Merge changes from topic "full_dev_rsa_key" into integration
* changes:
docs(arm): add ARM_ROTPK_LOCATION variant full key
feat(arm): add ARM_ROTPK_LOCATION variant full key
diff --git a/docs/components/realm-management-extension.rst b/docs/components/realm-management-extension.rst
index 6fc0c2e..2ea8012 100644
--- a/docs/components/realm-management-extension.rst
+++ b/docs/components/realm-management-extension.rst
@@ -196,7 +196,7 @@
-C bp.refcounter.use_real_time=0 \
-C bp.ve_sysregs.exit_on_shutdown=1 \
-C cache_state_modelled=1 \
- -C bp.dram_size=2 \
+ -C bp.dram_size=4 \
-C bp.secure_memory=1 \
-C pci.pci_smmuv3.mmu.SMMU_ROOT_IDR0=3 \
-C pci.pci_smmuv3.mmu.SMMU_ROOT_IIDR=0x43B \
diff --git a/docs/components/rmm-el3-comms-spec.rst b/docs/components/rmm-el3-comms-spec.rst
index 8070ff4..25c4269 100644
--- a/docs/components/rmm-el3-comms-spec.rst
+++ b/docs/components/rmm-el3-comms-spec.rst
@@ -101,7 +101,7 @@
x2,Maximum number of CPUs to be supported at runtime. RMM should ensure that it can support this maximum number.
x3,Base address for the shared buffer used for communication between EL3 firmware and RMM. This buffer must be of 4KB size (1 page). The boot manifest must be present at the base of this shared buffer during cold boot.
-During cold boot, EL3 firmware needs to allocate a 4K page that will be
+During cold boot, EL3 firmware needs to allocate a 4KB page that will be
passed to RMM in x3. This memory will be used as shared buffer for communication
between EL3 and RMM. It must be assigned to Realm world and must be mapped with
Normal memory attributes (IWB-OWB-ISH) at EL3. At boot, this memory will be
@@ -522,8 +522,8 @@
.. _rmm_el3_manifest_struct:
-RMM-EL3 Boot Manifest Version
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+RMM-EL3 Boot Manifest structure
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The RMM-EL3 Boot Manifest structure contains platform boot information passed
from EL3 to RMM. The width of the Boot Manifest is 128 bits
diff --git a/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml b/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml
new file mode 100644
index 0000000..23f5b17
--- /dev/null
+++ b/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml
@@ -0,0 +1,77 @@
+/'
+ ' Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+ '
+ ' SPDX-License-Identifier: BSD-3-Clause
+ '/
+
+/'
+TF-A Data Flow Diagram including RSS
+'/
+
+@startuml
+digraph tfa_dfd {
+
+ # Arrange nodes from left to right
+ rankdir="LR"
+
+ # Allow arrows to end on cluster boundaries
+ compound=true
+
+ # Default settings for edges and nodes
+ edge [minlen=2 color="#8c1b07"]
+ node [fillcolor="#ffb866" style=filled shape=box fixedsize=true width=1.6 height=0.7]
+
+ # Nodes outside of the trust boundary
+ nsec [label="Non-secure\nClients"]
+ sec [label="Secure\nClients"]
+ dbg [label="Debug & Trace"]
+ logs [label="Logs\n(UART)"]
+ nvm [label="Non-volatile\nMemory"]
+
+
+ # Trust boundary cluster
+ subgraph cluster_trusted{
+ graph [style=dashed color="#f22430"]
+
+ # HW IPs cluster
+ subgraph cluster_ip{
+ label ="Hardware IPs";
+ graph [style=filled color="#000000" fillcolor="#ffd29e"]
+
+ rank="same"
+ gic [label="GIC" width=1.2 height=0.5]
+ tzc [label="TZ\nController" width=1.2 height=0.5]
+ etc [label="..." shape=none style=none height=0.5]
+ }
+
+ # TF-A cluster
+ subgraph cluster_tfa{
+ label ="TF-A";
+ graph [style=filled color="#000000" fillcolor="#faf9cd"]
+
+ bl1 [label="Boot ROM\n(BL1)" fillcolor="#ddffb3"];
+ bl2 [label="Trusted Boot\nFirmware\n(BL2)" fillcolor="#ddffb3" height=1]
+ bl31 [label="TF-A Runtime\n(BL31)" fillcolor="#ddffb3"]
+ }
+
+ # RSS cluster
+ subgraph cluster_rss{
+ label ="RSS";
+ graph [style=filled color="#000000" fillcolor="#faf9cd"]
+
+ rss [label="Runtime Security\n\ Subsystem\n\ (RSS)" fillcolor="#ddffb3"]
+ }
+ }
+
+ # Interactions between nodes
+ nvm -> bl31 [lhead=cluster_tfa label="DF1"]
+ logs -> bl31 [dir="back" lhead=cluster_tfa label="DF2"]
+ dbg -> bl2 [dir="both" lhead=cluster_tfa label="DF3"]
+ sec -> bl2 [dir="both" lhead=cluster_tfa label="DF4"]
+ nsec -> bl1 [dir="both" lhead=cluster_tfa, label="DF5"]
+ bl2 -> tzc [dir="both" ltail=cluster_tfa lhead=cluster_ip label="DF6" minlen=1]
+ bl31 -> rss [dir="both" ltail=cluster_tfa lhead=cluster_rss label="DF7" minlen=1]
+
+}
+
+@enduml
diff --git a/docs/threat_model/index.rst b/docs/threat_model/index.rst
index ad8b82a..9fd55a9 100644
--- a/docs/threat_model/index.rst
+++ b/docs/threat_model/index.rst
@@ -16,7 +16,8 @@
threat_model_spm
threat_model_el3_spm
threat_model_fvp_r
+ threat_model_rss_interface
--------------
-*Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/threat_model.rst
index 38e5c87..99bbb3a 100644
--- a/docs/threat_model/threat_model.rst
+++ b/docs/threat_model/threat_model.rst
@@ -170,7 +170,7 @@
For each threat identified, a risk rating that ranges
from *informational* to *critical* is given based on the likelihood of the
-threat occuring if a mitigation is not in place, and the impact of the
+threat occurring if a mitigation is not in place, and the impact of the
threat (i.e. how severe the consequences could be). Table 4 explains each
rating in terms of score, impact and likelihood.
@@ -778,8 +778,9 @@
+========================+====================================================+
| Threat | | **Misconfiguration of the Memory Management Unit |
| | (MMU) may allow a normal world software to |
-| | access sensitive data or execute arbitrary |
-| | code** |
+| | access sensitive data, execute arbitrary |
+| | code or access otherwise restricted HW |
+| | interface** |
| | |
| | | A misconfiguration of the MMU could |
| | lead to an open door for software running in the |
@@ -853,6 +854,8 @@
+------------------------+-----------------------------------------------------+
| Threat Type | Information Disclosure |
+------------------------+-------------------+----------------+----------------+
+| Application | Server | IoT | Mobile |
++------------------------+-------------------+----------------+----------------+
| Impact | Medium (3) | Medium (3) | Medium (3) |
+------------------------+-------------------+----------------+----------------+
| Likelihood | Low (2) | Low (2) | Low (2) |
@@ -880,6 +883,41 @@
| | mitigated. |
+------------------------+-----------------------------------------------------+
++------------------------+-----------------------------------------------------+
+| ID | 13 |
++========================+=====================================================+
+| Threat | | **Leaving sensitive information in the memory, |
+| | can allow an attacker to retrieve them.** |
+| | |
+| | | Accidentally leaving not-needed sensitive data in |
+| | internal buffers can leak them if an attacker |
+| | gains access to memory due to a vulnerability. |
++------------------------+-----------------------------------------------------+
+| Diagram Elements | DF4, DF5 |
++------------------------+-----------------------------------------------------+
+| Affected TF-A | BL1, BL2, BL31 |
+| Components | |
++------------------------+-----------------------------------------------------+
+| Assets | Sensitive Data |
++------------------------+-----------------------------------------------------+
+| Threat Agent | NSCode, SecCode |
++------------------------+-----------------------------------------------------+
+| Threat Type | Information Disclosure |
++------------------------+-------------------+----------------+----------------+
+| Application | Server | IoT | Mobile |
++------------------------+-------------------+----------------+----------------+
+| Impact | Critical (5) | Critical (5) | Critical (5) |
++------------------------+-------------------+----------------+----------------+
+| Likelihood | Medium (3) | Medium (3) | Medium (3) |
++------------------------+-------------------+----------------+----------------+
+| Total Risk Rating | High (15) | High (15) | High (15) |
++------------------------+-------------------+----------------+----------------+
+| Mitigations | Clear the sensitive data from internal buffers as |
+| | soon as they are not needed anymore. |
++------------------------+-----------------------------------------------------+
+| Mitigations | | Yes / Platform specific |
++------------------------+-----------------------------------------------------+
+
--------------
*Copyright (c) 2021-2022, Arm Limited. All rights reserved.*
diff --git a/docs/threat_model/threat_model_rss_interface.rst b/docs/threat_model/threat_model_rss_interface.rst
new file mode 100644
index 0000000..4bceb63
--- /dev/null
+++ b/docs/threat_model/threat_model_rss_interface.rst
@@ -0,0 +1,59 @@
+Threat Model for RSS - AP interface
+***********************************
+
+************
+Introduction
+************
+This document is an extension for the general TF-A threat-model. It considers
+those platforms where a Runtime Security Subsystem (RSS) is included in the SoC
+next to the Application Processor (AP).
+
+********************
+Target of Evaluation
+********************
+The scope of this threat model only includes the interface between the RSS and
+AP. Otherwise, the TF-A :ref:`Generic Threat Model` document is applicable for
+the AP core. The threat model for the RSS firmware will be provided by the RSS
+firmware project in the future.
+
+
+Data Flow Diagram
+=================
+This diagram is different only from the general TF-A data flow diagram in that
+it includes the RSS and highlights the interface between the AP and the RSS
+cores. The interface description only focuses on the AP-RSS interface the rest
+is the same as in the general TF-A threat-model document.
+
+.. uml:: ../resources/diagrams/plantuml/tfa_rss_dfd.puml
+ :caption: Figure 1: TF-A Data Flow Diagram including RSS
+
+.. table:: Table 1: TF-A - RSS data flow diagram
+
+ +-----------------+--------------------------------------------------------+
+ | Diagram Element | Description |
+ +=================+========================================================+
+ | DF7 | | Boot images interact with RSS over a communication |
+ | | channel to record boot measurements and get image |
+ | | verification keys. At runtime, BL31 obtains the |
+ | | realm world attestation signing key from RSS. |
+ +-----------------+--------------------------------------------------------+
+
+Threat Assessment
+=================
+For this section, please reference the Threat Assessment under the general TF-A
+threat-model document, :ref:`Generic Threat Model`. All the threats listed there
+are applicable for the AP core, here only the differences are highlighted.
+
+ - ID 11: The access to the communication interface between AP and RSS is
+ allowed only for firmware running at EL3. Accidentally exposing this
+ interface to NSCode can allow malicious code to interact with RSS and
+ gain access to sensitive data.
+ - ID 13: Relevant in the context of the realm attestation key, which can be
+ retrieved by BL31 through DF7. The RSS communication protocol layer
+ mitigates against this by clearing its internal buffer when reply is
+ received. The caller of the API must do the same if data is not needed
+ anymore.
