Merge "fix(tc): unify TC ROM start addresses" into integration
diff --git a/.gitignore b/.gitignore
index 1f4efb6..ab2c0c4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,6 +31,8 @@
tools/stm32image/stm32image
tools/stm32image/stm32image.exe
tools/sptool/__pycache__/
+tools/encrypt_fw/encrypt_fw
+tools/encrypt_fw/encrypt_fw.exe
# GNU GLOBAL files
GPATH
diff --git a/.husky/pre-commit b/.husky/pre-commit
new file mode 100755
index 0000000..afcb1f6
--- /dev/null
+++ b/.husky/pre-commit
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+# shellcheck source=./_/husky.sh
+. "$(dirname "$0")/_/husky.sh"
+
+"$(dirname "$0")/pre-commit.copyright" "$@"
diff --git a/.husky/pre-commit.copyright b/.husky/pre-commit.copyright
new file mode 100755
index 0000000..a4dfee8
--- /dev/null
+++ b/.husky/pre-commit.copyright
@@ -0,0 +1,63 @@
+#!/bin/bash
+
+# A hook script that checks if files staged for commit have updated Arm copyright year.
+# In case they are not - updates the years and prompts user to add them to the change.
+# This hook is called on "git commit" after changes have been staged, but before commit
+# message has to be provided.
+
+RED="\033[00;31m"
+YELLOW="\033[00;33m"
+BLANK="\033[00;00m"
+
+FILES=`git diff --cached --name-only HEAD`
+YEAR_NOW=`date +"%Y"`
+
+YEAR_RGX="[0-9][0-9][0-9][0-9]"
+ARM_RGX="\(ARM\|Arm\|arm\)"
+
+exit_code=0
+
+function user_warning() {
+ echo -e "Copyright of $RED$FILE$BLANK is out of date/incorrect"
+ echo -e "Updated copyright to"
+ grep -nr "opyright.*$YEAR_RGX.*$ARM_RGX" "$FILE"
+ echo
+}
+
+while read -r FILE; do
+ if [ -z "$FILE" ]
+ then
+ break
+ fi
+ # Check if correct copyright notice is in file.
+ # To reduce false positives, we assume files with no
+ # copyright notice do not require it.
+ if ! grep "opyright.*$YEAR_NOW.*$ARM_RGX" "$FILE">/dev/null 2>&1
+ then
+ # If it is "from_date - to_date" type of entry - change to_date entry.
+ if grep "opyright.*$YEAR_RGX.*-.*$YEAR_RGX.*$ARM_RGX" "$FILE" >/dev/null 2>&1
+ then
+ exit_code=1
+ sed -i "s/\(opyright.*\)$YEAR_RGX\(.*$ARM_RGX\)/\1$(date +"%Y"), Arm/" $FILE
+ user_warning
+ # If it is single "date" type of entry - add the copyright extension to current year.
+ elif grep "opyright.*$YEAR_RGX.*$ARM_RGX" "$FILE" >/dev/null 2>&1
+ then
+ exit_code=1
+ sed -i "s/\(opyright.*$YEAR_RGX\)\(.*$ARM_RGX\)/\1-$(date +"%Y"), Arm/" $FILE
+ user_warning
+ fi
+ # Even if the year is correct - verify that Arm copyright is formatted correctly.
+ elif grep "opyright.*\(ARM\|arm\)" "$FILE">/dev/null 2>&1
+ then
+ exit_code=1
+ sed -i "s/\(opyright.*\)\(ARM\|arm\)/\1Arm/" $FILE
+ user_warning
+ fi
+done <<< "$FILES"
+
+if [ $exit_code -eq 1 ]
+then
+ echo -e "$RED""Please stage updated files$BLANK before commiting or use$YELLOW git commit --no-verify$BLANK to skip copyright check"
+fi
+exit $exit_code
diff --git a/.readthedocs.yaml b/.readthedocs.yaml
new file mode 100644
index 0000000..6e6fa84
--- /dev/null
+++ b/.readthedocs.yaml
@@ -0,0 +1,29 @@
+# Copyright (c) 2023, Arm Limited. All rights reserved
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+# Configuration file for the readthedocs deploy
+# Available at https://trustedfirmware-a.readthedocs.io/en/latest/
+
+
+# readthedocs config version
+version: 2
+
+build:
+ os: ubuntu-22.04 # Ubuntu Jammy LTS
+ tools:
+ python: "3.10"
+ apt_packages:
+ - plantuml
+
+python:
+ install:
+ - requirements: docs/requirements.txt
+
+sphinx:
+ configuration: docs/conf.py
+
+# Auxiliary formats to export to (in addition to the default HTML output).
+formats:
+ - pdf
+
diff --git a/Makefile b/Makefile
index f4d623e..a7894ec 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -153,6 +153,9 @@
ENABLE_FEAT_ECV = 1
ENABLE_FEAT_FGT = 1
+# RME enables CSV2_2 extension by default.
+ENABLE_FEAT_CSV2_2 = 1
+
endif
# USE_SPINLOCK_CAS requires AArch64 build
@@ -442,6 +445,8 @@
GCC_V_OUTPUT := $(shell $(CC) -v 2>&1)
+TF_LDFLAGS += -z noexecstack
+
# LD = armlink
ifneq ($(findstring armlink,$(notdir $(LD))),)
TF_LDFLAGS += --diag_error=warning --lto_level=O1
@@ -453,6 +458,10 @@
# Pass ld options with Wl or Xlinker switches
TF_LDFLAGS += -Wl,--fatal-warnings -O1
TF_LDFLAGS += -Wl,--gc-sections
+
+TF_LDFLAGS += -Wl,-z,common-page-size=4096 # Configure page size constants
+TF_LDFLAGS += -Wl,-z,max-page-size=4096
+
ifeq ($(ENABLE_LTO),1)
ifeq (${ARCH},aarch64)
TF_LDFLAGS += -flto -fuse-linker-plugin
@@ -468,12 +477,21 @@
# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other
else
-TF_LDFLAGS += --fatal-warnings -O1
+# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we
+# are not loaded by a elf loader.
+TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments)
+TF_LDFLAGS += -O1
TF_LDFLAGS += --gc-sections
+
+TF_LDFLAGS += -z common-page-size=4096 # Configure page size constants
+TF_LDFLAGS += -z max-page-size=4096
+
# ld.lld doesn't recognize the errata flags,
-# therefore don't add those in that case
+# therefore don't add those in that case.
+# ld.lld reports section type mismatch warnings,
+# therefore don't add --fatal-warnings to it.
ifeq ($(findstring ld.lld,$(notdir $(LD))),)
-TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH))
+TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) --fatal-warnings
endif
endif
@@ -628,6 +646,22 @@
include ${PLAT_MAKEFILE_FULL}
+# This internal flag is common option which is set to 1 for scenarios
+# when the BL2 is running in EL3 level. This occurs in two scenarios -
+# 4 world system running BL2 at EL3 and two world system without BL1 running
+# BL2 in EL3
+
+ifeq (${RESET_TO_BL2},1)
+ BL2_RUNS_AT_EL3 := 1
+ ifeq (${ENABLE_RME},1)
+ $(error RESET_TO_BL2=1 and ENABLE_RME=1 configuration is not supported at the moment.)
+ endif
+else ifeq (${ENABLE_RME},1)
+ BL2_RUNS_AT_EL3 := 1
+else
+ BL2_RUNS_AT_EL3 := 0
+endif
+
$(eval $(call MAKE_PREREQ_DIR,${BUILD_PLAT}))
ifeq (${ARM_ARCH_MAJOR},7)
@@ -649,21 +683,25 @@
endif
ifeq ($(ENABLE_PIE),1)
-ifeq ($(BL2_AT_EL3),1)
+ifeq ($(RESET_TO_BL2),1)
ifneq ($(BL2_IN_XIP_MEM),1)
+ BL2_CPPFLAGS += -fpie
BL2_CFLAGS += -fpie
BL2_LDFLAGS += $(PIE_LDFLAGS)
endif
endif
- BL31_CFLAGS += -fpie
+ BL31_CPPFLAGS += -fpie
+ BL31_CFLAGS += -fpie
BL31_LDFLAGS += $(PIE_LDFLAGS)
+
+ BL32_CPPFLAGS += -fpie
BL32_CFLAGS += -fpie
BL32_LDFLAGS += $(PIE_LDFLAGS)
endif
ifeq (${ARCH},aarch64)
BL1_CPPFLAGS += -DIMAGE_AT_EL3
-ifeq ($(BL2_AT_EL3),1)
+ifeq ($(RESET_TO_BL2),1)
BL2_CPPFLAGS += -DIMAGE_AT_EL3
else
BL2_CPPFLAGS += -DIMAGE_AT_EL1
@@ -740,9 +778,9 @@
$(error USE_COHERENT_MEM cannot be enabled with HW_ASSISTED_COHERENCY)
endif
-#For now, BL2_IN_XIP_MEM is only supported when BL2_AT_EL3 is 1.
