -8,6 +8,7 @@
#include <string.h>
#include <common/debug.h>
+#include <drivers/measured_boot/metadata.h>
#include <measured_boot.h>
#include <psa/client.h>
#include <psa_manifest/sid.h>
diff --git a/lib/psa/measured_boot_private.h b/lib/psa/measured_boot_private.h
index 80d2c19..b8ca31d 100644
--- a/lib/psa/measured_boot_private.h
+++ b/lib/psa/measured_boot_private.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -10,6 +10,8 @@
#include <stdint.h>
+#include <drivers/measured_boot/metadata.h>
+
/* Measured boot message types that distinguish its services */
#define RSS_MEASURED_BOOT_READ 1001U
#define RSS_MEASURED_BOOT_EXTEND 1002U
diff --git a/licenses/LICENSE-APACHE-2.0.txt b/licenses/LICENSE-APACHE-2.0.txt
new file mode 100644
index 0000000..d645695
--- /dev/null
+++ b/licenses/LICENSE-APACHE-2.0.txt
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index 1802077..26d2a00 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -176,6 +176,9 @@
# Option to build TF with Measured Boot support
MEASURED_BOOT := 0
+# Option to enable the DICE Protection Environmnet as a Measured Boot backend
+DICE_PROTECTION_ENVIRONMENT :=0
+
# NS timer register save and restore
NS_TIMER_SWITCH := 0
@@ -351,6 +354,14 @@
# Disable Firmware update support by default
PSA_FWU_SUPPORT := 0
+# Enable image description in FWU metadata by default when PSA_FWU_SUPPORT
+# is enabled.
+ifeq ($(PSA_FWU_SUPPORT),1)
+PSA_FWU_METADATA_FW_STORE_DESC := 1
+else
+PSA_FWU_METADATA_FW_STORE_DESC := 0
+endif
+
# Dynamic Root of Trust for Measurement support
DRTM_SUPPORT := 0
diff --git a/package-lock.json b/package-lock.json
index 7753a38..e60c44e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -7,7 +7,6 @@
"": {
"name": "trusted-firmware-a",
"version": "2.10.0",
- "hasInstallScript": true,
"license": "BSD-3-Clause",
"devDependencies": {
"@commitlint/cli": "^19.0.0",
diff --git a/package.json b/package.json
index 43c897e..7ad5c58 100644
--- a/package.json
+++ b/package.json
@@ -5,7 +5,7 @@
"type": "module",
"private": true,
"scripts": {
- "postinstall": "husky install",
+ "prepare": "husky",
"release": "standard-version"
},
"engines": {
diff --git a/plat/allwinner/common/sunxi_bl31_setup.c b/plat/allwinner/common/sunxi_bl31_setup.c
index a32124a..1863292 100644
--- a/plat/allwinner/common/sunxi_bl31_setup.c
+++ b/plat/allwinner/common/sunxi_bl31_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -187,6 +187,7 @@
/* Change the DTB if the configuration requires so. */
sunxi_prepare_dtb(fdt);
+ console_flush();
console_switch_state(CONSOLE_FLAG_RUNTIME);
}
diff --git a/plat/arm/board/arm_fpga/platform.mk b/plat/arm/board/arm_fpga/platform.mk
index c9c248f..ec0b19e 100644
--- a/plat/arm/board/arm_fpga/platform.mk
+++ b/plat/arm/board/arm_fpga/platform.mk
@@ -127,8 +127,14 @@
$(eval $(call MAKE_S,$(BUILD_PLAT),plat/arm/board/arm_fpga/kernel_trampoline.S,bl31))
$(eval $(call MAKE_LD,$(BUILD_PLAT)/build_axf.ld,plat/arm/board/arm_fpga/build_axf.ld.S,bl31))
+ifeq ($($(ARCH)-ld-id),gnu-gcc)
+ PLAT_LDFLAGS += -Wl,--strip-debug
+else
+ PLAT_LDFLAGS += --strip-debug
+endif
+
bl31.axf: bl31 dtbs ${BUILD_PLAT}/rom_trampoline.o ${BUILD_PLAT}/kernel_trampoline.o ${BUILD_PLAT}/build_axf.ld
$(ECHO) " LD $@"
- $(Q)$($(ARCH)-ld) -T ${BUILD_PLAT}/build_axf.ld -L ${BUILD_PLAT} --strip-debug -s -n -o ${BUILD_PLAT}/bl31.axf
+ $(Q)$($(ARCH)-ld) -T ${BUILD_PLAT}/build_axf.ld -L ${BUILD_PLAT} $(TF_LDFLAGS) $(PLAT_LDFLAGS) -s -n -o ${BUILD_PLAT}/bl31.axf
all: bl31.axf
diff --git a/plat/arm/board/fvp/fvp_bl1_measured_boot.c b/plat/arm/board/fvp/fvp_bl1_measured_boot.c
index 477ae27..f14dbff 100644
--- a/plat/arm/board/fvp/fvp_bl1_measured_boot.c
+++ b/plat/arm/board/fvp/fvp_bl1_measured_boot.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,6 +7,7 @@
#include <stdint.h>
#include <drivers/measured_boot/event_log/event_log.h>
+#include <drivers/measured_boot/metadata.h>
#include <plat/arm/common/plat_arm.h>
#include <tools_share/zero_oid.h>
@@ -15,9 +16,9 @@
/* FVP table with platform specific image IDs, names and PCRs */
const event_log_metadata_t fvp_event_log_metadata[] = {
- { FW_CONFIG_ID, EVLOG_FW_CONFIG_STRING, PCR_0 },
- { TB_FW_CONFIG_ID, EVLOG_TB_FW_CONFIG_STRING, PCR_0 },
- { BL2_IMAGE_ID, EVLOG_BL2_STRING, PCR_0 },
+ { FW_CONFIG_ID, MBOOT_FW_CONFIG_STRING, PCR_0 },
+ { TB_FW_CONFIG_ID, MBOOT_TB_FW_CONFIG_STRING, PCR_0 },
+ { BL2_IMAGE_ID, MBOOT_BL2_IMAGE_STRING, PCR_0 },
{ EVLOG_INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */
};
diff --git a/plat/arm/board/fvp/fvp_bl2_measured_boot.c b/plat/arm/board/fvp/fvp_bl2_measured_boot.c
index 369bcb4..8bf7dad 100644
--- a/plat/arm/board/fvp/fvp_bl2_measured_boot.c
+++ b/plat/arm/board/fvp/fvp_bl2_measured_boot.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -8,6 +8,7 @@
#include <common/tbbr/tbbr_img_def.h>
#include <drivers/measured_boot/event_log/event_log.h>
+#include <drivers/measured_boot/metadata.h>
#if defined(ARM_COT_cca)
#include <tools_share/cca_oid.h>
#else
@@ -28,27 +29,27 @@
/* FVP table with platform specific image IDs, names and PCRs */
const event_log_metadata_t fvp_event_log_metadata[] = {
- { BL31_IMAGE_ID, EVLOG_BL31_STRING, PCR_0 },
- { BL32_IMAGE_ID, EVLOG_BL32_STRING, PCR_0 },
- { BL32_EXTRA1_IMAGE_ID, EVLOG_BL32_EXTRA1_STRING, PCR_0 },
- { BL32_EXTRA2_IMAGE_ID, EVLOG_BL32_EXTRA2_STRING, PCR_0 },
- { BL33_IMAGE_ID, EVLOG_BL33_STRING, PCR_0 },
- { HW_CONFIG_ID, EVLOG_HW_CONFIG_STRING, PCR_0 },
- { NT_FW_CONFIG_ID, EVLOG_NT_FW_CONFIG_STRING, PCR_0 },
- { SCP_BL2_IMAGE_ID, EVLOG_SCP_BL2_STRING, PCR_0 },
- { SOC_FW_CONFIG_ID, EVLOG_SOC_FW_CONFIG_STRING, PCR_0 },
- { TOS_FW_CONFIG_ID, EVLOG_TOS_FW_CONFIG_STRING, PCR_0 },
- { RMM_IMAGE_ID, EVLOG_RMM_STRING, PCR_0},
+ { BL31_IMAGE_ID, MBOOT_BL31_IMAGE_STRING, PCR_0 },
+ { BL32_IMAGE_ID, MBOOT_BL32_IMAGE_STRING, PCR_0 },
+ { BL32_EXTRA1_IMAGE_ID, MBOOT_BL32_EXTRA1_IMAGE_STRING, PCR_0 },
+ { BL32_EXTRA2_IMAGE_ID, MBOOT_BL32_EXTRA2_IMAGE_STRING, PCR_0 },
+ { BL33_IMAGE_ID, MBOOT_BL33_IMAGE_STRING, PCR_0 },
+ { HW_CONFIG_ID, MBOOT_HW_CONFIG_STRING, PCR_0 },
+ { NT_FW_CONFIG_ID, MBOOT_NT_FW_CONFIG_STRING, PCR_0 },
+ { SCP_BL2_IMAGE_ID, MBOOT_SCP_BL2_IMAGE_STRING, PCR_0 },
+ { SOC_FW_CONFIG_ID, MBOOT_SOC_FW_CONFIG_STRING, PCR_0 },
+ { TOS_FW_CONFIG_ID, MBOOT_TOS_FW_CONFIG_STRING, PCR_0 },
+ { RMM_IMAGE_ID, MBOOT_RMM_IMAGE_STRING, PCR_0},
#if defined(SPD_spmd)
- { SP_PKG1_ID, EVLOG_SP1_STRING, PCR_0 },
- { SP_PKG2_ID, EVLOG_SP2_STRING, PCR_0 },
- { SP_PKG3_ID, EVLOG_SP3_STRING, PCR_0 },
- { SP_PKG4_ID, EVLOG_SP4_STRING, PCR_0 },
- { SP_PKG5_ID, EVLOG_SP5_STRING, PCR_0 },
- { SP_PKG6_ID, EVLOG_SP6_STRING, PCR_0 },
- { SP_PKG7_ID, EVLOG_SP7_STRING, PCR_0 },
- { SP_PKG8_ID, EVLOG_SP8_STRING, PCR_0 },
+ { SP_PKG1_ID, MBOOT_SP1_STRING, PCR_0 },
+ { SP_PKG2_ID, MBOOT_SP2_STRING, PCR_0 },
+ { SP_PKG3_ID, MBOOT_SP3_STRING, PCR_0 },
+ { SP_PKG4_ID, MBOOT_SP4_STRING, PCR_0 },
+ { SP_PKG5_ID, MBOOT_SP5_STRING, PCR_0 },
+ { SP_PKG6_ID, MBOOT_SP6_STRING, PCR_0 },
+ { SP_PKG7_ID, MBOOT_SP7_STRING, PCR_0 },
+ { SP_PKG8_ID, MBOOT_SP8_STRING, PCR_0 },
#endif
{ CRITICAL_DATA_ID, EVLOG_CRITICAL_DATA_STRING, PCR_1 },
diff --git a/plat/arm/board/fvp/fvp_cpu_errata.mk b/plat/arm/board/fvp/fvp_cpu_errata.mk
index b8fa4ea..b26fa80 100644
--- a/plat/arm/board/fvp/fvp_cpu_errata.mk
+++ b/plat/arm/board/fvp/fvp_cpu_errata.mk
@@ -1,63 +1,32 @@
#
-# Copyright (c) 2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2023-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
-
-#/*
-# * TODO: below lines of code to be removed
-# * after abi and framework are synchronized
-# */
+# Flags to enable the cpu structures in the Errata ABI file
+# file: services/std_svc/errata_abi/errata_abi_main.c. This is specifically
+# for platforms that need to enable errata based on non-arm interconnect IP.
ifeq (${ERRATA_ABI_SUPPORT}, 1)
-# enable the cpu macros for errata abi interface
-ifeq (${ARCH}, aarch64)
-ifeq (${HW_ASSISTED_COHERENCY}, 0)
-CORTEX_A35_H_INC := 1
-CORTEX_A53_H_INC := 1
-CORTEX_A57_H_INC := 1
-CORTEX_A72_H_INC := 1
-CORTEX_A73_H_INC := 1
-$(eval $(call add_define, CORTEX_A35_H_INC))
-$(eval $(call add_define, CORTEX_A53_H_INC))
-$(eval $(call add_define, CORTEX_A57_H_INC))
-$(eval $(call add_define, CORTEX_A72_H_INC))
-$(eval $(call add_define, CORTEX_A73_H_INC))
-else
+ifeq (${ERRATA_NON_ARM_INTERCONNECT}, 1)
ifeq (${CTX_INCLUDE_AARCH32_REGS}, 0)
-CORTEX_A76_H_INC := 1
-CORTEX_A77_H_INC := 1
+CORTEX_A710_H_INC := 1
CORTEX_A78_H_INC := 1
-NEOVERSE_N1_H_INC := 1
-NEOVERSE_N2_H_INC := 1
-NEOVERSE_V1_H_INC := 1
CORTEX_A78_AE_H_INC := 1
-CORTEX_A510_H_INC := 1
-CORTEX_A710_H_INC := 1
-CORTEX_A715_H_INC := 1
CORTEX_A78C_H_INC := 1
-CORTEX_X2_H_INC := 1
-$(eval $(call add_define, CORTEX_A76_H_INC))
-$(eval $(call add_define, CORTEX_A77_H_INC))
+CORTEX_X3_H_INC := 1
+CORTEX_X4_H_INC := 1
+NEOVERSE_N2_H_INC := 1
+NEOVERSE_V1_H_INC := 1
+$(eval $(call add_define, CORTEX_A710_H_INC))
$(eval $(call add_define, CORTEX_A78_H_INC))
-$(eval $(call add_define, NEOVERSE_N1_H_INC))
-$(eval $(call add_define, NEOVERSE_N2_H_INC))
-$(eval $(call add_define, NEOVERSE_V1_H_INC))
$(eval $(call add_define, CORTEX_A78_AE_H_INC))
-$(eval $(call add_define, CORTEX_A510_H_INC))
-$(eval $(call add_define, CORTEX_A710_H_INC))
-$(eval $(call add_define, CORTEX_A715_H_INC))
$(eval $(call add_define, CORTEX_A78C_H_INC))
-$(eval $(call add_define, CORTEX_X2_H_INC))
-endif
-CORTEX_A55_H_INC := 1
-CORTEX_A75_H_INC := 1
-$(eval $(call add_define, CORTEX_A55_H_INC))
-$(eval $(call add_define, CORTEX_A75_H_INC))
+$(eval $(call add_define, CORTEX_X3_H_INC))
+$(eval $(call add_define, CORTEX_X4_H_INC))
+$(eval $(call add_define, NEOVERSE_N2_H_INC))
+$(eval $(call add_define, NEOVERSE_V1_H_INC))
endif
-else
-CORTEX_A32_H_INC := 1
-$(eval $(call add_define, CORTEX_A32_H_INC))
endif
endif
diff --git a/plat/arm/board/fvp/fvp_el3_spmc.c b/plat/arm/board/fvp/fvp_el3_spmc.c
index 6b44f63..c57a244 100644
--- a/plat/arm/board/fvp/fvp_el3_spmc.c
+++ b/plat/arm/board/fvp/fvp_el3_spmc.c
@@ -7,23 +7,14 @@
#include <platform_def.h>
-/*
- * On the FVP platform when using the EL3 SPMC implementation allocate the
- * datastore for tracking shared memory descriptors in the TZC DRAM section
- * to ensure sufficient storage can be allocated.
- * Provide an implementation of the accessor method to allow the datastore
- * details to be retrieved by the SPMC.
- * The SPMC will take care of initializing the memory region.
- */
+IMPORT_SYM(uintptr_t, __PLAT_SPMC_SHMEM_DATASTORE_START__, DATASTORE_BASE);
-#define PLAT_SPMC_SHMEM_DATASTORE_SIZE 512 * 1024
-
-__section(".arm_el3_tzc_dram") static uint8_t
+__section(".arm_el3_tzc_dram") __unused static uint8_t
plat_spmc_shmem_datastore[PLAT_SPMC_SHMEM_DATASTORE_SIZE];
int plat_spmc_shmem_datastore_get(uint8_t **datastore, size_t *size)
{
- *datastore = plat_spmc_shmem_datastore;
+ *datastore = (uint8_t *)DATASTORE_BASE;
*size = PLAT_SPMC_SHMEM_DATASTORE_SIZE;
return 0;
}
diff --git a/plat/arm/board/fvp/include/platform_def.h b/plat/arm/board/fvp/include/platform_def.h
index 4b69d66..bf567a4 100644
--- a/plat/arm/board/fvp/include/platform_def.h
+++ b/plat/arm/board/fvp/include/platform_def.h
@@ -99,6 +99,17 @@
FVP_DTB_DRAM_MAP_SIZE, \
MT_MEMORY | MT_RO | MT_NS)
+/*
+ * On the FVP platform when using the EL3 SPMC implementation allocate the
+ * datastore for tracking shared memory descriptors in the TZC DRAM section
+ * to ensure sufficient storage can be allocated.
+ * Provide an implementation of the accessor method to allow the datastore
+ * details to be retrieved by the SPMC.
+ * The SPMC will take care of initializing the memory region.
+ */
+
+#define PLAT_SPMC_SHMEM_DATASTORE_SIZE 512 * 1024
+
#if SPMC_AT_EL3
/*
* Number of Secure Partitions supported.
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index 35086e4..19c4d27 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -204,12 +204,15 @@
lib/cpus/aarch64/cortex_a78_ae.S \
lib/cpus/aarch64/cortex_a78c.S \
lib/cpus/aarch64/cortex_a710.S \
+ lib/cpus/aarch64/cortex_a715.S \
+ lib/cpus/aarch64/cortex_a720.S \
lib/cpus/aarch64/neoverse_n_common.S \
lib/cpus/aarch64/neoverse_n1.S \
lib/cpus/aarch64/neoverse_n2.S \
lib/cpus/aarch64/neoverse_v1.S \
lib/cpus/aarch64/neoverse_e1.S \
lib/cpus/aarch64/cortex_x2.S \
+ lib/cpus/aarch64/cortex_x4.S \
lib/cpus/aarch64/cortex_gelas.S \
lib/cpus/aarch64/nevis.S \
lib/cpus/aarch64/travis.S
diff --git a/plat/arm/board/neoverse_rd/common/ras/nrd_ras_cpu.c b/plat/arm/board/neoverse_rd/common/ras/nrd_ras_cpu.c
index 7f1c376..371bde6 100644
--- a/plat/arm/board/neoverse_rd/common/ras/nrd_ras_cpu.c
+++ b/plat/arm/board/neoverse_rd/common/ras/nrd_ras_cpu.c
@@ -95,39 +95,39 @@
CTX_TTBR1_EL1);
#if CTX_INCLUDE_EL2_REGS
- cpu_info->ErrCtxEl2Reg[0] = read_ctx_reg(get_el2_sysregs_ctx(ctx),
- CTX_ELR_EL2);
- cpu_info->ErrCtxEl2Reg[1] = read_ctx_reg(get_el2_sysregs_ctx(ctx),
- CTX_ESR_EL2);
- cpu_info->ErrCtxEl2Reg[2] = read_ctx_reg(get_el2_sysregs_ctx(ctx),
- CTX_FAR_EL2);
- cpu_info->ErrCtxEl2Reg[3] = read_ctx_reg(get_el2_sysregs_ctx(ctx),
- CTX_HACR_EL2);
- cpu_info->ErrCtxEl2Reg[4] = read_ctx_reg(get_el2_sysregs_ctx(ctx),
- CTX_HCR_EL2);
- cpu_info->ErrCtxEl2Reg[5] = read_ctx_reg(get_el2_sysregs_ctx(ctx),
- CTX_HPFAR_EL2);
- cpu_info->ErrCtxEl2Reg[6] = read_ctx_reg(get_el2_sysregs_ctx(ctx),
- CTX_MAIR_EL2);
- cpu_info->ErrCtxEl2Reg[7] = read_ctx_reg(get_el2_sysregs_ctx(ctx),
- CTX_SCTLR_EL2);
- cpu_info->ErrCtxEl2Reg[8] = read_ctx_reg(get_el2_sysregs_ctx(ctx),
- CTX_SP_EL2);
- cpu_info->ErrCtxEl2Reg[9] = read_ctx_reg(get_el2_sysregs_ctx(ctx),
- CTX_SPSR_EL2);
- cpu_info->ErrCtxEl2Reg[10] = read_ctx_reg(get_el2_sysregs_ctx(ctx),
- CTX_TCR_EL2);
- cpu_info->ErrCtxEl2Reg[11] = read_ctx_reg(get_el2_sysregs_ctx(ctx),
- CTX_TPIDR_EL2);
- cpu_info->ErrCtxEl2Reg[12] = read_ctx_reg(get_el2_sysregs_ctx(ctx),
- CTX_TTBR0_EL2);
- cpu_info->ErrCtxEl2Reg[13] = read_ctx_reg(get_el2_sysregs_ctx(ctx),
- CTX_VTCR_EL2);
- cpu_info->ErrCtxEl2Reg[14] = read_ctx_reg(get_el2_sysregs_ctx(ctx),
- CTX_VTTBR_EL2);
- cpu_info->ErrCtxEl2Reg[15] = read_ctx_reg(get_el2_sysregs_ctx(ctx),
- CTX_ESR_EL2);
-#endif
+ cpu_info->ErrCtxEl2Reg[0] = read_el2_ctx_common(get_el2_sysregs_ctx(ctx),
+ elr_el2);
+ cpu_info->ErrCtxEl2Reg[1] = read_el2_ctx_common(get_el2_sysregs_ctx(ctx),
+ esr_el2);
+ cpu_info->ErrCtxEl2Reg[2] = read_el2_ctx_common(get_el2_sysregs_ctx(ctx),
+ far_el2);
+ cpu_info->ErrCtxEl2Reg[3] = read_el2_ctx_common(get_el2_sysregs_ctx(ctx),
+ hacr_el2);
+ cpu_info->ErrCtxEl2Reg[4] = read_el2_ctx_common(get_el2_sysregs_ctx(ctx),
+ hcr_el2);
+ cpu_info->ErrCtxEl2Reg[5] = read_el2_ctx_common(get_el2_sysregs_ctx(ctx),
+ hpfar_el2);
+ cpu_info->ErrCtxEl2Reg[6] = read_el2_ctx_common(get_el2_sysregs_ctx(ctx),
+ mair_el2);
+ cpu_info->ErrCtxEl2Reg[7] = read_el2_ctx_common(get_el2_sysregs_ctx(ctx),
+ sctlr_el2);
+ cpu_info->ErrCtxEl2Reg[8] = read_el2_ctx_common(get_el2_sysregs_ctx(ctx),
+ sp_el2);
+ cpu_info->ErrCtxEl2Reg[9] = read_el2_ctx_common(get_el2_sysregs_ctx(ctx),
+ spsr_el2);
+ cpu_info->ErrCtxEl2Reg[10] = read_el2_ctx_common(get_el2_sysregs_ctx(ctx),
+ tcr_el2);
+ cpu_info->ErrCtxEl2Reg[11] = read_el2_ctx_common(get_el2_sysregs_ctx(ctx),
+ tpidr_el2);
+ cpu_info->ErrCtxEl2Reg[12] = read_el2_ctx_common(get_el2_sysregs_ctx(ctx),
+ ttbr0_el2);
+ cpu_info->ErrCtxEl2Reg[13] = read_el2_ctx_common(get_el2_sysregs_ctx(ctx),
+ vtcr_el2);
+ cpu_info->ErrCtxEl2Reg[14] = read_el2_ctx_common(get_el2_sysregs_ctx(ctx),
+ vttbr_el2);
+ cpu_info->ErrCtxEl2Reg[15] = read_el2_ctx_common(get_el2_sysregs_ctx(ctx),
+ esr_el2);
+#endif /* CTX_INCLUDE_EL2_REGS */
cpu_info->ErrCtxEl3Reg[0] = read_ctx_reg(get_el3state_ctx(ctx),
CTX_ELR_EL3);
diff --git a/plat/arm/board/tc/fdts/dice_prot_env.dtsi b/plat/arm/board/tc/fdts/dice_prot_env.dtsi
new file mode 100644
index 0000000..118f995
--- /dev/null
+++ b/plat/arm/board/tc/fdts/dice_prot_env.dtsi
@@ -0,0 +1,11 @@
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/* DICE Protection Environment Client Config */
+dice_protection_environment: context_handle {
+ compatible = "arm,dpe_ctx_handle";
+ dpe_ctx_handle = <0x0>;
+};
diff --git a/plat/arm/board/tc/fdts/tc_fw_config.dts b/plat/arm/board/tc/fdts/tc_fw_config.dts
index 982da5b..b210e75 100644
--- a/plat/arm/board/tc/fdts/tc_fw_config.dts
+++ b/plat/arm/board/tc/fdts/tc_fw_config.dts
@@ -30,5 +30,10 @@
max-size = <PLAT_HW_CONFIG_DTB_SIZE>;
id = <HW_CONFIG_ID>;
};
+ nt_fw-config {
+ load-address = <0x0 (PLAT_HW_CONFIG_DTB_BASE + PLAT_HW_CONFIG_DTB_SIZE)>;
+ max-size = <0x1000>;
+ id = <NT_FW_CONFIG_ID>;
+ };
};
};
diff --git a/plat/arm/board/tc/fdts/tc_nt_fw_config.dts b/plat/arm/board/tc/fdts/tc_nt_fw_config.dts
new file mode 100644
index 0000000..bb3086d
--- /dev/null
+++ b/plat/arm/board/tc/fdts/tc_nt_fw_config.dts
@@ -0,0 +1,13 @@
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/dts-v1/;
+
+/ {
+#if DICE_PROTECTION_ENVIRONMENT
+ #include "dice_prot_env.dtsi"
+#endif
+};
diff --git a/plat/arm/board/tc/fdts/tc_tb_fw_config.dts b/plat/arm/board/tc/fdts/tc_tb_fw_config.dts
index c58f17b..cb741a3 100644
--- a/plat/arm/board/tc/fdts/tc_tb_fw_config.dts
+++ b/plat/arm/board/tc/fdts/tc_tb_fw_config.dts
@@ -82,4 +82,7 @@
#endif
#endif /* ARM_BL2_SP_LIST_DTS */
};
+#if DICE_PROTECTION_ENVIRONMENT
+ #include "dice_prot_env.dtsi"
+#endif
};
diff --git a/plat/arm/board/tc/include/platform_def.h b/plat/arm/board/tc/include/platform_def.h
index a42e39d..f7a4807 100644
--- a/plat/arm/board/tc/include/platform_def.h
+++ b/plat/arm/board/tc/include/platform_def.h
@@ -32,6 +32,9 @@
* | DTB |
* | (32K) |
* 0x8000_8000 ------------------
+ * | NT_FW_CONFIG |
+ * | (4KB) |
+ * 0x8000_9000 ------------------
* | ... |
* 0xf8a0_0000 ------------------ TC_NS_FWU_BASE
* | FWU shmem |
diff --git a/plat/arm/board/tc/platform.mk b/plat/arm/board/tc/platform.mk
index 652a17e..2f23d80 100644
--- a/plat/arm/board/tc/platform.mk
+++ b/plat/arm/board/tc/platform.mk
@@ -137,14 +137,18 @@
# Add the FDT_SOURCES and options for Dynamic Config
FDT_SOURCES += ${TC_BASE}/fdts/${PLAT}_fw_config.dts \
- ${TC_BASE}/fdts/${PLAT}_tb_fw_config.dts
+ ${TC_BASE}/fdts/${PLAT}_tb_fw_config.dts \
+ ${TC_BASE}/fdts/${PLAT}_nt_fw_config.dts
FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
+FVP_NT_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_nt_fw_config.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG}))
+# Add the NT_FW_CONFIG to FIP and specify the same to certtool
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_NT_FW_CONFIG},--nt-fw-config,${FVP_NT_FW_CONFIG}))
ifeq (${SPD},spmd)
ifeq ($(ARM_SPMC_MANIFEST_DTS),)