+
+--------------
+
+*Copyright (c) 2022, Arm Limited. All rights reserved.*
\ No newline at end of file
diff --git a/drivers/arm/rss/rss_comms.c b/drivers/arm/rss/rss_comms.c
index 5e224e1..4622af9 100644
--- a/drivers/arm/rss/rss_comms.c
+++ b/drivers/arm/rss/rss_comms.c
@@ -156,14 +156,22 @@
err = mhu_init_sender(mhu_sender_base);
if (err != MHU_ERR_NONE) {
- ERROR("[RSS-COMMS] Host to RSS MHU driver initialization failed: %d\n", err);
- return -1;
+ if (err == MHU_ERR_ALREADY_INIT) {
+ INFO("[RSS-COMMS] Host to RSS MHU driver already initialized\n");
+ } else {
+ ERROR("[RSS-COMMS] Host to RSS MHU driver initialization failed: %d\n", err);
+ return -1;
+ }
}
err = mhu_init_receiver(mhu_receiver_base);
if (err != MHU_ERR_NONE) {
- ERROR("[RSS-COMMS] RSS to Host MHU driver initialization failed: %d\n", err);
- return -1;
+ if (err == MHU_ERR_ALREADY_INIT) {
+ INFO("[RSS-COMMS] RSS to Host MHU driver already initialized\n");
+ } else {
+ ERROR("[RSS-COMMS] RSS to Host MHU driver initialization failed: %d\n", err);
+ return -1;
+ }
}
return 0;
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index 16ce65f..ae4b067 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -22,7 +22,7 @@
MBEDTLS_SOURCES += drivers/auth/mbedtls/mbedtls_common.c
-LIBMBEDTLS_SRCS := $(addprefix ${MBEDTLS_DIR}/library/, \
+LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \
aes.c \
asn1parse.c \
asn1write.c \
diff --git a/drivers/st/clk/clk-stm32-core.c b/drivers/st/clk/clk-stm32-core.c
index bb03125..9fe8c8c 100644
--- a/drivers/st/clk/clk-stm32-core.c
+++ b/drivers/st/clk/clk-stm32-core.c
@@ -466,10 +466,9 @@
{
const struct clk_stm32 *clk = _clk_get(priv, id);
int parent;
- unsigned long rate = 0UL;
if ((unsigned int)id >= priv->num) {
- return rate;
+ return 0UL;
}
parent = _clk_stm32_get_parent(priv, id);
@@ -484,21 +483,14 @@
prate = _clk_stm32_get_rate(priv, parent);
}
- rate = clk->ops->recalc_rate(priv, id, prate);
-
- return rate;
+ return clk->ops->recalc_rate(priv, id, prate);
}
- switch (parent) {
- case CLK_IS_ROOT:
+ if (parent == CLK_IS_ROOT) {
panic();
-
- default:
- rate = _clk_stm32_get_rate(priv, parent);
- break;
}
- return rate;
+ return _clk_stm32_get_rate(priv, parent);
}
unsigned long _clk_stm32_get_parent_rate(struct stm32_clk_priv *priv, int id)
@@ -519,7 +511,7 @@
bool _stm32_clk_is_flags(struct stm32_clk_priv *priv, int id, uint8_t flag)
{
- if (_stm32_clk_get_flags(priv, id) & flag) {
+ if ((_stm32_clk_get_flags(priv, id) & flag) != 0U) {
return true;
}
@@ -549,7 +541,7 @@
}
if (parent != CLK_IS_ROOT) {
ret = _clk_stm32_enable_core(priv, parent);
- if (ret) {
+ if (ret != 0) {
return ret;
}
}
diff --git a/drivers/st/clk/clk-stm32mp13.c b/drivers/st/clk/clk-stm32mp13.c
index c960928..db427ad 100644
--- a/drivers/st/clk/clk-stm32mp13.c
+++ b/drivers/st/clk/clk-stm32mp13.c
@@ -456,7 +456,7 @@
},\
}
-static const struct parent_cfg parent_mp13[] = {
+static const struct parent_cfg parent_mp13[MUX_MAX] = {
MUX_CFG(MUX_ADC1, ADC1_src, RCC_ADC12CKSELR, 0, 2),
MUX_CFG(MUX_ADC2, ADC2_src, RCC_ADC12CKSELR, 2, 2),
MUX_RDY_CFG(MUX_AXI, AXI_src, RCC_ASSCKSELR, 0, 3),
@@ -841,7 +841,7 @@
.bitrdy = _bitrdy,\
}
-static const struct div_cfg dividers_mp13[] = {
+static const struct div_cfg dividers_mp13[DIV_MAX] = {
DIV_CFG(DIV_PLL1DIVP, RCC_PLL1CFGR2, 0, 7, 0, NULL, DIV_NO_BIT_RDY),
DIV_CFG(DIV_PLL2DIVP, RCC_PLL2CFGR2, 0, 7, 0, NULL, DIV_NO_BIT_RDY),
DIV_CFG(DIV_PLL2DIVQ, RCC_PLL2CFGR2, 8, 7, 0, NULL, DIV_NO_BIT_RDY),
@@ -1119,7 +1119,7 @@
return ret;
}
- if (enable) {
+ if (enable != 0) {
clk_stm32_enable_call_ops(priv, clk_id);
} else {
clk_stm32_disable_call_ops(priv, clk_id);
@@ -1450,7 +1450,7 @@
/* Configure PLLs source */
ret = stm32_clk_configure_mux(priv, pll_conf->vco.src);
- if (ret) {
+ if (ret != 0) {
return ret;
}
@@ -1485,7 +1485,7 @@
{
struct stm32_pll_dt_cfg *pll_conf = clk_stm32_pll_get_pdata(pll_idx);
- if (pll_conf->vco.status) {
+ if (pll_conf->vco.status != 0U) {
return _clk_stm32_pll_init(priv, pll_idx, pll_conf);
}
@@ -1497,22 +1497,22 @@
int err = 0;
err = clk_stm32_pll_init(priv, _PLL1);
- if (err) {
+ if (err != 0) {
return err;
}
err = clk_stm32_pll_init(priv, _PLL2);
- if (err) {
+ if (err != 0) {
return err;
}
err = clk_stm32_pll_init(priv, _PLL3);
- if (err) {
+ if (err != 0) {
return err;
}
err = clk_stm32_pll_init(priv, _PLL4);
- if (err) {
+ if (err != 0) {
return err;
}
@@ -2242,7 +2242,7 @@
size_t i = 0U;
for (i = _PLL1; i < pdata->npll; i++) {
- struct stm32_pll_dt_cfg *pll = pdata->pll + i;
+ struct stm32_pll_dt_cfg *pll = &pdata->pll[i];
char name[RCC_PLL_NAME_SIZE];
int subnode = 0;
int err = 0;
diff --git a/drivers/st/gpio/stm32_gpio.c b/drivers/st/gpio/stm32_gpio.c
index 708989f..a4a64ca 100644
--- a/drivers/st/gpio/stm32_gpio.c
+++ b/drivers/st/gpio/stm32_gpio.c
@@ -234,27 +234,27 @@
clk_enable(clock);
mmio_clrsetbits_32(base + GPIO_MODE_OFFSET,
- (uint32_t)GPIO_MODE_MASK << (pin << 1),
- mode << (pin << 1));
+ (uint32_t)GPIO_MODE_MASK << (pin << 1U),
+ mode << (pin << 1U));
mmio_clrsetbits_32(base + GPIO_TYPE_OFFSET,
(uint32_t)GPIO_TYPE_MASK << pin,
type << pin);
mmio_clrsetbits_32(base + GPIO_SPEED_OFFSET,
- (uint32_t)GPIO_SPEED_MASK << (pin << 1),
- speed << (pin << 1));
+ (uint32_t)GPIO_SPEED_MASK << (pin << 1U),
+ speed << (pin << 1U));
mmio_clrsetbits_32(base + GPIO_PUPD_OFFSET,
- (uint32_t)GPIO_PULL_MASK << (pin << 1),
- pull << (pin << 1));
+ (uint32_t)GPIO_PULL_MASK << (pin << 1U),
+ pull << (pin << 1U));
if (pin < GPIO_ALT_LOWER_LIMIT) {
mmio_clrsetbits_32(base + GPIO_AFRL_OFFSET,
- (uint32_t)GPIO_ALTERNATE_MASK << (pin << 2),
- alternate << (pin << 2));
+ (uint32_t)GPIO_ALTERNATE_MASK << (pin << 2U),
+ alternate << (pin << 2U));
} else {
- size_t shift = (pin - GPIO_ALT_LOWER_LIMIT) << 2;
+ uint32_t shift = (pin - GPIO_ALT_LOWER_LIMIT) << 2U;
mmio_clrsetbits_32(base + GPIO_AFRH_OFFSET,
(uint32_t)GPIO_ALTERNATE_MASK << shift,
diff --git a/drivers/st/mmc/stm32_sdmmc2.c b/drivers/st/mmc/stm32_sdmmc2.c
index 6bdd782..1ee3580 100644
--- a/drivers/st/mmc/stm32_sdmmc2.c
+++ b/drivers/st/mmc/stm32_sdmmc2.c
@@ -528,12 +528,12 @@
uint32_t data_ctrl = SDMMC_DCTRLR_DTDIR;
uint32_t arg_size;
- assert(size != 0U);
+ assert((size != 0U) && (size <= UINT32_MAX));
if (size > MMC_BLOCK_SIZE) {
arg_size = MMC_BLOCK_SIZE;
} else {
- arg_size = size;
+ arg_size = (uint32_t)size;
}
sdmmc2_params.use_dma = plat_sdmmc2_use_dma(base, buf);
diff --git a/drivers/st/pmic/stm32mp_pmic.c b/drivers/st/pmic/stm32mp_pmic.c
index 5b43760..1e16287 100644
--- a/drivers/st/pmic/stm32mp_pmic.c
+++ b/drivers/st/pmic/stm32mp_pmic.c
@@ -20,6 +20,7 @@
#include <platform_def.h>
#define PMIC_NODE_NOT_FOUND 1
+#define NB_REG 14U
static struct i2c_handle_s i2c_handle;
static uint32_t pmic_i2c_addr;
@@ -454,13 +455,13 @@
};
#define DEFINE_REGU(name) { \
- .node_name = name, \
+ .node_name = (name), \
.ops = &pmic_ops, \
.driver_data = NULL, \
.enable_ramp_delay = 1000, \
}
-static const struct regul_description pmic_regs[] = {
+static const struct regul_description pmic_regs[NB_REG] = {
[STPMIC1_BUCK1] = DEFINE_REGU("buck1"),
[STPMIC1_BUCK2] = DEFINE_REGU("buck2"),
[STPMIC1_BUCK3] = DEFINE_REGU("buck3"),
@@ -477,8 +478,6 @@
[STPMIC1_SW_OUT] = DEFINE_REGU("pwr_sw2"),
};
-#define NB_REG ARRAY_SIZE(pmic_regs)
-
static int register_pmic(void)
{
void *fdt;
@@ -506,7 +505,7 @@
unsigned int i;
int ret;
- for (i = 0; i < NB_REG; i++) {
+ for (i = 0U; i < NB_REG; i++) {
desc = &pmic_regs[i];
if (strcmp(desc->node_name, reg_name) == 0) {
break;
diff --git a/drivers/st/regulator/regulator_core.c b/drivers/st/regulator/regulator_core.c
index 5cc8329..2a5d0f7 100644
--- a/drivers/st/regulator/regulator_core.c
+++ b/drivers/st/regulator/regulator_core.c
@@ -17,14 +17,16 @@
#define MAX_PROPERTY_LEN 64
+CASSERT(PLAT_NB_RDEVS >= 1U, plat_nb_rdevs_must_be_higher);
+
static struct rdev rdev_array[PLAT_NB_RDEVS];
#define for_each_rdev(rdev) \
- for (rdev = rdev_array; rdev < (rdev_array + PLAT_NB_RDEVS); rdev++)
+ for ((rdev) = rdev_array; (rdev) <= &rdev_array[PLAT_NB_RDEVS - 1U]; (rdev)++)
#define for_each_registered_rdev(rdev) \
- for (rdev = rdev_array; \
- (rdev < (rdev_array + PLAT_NB_RDEVS)) && (rdev->desc != NULL); rdev++)
+ for ((rdev) = rdev_array; \
+ ((rdev) <= &rdev_array[PLAT_NB_RDEVS - 1U]) && ((rdev)->desc != NULL); (rdev)++)
static void lock_driver(const struct rdev *rdev)
{
@@ -86,7 +88,7 @@
char prop_name[MAX_PROPERTY_LEN];
len = snprintf(prop_name, MAX_PROPERTY_LEN - 1, "%s-supply", name);
- assert((len >= 0) && (len < MAX_PROPERTY_LEN - 1));
+ assert((len >= 0) && (len < (MAX_PROPERTY_LEN - 1)));
cuint = fdt_getprop(fdt, node, prop_name, NULL);
if (cuint != NULL) {
@@ -156,7 +158,7 @@
assert(rdev != NULL);
- if (rdev->flags & REGUL_ALWAYS_ON) {
+ if ((rdev->flags & REGUL_ALWAYS_ON) != 0U) {
return 0;
}
@@ -525,7 +527,7 @@
}
}
- if (rdev == rdev_array + PLAT_NB_RDEVS) {
+ if (rdev > &rdev_array[PLAT_NB_RDEVS - 1U]) {
WARN("Not enough place for regulators, PLAT_NB_RDEVS should be increased.\n");
return -ENOMEM;
}
diff --git a/fdts/fvp-base-psci-common.dtsi b/fdts/fvp-base-psci-common.dtsi
index 6018f0c..7838fde 100644
--- a/fdts/fvp-base-psci-common.dtsi
+++ b/fdts/fvp-base-psci-common.dtsi
@@ -28,7 +28,7 @@
#size-cells = <2>;
#if (ENABLE_RME == 1)
- chosen { bootargs = "mem=1G console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=on";};
+ chosen { bootargs = "console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=on";};
#else
chosen {};
#endif
diff --git a/include/drivers/arm/css/scmi.h b/include/drivers/arm/css/scmi.h
index 9dd08e5..356012b 100644
--- a/include/drivers/arm/css/scmi.h
+++ b/include/drivers/arm/css/scmi.h
@@ -168,7 +168,7 @@
int scmi_ap_core_get_reset_addr(void *p, uint64_t *reset_addr, uint32_t *attr);
/* API to get the platform specific SCMI channel information. */
-scmi_channel_plat_info_t *plat_css_get_scmi_info(int channel_id);
+scmi_channel_plat_info_t *plat_css_get_scmi_info(unsigned int channel_id);
/* API to override default PSCI callbacks for platforms that support SCMI. */
const plat_psci_ops_t *css_scmi_override_pm_ops(plat_psci_ops_t *ops);
diff --git a/include/lib/psa/measured_boot.h b/include/lib/psa/measured_boot.h
index 47aa0b9..231da2c 100644
--- a/include/lib/psa/measured_boot.h
+++ b/include/lib/psa/measured_boot.h
@@ -74,4 +74,53 @@
size_t measurement_value_size,
bool lock_measurement);
+/**
+ * Retrieves a measurement from the requested slot.
+ *
+ * index Slot number from which measurement is to be
+ * retrieved.
+ * signer_id Pointer to signer_id buffer.
+ * signer_id_size Size of the signer_id buffer in bytes.
+ * signer_id_len On success, number of bytes that make up
+ * signer_id.
+ * version Pointer to version buffer.
+ * version_size Size of the version buffer in bytes.
+ * version_len On success, number of bytes that makeup the
+ * version.
+ * measurement_algo Pointer to measurement_algo.
+ * sw_type Pointer to sw_type buffer.
+ * sw_type_size Size of the sw_type buffer in bytes.
+ * sw_type_len On success, number of bytes that makeup the
+ * sw_type.
+ * measurement_value Pointer to measurement_value buffer.
+ * measurement_value_size Size of the measurement_value buffer in bytes.
+ * measurement_value_len On success, number of bytes that make up the
+ * measurement_value.
+ * is_locked Pointer to lock status of requested measurement
+ * slot.
+ *
+ * PSA_SUCCESS
+ * - Success.
+ * PSA_ERROR_INVALID_ARGUMENT
+ * - The size of at least one of the output buffers is incorrect or the
+ * requested slot index is invalid.
+ * PSA_ERROR_DOES_NOT_EXIST
+ * - The requested slot is empty, does not contain a measurement.