-ifeq ($(BL2_AT_EL3)-$(BL2_IN_XIP_MEM),0-1)
-$(error "BL2_IN_XIP_MEM is only supported when BL2_AT_EL3 is enabled")
+#For now, BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is 1.
+ifeq ($(RESET_TO_BL2)-$(BL2_IN_XIP_MEM),0-1)
+$(error "BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is enabled")
endif
# For RAS_EXTENSION, require that EAs are handled in EL3 first
@@ -1095,7 +1133,7 @@
USE_ROMLIB \
USE_TBBR_DEFS \
WARMBOOT_ENABLE_DCACHE_EARLY \
- BL2_AT_EL3 \
+ RESET_TO_BL2 \
BL2_IN_XIP_MEM \
BL2_INV_DCACHE \
USE_SPINLOCK_CAS \
@@ -1240,7 +1278,8 @@
USE_ROMLIB \
USE_TBBR_DEFS \
WARMBOOT_ENABLE_DCACHE_EARLY \
- BL2_AT_EL3 \
+ RESET_TO_BL2 \
+ BL2_RUNS_AT_EL3 \
BL2_IN_XIP_MEM \
BL2_INV_DCACHE \
USE_SPINLOCK_CAS \
@@ -1347,7 +1386,7 @@
endif
ifeq (${NEED_BL2},yes)
-ifeq (${BL2_AT_EL3}, 0)
+ifeq (${RESET_TO_BL2}, 0)
FIP_BL2_ARGS := tb-fw
endif
diff --git a/bl1/bl1.ld.S b/bl1/bl1.ld.S
index c4ec5fe..bec234b 100644
--- a/bl1/bl1.ld.S
+++ b/bl1/bl1.ld.S
@@ -1,13 +1,12 @@
/*
- * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
/*
- * The .data section gets copied from ROM to RAM at runtime.
- * Its LMA should be 16-byte aligned to allow efficient copying of 16-bytes
- * aligned regions in it.
+ * The .data section gets copied from ROM to RAM at runtime. Its LMA should be
+ * 16-byte aligned to allow efficient copying of 16-bytes aligned regions in it.
* Its VMA must be page-aligned as it marks the first read/write page.
*/
#define DATA_ALIGN 16
@@ -24,23 +23,26 @@
RAM (rwx): ORIGIN = BL1_RW_BASE, LENGTH = BL1_RW_LIMIT - BL1_RW_BASE
}
-SECTIONS
-{
+SECTIONS {
. = BL1_RO_BASE;
+
ASSERT(. == ALIGN(PAGE_SIZE),
- "BL1_RO_BASE address is not aligned on a page boundary.")
+ "BL1_RO_BASE address is not aligned on a page boundary.")
#if SEPARATE_CODE_AND_RODATA
.text . : {
__TEXT_START__ = .;
+
*bl1_entrypoint.o(.text*)
*(SORT_BY_ALIGNMENT(.text*))
*(.vectors)
+
. = ALIGN(PAGE_SIZE);
+
__TEXT_END__ = .;
} >ROM
- /* .ARM.extab and .ARM.exidx are only added because Clang need them */
+ /* .ARM.extab and .ARM.exidx are only added because Clang needs them */
.ARM.extab . : {
*(.ARM.extab* .gnu.linkonce.armextab.*)
} >ROM
@@ -51,51 +53,57 @@
.rodata . : {
__RODATA_START__ = .;
+
*(SORT_BY_ALIGNMENT(.rodata*))
- RODATA_COMMON
+ RODATA_COMMON
/*
* No need to pad out the .rodata section to a page boundary. Next is
* the .data section, which can mapped in ROM with the same memory
* attributes as the .rodata section.
*
- * Pad out to 16 bytes though as .data section needs to be 16 byte
- * aligned and lld does not align the LMA to the aligment specified
+ * Pad out to 16 bytes though as .data section needs to be 16-byte
+ * aligned and lld does not align the LMA to the alignment specified
* on the .data section.
*/
__RODATA_END__ = .;
- . = ALIGN(16);
+
+ . = ALIGN(16);
} >ROM
-#else
- ro . : {
+#else /* SEPARATE_CODE_AND_RODATA */
+ .ro . : {
__RO_START__ = .;
+
*bl1_entrypoint.o(.text*)
*(SORT_BY_ALIGNMENT(.text*))
*(SORT_BY_ALIGNMENT(.rodata*))
- RODATA_COMMON
+ RODATA_COMMON
*(.vectors)
+
__RO_END__ = .;
/*
- * Pad out to 16 bytes as .data section needs to be 16 byte aligned and
- * lld does not align the LMA to the aligment specified on the .data
- * section.
+ * Pad out to 16 bytes as the .data section needs to be 16-byte aligned
+ * and lld does not align the LMA to the alignment specified on the
+ * .data section.
*/
- . = ALIGN(16);
+ . = ALIGN(16);
} >ROM
-#endif
+#endif /* SEPARATE_CODE_AND_RODATA */
ASSERT(__CPU_OPS_END__ > __CPU_OPS_START__,
- "cpu_ops not defined for this platform.")
+ "cpu_ops not defined for this platform.")
. = BL1_RW_BASE;
+
ASSERT(BL1_RW_BASE == ALIGN(PAGE_SIZE),
- "BL1_RW_BASE address is not aligned on a page boundary.")
+ "BL1_RW_BASE address is not aligned on a page boundary.")
DATA_SECTION >RAM AT>ROM
+
__DATA_RAM_START__ = __DATA_START__;
__DATA_RAM_END__ = __DATA_END__;
@@ -105,24 +113,26 @@
#if USE_COHERENT_MEM
/*
- * The base address of the coherent memory section must be page-aligned (4K)
- * to guarantee that the coherent data are stored on their own pages and
- * are not mixed with normal data. This is required to set up the correct
- * memory attributes for the coherent data page tables.
+ * The base address of the coherent memory section must be page-aligned to
+ * guarantee that the coherent data are stored on their own pages and are
+ * not mixed with normal data. This is required to set up the correct memory
+ * attributes for the coherent data page tables.
*/
- coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) {
+ .coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) {
__COHERENT_RAM_START__ = .;
- *(tzfw_coherent_mem)
+ *(.tzfw_coherent_mem)
__COHERENT_RAM_END_UNALIGNED__ = .;
+
/*
- * Memory page(s) mapped to this section will be marked
- * as device memory. No other unexpected data must creep in.
- * Ensure the rest of the current memory page is unused.
+ * Memory page(s) mapped to this section will be marked as device
+ * memory. No other unexpected data must creep in. Ensure the rest of
+ * the current memory page is unused.
*/
. = ALIGN(PAGE_SIZE);
+
__COHERENT_RAM_END__ = .;
} >RAM
-#endif
+#endif /* USE_COHERENT_MEM */
__BL1_RAM_START__ = ADDR(.data);
__BL1_RAM_END__ = .;
@@ -135,15 +145,16 @@
* of BL1's actual content in Trusted ROM.
*/
__BL1_ROM_END__ = __DATA_ROM_START__ + __DATA_SIZE__;
+
ASSERT(__BL1_ROM_END__ <= BL1_RO_LIMIT,
- "BL1's ROM content has exceeded its limit.")
+ "BL1's ROM content has exceeded its limit.")
__BSS_SIZE__ = SIZEOF(.bss);
#if USE_COHERENT_MEM
__COHERENT_RAM_UNALIGNED_SIZE__ =
__COHERENT_RAM_END_UNALIGNED__ - __COHERENT_RAM_START__;
-#endif
+#endif /* USE_COHERENT_MEM */
ASSERT(. <= BL1_RW_LIMIT, "BL1's RW section has exceeded its limit.")
}
diff --git a/bl1/bl1.mk b/bl1/bl1.mk
index 9f63fd5..0c43f13 100644
--- a/bl1/bl1.mk
+++ b/bl1/bl1.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -29,4 +29,4 @@
BL1_SOURCES += bl1/bl1_fwu.c
endif
-BL1_LINKERFILE := bl1/bl1.ld.S
+BL1_DEFAULT_LINKER_SCRIPT_SOURCE := bl1/bl1.ld.S
diff --git a/bl1/bl1_fwu.c b/bl1/bl1_fwu.c
index b70bffd..6d4dc7e 100644
--- a/bl1/bl1_fwu.c
+++ b/bl1/bl1_fwu.c
@@ -420,7 +420,7 @@
* Image is in RESET state.
* Check the parameters and authenticate the source image in place.