@@ -170,27 +174,56 @@
# Include Measured Boot makefile before any Crypto library makefile.
# Crypto library makefile may need default definitions of Measured Boot build
# flags present in Measured Boot makefile.
+$(info Including rss_comms.mk)
ifeq (${MEASURED_BOOT},1)
- MEASURED_BOOT_MK := drivers/measured_boot/rss/rss_measured_boot.mk
- $(info Including ${MEASURED_BOOT_MK})
- include ${MEASURED_BOOT_MK}
- $(info Including rss_comms.mk)
- include drivers/arm/rss/rss_comms.mk
+ $(info Including rss_comms.mk)
+ include drivers/arm/rss/rss_comms.mk
- BL1_SOURCES += ${MEASURED_BOOT_SOURCES} \
+ BL1_SOURCES += ${RSS_COMMS_SOURCES}
+ BL2_SOURCES += ${RSS_COMMS_SOURCES}
+ PLAT_INCLUDES += -Iinclude/lib/psa
+
+ ifeq (${DICE_PROTECTION_ENVIRONMENT},1)
+ $(info Including qcbor.mk)
+ include drivers/measured_boot/rss/qcbor.mk
+ $(info Including dice_prot_env.mk)
+ include drivers/measured_boot/rss/dice_prot_env.mk
+
+ BL1_SOURCES += ${QCBOR_SOURCES} \
+ ${DPE_SOURCES} \
+ plat/arm/board/tc/tc_common_dpe.c \
+ plat/arm/board/tc/tc_bl1_dpe.c \
+ lib/psa/dice_protection_environment.c \
+ drivers/arm/css/sds/sds.c \
+ drivers/delay_timer/delay_timer.c \
+ drivers/delay_timer/generic_delay_timer.c
+
+ BL2_SOURCES += ${QCBOR_SOURCES} \
+ ${DPE_SOURCES} \
+ plat/arm/board/tc/tc_common_dpe.c \
+ plat/arm/board/tc/tc_bl2_dpe.c \
+ lib/psa/dice_protection_environment.c
+
+ PLAT_INCLUDES += -I${QCBOR_INCLUDES} \
+ -Iinclude/lib/dice
+ else
+ $(info Including rss_measured_boot.mk)
+ include drivers/measured_boot/rss/rss_measured_boot.mk
+
+ BL1_SOURCES += ${MEASURED_BOOT_SOURCES} \
plat/arm/board/tc/tc_common_measured_boot.c \
plat/arm/board/tc/tc_bl1_measured_boot.c \
- lib/psa/measured_boot.c \
- ${RSS_COMMS_SOURCES}
+ lib/psa/measured_boot.c
- BL2_SOURCES += ${MEASURED_BOOT_SOURCES} \
+ BL2_SOURCES += ${MEASURED_BOOT_SOURCES} \
plat/arm/board/tc/tc_common_measured_boot.c \
plat/arm/board/tc/tc_bl2_measured_boot.c \
- lib/psa/measured_boot.c \
- ${RSS_COMMS_SOURCES}
-
-PLAT_INCLUDES += -Iinclude/lib/psa
+ lib/psa/measured_boot.c
+ endif
+endif
+ifeq (${TRNG_SUPPORT},1)
+ BL31_SOURCES += plat/arm/board/tc/tc_trng.c
endif
ifneq (${PLATFORM_TEST},)
diff --git a/plat/arm/board/tc/tc_bl1_dpe.c b/plat/arm/board/tc/tc_bl1_dpe.c
new file mode 100644
index 0000000..dc60fb6
--- /dev/null
+++ b/plat/arm/board/tc/tc_bl1_dpe.c
@@ -0,0 +1,138 @@
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stdint.h>
+
+#include <common/debug.h>
+#include <drivers/arm/css/sds.h>
+#include <drivers/arm/rss_comms.h>
+#include <drivers/delay_timer.h>
+#include <drivers/generic_delay_timer.h>
+#include <drivers/measured_boot/metadata.h>
+#include <drivers/measured_boot/rss/dice_prot_env.h>
+#include <plat/arm/common/plat_arm.h>
+#include <plat/common/platform.h>
+#include <platform_def.h>
+#include <tools_share/zero_oid.h>
+
+#include "tc_dpe_cert.h"
+
+struct dpe_metadata tc_dpe_metadata[] = {
+ {
+ .id = FW_CONFIG_ID,
+ .cert_id = DPE_AP_FW_CERT_ID,
+ .signer_id_size = SIGNER_ID_MIN_SIZE,
+ .sw_type = MBOOT_FW_CONFIG_STRING,
+ .allow_new_context_to_derive = false,
+ .retain_parent_context = true,
+ .create_certificate = false,
+ .pk_oid = ZERO_OID },
+ {
+ .id = TB_FW_CONFIG_ID,
+ .cert_id = DPE_AP_FW_CERT_ID,
+ .signer_id_size = SIGNER_ID_MIN_SIZE,
+ .sw_type = MBOOT_TB_FW_CONFIG_STRING,
+ .allow_new_context_to_derive = false,
+ .retain_parent_context = true,
+ .create_certificate = false,
+ .pk_oid = ZERO_OID },
+ {
+ .id = BL2_IMAGE_ID,
+ .cert_id = DPE_AP_FW_CERT_ID,
+ .signer_id_size = SIGNER_ID_MIN_SIZE,
+ .sw_type = MBOOT_BL2_IMAGE_STRING,
+ .allow_new_context_to_derive = true,
+ .retain_parent_context = false,
+ .create_certificate = false,
+ .pk_oid = ZERO_OID },
+ {
+ .id = DPE_INVALID_ID }
+};
+
+/* Effective timeout of 10000 ms */
+#define RSS_DPE_BOOT_10US_RETRIES 1000000
+#define TC2_SDS_DPE_CTX_HANDLE_STRUCT_ID 0x0000000A
+
+/* Context handle is meant to be used by BL2. Sharing it via TB_FW_CONFIG */
+static int new_ctx_handle;
+
+void plat_dpe_share_context_handle(int *ctx_handle)
+{
+ new_ctx_handle = *ctx_handle;
+}
+
+void plat_dpe_get_context_handle(int *ctx_handle)
+{
+ int retry = RSS_DPE_BOOT_10US_RETRIES;
+ int ret;
+
+ /* Initialize System level generic or SP804 timer */
+ generic_delay_timer_init();
+
+ /* Check the initialization of the Shared Data Storage area between RSS
+ * and AP. Since AP_BL1 is executed first then a bit later the RSS
+ * runtime, which initialize this area, therefore AP needs to check it
+ * in a loop until it gets written by RSS Secure Runtime.
+ */
+ VERBOSE("Waiting for DPE service initialization in RSS Secure Runtime\n");
+ while (retry > 0) {
+ ret = sds_init(SDS_RSS_AP_REGION_ID);
+ if (ret != SDS_OK) {
+ udelay(10);
+ retry--;
+ } else {
+ break;
+ }
+ }
+
+ if (retry == 0) {
+ ERROR("DPE init timeout\n");
+ plat_panic_handler();
+ } else {
+ VERBOSE("DPE init succeeded in %dms.\n",
+ (RSS_DPE_BOOT_10US_RETRIES - retry) / 100);
+ }
+
+ /* TODO: call this in a loop to avoid reading unfinished data */
+ ret = sds_struct_read(SDS_RSS_AP_REGION_ID,
+ TC2_SDS_DPE_CTX_HANDLE_STRUCT_ID,
+ 0,
+ ctx_handle,
+ sizeof(*ctx_handle),
+ SDS_ACCESS_MODE_NON_CACHED);
+ if (ret != SDS_OK) {
+ ERROR("Unable to get DPE context handle from SDS area\n");
+ plat_panic_handler();
+ }
+
+ VERBOSE("Received DPE context handle: 0x%x\n", *ctx_handle);
+}
+
+void bl1_plat_mboot_init(void)
+{
+ /* Initialize the communication channel between AP and RSS */
+ (void)rss_comms_init(PLAT_RSS_AP_SND_MHU_BASE,
+ PLAT_RSS_AP_RCV_MHU_BASE);
+
+ dpe_init(tc_dpe_metadata);
+}
+
+void bl1_plat_mboot_finish(void)
+{
+ int rc;
+
+ VERBOSE("Share DPE context handle with BL2: 0x%x\n", new_ctx_handle);
+ rc = arm_set_tb_fw_info(&new_ctx_handle);
+ if (rc != 0) {
+ ERROR("Unable to set DPE context handle in TB_FW_CONFIG\n");
+ /*
+ * It is a fatal error because on TC platform, BL2 software
+ * assumes that a valid DPE context_handle is passed through
+ * the DTB object by BL1.
+ */
+ plat_panic_handler();
+ }
+}
diff --git a/plat/arm/board/tc/tc_bl1_measured_boot.c b/plat/arm/board/tc/tc_bl1_measured_boot.c
index 6821a6a..2e58954 100644
--- a/plat/arm/board/tc/tc_bl1_measured_boot.c
+++ b/plat/arm/board/tc/tc_bl1_measured_boot.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,8 +7,8 @@
#include <stdint.h>
#include <drivers/arm/rss_comms.h>
+#include <drivers/measured_boot/metadata.h>
#include <drivers/measured_boot/rss/rss_measured_boot.h>
-#include <lib/psa/measured_boot.h>
#include <tools_share/zero_oid.h>
#include <plat/arm/common/plat_arm.h>
@@ -22,21 +22,21 @@
.id = FW_CONFIG_ID,
.slot = U(6),
.signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_FW_CONFIG_STRING,
+ .sw_type = MBOOT_FW_CONFIG_STRING,
.pk_oid = ZERO_OID,
.lock_measurement = true },
{
.id = TB_FW_CONFIG_ID,
.slot = U(7),
.signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_TB_FW_CONFIG_STRING,
+ .sw_type = MBOOT_TB_FW_CONFIG_STRING,
.pk_oid = ZERO_OID,
.lock_measurement = true },
{
.id = BL2_IMAGE_ID,
.slot = U(8),
.signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_BL2_STRING,
+ .sw_type = MBOOT_BL2_IMAGE_STRING,
.pk_oid = ZERO_OID,
.lock_measurement = true },
diff --git a/plat/arm/board/tc/tc_bl2_dpe.c b/plat/arm/board/tc/tc_bl2_dpe.c
new file mode 100644
index 0000000..e50508f
--- /dev/null
+++ b/plat/arm/board/tc/tc_bl2_dpe.c
@@ -0,0 +1,236 @@
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stdint.h>
+
+#include <common/debug.h>
+#include <drivers/arm/rss_comms.h>
+#include <drivers/measured_boot/metadata.h>
+#include <drivers/measured_boot/rss/dice_prot_env.h>
+#include <plat/arm/common/plat_arm.h>
+#include <plat/common/platform.h>
+#include <platform_def.h>
+#include <tools_share/tbbr_oid.h>
+
+#include "tc_dpe_cert.h"
+
+/*
+ * The content and the values of this array depends on:
+ * - build config: Which components are loaded: SPMD, TOS, SPx, etc ?
+ * - boot order: the last element in a layer should be treated differently.
+ */
+
+/*
+ * TODO:
+ * - The content of the array must be tailored according to the build
+ * config (TOS, SPMD, etc). All loaded components (executables and
+ * config blobs) must be present in this array.
+ * - Current content is according to the Trusty build config.
+ */
+struct dpe_metadata tc_dpe_metadata[] = {
+ {
+ .id = BL31_IMAGE_ID,
+ .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
+ .signer_id_size = SIGNER_ID_MIN_SIZE,
+ .sw_type = MBOOT_BL31_IMAGE_STRING,
+ .allow_new_context_to_derive = false,
+ .retain_parent_context = true,
+ .create_certificate = false,
+ .pk_oid = BL31_IMAGE_KEY_OID },
+ {
+ .id = BL32_IMAGE_ID,
+ .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
+ .signer_id_size = SIGNER_ID_MIN_SIZE,
+ .sw_type = MBOOT_BL32_IMAGE_STRING,
+ .allow_new_context_to_derive = false,
+ .retain_parent_context = true,
+ .create_certificate = false,
+ .pk_oid = BL32_IMAGE_KEY_OID },
+ {
+ .id = BL33_IMAGE_ID,
+ .cert_id = DPE_HYPERVISOR_CERT_ID,
+ .signer_id_size = SIGNER_ID_MIN_SIZE,
+ .sw_type = MBOOT_BL33_IMAGE_STRING,
+ .allow_new_context_to_derive = true,
+ .retain_parent_context = true,
+ .create_certificate = false,
+ .pk_oid = BL33_IMAGE_KEY_OID },
+
+ {
+ .id = HW_CONFIG_ID,
+ .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
+ .signer_id_size = SIGNER_ID_MIN_SIZE,
+ .sw_type = MBOOT_HW_CONFIG_STRING,
+ .allow_new_context_to_derive = false,
+ .retain_parent_context = true,
+ .create_certificate = false,
+ .pk_oid = HW_CONFIG_KEY_OID },
+ {
+ .id = NT_FW_CONFIG_ID,
+ .cert_id = DPE_HYPERVISOR_CERT_ID,
+ .signer_id_size = SIGNER_ID_MIN_SIZE,
+ .sw_type = MBOOT_NT_FW_CONFIG_STRING,
+ .allow_new_context_to_derive = false,
+ .retain_parent_context = true,
+ .create_certificate = false,
+ .pk_oid = NT_FW_CONFIG_KEY_OID },
+ {
+ .id = SCP_BL2_IMAGE_ID,
+ .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
+ .signer_id_size = SIGNER_ID_MIN_SIZE,
+ .sw_type = MBOOT_SCP_BL2_IMAGE_STRING,
+ .allow_new_context_to_derive = false,
+ .retain_parent_context = true,
+ .create_certificate = false,
+ .pk_oid = SCP_BL2_IMAGE_KEY_OID },
+ {
+ .id = SOC_FW_CONFIG_ID,
+ .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
+ .signer_id_size = SIGNER_ID_MIN_SIZE,
+ .sw_type = MBOOT_SOC_FW_CONFIG_STRING,
+ .allow_new_context_to_derive = false,
+ .retain_parent_context = true,
+ .create_certificate = false,
+ .pk_oid = SOC_FW_CONFIG_KEY_OID },
+ {
+ .id = TOS_FW_CONFIG_ID,
+ .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
+ .signer_id_size = SIGNER_ID_MIN_SIZE,
+ .sw_type = MBOOT_TOS_FW_CONFIG_STRING,
+ .allow_new_context_to_derive = false,
+ .retain_parent_context = true,
+ .create_certificate = false,
+ .pk_oid = TOS_FW_CONFIG_KEY_OID },
+#if defined(SPD_spmd)
+ {
+ .id = SP_PKG1_ID,
+ .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
+ .signer_id_size = SIGNER_ID_MIN_SIZE,
+ .sw_type = MBOOT_SP1_STRING,
+ .allow_new_context_to_derive = false,
+ .retain_parent_context = true,
+ .create_certificate = true, /* With Trusty only one SP is loaded */
+ .pk_oid = NULL },
+ {
+ .id = SP_PKG2_ID,
+ .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
+ .signer_id_size = SIGNER_ID_MIN_SIZE,
+ .sw_type = MBOOT_SP2_STRING,
+ .allow_new_context_to_derive = false,
+ .retain_parent_context = true,
+ .create_certificate = false,
+ .pk_oid = NULL },
+ {
+ .id = SP_PKG3_ID,
+ .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
+ .signer_id_size = SIGNER_ID_MIN_SIZE,
+ .sw_type = MBOOT_SP3_STRING,
+ .allow_new_context_to_derive = false,
+ .retain_parent_context = true,
+ .create_certificate = false,
+ .pk_oid = NULL },
+ {
+ .id = SP_PKG4_ID,
+ .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
+ .signer_id_size = SIGNER_ID_MIN_SIZE,
+ .sw_type = MBOOT_SP4_STRING,
+ .allow_new_context_to_derive = false,
+ .retain_parent_context = true,
+ .create_certificate = false,
+ .pk_oid = NULL },
+ {
+ .id = SP_PKG5_ID,
+ .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
+ .signer_id_size = SIGNER_ID_MIN_SIZE,
+ .sw_type = MBOOT_SP5_STRING,
+ .allow_new_context_to_derive = false,
+ .retain_parent_context = true,
+ .create_certificate = false,
+ .pk_oid = NULL },
+ {
+ .id = SP_PKG6_ID,
+ .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
+ .signer_id_size = SIGNER_ID_MIN_SIZE,
+ .sw_type = MBOOT_SP6_STRING,
+ .allow_new_context_to_derive = false,
+ .retain_parent_context = true,
+ .create_certificate = false,
+ .pk_oid = NULL },
+ {
+ .id = SP_PKG7_ID,
+ .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
+ .signer_id_size = SIGNER_ID_MIN_SIZE,
+ .sw_type = MBOOT_SP7_STRING,
+ .allow_new_context_to_derive = false,
+ .retain_parent_context = true,
+ .create_certificate = false,
+ .pk_oid = NULL },
+ {
+ .id = SP_PKG8_ID,
+ .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
+ .signer_id_size = SIGNER_ID_MIN_SIZE,
+ .sw_type = MBOOT_SP8_STRING,
+ .allow_new_context_to_derive = false,
+ .retain_parent_context = true,
+ .create_certificate = false,
+ .pk_oid = NULL },
+
+#endif
+ {
+ .id = DPE_INVALID_ID }
+};
+
+/* Context handle is meant to be used by BL33. Sharing it via NT_FW_CONFIG */
+static int new_ctx_handle;
+
+void plat_dpe_share_context_handle(int *ctx_handle)
+{
+ new_ctx_handle = *ctx_handle;
+}
+
+void plat_dpe_get_context_handle(int *ctx_handle)
+{
+ int rc;
+
+ rc = arm_get_tb_fw_info(ctx_handle);
+ if (rc != 0) {
+ ERROR("Unable to get DPE context handle from TB_FW_CONFIG\n");
+ /*
+ * It is a fatal error because on FVP platform, BL2 software
+ * assumes that a valid DPE context_handle is passed through
+ * the DTB object by BL1.