+ */
+psa_status_t rss_measured_boot_read_measurement(uint8_t index,
+ uint8_t *signer_id,
+ size_t signer_id_size,
+ size_t *signer_id_len,
+ uint8_t *version,
+ size_t version_size,
+ size_t *version_len,
+ uint32_t *measurement_algo,
+ uint8_t *sw_type,
+ size_t sw_type_size,
+ size_t *sw_type_len,
+ uint8_t *measurement_value,
+ size_t measurement_value_size,
+ size_t *measurement_value_len,
+ bool *is_locked);
+
#endif /* PSA_MEASURED_BOOT_H */
diff --git a/include/plat/arm/common/arm_pas_def.h b/include/plat/arm/common/arm_pas_def.h
index c199302..fba8d2c 100644
--- a/include/plat/arm/common/arm_pas_def.h
+++ b/include/plat/arm/common/arm_pas_def.h
@@ -21,24 +21,30 @@
* ============================================================================
* 0GB | 1GB |L0 GPT|ANY |TBROM (EL3 code) |Fixed mapping
* | | | |TSRAM (EL3 data) |
- * | | | |IO (incl.UARTs & GIC) |
+ * 00000000 | | | |IO (incl.UARTs & GIC) |
* ----------------------------------------------------------------------------
* 1GB | 1GB |L0 GPT|ANY |IO |Fixed mapping
+ * 40000000 | | | | |
* ----------------------------------------------------------------------------
- * 2GB | 1GB |L1 GPT|NS |DRAM (NS Kernel) |Use T.Descrip
+ * 2GB |2GB-64MB |L1 GPT|NS |DRAM (NS Kernel) |Use T.Descrip
+ * 80000000 | | | | |
* ----------------------------------------------------------------------------
- * 3GB |1GB-64MB |L1 GPT|NS |DRAM (NS Kernel) |Use T.Descrip
- * ----------------------------------------------------------------------------
- * 4GB-64MB |64MB-32MB | | | |
- * | -4MB |L1 GPT|SECURE|DRAM TZC |Use T.Descrip
+ * 4GB-64MB |64MB-32MB-4MB|L1 GPT|SECURE|DRAM TZC |Use T.Descrip
+ * FC000000 | | | | |
* ----------------------------------------------------------------------------
* 4GB-32MB | | | | |
* -3MB-1MB |32MB |L1 GPT|REALM |RMM |Use T.Descrip
+ * FDC00000 | | | | |
* ----------------------------------------------------------------------------
* 4GB-3MB | | | | |
* -1MB |3MB |L1 GPT|ROOT |EL3 DRAM data |Use T.Descrip
+ * FFC00000 | | | | |
* ----------------------------------------------------------------------------
* 4GB-1MB |1MB |L1 GPT|ROOT |DRAM (L1 GPTs, SCP TZC) |Fixed mapping
+ * FFF00000 | | | | |
+ * ----------------------------------------------------------------------------
+ * 34GB |2GB |L1 GPT|NS |DRAM (NS Kernel) |Use T.Descrip
+ * 880000000| | | | |
* ============================================================================
*
* - 4KB of L0 GPT reside in TSRAM, on top of the CONFIG section.
@@ -55,7 +61,7 @@
/* Device memory 0 to 2GB */
#define ARM_PAS_1_BASE (U(0))
-#define ARM_PAS_1_SIZE ((ULL(1)<<31)) /* 2GB */
+#define ARM_PAS_1_SIZE ((ULL(1) << 31)) /* 2GB */
/* NS memory 2GB to (end - 64MB) */
#define ARM_PAS_2_BASE (ARM_PAS_1_BASE + ARM_PAS_1_SIZE)
@@ -69,9 +75,14 @@
#define ARM_PAS_3_BASE (ARM_AP_TZC_DRAM1_BASE)
#define ARM_PAS_3_SIZE (ARM_AP_TZC_DRAM1_SIZE)
+/* NS memory 2GB */
+#define ARM_PAS_4_BASE ARM_DRAM2_BASE
+#define ARM_PAS_4_SIZE ((ULL(1) << 31)) /* 2GB */
+
#define ARM_PAS_GPI_ANY MAP_GPT_REGION(ARM_PAS_1_BASE, \
ARM_PAS_1_SIZE, \
GPT_GPI_ANY)
+
#define ARM_PAS_KERNEL GPT_MAP_REGION_GRANULE(ARM_PAS_2_BASE, \
ARM_PAS_2_SIZE, \
GPT_GPI_NS)
@@ -80,6 +91,9 @@
ARM_PAS_3_SIZE, \
GPT_GPI_SECURE)
+#define ARM_PAS_KERNEL_1 GPT_MAP_REGION_GRANULE(ARM_PAS_4_BASE, \
+ ARM_PAS_4_SIZE, \
+ GPT_GPI_NS)
/*
* REALM and Shared area share the same PAS, so consider them a single
* PAS region to configure in GPT.
diff --git a/include/services/rmm_core_manifest.h b/include/services/rmm_core_manifest.h
index 2f25858..7edef46 100644
--- a/include/services/rmm_core_manifest.h
+++ b/include/services/rmm_core_manifest.h
@@ -38,6 +38,7 @@
/* Boot manifest core structure as per v0.1 */
typedef struct rmm_manifest {
uint32_t version; /* Manifest version */
+ uint32_t padding; /* RES0 */
uintptr_t plat_data; /* Manifest platform data */
} rmm_manifest_t;
diff --git a/include/services/trp/trp_helpers.h b/include/services/trp/trp_helpers.h
index 8e786e2..83ec740 100644
--- a/include/services/trp/trp_helpers.h
+++ b/include/services/trp/trp_helpers.h
@@ -39,5 +39,12 @@
__dead2 void trp_boot_abort(uint64_t err);
+/* TRP SMC result registers X0-X4 */
+#define TRP_SMC_RESULT_REGS 5
+
+struct trp_smc_result {
+ unsigned long long x[TRP_SMC_RESULT_REGS];
+};
+
#endif /* __ASSEMBLER __ */
#endif /* TRP_HELPERS_H */
diff --git a/lib/psa/measured_boot.c b/lib/psa/measured_boot.c
index 61747f2..10c43f1 100644
--- a/lib/psa/measured_boot.c
+++ b/lib/psa/measured_boot.c
@@ -111,6 +111,61 @@
NULL, 0);
}
+psa_status_t rss_measured_boot_read_measurement(uint8_t index,
+ uint8_t *signer_id,
+ size_t signer_id_size,
+ size_t *signer_id_len,
+ uint8_t *version,
+ size_t version_size,
+ size_t *version_len,
+ uint32_t *measurement_algo,
+ uint8_t *sw_type,
+ size_t sw_type_size,
+ size_t *sw_type_len,
+ uint8_t *measurement_value,
+ size_t measurement_value_size,
+ size_t *measurement_value_len,
+ bool *is_locked)
+{
+ psa_status_t status;
+ struct measured_boot_read_iovec_in_t read_iov_in = {
+ .index = index,
+ .sw_type_size = sw_type_size,
+ .version_size = version_size,
+ };
+
+ struct measured_boot_read_iovec_out_t read_iov_out;
+
+ psa_invec in_vec[] = {
+ {.base = &read_iov_in,
+ .len = sizeof(struct measured_boot_read_iovec_in_t)},
+ };
+
+ psa_outvec out_vec[] = {
+ {.base = &read_iov_out,
+ .len = sizeof(struct measured_boot_read_iovec_out_t)},
+ {.base = signer_id, .len = signer_id_size},
+ {.base = measurement_value, .len = measurement_value_size}
+ };
+
+ status = psa_call(RSS_MEASURED_BOOT_HANDLE, RSS_MEASURED_BOOT_READ,
+ in_vec, IOVEC_LEN(in_vec),
+ out_vec, IOVEC_LEN(out_vec));
+
+ if (status == PSA_SUCCESS) {
+ *is_locked = read_iov_out.is_locked;
+ *measurement_algo = read_iov_out.measurement_algo;
+ *sw_type_len = read_iov_out.sw_type_len;
+ *version_len = read_iov_out.version_len;
+ memcpy(sw_type, read_iov_out.sw_type, read_iov_out.sw_type_len);
+ memcpy(version, read_iov_out.version, read_iov_out.version_len);
+ *signer_id_len = out_vec[1].len;
+ *measurement_value_len = out_vec[2].len;
+ }
+
+ return status;
+}
+
#else /* !PLAT_RSS_NOT_SUPPORTED */
psa_status_t
@@ -133,4 +188,24 @@
return PSA_SUCCESS;
}
+
+psa_status_t rss_measured_boot_read_measurement(uint8_t index,
+ uint8_t *signer_id,
+ size_t signer_id_size,
+ size_t *signer_id_len,
+ uint8_t *version,
+ size_t version_size,
+ size_t *version_len,
+ uint32_t *measurement_algo,
+ uint8_t *sw_type,
+ size_t sw_type_size,
+ size_t *sw_type_len,
+ uint8_t *measurement_value,
+ size_t measurement_value_size,
+ size_t *measurement_value_len,
+ bool *is_locked)
+{
+ return PSA_SUCCESS;
+}
+
#endif /* !PLAT_RSS_NOT_SUPPORTED */
diff --git a/lib/psa/measured_boot_private.h b/lib/psa/measured_boot_private.h
index 649c3f6..80d2c19 100644
--- a/lib/psa/measured_boot_private.h
+++ b/lib/psa/measured_boot_private.h
@@ -11,8 +11,24 @@
#include <stdint.h>
/* Measured boot message types that distinguish its services */
+#define RSS_MEASURED_BOOT_READ 1001U
#define RSS_MEASURED_BOOT_EXTEND 1002U
+struct measured_boot_read_iovec_in_t {
+ uint8_t index;
+ uint8_t sw_type_size;
+ uint8_t version_size;
+};
+
+struct measured_boot_read_iovec_out_t {
+ uint8_t is_locked;
+ uint32_t measurement_algo;
+ uint8_t sw_type[SW_TYPE_MAX_SIZE];
+ uint8_t sw_type_len;
+ uint8_t version[VERSION_MAX_SIZE];
+ uint8_t version_len;
+};
+
struct measured_boot_extend_iovec_t {
uint8_t index;
uint8_t lock_measurement;
diff --git a/plat/arm/board/common/rotpk/arm_dev_rotpk.S b/plat/arm/board/common/rotpk/arm_dev_rotpk.S
index 06e2a06..a7fadf6 100644
--- a/plat/arm/board/common/rotpk/arm_dev_rotpk.S
+++ b/plat/arm/board/common/rotpk/arm_dev_rotpk.S
@@ -14,7 +14,6 @@
#endif
.global arm_rotpk_header
- .global arm_rotpk_header_end
.section .rodata.arm_rotpk_hash, "a"
arm_rotpk_header:
diff --git a/plat/arm/board/fvp/fvp_common.c b/plat/arm/board/fvp/fvp_common.c
index f8463f1..f5d9940 100644
--- a/plat/arm/board/fvp/fvp_common.c
+++ b/plat/arm/board/fvp/fvp_common.c
@@ -536,6 +536,7 @@
assert(manifest != NULL);
manifest->version = RMMD_MANIFEST_VERSION;
+ manifest->padding = 0U; /* RES0 */
manifest->plat_data = (uintptr_t)NULL;
return 0;
diff --git a/plat/arm/board/juno/juno_topology.c b/plat/arm/board/juno/juno_topology.c
index 075f512..768741e 100644
--- a/plat/arm/board/juno/juno_topology.c
+++ b/plat/arm/board/juno/juno_topology.c
@@ -20,7 +20,7 @@
.ring_doorbell = &mhu_ring_doorbell,
};
-scmi_channel_plat_info_t *plat_css_get_scmi_info(int channel_id)
+scmi_channel_plat_info_t *plat_css_get_scmi_info(unsigned int channel_id)
{
return &juno_scmi_plat_info;
}
diff --git a/plat/arm/board/morello/morello_bl31_setup.c b/plat/arm/board/morello/morello_bl31_setup.c
index a044212..e04587d 100644
--- a/plat/arm/board/morello/morello_bl31_setup.c
+++ b/plat/arm/board/morello/morello_bl31_setup.c
@@ -19,7 +19,7 @@
.ring_doorbell = &mhu_ring_doorbell
};
-scmi_channel_plat_info_t *plat_css_get_scmi_info(int channel_id)
+scmi_channel_plat_info_t *plat_css_get_scmi_info(unsigned int channel_id)
{
return &morello_scmi_plat_info;
}
diff --git a/plat/arm/board/n1sdp/n1sdp_bl31_setup.c b/plat/arm/board/n1sdp/n1sdp_bl31_setup.c
index 5e897fe..ad6c1f8 100644
--- a/plat/arm/board/n1sdp/n1sdp_bl31_setup.c
+++ b/plat/arm/board/n1sdp/n1sdp_bl31_setup.c
@@ -62,7 +62,7 @@
0
};
-scmi_channel_plat_info_t *plat_css_get_scmi_info(int channel_id)
+scmi_channel_plat_info_t *plat_css_get_scmi_info(unsigned int channel_id)
{
return &n1sdp_scmi_plat_info;
}
diff --git a/plat/arm/board/rdn1edge/rdn1edge_plat.c b/plat/arm/board/rdn1edge/rdn1edge_plat.c