*/
- if (bl1_plat_mem_check(image_src, image_size, \
+ if (bl1_plat_mem_check(image_src, image_size,
desc->ep_info.h.attr) != 0) {
WARN("BL1-FWU: Authentication arguments source/size not mapped\n");
return -ENOMEM;
diff --git a/bl2/bl2.ld.S b/bl2/bl2.ld.S
index 80cf7db..458a12b 100644
--- a/bl2/bl2.ld.S
+++ b/bl2/bl2.ld.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -15,28 +15,31 @@
RAM (rwx): ORIGIN = BL2_BASE, LENGTH = BL2_LIMIT - BL2_BASE
}
-
-SECTIONS
-{
+SECTIONS {
. = BL2_BASE;
+
ASSERT(. == ALIGN(PAGE_SIZE),
- "BL2_BASE address is not aligned on a page boundary.")
+ "BL2_BASE address is not aligned on a page boundary.")
#if SEPARATE_CODE_AND_RODATA
.text . : {
__TEXT_START__ = .;
+
#if ENABLE_RME
*bl2_rme_entrypoint.o(.text*)
#else /* ENABLE_RME */
*bl2_entrypoint.o(.text*)
#endif /* ENABLE_RME */
+
*(SORT_BY_ALIGNMENT(.text*))
*(.vectors)
+
. = ALIGN(PAGE_SIZE);
+
__TEXT_END__ = .;
} >RAM
- /* .ARM.extab and .ARM.exidx are only added because Clang need them */
+ /* .ARM.extab and .ARM.exidx are only added because Clang needs them */
.ARM.extab . : {
*(.ARM.extab* .gnu.linkonce.armextab.*)
} >RAM
@@ -47,39 +50,41 @@
.rodata . : {
__RODATA_START__ = .;
+
*(SORT_BY_ALIGNMENT(.rodata*))
- RODATA_COMMON
+ RODATA_COMMON
. = ALIGN(PAGE_SIZE);
+
__RODATA_END__ = .;
} >RAM
-#else
- ro . : {
+#else /* SEPARATE_CODE_AND_RODATA */
+ .ro . : {
__RO_START__ = .;
+
*bl2_entrypoint.o(.text*)
*(SORT_BY_ALIGNMENT(.text*))
*(SORT_BY_ALIGNMENT(.rodata*))
- RODATA_COMMON
+ RODATA_COMMON
*(.vectors)
+
__RO_END_UNALIGNED__ = .;
+
/*
- * Memory page(s) mapped to this section will be marked as
- * read-only, executable. No RW data from the next section must
- * creep in. Ensure the rest of the current memory page is unused.
+ * Memory page(s) mapped to this section will be marked as read-only,
+ * executable. No RW data from the next section must creep in. Ensure
+ * that the rest of the current memory page is unused.
*/
. = ALIGN(PAGE_SIZE);
+
__RO_END__ = .;
} >RAM
-#endif
+#endif /* SEPARATE_CODE_AND_RODATA */
- /*
- * Define a linker symbol to mark start of the RW memory area for this
- * image.
- */
- __RW_START__ = . ;
+ __RW_START__ = .;
DATA_SECTION >RAM
STACK_SECTION >RAM
@@ -88,29 +93,27 @@
#if USE_COHERENT_MEM
/*
- * The base address of the coherent memory section must be page-aligned (4K)
- * to guarantee that the coherent data are stored on their own pages and
- * are not mixed with normal data. This is required to set up the correct
+ * The base address of the coherent memory section must be page-aligned to
+ * guarantee that the coherent data are stored on their own pages and are
+ * not mixed with normal data. This is required to set up the correct
* memory attributes for the coherent data page tables.
*/
- coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) {
+ .coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) {
__COHERENT_RAM_START__ = .;
- *(tzfw_coherent_mem)
+ *(.tzfw_coherent_mem)
__COHERENT_RAM_END_UNALIGNED__ = .;
+
/*
- * Memory page(s) mapped to this section will be marked
- * as device memory. No other unexpected data must creep in.
- * Ensure the rest of the current memory page is unused.
+ * Memory page(s) mapped to this section will be marked as device
+ * memory. No other unexpected data must creep in. Ensure the rest of
+ * the current memory page is unused.
*/
. = ALIGN(PAGE_SIZE);
+
__COHERENT_RAM_END__ = .;
} >RAM
-#endif
+#endif /* USE_COHERENT_MEM */
- /*
- * Define a linker symbol to mark end of the RW memory area for this
- * image.
- */
__RW_END__ = .;
__BL2_END__ = .;
@@ -119,7 +122,7 @@
#if USE_COHERENT_MEM
__COHERENT_RAM_UNALIGNED_SIZE__ =
__COHERENT_RAM_END_UNALIGNED__ - __COHERENT_RAM_START__;
-#endif
+#endif /* USE_COHERENT_MEM */
ASSERT(. <= BL2_LIMIT, "BL2 image has exceeded its limit.")
}
diff --git a/bl2/bl2.mk b/bl2/bl2.mk
index 7a973e5..778e2c3 100644
--- a/bl2/bl2.mk
+++ b/bl2/bl2.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -23,12 +23,12 @@
bl2/${ARCH}/bl2_el3_exceptions.S \
bl2/${ARCH}/bl2_run_next_image.S \
${GPT_LIB_SRCS}
-BL2_LINKERFILE := bl2/bl2.ld.S
+BL2_DEFAULT_LINKER_SCRIPT_SOURCE := bl2/bl2.ld.S
-else ifeq (${BL2_AT_EL3},0)
+else ifeq (${RESET_TO_BL2},0)
# Normal operation, no RME, no BL2 at EL3
BL2_SOURCES += bl2/${ARCH}/bl2_entrypoint.S
-BL2_LINKERFILE := bl2/bl2.ld.S
+BL2_DEFAULT_LINKER_SCRIPT_SOURCE := bl2/bl2.ld.S
else
# BL2 at EL3, no RME
@@ -46,5 +46,5 @@
BL2_SOURCES += lib/cpus/aarch64/dsu_helpers.S
endif
-BL2_LINKERFILE := bl2/bl2_el3.ld.S
+BL2_DEFAULT_LINKER_SCRIPT_SOURCE := bl2/bl2_el3.ld.S
endif
diff --git a/bl2/bl2_el3.ld.S b/bl2/bl2_el3.ld.S
index c95706c..aa457fa 100644
--- a/bl2/bl2_el3.ld.S
+++ b/bl2/bl2_el3.ld.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -15,140 +15,158 @@
#if BL2_IN_XIP_MEM
ROM (rx): ORIGIN = BL2_RO_BASE, LENGTH = BL2_RO_LIMIT - BL2_RO_BASE
RAM (rwx): ORIGIN = BL2_RW_BASE, LENGTH = BL2_RW_LIMIT - BL2_RW_BASE
-#else
+#else /* BL2_IN_XIP_MEM */
RAM (rwx): ORIGIN = BL2_BASE, LENGTH = BL2_LIMIT - BL2_BASE
-#endif
+#endif /* BL2_IN_XIP_MEM */
+
#if SEPARATE_BL2_NOLOAD_REGION
RAM_NOLOAD (rw!a): ORIGIN = BL2_NOLOAD_START, LENGTH = BL2_NOLOAD_LIMIT - BL2_NOLOAD_START
-#else
-#define RAM_NOLOAD RAM
-#endif
+#else /* SEPARATE_BL2_NOLOAD_REGION */
+# define RAM_NOLOAD RAM
+#endif /* SEPARATE_BL2_NOLOAD_REGION */
}
#if !BL2_IN_XIP_MEM
-#define ROM RAM
-#endif
+# define ROM RAM
+#endif /* !BL2_IN_XIP_MEM */
-SECTIONS
-{
+SECTIONS {
#if BL2_IN_XIP_MEM
. = BL2_RO_BASE;
+
ASSERT(. == ALIGN(PAGE_SIZE),
- "BL2_RO_BASE address is not aligned on a page boundary.")
-#else
+ "BL2_RO_BASE address is not aligned on a page boundary.")
+#else /* BL2_IN_XIP_MEM */
. = BL2_BASE;
+
ASSERT(. == ALIGN(PAGE_SIZE),
- "BL2_BASE address is not aligned on a page boundary.")
-#endif
+ "BL2_BASE address is not aligned on a page boundary.")