+ */
+ plat_panic_handler();
+ }
+
+ VERBOSE("Received DPE context handle: 0x%x\n", *ctx_handle);
+}
+
+void bl2_plat_mboot_init(void)
+{
+ /* Initialize the communication channel between AP and RSS */
+ (void)rss_comms_init(PLAT_RSS_AP_SND_MHU_BASE,
+ PLAT_RSS_AP_RCV_MHU_BASE);
+
+ dpe_init(tc_dpe_metadata);
+}
+
+void bl2_plat_mboot_finish(void)
+{
+ int rc;
+
+ VERBOSE("Share DPE context handle with BL33: 0x%x\n", new_ctx_handle);
+ rc = arm_set_nt_fw_info(&new_ctx_handle);
+ if (rc != 0) {
+ ERROR("Unable to set DPE context handle in NT_FW_CONFIG\n");
+ /*
+ * It is a fatal error because on TC platform, BL33 software
+ * assumes that a valid DPE context_handle is passed through
+ * the DTB object by BL2.
+ */
+ plat_panic_handler();
+ }
+}
diff --git a/plat/arm/board/tc/tc_bl2_measured_boot.c b/plat/arm/board/tc/tc_bl2_measured_boot.c
index 4b79170..fd80fdc 100644
--- a/plat/arm/board/tc/tc_bl2_measured_boot.c
+++ b/plat/arm/board/tc/tc_bl2_measured_boot.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,8 +7,8 @@
#include <stdint.h>
#include <drivers/arm/rss_comms.h>
+#include <drivers/measured_boot/metadata.h>
#include <drivers/measured_boot/rss/rss_measured_boot.h>
-#include <lib/psa/measured_boot.h>
#include <tools_share/tbbr_oid.h>
#include <plat/common/common_def.h>
@@ -22,21 +22,21 @@
.id = BL31_IMAGE_ID,
.slot = U(9),
.signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_BL31_STRING,
+ .sw_type = MBOOT_BL31_IMAGE_STRING,
.pk_oid = BL31_IMAGE_KEY_OID,
.lock_measurement = true },
{
.id = HW_CONFIG_ID,
.slot = U(10),
.signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_HW_CONFIG_STRING,
+ .sw_type = MBOOT_HW_CONFIG_STRING,
.pk_oid = HW_CONFIG_KEY_OID,
.lock_measurement = true },
{
.id = SOC_FW_CONFIG_ID,
.slot = U(11),
.signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_SOC_FW_CONFIG_STRING,
+ .sw_type = MBOOT_SOC_FW_CONFIG_STRING,
.pk_oid = SOC_FW_CONFIG_KEY_OID,
.lock_measurement = true },
{
diff --git a/plat/arm/board/tc/tc_bl31_setup.c b/plat/arm/board/tc/tc_bl31_setup.c
index d884366..5742d07 100644
--- a/plat/arm/board/tc/tc_bl31_setup.c
+++ b/plat/arm/board/tc/tc_bl31_setup.c
@@ -75,25 +75,6 @@
void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1,
u_register_t arg2, u_register_t arg3)
{
- /*
- * Pass the hw_config to BL33 in R0. You'll notice that
- * arm_bl31_early_platform_setup does something similar but only behind
- * ARM_LINUX_KERNEL_AS_BL33 and we want to pass the DTB even to a
- * bootloader. Lucky for us, it copies the ep_info BL2 gave us to BL33
- * unconditionally in the generic case so hijack that.
- * TODO: this goes away with firmware handoff when it will be proper
- */
-
- bl_params_node_t *bl_params = ((bl_params_t *)arg0)->head;
-
- while (bl_params != NULL) {
- if (bl_params->image_id == BL33_IMAGE_ID) {
- bl_params->ep_info->args.arg0 = arg2;
- break;
- }
- bl_params = bl_params->next_params_info;
- }
-
arm_bl31_early_platform_setup((void *)arg0, arg1, arg2, (void *)arg3);
/* Fill the properties struct with the info from the config dtb */
@@ -154,10 +135,10 @@
#if defined(SPD_spmd) && (SPMC_AT_EL3 == 0)
void tc_bl31_plat_runtime_setup(void)
{
- arm_bl31_plat_runtime_setup();
-
/* Start secure watchdog timer. */
plat_arm_secure_wdt_start();
+
+ arm_bl31_plat_runtime_setup();
}
void bl31_plat_runtime_setup(void)
diff --git a/plat/arm/board/tc/tc_common_dpe.c b/plat/arm/board/tc/tc_common_dpe.c
new file mode 100644
index 0000000..42b5468
--- /dev/null
+++ b/plat/arm/board/tc/tc_common_dpe.c
@@ -0,0 +1,36 @@
+
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <stdint.h>
+
+#include <common/desc_image_load.h>
+#include <drivers/measured_boot/rss/dice_prot_env.h>
+
+extern struct dpe_metadata tc_dpe_metadata[];
+
+int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data)
+{
+ int err;
+
+ /* Calculate image hash and record it in the DPE service in RSS. */
+ err = dpe_measure_and_record(tc_dpe_metadata,
+ image_data->image_base,
+ image_data->image_size,
+ image_id);
+ if (err != 0) {
+ ERROR("%s%s image id %u (%i)\n",
+ "Failed to ", "record in DPE", image_id, err);
+ }
+
+ return err;
+}
+
+int plat_mboot_measure_key(void *pk_oid, void *pk_ptr, unsigned int pk_len)
+{
+ return dpe_set_signer_id(tc_dpe_metadata, pk_oid, pk_ptr, pk_len);
+}
diff --git a/plat/arm/board/tc/tc_dpe_cert.h b/plat/arm/board/tc/tc_dpe_cert.h
new file mode 100644
index 0000000..25855ec
--- /dev/null
+++ b/plat/arm/board/tc/tc_dpe_cert.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef TC_DPE_CERT_H
+#define TC_DPE_CERT_H
+
+/*
+ * The certificate structure on the TC platform:
+ * - The arrows indicate the parent/child relationships (who loads who).
+ * - The boxes indicate the certificates.
+ *
+ * AP FW Cert.
+ * +--------------------------------+
+ * | |
+ * Plat Cert. | +->SPx | Hyper Cert.
+ * +--------------------------+ | +->SP1 | +--------------------+
+ * RoT Cert. | | | +->TOS_FW_CONF | | |
+ * +------------+ | +->SCP_BL1 +-----+-----+-->FW_CONF +->AP_BL32 | | +->PVMFW |
+ * | | | | | | | | | | | |
+ * | RSS_BL1_2--+-----+-->RSS_BL2------->AP_BL1--+-----+------------->AP_BL2------------+-----+-->AP_BL33 |
+ * | | | | | | | | | | | |
+ * +------------+ | +->RSS_S +-----+-----+-->TB_FW_CONF +->AP_BL31 | | +->HYPERVISOR |
+ * | +->RSS_NS | | +->SCP_BL2 | | |
+ * | | | +->HW_CONF | | |
+ * +--------------------------+ | +---------------+-----+-->NT_FW_CONF |
+ * | | | |
+ * +--------------------------------+ +--------------------+
+ */
+
+#define DPE_AP_FW_CERT_ID 0x300 /* Includes: FW_CONF - SP1 */
+#define DPE_HYPERVISOR_CERT_ID 0x400 /* Includes: AP_BL33 - PVMFW */
+
+/* Common definition */
+#define DPE_CERT_ID_SAME_AS_PARENT 0xFFFFFFFF
+
+#endif /* TC_DPE_CERT_H */
diff --git a/plat/arm/board/tc/tc_trng.c b/plat/arm/board/tc/tc_trng.c
new file mode 100644
index 0000000..e5ec48a
--- /dev/null
+++ b/plat/arm/board/tc/tc_trng.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2017-2024, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <arm_acle.h>
+#include <assert.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <string.h>
+
+#include <lib/mmio.h>
+#include <lib/smccc.h>
+#include <lib/utils_def.h>
+#include <plat/common/platform.h>
+#include <platform_def.h>
+#include <services/trng_svc.h>
+#include <smccc_helpers.h>
+
+DEFINE_SVC_UUID2(_plat_trng_uuid,
+ 0x23523c58, 0x7448, 0x4083, 0x9d, 0x16,
+ 0xe3, 0xfa, 0xb9, 0xf1, 0x73, 0xbc
+);
+uuid_t plat_trng_uuid;
+
+/* Dummy implementation */
+bool plat_get_entropy(uint64_t *out)
+{
+ *out = 0xABBAEDDAACDCDEAD;
+
+ return true;
+}
+
+void plat_entropy_setup(void)
+{
+ uint64_t dummy;
+
+ plat_trng_uuid = _plat_trng_uuid;
+
+ /* Initialise the entropy source and trigger RNG generation */
+ plat_get_entropy(&dummy);
+}
diff --git a/plat/arm/common/arm_bl31_setup.c b/plat/arm/common/arm_bl31_setup.c
index 8e90615..33043b7 100644
--- a/plat/arm/common/arm_bl31_setup.c
+++ b/plat/arm/common/arm_bl31_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -325,12 +325,9 @@
/*******************************************************************************
* Perform any BL31 platform runtime setup prior to BL31 exit common to ARM
* standard platforms
- * Perform BL31 platform setup
******************************************************************************/
void arm_bl31_plat_runtime_setup(void)
{
- console_switch_state(CONSOLE_FLAG_RUNTIME);
-
/* Initialize the runtime console */
arm_console_runtime_init();
@@ -394,6 +391,9 @@
void bl31_plat_runtime_setup(void)
{
arm_bl31_plat_runtime_setup();
+
+ console_flush();
+ console_switch_state(CONSOLE_FLAG_RUNTIME);
}
/*******************************************************************************
diff --git a/plat/arm/common/arm_dyn_cfg_helpers.c b/plat/arm/common/arm_dyn_cfg_helpers.c
index 5dc1115..d13be99 100644
--- a/plat/arm/common/arm_dyn_cfg_helpers.c
+++ b/plat/arm/common/arm_dyn_cfg_helpers.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -124,6 +124,150 @@
}
#if MEASURED_BOOT
+#if DICE_PROTECTION_ENVIRONMENT
+
+#include <common/desc_image_load.h>
+
+#define DTB_PROP_DPE_CTX_HANDLE "dpe_ctx_handle"
+
+static int arm_set_dpe_context_handle(uintptr_t config_base,
+ int *ctx_handle)
+{
+ /* As libfdt uses void *, we can't avoid this cast */
+ void *dtb = (void *)config_base;
+ const char *compatible = "arm,dpe_ctx_handle";
+ int err, node;
+
+ /*
+ * Verify that the DTB is valid, before attempting to write to it,
+ * and get the DTB root node.
+ */
+
+ /* Check if the pointer to DT is correct */
+ err = fdt_check_header(dtb);
+ if (err < 0) {
+ WARN("Invalid DTB file passed\n");
+ return err;
+ }
+
+ /* Assert the node offset point to compatible property */
+ node = fdt_node_offset_by_compatible(dtb, -1, compatible);
+ if (node < 0) {
+ WARN("The compatible property '%s' not%s", compatible,
+ " found in the config\n");
+ return node;
+ }
+
+ VERBOSE("Dyn cfg: '%s'%s", compatible, " found in the config\n");
+
+ err = fdtw_write_inplace_cells(dtb, node,
+ DTB_PROP_DPE_CTX_HANDLE, 1, ctx_handle);
+ if (err < 0) {
+ ERROR("%sDTB property '%s'\n",
+ "Unable to write ", DTB_PROP_DPE_CTX_HANDLE);
+ } else {
+ /*
+ * Ensure that the info written to the DTB is visible
+ * to other images.
+ */
+ flush_dcache_range(config_base, fdt_totalsize(dtb));
+ }
+
+ return err;
+}
+
+/*
+ * This function writes the DPE context handle value to the NT_FW_CONFIG DTB.
+ *
+ * This function is supposed to be called only by BL2.
+ *
+ * Returns:
+ * 0 = success
+ * < 0 = error
+ */
+int arm_set_nt_fw_info(int *ctx_handle)
+{
+ uintptr_t config_base;
+ const bl_mem_params_node_t *cfg_mem_params;
+
+ /* Get the config load address and size from NT_FW_CONFIG */
+ cfg_mem_params = get_bl_mem_params_node(NT_FW_CONFIG_ID);
+ assert(cfg_mem_params != NULL);
+
+ config_base = cfg_mem_params->image_info.image_base;
+
+ /* Write the context handle value in the DTB */
+ return arm_set_dpe_context_handle(config_base, ctx_handle);
+}
+
+/*
+ * This function writes the DPE context handle value to the TB_FW_CONFIG DTB.
+ *
+ * This function is supposed to be called only by BL1.
+ *
+ * Returns:
+ * 0 = success
+ * < 0 = error
+ */
+int arm_set_tb_fw_info(int *ctx_handle)
+{
+ /*
+ * Read tb_fw_config device tree for Event Log properties
+ * and write the Event Log address and its size in the DTB
+ */
+ const struct dyn_cfg_dtb_info_t *tb_fw_config_info;
+ uintptr_t tb_fw_cfg_dtb;
+
+ tb_fw_config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, TB_FW_CONFIG_ID);
+ assert(tb_fw_config_info != NULL);
+
+ tb_fw_cfg_dtb = tb_fw_config_info->config_addr;
+
+ /* Write the context handle value in the DTB */
+ return arm_set_dpe_context_handle(tb_fw_cfg_dtb, ctx_handle);
+}
+
+/*
+ * This function reads the initial DPE context handle from TB_FW_CONFIG DTB.
+ *
+ * This function is supposed to be called only by BL2.
+ *
+ * Returns:
+ * 0 = success
+ * < 0 = error
+ */
+
+int arm_get_tb_fw_info(int *ctx_handle)
+{
+ /* As libfdt uses void *, we can't avoid this cast */
+ const struct dyn_cfg_dtb_info_t *tb_fw_config_info;
+ int node, rc;
+
+ tb_fw_config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, TB_FW_CONFIG_ID);
+ assert(tb_fw_config_info != NULL);
+
+ void *dtb = (void *)tb_fw_config_info->config_addr;
+ const char *compatible = "arm,dpe_ctx_handle";
+
+ /* Assert the node offset point to compatible property */
+ node = fdt_node_offset_by_compatible(dtb, -1, compatible);
+ if (node < 0) {
+ WARN("The compatible property '%s'%s", compatible,
+ " not specified in TB_FW config.\n");
+ return node;
+ }
+
+ VERBOSE("Dyn cfg: '%s'%s", compatible, " found in the config\n");
+
+ rc = fdt_read_uint32(dtb, node, DTB_PROP_DPE_CTX_HANDLE, (uint32_t *)ctx_handle);
+ if (rc != 0) {
+ ERROR("%s%s", DTB_PROP_DPE_CTX_HANDLE,
+ " not specified in TB_FW config.\n");
+ }
+
+ return rc;
+}
+#else
/*
* Write the Event Log address and its size in the DTB.
*
@@ -393,4 +537,5 @@
return rc;
}
+#endif /* DICE_PROTECTION_ENVIRONMENT */
#endif /* MEASURED_BOOT */
diff --git a/plat/arm/common/plat_arm_sip_svc.c b/plat/arm/common/plat_arm_sip_svc.c
index d496d2e..d6341e2 100644
--- a/plat/arm/common/plat_arm_sip_svc.c
+++ b/plat/arm/common/plat_arm_sip_svc.c
@@ -111,11 +111,11 @@
#if (ENABLE_RME == 1) && (defined(SPD_spmd) && SPMD_SPM_AT_SEL2 == 1)
case PLAT_PROTECT_MEM_SMC64:
- INFO("Sip Call - Protect memory\n");
+ VERBOSE("Sip Call - Protect memory\n");
return plat_protect_memory(true, secure_origin, x1, x2, handle);
break;
case PLAT_UNPROTECT_MEM_SMC64:
- INFO("Sip Call - Unprotect memory\n");
+ VERBOSE("Sip Call - Unprotect memory\n");
return plat_protect_memory(false, secure_origin, x1, x2, handle);
break;
#endif
diff --git a/plat/common/aarch64/crash_console_helpers.S b/plat/common/aarch64/crash_console_helpers.S
index 75b4208..1a50091 100644
--- a/plat/common/aarch64/crash_console_helpers.S
+++ b/plat/common/aarch64/crash_console_helpers.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2024, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -100,7 +100,7 @@
* int plat_crash_console_putc(char c)
* Prints the character on all consoles registered with the console
* framework that have CONSOLE_FLAG_CRASH set. Note that this is only
- * helpful for crashes that occur after the platform intialization code
+ * helpful for crashes that occur after the platform initialization code
* has registered a console. Platforms using this implementation need to
* ensure that all console drivers they use that have the CRASH flag set
* support this (i.e. are written in assembly and comply to the register
diff --git a/plat/common/aarch64/plat_common.c b/plat/common/aarch64/plat_common.c
index ab99b15..19c4e48 100644
--- a/plat/common/aarch64/plat_common.c
+++ b/plat/common/aarch64/plat_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -35,6 +35,7 @@
void bl31_plat_runtime_setup(void)
{
+ console_flush();
console_switch_state(CONSOLE_FLAG_RUNTIME);
}
@@ -71,12 +72,19 @@
const char *get_el_str(unsigned int el)
{
- if (el == MODE_EL3) {
+ switch (el) {
+ case MODE_EL3:
return "EL3";
- } else if (el == MODE_EL2) {
+ case MODE_EL2:
return "EL2";
+ case MODE_EL1:
+ return "EL1";
+ case MODE_EL0:
+ return "EL0";
+ default:
+ assert(false);
+ return NULL;
}
- return "EL1";
}
#if FFH_SUPPORT
diff --git a/plat/common/plat_gicv3.c b/plat/common/plat_gicv3.c
index baa70e0..d0c7a31 100644
--- a/plat/common/plat_gicv3.c
+++ b/plat/common/plat_gicv3.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
* Portions copyright (c) 2021-2022, ProvenRun S.A.S. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -344,6 +344,11 @@
return gicv3_set_pmr(mask);
}
+unsigned int plat_ic_deactivate_priority(unsigned int mask)
+{
+ return gicv3_deactivate_priority(mask);
+}
+
unsigned int plat_ic_get_interrupt_id(unsigned int raw)
{
unsigned int id = raw & INT_ID_MASK;
diff --git a/plat/imx/imx8m/imx8m_measured_boot.c b/plat/imx/imx8m/imx8m_measured_boot.c
index bfcd6ce..159be00 100644
--- a/plat/imx/imx8m/imx8m_measured_boot.c
+++ b/plat/imx/imx8m/imx8m_measured_boot.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
* Copyright (c) 2022, Linaro.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -9,6 +9,7 @@
#include "./include/imx8m_measured_boot.h"
#include <drivers/measured_boot/event_log/event_log.h>
+#include <drivers/measured_boot/metadata.h>
#include <plat/arm/common/plat_arm.h>
/* Event Log data */
@@ -16,11 +17,11 @@
/* FVP table with platform specific image IDs, names and PCRs */
static const event_log_metadata_t imx8m_event_log_metadata[] = {
- { BL31_IMAGE_ID, EVLOG_BL31_STRING, PCR_0 },
- { BL32_IMAGE_ID, EVLOG_BL32_STRING, PCR_0 },
- { BL32_EXTRA1_IMAGE_ID, EVLOG_BL32_EXTRA1_STRING, PCR_0 },
- { BL32_EXTRA2_IMAGE_ID, EVLOG_BL32_EXTRA2_STRING, PCR_0 },
- { BL33_IMAGE_ID, EVLOG_BL33_STRING, PCR_0 },
+ { BL31_IMAGE_ID, MBOOT_BL31_IMAGE_STRING, PCR_0 },
+ { BL32_IMAGE_ID, MBOOT_BL32_IMAGE_STRING, PCR_0 },
+ { BL32_EXTRA1_IMAGE_ID, MBOOT_BL32_EXTRA1_IMAGE_STRING, PCR_0 },
+ { BL32_EXTRA2_IMAGE_ID, MBOOT_BL32_EXTRA2_IMAGE_STRING, PCR_0 },
+ { BL33_IMAGE_ID, MBOOT_BL33_IMAGE_STRING, PCR_0 },
{ EVLOG_INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */
};
diff --git a/plat/imx/imx8ulp/xrdc/xrdc_config.h b/plat/imx/imx8ulp/xrdc/xrdc_config.h
index 25edd37..d2af55c 100644
--- a/plat/imx/imx8ulp/xrdc/xrdc_config.h
+++ b/plat/imx/imx8ulp/xrdc/xrdc_config.h
@@ -116,13 +116,15 @@
struct xrdc_pac_msc_config imx8ulp_pdac[] = {
{ 0, PAC_SLOT_ALL, {0, 7, 0, 0, 0, 0, 0, 7} }, /* PAC0 */
+ { 0, 44, {0, 7, 7, 0, 0, 0, 0, 7} }, /* PAC0 slot 44 for CGC1 */
{ 0, 36, {0, 0, 0, 0, 0, 0, 7, 7} }, /* PAC0 slot 36 for CMC1 */
{ 0, 41, {0, 0, 0, 0, 0, 0, 7, 7} }, /* PAC0 slot 41 for SIM_AD */
{ 1, PAC_SLOT_ALL, {0, 7, 0, 0, 0, 0, 0, 7} }, /* PAC1 */
- { 1, 0, {0, 7, 0, 0, 0, 0, 7, 7} }, /* PAC1 slot 0 for PCC4 */
+ { 1, 0, {0, 7, 7, 0, 0, 0, 7, 7} }, /* PAC1 slot 0 for PCC4 */
{ 1, 6, {0, 7, 7, 0, 0, 0, 0, 7} }, /* PAC1 slot 6 for LPUART6 */
+ { 1, 7, {0, 7, 7, 0, 0, 0, 0, 7} }, /* PAC1 slot 7 for LPUART7 */
{ 1, 9, {0, 7, 7, 7, 0, 0, 0, 7} }, /* SAI5 for HIFI4 and eDMA2 */
- { 1, 12, {0, 7, 0, 0, 0, 0, 7, 7} }, /* PAC1 slot 12 for IOMUXC1 */
+ { 1, 12, {0, 7, 7, 0, 0, 0, 7, 7} }, /* PAC1 slot 12 for IOMUXC1 */
{ 2, PAC_SLOT_ALL, {7, 7, 7, 7, 0, 0, 7, 7} }, /* PAC2 */
};
diff --git a/plat/intel/soc/agilex5/bl31_plat_setup.c b/plat/intel/soc/agilex5/bl31_plat_setup.c
index 0d4f2cc..8d3928f 100644
--- a/plat/intel/soc/agilex5/bl31_plat_setup.c
+++ b/plat/intel/soc/agilex5/bl31_plat_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2019-2024, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2019-2023, Intel Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -182,7 +182,7 @@
/*******************************************************************************
* Perform the very early platform specific architectural setup here. At the
- * moment this is only intializes the mmu in a quick and dirty way.
+ * moment this is only initializes the mmu in a quick and dirty way.