index 1dbbf26..045c316 100644
--- a/plat/arm/board/rdn1edge/rdn1edge_plat.c
+++ b/plat/arm/board/rdn1edge/rdn1edge_plat.c
@@ -65,7 +65,8 @@
#if defined(IMAGE_BL31)
void bl31_platform_setup(void)
{
- int i, ret;
+ unsigned int i;
+ int ret;
if (plat_arm_sgi_get_multi_chip_mode() == 0 && CSS_SGI_CHIP_COUNT > 1) {
ERROR("Chip Count is set to %d but multi-chip mode not enabled\n",
diff --git a/plat/arm/board/tc/tc_bl31_setup.c b/plat/arm/board/tc/tc_bl31_setup.c
index 0523ef8..2cdf045 100644
--- a/plat/arm/board/tc/tc_bl31_setup.c
+++ b/plat/arm/board/tc/tc_bl31_setup.c
@@ -33,7 +33,7 @@
tc_bl31_common_platform_setup();
}
-scmi_channel_plat_info_t *plat_css_get_scmi_info(int channel_id)
+scmi_channel_plat_info_t *plat_css_get_scmi_info(unsigned int channel_id)
{
return &tc_scmi_plat_info[channel_id];
diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c
index 08c014d..02e419a 100644
--- a/plat/arm/common/arm_bl2_setup.c
+++ b/plat/arm/common/arm_bl2_setup.c
@@ -143,11 +143,12 @@
ARM_PAS_SECURE,
ARM_PAS_REALM,
ARM_PAS_EL3_DRAM,
- ARM_PAS_GPTS
+ ARM_PAS_GPTS,
+ ARM_PAS_KERNEL_1
};
/* Initialize entire protected space to GPT_GPI_ANY. */
- if (gpt_init_l0_tables(GPCCR_PPS_4GB, ARM_L0_GPT_ADDR_BASE,
+ if (gpt_init_l0_tables(GPCCR_PPS_64GB, ARM_L0_GPT_ADDR_BASE,
ARM_L0_GPT_SIZE) < 0) {
ERROR("gpt_init_l0_tables() failed!\n");
panic();
diff --git a/plat/arm/common/trp/arm_trp_setup.c b/plat/arm/common/trp/arm_trp_setup.c
index 59b4c06..aeacd10 100644
--- a/plat/arm/common/trp/arm_trp_setup.c
+++ b/plat/arm/common/trp/arm_trp_setup.c
@@ -28,6 +28,9 @@
static int arm_trp_process_manifest(rmm_manifest_t *manifest)
{
+ /* padding field on the manifest must be RES0 */
+ assert(manifest->padding == 0U);
+
/* Verify the Boot Manifest Version. Only the Major is considered */
if (RMMD_MANIFEST_VERSION_MAJOR !=
RMMD_GET_MANIFEST_VERSION_MAJOR(manifest->version)) {
diff --git a/plat/arm/css/sgi/sgi_bl31_setup.c b/plat/arm/css/sgi/sgi_bl31_setup.c
index 27cf183..9adcb7c 100644
--- a/plat/arm/css/sgi/sgi_bl31_setup.c
+++ b/plat/arm/css/sgi/sgi_bl31_setup.c
@@ -74,7 +74,7 @@
#endif
};
-scmi_channel_plat_info_t *plat_css_get_scmi_info(int channel_id)
+scmi_channel_plat_info_t *plat_css_get_scmi_info(unsigned int channel_id)
{
if (sgi_plat_info.platform_id == RD_N1E1_EDGE_SID_VER_PART_NUM ||
sgi_plat_info.platform_id == RD_V1_SID_VER_PART_NUM ||
diff --git a/plat/intel/soc/agilex/bl31_plat_setup.c b/plat/intel/soc/agilex/bl31_plat_setup.c
index b1b9514..26ed7ef 100644
--- a/plat/intel/soc/agilex/bl31_plat_setup.c
+++ b/plat/intel/soc/agilex/bl31_plat_setup.c
@@ -17,6 +17,7 @@
#include "ccu/ncore_ccu.h"
#include "socfpga_mailbox.h"
#include "socfpga_private.h"
+#include "socfpga_sip_svc.h"
static entry_point_info_t bl32_image_ep_info;
static entry_point_info_t bl33_image_ep_info;
@@ -35,6 +36,25 @@
return NULL;
}
+void setup_smmu_secure_context(void)
+{
+ /*
+ * Program SCR0 register (0xFA000000)
+ * to set SMCFCFG bit[21] to 0x1 which raise stream match conflict fault
+ * to set CLIENTPD bit[0] to 0x0 which enables SMMU for secure context
+ */
+ mmio_write_32(0xFA000000, 0x00200000);
+
+ /*
+ * Program SCR1 register (0xFA000004)
+ * to set NSNUMSMRGO bit[14:8] to 0x4 which stream mapping register
+ * for non-secure context and the rest will be secure context
+ * to set NSNUMCBO bit[5:0] to 0x4 which allocate context bank
+ * for non-secure context and the rest will be secure context
+ */
+ mmio_write_32(0xFA000004, 0x00000404);
+}
+
void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1,
u_register_t arg2, u_register_t arg3)
{
@@ -109,6 +129,7 @@
gicv2_distif_init();
gicv2_pcpu_distif_init();
gicv2_cpuif_enable();
+ setup_smmu_secure_context();
/* Signal secondary CPUs to jump to BL31 (BL2 = U-boot SPL) */
mmio_write_64(PLAT_CPU_RELEASE_ADDR,
diff --git a/plat/intel/soc/common/include/socfpga_fcs.h b/plat/intel/soc/common/include/socfpga_fcs.h
index 893551d..8a8f348 100644
--- a/plat/intel/soc/common/include/socfpga_fcs.h
+++ b/plat/intel/soc/common/include/socfpga_fcs.h
@@ -84,6 +84,14 @@
#define FCS_ECDSA_HASH_SIGN_CMD_MAX_WORD_SIZE 17U
#define FCS_ECDSA_HASH_SIG_VERIFY_CMD_MAX_WORD_SIZE 52U
#define FCS_ECDH_REQUEST_CMD_MAX_WORD_SIZE 29U
+
+#define FCS_CRYPTO_ECB_BUFFER_SIZE 12U
+#define FCS_CRYPTO_CBC_CTR_BUFFER_SIZE 28U
+#define FCS_CRYPTO_BLOCK_MODE_MASK 0x07
+#define FCS_CRYPTO_ECB_MODE 0x00
+#define FCS_CRYPTO_CBC_MODE 0x01
+#define FCS_CRYPTO_CTR_MODE 0x02
+
/* FCS Payload Structure */
typedef struct fcs_rng_payload_t {
uint32_t session_id;
@@ -235,6 +243,11 @@
uint32_t src_addr, uint32_t src_size,
uint64_t dst_addr, uint32_t *dst_size,
uint8_t is_finalised, uint32_t *mbox_error);
+int intel_fcs_get_digest_smmu_update_finalize(uint32_t session_id, uint32_t context_id,
+ uint32_t src_addr, uint32_t src_size,
+ uint64_t dst_addr, uint32_t *dst_size,
+ uint8_t is_finalised, uint32_t *mbox_error,
+ uint32_t *send_id);
int intel_fcs_mac_verify_init(uint32_t session_id, uint32_t context_id,
uint32_t key_id, uint32_t param_size,
@@ -244,6 +257,11 @@
uint64_t dst_addr, uint32_t *dst_size,
uint32_t data_size, uint8_t is_finalised,
uint32_t *mbox_error);
+int intel_fcs_mac_verify_smmu_update_finalize(uint32_t session_id, uint32_t context_id,
+ uint32_t src_addr, uint32_t src_size,
+ uint64_t dst_addr, uint32_t *dst_size,
+ uint32_t data_size, uint8_t is_finalised,
+ uint32_t *mbox_error, uint32_t *send_id);
int intel_fcs_ecdsa_hash_sign_init(uint32_t session_id, uint32_t context_id,
uint32_t key_id, uint32_t param_size,
@@ -270,6 +288,11 @@
uint32_t src_size, uint64_t dst_addr,
uint32_t *dst_size, uint8_t is_finalised,
uint32_t *mbox_error);
+int intel_fcs_ecdsa_sha2_data_sign_smmu_update_finalize(uint32_t session_id,
+ uint32_t context_id, uint32_t src_addr,
+ uint32_t src_size, uint64_t dst_addr,
+ uint32_t *dst_size, uint8_t is_finalised,
+ uint32_t *mbox_error, uint32_t *send_id);
int intel_fcs_ecdsa_sha2_data_sig_verify_init(uint32_t session_id,
uint32_t context_id, uint32_t key_id,
@@ -280,6 +303,12 @@
uint32_t src_size, uint64_t dst_addr,
uint32_t *dst_size, uint32_t data_size,
uint8_t is_finalised, uint32_t *mbox_error);
+int intel_fcs_ecdsa_sha2_data_sig_verify_smmu_update_finalize(uint32_t session_id,
+ uint32_t context_id, uint32_t src_addr,
+ uint32_t src_size, uint64_t dst_addr,
+ uint32_t *dst_size, uint32_t data_size,
+ uint8_t is_finalised, uint32_t *mbox_error,
+ uint32_t *send_id);
int intel_fcs_ecdsa_get_pubkey_init(uint32_t session_id, uint32_t context_id,
uint32_t key_id, uint32_t param_size,
diff --git a/plat/intel/soc/common/include/socfpga_mailbox.h b/plat/intel/soc/common/include/socfpga_mailbox.h
index 1f4b2a4..3ab6f52 100644
--- a/plat/intel/soc/common/include/socfpga_mailbox.h
+++ b/plat/intel/soc/common/include/socfpga_mailbox.h
@@ -139,6 +139,7 @@
#define SOFTFUNC_STATUS_CONF_DONE (1 << 0)
#define MBOX_CFGSTAT_STATE_IDLE 0x00000000
#define MBOX_CFGSTAT_STATE_CONFIG 0x10000000
+#define MBOX_CFGSTAT_VAB_BS_PREAUTH 0x20000000
#define MBOX_CFGSTAT_STATE_FAILACK 0x08000000
#define MBOX_CFGSTAT_STATE_ERROR_INVALID 0xf0000001
#define MBOX_CFGSTAT_STATE_ERROR_CORRUPT 0xf0000002
diff --git a/plat/intel/soc/common/include/socfpga_sip_svc.h b/plat/intel/soc/common/include/socfpga_sip_svc.h
index 0803eb5..21169f7 100644
--- a/plat/intel/soc/common/include/socfpga_sip_svc.h
+++ b/plat/intel/soc/common/include/socfpga_sip_svc.h
@@ -86,49 +86,57 @@
#define INTEL_SIP_SMC_GET_USERCODE 0xC200003D
/* FPGA Crypto Services */
-#define INTEL_SIP_SMC_FCS_RANDOM_NUMBER 0xC200005A
-#define INTEL_SIP_SMC_FCS_RANDOM_NUMBER_EXT 0x4200008F
-#define INTEL_SIP_SMC_FCS_CRYPTION 0x4200005B
-#define INTEL_SIP_SMC_FCS_CRYPTION_EXT 0xC2000090
-#define INTEL_SIP_SMC_FCS_SERVICE_REQUEST 0x4200005C
-#define INTEL_SIP_SMC_FCS_SEND_CERTIFICATE 0x4200005D
-#define INTEL_SIP_SMC_FCS_GET_PROVISION_DATA 0x4200005E
-#define INTEL_SIP_SMC_FCS_CNTR_SET_PREAUTH 0xC200005F
-#define INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN 0xC2000064
-#define INTEL_SIP_SMC_FCS_CHIP_ID 0xC2000065
-#define INTEL_SIP_SMC_FCS_ATTESTATION_SUBKEY 0xC2000066
-#define INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS 0xC2000067
-#define INTEL_SIP_SMC_FCS_GET_ATTESTATION_CERT 0xC2000068
-#define INTEL_SIP_SMC_FCS_CREATE_CERT_ON_RELOAD 0xC2000069
-#define INTEL_SIP_SMC_FCS_OPEN_CS_SESSION 0xC200006E
-#define INTEL_SIP_SMC_FCS_CLOSE_CS_SESSION 0xC200006F
-#define INTEL_SIP_SMC_FCS_IMPORT_CS_KEY 0x42000070
-#define INTEL_SIP_SMC_FCS_EXPORT_CS_KEY 0xC2000071
-#define INTEL_SIP_SMC_FCS_REMOVE_CS_KEY 0xC2000072
-#define INTEL_SIP_SMC_FCS_GET_CS_KEY_INFO 0xC2000073
-#define INTEL_SIP_SMC_FCS_AES_CRYPT_INIT 0xC2000074
-#define INTEL_SIP_SMC_FCS_AES_CRYPT_UPDATE 0x42000075
-#define INTEL_SIP_SMC_FCS_AES_CRYPT_FINALIZE 0x42000076
-#define INTEL_SIP_SMC_FCS_GET_DIGEST_INIT 0xC2000077
-#define INTEL_SIP_SMC_FCS_GET_DIGEST_UPDATE 0xC2000078
-#define INTEL_SIP_SMC_FCS_GET_DIGEST_FINALIZE 0xC2000079
-#define INTEL_SIP_SMC_FCS_MAC_VERIFY_INIT 0xC200007A
-#define INTEL_SIP_SMC_FCS_MAC_VERIFY_UPDATE 0xC200007B
-#define INTEL_SIP_SMC_FCS_MAC_VERIFY_FINALIZE 0xC200007C
-#define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGN_INIT 0xC200007D
-#define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGN_FINALIZE 0xC200007F
-#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGN_INIT 0xC2000080
-#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGN_UPDATE 0xC2000081
-#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGN_FINALIZE 0xC2000082
-#define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIG_VERIFY_INIT 0xC2000083