+#endif /* BL2_IN_XIP_MEM */
#if SEPARATE_CODE_AND_RODATA
.text . : {
__TEXT_START__ = .;
- __TEXT_RESIDENT_START__ = .;
- *bl2_el3_entrypoint.o(.text*)
- *(.text.asm.*)
- __TEXT_RESIDENT_END__ = .;
+ __TEXT_RESIDENT_START__ = .;
+
+ *bl2_el3_entrypoint.o(.text*)
+ *(.text.asm.*)
+
+ __TEXT_RESIDENT_END__ = .;
+
*(SORT_BY_ALIGNMENT(.text*))
*(.vectors)
+
. = ALIGN(PAGE_SIZE);
+
__TEXT_END__ = .;
- } >ROM
+ } >ROM
.rodata . : {
__RODATA_START__ = .;
+
*(SORT_BY_ALIGNMENT(.rodata*))
- RODATA_COMMON
+ RODATA_COMMON
. = ALIGN(PAGE_SIZE);
+
__RODATA_END__ = .;
} >ROM
ASSERT(__TEXT_RESIDENT_END__ - __TEXT_RESIDENT_START__ <= PAGE_SIZE,
- "Resident part of BL2 has exceeded its limit.")
-#else
- ro . : {
+ "Resident part of BL2 has exceeded its limit.")
+#else /* SEPARATE_CODE_AND_RODATA */
+ .ro . : {
__RO_START__ = .;
- __TEXT_RESIDENT_START__ = .;
- *bl2_el3_entrypoint.o(.text*)
- *(.text.asm.*)
- __TEXT_RESIDENT_END__ = .;
+ __TEXT_RESIDENT_START__ = .;
+
+ *bl2_el3_entrypoint.o(.text*)
+ *(.text.asm.*)
+
+ __TEXT_RESIDENT_END__ = .;
+
*(SORT_BY_ALIGNMENT(.text*))
*(SORT_BY_ALIGNMENT(.rodata*))
- RODATA_COMMON
+ RODATA_COMMON
*(.vectors)
+
__RO_END_UNALIGNED__ = .;
+
/*
- * Memory page(s) mapped to this section will be marked as
- * read-only, executable. No RW data from the next section must
- * creep in. Ensure the rest of the current memory page is unused.
+ * Memory page(s) mapped to this section will be marked as read-only,
+ * executable. No RW data from the next section must creep in. Ensure
+ * that the rest of the current memory page is unused.
*/
. = ALIGN(PAGE_SIZE);
__RO_END__ = .;
} >ROM
-#endif
+#endif /* SEPARATE_CODE_AND_RODATA */
ASSERT(__CPU_OPS_END__ > __CPU_OPS_START__,
- "cpu_ops not defined for this platform.")
+ "cpu_ops not defined for this platform.")
#if BL2_IN_XIP_MEM
. = BL2_RW_BASE;
+
ASSERT(BL2_RW_BASE == ALIGN(PAGE_SIZE),
"BL2_RW_BASE address is not aligned on a page boundary.")
-#endif
+#endif /* BL2_IN_XIP_MEM */
- /*
- * Define a linker symbol to mark start of the RW memory area for this
- * image.
- */
- __RW_START__ = . ;
+ __RW_START__ = .;
DATA_SECTION >RAM AT>ROM
+
__DATA_RAM_START__ = __DATA_START__;
__DATA_RAM_END__ = __DATA_END__;
RELA_SECTION >RAM
+
#if SEPARATE_BL2_NOLOAD_REGION
SAVED_ADDR = .;
+
. = BL2_NOLOAD_START;
+
__BL2_NOLOAD_START__ = .;
-#endif
+#endif /* SEPARATE_BL2_NOLOAD_REGION */
+
STACK_SECTION >RAM_NOLOAD
BSS_SECTION >RAM_NOLOAD
XLAT_TABLE_SECTION >RAM_NOLOAD
+
#if SEPARATE_BL2_NOLOAD_REGION
__BL2_NOLOAD_END__ = .;
+
. = SAVED_ADDR;
-#endif
+#endif /* SEPARATE_BL2_NOLOAD_REGION */
#if USE_COHERENT_MEM
/*
- * The base address of the coherent memory section must be page-aligned (4K)
- * to guarantee that the coherent data are stored on their own pages and
- * are not mixed with normal data. This is required to set up the correct
+ * The base address of the coherent memory section must be page-aligned to
+ * guarantee that the coherent data are stored on their own pages and are
+ * not mixed with normal data. This is required to set up the correct
* memory attributes for the coherent data page tables.
*/
- coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) {
+ .coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) {
__COHERENT_RAM_START__ = .;
- *(tzfw_coherent_mem)
+
+ *(.tzfw_coherent_mem)
+
__COHERENT_RAM_END_UNALIGNED__ = .;
+
/*
- * Memory page(s) mapped to this section will be marked
- * as device memory. No other unexpected data must creep in.
- * Ensure the rest of the current memory page is unused.
+ * Memory page(s) mapped to this section will be marked as device
+ * memory. No other unexpected data must creep in. Ensure the rest of
+ * the current memory page is unused.
*/
. = ALIGN(PAGE_SIZE);
+
__COHERENT_RAM_END__ = .;
} >RAM
-#endif
+#endif /* USE_COHERENT_MEM */
- /*
- * Define a linker symbol to mark end of the RW memory area for this
- * image.
- */
__RW_END__ = .;
__BL2_END__ = .;
@@ -165,23 +183,24 @@
/*
* The .data section is the last PROGBITS section so its end marks the end
- * of BL2's RO content in XIP memory..
+ * of BL2's RO content in XIP memory.
*/
__BL2_ROM_END__ = __DATA_ROM_START__ + __DATA_SIZE__;
+
ASSERT(__BL2_ROM_END__ <= BL2_RO_LIMIT,
"BL2's RO content has exceeded its limit.")
-#endif
- __BSS_SIZE__ = SIZEOF(.bss);
+#endif /* BL2_IN_XIP_MEM */
+ __BSS_SIZE__ = SIZEOF(.bss);
#if USE_COHERENT_MEM
__COHERENT_RAM_UNALIGNED_SIZE__ =
__COHERENT_RAM_END_UNALIGNED__ - __COHERENT_RAM_START__;
-#endif
+#endif /* USE_COHERENT_MEM */
#if BL2_IN_XIP_MEM
ASSERT(. <= BL2_RW_LIMIT, "BL2's RW content has exceeded its limit.")
-#else
+#else /* BL2_IN_XIP_MEM */
ASSERT(. <= BL2_LIMIT, "BL2 image has exceeded its limit.")
-#endif
+#endif /* BL2_IN_XIP_MEM */
}
diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c
index 5da8037..ce83692 100644
--- a/bl2/bl2_main.c
+++ b/bl2/bl2_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -27,9 +27,9 @@
#define NEXT_IMAGE "BL32"
#endif
-#if BL2_AT_EL3
+#if RESET_TO_BL2
/*******************************************************************************
- * Setup function for BL2 when BL2_AT_EL3=1
+ * Setup function for BL2 when RESET_TO_BL2=1
******************************************************************************/
void bl2_el3_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
u_register_t arg3)
@@ -48,9 +48,10 @@
assert(is_armv8_3_pauth_present());
#endif /* CTX_INCLUDE_PAUTH_REGS */
}
-#else /* BL2_AT_EL3 */
+#else /* RESET_TO_BL2 */
+
/*******************************************************************************
- * Setup function for BL2 when BL2_AT_EL3=0
+ * Setup function for BL2 when RESET_TO_BL2=0
******************************************************************************/
void bl2_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
u_register_t arg3)
@@ -69,7 +70,7 @@
assert(is_armv8_3_pauth_present());
#endif /* CTX_INCLUDE_PAUTH_REGS */
}
-#endif /* BL2_AT_EL3 */
+#endif /* RESET_TO_BL2 */
/*******************************************************************************
* The only thing to do in BL2 is to load further images and pass control to
@@ -107,7 +108,7 @@
/* Teardown the Measured Boot backend */
bl2_plat_mboot_finish();
-#if !BL2_AT_EL3 && !ENABLE_RME
+#if !BL2_RUNS_AT_EL3
#ifndef __aarch64__
/*
* For AArch32 state BL1 and BL2 share the MMU setup.
@@ -132,7 +133,8 @@
* be passed to next BL image as an argument.
*/
smc(BL1_SMC_RUN_IMAGE, (unsigned long)next_bl_ep_info, 0, 0, 0, 0, 0, 0);
-#else /* if BL2_AT_EL3 || ENABLE_RME */
+#else /* if BL2_RUNS_AT_EL3 */
+
NOTICE("BL2: Booting " NEXT_IMAGE "\n");
print_entry_point_info(next_bl_ep_info);
console_flush();
@@ -145,5 +147,5 @@
#endif /* ENABLE_PAUTH */
bl2_run_next_image(next_bl_ep_info);
-#endif /* BL2_AT_EL3 && ENABLE_RME */
+#endif /* BL2_RUNS_AT_EL3 */
}
diff --git a/bl2u/bl2u.ld.S b/bl2u/bl2u.ld.S
index a7752a4..52a925b 100644
--- a/bl2u/bl2u.ld.S
+++ b/bl2u/bl2u.ld.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -17,67 +17,69 @@
RAM (rwx): ORIGIN = BL2U_BASE, LENGTH = BL2U_LIMIT - BL2U_BASE
}
-
-SECTIONS
-{
+SECTIONS {
. = BL2U_BASE;
+
ASSERT(. == ALIGN(PAGE_SIZE),
- "BL2U_BASE address is not aligned on a page boundary.")