******************************************************************************/
void bl31_plat_arch_setup(void)
{
diff --git a/plat/nuvoton/common/nuvoton_helpers.S b/plat/nuvoton/common/nuvoton_helpers.S
index 09035a1..9c78815 100644
--- a/plat/nuvoton/common/nuvoton_helpers.S
+++ b/plat/nuvoton/common/nuvoton_helpers.S
@@ -151,9 +151,9 @@
*/
bl plat_my_core_pos
lsl x0, x0, #3
- mov x8, x0
mov_imm x2, PLAT_NPCM_TM_HOLD_BASE
add x0, x0, x2
+ mov x8, x0
mov_imm x2, PLAT_NPCM_TRUSTED_NOTIFICATION_BASE
add x8, x8, x2
/*
diff --git a/plat/nuvoton/npcm845x/npcm845x_bl31_setup.c b/plat/nuvoton/npcm845x/npcm845x_bl31_setup.c
index 08448db..b8371d8 100644
--- a/plat/nuvoton/npcm845x/npcm845x_bl31_setup.c
+++ b/plat/nuvoton/npcm845x/npcm845x_bl31_setup.c
@@ -47,6 +47,20 @@
BL31_END - BL31_START, \
MT_MEMORY | MT_RW | EL3_PAS)
+#if RECLAIM_INIT_CODE
+IMPORT_SYM(unsigned long, __INIT_CODE_START__, BL_INIT_CODE_BASE);
+IMPORT_SYM(unsigned long, __INIT_CODE_END__, BL_CODE_END_UNALIGNED);
+
+#define BL_INIT_CODE_END ((BL_CODE_END_UNALIGNED + PAGE_SIZE - 1) & \
+ ~(PAGE_SIZE - 1))
+
+#define MAP_BL_INIT_CODE MAP_REGION_FLAT( \
+ BL_INIT_CODE_BASE, \
+ BL_INIT_CODE_END - \
+ BL_INIT_CODE_BASE, \
+ MT_CODE | MT_SECURE)
+#endif /* RECLAIM_INIT_CODE */
+
#if SEPARATE_NOBITS_REGION
#define MAP_BL31_NOBITS MAP_REGION_FLAT( \
BL31_NOBITS_BASE, \
@@ -117,6 +131,7 @@
void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1,
u_register_t arg2, u_register_t arg3)
{
+ arg0 = arg1 = arg2 = arg3 = 0;
#if RESET_TO_BL31
void *from_bl2 = (void *)arg0;
void *plat_params_from_bl2 = (void *)arg3;
@@ -309,26 +324,23 @@
{
const mmap_region_t bl_regions[] = {
MAP_BL31_TOTAL,
-#if SEPARATE_NOBITS_REGION
- MAP_BL31_NOBITS,
-#endif /* SEPARATE_NOBITS_REGION */
+#if RECLAIM_INIT_CODE
+ MAP_BL_INIT_CODE_NOT_USED,
+#endif /* RECLAIM_INIT_CODE */
ARM_MAP_BL_RO,
-#if USE_ROMLIB
- ARM_MAP_ROMLIB_CODE,
- ARM_MAP_ROMLIB_DATA,
-#endif /* USE_ROMLIB */
#if USE_COHERENT_MEM
ARM_MAP_BL_COHERENT_RAM,
#endif /* USE_COHERENT_MEM */
ARM_MAP_SHARED_RAM,
#ifdef SECONDARY_BRINGUP
- ARM_MAP_NS_DRAM1,
+ ARM_MAP_NS_DRAM1_NO_USED,
#ifdef BL32_BASE
- ARM_MAP_BL32_CORE_MEM
+ ARM_MAP_BL32_CORE_MEM_NO_USED
#endif /* BL32_BASE */
#endif /* SECONDARY_BRINGUP */
{0}
};
setup_page_tables(bl_regions, plat_arm_get_mmap());
enable_mmu_el3(0U);
+ NOTICE("Done enabling MMU\n");
}
diff --git a/plat/nuvoton/npcm845x/platform.mk b/plat/nuvoton/npcm845x/platform.mk
index 92c7e2f..1959aac 100644
--- a/plat/nuvoton/npcm845x/platform.mk
+++ b/plat/nuvoton/npcm845x/platform.mk
@@ -12,6 +12,7 @@
SPMD_SPM_AT_SEL2 := 0
#temporary until the RAM size is reduced
USE_COHERENT_MEM := 1
+INIT_UNUSED_NS_EL2 := 1
$(eval $(call add_define,RESET_TO_BL31))
@@ -21,12 +22,29 @@
# Trusted DRAM (if available) or the TZC secured area of DRAM.
# TZC secured DRAM is the default.
+ARM_TSP_RAM_LOCATION ?= dram
+
+ifeq (${ARM_TSP_RAM_LOCATION}, tsram)
+ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_SRAM_ID
+else ifeq (${ARM_TSP_RAM_LOCATION}, tdram)
+ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_DRAM_ID
+else ifeq (${ARM_TSP_RAM_LOCATION}, dram)
+ARM_TSP_RAM_LOCATION_ID = ARM_DRAM_ID
+else
+$(error "Unsupported ARM_TSP_RAM_LOCATION value")
+endif
+
+# Process flags
# Process ARM_BL31_IN_DRAM flag
ARM_BL31_IN_DRAM := 0
$(eval $(call assert_boolean,ARM_BL31_IN_DRAM))
$(eval $(call add_define,ARM_BL31_IN_DRAM))
+else
+ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_SRAM_ID
endif
+$(eval $(call add_define,ARM_TSP_RAM_LOCATION_ID))
+
# For the original power-state parameter format, the State-ID can be encoded
# according to the recommended encoding or zero. This flag determines which
# State-ID encoding to be parsed.
@@ -140,11 +158,25 @@
endif
endif
+# Disable ARM Cryptocell by default
+ARM_CRYPTOCELL_INTEG := 0
+$(eval $(call assert_boolean,ARM_CRYPTOCELL_INTEG))
+$(eval $(call add_define,ARM_CRYPTOCELL_INTEG))
+
# Enable PIE support for RESET_TO_BL31 case
ifeq (${RESET_TO_BL31},1)
ENABLE_PIE := 1
endif
+# CryptoCell integration relies on coherent buffers for passing data from
+# the AP CPU to the CryptoCell
+
+ifeq (${ARM_CRYPTOCELL_INTEG},1)
+ifeq (${USE_COHERENT_MEM},0)
+$(error "ARM_CRYPTOCELL_INTEG needs USE_COHERENT_MEM to be set.")
+endif
+endif
+
PLAT_INCLUDES := -Iinclude/plat/nuvoton/npcm845x \
-Iinclude/plat/nuvoton/common \
-Iinclude/drivers/nuvoton/npcm845x \
@@ -287,7 +319,8 @@
# Pointer Authentication sources
ifeq (${ENABLE_PAUTH}, 1)
-PLAT_BL_COMMON_SOURCES += plat/arm/common/aarch64/arm_pauth.c
+PLAT_BL_COMMON_SOURCES += plat/arm/common/aarch64/arm_pauth.c \
+ lib/extensions/pauth/pauth_helpers.S
endif
ifeq (${SPD},spmd)
@@ -325,7 +358,11 @@
$(eval $(call TOOL_ADD_IMG,ns_bl2u,--fwu,FWU_))
# We expect to locate the *.mk files under the directories specified below
+ifeq (${ARM_CRYPTOCELL_INTEG},0)
CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
+else
+CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk
+endif
IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk
@@ -336,6 +373,12 @@
include ${IMG_PARSER_LIB_MK}
endif
+ifeq (${RECLAIM_INIT_CODE}, 1)
+ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1)
+$(error "To reclaim init code xlat tables v2 must be used")
+endif
+endif
+
ifeq (${MEASURED_BOOT},1)
MEASURED_BOOT_MK := drivers/measured_boot/measured_boot.mk
$(info Including ${MEASURED_BOOT_MK})
@@ -352,3 +395,6 @@
DEBUG_CONSOLE ?= 0
$(eval $(call add_define,DEBUG_CONSOLE))
+
+$(eval $(call add_define,ARM_TSP_RAM_LOCATION_ID))
+
diff --git a/plat/qemu/qemu/qemu_measured_boot.c b/plat/qemu/qemu/qemu_measured_boot.c
index 077f7a4..76a4da1 100644
--- a/plat/qemu/qemu/qemu_measured_boot.c
+++ b/plat/qemu/qemu/qemu_measured_boot.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
* Copyright (c) 2022-2023, Linaro.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -8,6 +8,7 @@
#include <stdint.h>
#include <drivers/measured_boot/event_log/event_log.h>
+#include <drivers/measured_boot/metadata.h>
#include <plat/common/common_def.h>
#include <plat/common/platform.h>
#include <tools_share/tbbr_oid.h>
@@ -20,16 +21,16 @@
/* QEMU table with platform specific image IDs, names and PCRs */
static const event_log_metadata_t qemu_event_log_metadata[] = {
- { BL31_IMAGE_ID, EVLOG_BL31_STRING, PCR_0 },
- { BL32_IMAGE_ID, EVLOG_BL32_STRING, PCR_0 },
- { BL32_EXTRA1_IMAGE_ID, EVLOG_BL32_EXTRA1_STRING, PCR_0 },
- { BL32_EXTRA2_IMAGE_ID, EVLOG_BL32_EXTRA2_STRING, PCR_0 },
- { BL33_IMAGE_ID, EVLOG_BL33_STRING, PCR_0 },
- { HW_CONFIG_ID, EVLOG_HW_CONFIG_STRING, PCR_0 },
- { NT_FW_CONFIG_ID, EVLOG_NT_FW_CONFIG_STRING, PCR_0 },
- { SCP_BL2_IMAGE_ID, EVLOG_SCP_BL2_STRING, PCR_0 },
- { SOC_FW_CONFIG_ID, EVLOG_SOC_FW_CONFIG_STRING, PCR_0 },
- { TOS_FW_CONFIG_ID, EVLOG_TOS_FW_CONFIG_STRING, PCR_0 },
+ { BL31_IMAGE_ID, MBOOT_BL31_IMAGE_STRING, PCR_0 },
+ { BL32_IMAGE_ID, MBOOT_BL32_IMAGE_STRING, PCR_0 },
+ { BL32_EXTRA1_IMAGE_ID, MBOOT_BL32_EXTRA1_IMAGE_STRING, PCR_0 },
+ { BL32_EXTRA2_IMAGE_ID, MBOOT_BL32_EXTRA2_IMAGE_STRING, PCR_0 },
+ { BL33_IMAGE_ID, MBOOT_BL33_IMAGE_STRING, PCR_0 },
+ { HW_CONFIG_ID, MBOOT_HW_CONFIG_STRING, PCR_0 },
+ { NT_FW_CONFIG_ID, MBOOT_NT_FW_CONFIG_STRING, PCR_0 },
+ { SCP_BL2_IMAGE_ID, MBOOT_SCP_BL2_IMAGE_STRING, PCR_0 },
+ { SOC_FW_CONFIG_ID, MBOOT_SOC_FW_CONFIG_STRING, PCR_0 },
+ { TOS_FW_CONFIG_ID, MBOOT_TOS_FW_CONFIG_STRING, PCR_0 },
{ EVLOG_INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */
};
diff --git a/plat/rockchip/rk3399/drivers/pmu/pmu_fw.S b/plat/rockchip/rk3399/drivers/pmu/pmu_fw.S
new file mode 100644
index 0000000..26f3313
--- /dev/null
+++ b/plat/rockchip/rk3399/drivers/pmu/pmu_fw.S
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2024, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/* convoluted way to make sure that the define is pasted just the right way */
+.macro INCBIN file sym sec
+ .section \sec
+ .global \sym
+ .type \sym, @object
+ .align 4
+\sym :
+ .incbin \file
+ .size \sym , .-\sym
+ .global \sym\()_end
+\sym\()_end :
+.endm
+
+INCBIN ""RK3399M0FW"", "rk3399m0_bin", ".sram.incbin"
+INCBIN ""RK3399M0PMUFW"", "rk3399m0pmu_bin", ".pmusram.incbin"
diff --git a/plat/rockchip/rk3399/drivers/pmu/pmu_fw.c b/plat/rockchip/rk3399/drivers/pmu/pmu_fw.c
deleted file mode 100644
index 25596b1..0000000
--- a/plat/rockchip/rk3399/drivers/pmu/pmu_fw.c
+++ /dev/null
@@ -1,22 +0,0 @@
-/*
- * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-/* convoluted way to make sure that the define is pasted just the right way */
-#define INCBIN(file, sym, sec) \
- __asm__( \
- ".section " sec "\n" \
- ".global " sym "\n" \
- ".type " sym ", %object\n" \
- ".align 4\n" \
- sym ":\n" \
- ".incbin \"" file "\"\n" \
- ".size " sym ", .-" sym "\n" \
- ".global " sym "_end\n" \
- sym "_end:\n" \
- )
-
-INCBIN(RK3399M0FW, "rk3399m0_bin", ".sram.incbin");
-INCBIN(RK3399M0PMUFW, "rk3399m0pmu_bin", ".pmusram.incbin");
diff --git a/plat/rockchip/rk3399/platform.mk b/plat/rockchip/rk3399/platform.mk
index aba67c2..2394dce 100644
--- a/plat/rockchip/rk3399/platform.mk
+++ b/plat/rockchip/rk3399/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2016-2020, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2016-2024, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -61,7 +61,7 @@
${RK_PLAT_SOC}/plat_sip_calls.c \
${RK_PLAT_SOC}/drivers/gpio/rk3399_gpio.c \
${RK_PLAT_SOC}/drivers/pmu/pmu.c \
- ${RK_PLAT_SOC}/drivers/pmu/pmu_fw.c \
+ ${RK_PLAT_SOC}/drivers/pmu/pmu_fw.S \
${RK_PLAT_SOC}/drivers/pmu/m0_ctl.c \
${RK_PLAT_SOC}/drivers/pwm/pwm.c \
${RK_PLAT_SOC}/drivers/secure/secure.c \
@@ -102,7 +102,7 @@
# CCACHE_EXTRAFILES is needed because ccache doesn't handle .incbin
export CCACHE_EXTRAFILES
${BUILD_PLAT}/bl31/pmu_fw.o: CCACHE_EXTRAFILES=$(RK3399M0FW):$(RK3399M0PMUFW)
-${RK_PLAT_SOC}/drivers/pmu/pmu_fw.c: $(RK3399M0FW)
+${RK_PLAT_SOC}/drivers/pmu/pmu_fw.S: $(RK3399M0FW)
$(eval $(call MAKE_PREREQ_DIR,${BUILD_M0},${BUILD_PLAT}))
.PHONY: $(RK3399M0FW)
diff --git a/plat/rpi/rpi4/aarch64/armstub8_header.S b/plat/rpi/common/aarch64/armstub8_header.S
similarity index 89%
rename from plat/rpi/rpi4/aarch64/armstub8_header.S
rename to plat/rpi/common/aarch64/armstub8_header.S
index 246358d..dc1e54e 100644
--- a/plat/rpi/rpi4/aarch64/armstub8_header.S
+++ b/plat/rpi/common/aarch64/armstub8_header.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2019-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
diff --git a/plat/rpi/common/aarch64/plat_helpers.S b/plat/rpi/common/aarch64/plat_helpers.S
index f045e21..18873af 100644
--- a/plat/rpi/common/aarch64/plat_helpers.S
+++ b/plat/rpi/common/aarch64/plat_helpers.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -27,10 +27,19 @@
*
* This function uses the plat_rpi3_calc_core_pos()
* definition to get the index of the calling CPU.
+ *
+ * When MT is set, lowest affinity represents the thread ID.
+ * Since we only support one thread per core, discard this field
+ * so cluster and core IDs go back into Aff1 and Aff0 respectively.
+ * The upper bits are also affected, but plat_rpi3_calc_core_pos()
+ * does not use them.
* -----------------------------------------------------
*/
func plat_my_core_pos
mrs x0, mpidr_el1
+ tst x0, #MPIDR_MT_MASK
+ lsr x1, x0, #MPIDR_AFFINITY_BITS
+ csel x0, x1, x0, ne
b plat_rpi3_calc_core_pos
endfunc plat_my_core_pos
@@ -164,10 +173,16 @@
* ---------------------------------------------
*/
func plat_crash_console_init
- mov_imm x0, PLAT_RPI_MINI_UART_BASE
+ mov_imm x0, PLAT_RPI_CRASH_UART_BASE
+#if PLAT_RPI_CRASH_UART_BASE == PLAT_RPI_PL011_UART_BASE
+ mov_imm x1, RPI4_PL011_UART_CLOCK
+ mov_imm x2, PLAT_RPI_UART_BAUDRATE
+ b console_pl011_core_init
+#else
mov x1, xzr
mov x2, xzr
b console_16550_core_init
+#endif
endfunc plat_crash_console_init
/* ---------------------------------------------
@@ -178,8 +193,12 @@
* ---------------------------------------------
*/
func plat_crash_console_putc
- mov_imm x1, PLAT_RPI_MINI_UART_BASE
+ mov_imm x1, PLAT_RPI_CRASH_UART_BASE
+#if PLAT_RPI_CRASH_UART_BASE == PLAT_RPI_PL011_UART_BASE
+ b console_pl011_core_putc
+#else
b console_16550_core_putc
+#endif
endfunc plat_crash_console_putc
/* ---------------------------------------------
@@ -191,8 +210,12 @@
* ---------------------------------------------
*/
func plat_crash_console_flush
- mov_imm x0, PLAT_RPI_MINI_UART_BASE
+ mov_imm x0, PLAT_RPI_CRASH_UART_BASE
+#if PLAT_RPI_CRASH_UART_BASE == PLAT_RPI_PL011_UART_BASE
+ b console_pl011_core_flush
+#else
b console_16550_core_flush
+#endif
endfunc plat_crash_console_flush
/* ---------------------------------------------
diff --git a/plat/rpi/rpi4/include/plat_macros.S b/plat/rpi/common/include/plat_macros.S
similarity index 87%
rename from plat/rpi/rpi4/include/plat_macros.S
rename to plat/rpi/common/include/plat_macros.S
index 6007d03..576d0ff 100644
--- a/plat/rpi/rpi4/include/plat_macros.S
+++ b/plat/rpi/common/include/plat_macros.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
diff --git a/plat/rpi/common/include/rpi_shared.h b/plat/rpi/common/include/rpi_shared.h
index ddf239e..8562c3d 100644
--- a/plat/rpi/common/include/rpi_shared.h
+++ b/plat/rpi/common/include/rpi_shared.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,14 +7,20 @@
#ifndef RPI_SHARED_H
#define RPI_SHARED_H
+#include <stddef.h>
#include <stdint.h>
+#include <drivers/console.h>
+
/*******************************************************************************
* Function and variable prototypes
******************************************************************************/
-/* Utility functions */
+/* Serial console functions */
void rpi3_console_init(void);
+int rpi3_register_used_uart(console_t *console);
+
+/* Utility functions */
void rpi3_setup_page_tables(uintptr_t total_base, size_t total_size,
uintptr_t code_start, uintptr_t code_limit,
uintptr_t rodata_start, uintptr_t rodata_limit
@@ -23,6 +29,8 @@
#endif
);
+uintptr_t rpi4_get_dtb_address(void);
+
/* Optional functions required in the Raspberry Pi 3 port */
unsigned int plat_rpi3_calc_core_pos(u_register_t mpidr);
@@ -38,4 +46,10 @@
int plat_rpi_get_model(void);
+/*******************************************************************************
+ * Platform implemented functions
+ ******************************************************************************/
+
+void plat_rpi_bl31_custom_setup(void);
+
#endif /* RPI3_PRIVATE_H */
diff --git a/plat/rpi/common/rpi3_common.c b/plat/rpi/common/rpi3_common.c
index ef88bf1..8976496 100644
--- a/plat/rpi/common/rpi3_common.c
+++ b/plat/rpi/common/rpi3_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,9 +13,6 @@
#include <common/debug.h>
#include <bl31/interrupt_mgmt.h>
#include <drivers/console.h>
-#include <drivers/rpi3/gpio/rpi3_gpio.h>
-#include <drivers/ti/uart/uart_16550.h>
-#include <drivers/arm/pl011.h>
#include <lib/xlat_tables/xlat_tables_v2.h>
#include <rpi_hw.h>
@@ -106,12 +103,6 @@
******************************************************************************/
static console_t rpi3_console;
-
-static bool rpi3_use_mini_uart(void)
-{
- return rpi3_gpio_get_select(14) == RPI3_GPIO_FUNC_ALT5;
-}
-
void rpi3_console_init(void)
{
int console_scope = CONSOLE_FLAG_BOOT;
@@ -120,18 +111,7 @@
if (RPI3_RUNTIME_UART != -1)
console_scope |= CONSOLE_FLAG_RUNTIME;
- rpi3_gpio_init();
-
- if (rpi3_use_mini_uart())
- rc = console_16550_register(PLAT_RPI_MINI_UART_BASE,
- 0,
- PLAT_RPI_UART_BAUDRATE,
- &rpi3_console);
- else
- rc = console_pl011_register(PLAT_RPI_PL011_UART_BASE,
- PLAT_RPI_PL011_UART_CLOCK,
- PLAT_RPI_UART_BAUDRATE,
- &rpi3_console);
+ rc = rpi3_register_used_uart(&rpi3_console);
if (rc == 0) {
/*
diff --git a/plat/rpi/common/rpi3_console_dual.c b/plat/rpi/common/rpi3_console_dual.c
new file mode 100644
index 0000000..15ee3e7
--- /dev/null
+++ b/plat/rpi/common/rpi3_console_dual.c
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2024, Mario Bălănică <mariobalanica02@gmail.com>
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <drivers/arm/pl011.h>
+#include <drivers/console.h>
+#include <drivers/rpi3/gpio/rpi3_gpio.h>
+#include <drivers/ti/uart/uart_16550.h>
+#include <platform_def.h>
+
+#include <rpi_shared.h>
+
+static bool rpi3_use_mini_uart(void)
+{
+ return rpi3_gpio_get_select(14) == RPI3_GPIO_FUNC_ALT5;
+}
+
+int rpi3_register_used_uart(console_t *console)
+{
+ rpi3_gpio_init();
+
+ if (rpi3_use_mini_uart())
+ return console_16550_register(PLAT_RPI_MINI_UART_BASE,
+ 0,
+ PLAT_RPI_UART_BAUDRATE,
+ console);
+ else
+ return console_pl011_register(PLAT_RPI_PL011_UART_BASE,
+ PLAT_RPI_PL011_UART_CLOCK,
+ PLAT_RPI_UART_BAUDRATE,
+ console);
+}
diff --git a/plat/rpi/common/rpi3_console_pl011.c b/plat/rpi/common/rpi3_console_pl011.c
new file mode 100644
index 0000000..6ab7209
--- /dev/null
+++ b/plat/rpi/common/rpi3_console_pl011.c
@@ -0,0 +1,20 @@
+/*
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2024, Mario Bălănică <mariobalanica02@gmail.com>
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <drivers/arm/pl011.h>
+#include <drivers/console.h>
+#include <platform_def.h>
+
+#include <rpi_shared.h>
+
+int rpi3_register_used_uart(console_t *console)
+{
+ return console_pl011_register(PLAT_RPI_PL011_UART_BASE,
+ PLAT_RPI_PL011_UART_CLOCK,
+ PLAT_RPI_UART_BAUDRATE,
+ console);
+}
diff --git a/plat/rpi/common/rpi3_pm.c b/plat/rpi/common/rpi3_pm.c
index d98ac66..456e160 100644
--- a/plat/rpi/common/rpi3_pm.c
+++ b/plat/rpi/common/rpi3_pm.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -21,6 +21,22 @@
#include <drivers/arm/gicv2.h>
#endif
+/* Registers on top of RPI3_PM_BASE. */
+#define RPI3_PM_RSTC_OFFSET ULL(0x0000001C)
+#define RPI3_PM_RSTS_OFFSET ULL(0x00000020)
+#define RPI3_PM_WDOG_OFFSET ULL(0x00000024)
+/* Watchdog constants */
+#define RPI3_PM_PASSWORD U(0x5A000000)
+#define RPI3_PM_RSTC_WRCFG_MASK U(0x00000030)
+#define RPI3_PM_RSTC_WRCFG_FULL_RESET U(0x00000020)
+/*
+ * The RSTS register is used by the VideoCore firmware when booting the
+ * Raspberry Pi to know which partition to boot from. The partition value is
+ * formed by bits 0, 2, 4, 6, 8 and 10. Partition 63 is used by said firmware
+ * to indicate halt.