-#define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIG_VERIFY_FINALIZE 0xC2000085
-#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIG_VERIFY_INIT 0xC2000086
-#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIG_VERIFY_UPDATE 0xC2000087
-#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIG_VERIFY_FINALIZE 0xC2000088
-#define INTEL_SIP_SMC_FCS_ECDSA_GET_PUBKEY_INIT 0xC2000089
-#define INTEL_SIP_SMC_FCS_ECDSA_GET_PUBKEY_FINALIZE 0xC200008B
-#define INTEL_SIP_SMC_FCS_ECDH_REQUEST_INIT 0xC200008C
-#define INTEL_SIP_SMC_FCS_ECDH_REQUEST_FINALIZE 0xC200008E
+#define INTEL_SIP_SMC_FCS_RANDOM_NUMBER 0xC200005A
+#define INTEL_SIP_SMC_FCS_RANDOM_NUMBER_EXT 0x4200008F
+#define INTEL_SIP_SMC_FCS_CRYPTION 0x4200005B
+#define INTEL_SIP_SMC_FCS_CRYPTION_EXT 0xC2000090
+#define INTEL_SIP_SMC_FCS_SERVICE_REQUEST 0x4200005C
+#define INTEL_SIP_SMC_FCS_SEND_CERTIFICATE 0x4200005D
+#define INTEL_SIP_SMC_FCS_GET_PROVISION_DATA 0x4200005E
+#define INTEL_SIP_SMC_FCS_CNTR_SET_PREAUTH 0xC200005F
+#define INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN 0xC2000064
+#define INTEL_SIP_SMC_FCS_CHIP_ID 0xC2000065
+#define INTEL_SIP_SMC_FCS_ATTESTATION_SUBKEY 0xC2000066
+#define INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS 0xC2000067
+#define INTEL_SIP_SMC_FCS_GET_ATTESTATION_CERT 0xC2000068
+#define INTEL_SIP_SMC_FCS_CREATE_CERT_ON_RELOAD 0xC2000069
+#define INTEL_SIP_SMC_FCS_OPEN_CS_SESSION 0xC200006E
+#define INTEL_SIP_SMC_FCS_CLOSE_CS_SESSION 0xC200006F
+#define INTEL_SIP_SMC_FCS_IMPORT_CS_KEY 0x42000070
+#define INTEL_SIP_SMC_FCS_EXPORT_CS_KEY 0xC2000071
+#define INTEL_SIP_SMC_FCS_REMOVE_CS_KEY 0xC2000072
+#define INTEL_SIP_SMC_FCS_GET_CS_KEY_INFO 0xC2000073
+#define INTEL_SIP_SMC_FCS_AES_CRYPT_INIT 0xC2000074
+#define INTEL_SIP_SMC_FCS_AES_CRYPT_UPDATE 0x42000075
+#define INTEL_SIP_SMC_FCS_AES_CRYPT_FINALIZE 0x42000076
+#define INTEL_SIP_SMC_FCS_GET_DIGEST_INIT 0xC2000077
+#define INTEL_SIP_SMC_FCS_GET_DIGEST_UPDATE 0xC2000078
+#define INTEL_SIP_SMC_FCS_GET_DIGEST_FINALIZE 0xC2000079
+#define INTEL_SIP_SMC_FCS_GET_DIGEST_SMMU_UPDATE 0x42000091
+#define INTEL_SIP_SMC_FCS_GET_DIGEST_SMMU_FINALIZE 0x42000092
+#define INTEL_SIP_SMC_FCS_MAC_VERIFY_INIT 0xC200007A
+#define INTEL_SIP_SMC_FCS_MAC_VERIFY_UPDATE 0xC200007B
+#define INTEL_SIP_SMC_FCS_MAC_VERIFY_FINALIZE 0xC200007C
+#define INTEL_SIP_SMC_FCS_MAC_VERIFY_SMMU_UPDATE 0x42000093
+#define INTEL_SIP_SMC_FCS_MAC_VERIFY_SMMU_FINALIZE 0x42000094
+#define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGN_INIT 0xC200007D
+#define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGN_FINALIZE 0xC200007F
+#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGN_INIT 0xC2000080
+#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGN_UPDATE 0xC2000081
+#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGN_FINALIZE 0xC2000082
+#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGN_SMMU_UPDATE 0x42000095
+#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGN_SMMU_FINALIZE 0x42000096
+#define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIG_VERIFY_INIT 0xC2000083
+#define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIG_VERIFY_FINALIZE 0xC2000085
+#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIG_VERIFY_INIT 0xC2000086
+#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIG_VERIFY_UPDATE 0xC2000087
+#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIG_VERIFY_FINALIZE 0xC2000088
+#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIG_VERIFY_SMMU_UPDATE 0x42000097
+#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIG_VERIFY_SMMU_FINALIZE 0x42000098
+#define INTEL_SIP_SMC_FCS_ECDSA_GET_PUBKEY_INIT 0xC2000089
+#define INTEL_SIP_SMC_FCS_ECDSA_GET_PUBKEY_FINALIZE 0xC200008B
+#define INTEL_SIP_SMC_FCS_ECDH_REQUEST_INIT 0xC200008C
+#define INTEL_SIP_SMC_FCS_ECDH_REQUEST_FINALIZE 0xC200008E
#define INTEL_SIP_SMC_FCS_SHA_MODE_MASK 0xF
#define INTEL_SIP_SMC_FCS_DIGEST_SIZE_MASK 0xF
@@ -166,8 +174,14 @@
#define SIP_SVC_VERSION 0x8200ff03
/* SiP Service Calls version numbers */
-#define SIP_SVC_VERSION_MAJOR 1
-#define SIP_SVC_VERSION_MINOR 0
+/*
+ * Increase if there is any backward compatibility impact
+ */
+#define SIP_SVC_VERSION_MAJOR 2
+/*
+ * Increase if there is new SMC function ID being added
+ */
+#define SIP_SVC_VERSION_MINOR 1
/* Structure Definitions */
diff --git a/plat/intel/soc/common/include/socfpga_system_manager.h b/plat/intel/soc/common/include/socfpga_system_manager.h
index 7f67313..69ee6d3 100644
--- a/plat/intel/soc/common/include/socfpga_system_manager.h
+++ b/plat/intel/soc/common/include/socfpga_system_manager.h
@@ -42,6 +42,8 @@
#define IDLE_DATA_SOC2FPGA BIT(0)
#define IDLE_DATA_MASK (IDLE_DATA_LWSOC2FPGA | IDLE_DATA_SOC2FPGA)
+#define SYSMGR_QSPI_REFCLK_MASK GENMASK(27, 0)
+
#define SYSMGR_ECC_OCRAM_MASK BIT(1)
#define SYSMGR_ECC_DDR0_MASK BIT(16)
#define SYSMGR_ECC_DDR1_MASK BIT(17)
diff --git a/plat/intel/soc/common/sip/socfpga_sip_fcs.c b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
index facee0f..f18c3e4 100644
--- a/plat/intel/soc/common/sip/socfpga_sip_fcs.c
+++ b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
@@ -946,6 +946,104 @@
return INTEL_SIP_SMC_STATUS_OK;
}
+int intel_fcs_get_digest_smmu_update_finalize(uint32_t session_id,
+ uint32_t context_id, uint32_t src_addr,
+ uint32_t src_size, uint64_t dst_addr,
+ uint32_t *dst_size, uint8_t is_finalised,
+ uint32_t *mbox_error, uint32_t *send_id)
+{
+ int status;
+ uint32_t i;
+ uint32_t flag;
+ uint32_t crypto_header;
+ uint32_t resp_len;
+ uint32_t payload[FCS_GET_DIGEST_CMD_MAX_WORD_SIZE] = {0U};
+
+ /* Source data must be 8 bytes aligned */
+ if (dst_size == NULL || mbox_error == NULL ||
+ !is_8_bytes_aligned(src_size)) {
+ return INTEL_SIP_SMC_STATUS_REJECTED;
+ }
+
+ if (fcs_sha_get_digest_param.session_id != session_id ||
+ fcs_sha_get_digest_param.context_id != context_id) {
+ return INTEL_SIP_SMC_STATUS_REJECTED;
+ }
+
+ if (!is_address_in_ddr_range(src_addr, src_size) ||
+ !is_address_in_ddr_range(dst_addr, *dst_size)) {
+ return INTEL_SIP_SMC_STATUS_REJECTED;
+ }
+
+ resp_len = *dst_size / MBOX_WORD_BYTE;
+
+ /* Prepare crypto header */
+ flag = 0;
+
+ if (fcs_sha_get_digest_param.is_updated) {
+ fcs_sha_get_digest_param.crypto_param_size = 0;
+ } else {
+ flag |= FCS_CS_FIELD_FLAG_INIT;
+ }
+
+ if (is_finalised != 0U) {
+ flag |= FCS_CS_FIELD_FLAG_FINALIZE;
+ } else {
+ flag |= FCS_CS_FIELD_FLAG_UPDATE;
+ fcs_sha_get_digest_param.is_updated = 1;
+ }
+
+ crypto_header = ((flag << FCS_CS_FIELD_FLAG_OFFSET) |
+ (fcs_sha_get_digest_param.crypto_param_size &
+ FCS_CS_FIELD_SIZE_MASK));
+
+ /* Prepare command payload */
+ i = 0;
+ payload[i] = fcs_sha_get_digest_param.session_id;
+ i++;
+ payload[i] = fcs_sha_get_digest_param.context_id;
+ i++;
+ payload[i] = crypto_header;
+ i++;
+
+ if ((crypto_header >> FCS_CS_FIELD_FLAG_OFFSET) &
+ FCS_CS_FIELD_FLAG_INIT) {
+ payload[i] = fcs_sha_get_digest_param.key_id;
+ i++;
+ /* Crypto parameters */
+ payload[i] = fcs_sha_get_digest_param.crypto_param
+ & INTEL_SIP_SMC_FCS_SHA_MODE_MASK;
+ payload[i] |= ((fcs_sha_get_digest_param.crypto_param
+ >> INTEL_SIP_SMC_FCS_DIGEST_SIZE_OFFSET)
+ & INTEL_SIP_SMC_FCS_DIGEST_SIZE_MASK)
+ << FCS_SHA_HMAC_CRYPTO_PARAM_SIZE_OFFSET;
+ i++;
+ }
+ /* Data source address and size */
+ payload[i] = src_addr;
+ i++;
+ payload[i] = src_size;
+ i++;
+
+ status = mailbox_send_cmd_async(send_id, MBOX_FCS_GET_DIGEST_REQ,
+ payload, i, CMD_INDIRECT);
+
+ if (is_finalised != 0U) {
+ memset((void *)&fcs_sha_get_digest_param, 0,
+ sizeof(fcs_crypto_service_data));
+ }
+
+ if (status < 0) {
+ *mbox_error = -status;
+ return INTEL_SIP_SMC_STATUS_ERROR;
+ }
+
+ *dst_size = resp_len * MBOX_WORD_BYTE;
+ flush_dcache_range(dst_addr, *dst_size);
+
+ return INTEL_SIP_SMC_STATUS_OK;
+}
+
int intel_fcs_mac_verify_init(uint32_t session_id, uint32_t context_id,
uint32_t key_id, uint32_t param_size,
uint64_t param_data, uint32_t *mbox_error)
@@ -1071,6 +1169,127 @@
return INTEL_SIP_SMC_STATUS_OK;
}
+int intel_fcs_mac_verify_smmu_update_finalize(uint32_t session_id,
+ uint32_t context_id, uint32_t src_addr,
+ uint32_t src_size, uint64_t dst_addr,
+ uint32_t *dst_size, uint32_t data_size,
+ uint8_t is_finalised, uint32_t *mbox_error,
+ uint32_t *send_id)
+{
+ int status;
+ uint32_t i;
+ uint32_t flag;
+ uint32_t crypto_header;
+ uint32_t resp_len;
+ uint32_t payload[FCS_MAC_VERIFY_CMD_MAX_WORD_SIZE] = {0U};
+ uintptr_t mac_offset;
+
+ /*
+ * Source data must be 4 bytes aligned
+ * User data must be 8 bytes aligned
+ */
+ if (dst_size == NULL || mbox_error == NULL ||
+ !is_size_4_bytes_aligned(src_size) ||
+ !is_8_bytes_aligned(data_size)) {
+ return INTEL_SIP_SMC_STATUS_REJECTED;
+ }
+
+ if (data_size > src_size) {
+ return INTEL_SIP_SMC_STATUS_REJECTED;
+ }
+
+ if (fcs_sha_mac_verify_param.session_id != session_id ||
+ fcs_sha_mac_verify_param.context_id != context_id) {
+ return INTEL_SIP_SMC_STATUS_REJECTED;
+ }
+
+ if (!is_address_in_ddr_range(src_addr, src_size) ||
+ !is_address_in_ddr_range(dst_addr, *dst_size)) {
+ return INTEL_SIP_SMC_STATUS_REJECTED;
+ }
+
+ resp_len = *dst_size / MBOX_WORD_BYTE;
+
+ /* Prepare crypto header */
+ flag = 0;
+
+ if (fcs_sha_mac_verify_param.is_updated) {
+ fcs_sha_mac_verify_param.crypto_param_size = 0;
+ } else {
+ flag |= FCS_CS_FIELD_FLAG_INIT;
+ }
+
+ if (is_finalised) {
+ flag |= FCS_CS_FIELD_FLAG_FINALIZE;
+ } else {
+ flag |= FCS_CS_FIELD_FLAG_UPDATE;
+ fcs_sha_mac_verify_param.is_updated = 1;
+ }
+
+ crypto_header = ((flag << FCS_CS_FIELD_FLAG_OFFSET) |
+ (fcs_sha_mac_verify_param.crypto_param_size &
+ FCS_CS_FIELD_SIZE_MASK));
+
+ /* Prepare command payload */