+ "BL2U_BASE address is not aligned on a page boundary.")
#if SEPARATE_CODE_AND_RODATA
.text . : {
__TEXT_START__ = .;
+
*bl2u_entrypoint.o(.text*)
*(SORT_BY_ALIGNMENT(.text*))
*(.vectors)
+
. = ALIGN(PAGE_SIZE);
+
__TEXT_END__ = .;
- } >RAM
+ } >RAM
- /* .ARM.extab and .ARM.exidx are only added because Clang need them */
- .ARM.extab . : {
+ /* .ARM.extab and .ARM.exidx are only added because Clang needs them */
+ .ARM.extab . : {
*(.ARM.extab* .gnu.linkonce.armextab.*)
- } >RAM
+ } >RAM
- .ARM.exidx . : {
+ .ARM.exidx . : {
*(.ARM.exidx* .gnu.linkonce.armexidx.*)
- } >RAM
+ } >RAM
.rodata . : {
__RODATA_START__ = .;
*(SORT_BY_ALIGNMENT(.rodata*))
- RODATA_COMMON
+ RODATA_COMMON
. = ALIGN(PAGE_SIZE);
__RODATA_END__ = .;
} >RAM
-#else
- ro . : {
+#else /* SEPARATE_CODE_AND_RODATA */
+ .ro . : {
__RO_START__ = .;
+
*bl2u_entrypoint.o(.text*)
*(SORT_BY_ALIGNMENT(.text*))
*(SORT_BY_ALIGNMENT(.rodata*))
- RODATA_COMMON
+ RODATA_COMMON
*(.vectors)
+
__RO_END_UNALIGNED__ = .;
+
/*
- * Memory page(s) mapped to this section will be marked as
- * read-only, executable. No RW data from the next section must
- * creep in. Ensure the rest of the current memory page is unused.
+ * Memory page(s) mapped to this section will be marked as read-only,
+ * executable. No RW data from the next section must creep in. Ensure
+ * that the rest of the current memory page is unused.
*/
. = ALIGN(PAGE_SIZE);
+
__RO_END__ = .;
} >RAM
-#endif
+#endif /* SEPARATE_CODE_AND_RODATA */
- /*
- * Define a linker symbol to mark start of the RW memory area for this
- * image.
- */
- __RW_START__ = . ;
+ __RW_START__ = .;
DATA_SECTION >RAM
STACK_SECTION >RAM
@@ -86,29 +88,27 @@
#if USE_COHERENT_MEM
/*
- * The base address of the coherent memory section must be page-aligned (4K)
- * to guarantee that the coherent data are stored on their own pages and
- * are not mixed with normal data. This is required to set up the correct
+ * The base address of the coherent memory section must be page-aligned to
+ * guarantee that the coherent data are stored on their own pages and are
+ * not mixed with normal data. This is required to set up the correct
* memory attributes for the coherent data page tables.
*/
- coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) {
+ .coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) {
__COHERENT_RAM_START__ = .;
- *(tzfw_coherent_mem)
+ *(.tzfw_coherent_mem)
__COHERENT_RAM_END_UNALIGNED__ = .;
+
/*
- * Memory page(s) mapped to this section will be marked
- * as device memory. No other unexpected data must creep in.
- * Ensure the rest of the current memory page is unused.
+ * Memory page(s) mapped to this section will be marked as device
+ * memory. No other unexpected data must creep in. Ensure the rest of
+ * the current memory page is unused.
*/
. = ALIGN(PAGE_SIZE);
+
__COHERENT_RAM_END__ = .;
} >RAM
-#endif
+#endif /* USE_COHERENT_MEM */
- /*
- * Define a linker symbol to mark end of the RW memory area for this
- * image.
- */
__RW_END__ = .;
__BL2U_END__ = .;
diff --git a/bl2u/bl2u.mk b/bl2u/bl2u.mk
index b4d7634..9f29bde 100644
--- a/bl2u/bl2u.mk
+++ b/bl2u/bl2u.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -12,4 +12,4 @@
BL2U_SOURCES += common/aarch64/early_exceptions.S
endif
-BL2U_LINKERFILE := bl2u/bl2u.ld.S
+BL2U_DEFAULT_LINKER_SCRIPT_SOURCE := bl2u/bl2u.ld.S
diff --git a/bl31/aarch64/crash_reporting.S b/bl31/aarch64/crash_reporting.S
index d56b513..4cec110 100644
--- a/bl31/aarch64/crash_reporting.S
+++ b/bl31/aarch64/crash_reporting.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -15,8 +15,8 @@
.globl report_unhandled_exception
.globl report_unhandled_interrupt
- .globl el3_panic
- .globl elx_panic
+ .globl report_el3_panic
+ .globl report_elx_panic
#if CRASH_REPORTING
@@ -64,7 +64,7 @@
x30_msg:
.asciz "x30"
excpt_msg_el:
- .asciz "Unhandled Exception from EL"
+ .asciz "Unhandled Exception from lower EL.\n"
/*
* Helper function to print from crash buf.
@@ -194,28 +194,20 @@
/* -----------------------------------------------------
* This function allows to report a crash from the lower
* exception level (if crash reporting is enabled) when
- * panic() is invoked from C Runtime.
+ * lower_el_panic() is invoked from C Runtime.
* It prints the CPU state via the crash console making
* use of 'cpu_context' structure where general purpose
* registers are saved and the crash buf.
* This function will not return.
- *
- * x0: Exception level
* -----------------------------------------------------
*/
-func elx_panic
+func report_elx_panic
msr spsel, #MODE_SP_ELX
- mov x8, x0
/* Print the crash message */
adr x4, excpt_msg_el
bl asm_print_str
- /* Print exception level */
- add x0, x8, #'0'
- bl plat_crash_console_putc
- bl asm_print_newline
-
/* Report x0 - x29 values stored in 'gpregs_ctx' structure */
/* Store the ascii list pointer in x6 */
adr x6, gp_regs
@@ -295,7 +287,7 @@
mrs x2, sctlr_el1
mrs x1, tcr_el1
b test_pauth
-endfunc elx_panic
+endfunc report_elx_panic
/* -----------------------------------------------------
* This function allows to report a crash (if crash
@@ -305,7 +297,7 @@
* will not return.
* -----------------------------------------------------
*/
-func el3_panic
+func report_el3_panic
msr spsel, #MODE_SP_ELX
prepare_crash_buf_save_x0_x1
adr x0, panic_msg
@@ -463,7 +455,7 @@
/* Done reporting */
no_ret plat_panic_handler
-endfunc el3_panic
+endfunc report_el3_panic
#else /* CRASH_REPORTING */
func report_unhandled_exception
diff --git a/bl31/aarch64/ea_delegate.S b/bl31/aarch64/ea_delegate.S
index dbb3234..9419476 100644
--- a/bl31/aarch64/ea_delegate.S
+++ b/bl31/aarch64/ea_delegate.S
@@ -16,9 +16,8 @@
#include <context.h>
.globl handle_lower_el_ea_esb
- .globl handle_lower_el_async_ea
- .globl enter_lower_el_sync_ea
- .globl enter_lower_el_async_ea
+ .globl handle_lower_el_sync_ea
+ .globl handle_lower_el_async_ea
/*
@@ -42,17 +41,12 @@
* Implementation Defined Exceptions. If any other kind of exception is detected,
* then this function reports unhandled exception.
*
- * Since it's part of exception vector, this function doesn't expect any GP
- * registers to have been saved. It delegates the handling of the EA to platform
- * handler, and upon successfully handling the EA, exits EL3; otherwise panics.
+ * It delegates the handling of the EA to platform handler, and upon successfully
+ * handling the EA, exits EL3; otherwise panics.
+ *
+ * This function assumes x30 has been saved.
*/
-func enter_lower_el_sync_ea
- /*
- * Explicitly save x30 so as to free up a register and to enable
- * branching.
- */
- str x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
-
+func handle_lower_el_sync_ea
mrs x30, esr_el3
ubfx x30, x30, #ESR_EC_SHIFT, #ESR_EC_LENGTH
@@ -114,24 +108,19 @@
/* Synchronous exceptions other than the above are assumed to be EA */
ldr x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
no_ret report_unhandled_exception
-endfunc enter_lower_el_sync_ea
+endfunc handle_lower_el_sync_ea
/*
* This function handles SErrors from lower ELs.