+ */
+#define RPI3_PM_RSTS_WRCFG_HALT U(0x00000555)
+
/* Make composite power state parameter till power level 0 */
#if PSCI_EXTENDED_STATE_ID
diff --git a/plat/rpi/common/rpi3_topology.c b/plat/rpi/common/rpi3_topology.c
index 3747287..5fef777 100644
--- a/plat/rpi/common/rpi3_topology.c
+++ b/plat/rpi/common/rpi3_topology.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -39,12 +39,27 @@
unsigned int cluster_id, cpu_id;
mpidr &= MPIDR_AFFINITY_MASK;
+
+ /*
+ * When MT is set, lowest affinity represents the thread ID.
+ * Since we only support one thread per core, discard this field
+ * so cluster and core IDs go back into Aff1 and Aff0 respectively.
+ * The upper bits are also affected, but plat_rpi3_calc_core_pos()
+ * does not use them.
+ */
+ if ((read_mpidr() & MPIDR_MT_MASK) != 0) {
+ if (MPIDR_AFFLVL0_VAL(mpidr) != 0) {
+ return -1;
+ }
+ mpidr >>= MPIDR_AFFINITY_BITS;
+ }
+
if (mpidr & ~(MPIDR_CLUSTER_MASK | MPIDR_CPU_MASK)) {
return -1;
}
- cluster_id = (mpidr >> MPIDR_AFF1_SHIFT) & MPIDR_AFFLVL_MASK;
- cpu_id = (mpidr >> MPIDR_AFF0_SHIFT) & MPIDR_AFFLVL_MASK;
+ cluster_id = MPIDR_AFFLVL1_VAL(mpidr);
+ cpu_id = MPIDR_AFFLVL0_VAL(mpidr);
if (cluster_id >= PLATFORM_CLUSTER_COUNT) {
return -1;
diff --git a/plat/rpi/rpi4/rpi4_bl31_setup.c b/plat/rpi/common/rpi4_bl31_setup.c
similarity index 67%
rename from plat/rpi/rpi4/rpi4_bl31_setup.c
rename to plat/rpi/common/rpi4_bl31_setup.c
index 2fb4d3d..a7228fd 100644
--- a/plat/rpi/rpi4/rpi4_bl31_setup.c
+++ b/plat/rpi/common/rpi4_bl31_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -8,21 +8,15 @@
#include <inttypes.h>
#include <stdint.h>
-#include <libfdt.h>
-
-#include <platform_def.h>
#include <arch_helpers.h>
#include <common/bl_common.h>
+#include <drivers/arm/gicv2.h>
#include <lib/mmio.h>
#include <lib/xlat_tables/xlat_mmu_helpers.h>
#include <lib/xlat_tables/xlat_tables_defs.h>
#include <lib/xlat_tables/xlat_tables_v2.h>
#include <plat/common/platform.h>
-#include <common/fdt_fixup.h>
-#include <common/fdt_wrappers.h>
-#include <libfdt.h>
-
-#include <drivers/arm/gicv2.h>
+#include <platform_def.h>
#include <rpi_shared.h>
@@ -85,7 +79,7 @@
#endif
}
-static uintptr_t rpi4_get_dtb_address(void)
+uintptr_t rpi4_get_dtb_address(void)
{
#ifdef RPI3_PRELOADED_DTB_BASE
return RPI3_PRELOADED_DTB_BASE;
@@ -151,7 +145,7 @@
* r1 = machine type number, optional in DT-only platforms (~0 if so)
* r2 = Physical address of the device tree blob
*/
- VERBOSE("rpi4: Preparing to boot 32-bit Linux kernel\n");
+ VERBOSE("rpi: Preparing to boot 32-bit Linux kernel\n");
bl33_image_ep_info.args.arg0 = 0U;
bl33_image_ep_info.args.arg1 = ~0U;
bl33_image_ep_info.args.arg2 = rpi4_get_dtb_address();
@@ -162,7 +156,7 @@
* tree blob (DTB) in x0, while x1-x3 are reserved for future use and
* must be 0.
*/
- VERBOSE("rpi4: Preparing to boot 64-bit Linux kernel\n");
+ VERBOSE("rpi: Preparing to boot 64-bit Linux kernel\n");
bl33_image_ep_info.args.arg0 = rpi4_get_dtb_address();
bl33_image_ep_info.args.arg1 = 0ULL;
bl33_image_ep_info.args.arg2 = 0ULL;
@@ -203,102 +197,13 @@
enable_mmu_el3(0);
}
-/*
- * Remove the FDT /memreserve/ entry that covers the region at the very
- * beginning of memory (if that exists). This is where the secondaries
- * originally spin, but we pull them out there.
- * Having overlapping /reserved-memory and /memreserve/ regions confuses
- * the Linux kernel, so we need to get rid of this one.
- */
-static void remove_spintable_memreserve(void *dtb)
-{
- uint64_t addr, size;
- int regions = fdt_num_mem_rsv(dtb);
- int i;
-
- for (i = 0; i < regions; i++) {
- if (fdt_get_mem_rsv(dtb, i, &addr, &size) != 0) {
- return;
- }
- if (size == 0U) {
- return;
- }
- /* We only look for the region at the beginning of DRAM. */
- if (addr != 0U) {
- continue;
- }
- /*
- * Currently the region in the existing DTs is exactly 4K
- * in size. Should this value ever change, there is probably
- * a reason for that, so inform the user about this.
- */
- if (size == 4096U) {
- fdt_del_mem_rsv(dtb, i);
- return;
- }
- WARN("Keeping unknown /memreserve/ region at 0, size: %" PRId64 "\n",
- size);
- }
-}
-
-static void rpi4_prepare_dtb(void)
-{
- void *dtb = (void *)rpi4_get_dtb_address();
- uint32_t gic_int_prop[3];
- int ret, offs;
-
- /* Return if no device tree is detected */
- if (fdt_check_header(dtb) != 0)
- return;
-
- ret = fdt_open_into(dtb, dtb, 0x100000);
- if (ret < 0) {
- ERROR("Invalid Device Tree at %p: error %d\n", dtb, ret);
- return;
- }
-
- if (dt_add_psci_node(dtb)) {
- ERROR("Failed to add PSCI Device Tree node\n");
- return;
- }
-
- if (dt_add_psci_cpu_enable_methods(dtb)) {
- ERROR("Failed to add PSCI cpu enable methods in Device Tree\n");
- return;
- }
-
- /*
- * Remove the original reserved region (used for the spintable), and
- * replace it with a region describing the whole of Trusted Firmware.
- */
- remove_spintable_memreserve(dtb);
- if (fdt_add_reserved_memory(dtb, "atf@0", 0, 0x80000))
- WARN("Failed to add reserved memory nodes to DT.\n");
-
- offs = fdt_node_offset_by_compatible(dtb, 0, "arm,gic-400");
- gic_int_prop[0] = cpu_to_fdt32(1); // PPI
- gic_int_prop[1] = cpu_to_fdt32(9); // PPI #9
- gic_int_prop[2] = cpu_to_fdt32(0x0f04); // all cores, level high
- fdt_setprop(dtb, offs, "interrupts", gic_int_prop, 12);
-
- offs = fdt_path_offset(dtb, "/chosen");
- fdt_setprop_string(dtb, offs, "stdout-path", "serial0");
-
- ret = fdt_pack(dtb);
- if (ret < 0)
- ERROR("Failed to pack Device Tree at %p: error %d\n", dtb, ret);
-
- clean_dcache_range((uintptr_t)dtb, fdt_blob_size(dtb));
- INFO("Changed device tree to advertise PSCI.\n");
-}
-
void bl31_platform_setup(void)
{
- rpi4_prepare_dtb();
-
/* Configure the interrupt controller */
gicv2_driver_init(&rpi4_gic_data);
gicv2_distif_init();
gicv2_pcpu_distif_init();
gicv2_cpuif_enable();
+
+ plat_rpi_bl31_custom_setup();
}
diff --git a/plat/rpi/rpi3/include/plat_macros.S b/plat/rpi/rpi3/include/plat_macros.S
deleted file mode 100644
index c0c3967..0000000
--- a/plat/rpi/rpi3/include/plat_macros.S
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
- * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-#ifndef PLAT_MACROS_S
-#define PLAT_MACROS_S
-
- /* ---------------------------------------------
- * The below required platform porting macro
- * prints out relevant platform registers
- * whenever an unhandled exception is taken in
- * BL31.
- * Clobbers: x0 - x10, x16, x17, sp
- * ---------------------------------------------
- */
- .macro plat_crash_print_regs
- .endm
-
-#endif /* PLAT_MACROS_S */
diff --git a/plat/rpi/rpi3/include/platform_def.h b/plat/rpi/rpi3/include/platform_def.h
index f44d1f5..757c64a 100644
--- a/plat/rpi/rpi3/include/platform_def.h
+++ b/plat/rpi/rpi3/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -254,6 +254,7 @@
#define PLAT_RPI_PL011_UART_BASE RPI3_PL011_UART_BASE
#define PLAT_RPI_PL011_UART_CLOCK RPI3_PL011_UART_CLOCK
#define PLAT_RPI_UART_BAUDRATE ULL(115200)
+#define PLAT_RPI_CRASH_UART_BASE PLAT_RPI_MINI_UART_BASE
/*
* System counter
diff --git a/plat/rpi/rpi3/include/rpi_hw.h b/plat/rpi/rpi3/include/rpi_hw.h
index 2aecab3..dec5963 100644
--- a/plat/rpi/rpi3/include/rpi_hw.h
+++ b/plat/rpi/rpi3/include/rpi_hw.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -21,60 +21,18 @@
*/
#define RPI3_MBOX_OFFSET ULL(0x0000B880)
#define RPI3_MBOX_BASE (RPI_IO_BASE + RPI3_MBOX_OFFSET)
-/* VideoCore -> ARM */
-#define RPI3_MBOX0_READ_OFFSET ULL(0x00000000)
-#define RPI3_MBOX0_PEEK_OFFSET ULL(0x00000010)
-#define RPI3_MBOX0_SENDER_OFFSET ULL(0x00000014)
-#define RPI3_MBOX0_STATUS_OFFSET ULL(0x00000018)
-#define RPI3_MBOX0_CONFIG_OFFSET ULL(0x0000001C)
-/* ARM -> VideoCore */
-#define RPI3_MBOX1_WRITE_OFFSET ULL(0x00000020)
-#define RPI3_MBOX1_PEEK_OFFSET ULL(0x00000030)
-#define RPI3_MBOX1_SENDER_OFFSET ULL(0x00000034)
-#define RPI3_MBOX1_STATUS_OFFSET ULL(0x00000038)
-#define RPI3_MBOX1_CONFIG_OFFSET ULL(0x0000003C)
-/* Mailbox status constants */
-#define RPI3_MBOX_STATUS_FULL_MASK U(0x80000000) /* Set if full */
-#define RPI3_MBOX_STATUS_EMPTY_MASK U(0x40000000) /* Set if empty */
/*
* Power management, reset controller, watchdog.
*/
#define RPI3_IO_PM_OFFSET ULL(0x00100000)
#define RPI3_PM_BASE (RPI_IO_BASE + RPI3_IO_PM_OFFSET)
-/* Registers on top of RPI3_PM_BASE. */
-#define RPI3_PM_RSTC_OFFSET ULL(0x0000001C)
-#define RPI3_PM_RSTS_OFFSET ULL(0x00000020)
-#define RPI3_PM_WDOG_OFFSET ULL(0x00000024)
-/* Watchdog constants */
-#define RPI3_PM_PASSWORD U(0x5A000000)
-#define RPI3_PM_RSTC_WRCFG_MASK U(0x00000030)
-#define RPI3_PM_RSTC_WRCFG_FULL_RESET U(0x00000020)
-/*
- * The RSTS register is used by the VideoCore firmware when booting the
- * Raspberry Pi to know which partition to boot from. The partition value is
- * formed by bits 0, 2, 4, 6, 8 and 10. Partition 63 is used by said firmware
- * to indicate halt.
- */
-#define RPI3_PM_RSTS_WRCFG_HALT U(0x00000555)
/*
* Hardware random number generator.
*/
#define RPI3_IO_RNG_OFFSET ULL(0x00104000)
#define RPI3_RNG_BASE (RPI_IO_BASE + RPI3_IO_RNG_OFFSET)
-#define RPI3_RNG_CTRL_OFFSET ULL(0x00000000)
-#define RPI3_RNG_STATUS_OFFSET ULL(0x00000004)
-#define RPI3_RNG_DATA_OFFSET ULL(0x00000008)
-#define RPI3_RNG_INT_MASK_OFFSET ULL(0x00000010)
-/* Enable/disable RNG */
-#define RPI3_RNG_CTRL_ENABLE U(0x1)
-#define RPI3_RNG_CTRL_DISABLE U(0x0)
-/* Number of currently available words */
-#define RPI3_RNG_STATUS_NUM_WORDS_SHIFT U(24)
-#define RPI3_RNG_STATUS_NUM_WORDS_MASK U(0xFF)
-/* Value to mask interrupts caused by the RNG */
-#define RPI3_RNG_INT_MASK_DISABLE U(0x1)
/*
* Serial ports:
diff --git a/plat/rpi/rpi3/platform.mk b/plat/rpi/rpi3/platform.mk
index 26a3268..8034fa4 100644
--- a/plat/rpi/rpi3/platform.mk
+++ b/plat/rpi/rpi3/platform.mk
@@ -17,6 +17,7 @@
drivers/rpi3/gpio/rpi3_gpio.c \
plat/rpi/common/aarch64/plat_helpers.S \
plat/rpi/common/rpi3_common.c \
+ plat/rpi/common/rpi3_console_dual.c \
${XLAT_TABLES_LIB_SRCS}
BL1_SOURCES += drivers/io/io_fip.c \
diff --git a/plat/rpi/rpi4/include/platform_def.h b/plat/rpi/rpi4/include/platform_def.h
index 6787ebf..b72aedc 100644
--- a/plat/rpi/rpi4/include/platform_def.h
+++ b/plat/rpi/rpi4/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -131,6 +131,7 @@
#define PLAT_RPI_PL011_UART_BASE RPI4_PL011_UART_BASE
#define PLAT_RPI_PL011_UART_CLOCK RPI4_PL011_UART_CLOCK
#define PLAT_RPI_UART_BAUDRATE ULL(115200)
+#define PLAT_RPI_CRASH_UART_BASE PLAT_RPI_MINI_UART_BASE
/*
* System counter
diff --git a/plat/rpi/rpi4/include/rpi_hw.h b/plat/rpi/rpi4/include/rpi_hw.h
index 0430d46..8162492 100644
--- a/plat/rpi/rpi4/include/rpi_hw.h
+++ b/plat/rpi/rpi4/include/rpi_hw.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -23,60 +23,18 @@
*/
#define RPI3_MBOX_OFFSET ULL(0x0000B880)
#define RPI3_MBOX_BASE (RPI_LEGACY_BASE + RPI3_MBOX_OFFSET)
-/* VideoCore -> ARM */
-#define RPI3_MBOX0_READ_OFFSET ULL(0x00000000)
-#define RPI3_MBOX0_PEEK_OFFSET ULL(0x00000010)
-#define RPI3_MBOX0_SENDER_OFFSET ULL(0x00000014)
-#define RPI3_MBOX0_STATUS_OFFSET ULL(0x00000018)
-#define RPI3_MBOX0_CONFIG_OFFSET ULL(0x0000001C)
-/* ARM -> VideoCore */
-#define RPI3_MBOX1_WRITE_OFFSET ULL(0x00000020)
-#define RPI3_MBOX1_PEEK_OFFSET ULL(0x00000030)
-#define RPI3_MBOX1_SENDER_OFFSET ULL(0x00000034)
-#define RPI3_MBOX1_STATUS_OFFSET ULL(0x00000038)
-#define RPI3_MBOX1_CONFIG_OFFSET ULL(0x0000003C)
-/* Mailbox status constants */
-#define RPI3_MBOX_STATUS_FULL_MASK U(0x80000000) /* Set if full */
-#define RPI3_MBOX_STATUS_EMPTY_MASK U(0x40000000) /* Set if empty */
/*
* Power management, reset controller, watchdog.
*/
#define RPI3_IO_PM_OFFSET ULL(0x00100000)
#define RPI3_PM_BASE (RPI_LEGACY_BASE + RPI3_IO_PM_OFFSET)
-/* Registers on top of RPI3_PM_BASE. */
-#define RPI3_PM_RSTC_OFFSET ULL(0x0000001C)
-#define RPI3_PM_RSTS_OFFSET ULL(0x00000020)
-#define RPI3_PM_WDOG_OFFSET ULL(0x00000024)
-/* Watchdog constants */
-#define RPI3_PM_PASSWORD U(0x5A000000)
-#define RPI3_PM_RSTC_WRCFG_MASK U(0x00000030)
-#define RPI3_PM_RSTC_WRCFG_FULL_RESET U(0x00000020)
-/*
- * The RSTS register is used by the VideoCore firmware when booting the
- * Raspberry Pi to know which partition to boot from. The partition value is
- * formed by bits 0, 2, 4, 6, 8 and 10. Partition 63 is used by said firmware
- * to indicate halt.
- */
-#define RPI3_PM_RSTS_WRCFG_HALT U(0x00000555)
/*
* Hardware random number generator.
*/
#define RPI3_IO_RNG_OFFSET ULL(0x00104000)
#define RPI3_RNG_BASE (RPI_LEGACY_BASE + RPI3_IO_RNG_OFFSET)
-#define RPI3_RNG_CTRL_OFFSET ULL(0x00000000)
-#define RPI3_RNG_STATUS_OFFSET ULL(0x00000004)
-#define RPI3_RNG_DATA_OFFSET ULL(0x00000008)
-#define RPI3_RNG_INT_MASK_OFFSET ULL(0x00000010)
-/* Enable/disable RNG */
-#define RPI3_RNG_CTRL_ENABLE U(0x1)
-#define RPI3_RNG_CTRL_DISABLE U(0x0)
-/* Number of currently available words */
-#define RPI3_RNG_STATUS_NUM_WORDS_SHIFT U(24)
-#define RPI3_RNG_STATUS_NUM_WORDS_MASK U(0xFF)
-/* Value to mask interrupts caused by the RNG */
-#define RPI3_RNG_INT_MASK_DISABLE U(0x1)
/*
* Serial ports:
diff --git a/plat/rpi/rpi4/platform.mk b/plat/rpi/rpi4/platform.mk
index 42a5416..f17911f 100644
--- a/plat/rpi/rpi4/platform.mk
+++ b/plat/rpi/rpi4/platform.mk
@@ -15,16 +15,18 @@
PLAT_BL_COMMON_SOURCES := drivers/ti/uart/aarch64/16550_console.S \
drivers/arm/pl011/aarch64/pl011_console.S \
plat/rpi/common/rpi3_common.c \
+ plat/rpi/common/rpi3_console_dual.c \
${XLAT_TABLES_LIB_SRCS}
BL31_SOURCES += lib/cpus/aarch64/cortex_a72.S \
plat/rpi/common/aarch64/plat_helpers.S \
- plat/rpi/rpi4/aarch64/armstub8_header.S \
+ plat/rpi/common/aarch64/armstub8_header.S \
drivers/delay_timer/delay_timer.c \
drivers/gpio/gpio.c \
drivers/rpi3/gpio/rpi3_gpio.c \
plat/common/plat_gicv2.c \
- plat/rpi/rpi4/rpi4_bl31_setup.c \
+ plat/rpi/common/rpi4_bl31_setup.c \
+ plat/rpi/rpi4/rpi4_setup.c \
plat/rpi/common/rpi3_pm.c \
plat/common/plat_psci_common.c \
plat/rpi/common/rpi3_topology.c \
diff --git a/plat/rpi/rpi4/rpi4_setup.c b/plat/rpi/rpi4/rpi4_setup.c
new file mode 100644
index 0000000..82200b9
--- /dev/null
+++ b/plat/rpi/rpi4/rpi4_setup.c
@@ -0,0 +1,109 @@
+/*
+ * Copyright (c) 2016-2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <inttypes.h>
+#include <stdint.h>
+
+#include <arch_helpers.h>
+#include <common/fdt_fixup.h>
+#include <common/fdt_wrappers.h>
+
+#include <rpi_shared.h>
+
+/*
+ * Remove the FDT /memreserve/ entry that covers the region at the very
+ * beginning of memory (if that exists). This is where the secondaries
+ * originally spin, but we pull them out there.
+ * Having overlapping /reserved-memory and /memreserve/ regions confuses
+ * the Linux kernel, so we need to get rid of this one.
+ */
+static void remove_spintable_memreserve(void *dtb)
+{
+ uint64_t addr, size;
+ int regions = fdt_num_mem_rsv(dtb);
+ int i;
+
+ for (i = 0; i < regions; i++) {
+ if (fdt_get_mem_rsv(dtb, i, &addr, &size) != 0) {
+ return;
+ }
+ if (size == 0U) {
+ return;
+ }
+ /* We only look for the region at the beginning of DRAM. */
+ if (addr != 0U) {
+ continue;
+ }
+ /*
+ * Currently the region in the existing DTs is exactly 4K
+ * in size. Should this value ever change, there is probably
+ * a reason for that, so inform the user about this.
+ */
+ if (size == 4096U) {
+ fdt_del_mem_rsv(dtb, i);
+ return;
+ }
+ WARN("Keeping unknown /memreserve/ region at 0, size: %" PRId64 "\n",
+ size);
+ }
+}
+
+static void rpi4_prepare_dtb(void)
+{
+ void *dtb = (void *)rpi4_get_dtb_address();
+ uint32_t gic_int_prop[3];
+ int ret, offs;
+
+ /* Return if no device tree is detected */
+ if (fdt_check_header(dtb) != 0)
+ return;
+
+ ret = fdt_open_into(dtb, dtb, 0x100000);
+ if (ret < 0) {
+ ERROR("Invalid Device Tree at %p: error %d\n", dtb, ret);
+ return;
+ }
+
+ if (dt_add_psci_node(dtb)) {
+ ERROR("Failed to add PSCI Device Tree node\n");
+ return;
+ }
+
+ if (dt_add_psci_cpu_enable_methods(dtb)) {
+ ERROR("Failed to add PSCI cpu enable methods in Device Tree\n");
+ return;
+ }
+
+ /*
+ * Remove the original reserved region (used for the spintable), and
+ * replace it with a region describing the whole of Trusted Firmware.