+ i = 0;
+ payload[i] = fcs_sha_mac_verify_param.session_id;
+ i++;
+ payload[i] = fcs_sha_mac_verify_param.context_id;
+ i++;
+ payload[i] = crypto_header;
+ i++;
+
+ if ((crypto_header >> FCS_CS_FIELD_FLAG_OFFSET) &
+ FCS_CS_FIELD_FLAG_INIT) {
+ payload[i] = fcs_sha_mac_verify_param.key_id;
+ i++;
+ /* Crypto parameters */
+ payload[i] = ((fcs_sha_mac_verify_param.crypto_param
+ >> INTEL_SIP_SMC_FCS_DIGEST_SIZE_OFFSET)
+ & INTEL_SIP_SMC_FCS_DIGEST_SIZE_MASK)
+ << FCS_SHA_HMAC_CRYPTO_PARAM_SIZE_OFFSET;
+ i++;
+ }
+ /* Data source address and size */
+ payload[i] = src_addr;
+ i++;
+ payload[i] = data_size;
+ i++;
+
+ if ((crypto_header >> FCS_CS_FIELD_FLAG_OFFSET) &
+ FCS_CS_FIELD_FLAG_FINALIZE) {
+ /* Copy mac data to command
+ * Using dst_addr (physical address) to store mac_offset
+ * mac_offset = MAC data
+ */
+ mac_offset = dst_addr;
+ memcpy((uint8_t *) &payload[i], (uint8_t *) mac_offset,
+ src_size - data_size);
+
+ memset((void *)&dst_addr, 0, sizeof(dst_size));
+
+ i += (src_size - data_size) / MBOX_WORD_BYTE;
+ }
+
+ status = mailbox_send_cmd_async(send_id, MBOX_FCS_MAC_VERIFY_REQ,
+ payload, i, CMD_INDIRECT);
+
+ if (is_finalised) {
+ memset((void *)&fcs_sha_mac_verify_param, 0,
+ sizeof(fcs_crypto_service_data));
+ }
+
+ if (status < 0) {
+ *mbox_error = -status;
+ return INTEL_SIP_SMC_STATUS_ERROR;
+ }
+
+ *dst_size = resp_len * MBOX_WORD_BYTE;
+ flush_dcache_range(dst_addr, *dst_size);
+
+ return INTEL_SIP_SMC_STATUS_OK;
+}
+
int intel_fcs_ecdsa_hash_sign_init(uint32_t session_id, uint32_t context_id,
uint32_t key_id, uint32_t param_size,
uint64_t param_data, uint32_t *mbox_error)
@@ -1348,6 +1567,99 @@
return INTEL_SIP_SMC_STATUS_OK;
}
+int intel_fcs_ecdsa_sha2_data_sign_smmu_update_finalize(uint32_t session_id,
+ uint32_t context_id, uint32_t src_addr,
+ uint32_t src_size, uint64_t dst_addr,
+ uint32_t *dst_size, uint8_t is_finalised,
+ uint32_t *mbox_error, uint32_t *send_id)
+{
+ int status;
+ int i;
+ uint32_t flag;
+ uint32_t crypto_header;
+ uint32_t payload[FCS_ECDSA_SHA2_DATA_SIGN_CMD_MAX_WORD_SIZE] = {0U};
+ uint32_t resp_len;
+
+ /* Source data must be 8 bytes aligned */
+ if ((dst_size == NULL) || (mbox_error == NULL ||
+ !is_8_bytes_aligned(src_size))) {
+ return INTEL_SIP_SMC_STATUS_REJECTED;
+ }
+
+ if (fcs_sha2_data_sign_param.session_id != session_id ||
+ fcs_sha2_data_sign_param.context_id != context_id) {
+ return INTEL_SIP_SMC_STATUS_REJECTED;
+ }
+
+ if (!is_address_in_ddr_range(src_addr, src_size) ||
+ !is_address_in_ddr_range(dst_addr, *dst_size)) {
+ return INTEL_SIP_SMC_STATUS_REJECTED;
+ }
+
+ resp_len = *dst_size / MBOX_WORD_BYTE;
+
+ /* Prepare crypto header */
+ flag = 0;
+ if (fcs_sha2_data_sign_param.is_updated) {
+ fcs_sha2_data_sign_param.crypto_param_size = 0;
+ } else {
+ flag |= FCS_CS_FIELD_FLAG_INIT;
+ }
+
+ if (is_finalised != 0U) {
+ flag |= FCS_CS_FIELD_FLAG_FINALIZE;
+ } else {
+ flag |= FCS_CS_FIELD_FLAG_UPDATE;
+ fcs_sha2_data_sign_param.is_updated = 1;
+ }
+ crypto_header = (flag << FCS_CS_FIELD_FLAG_OFFSET) |
+ fcs_sha2_data_sign_param.crypto_param_size;
+
+ /* Prepare command payload */
+ i = 0;
+ payload[i] = fcs_sha2_data_sign_param.session_id;
+ i++;
+ payload[i] = fcs_sha2_data_sign_param.context_id;
+ i++;
+ payload[i] = crypto_header;
+ i++;
+
+ if ((crypto_header >> FCS_CS_FIELD_FLAG_OFFSET) &
+ FCS_CS_FIELD_FLAG_INIT) {
+ payload[i] = fcs_sha2_data_sign_param.key_id;
+ /* Crypto parameters */
+ i++;
+ payload[i] = fcs_sha2_data_sign_param.crypto_param
+ & INTEL_SIP_SMC_FCS_ECC_ALGO_MASK;
+ i++;
+ }
+
+ /* Data source address and size */
+ payload[i] = src_addr;
+ i++;
+ payload[i] = src_size;
+ i++;
+
+ status = mailbox_send_cmd_async(send_id,
+ MBOX_FCS_ECDSA_SHA2_DATA_SIGN_REQ,
+ payload, i, CMD_INDIRECT);
+
+ if (is_finalised != 0U) {
+ memset((void *)&fcs_sha2_data_sign_param, 0,
+ sizeof(fcs_crypto_service_data));
+ }
+
+ if (status < 0) {
+ *mbox_error = -status;
+ return INTEL_SIP_SMC_STATUS_ERROR;
+ }
+
+ *dst_size = resp_len * MBOX_WORD_BYTE;
+ flush_dcache_range(dst_addr, *dst_size);
+
+ return INTEL_SIP_SMC_STATUS_OK;
+}
+
int intel_fcs_ecdsa_sha2_data_sig_verify_init(uint32_t session_id,
uint32_t context_id, uint32_t key_id,
uint32_t param_size, uint64_t param_data,
@@ -1469,6 +1781,121 @@
return INTEL_SIP_SMC_STATUS_OK;
}
+int intel_fcs_ecdsa_sha2_data_sig_verify_smmu_update_finalize(uint32_t session_id,
+ uint32_t context_id, uint32_t src_addr,
+ uint32_t src_size, uint64_t dst_addr,
+ uint32_t *dst_size, uint32_t data_size,
+ uint8_t is_finalised, uint32_t *mbox_error,
+ uint32_t *send_id)
+{
+ int status;
+ uint32_t i;
+ uint32_t flag;
+ uint32_t crypto_header;
+ uint32_t payload[FCS_ECDSA_SHA2_DATA_SIG_VERIFY_CMD_MAX_WORD_SIZE] = {0U};
+ uint32_t resp_len;
+ uintptr_t sig_pubkey_offset;
+
+ /*
+ * Source data must be 4 bytes aligned
+ * Source addrress must be 8 bytes aligned
+ * User data must be 8 bytes aligned
+ */
+ if ((dst_size == NULL) || (mbox_error == NULL) ||
+ !is_size_4_bytes_aligned(src_size) ||
+ !is_8_bytes_aligned(src_addr) ||
+ !is_8_bytes_aligned(data_size)) {
+ return INTEL_SIP_SMC_STATUS_REJECTED;
+ }
+
+ if (fcs_sha2_data_sig_verify_param.session_id != session_id ||
+ fcs_sha2_data_sig_verify_param.context_id != context_id) {
+ return INTEL_SIP_SMC_STATUS_REJECTED;
+ }
+
+ if (!is_address_in_ddr_range(src_addr, src_size) ||
+ !is_address_in_ddr_range(dst_addr, *dst_size)) {
+ return INTEL_SIP_SMC_STATUS_REJECTED;
+ }
+
+ resp_len = *dst_size / MBOX_WORD_BYTE;
+
+ /* Prepare crypto header */
+ flag = 0;
+ if (fcs_sha2_data_sig_verify_param.is_updated)
+ fcs_sha2_data_sig_verify_param.crypto_param_size = 0;
+ else
+ flag |= FCS_CS_FIELD_FLAG_INIT;
+
+ if (is_finalised != 0U)
+ flag |= FCS_CS_FIELD_FLAG_FINALIZE;
+ else {
+ flag |= FCS_CS_FIELD_FLAG_UPDATE;
+ fcs_sha2_data_sig_verify_param.is_updated = 1;
+ }
+ crypto_header = (flag << FCS_CS_FIELD_FLAG_OFFSET) |
+ fcs_sha2_data_sig_verify_param.crypto_param_size;
+
+ /* Prepare command payload */
+ i = 0;
+ payload[i] = fcs_sha2_data_sig_verify_param.session_id;
+ i++;
+ payload[i] = fcs_sha2_data_sig_verify_param.context_id;
+ i++;
+ payload[i] = crypto_header;
+ i++;
+
+ if ((crypto_header >> FCS_CS_FIELD_FLAG_OFFSET) &
+ FCS_CS_FIELD_FLAG_INIT) {
+ payload[i] = fcs_sha2_data_sig_verify_param.key_id;
+ i++;
+ /* Crypto parameters */
+ payload[i] = fcs_sha2_data_sig_verify_param.crypto_param
+ & INTEL_SIP_SMC_FCS_ECC_ALGO_MASK;
+ i++;
+ }
+
+ /* Data source address and size */
+ payload[i] = src_addr;
+ i++;
+ payload[i] = data_size;
+ i++;
+
+ if ((crypto_header >> FCS_CS_FIELD_FLAG_OFFSET) &
+ FCS_CS_FIELD_FLAG_FINALIZE) {
+ /* Copy mac data to command
+ * Using dst_addr (physical address) to store sig_pubkey_offset
+ * sig_pubkey_offset is Signature + Public Key Data
+ */
+ sig_pubkey_offset = dst_addr;
+ memcpy((uint8_t *) &payload[i], (uint8_t *) sig_pubkey_offset,
+ src_size - data_size);
+
+ memset((void *)&dst_addr, 0, sizeof(dst_size));
+
+ i += (src_size - data_size) / MBOX_WORD_BYTE;
+ }
+
+ status = mailbox_send_cmd_async(send_id,
+ MBOX_FCS_ECDSA_SHA2_DATA_SIGN_VERIFY,
+ payload, i, CMD_INDIRECT);
+
+ if (is_finalised != 0U) {
+ memset((void *) &fcs_sha2_data_sig_verify_param, 0,
+ sizeof(fcs_crypto_service_data));
+ }
+
+ if (status < 0) {
+ *mbox_error = -status;
+ return INTEL_SIP_SMC_STATUS_ERROR;
+ }
+
+ *dst_size = resp_len * MBOX_WORD_BYTE;
+ flush_dcache_range(dst_addr, *dst_size);
+
+ return INTEL_SIP_SMC_STATUS_OK;
+}
+
int intel_fcs_ecdsa_get_pubkey_init(uint32_t session_id, uint32_t context_id,
uint32_t key_id, uint32_t param_size,
uint64_t param_data, uint32_t *mbox_error)
@@ -1620,6 +2047,29 @@
uint32_t key_id, uint64_t param_addr,
uint32_t param_size, uint32_t *mbox_error)
{
+ /* ptr to get param_addr value */
+ uint64_t *param_addr_ptr;
+
+ param_addr_ptr = (uint64_t *) param_addr;
+
+ /*
+ * Since crypto param size vary between mode.
+ * Check ECB here and limit to size 12 bytes
+ */
+ if (((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) == FCS_CRYPTO_ECB_MODE) &&
+ (param_size > FCS_CRYPTO_ECB_BUFFER_SIZE)) {
+ return INTEL_SIP_SMC_STATUS_REJECTED;
+ }
+ /*
+ * Since crypto param size vary between mode.
+ * Check CBC/CTR here and limit to size 28 bytes
+ */
+ if ((((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) == FCS_CRYPTO_CBC_MODE) ||
+ ((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) == FCS_CRYPTO_CTR_MODE)) &&
+ (param_size > FCS_CRYPTO_CBC_CTR_BUFFER_SIZE)) {
+ return INTEL_SIP_SMC_STATUS_REJECTED;
+ }
+
if (mbox_error == NULL) {
return INTEL_SIP_SMC_STATUS_REJECTED;
}
diff --git a/plat/intel/soc/common/soc/socfpga_mailbox.c b/plat/intel/soc/common/soc/socfpga_mailbox.c
index d14ac9a..7010d81 100644
--- a/plat/intel/soc/common/soc/socfpga_mailbox.c
+++ b/plat/intel/soc/common/soc/socfpga_mailbox.c
@@ -10,6 +10,7 @@
#include "socfpga_mailbox.h"
#include "socfpga_sip_svc.h"
+#include "socfpga_system_manager.h"
static mailbox_payload_t mailbox_resp_payload;
static mailbox_container_t mailbox_resp_ctr = {0, 0, &mailbox_resp_payload};
@@ -464,8 +465,26 @@
void mailbox_set_qspi_direct(void)
{
+ uint32_t response[1], qspi_clk, reg;
+ unsigned int resp_len = ARRAY_SIZE(response);
+
mailbox_send_cmd(MBOX_JOB_ID, MBOX_CMD_QSPI_DIRECT, NULL, 0U,
- CMD_CASUAL, NULL, NULL);
+ CMD_CASUAL, response, &resp_len);
+
+ qspi_clk = response[0];
+ INFO("QSPI ref clock: %u\n", qspi_clk);
+
+ /*
+ * Store QSPI ref clock frequency in BOOT_SCRATCH_COLD_0 register for
+ * later boot loader (i.e. u-boot) use.
+ * The frequency is stored in kHz and occupies BOOT_SCRATCH_COLD_0
+ * register bits[27:0].