*
- * Since it's part of exception vector, this function doesn't expect any GP
- * registers to have been saved. It delegates the handling of the EA to platform
- * handler, and upon successfully handling the EA, exits EL3; otherwise panics.
+ * It delegates the handling of the EA to platform handler, and upon successfully
+ * handling the EA, exits EL3; otherwise panics.
+ *
+ * This function assumes x30 has been saved.
*/
-func enter_lower_el_async_ea
- /*
- * Explicitly save x30 so as to free up a register and to enable
- * branching
- */
- str x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
+func handle_lower_el_async_ea
-handle_lower_el_async_ea:
/*
* Save general purpose and ARMv8.3-PAuth registers (if enabled).
* If Secure Cycle Counter is not disabled in MDCR_EL3 when
@@ -153,7 +142,7 @@
/* el3_exit assumes SP_EL0 on entry */
msr spsel, #MODE_SP_EL0
b el3_exit
-endfunc enter_lower_el_async_ea
+endfunc handle_lower_el_async_ea
/*
@@ -201,7 +190,7 @@
*/
ubfx x2, x1, #ESR_EC_SHIFT, #ESR_EC_LENGTH
cmp x2, EC_SERROR
- b.ne do_panic
+ b.ne el3_panic
/*
* Check for Implementation Defined Syndrome. If so, skip checking
* Uncontainable error type from the syndrome as the format is unknown.
diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S
index 0c60859..500e87b 100644
--- a/bl31/aarch64/runtime_exceptions.S
+++ b/bl31/aarch64/runtime_exceptions.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -40,6 +40,14 @@
.globl serror_aarch32
/*
+ * Save LR and make x30 available as most of the routines in vector entry
+ * need a free register
+ */
+ .macro save_x30
+ str x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
+ .endm
+
+ /*
* Macro that prepares entry to EL3 upon taking an exception.
*
* With RAS_EXTENSION, this macro synchronizes pending errors with an ESB
@@ -58,12 +66,6 @@
/* Unmask the SError interrupt */
msr daifclr, #DAIF_ABT_BIT
- /*
- * Explicitly save x30 so as to free up a register and to enable
- * branching
- */
- str x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
-
/* Check for SErrors synchronized by the ESB instruction */
mrs x30, DISR_EL1
tbz x30, #DISR_A_BIT, 1f
@@ -108,11 +110,7 @@
/* Use ISB for the above unmask operation to take effect immediately */
isb
- /*
- * Refer Note 1.
- * No need to restore X30 as macros following this modify x30 anyway.
- */
- str x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
+ /* Refer Note 1. */
mov x30, #1
str x30, [sp, #CTX_EL3STATE_OFFSET + CTX_IS_IN_EL3]
dmb sy
@@ -153,7 +151,7 @@
/* Synchronous exceptions other than the above are assumed to be EA */
ldr x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
- b enter_lower_el_sync_ea
+ b handle_lower_el_sync_ea
.endm
@@ -316,7 +314,7 @@
* triggered due to explicit synchronization in EL3. Refer Note 1.
*/
/* Assumes SP_EL3 on entry */
- str x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
+ save_x30
ldr x30, [sp, #CTX_EL3STATE_OFFSET + CTX_IS_IN_EL3]
cbnz x30, 1f
@@ -338,32 +336,36 @@
* to a valid cpu context where the general purpose and system register
* state can be saved.
*/
+ save_x30
apply_at_speculative_wa
check_and_unmask_ea
handle_sync_exception
end_vector_entry sync_exception_aarch64
vector_entry irq_aarch64
+ save_x30
apply_at_speculative_wa
check_and_unmask_ea
handle_interrupt_exception irq_aarch64
end_vector_entry irq_aarch64
vector_entry fiq_aarch64
+ save_x30
apply_at_speculative_wa
check_and_unmask_ea
handle_interrupt_exception fiq_aarch64
end_vector_entry fiq_aarch64
vector_entry serror_aarch64
+ save_x30
apply_at_speculative_wa
#if RAS_EXTENSION
msr daifclr, #DAIF_ABT_BIT
- b enter_lower_el_async_ea
#else
check_and_unmask_ea
- b handle_lower_el_async_ea
#endif
+ b handle_lower_el_async_ea
+
end_vector_entry serror_aarch64
/* ---------------------------------------------------------------------
@@ -377,32 +379,36 @@
* to a valid cpu context where the general purpose and system register
* state can be saved.
*/
+ save_x30
apply_at_speculative_wa
check_and_unmask_ea
handle_sync_exception
end_vector_entry sync_exception_aarch32
vector_entry irq_aarch32
+ save_x30
apply_at_speculative_wa
check_and_unmask_ea
handle_interrupt_exception irq_aarch32
end_vector_entry irq_aarch32
vector_entry fiq_aarch32
+ save_x30
apply_at_speculative_wa
check_and_unmask_ea
handle_interrupt_exception fiq_aarch32
end_vector_entry fiq_aarch32
vector_entry serror_aarch32
+ save_x30
apply_at_speculative_wa
#if RAS_EXTENSION
msr daifclr, #DAIF_ABT_BIT
- b enter_lower_el_async_ea
#else
check_and_unmask_ea
- b handle_lower_el_async_ea
#endif
+ b handle_lower_el_async_ea
+
end_vector_entry serror_aarch32
#ifdef MONITOR_TRAPS
@@ -563,7 +569,7 @@
*/
tst w0, w0
- b.mi do_panic /* negative return value: panic */
+ b.mi elx_panic /* negative return value: panic */
b.eq 1f /* zero: do not change ELR_EL3 */
/* advance the PC to continue after the instruction */
diff --git a/bl31/bl31.ld.S b/bl31/bl31.ld.S
index 309e752..c829058 100644
--- a/bl31/bl31.ld.S
+++ b/bl31/bl31.ld.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -11,137 +11,145 @@
OUTPUT_ARCH(PLATFORM_LINKER_ARCH)
ENTRY(bl31_entrypoint)
-
MEMORY {
RAM (rwx): ORIGIN = BL31_BASE, LENGTH = BL31_LIMIT - BL31_BASE
+
#if SEPARATE_NOBITS_REGION
NOBITS (rw!a): ORIGIN = BL31_NOBITS_BASE, LENGTH = BL31_NOBITS_LIMIT - BL31_NOBITS_BASE
-#else
-#define NOBITS RAM
-#endif
+#else /* SEPARATE_NOBITS_REGION */
+# define NOBITS RAM
+#endif /* SEPARATE_NOBITS_REGION */
}
#ifdef PLAT_EXTRA_LD_SCRIPT
-#include <plat.ld.S>
-#endif
+# include <plat.ld.S>
+#endif /* PLAT_EXTRA_LD_SCRIPT */
-SECTIONS
-{
+SECTIONS {
. = BL31_BASE;
+
ASSERT(. == ALIGN(PAGE_SIZE),
- "BL31_BASE address is not aligned on a page boundary.")
+ "BL31_BASE address is not aligned on a page boundary.")
__BL31_START__ = .;
#if SEPARATE_CODE_AND_RODATA
.text . : {
__TEXT_START__ = .;
+
*bl31_entrypoint.o(.text*)
*(SORT_BY_ALIGNMENT(SORT(.text*)))
*(.vectors)
+
. = ALIGN(PAGE_SIZE);
+
__TEXT_END__ = .;
} >RAM
.rodata . : {
__RODATA_START__ = .;
+
*(SORT_BY_ALIGNMENT(.rodata*))
-#if PLAT_EXTRA_RODATA_INCLUDES
-#include <plat.ld.rodata.inc>
-#endif
+# if PLAT_EXTRA_RODATA_INCLUDES
+# include <plat.ld.rodata.inc>
+# endif /* PLAT_EXTRA_RODATA_INCLUDES */
- RODATA_COMMON
+ RODATA_COMMON
- /* Place pubsub sections for events */
. = ALIGN(8);
-#include <lib/el3_runtime/pubsub_events.h>
+
+# include <lib/el3_runtime/pubsub_events.h>
. = ALIGN(PAGE_SIZE);
+
__RODATA_END__ = .;
} >RAM
-#else
- ro . : {
+#else /* SEPARATE_CODE_AND_RODATA */
+ .ro . : {
__RO_START__ = .;
+
*bl31_entrypoint.o(.text*)
*(SORT_BY_ALIGNMENT(.text*))
*(SORT_BY_ALIGNMENT(.rodata*))
- RODATA_COMMON
+ RODATA_COMMON
- /* Place pubsub sections for events */
. = ALIGN(8);
-#include <lib/el3_runtime/pubsub_events.h>
+
+# include <lib/el3_runtime/pubsub_events.h>
*(.vectors)
+
__RO_END_UNALIGNED__ = .;
+
/*
* Memory page(s) mapped to this section will be marked as read-only,
- * executable. No RW data from the next section must creep in.