+ */
+ remove_spintable_memreserve(dtb);
+ if (fdt_add_reserved_memory(dtb, "atf@0", 0, 0x80000))
+ WARN("Failed to add reserved memory nodes to DT.\n");
+
+ offs = fdt_node_offset_by_compatible(dtb, 0, "arm,gic-400");
+ gic_int_prop[0] = cpu_to_fdt32(1); // PPI
+ gic_int_prop[1] = cpu_to_fdt32(9); // PPI #9
+ gic_int_prop[2] = cpu_to_fdt32(0x0f04); // all cores, level high
+ fdt_setprop(dtb, offs, "interrupts", gic_int_prop, 12);
+
+ offs = fdt_path_offset(dtb, "/chosen");
+ fdt_setprop_string(dtb, offs, "stdout-path", "serial0");
+
+ ret = fdt_pack(dtb);
+ if (ret < 0)
+ ERROR("Failed to pack Device Tree at %p: error %d\n", dtb, ret);
+
+ clean_dcache_range((uintptr_t)dtb, fdt_blob_size(dtb));
+ INFO("Changed device tree to advertise PSCI.\n");
+}
+
+void plat_rpi_bl31_custom_setup(void)
+{
+ rpi4_prepare_dtb();
+}
diff --git a/plat/rpi/rpi5/include/plat.ld.S b/plat/rpi/rpi5/include/plat.ld.S
new file mode 100644
index 0000000..961c630
--- /dev/null
+++ b/plat/rpi/rpi5/include/plat.ld.S
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2019-2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ * Stub linker script to provide the armstub8.bin header before the actual
+ * code. If the GPU firmware finds a magic value at offset 240 in
+ * armstub8.bin, it will put the DTB and kernel load address in subsequent
+ * words. We can then read those values to find the proper NS entry point
+ * and find our DTB more flexibly.
+ */
+
+MEMORY {
+ PRERAM (rwx): ORIGIN = 0, LENGTH = 4096
+}
+
+SECTIONS
+{
+ .armstub8 . : {
+ *armstub8_header.o(.text*)
+ KEEP(*(.armstub8))
+ } >PRERAM
+}
diff --git a/plat/rpi/rpi5/include/platform_def.h b/plat/rpi/rpi5/include/platform_def.h
new file mode 100644
index 0000000..a4c2f5b
--- /dev/null
+++ b/plat/rpi/rpi5/include/platform_def.h
@@ -0,0 +1,141 @@
+/*
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2024, Mario Bălănică <mariobalanica02@gmail.com>
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef PLATFORM_DEF_H
+#define PLATFORM_DEF_H
+
+#include <arch.h>
+#include <common/tbbr/tbbr_img_def.h>
+#include <lib/utils_def.h>
+#include <plat/common/common_def.h>
+
+#include "rpi_hw.h"
+
+/* Special value used to verify platform parameters from BL2 to BL31 */
+#define RPI3_BL31_PLAT_PARAM_VAL ULL(0x0F1E2D3C4B5A6978)
+
+#define PLATFORM_STACK_SIZE ULL(0x1000)
+
+#define PLATFORM_MAX_CPUS_PER_CLUSTER U(4)
+#define PLATFORM_CLUSTER_COUNT U(1)
+#define PLATFORM_CLUSTER0_CORE_COUNT PLATFORM_MAX_CPUS_PER_CLUSTER
+#define PLATFORM_CORE_COUNT PLATFORM_CLUSTER0_CORE_COUNT
+
+#define RPI_PRIMARY_CPU U(0)
+
+#define PLAT_MAX_PWR_LVL MPIDR_AFFLVL1
+#define PLAT_NUM_PWR_DOMAINS (PLATFORM_CLUSTER_COUNT + \
+ PLATFORM_CORE_COUNT)
+
+#define PLAT_MAX_RET_STATE U(1)
+#define PLAT_MAX_OFF_STATE U(2)
+
+/* Local power state for power domains in Run state. */
+#define PLAT_LOCAL_STATE_RUN U(0)
+/* Local power state for retention. Valid only for CPU power domains */
+#define PLAT_LOCAL_STATE_RET U(1)
+/*
+ * Local power state for OFF/power-down. Valid for CPU and cluster power
+ * domains.
+ */
+#define PLAT_LOCAL_STATE_OFF U(2)
+
+/*
+ * Macros used to parse state information from State-ID if it is using the
+ * recommended encoding for State-ID.
+ */
+#define PLAT_LOCAL_PSTATE_WIDTH U(4)
+#define PLAT_LOCAL_PSTATE_MASK ((U(1) << PLAT_LOCAL_PSTATE_WIDTH) - 1)
+
+/*
+ * Some data must be aligned on the biggest cache line size in the platform.
+ * This is known only to the platform as it might have a combination of
+ * integrated and external caches.
+ */
+#define CACHE_WRITEBACK_SHIFT U(6)
+#define CACHE_WRITEBACK_GRANULE (U(1) << CACHE_WRITEBACK_SHIFT)
+
+/*
+ * I/O registers.
+ */
+#define DEVICE0_BASE RPI_IO_BASE
+#define DEVICE0_SIZE RPI_IO_SIZE
+
+/*
+ * Mailbox to control the secondary cores. All secondary cores are held in a
+ * wait loop in cold boot. To release them perform the following steps (plus
+ * any additional barriers that may be needed):
+ *
+ * uint64_t *entrypoint = (uint64_t *)PLAT_RPI3_TM_ENTRYPOINT;
+ * *entrypoint = ADDRESS_TO_JUMP_TO;
+ *
+ * uint64_t *mbox_entry = (uint64_t *)PLAT_RPI3_TM_HOLD_BASE;
+ * mbox_entry[cpu_id] = PLAT_RPI3_TM_HOLD_STATE_GO;
+ *
+ * sev();
+ */
+/* The secure entry point to be used on warm reset by all CPUs. */
+#define PLAT_RPI3_TM_ENTRYPOINT 0x100
+#define PLAT_RPI3_TM_ENTRYPOINT_SIZE ULL(8)
+
+/* Hold entries for each CPU. */
+#define PLAT_RPI3_TM_HOLD_BASE (PLAT_RPI3_TM_ENTRYPOINT + \
+ PLAT_RPI3_TM_ENTRYPOINT_SIZE)
+#define PLAT_RPI3_TM_HOLD_ENTRY_SIZE ULL(8)
+#define PLAT_RPI3_TM_HOLD_SIZE (PLAT_RPI3_TM_HOLD_ENTRY_SIZE * \
+ PLATFORM_CORE_COUNT)
+
+#define PLAT_RPI3_TRUSTED_MAILBOX_SIZE (PLAT_RPI3_TM_ENTRYPOINT_SIZE + \
+ PLAT_RPI3_TM_HOLD_SIZE)
+
+#define PLAT_RPI3_TM_HOLD_STATE_WAIT ULL(0)
+#define PLAT_RPI3_TM_HOLD_STATE_GO ULL(1)
+#define PLAT_RPI3_TM_HOLD_STATE_BSP_OFF ULL(2)
+
+/*
+ * BL31 specific defines.
+ *
+ * Put BL31 at the top of the Trusted SRAM. BL31_BASE is calculated using the
+ * current BL31 debug size plus a little space for growth.
+ */
+#define PLAT_MAX_BL31_SIZE ULL(0x80000)
+
+#define BL31_BASE ULL(0x1000)
+#define BL31_LIMIT ULL(0x80000)
+#define BL31_PROGBITS_LIMIT ULL(0x80000)
+
+#define SEC_SRAM_ID 0
+#define SEC_DRAM_ID 1
+
+/*
+ * Other memory-related defines.
+ */
+#define PLAT_PHY_ADDR_SPACE_SIZE (ULL(1) << 40)
+#define PLAT_VIRT_ADDR_SPACE_SIZE (ULL(1) << 40)
+
+#define MAX_MMAP_REGIONS 8
+#define MAX_XLAT_TABLES 4
+
+#define MAX_IO_DEVICES U(3)
+#define MAX_IO_HANDLES U(4)
+
+#define MAX_IO_BLOCK_DEVICES U(1)
+
+/*
+ * Serial-related constants.
+ */
+#define PLAT_RPI_PL011_UART_BASE RPI4_PL011_UART_BASE
+#define PLAT_RPI_PL011_UART_CLOCK RPI4_PL011_UART_CLOCK
+#define PLAT_RPI_UART_BAUDRATE ULL(115200)
+#define PLAT_RPI_CRASH_UART_BASE PLAT_RPI_PL011_UART_BASE
+
+/*
+ * System counter
+ */
+#define SYS_COUNTER_FREQ_IN_TICKS ULL(54000000)
+
+#endif /* PLATFORM_DEF_H */
diff --git a/plat/rpi/rpi5/include/rpi_hw.h b/plat/rpi/rpi5/include/rpi_hw.h
new file mode 100644
index 0000000..384542e
--- /dev/null
+++ b/plat/rpi/rpi5/include/rpi_hw.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2016-2024, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2024, Mario Bălănică <mariobalanica02@gmail.com>
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef RPI_HW_H
+#define RPI_HW_H
+
+#include <lib/utils_def.h>
+
+/*
+ * Peripherals
+ */
+
+#define RPI_IO_BASE ULL(0x1000000000)
+#define RPI_IO_SIZE ULL(0x1000000000)
+
+/*
+ * ARM <-> VideoCore mailboxes
+ */
+#define RPI3_MBOX_BASE (RPI_IO_BASE + ULL(0x7c013880))
+
+/*
+ * Power management, reset controller, watchdog.
+ */
+#define RPI3_PM_BASE (RPI_IO_BASE + ULL(0x7d200000))
+
+/*
+ * Hardware random number generator.
+ */
+#define RPI3_RNG_BASE (RPI_IO_BASE + ULL(0x7d208000))
+
+/*
+ * PL011 system serial port
+ */
+#define RPI4_PL011_UART_BASE (RPI_IO_BASE + ULL(0x7d001000))
+#define RPI4_PL011_UART_CLOCK ULL(44000000)
+
+/*
+ * GIC interrupt controller
+ */
+#define RPI_HAVE_GIC
+#define RPI4_GIC_GICD_BASE (RPI_IO_BASE + ULL(0x7fff9000))
+#define RPI4_GIC_GICC_BASE (RPI_IO_BASE + ULL(0x7fffa000))
+
+#define RPI4_LOCAL_CONTROL_BASE_ADDRESS (RPI_IO_BASE + ULL(0x7c280000))
+#define RPI4_LOCAL_CONTROL_PRESCALER (RPI_IO_BASE + ULL(0x7c280008))
+
+#endif /* RPI_HW_H */
diff --git a/plat/rpi/rpi5/platform.mk b/plat/rpi/rpi5/platform.mk
new file mode 100644
index 0000000..81b7ded
--- /dev/null
+++ b/plat/rpi/rpi5/platform.mk
@@ -0,0 +1,107 @@
+#
+# Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2024, Mario Bălănică <mariobalanica02@gmail.com>
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+include lib/xlat_tables_v2/xlat_tables.mk
+
+include drivers/arm/gic/v2/gicv2.mk
+
+PLAT_INCLUDES := -Iplat/rpi/common/include \
+ -Iplat/rpi/rpi5/include
+
+PLAT_BL_COMMON_SOURCES := drivers/arm/pl011/aarch64/pl011_console.S \
+ plat/rpi/common/rpi3_common.c \
+ plat/rpi/common/rpi3_console_pl011.c \
+ ${XLAT_TABLES_LIB_SRCS}
+
+BL31_SOURCES += lib/cpus/aarch64/cortex_a76.S \
+ plat/rpi/common/aarch64/plat_helpers.S \
+ plat/rpi/common/aarch64/armstub8_header.S \
+ drivers/delay_timer/delay_timer.c \
+ plat/common/plat_gicv2.c \
+ plat/rpi/common/rpi4_bl31_setup.c \
+ plat/rpi/rpi5/rpi5_setup.c \
+ plat/rpi/common/rpi3_pm.c \
+ plat/common/plat_psci_common.c \
+ plat/rpi/common/rpi3_topology.c \
+ ${GICV2_SOURCES}
+
+# For now we only support BL31, using the kernel loaded by the GPU firmware.
+RESET_TO_BL31 := 1
+
+# All CPUs enter armstub8.bin.
+COLD_BOOT_SINGLE_CPU := 0
+
+# Tune compiler for Cortex-A76
+ifeq ($(notdir $(CC)),armclang)
+ TF_CFLAGS_aarch64 += -mcpu=cortex-a76
+else ifneq ($(findstring clang,$(notdir $(CC))),)
+ TF_CFLAGS_aarch64 += -mcpu=cortex-a76
+else
+ TF_CFLAGS_aarch64 += -mtune=cortex-a76
+endif
+
+# Add support for platform supplied linker script for BL31 build
+$(eval $(call add_define,PLAT_EXTRA_LD_SCRIPT))
+
+# Enable all errata workarounds for Cortex-A76 r4p1
+ERRATA_A76_1946160 := 1
+ERRATA_A76_2743102 := 1
+
+# Add new default target when compiling this platform
+all: bl31
+
+# Build config flags
+# ------------------
+
+# Disable stack protector by default
+ENABLE_STACK_PROTECTOR := 0
+
+# Have different sections for code and rodata
+SEPARATE_CODE_AND_RODATA := 1
+
+# Hardware-managed coherency
+HW_ASSISTED_COHERENCY := 1
+USE_COHERENT_MEM := 0
+
+# Cortex-A76 is 64-bit only
+CTX_INCLUDE_AARCH32_REGS := 0
+
+# Platform build flags
+# --------------------
+
+# There is not much else than a Linux kernel to load at the moment.
+RPI3_DIRECT_LINUX_BOOT := 1
+
+# BL33 images can only be AArch64 on this platform.
+RPI3_BL33_IN_AARCH32 := 0
+
+# UART to use at runtime. -1 means the runtime UART is disabled.
+# Any other value means the default UART will be used.
+RPI3_RUNTIME_UART := 0
+
+# Use normal memory mapping for ROM, FIP, SRAM and DRAM
+RPI3_USE_UEFI_MAP := 0
+
+# Process platform flags
+# ----------------------
+
+$(eval $(call add_define,RPI3_BL33_IN_AARCH32))
+$(eval $(call add_define,RPI3_DIRECT_LINUX_BOOT))
+ifdef RPI3_PRELOADED_DTB_BASE
+$(eval $(call add_define,RPI3_PRELOADED_DTB_BASE))
+endif
+$(eval $(call add_define,RPI3_RUNTIME_UART))
+$(eval $(call add_define,RPI3_USE_UEFI_MAP))
+
+ifeq (${ARCH},aarch32)
+ $(error Error: AArch32 not supported on rpi5)
+endif
+
+ifneq ($(ENABLE_STACK_PROTECTOR), 0)
+PLAT_BL_COMMON_SOURCES += drivers/rpi3/rng/rpi3_rng.c \
+ plat/rpi/common/rpi3_stack_protector.c
+endif
diff --git a/plat/rpi/rpi5/rpi5_setup.c b/plat/rpi/rpi5/rpi5_setup.c
new file mode 100644
index 0000000..de82300
--- /dev/null
+++ b/plat/rpi/rpi5/rpi5_setup.c
@@ -0,0 +1,12 @@
+/*
+ * Copyright (c) 2024, Mario Bălănică <mariobalanica02@gmail.com>
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <rpi_shared.h>
+
+void plat_rpi_bl31_custom_setup(void)
+{
+ /* Nothing to do here yet. */
+}
diff --git a/plat/st/common/bl2_io_storage.c b/plat/st/common/bl2_io_storage.c
index 86795d7..f8a0c18 100644
--- a/plat/st/common/bl2_io_storage.c
+++ b/plat/st/common/bl2_io_storage.c
@@ -493,12 +493,10 @@
*/
#if !PSA_FWU_SUPPORT
const partition_entry_t *entry;
- const struct efi_guid img_type_guid = STM32MP_FIP_GUID;
- uuid_t img_type_uuid;
+ const struct efi_guid fip_guid = STM32MP_FIP_GUID;
- guidcpy(&img_type_uuid, &img_type_guid);
partition_init(GPT_IMAGE_ID);
- entry = get_partition_entry_by_type(&img_type_uuid);
+ entry = get_partition_entry_by_type(&fip_guid);
if (entry == NULL) {
entry = get_partition_entry(FIP_IMAGE_NAME);
if (entry == NULL) {
@@ -613,8 +611,6 @@
* - we already boot FWU_MAX_TRIAL_REBOOT times in trial mode.
* we select the previous_active_index.
*/
-#define INVALID_BOOT_IDX 0xFFFFFFFFU
-
uint32_t plat_fwu_get_boot_idx(void)
{
/*
@@ -622,32 +618,38 @@
* even if this function is called several times.
*/
static uint32_t boot_idx = INVALID_BOOT_IDX;
- const struct fwu_metadata *data;
-
- data = fwu_get_metadata();
if (boot_idx == INVALID_BOOT_IDX) {
+ const struct fwu_metadata *data = fwu_get_metadata();
+
boot_idx = data->active_index;
- if (fwu_is_trial_run_state()) {
+
+ if (data->bank_state[boot_idx] == FWU_BANK_STATE_VALID) {
if (stm32_get_and_dec_fwu_trial_boot_cnt() == 0U) {
WARN("Trial FWU fails %u times\n",
FWU_MAX_TRIAL_REBOOT);
- boot_idx = data->previous_active_index;
+ boot_idx = fwu_get_alternate_boot_bank();
}
- } else {
+ } else if (data->bank_state[boot_idx] ==
+ FWU_BANK_STATE_ACCEPTED) {
stm32_set_max_fwu_trial_boot_cnt();
+ } else {
+ ERROR("The active bank(%u) of the platform is in Invalid State.\n",
+ boot_idx);
+ boot_idx = fwu_get_alternate_boot_bank();
+ stm32_clear_fwu_trial_boot_cnt();
}
}
return boot_idx;
}
-static void *stm32_get_image_spec(const uuid_t *img_type_uuid)
+static void *stm32_get_image_spec(const struct efi_guid *img_type_guid)
{
unsigned int i;
for (i = 0U; i < MAX_NUMBER_IDS; i++) {
- if ((guidcmp(&policies[i].img_type_guid, img_type_uuid)) == 0) {
+ if ((guidcmp(&policies[i].img_type_guid, img_type_guid)) == 0) {
return (void *)policies[i].image_spec;
}
}
@@ -660,20 +662,23 @@
unsigned int i;
uint32_t boot_idx;
const partition_entry_t *entry __maybe_unused;
- const uuid_t *img_type_uuid;
- const uuid_t *img_uuid __maybe_unused;
+ const struct fwu_image_entry *img_entry;
+ const void *img_type_guid;
+ const void *img_guid;
io_block_spec_t *image_spec;
const uint16_t boot_itf = stm32mp_get_boot_itf_selected();
boot_idx = plat_fwu_get_boot_idx();
assert(boot_idx < NR_OF_FW_BANKS);
+ VERBOSE("Selecting to boot from bank %u\n", boot_idx);
+ img_entry = (void *)&metadata->fw_desc.img_entry;
for (i = 0U; i < NR_OF_IMAGES_IN_FW_BANK; i++) {
- img_type_uuid = &metadata->img_entry[i].img_type_uuid;
+ img_type_guid = &img_entry[i].img_type_guid;
- img_uuid = &metadata->img_entry[i].img_props[boot_idx].img_uuid;
+ img_guid = &img_entry[i].img_bank_info[boot_idx].img_guid;
- image_spec = stm32_get_image_spec(img_type_uuid);
+ image_spec = stm32_get_image_spec(img_type_guid);
if (image_spec == NULL) {
ERROR("Unable to get image spec for the image in the metadata\n");
panic();
@@ -683,7 +688,7 @@
#if (STM32MP_SDMMC || STM32MP_EMMC)
case BOOT_API_CTX_BOOT_INTERFACE_SEL_FLASH_SD:
case BOOT_API_CTX_BOOT_INTERFACE_SEL_FLASH_EMMC:
- entry = get_partition_entry_by_uuid(img_uuid);
+ entry = get_partition_entry_by_guid(img_guid);
if (entry == NULL) {
ERROR("No partition with the uuid mentioned in metadata\n");
panic();
@@ -695,9 +700,9 @@
#endif
#if STM32MP_SPI_NOR
case BOOT_API_CTX_BOOT_INTERFACE_SEL_FLASH_NOR_SPI:
- if (guidcmp(img_uuid, &STM32MP_NOR_FIP_A_GUID) == 0) {
+ if (guidcmp(img_guid, &STM32MP_NOR_FIP_A_GUID) == 0) {
image_spec->offset = STM32MP_NOR_FIP_A_OFFSET;
- } else if (guidcmp(img_uuid, &STM32MP_NOR_FIP_B_GUID) == 0) {
+ } else if (guidcmp(img_guid, &STM32MP_NOR_FIP_B_GUID) == 0) {
image_spec->offset = STM32MP_NOR_FIP_B_OFFSET;
} else {
ERROR("Invalid uuid mentioned in metadata\n");
diff --git a/plat/st/common/common.mk b/plat/st/common/common.mk
index f49112d..b9b62c0 100644
--- a/plat/st/common/common.mk
+++ b/plat/st/common/common.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2023, STMicroelectronics - All Rights Reserved
+# Copyright (c) 2023-2024, STMicroelectronics - All Rights Reserved
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -183,12 +183,10 @@
MBEDTLS_MAJOR=$(shell grep -hP "define MBEDTLS_VERSION_MAJOR" \
${MBEDTLS_DIR}/include/mbedtls/*.h | grep -oe '\([0-9.]*\)')
-ifeq (${MBEDTLS_MAJOR}, 2)
-MBEDTLS_CONFIG_FILE ?= "<stm32mp_mbedtls_config-2.h>"
-endif
-
ifeq (${MBEDTLS_MAJOR}, 3)
MBEDTLS_CONFIG_FILE ?= "<stm32mp_mbedtls_config-3.h>"
+else
+$(error Error: TF-A only supports MbedTLS versions > 3.x)
endif
endif
diff --git a/plat/st/common/include/stm32mp_common.h b/plat/st/common/include/stm32mp_common.h
index 0ff6092..a1ed1ad 100644
--- a/plat/st/common/include/stm32mp_common.h
+++ b/plat/st/common/include/stm32mp_common.h
@@ -142,6 +142,7 @@
void stm32mp1_fwu_set_boot_idx(void);
uint32_t stm32_get_and_dec_fwu_trial_boot_cnt(void);
void stm32_set_max_fwu_trial_boot_cnt(void);
+void stm32_clear_fwu_trial_boot_cnt(void);
#endif /* PSA_FWU_SUPPORT */
#endif /* STM32MP_COMMON_H */
diff --git a/plat/st/common/include/stm32mp_mbedtls_config-2.h b/plat/st/common/include/stm32mp_mbedtls_config-2.h
deleted file mode 100644
index 66ff346..0000000
--- a/plat/st/common/include/stm32mp_mbedtls_config-2.h
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * Copyright (c) 2022-2023, STMicroelectronics - All Rights Reserved
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-#ifndef MBEDTLS_CONFIG_H
-#define MBEDTLS_CONFIG_H
-
-/*
- * Key algorithms currently supported on mbed TLS libraries
- */
-#define TF_MBEDTLS_USE_RSA 0
-#define TF_MBEDTLS_USE_ECDSA 1
-
-/*
- * Hash algorithms currently supported on mbed TLS libraries
- */
-#define TF_MBEDTLS_SHA256 1
-#define TF_MBEDTLS_SHA384 2
-#define TF_MBEDTLS_SHA512 3
-
-/*
- * Configuration file to build mbed TLS with the required features for
- * Trusted Boot
- */
-
-#define MBEDTLS_PLATFORM_MEMORY
-#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-/* Prevent mbed TLS from using snprintf so that it can use tf_snprintf. */
-#define MBEDTLS_PLATFORM_SNPRINTF_ALT
-
-#define MBEDTLS_PKCS1_V21
-
-#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
-#define MBEDTLS_X509_CHECK_KEY_USAGE
-#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
-
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-
-#define MBEDTLS_BASE64_C
-#define MBEDTLS_BIGNUM_C
-
-#define MBEDTLS_ERROR_C
-#define MBEDTLS_MD_C
-
-#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
-#define MBEDTLS_OID_C
-
-#define MBEDTLS_PK_C
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
-
-#define MBEDTLS_PLATFORM_C
-
-#if TF_MBEDTLS_USE_ECDSA
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_ECP_NO_INTERNAL_RNG
-#endif
-#if TF_MBEDTLS_USE_RSA
-#define MBEDTLS_RSA_C
-#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
-#endif
-
-#define MBEDTLS_SHA256_C
-#if (TF_MBEDTLS_HASH_ALG_ID != TF_MBEDTLS_SHA256)
-#define MBEDTLS_SHA512_C
-#endif
-
-#define MBEDTLS_VERSION_C
-
-#define MBEDTLS_X509_USE_C
-#define MBEDTLS_X509_CRT_PARSE_C
-
-#if TF_MBEDTLS_USE_AES_GCM
-#define MBEDTLS_AES_C
-#define MBEDTLS_CIPHER_C
-#define MBEDTLS_GCM_C
-#endif
-
-/* MPI / BIGNUM options */
-#define MBEDTLS_MPI_WINDOW_SIZE 2
-
-#if TF_MBEDTLS_USE_RSA
-#if TF_MBEDTLS_KEY_SIZE <= 2048
-#define MBEDTLS_MPI_MAX_SIZE 256
-#else
-#define MBEDTLS_MPI_MAX_SIZE 512
-#endif
-#else
-#define MBEDTLS_MPI_MAX_SIZE 256
-#endif
-
-/* Memory buffer allocator options */
-#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 8
-
-/*
- * Prevent the use of 128-bit division which
- * creates dependency on external libraries.