+ */
+ qspi_clk /= 1000;
+ reg = mmio_read_32(SOCFPGA_SYSMGR(BOOT_SCRATCH_COLD_0));
+ reg &= ~SYSMGR_QSPI_REFCLK_MASK;
+ reg |= qspi_clk & SYSMGR_QSPI_REFCLK_MASK;
+ mmio_write_32(SOCFPGA_SYSMGR(BOOT_SCRATCH_COLD_0), reg);
}
void mailbox_set_qspi_close(void)
@@ -590,6 +609,11 @@
}
res = response[RECONFIG_STATUS_STATE];
+
+ if (res == MBOX_CFGSTAT_VAB_BS_PREAUTH) {
+ return MBOX_CFGSTAT_STATE_CONFIG;
+ }
+
if ((res != 0U) && (res != MBOX_CFGSTAT_STATE_CONFIG)) {
return res;
}
diff --git a/plat/intel/soc/common/socfpga_sip_svc.c b/plat/intel/soc/common/socfpga_sip_svc.c
index b57ab92..a20e61c 100644
--- a/plat/intel/soc/common/socfpga_sip_svc.c
+++ b/plat/intel/soc/common/socfpga_sip_svc.c
@@ -344,6 +344,28 @@
case(0xF8011120): /* INTSTAT */
case(0xF8011124): /* DIAGINTTEST */
case(0xF801112C): /* DERRADDRA */
+ case(0xFA000000): /* SMMU SCR0 */
+ case(0xFA000004): /* SMMU SCR1 */
+ case(0xFA000400): /* SMMU NSCR0 */
+ case(0xFA004000): /* SMMU SSD0_REG */
+ case(0xFA000820): /* SMMU SMR8 */
+ case(0xFA000c20): /* SMMU SCR8 */
+ case(0xFA028000): /* SMMU CB8_SCTRL */
+ case(0xFA001020): /* SMMU CBAR8 */
+ case(0xFA028030): /* SMMU TCR_LPAE */
+ case(0xFA028020): /* SMMU CB8_TTBR0_LOW */
+ case(0xFA028024): /* SMMU CB8_PRRR_HIGH */
+ case(0xFA028038): /* SMMU CB8_PRRR_MIR0 */
+ case(0xFA02803C): /* SMMU CB8_PRRR_MIR1 */
+ case(0xFA028010): /* SMMU_CB8)TCR2 */
+ case(0xFFD080A4): /* SDM SMMU STREAM ID REG */
+ case(0xFA001820): /* SMMU_CBA2R8 */
+ case(0xFA000074): /* SMMU_STLBGSTATUS */
+ case(0xFA0287F4): /* SMMU_CB8_TLBSTATUS */
+ case(0xFA000060): /* SMMU_STLBIALL */
+ case(0xFA000070): /* SMMU_STLBGSYNC */
+ case(0xFA028618): /* CB8_TLBALL */
+ case(0xFA0287F0): /* CB8_TLBSYNC */
case(0xFFD12028): /* SDMMCGRP_CTRL */
case(0xFFD12044): /* EMAC0 */
case(0xFFD12048): /* EMAC1 */
@@ -927,6 +949,22 @@
&mbox_error);
SMC_RET4(handle, status, mbox_error, x5, x6);
+ case INTEL_SIP_SMC_FCS_GET_DIGEST_SMMU_UPDATE:
+ x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
+ x6 = SMC_GET_GP(handle, CTX_GPREG_X6);
+ status = intel_fcs_get_digest_smmu_update_finalize(x1, x2, x3,
+ x4, x5, (uint32_t *) &x6, false,
+ &mbox_error, &send_id);
+ SMC_RET4(handle, status, mbox_error, x5, x6);
+
+ case INTEL_SIP_SMC_FCS_GET_DIGEST_SMMU_FINALIZE:
+ x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
+ x6 = SMC_GET_GP(handle, CTX_GPREG_X6);
+ status = intel_fcs_get_digest_smmu_update_finalize(x1, x2, x3,
+ x4, x5, (uint32_t *) &x6, true,
+ &mbox_error, &send_id);
+ SMC_RET4(handle, status, mbox_error, x5, x6);
+
case INTEL_SIP_SMC_FCS_MAC_VERIFY_INIT:
x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
status = intel_fcs_mac_verify_init(x1, x2, x3,
@@ -951,6 +989,24 @@
true, &mbox_error);
SMC_RET4(handle, status, mbox_error, x5, x6);
+ case INTEL_SIP_SMC_FCS_MAC_VERIFY_SMMU_UPDATE:
+ x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
+ x6 = SMC_GET_GP(handle, CTX_GPREG_X6);
+ x7 = SMC_GET_GP(handle, CTX_GPREG_X7);
+ status = intel_fcs_mac_verify_smmu_update_finalize(x1, x2, x3,
+ x4, x5, (uint32_t *) &x6, x7,
+ false, &mbox_error, &send_id);
+ SMC_RET4(handle, status, mbox_error, x5, x6);
+
+ case INTEL_SIP_SMC_FCS_MAC_VERIFY_SMMU_FINALIZE:
+ x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
+ x6 = SMC_GET_GP(handle, CTX_GPREG_X6);
+ x7 = SMC_GET_GP(handle, CTX_GPREG_X7);
+ status = intel_fcs_mac_verify_smmu_update_finalize(x1, x2, x3,
+ x4, x5, (uint32_t *) &x6, x7,
+ true, &mbox_error, &send_id);
+ SMC_RET4(handle, status, mbox_error, x5, x6);
+
case INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGN_INIT:
x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
status = intel_fcs_ecdsa_sha2_data_sign_init(x1, x2, x3,
@@ -973,6 +1029,22 @@
&mbox_error);
SMC_RET4(handle, status, mbox_error, x5, x6);
+ case INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGN_SMMU_UPDATE:
+ x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
+ x6 = SMC_GET_GP(handle, CTX_GPREG_X6);
+ status = intel_fcs_ecdsa_sha2_data_sign_smmu_update_finalize(x1,
+ x2, x3, x4, x5, (uint32_t *) &x6, false,
+ &mbox_error, &send_id);
+ SMC_RET4(handle, status, mbox_error, x5, x6);
+
+ case INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGN_SMMU_FINALIZE:
+ x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
+ x6 = SMC_GET_GP(handle, CTX_GPREG_X6);
+ status = intel_fcs_ecdsa_sha2_data_sign_smmu_update_finalize(x1,
+ x2, x3, x4, x5, (uint32_t *) &x6, true,
+ &mbox_error, &send_id);
+ SMC_RET4(handle, status, mbox_error, x5, x6);
+
case INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGN_INIT:
x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
status = intel_fcs_ecdsa_hash_sign_init(x1, x2, x3,
@@ -1014,6 +1086,24 @@
x7, false, &mbox_error);
SMC_RET4(handle, status, mbox_error, x5, x6);
+ case INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIG_VERIFY_SMMU_UPDATE:
+ x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
+ x6 = SMC_GET_GP(handle, CTX_GPREG_X6);
+ x7 = SMC_GET_GP(handle, CTX_GPREG_X7);
+ status = intel_fcs_ecdsa_sha2_data_sig_verify_smmu_update_finalize(
+ x1, x2, x3, x4, x5, (uint32_t *) &x6,
+ x7, false, &mbox_error, &send_id);
+ SMC_RET4(handle, status, mbox_error, x5, x6);
+
+ case INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIG_VERIFY_SMMU_FINALIZE:
+ x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
+ x6 = SMC_GET_GP(handle, CTX_GPREG_X6);
+ x7 = SMC_GET_GP(handle, CTX_GPREG_X7);
+ status = intel_fcs_ecdsa_sha2_data_sig_verify_smmu_update_finalize(
+ x1, x2, x3, x4, x5, (uint32_t *) &x6,
+ x7, true, &mbox_error, &send_id);
+ SMC_RET4(handle, status, mbox_error, x5, x6);
+
case INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIG_VERIFY_FINALIZE:
x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
x6 = SMC_GET_GP(handle, CTX_GPREG_X6);
diff --git a/plat/qemu/qemu/platform.mk b/plat/qemu/qemu/platform.mk
index dfc5de2..2cf2b9a 100644
--- a/plat/qemu/qemu/platform.mk
+++ b/plat/qemu/qemu/platform.mk
@@ -210,6 +210,12 @@
${PLAT_QEMU_COMMON_PATH}/qemu_bl31_setup.c \
${QEMU_GIC_SOURCES}
+# Pointer Authentication sources
+ifeq (${ENABLE_PAUTH}, 1)
+PLAT_BL_COMMON_SOURCES += plat/arm/common/aarch64/arm_pauth.c \
+ lib/extensions/pauth/pauth_helpers.S
+endif
+
ifeq (${SPD},spmd)
BL31_SOURCES += plat/qemu/common/qemu_spmd_manifest.c
endif
diff --git a/plat/st/common/bl2_io_storage.c b/plat/st/common/bl2_io_storage.c
index b271ed6..1bbaff6 100644
--- a/plat/st/common/bl2_io_storage.c
+++ b/plat/st/common/bl2_io_storage.c
@@ -607,7 +607,7 @@
* - we already boot FWU_MAX_TRIAL_REBOOT times in trial mode.
* we select the previous_active_index.
*/
-#define INVALID_BOOT_IDX 0xFFFFFFFF
+#define INVALID_BOOT_IDX 0xFFFFFFFFU
uint32_t plat_fwu_get_boot_idx(void)
{
diff --git a/plat/st/common/include/stm32mp_efi.h b/plat/st/common/include/stm32mp_efi.h
index 490560f..af9165f 100644
--- a/plat/st/common/include/stm32mp_efi.h
+++ b/plat/st/common/include/stm32mp_efi.h
@@ -1,6 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause */
/*
* Copyright (c) 2021, Linaro Limited
+ * Copyright (c) 2022, STMicroelectronics - All Rights Reserved
*/
#ifndef STM32MP_EFI_H
@@ -9,7 +10,7 @@
#include <drivers/partition/efi.h>
#define STM32MP_FIP_GUID \
- EFI_GUID(0x19d5df83, 0x11b0, 0x457b, \
- 0xbe, 0x2c, 0x75, 0x59, 0xc1, 0x31, 0x42, 0xa5)
+ EFI_GUID(0x19d5df83U, 0x11b0U, 0x457bU, \
+ 0xbeU, 0x2cU, 0x75U, 0x59U, 0xc1U, 0x31U, 0x42U, 0xa5U)
#endif /* STM32MP_EFI_H */
diff --git a/plat/st/common/stm32mp_crypto_lib.c b/plat/st/common/stm32mp_crypto_lib.c
index d644242..acfe701 100644
--- a/plat/st/common/stm32mp_crypto_lib.c
+++ b/plat/st/common/stm32mp_crypto_lib.c
@@ -16,6 +16,7 @@
#include <drivers/st/stm32_pka.h>
#include <drivers/st/stm32_rng.h>
#include <drivers/st/stm32_saes.h>
+#include <lib/utils.h>
#include <lib/xlat_tables/xlat_tables_v2.h>
#include <mbedtls/asn1.h>
#include <mbedtls/md.h>
diff --git a/plat/st/common/stm32mp_dt.c b/plat/st/common/stm32mp_dt.c
index c9efeb5..34d52e1 100644
--- a/plat/st/common/stm32mp_dt.c
+++ b/plat/st/common/stm32mp_dt.c
@@ -79,11 +79,8 @@
}
cchar = fdt_getprop(fdt, node, "secure-status", NULL);
- if (cchar == NULL) {
- if (status == DT_NON_SECURE) {
- status |= DT_SECURE;
- }
- } else if (strncmp(cchar, "okay", strlen("okay")) == 0) {
+ if (((cchar == NULL) && (status == DT_NON_SECURE)) ||
+ ((cchar != NULL) && (strncmp(cchar, "okay", strlen("okay")) == 0))) {
status |= DT_SECURE;
}
@@ -350,7 +347,7 @@
return -FDT_ERR_BADVALUE;
}
- if (fdt32_to_cpu(*cuint) % sizeof(uint32_t)) {
+ if ((fdt32_to_cpu(*cuint) % sizeof(uint32_t)) != 0U) {
ERROR("Misaligned nvmem %s element: ignored\n", name);
return -FDT_ERR_BADVALUE;
}
@@ -386,7 +383,7 @@
fdt_for_each_subnode(node, fdt, pinctrl_node) {
const fdt32_t *cuint;
- int pin_count;
+ int pin_count = 0;
int len;
int i;
@@ -415,11 +412,9 @@
}
/* Get the last defined gpio line (offset + nb of pins) */
- pin_count = fdt32_to_cpu(*(cuint + 1)) + fdt32_to_cpu(*(cuint + 3));
- for (i = 0; i < len / 4; i++) {
- pin_count = MAX(pin_count, (int)(fdt32_to_cpu(*(cuint + 1)) +
- fdt32_to_cpu(*(cuint + 3))));
- cuint += 4;
+ for (i = 0; i < len; i += 4) {
+ pin_count = MAX(pin_count, (int)(fdt32_to_cpu(cuint[i + 1]) +
+ fdt32_to_cpu(cuint[i + 3])));
}
return pin_count;
diff --git a/plat/st/stm32mp1/bl2_plat_setup.c b/plat/st/stm32mp1/bl2_plat_setup.c
index 4f04a6f..87d2d39 100644
--- a/plat/st/stm32mp1/bl2_plat_setup.c
+++ b/plat/st/stm32mp1/bl2_plat_setup.c
@@ -543,20 +543,15 @@
void bl2_el3_plat_prepare_exit(void)
{
+#if STM32MP_UART_PROGRAMMER || STM32MP_USB_PROGRAMMER
uint16_t boot_itf = stm32mp_get_boot_itf_selected();
- switch (boot_itf) {
-#if STM32MP_UART_PROGRAMMER || STM32MP_USB_PROGRAMMER
- case BOOT_API_CTX_BOOT_INTERFACE_SEL_SERIAL_UART:
- case BOOT_API_CTX_BOOT_INTERFACE_SEL_SERIAL_USB:
+ if ((boot_itf == BOOT_API_CTX_BOOT_INTERFACE_SEL_SERIAL_UART) ||
+ (boot_itf == BOOT_API_CTX_BOOT_INTERFACE_SEL_SERIAL_USB)) {
/* Invalidate the downloaded buffer used with io_memmap */
inv_dcache_range(DWL_BUFFER_BASE, DWL_BUFFER_SIZE);
- break;
-#endif /* STM32MP_UART_PROGRAMMER || STM32MP_USB_PROGRAMMER */
- default:
- /* Do nothing in default case */
- break;
}
+#endif /* STM32MP_UART_PROGRAMMER || STM32MP_USB_PROGRAMMER */
stm32mp1_security_setup();
}
diff --git a/plat/st/stm32mp1/stm32mp1_fconf_firewall.c b/plat/st/stm32mp1/stm32mp1_fconf_firewall.c
index f2568ab..7d99564 100644
--- a/plat/st/stm32mp1/stm32mp1_fconf_firewall.c
+++ b/plat/st/stm32mp1/stm32mp1_fconf_firewall.c
@@ -99,15 +99,16 @@
/* Locate the memory cells and read all values */
for (i = 0U; i < (unsigned int)(len / (sizeof(uint32_t) * STM32MP_REGION_PARAMS)); i++) {
+ uint32_t idx = i * STM32MP_REGION_PARAMS;
uint32_t base;
uint32_t size;
uint32_t sec_attr;
uint32_t nsaid;
- base = fdt32_to_cpu(conf_list->id_attr[i * STM32MP_REGION_PARAMS]);
- size = fdt32_to_cpu(conf_list->id_attr[i * STM32MP_REGION_PARAMS + 1]);
- sec_attr = fdt32_to_cpu(conf_list->id_attr[i * STM32MP_REGION_PARAMS + 2]);