- * Ensure the rest of the current memory page is unused.
+ * executable. No RW data from the next section must creep in. Ensure
+ * that the rest of the current memory page is unused.
*/
. = ALIGN(PAGE_SIZE);
+
__RO_END__ = .;
} >RAM
-#endif
+#endif /* SEPARATE_CODE_AND_RODATA */
ASSERT(__CPU_OPS_END__ > __CPU_OPS_START__,
- "cpu_ops not defined for this platform.")
+ "cpu_ops not defined for this platform.")
#if SPM_MM
-#ifndef SPM_SHIM_EXCEPTIONS_VMA
-#define SPM_SHIM_EXCEPTIONS_VMA RAM
-#endif
+# ifndef SPM_SHIM_EXCEPTIONS_VMA
+# define SPM_SHIM_EXCEPTIONS_VMA RAM
+# endif /* SPM_SHIM_EXCEPTIONS_VMA */
/*
* Exception vectors of the SPM shim layer. They must be aligned to a 2K
- * address, but we need to place them in a separate page so that we can set
- * individual permissions to them, so the actual alignment needed is 4K.
+ * address but we need to place them in a separate page so that we can set
+ * individual permissions on them, so the actual alignment needed is the
+ * page size.
*
* There's no need to include this into the RO section of BL31 because it
* doesn't need to be accessed by BL31.
*/
- spm_shim_exceptions : ALIGN(PAGE_SIZE) {
+ .spm_shim_exceptions : ALIGN(PAGE_SIZE) {
__SPM_SHIM_EXCEPTIONS_START__ = .;
+
*(.spm_shim_exceptions)
+
. = ALIGN(PAGE_SIZE);
+
__SPM_SHIM_EXCEPTIONS_END__ = .;
} >SPM_SHIM_EXCEPTIONS_VMA AT>RAM
- PROVIDE(__SPM_SHIM_EXCEPTIONS_LMA__ = LOADADDR(spm_shim_exceptions));
- . = LOADADDR(spm_shim_exceptions) + SIZEOF(spm_shim_exceptions);
-#endif
+ PROVIDE(__SPM_SHIM_EXCEPTIONS_LMA__ = LOADADDR(.spm_shim_exceptions));
- /*
- * Define a linker symbol to mark start of the RW memory area for this
- * image.
- */
- __RW_START__ = . ;
+ . = LOADADDR(.spm_shim_exceptions) + SIZEOF(.spm_shim_exceptions);
+#endif /* SPM_MM */
+
+ __RW_START__ = .;
DATA_SECTION >RAM
RELA_SECTION >RAM
#ifdef BL31_PROGBITS_LIMIT
ASSERT(. <= BL31_PROGBITS_LIMIT, "BL31 progbits has exceeded its limit.")
-#endif
+#endif /* BL31_PROGBITS_LIMIT */
#if SEPARATE_NOBITS_REGION
- /*
- * Define a linker symbol to mark end of the RW memory area for this
- * image.
- */
. = ALIGN(PAGE_SIZE);
+
__RW_END__ = .;
__BL31_END__ = .;
ASSERT(. <= BL31_LIMIT, "BL31 image has exceeded its limit.")
. = BL31_NOBITS_BASE;
+
ASSERT(. == ALIGN(PAGE_SIZE),
- "BL31 NOBITS base address is not aligned on a page boundary.")
+ "BL31 NOBITS base address is not aligned on a page boundary.")
__NOBITS_START__ = .;
-#endif
+#endif /* SEPARATE_NOBITS_REGION */
STACK_SECTION >NOBITS
BSS_SECTION >NOBITS
@@ -149,49 +157,44 @@
#if USE_COHERENT_MEM
/*
- * The base address of the coherent memory section must be page-aligned (4K)
- * to guarantee that the coherent data are stored on their own pages and
- * are not mixed with normal data. This is required to set up the correct
+ * The base address of the coherent memory section must be page-aligned to
+ * guarantee that the coherent data are stored on their own pages and are
+ * not mixed with normal data. This is required to set up the correct
* memory attributes for the coherent data page tables.
*/
- coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) {
+ .coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) {
__COHERENT_RAM_START__ = .;
+
/*
- * Bakery locks are stored in coherent memory
- *
- * Each lock's data is contiguous and fully allocated by the compiler
+ * Bakery locks are stored in coherent memory. Each lock's data is
+ * contiguous and fully allocated by the compiler.
*/
- *(bakery_lock)
- *(tzfw_coherent_mem)
+ *(.bakery_lock)
+ *(.tzfw_coherent_mem)
+
__COHERENT_RAM_END_UNALIGNED__ = .;
+
/*
- * Memory page(s) mapped to this section will be marked
- * as device memory. No other unexpected data must creep in.
- * Ensure the rest of the current memory page is unused.
+ * Memory page(s) mapped to this section will be marked as device
+ * memory. No other unexpected data must creep in. Ensure the rest of
+ * the current memory page is unused.
*/
. = ALIGN(PAGE_SIZE);
+
__COHERENT_RAM_END__ = .;
} >NOBITS
-#endif
+#endif /* USE_COHERENT_MEM */
#if SEPARATE_NOBITS_REGION
- /*
- * Define a linker symbol to mark end of the NOBITS memory area for this
- * image.
- */
__NOBITS_END__ = .;
ASSERT(. <= BL31_NOBITS_LIMIT, "BL31 NOBITS region has exceeded its limit.")
-#else
- /*
- * Define a linker symbol to mark end of the RW memory area for this
- * image.
- */
+#else /* SEPARATE_NOBITS_REGION */
__RW_END__ = .;
__BL31_END__ = .;
ASSERT(. <= BL31_LIMIT, "BL31 image has exceeded its limit.")
-#endif
+#endif /* SEPARATE_NOBITS_REGION */
/DISCARD/ : {
*(.dynsym .dynstr .hash .gnu.hash)
diff --git a/bl31/bl31.mk b/bl31/bl31.mk
index ac15f9f..e9590d5 100644
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -112,11 +112,11 @@
BL31_SOURCES += lib/extensions/mpam/mpam.c
endif
-ifeq (${ENABLE_TRBE_FOR_NS},1)
+ifneq (${ENABLE_TRBE_FOR_NS},0)
BL31_SOURCES += lib/extensions/trbe/trbe.c
endif
-ifeq (${ENABLE_BRBE_FOR_NS},1)
+ifneq (${ENABLE_BRBE_FOR_NS},0)
BL31_SOURCES += lib/extensions/brbe/brbe.c
endif
@@ -124,7 +124,7 @@
BL31_SOURCES += lib/extensions/sys_reg_trace/aarch64/sys_reg_trace.c
endif
-ifeq (${ENABLE_TRF_FOR_NS},1)
+ifneq (${ENABLE_TRF_FOR_NS},0)
BL31_SOURCES += lib/extensions/trf/aarch64/trf.c
endif
@@ -157,7 +157,7 @@
${MBEDTLS_SOURCES}
endif
-BL31_LINKERFILE := bl31/bl31.ld.S
+BL31_DEFAULT_LINKER_SCRIPT_SOURCE := bl31/bl31.ld.S
# Flag used to indicate if Crash reporting via console should be included
# in BL31. This defaults to being present in DEBUG builds only
diff --git a/bl32/sp_min/sp_min.ld.S b/bl32/sp_min/sp_min.ld.S
index 475affa..1695e1e 100644
--- a/bl32/sp_min/sp_min.ld.S
+++ b/bl32/sp_min/sp_min.ld.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -16,130 +16,132 @@
}
#ifdef PLAT_SP_MIN_EXTRA_LD_SCRIPT
-#include <plat_sp_min.ld.S>
-#endif
+# include <plat_sp_min.ld.S>
+#endif /* PLAT_SP_MIN_EXTRA_LD_SCRIPT */
-SECTIONS
-{
+SECTIONS {
. = BL32_BASE;
+
ASSERT(. == ALIGN(PAGE_SIZE),
- "BL32_BASE address is not aligned on a page boundary.")
+ "BL32_BASE address is not aligned on a page boundary.")