- */
-#define MBEDTLS_NO_UDBL_DIVISION
-
-#ifndef __ASSEMBLER__
-/* System headers required to build mbed TLS with the current configuration */
-#include <stdlib.h>
-#include <mbedtls/check_config.h>
-#endif
-
-/*
- * Mbed TLS heap size is smal as we only use the asn1
- * parsing functions
- * digest, signature and crypto algorithm are done by
- * other library.
- */
-
-#define TF_MBEDTLS_HEAP_SIZE U(5120)
-#endif /* MBEDTLS_CONFIG_H */
diff --git a/plat/st/stm32mp1/bl2_plat_setup.c b/plat/st/stm32mp1/bl2_plat_setup.c
index fd86020..798c033 100644
--- a/plat/st/stm32mp1/bl2_plat_setup.c
+++ b/plat/st/stm32mp1/bl2_plat_setup.c
@@ -255,11 +255,6 @@
mmio_clrbits_32(rcc_base + RCC_BDCR, RCC_BDCR_VSWRST);
}
-#if STM32MP15
- /* Disable MCKPROT */
- mmio_clrbits_32(rcc_base + RCC_TZCR, RCC_TZCR_MCKPROT);
-#endif
-
/*
* Set minimum reset pulse duration to 31ms for discrete power
* supplied boards.
diff --git a/plat/st/stm32mp1/sp_min/sp_min_setup.c b/plat/st/stm32mp1/sp_min/sp_min_setup.c
index b46f4af..245b2d3 100644
--- a/plat/st/stm32mp1/sp_min/sp_min_setup.c
+++ b/plat/st/stm32mp1/sp_min/sp_min_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -182,6 +182,9 @@
stm32mp_gic_init();
+ /* Disable MCU subsystem protection */
+ stm32mp1_clk_mcuss_protect(false);
+
if (stm32_iwdg_init() < 0) {
panic();
}
diff --git a/plat/st/stm32mp1/stm32mp1_private.c b/plat/st/stm32mp1/stm32mp1_private.c
index 0e69513..f098eb3 100644
--- a/plat/st/stm32mp1/stm32mp1_private.c
+++ b/plat/st/stm32mp1/stm32mp1_private.c
@@ -714,4 +714,13 @@
TAMP_BOOT_FWU_INFO_CNT_MSK);
clk_disable(RTCAPB);
}
+
+void stm32_clear_fwu_trial_boot_cnt(void)
+{
+ uintptr_t bkpr_fwu_cnt = tamp_bkpr(TAMP_BOOT_FWU_INFO_REG_ID);
+
+ clk_enable(RTCAPB);
+ mmio_clrbits_32(bkpr_fwu_cnt, TAMP_BOOT_FWU_INFO_CNT_MSK);
+ clk_disable(RTCAPB);
+}
#endif /* PSA_FWU_SUPPORT */
diff --git a/services/std_svc/drtm/drtm_main.c b/services/std_svc/drtm/drtm_main.c
index 3acf683..b9c83fa 100644
--- a/services/std_svc/drtm/drtm_main.c
+++ b/services/std_svc/drtm/drtm_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022 Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024 Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -211,7 +211,7 @@
running_on_single_core = psci_is_last_on_cpu_safe();
if (!running_on_single_core) {
ERROR("DRTM: invalid launch due to non-boot PE not being turned off\n");
- return DENIED;
+ return SECONDARY_PE_NOT_OFF;
}
return SUCCESS;
@@ -658,7 +658,7 @@
drtm_dl_prepare_eret_to_dlme(&args, dlme_el);
/*
- * As per DRTM beta0 spec table #28 invalidate the instruction cache
+ * As per DRTM 1.0 spec table #30 invalidate the instruction cache
* before jumping to the DLME. This is required to defend against
* potentially-malicious cache contents.
*/
diff --git a/services/std_svc/drtm/drtm_main.h b/services/std_svc/drtm/drtm_main.h
index 6005163..a7d053f 100644
--- a/services/std_svc/drtm/drtm_main.h
+++ b/services/std_svc/drtm/drtm_main.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022 Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024 Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -55,6 +55,12 @@
NOT_FOUND = -4,
INTERNAL_ERROR = -5,
MEM_PROTECT_INVALID = -6,
+ COPROCESSOR_ERROR = -7,
+ OUT_OF_RESOURCE = -8,
+ INVALID_DATA = -9,
+ SECONDARY_PE_NOT_OFF = -10,
+ ALREADY_CLOSED = -11,
+ TPM_ERROR = -12
};
typedef struct {
@@ -89,6 +95,7 @@
uint64_t dlme_addr_map_size;
uint64_t dlme_tpm_log_size;
uint64_t dlme_tcb_hashes_table_size;
+ uint64_t dlme_acpi_tables_region_size;
uint64_t dlme_impdef_region_size;
} __aligned(__alignof(uint16_t /* First member's type, `uint16_t version'. */));
diff --git a/services/std_svc/errata_abi/cpu_errata_info.h b/services/std_svc/errata_abi/cpu_errata_info.h
index 02dd3a8..2d59fc9 100644
--- a/services/std_svc/errata_abi/cpu_errata_info.h
+++ b/services/std_svc/errata_abi/cpu_errata_info.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2023-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -11,42 +11,25 @@
#include <arch_helpers.h>
#if __aarch64__
-#include <cortex_a35.h>
-#include <cortex_a510.h>
-#include <cortex_a520.h>
-#include <cortex_a53.h>
-#include <cortex_a57.h>
-#include <cortex_a55.h>
#include <cortex_a710.h>
-#include <cortex_a72.h>
-#include <cortex_a73.h>
-#include <cortex_a75.h>
-#include <cortex_a76.h>
-#include <cortex_a77.h>
#include <cortex_a78.h>
#include <cortex_a78_ae.h>
#include <cortex_a78c.h>
-#include <cortex_a715.h>
-#include <cortex_x1.h>
#include <cortex_x2.h>
#include <cortex_x3.h>
-#include <neoverse_n1.h>
+#include <cortex_x4.h>
#include <neoverse_n2.h>
#include <neoverse_v1.h>
#include <neoverse_v2.h>
-#else
-#include <cortex_a15.h>
-#include <cortex_a17.h>
-#include <cortex_a57.h>
-#include <cortex_a9.h>
#endif
-#define MAX_ERRATA_ENTRIES 32
+/* Max number of platform based errata with no workaround in EL3 */
+#define MAX_PLAT_CPU_ERRATA_ENTRIES 2
-#define ERRATA_LIST_END (MAX_ERRATA_ENTRIES - 1)
+#define ERRATA_LIST_END (MAX_PLAT_CPU_ERRATA_ENTRIES - 1)
/* Default values for unused memory in the array */
-#define UNDEF_ERRATA {UINT_MAX, UCHAR_MAX, UCHAR_MAX, false, false}
+#define UNDEF_ERRATA {UINT_MAX, UCHAR_MAX, UCHAR_MAX}
#define EXTRACT_PARTNUM(x) ((x >> MIDR_PN_SHIFT) & MIDR_PN_MASK)
@@ -59,15 +42,11 @@
unsigned int em_errata_id;
unsigned char em_rxpx_lo; /* lowest revision of errata applicable for the cpu */
unsigned char em_rxpx_hi; /* highest revision of errata applicable for the cpu */
- bool errata_enabled; /* indicate if errata enabled */
- /* flag to indicate if errata query is based out of non-arm interconnect */
- bool non_arm_interconnect;
};
struct em_cpu_list{
- /* field to hold cpu specific part number defined in midr reg */
- unsigned long cpu_partnumber;
- struct em_cpu cpu_errata_list[MAX_ERRATA_ENTRIES];
+ unsigned long cpu_partnumber; /* cpu specific part number defined in midr reg */
+ struct em_cpu cpu_errata_list[MAX_PLAT_CPU_ERRATA_ENTRIES];
};
int32_t verify_errata_implemented(uint32_t errata_id, uint32_t forward_flag);
diff --git a/services/std_svc/errata_abi/errata_abi_main.c b/services/std_svc/errata_abi/errata_abi_main.c
index fe1068d..0a1d4f3 100644
--- a/services/std_svc/errata_abi/errata_abi_main.c
+++ b/services/std_svc/errata_abi/errata_abi_main.c
@@ -6,6 +6,8 @@
#include <assert.h>
#include "cpu_errata_info.h"
+#include <lib/cpus/cpu_ops.h>
+#include <lib/cpus/errata.h>
#include <lib/smccc.h>
#include <lib/utils_def.h>
#include <services/errata_abi_svc.h>
@@ -17,197 +19,14 @@
*/
struct em_cpu_list *cpu_ptr;
-extern uint8_t cpu_get_rev_var(void);
-
/* Structure array that holds CPU specific errata information */
struct em_cpu_list cpu_list[] = {
-#if CORTEX_A9_H_INC
-{
- .cpu_partnumber = CORTEX_A9_MIDR,
- .cpu_errata_list = {
- [0] = {794073, 0x00, 0xFF, ERRATA_A9_794073},
- [1 ... ERRATA_LIST_END] = UNDEF_ERRATA,
- }
-},
-#endif /* CORTEX_A9_H_INC */
-
-#if CORTEX_A15_H_INC
-{
- .cpu_partnumber = CORTEX_A15_MIDR,
- .cpu_errata_list = {
- [0] = {816470, 0x30, 0xFF, ERRATA_A15_816470},
- [1] = {827671, 0x30, 0xFF, ERRATA_A15_827671},
- [2 ... ERRATA_LIST_END] = UNDEF_ERRATA,
- }
-},
-#endif /* CORTEX_A15_H_INC */
-
-#if CORTEX_A17_H_INC
-{
- .cpu_partnumber = CORTEX_A17_MIDR,
- .cpu_errata_list = {
- [0] = {852421, 0x00, 0x12, ERRATA_A17_852421},
- [1] = {852423, 0x00, 0x12, ERRATA_A17_852423},
- [2 ... ERRATA_LIST_END] = UNDEF_ERRATA,
- }
-},
-#endif /* CORTEX_A17_H_INC */
-
-#if CORTEX_A35_H_INC
-{
- .cpu_partnumber = CORTEX_A35_MIDR,
- .cpu_errata_list = {
- [0] = {855472, 0x00, 0x00, ERRATA_A35_855472},
- [1 ... ERRATA_LIST_END] = UNDEF_ERRATA,
- }
-},
-#endif /* CORTEX_A35_H_INC */
-
-#if CORTEX_A53_H_INC
-{
- .cpu_partnumber = CORTEX_A53_MIDR,
- .cpu_errata_list = {
- [0] = {819472, 0x00, 0x01, ERRATA_A53_819472},
- [1] = {824069, 0x00, 0x02, ERRATA_A53_824069},
- [2] = {826319, 0x00, 0x02, ERRATA_A53_826319},
- [3] = {827319, 0x00, 0x02, ERRATA_A53_827319},
- [4] = {835769, 0x00, 0x04, ERRATA_A53_835769},
- [5] = {836870, 0x00, 0x03, ERRATA_A53_836870},
- [6] = {843419, 0x00, 0x04, ERRATA_A53_843419},
- [7] = {855873, 0x03, 0xFF, ERRATA_A53_855873},
- [8] = {1530924, 0x00, 0xFF, ERRATA_A53_1530924},
- [9 ... ERRATA_LIST_END] = UNDEF_ERRATA,
- }
-},
-#endif /* CORTEX_A53_H_INC */
-
-#if CORTEX_A55_H_INC
-{
- .cpu_partnumber = CORTEX_A55_MIDR,
- .cpu_errata_list = {
- [0] = {768277, 0x00, 0x00, ERRATA_A55_768277},
- [1] = {778703, 0x00, 0x00, ERRATA_A55_778703},
- [2] = {798797, 0x00, 0x00, ERRATA_A55_798797},
- [3] = {846532, 0x00, 0x01, ERRATA_A55_846532},
- [4] = {903758, 0x00, 0x01, ERRATA_A55_903758},
- [5] = {1221012, 0x00, 0x10, ERRATA_A55_1221012},
- [6] = {1530923, 0x00, 0xFF, ERRATA_A55_1530923},
- [7 ... ERRATA_LIST_END] = UNDEF_ERRATA,
- }
-},
-#endif /* CORTEX_A55_H_INC */
-
-#if CORTEX_A57_H_INC
-{
- .cpu_partnumber = CORTEX_A57_MIDR,
- .cpu_errata_list = {
- [0] = {806969, 0x00, 0x00, ERRATA_A57_806969},
- [1] = {813419, 0x00, 0x00, ERRATA_A57_813419},
- [2] = {813420, 0x00, 0x00, ERRATA_A57_813420},
- [3] = {814670, 0x00, 0x00, ERRATA_A57_814670},
- [4] = {817169, 0x00, 0x01, ERRATA_A57_817169},
- [5] = {826974, 0x00, 0x11, ERRATA_A57_826974},
- [6] = {826977, 0x00, 0x11, ERRATA_A57_826977},
- [7] = {828024, 0x00, 0x11, ERRATA_A57_828024},
- [8] = {829520, 0x00, 0x12, ERRATA_A57_829520},
- [9] = {833471, 0x00, 0x12, ERRATA_A57_833471},
- [10] = {859972, 0x00, 0x13, ERRATA_A57_859972},
- [11] = {1319537, 0x00, 0xFF, ERRATA_A57_1319537},
- [12 ... ERRATA_LIST_END] = UNDEF_ERRATA,
- }
-},
-#endif /* CORTEX_A57_H_INC */
-
-#if CORTEX_A72_H_INC
-{
- .cpu_partnumber = CORTEX_A72_MIDR,
- .cpu_errata_list = {
- [0] = {859971, 0x00, 0x03, ERRATA_A72_859971},
- [1] = {1319367, 0x00, 0xFF, ERRATA_A72_1319367},
- [2 ... ERRATA_LIST_END] = UNDEF_ERRATA,
- }
-},
-#endif /* CORTEX_A72_H_INC */
-
-#if CORTEX_A73_H_INC
-{
- .cpu_partnumber = CORTEX_A73_MIDR,
- .cpu_errata_list = {
- [0] = {852427, 0x00, 0x00, ERRATA_A73_852427},
- [1] = {855423, 0x00, 0x01, ERRATA_A73_855423},
- [2 ... ERRATA_LIST_END] = UNDEF_ERRATA,
- }
-},
-#endif /* CORTEX_A73_H_INC */
-
-#if CORTEX_A75_H_INC
-{
- .cpu_partnumber = CORTEX_A75_MIDR,
- .cpu_errata_list = {
- [0] = {764081, 0x00, 0x00, ERRATA_A75_764081},
- [1] = {790748, 0x00, 0x00, ERRATA_A75_790748},
- [2 ... ERRATA_LIST_END] = UNDEF_ERRATA,
- }
-},
-#endif /* CORTEX_A75_H_INC */
-
-#if CORTEX_A76_H_INC
-{
- .cpu_partnumber = CORTEX_A76_MIDR,
- .cpu_errata_list = {
- [0] = {1073348, 0x00, 0x10, ERRATA_A76_1073348},
- [1] = {1130799, 0x00, 0x20, ERRATA_A76_1130799},
- [2] = {1165522, 0x00, 0xFF, ERRATA_A76_1165522},
- [3] = {1220197, 0x00, 0x20, ERRATA_A76_1220197},
- [4] = {1257314, 0x00, 0x30, ERRATA_A76_1257314},
- [5] = {1262606, 0x00, 0x30, ERRATA_A76_1262606},
- [6] = {1262888, 0x00, 0x30, ERRATA_A76_1262888},
- [7] = {1275112, 0x00, 0x30, ERRATA_A76_1275112},
- [8] = {1286807, 0x00, 0x30, ERRATA_A76_1286807},
- [9] = {1791580, 0x00, 0x40, ERRATA_A76_1791580},
- [10] = {1868343, 0x00, 0x40, ERRATA_A76_1868343},
- [11] = {1946160, 0x30, 0x41, ERRATA_A76_1946160},
- [12] = {2743102, 0x00, 0x41, ERRATA_A76_2743102},
- [13 ... ERRATA_LIST_END] = UNDEF_ERRATA,
- }
-},
-#endif /* CORTEX_A76_H_INC */
-
-#if CORTEX_A77_H_INC
-{
- .cpu_partnumber = CORTEX_A77_MIDR,
- .cpu_errata_list = {
- [0] = {1508412, 0x00, 0x10, ERRATA_A77_1508412},
- [1] = {1791578, 0x00, 0x11, ERRATA_A77_1791578},
- [2] = {1800714, 0x00, 0x11, ERRATA_A77_1800714},
- [3] = {1925769, 0x00, 0x11, ERRATA_A77_1925769},
- [4] = {1946167, 0x00, 0x11, ERRATA_A77_1946167},
- [5] = {2356587, 0x00, 0x11, ERRATA_A77_2356587},
- [6] = {2743100, 0x00, 0x11, ERRATA_A77_2743100},
- [7 ... ERRATA_LIST_END] = UNDEF_ERRATA,
- }
-},
-#endif /* CORTEX_A77_H_INC */
-
#if CORTEX_A78_H_INC
{
.cpu_partnumber = CORTEX_A78_MIDR,
.cpu_errata_list = {
- [0] = {1688305, 0x00, 0x10, ERRATA_A78_1688305},
- [1] = {1821534, 0x00, 0x10, ERRATA_A78_1821534},
- [2] = {1941498, 0x00, 0x11, ERRATA_A78_1941498},
- [3] = {1951500, 0x10, 0x11, ERRATA_A78_1951500},
- [4] = {1952683, 0x00, 0x00, ERRATA_A78_1952683},
- [5] = {2132060, 0x00, 0x12, ERRATA_A78_2132060},
- [6] = {2242635, 0x10, 0x12, ERRATA_A78_2242635},
- [7] = {2376745, 0x00, 0x12, ERRATA_A78_2376745},
- [8] = {2395406, 0x00, 0x12, ERRATA_A78_2395406},
- [9] = {2712571, 0x00, 0x12, ERRATA_A78_2712571, \
- ERRATA_NON_ARM_INTERCONNECT},
- [10] = {2742426, 0x00, 0x12, ERRATA_A78_2742426},
- [11] = {2772019, 0x00, 0x12, ERRATA_A78_2772019},
- [12] = {2779479, 0x00, 0x12, ERRATA_A78_2779479},
- [13 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [0] = {2712571, 0x00, 0x12},
+ [1 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_A78_H_INC */
@@ -216,13 +35,8 @@
{
.cpu_partnumber = CORTEX_A78_AE_MIDR,
.cpu_errata_list = {
- [0] = {1941500, 0x00, 0x01, ERRATA_A78_AE_1941500},
- [1] = {1951502, 0x00, 0x01, ERRATA_A78_AE_1951502},
- [2] = {2376748, 0x00, 0x02, ERRATA_A78_AE_2376748},
- [3] = {2395408, 0x00, 0x01, ERRATA_A78_AE_2395408},
- [4] = {2712574, 0x00, 0x02, ERRATA_A78_AE_2712574, \
- ERRATA_NON_ARM_INTERCONNECT},
- [5 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [0] = {2712574, 0x00, 0x02},
+ [1 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_A78_AE_H_INC */
@@ -231,82 +45,18 @@
{
.cpu_partnumber = CORTEX_A78C_MIDR,
.cpu_errata_list = {
- [0] = {1827430, 0x00, 0x00, ERRATA_A78C_1827430},
- [1] = {1827440, 0x00, 0x00, ERRATA_A78C_1827440},
- [2] = {2132064, 0x01, 0x02, ERRATA_A78C_2132064},
- [3] = {2242638, 0x01, 0x02, ERRATA_A78C_2242638},
- [4] = {2376749, 0x01, 0x02, ERRATA_A78C_2376749},
- [5] = {2395411, 0x01, 0x02, ERRATA_A78C_2395411},
- [6] = {2683027, 0x01, 0x02, ERRATA_A78C_2683027},
- [7] = {2712575, 0x01, 0x02, ERRATA_A78C_2712575, \
- ERRATA_NON_ARM_INTERCONNECT},
- [8] = {2743232, 0x01, 0x02, ERRATA_A78C_2743232},
- [9] = {2772121, 0x00, 0x02, ERRATA_A78C_2772121},
- [10] = {2779484, 0x01, 0x02, ERRATA_A78C_2779484},
- [11 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [0] = {2712575, 0x01, 0x02},
+ [1 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_A78C_H_INC */
-#if CORTEX_X1_H_INC
-{
- .cpu_partnumber = CORTEX_X1_MIDR,
- .cpu_errata_list = {
- [0] = {1688305, 0x00, 0x10, ERRATA_X1_1688305},
- [1] = {1821534, 0x00, 0x10, ERRATA_X1_1821534},
- [2] = {1827429, 0x00, 0x10, ERRATA_X1_1827429},
- [3 ... ERRATA_LIST_END] = UNDEF_ERRATA,
- }
-},
-#endif /* CORTEX_X1_H_INC */
-
-#if NEOVERSE_N1_H_INC
-{
- .cpu_partnumber = NEOVERSE_N1_MIDR,
- .cpu_errata_list = {
- [0] = {1043202, 0x00, 0x10, ERRATA_N1_1043202},
- [1] = {1073348, 0x00, 0x10, ERRATA_N1_1073348},
- [2] = {1130799, 0x00, 0x20, ERRATA_N1_1130799},
- [3] = {1165347, 0x00, 0x20, ERRATA_N1_1165347},
- [4] = {1207823, 0x00, 0x20, ERRATA_N1_1207823},
- [5] = {1220197, 0x00, 0x20, ERRATA_N1_1220197},
- [6] = {1257314, 0x00, 0x30, ERRATA_N1_1257314},
- [7] = {1262606, 0x00, 0x30, ERRATA_N1_1262606},
- [8] = {1262888, 0x00, 0x30, ERRATA_N1_1262888},
- [9] = {1275112, 0x00, 0x30, ERRATA_N1_1275112},
- [10] = {1315703, 0x00, 0x30, ERRATA_N1_1315703},
- [11] = {1542419, 0x30, 0x40, ERRATA_N1_1542419},
- [12] = {1868343, 0x00, 0x40, ERRATA_N1_1868343},
- [13] = {1946160, 0x30, 0x41, ERRATA_N1_1946160},
- [14] = {2743102, 0x00, 0x41, ERRATA_N1_2743102},