- nsaid = fdt32_to_cpu(conf_list->id_attr[i * STM32MP_REGION_PARAMS + 3]);
+ base = fdt32_to_cpu(conf_list->id_attr[idx]);
+ size = fdt32_to_cpu(conf_list->id_attr[idx + 1]);
+ sec_attr = fdt32_to_cpu(conf_list->id_attr[idx + 2]);
+ nsaid = fdt32_to_cpu(conf_list->id_attr[idx + 3]);
VERBOSE("FCONF: stm32mp1-firewall cell found with value = 0x%x 0x%x 0x%x 0x%x\n",
base, size, sec_attr, nsaid);
diff --git a/plat/st/stm32mp1/stm32mp1_private.c b/plat/st/stm32mp1/stm32mp1_private.c
index 9bdb075..e6cb071 100644
--- a/plat/st/stm32mp1/stm32mp1_private.c
+++ b/plat/st/stm32mp1/stm32mp1_private.c
@@ -140,14 +140,14 @@
uintptr_t stm32_get_gpio_bank_base(unsigned int bank)
{
#if STM32MP13
- assert(GPIO_BANK_A == 0 && bank <= GPIO_BANK_I);
+ assert((GPIO_BANK_A == 0) && (bank <= GPIO_BANK_I));
#endif
#if STM32MP15
if (bank == GPIO_BANK_Z) {
return GPIOZ_BASE;
}
- assert(GPIO_BANK_A == 0 && bank <= GPIO_BANK_K);
+ assert((GPIO_BANK_A == 0) && (bank <= GPIO_BANK_K));
#endif
return GPIOA_BASE + (bank * GPIO_BANK_OFFSET);
@@ -156,14 +156,14 @@
uint32_t stm32_get_gpio_bank_offset(unsigned int bank)
{
#if STM32MP13
- assert(GPIO_BANK_A == 0 && bank <= GPIO_BANK_I);
+ assert((GPIO_BANK_A == 0) && (bank <= GPIO_BANK_I));
#endif
#if STM32MP15
if (bank == GPIO_BANK_Z) {
return 0;
}
- assert(GPIO_BANK_A == 0 && bank <= GPIO_BANK_K);
+ assert((GPIO_BANK_A == 0) && (bank <= GPIO_BANK_K));
#endif
return bank * GPIO_BANK_OFFSET;
@@ -186,14 +186,14 @@
unsigned long stm32_get_gpio_bank_clock(unsigned int bank)
{
#if STM32MP13
- assert(GPIO_BANK_A == 0 && bank <= GPIO_BANK_I);
+ assert((GPIO_BANK_A == 0) && (bank <= GPIO_BANK_I));
#endif
#if STM32MP15
if (bank == GPIO_BANK_Z) {
return GPIOZ;
}
- assert(GPIO_BANK_A == 0 && bank <= GPIO_BANK_K);
+ assert((GPIO_BANK_A == 0) && (bank <= GPIO_BANK_K));
#endif
return GPIOA + (bank - GPIO_BANK_A);
@@ -378,7 +378,7 @@
void stm32mp_get_soc_name(char name[STM32_SOC_NAME_SIZE])
{
- char *cpu_s, *cpu_r, *pkg;
+ const char *cpu_s, *cpu_r, *pkg;
/* MPUs Part Numbers */
switch (get_part_number()) {
diff --git a/plat/st/stm32mp1/stm32mp1_syscfg.c b/plat/st/stm32mp1/stm32mp1_syscfg.c
index ff79428..75dd709 100644
--- a/plat/st/stm32mp1/stm32mp1_syscfg.c
+++ b/plat/st/stm32mp1/stm32mp1_syscfg.c
@@ -235,7 +235,9 @@
}
if (apply_hslv) {
- mmio_write_32(SYSCFG_BASE + SYSCFG_HSLVEN0R + index * sizeof(uint32_t), HSLV_KEY);
+ uint32_t reg_offset = index * sizeof(uint32_t);
+
+ mmio_write_32(SYSCFG_BASE + SYSCFG_HSLVEN0R + reg_offset, HSLV_KEY);
}
}
#endif
diff --git a/plat/xilinx/common/ipi_mailbox_service/ipi_mailbox_svc.c b/plat/xilinx/common/ipi_mailbox_service/ipi_mailbox_svc.c
index cb6aaa5..30b0176 100644
--- a/plat/xilinx/common/ipi_mailbox_service/ipi_mailbox_svc.c
+++ b/plat/xilinx/common/ipi_mailbox_service/ipi_mailbox_svc.c
@@ -21,7 +21,6 @@
#include <plat_private.h>
#include "ipi_mailbox_svc.h"
-#include "../../../services/spd/trusty/smcall.h"
/*********************************************************************
* Macros definitions
@@ -75,17 +74,19 @@
ipi_local_id = x1 & UNSIGNED32_MASK;
ipi_remote_id = x2 & UNSIGNED32_MASK;
- if (SMC_ENTITY(smc_fid) >= SMC_ENTITY_TRUSTED_APP)
+ if ((GET_SMC_OEN(smc_fid) >= OEN_TAP_START) &&
+ (GET_SMC_OEN(smc_fid) <= OEN_TOS_END)) {
is_secure = 1;
- else
+ } else {
is_secure = 0;
+ }
/* Validate IPI mailbox access */
ret = ipi_mb_validate(ipi_local_id, ipi_remote_id, is_secure);
if (ret)
SMC_RET1(handle, ret);
- switch (SMC_FUNCTION(smc_fid)) {
+ switch (GET_SMC_NUM(smc_fid)) {
case IPI_MAILBOX_OPEN:
ipi_mb_open(ipi_local_id, ipi_remote_id);
SMC_RET1(handle, 0);
diff --git a/services/std_svc/rmmd/trp/trp_entry.S b/services/std_svc/rmmd/trp/trp_entry.S
index 47c1df1..3e1d8c9 100644
--- a/services/std_svc/rmmd/trp/trp_entry.S
+++ b/services/std_svc/rmmd/trp/trp_entry.S
@@ -83,7 +83,17 @@
mov x3, x23
bl trp_setup
bl trp_main
+ b 1f
+
warm_boot:
+ mov x0, x20
+ mov x1, x21
+ mov x2, x22
+ mov x3, x23
+ bl trp_validate_warmboot_args
+ cbnz x0, trp_panic /* Failed to validate warmboot args */
+
+1:
mov_imm x0, RMM_BOOT_COMPLETE
mov x1, xzr /* RMM_BOOT_SUCCESS */
smc #0
@@ -115,7 +125,29 @@
* ---------------------------------------------
*/
func trp_handler
+ /*
+ * Save Link Register and X4, as per SMCCC v1.2 its value
+ * must be preserved unless it contains result, as specified
+ * in the function definition.
+ */
+ stp x4, lr, [sp, #-16]!
+
+ /*
+ * Zero the space for X0-X3 in trp_smc_result structure
+ * and pass its address as the last argument.
+ */
+ stp xzr, xzr, [sp, #-16]!
+ stp xzr, xzr, [sp, #-16]!
+ mov x7, sp
+
bl trp_rmi_handler
- restore_args_call_smc
+
+ ldp x1, x2, [sp], #16
+ ldp x3, x4, [sp], #16
+ ldp x5, lr, [sp], #16
+
+ ldr x0, =RMM_RMI_REQ_COMPLETE
+ smc #0
+
b trp_handler
endfunc trp_handler
diff --git a/services/std_svc/rmmd/trp/trp_main.c b/services/std_svc/rmmd/trp/trp_main.c
index 5a56af0..196bc11 100644
--- a/services/std_svc/rmmd/trp/trp_main.c
+++ b/services/std_svc/rmmd/trp/trp_main.c
@@ -4,7 +4,6 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
-
#include <common/debug.h>
#include <plat/common/platform.h>
#include <services/rmm_core_manifest.h>
@@ -31,11 +30,11 @@
uint64_t x3)
{
/*
- * Validate boot parameters.
+ * Validate boot parameters
*
- * According to the Boot Interface ABI v.0.1, the
- * parameters recived from EL3 are:
- * x0: CPUID (verified earlier so not used)
+ * According to the Boot Interface ABI v.0.1,
+ * the parameters received from EL3 are:
+ * x0: CPUID (verified earlier, so not used)
* x1: Boot Interface version
* x2: PLATFORM_CORE_COUNT
* x3: Pointer to the shared memory area.
@@ -66,6 +65,24 @@
trp_early_platform_setup((rmm_manifest_t *)trp_shared_region_start);
}
+int trp_validate_warmboot_args(uint64_t x0, uint64_t x1,
+ uint64_t x2, uint64_t x3)
+{
+ /*
+ * Validate boot parameters for warm boot
+ *
+ * According to the Boot Interface ABI v.0.1, the parameters
+ * received from EL3 during warm boot are:
+ *
+ * x0: CPUID (verified earlier so not used here)
+ * [x1:x3]: RES0
+ */
+
+ (void)x0;
+
+ return ((x1 | x2 | x3) == 0UL) ? 0 : E_RMM_BOOT_UNKNOWN;
+}
+
/* Main function for TRP */
void trp_main(void)
{
@@ -73,14 +90,14 @@
NOTICE("TRP: %s\n", build_message);
NOTICE("TRP: Supported RMM-EL3 Interface ABI: v.%u.%u\n",
TRP_RMM_EL3_ABI_VERS_MAJOR, TRP_RMM_EL3_ABI_VERS_MINOR);
- NOTICE("TRP: Boot Manifest Version : v.%u.%u\n",
+ NOTICE("TRP: Boot Manifest Version: v.%u.%u\n",
RMMD_GET_MANIFEST_VERSION_MAJOR(trp_boot_manifest_version),
RMMD_GET_MANIFEST_VERSION_MINOR(trp_boot_manifest_version));
- INFO("TRP: Memory base : 0x%lx\n", (unsigned long)RMM_BASE);
- INFO("TRP: Base address for the shared region : 0x%lx\n",
+ INFO("TRP: Memory base: 0x%lx\n", (unsigned long)RMM_BASE);
+ INFO("TRP: Shared region base address: 0x%lx\n",
(unsigned long)trp_shared_region_start);
- INFO("TRP: Total size : 0x%lx bytes\n", (unsigned long)(RMM_END
- - RMM_BASE));
+ INFO("TRP: Total size: 0x%lx bytes\n",
+ (unsigned long)(RMM_END - RMM_BASE));
INFO("TRP: RMM-EL3 Interface ABI reported by EL3: v.%u.%u\n",
TRP_RMM_EL3_VERSION_GET_MAJOR(trp_boot_abi_version),
TRP_RMM_EL3_VERSION_GET_MINOR(trp_boot_abi_version));
@@ -89,62 +106,73 @@
/*******************************************************************************
* Returning RMI version back to Normal World
******************************************************************************/
-static trp_args_t *trp_ret_rmi_version(void)
+static void trp_ret_rmi_version(struct trp_smc_result *smc_ret)
{
VERBOSE("RMM version is %u.%u\n", RMI_ABI_VERSION_MAJOR,
RMI_ABI_VERSION_MINOR);
- return set_smc_args(RMM_RMI_REQ_COMPLETE, RMI_ABI_VERSION,
- 0, 0, 0, 0, 0, 0);
+ smc_ret->x[0] = RMI_ABI_VERSION;
}
/*******************************************************************************
* Transitioning granule of NON-SECURE type to REALM type
******************************************************************************/
-static trp_args_t *trp_asc_mark_realm(unsigned long long x1)
+static void trp_asc_mark_realm(unsigned long long x1,
+ struct trp_smc_result *smc_ret)
{
- unsigned long long ret;
-
VERBOSE("Delegating granule 0x%llx\n", x1);
- ret = trp_smc(set_smc_args(RMM_GTSI_DELEGATE, x1, 0, 0, 0, 0, 0, 0));
+ smc_ret->x[0] = trp_smc(set_smc_args(RMM_GTSI_DELEGATE, x1,
+ 0UL, 0UL, 0UL, 0UL, 0UL, 0UL));
- if (ret != 0ULL) {
+ if (smc_ret->x[0] != 0ULL) {
ERROR("Granule transition from NON-SECURE type to REALM type "
- "failed 0x%llx\n", ret);
+ "failed 0x%llx\n", smc_ret->x[0]);
}
- return set_smc_args(RMM_RMI_REQ_COMPLETE, ret, 0, 0, 0, 0, 0, 0);
}
/*******************************************************************************
* Transitioning granule of REALM type to NON-SECURE type
******************************************************************************/
-static trp_args_t *trp_asc_mark_nonsecure(unsigned long long x1)
+static void trp_asc_mark_nonsecure(unsigned long long x1,
+ struct trp_smc_result *smc_ret)
{
- unsigned long long ret;
-
VERBOSE("Undelegating granule 0x%llx\n", x1);
- ret = trp_smc(set_smc_args(RMM_GTSI_UNDELEGATE, x1, 0, 0, 0, 0, 0, 0));
+ smc_ret->x[0] = trp_smc(set_smc_args(RMM_GTSI_UNDELEGATE, x1,
+ 0UL, 0UL, 0UL, 0UL, 0UL, 0UL));
- if (ret != 0ULL) {
+ if (smc_ret->x[0] != 0ULL) {
ERROR("Granule transition from REALM type to NON-SECURE type "
- "failed 0x%llx\n", ret);
+ "failed 0x%llx\n", smc_ret->x[0]);
}
- return set_smc_args(RMM_RMI_REQ_COMPLETE, ret, 0, 0, 0, 0, 0, 0);
}
/*******************************************************************************
* Main RMI SMC handler function
******************************************************************************/
-trp_args_t *trp_rmi_handler(unsigned long fid, unsigned long long x1)
+void trp_rmi_handler(unsigned long fid,
+ unsigned long long x1, unsigned long long x2,
+ unsigned long long x3, unsigned long long x4,
+ unsigned long long x5, unsigned long long x6,
+ struct trp_smc_result *smc_ret)
{
+ /* Not used in the current implementation */
+ (void)x2;
+ (void)x3;
+ (void)x4;
+ (void)x5;
+ (void)x6;
+
switch (fid) {
case RMI_RMM_REQ_VERSION:
- return trp_ret_rmi_version();
+ trp_ret_rmi_version(smc_ret);
+ break;
case RMI_RMM_GRANULE_DELEGATE:
- return trp_asc_mark_realm(x1);
+ trp_asc_mark_realm(x1, smc_ret);
+ break;
case RMI_RMM_GRANULE_UNDELEGATE:
- return trp_asc_mark_nonsecure(x1);
+ trp_asc_mark_nonsecure(x1, smc_ret);
+ break;
default:
- ERROR("Invalid SMC code to %s, FID %lu\n", __func__, fid);
+ ERROR("Invalid SMC code to %s, FID %lx\n", __func__, fid);
+ smc_ret->x[0] = SMC_UNK;
}
- return set_smc_args(SMC_UNK, 0, 0, 0, 0, 0, 0, 0);
}
diff --git a/services/std_svc/rmmd/trp/trp_private.h b/services/std_svc/rmmd/trp/trp_private.h
index 945ae1c..d8c6960 100644
--- a/services/std_svc/rmmd/trp/trp_private.h
+++ b/services/std_svc/rmmd/trp/trp_private.h
@@ -53,5 +53,9 @@
uint64_t x2,
uint64_t x3);
+/* Validate arguments for warm boot only */
+int trp_validate_warmboot_args(uint64_t x0, uint64_t x1,
+ uint64_t x2, uint64_t x3);
+
#endif /* __ASSEMBLER__ */
#endif /* TRP_PRIVATE_H */