- [15 ... ERRATA_LIST_END] = UNDEF_ERRATA,
- }
-},
-#endif /* NEOVERSE_N1_H_INC */
-
#if NEOVERSE_V1_H_INC
{
.cpu_partnumber = NEOVERSE_V1_MIDR,
.cpu_errata_list = {
- [0] = {1618635, 0x00, 0x00, ERRATA_V1_1618635},
- [1] = {1774420, 0x00, 0x10, ERRATA_V1_1774420},
- [2] = {1791573, 0x00, 0x10, ERRATA_V1_1791573},
- [3] = {1852267, 0x00, 0x10, ERRATA_V1_1852267},
- [4] = {1925756, 0x00, 0x11, ERRATA_V1_1925756},
- [5] = {1940577, 0x10, 0x11, ERRATA_V1_1940577},
- [6] = {1966096, 0x10, 0x11, ERRATA_V1_1966096},
- [7] = {2108267, 0x00, 0x12, ERRATA_V1_2108267},
- [8] = {2139242, 0x00, 0x11, ERRATA_V1_2139242},
- [9] = {2216392, 0x10, 0x11, ERRATA_V1_2216392},
- [10] = {2294912, 0x00, 0x12, ERRATA_V1_2294912},
- [11] = {2348377, 0x00, 0x11, ERRATA_V1_2348377},
- [12] = {2372203, 0x00, 0x11, ERRATA_V1_2372203},
- [13] = {2701953, 0x00, 0x11, ERRATA_V1_2701953, \
- ERRATA_NON_ARM_INTERCONNECT},
- [14] = {2743093, 0x00, 0x12, ERRATA_V1_2743093},
- [15] = {2743233, 0x00, 0x12, ERRATA_V1_2743233},
- [16] = {2779461, 0x00, 0x12, ERRATA_V1_2779461},
- [17 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [0] = {2701953, 0x00, 0x11},
+ [1 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* NEOVERSE_V1_H_INC */
@@ -315,26 +65,8 @@
{
.cpu_partnumber = CORTEX_A710_MIDR,
.cpu_errata_list = {
- [0] = {1987031, 0x00, 0x20, ERRATA_A710_1987031},
- [1] = {2008768, 0x00, 0x20, ERRATA_A710_2008768},
- [2] = {2017096, 0x00, 0x20, ERRATA_A710_2017096},
- [3] = {2055002, 0x10, 0x20, ERRATA_A710_2055002},
- [4] = {2058056, 0x00, 0x21, ERRATA_A710_2058056},
- [5] = {2081180, 0x00, 0x20, ERRATA_A710_2081180},
- [6] = {2083908, 0x20, 0x20, ERRATA_A710_2083908},
- [7] = {2136059, 0x00, 0x20, ERRATA_A710_2136059},
- [8] = {2147715, 0x20, 0x20, ERRATA_A710_2147715},
- [9] = {2216384, 0x00, 0x20, ERRATA_A710_2216384},
- [10] = {2267065, 0x00, 0x20, ERRATA_A710_2267065},
- [11] = {2282622, 0x00, 0x21, ERRATA_A710_2282622},
- [12] = {2291219, 0x00, 0x20, ERRATA_A710_2291219},
- [13] = {2371105, 0x00, 0x20, ERRATA_A710_2371105},
- [14] = {2701952, 0x00, 0x21, ERRATA_A710_2701952, \
- ERRATA_NON_ARM_INTERCONNECT},
- [15] = {2742423, 0x00, 0x21, ERRATA_A710_2742423},
- [16] = {2768515, 0x00, 0x21, ERRATA_A710_2768515},
- [17] = {2778471, 0x00, 0x21, ERRATA_A710_2778471},
- [18 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [0] = {2701952, 0x00, 0x21},
+ [1 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_A710_H_INC */
@@ -343,28 +75,8 @@
{
.cpu_partnumber = NEOVERSE_N2_MIDR,
.cpu_errata_list = {
- [0] = {2002655, 0x00, 0x00, ERRATA_N2_2002655},
- [1] = {2009478, 0x00, 0x00, ERRATA_N2_2009478},
- [2] = {2025414, 0x00, 0x00, ERRATA_N2_2025414},
- [3] = {2067956, 0x00, 0x00, ERRATA_N2_2067956},
- [4] = {2138953, 0x00, 0x03, ERRATA_N2_2138953},
- [5] = {2138956, 0x00, 0x00, ERRATA_N2_2138956},
- [6] = {2138958, 0x00, 0x00, ERRATA_N2_2138958},
- [7] = {2189731, 0x00, 0x00, ERRATA_N2_2189731},
- [8] = {2242400, 0x00, 0x00, ERRATA_N2_2242400},
- [9] = {2242415, 0x00, 0x00, ERRATA_N2_2242415},
- [10] = {2280757, 0x00, 0x00, ERRATA_N2_2280757},
- [11] = {2326639, 0x00, 0x00, ERRATA_N2_2326639},
- [12] = {2340933, 0x00, 0x00, ERRATA_N2_2340933},
- [13] = {2346952, 0x00, 0x02, ERRATA_N2_2346952},
- [14] = {2376738, 0x00, 0x00, ERRATA_N2_2376738},
- [15] = {2388450, 0x00, 0x00, ERRATA_N2_2388450},
- [16] = {2728475, 0x00, 0x02, ERRATA_N2_2728475, \
- ERRATA_NON_ARM_INTERCONNECT},
- [17] = {2743014, 0x00, 0x02, ERRATA_N2_2743014},
- [18] = {2743089, 0x00, 0x02, ERRATA_N2_2743089},
- [19] = {2779511, 0x00, 0x02, ERRATA_N2_2779511},
- [20 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [0] = {2728475, 0x00, 0x02},
+ [1 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* NEOVERSE_N2_H_INC */
@@ -373,186 +85,126 @@
{
.cpu_partnumber = CORTEX_X2_MIDR,
.cpu_errata_list = {
- [0] = {2002765, 0x00, 0x20, ERRATA_X2_2002765},
- [1] = {2017096, 0x00, 0x20, ERRATA_X2_2017096},
- [2] = {2058056, 0x00, 0x21, ERRATA_X2_2058056},
- [3] = {2081180, 0x00, 0x20, ERRATA_X2_2081180},
- [4] = {2083908, 0x20, 0x20, ERRATA_X2_2083908},
- [5] = {2147715, 0x20, 0x20, ERRATA_X2_2147715},
- [6] = {2216384, 0x00, 0x20, ERRATA_X2_2216384},
- [7] = {2282622, 0x00, 0x21, ERRATA_X2_2282622},
- [8] = {2371105, 0x00, 0x20, ERRATA_X2_2371105},
- [9] = {2701952, 0x00, 0x21, ERRATA_X2_2701952, \
- ERRATA_NON_ARM_INTERCONNECT},
- [10] = {2742423, 0x00, 0x21, ERRATA_X2_2742423},
- [11] = {2768515, 0x00, 0x21, ERRATA_X2_2768515},
- [12] = {2778471, 0x00, 0x21, ERRATA_X2_2778471},
- [13 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [0] = {2701952, 0x00, 0x21},
+ [1 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_X2_H_INC */
-#if CORTEX_A510_H_INC
-{
- .cpu_partnumber = CORTEX_A510_MIDR,
- .cpu_errata_list = {
- [0] = {1922240, 0x00, 0x00, ERRATA_A510_1922240},
- [1] = {2041909, 0x02, 0x02, ERRATA_A510_2041909},
- [2] = {2042739, 0x00, 0x02, ERRATA_A510_2042739},
- [3] = {2080326, 0x02, 0x02, ERRATA_A510_2080326},
- [4] = {2172148, 0x00, 0x10, ERRATA_A510_2172148},
- [5] = {2218950, 0x00, 0x10, ERRATA_A510_2218950},
- [6] = {2250311, 0x00, 0x10, ERRATA_A510_2250311},
- [7] = {2288014, 0x00, 0x10, ERRATA_A510_2288014},
- [8] = {2347730, 0x00, 0x11, ERRATA_A510_2347730},
- [9] = {2371937, 0x00, 0x11, ERRATA_A510_2371937},
- [10] = {2666669, 0x00, 0x11, ERRATA_A510_2666669},
- [11] = {2684597, 0x00, 0x12, ERRATA_A510_2684597},
- [12 ... ERRATA_LIST_END] = UNDEF_ERRATA,
- }
-},
-#endif /* CORTEX_A510_H_INC */
-
#if NEOVERSE_V2_H_INC
{
.cpu_partnumber = NEOVERSE_V2_MIDR,
.cpu_errata_list = {
- [0] = {2331132, 0x00, 0x02, ERRATA_V2_2331132},
- [1] = {2618597, 0x00, 0x01, ERRATA_V2_2618597},
- [2] = {2662553, 0x00, 0x01, ERRATA_V2_2662553},
- [3] = {2719103, 0x00, 0x01, ERRATA_V2_2719103, \
- ERRATA_NON_ARM_INTERCONNECT},
- [4] = {2719105, 0x00, 0x01, ERRATA_V2_2719105},
- [5] = {2743011, 0x00, 0x01, ERRATA_V2_2743011},
- [6] = {2779510, 0x00, 0x01, ERRATA_V2_2779510},
- [7] = {2801372, 0x00, 0x01, ERRATA_V2_2801372},
- [8 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [0] = {2719103, 0x00, 0x01},
+ [1 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* NEOVERSE_V2_H_INC */
-#if CORTEX_A715_H_INC
-{
- .cpu_partnumber = CORTEX_A715_MIDR,
- .cpu_errata_list = {
- [0] = {2561034, 0x10, 0x10, ERRATA_A715_2561034},
- [1] = {2701951, 0x00, 0x11, ERRATA_A715_2701951, \
- ERRATA_NON_ARM_INTERCONNECT},
- [2 ... ERRATA_LIST_END] = UNDEF_ERRATA,
- }
-},
-#endif /* CORTEX_A715_H_INC */
-
#if CORTEX_X3_H_INC
{
.cpu_partnumber = CORTEX_X3_MIDR,
.cpu_errata_list = {
- [0] = {2070301, 0x00, 0x12, ERRATA_X3_2070301},
- [1] = {2266875, 0x00, 0x10, ERRATA_X3_2266875},
- [2] = {2302506, 0x00, 0x11, ERRATA_X3_2302506},
- [3] = {2313909, 0x00, 0x10, ERRATA_X3_2313909},
- [4] = {2372204, 0x00, 0x10, ERRATA_X3_2372204},
- [5] = {2615812, 0x00, 0x11, ERRATA_X3_2615812},
- [6] = {2641945, 0x00, 0x10, ERRATA_X3_2641945},
- [7] = {2742421, 0x00, 0x11, ERRATA_X3_2742421},
- [8] = {2743088, 0x00, 0x11, ERRATA_X3_2743088},
- [9] = {2779509, 0x00, 0x11, ERRATA_X3_2779509},
- [10 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [0] = {2701951, 0x00, 0x11},
+ [1 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_X3_H_INC */
-#if CORTEX_A520_H_INC
+#if CORTEX_X4_H_INC
{
- .cpu_partnumber = CORTEX_A520_MIDR,
+ .cpu_partnumber = CORTEX_X4_MIDR,
.cpu_errata_list = {
- [0] = {2630792, 0x00, 0x01, ERRATA_A520_2630792},
- [1] = {2858100, 0x00, 0x01, ERRATA_A520_2858100},
- [2 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [0] = {2701112, 0x00, 0x00},
+ [1 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
-#endif /* CORTEX_A520_H_INC */
+#endif /* CORTEX_X4_H_INC */
};
-/*
- * Function to do binary search and check for the specific errata ID
- * in the array of structures specific to the cpu identified.
- */
-int32_t binary_search(struct em_cpu_list *ptr, uint32_t erratum_id, uint8_t rxpx_val)
-{
- int low_index = 0U, mid_index = 0U;
+#if ERRATA_NON_ARM_INTERCONNECT
- int high_index = MAX_ERRATA_ENTRIES - 1;
+/* Check if the errata is enabled for non-arm interconnect */
+static int32_t non_arm_interconnect_errata(uint32_t errata_id, long rev_var)
+{
+ int32_t ret_val = EM_UNKNOWN_ERRATUM;
- assert(ptr != NULL);
+ /* Determine the number of cpu listed in the cpu list */
+ uint8_t size_cpulist = ARRAY_SIZE(cpu_list);
- /*
- * Pointer to the errata list of the cpu that matches
- * extracted partnumber in the cpu list
- */
- struct em_cpu *erratum_ptr = NULL;
+ /* Read the midr reg to extract cpu, revision and variant info */
+ uint32_t midr_val = read_midr();
- while (low_index <= high_index) {
- mid_index = (low_index + high_index) / 2;
+ for (uint8_t i = 0U; i < size_cpulist; i++) {
+ cpu_ptr = &cpu_list[i];
+ /*
+ * If the cpu partnumber in the cpu list, matches the midr
+ * part number, check to see if the errata ID matches
+ */
+ if (EXTRACT_PARTNUM(midr_val) == EXTRACT_PARTNUM(cpu_ptr->cpu_partnumber)) {
- erratum_ptr = &ptr->cpu_errata_list[mid_index];
- assert(erratum_ptr != NULL);
+ struct em_cpu *ptr = NULL;
- if (erratum_id < erratum_ptr->em_errata_id) {
- high_index = mid_index - 1;
- } else if (erratum_id > erratum_ptr->em_errata_id) {
- low_index = mid_index + 1;
- } else if (erratum_id == erratum_ptr->em_errata_id) {
- if (RXPX_RANGE(rxpx_val, erratum_ptr->em_rxpx_lo, \
- erratum_ptr->em_rxpx_hi)) {
- if ((erratum_ptr->errata_enabled) && \
- (!(erratum_ptr->non_arm_interconnect))) {
- return EM_HIGHER_EL_MITIGATION;
+ for (int j = 0; j < MAX_PLAT_CPU_ERRATA_ENTRIES; j++) {
+ ptr = &cpu_ptr->cpu_errata_list[j];
+ assert(ptr != NULL);
+ if (errata_id == ptr->em_errata_id) {
+ if (RXPX_RANGE(rev_var, ptr->em_rxpx_lo, ptr->em_rxpx_hi)) {
+ ret_val = EM_AFFECTED;
+ break;
+ }
+ ret_val = EM_NOT_AFFECTED;
+ break;
}
- return EM_AFFECTED;
}
- return EM_NOT_AFFECTED;
+ break;
}
}
- /* no matching errata ID */
- return EM_UNKNOWN_ERRATUM;
+ return ret_val;
}
+#endif
/* Function to check if the errata exists for the specific CPU and rxpx */
int32_t verify_errata_implemented(uint32_t errata_id, uint32_t forward_flag)
{
- /*
- * Read MIDR value and extract the revision, variant and partnumber
- */
- static uint32_t midr_val, cpu_partnum;
- static uint8_t cpu_rxpx_val;
- int32_t ret_val = EM_UNKNOWN_ERRATUM;
+ int32_t ret_val;
+ struct cpu_ops *cpu_ops;
+ struct erratum_entry *entry, *end;
+ long rev_var;
- /* Determine the number of cpu listed in the cpu list */
- uint8_t size_cpulist = ARRAY_SIZE(cpu_list);
+ ret_val = EM_UNKNOWN_ERRATUM;
+ rev_var = cpu_get_rev_var();
- /* Read the midr reg to extract cpu, revision and variant info */
- midr_val = read_midr();
+#if ERRATA_NON_ARM_INTERCONNECT
+ ret_val = non_arm_interconnect_errata(errata_id, rev_var);
+ if (ret_val != EM_UNKNOWN_ERRATUM) {
+ return ret_val;
+ }
+#endif
- /* Extract revision and variant from the MIDR register */
- cpu_rxpx_val = cpu_get_rev_var();
+ cpu_ops = get_cpu_ops_ptr();
+ assert(cpu_ops != NULL);
- /* Extract the cpu partnumber and check if the cpu is in the cpu list */
- cpu_partnum = EXTRACT_PARTNUM(midr_val);
+ entry = cpu_ops->errata_list_start;
+ assert(entry != NULL);
- for (uint8_t i = 0; i < size_cpulist; i++) {
- cpu_ptr = &cpu_list[i];
- uint16_t partnum_extracted = EXTRACT_PARTNUM(cpu_ptr->cpu_partnumber);
+ end = cpu_ops->errata_list_end;
+ assert(end != NULL);
- if (partnum_extracted == cpu_partnum) {
- /*
- * If the midr value is in the cpu list, binary search
- * for the errata ID and specific revision in the list.
- */
- ret_val = binary_search(cpu_ptr, errata_id, cpu_rxpx_val);
- break;
+ end--; /* point to the last erratum entry of the queried cpu */
+
+ while ((entry <= end) && (ret_val == EM_UNKNOWN_ERRATUM)) {
+ if (entry->id == errata_id) {
+ if (entry->check_func(rev_var)) {
+ if (entry->chosen)
+ return EM_HIGHER_EL_MITIGATION;
+ else
+ return EM_AFFECTED;
+ }
+ return EM_NOT_AFFECTED;
}
+ entry += 1;
}
return ret_val;
}
diff --git a/services/std_svc/rmmd/rmmd_main.c b/services/std_svc/rmmd/rmmd_main.c
index fb096bc..b3b2a69 100644
--- a/services/std_svc/rmmd/rmmd_main.c
+++ b/services/std_svc/rmmd/rmmd_main.c
@@ -109,8 +109,8 @@
static void rmm_el2_context_init(el2_sysregs_t *regs)
{
- regs->ctx_regs[CTX_SPSR_EL2 >> 3] = REALM_SPSR_EL2;
- regs->ctx_regs[CTX_SCTLR_EL2 >> 3] = SCTLR_EL2_RES1;
+ write_el2_ctx_common(regs, spsr_el2, REALM_SPSR_EL2);
+ write_el2_ctx_common(regs, sctlr_el2, SCTLR_EL2_RES1);
}
/*******************************************************************************
diff --git a/services/std_svc/sdei/sdei_intr_mgmt.c b/services/std_svc/sdei/sdei_intr_mgmt.c
index 72bc33f..c58adba 100644
--- a/services/std_svc/sdei/sdei_intr_mgmt.c
+++ b/services/std_svc/sdei/sdei_intr_mgmt.c
@@ -13,6 +13,7 @@
#include <arch_features.h>
#include <bl31/ehf.h>
#include <bl31/interrupt_mgmt.h>
+#include <bl31/sync_handle.h>
#include <common/bl_common.h>
#include <common/debug.h>
#include <common/runtime_svc.h>
@@ -237,9 +238,7 @@
/*
* Prepare for ERET:
* - Set the ELR to the registered handler address
- * - Set the SPSR register as described in the SDEI documentation and
- * the AArch64.TakeException() pseudocode function in
- * ARM DDI 0487F.c page J1-7635
+ * - Set the SPSR register by calling the common create_spsr() function
*/
static void sdei_set_elr_spsr(sdei_entry_t *se, sdei_dispatch_context_t *disp_ctx)
@@ -250,57 +249,7 @@
u_register_t interrupted_pstate = disp_ctx->spsr_el3;
- /* Check the SPAN bit in the client el SCTLR */
- u_register_t client_el_sctlr;
-
- if (client_el == MODE_EL2) {
- client_el_sctlr = read_sctlr_el2();
- } else {
- client_el_sctlr = read_sctlr_el1();
- }
-
- /*
- * Check whether to force the PAN bit or use the value in the
- * interrupted EL according to the check described in
- * TakeException. Since the client can only be Non-Secure
- * EL2 or El1 some of the conditions in ElIsInHost() we know
- * will always be True.
- * When the client_el is EL2 we know that there will be a SPAN
- * bit in SCTLR_EL2 as we have already checked for the condition
- * HCR_EL2.E2H = 1 and HCR_EL2.TGE = 1
- */
- u_register_t hcr_el2 = read_hcr();
- bool el_is_in_host = (read_feat_vhe_id_field() != 0U) &&
- (hcr_el2 & HCR_TGE_BIT) &&
- (hcr_el2 & HCR_E2H_BIT);
-
- if (is_feat_pan_supported() &&
- ((client_el == MODE_EL1) ||
- (client_el == MODE_EL2 && el_is_in_host)) &&
- ((client_el_sctlr & SCTLR_SPAN_BIT) == 0U)) {
- sdei_spsr |= SPSR_PAN_BIT;
- } else {
- sdei_spsr |= (interrupted_pstate & SPSR_PAN_BIT);
- }
-
- /* If SSBS is implemented, take the value from the client el SCTLR */
- u_register_t ssbs_enabled = (read_id_aa64pfr1_el1()
- >> ID_AA64PFR1_EL1_SSBS_SHIFT)
- & ID_AA64PFR1_EL1_SSBS_MASK;
- if (ssbs_enabled != SSBS_UNAVAILABLE) {
- u_register_t ssbs_bit = ((client_el_sctlr & SCTLR_DSSBS_BIT)
- >> SCTLR_DSSBS_SHIFT)
- << SPSR_SSBS_SHIFT_AARCH64;
- sdei_spsr |= ssbs_bit;
- }
-
- /* If MTE is implemented in the client el set the TCO bit */
- if (is_feat_mte_supported()) {
- sdei_spsr |= SPSR_TCO_BIT_AARCH64;
- }
-
- /* Take the DIT field from the pstate of the interrupted el */
- sdei_spsr |= (interrupted_pstate & SPSR_DIT_BIT);
+ sdei_spsr = create_spsr(interrupted_pstate, client_el);
cm_set_elr_spsr_el3(NON_SECURE, (uintptr_t) se->ep, sdei_spsr);
}