#if SEPARATE_CODE_AND_RODATA
.text . : {
__TEXT_START__ = .;
+
*entrypoint.o(.text*)
*(SORT_BY_ALIGNMENT(.text*))
*(.vectors)
+
. = ALIGN(PAGE_SIZE);
+
__TEXT_END__ = .;
} >RAM
- /* .ARM.extab and .ARM.exidx are only added because Clang need them */
- .ARM.extab . : {
+ /* .ARM.extab and .ARM.exidx are only added because Clang needs them */
+ .ARM.extab . : {
*(.ARM.extab* .gnu.linkonce.armextab.*)
- } >RAM
+ } >RAM
- .ARM.exidx . : {
+ .ARM.exidx . : {
*(.ARM.exidx* .gnu.linkonce.armexidx.*)
- } >RAM
+ } >RAM
.rodata . : {
__RODATA_START__ = .;
*(SORT_BY_ALIGNMENT(.rodata*))
- RODATA_COMMON
+ RODATA_COMMON
- /* Place pubsub sections for events */
. = ALIGN(8);
-#include <lib/el3_runtime/pubsub_events.h>
+
+# include <lib/el3_runtime/pubsub_events.h>
. = ALIGN(PAGE_SIZE);
+
__RODATA_END__ = .;
} >RAM
-#else
- ro . : {
+#else /* SEPARATE_CODE_AND_RODATA */
+ .ro . : {
__RO_START__ = .;
+
*entrypoint.o(.text*)
*(SORT_BY_ALIGNMENT(.text*))
*(SORT_BY_ALIGNMENT(.rodata*))
- RODATA_COMMON
+ RODATA_COMMON
- /* Place pubsub sections for events */
. = ALIGN(8);
-#include <lib/el3_runtime/pubsub_events.h>
+
+# include <lib/el3_runtime/pubsub_events.h>
*(.vectors)
+
__RO_END_UNALIGNED__ = .;
/*
- * Memory page(s) mapped to this section will be marked as
- * read-only, executable. No RW data from the next section must
- * creep in. Ensure the rest of the current memory page is unused.
+ * Memory page(s) mapped to this section will be marked as device
+ * memory. No other unexpected data must creep in. Ensure that the rest
+ * of the current memory page is unused.
*/
. = ALIGN(PAGE_SIZE);
+
__RO_END__ = .;
} >RAM
-#endif
+#endif /* SEPARATE_CODE_AND_RODATA */
ASSERT(__CPU_OPS_END__ > __CPU_OPS_START__,
- "cpu_ops not defined for this platform.")
- /*
- * Define a linker symbol to mark start of the RW memory area for this
- * image.
- */
- __RW_START__ = . ;
+ "cpu_ops not defined for this platform.")
+
+ __RW_START__ = .;
DATA_SECTION >RAM
RELA_SECTION >RAM
#ifdef BL32_PROGBITS_LIMIT
ASSERT(. <= BL32_PROGBITS_LIMIT, "BL32 progbits has exceeded its limit.")
-#endif
+#endif /* BL32_PROGBITS_LIMIT */
STACK_SECTION >RAM
BSS_SECTION >RAM
XLAT_TABLE_SECTION >RAM
- __BSS_SIZE__ = SIZEOF(.bss);
+ __BSS_SIZE__ = SIZEOF(.bss);
#if USE_COHERENT_MEM
/*
- * The base address of the coherent memory section must be page-aligned (4K)
- * to guarantee that the coherent data are stored on their own pages and
- * are not mixed with normal data. This is required to set up the correct
+ * The base address of the coherent memory section must be page-aligned to
+ * guarantee that the coherent data are stored on their own pages and are
+ * not mixed with normal data. This is required to set up the correct
* memory attributes for the coherent data page tables.
*/
- coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) {
+ .coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) {
__COHERENT_RAM_START__ = .;
+
/*
- * Bakery locks are stored in coherent memory
- *
- * Each lock's data is contiguous and fully allocated by the compiler
+ * Bakery locks are stored in coherent memory. Each lock's data is
+ * contiguous and fully allocated by the compiler.
*/
- *(bakery_lock)
- *(tzfw_coherent_mem)
+ *(.bakery_lock)
+ *(.tzfw_coherent_mem)
+
__COHERENT_RAM_END_UNALIGNED__ = .;
+
/*
- * Memory page(s) mapped to this section will be marked
- * as device memory. No other unexpected data must creep in.
- * Ensure the rest of the current memory page is unused.
+ * Memory page(s) mapped to this section will be marked as device
+ * memory. No other unexpected data must creep in. Ensure that the rest
+ * of the current memory page is unused.
*/
. = ALIGN(PAGE_SIZE);
+
__COHERENT_RAM_END__ = .;
} >RAM
__COHERENT_RAM_UNALIGNED_SIZE__ =
__COHERENT_RAM_END_UNALIGNED__ - __COHERENT_RAM_START__;
-#endif
+#endif /* USE_COHERENT_MEM */
- /*
- * Define a linker symbol to mark the end of the RW memory area for this
- * image.
- */
__RW_END__ = .;
-
__BL32_END__ = .;
/DISCARD/ : {
diff --git a/bl32/sp_min/sp_min.mk b/bl32/sp_min/sp_min.mk
index ab1287d..2a6612a 100644
--- a/bl32/sp_min/sp_min.mk
+++ b/bl32/sp_min/sp_min.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2016-2022, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2016-2023, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -50,11 +50,11 @@
BL32_SOURCES += lib/extensions/sys_reg_trace/aarch32/sys_reg_trace.c
endif
-ifeq (${ENABLE_TRF_FOR_NS},1)
+ifneq (${ENABLE_TRF_FOR_NS},0)
BL32_SOURCES += lib/extensions/trf/aarch32/trf.c
endif
-BL32_LINKERFILE := bl32/sp_min/sp_min.ld.S
+BL32_DEFAULT_LINKER_SCRIPT_SOURCE := bl32/sp_min/sp_min.ld.S
# Include the platform-specific SP_MIN Makefile
# If no platform-specific SP_MIN Makefile exists, it means SP_MIN is not supported
diff --git a/bl32/tsp/tsp.ld.S b/bl32/tsp/tsp.ld.S
index d86ae55..a6658dd 100644
--- a/bl32/tsp/tsp.ld.S
+++ b/bl32/tsp/tsp.ld.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -11,71 +11,73 @@
OUTPUT_ARCH(PLATFORM_LINKER_ARCH)
ENTRY(tsp_entrypoint)
-
MEMORY {
RAM (rwx): ORIGIN = TSP_SEC_MEM_BASE, LENGTH = TSP_SEC_MEM_SIZE
}
-
-SECTIONS
-{
+SECTIONS {
. = BL32_BASE;
+
ASSERT(. == ALIGN(PAGE_SIZE),
- "BL32_BASE address is not aligned on a page boundary.")
+ "BL32_BASE address is not aligned on a page boundary.")
#if SEPARATE_CODE_AND_RODATA
.text . : {
__TEXT_START__ = .;
+
*tsp_entrypoint.o(.text*)
*(.text*)
*(.vectors)
+
. = ALIGN(PAGE_SIZE);
+
__TEXT_END__ = .;
} >RAM
.rodata . : {
__RODATA_START__ = .;
+
*(.rodata*)
- RODATA_COMMON
+ RODATA_COMMON
. = ALIGN(PAGE_SIZE);
+
__RODATA_END__ = .;
} >RAM
-#else
- ro . : {
+#else /* SEPARATE_CODE_AND_RODATA */
+ .ro . : {
__RO_START__ = .;
+
*tsp_entrypoint.o(.text*)
*(.text*)
*(.rodata*)
- RODATA_COMMON
+ RODATA_COMMON
*(.vectors)
__RO_END_UNALIGNED__ = .;
+
/*
- * Memory page(s) mapped to this section will be marked as
- * read-only, executable. No RW data from the next section must
- * creep in. Ensure the rest of the current memory page is unused.
+ * Memory page(s) mapped to this section will be marked as read-only,
+ * executable. No RW data from the next section must creep in. Ensure
+ * that the rest of the current memory page is unused.
*/
. = ALIGN(PAGE_SIZE);
+
__RO_END__ = .;
} >RAM
-#endif
+#endif /* SEPARATE_CODE_AND_RODATA */
- /*
- * Define a linker symbol to mark start of the RW memory area for this
- * image.
- */
- __RW_START__ = . ;
+ __RW_START__ = .;
DATA_SECTION >RAM
RELA_SECTION >RAM
#ifdef TSP_PROGBITS_LIMIT
ASSERT(. <= TSP_PROGBITS_LIMIT, "TSP progbits has exceeded its limit.")
-#endif
+#endif /* TSP_PROGBITS_LIMIT */
STACK_SECTION >RAM
BSS_SECTION >RAM
@@ -83,29 +85,27 @@
#if USE_COHERENT_MEM
/*
- * The base address of the coherent memory section must be page-aligned (4K)
- * to guarantee that the coherent data are stored on their own pages and
- * are not mixed with normal data. This is required to set up the correct
- * memory attributes for the coherent data page tables.
+ * The base address of the coherent memory section must be page-aligned to
+ * guarantee that the coherent data are stored on their own pages and are
+ * not mixed with normal data. This is required to set up the correct memory
+ * attributes for the coherent data page tables.
*/
- coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) {
+ .coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) {
__COHERENT_RAM_START__ = .;
- *(tzfw_coherent_mem)
+ *(.tzfw_coherent_mem)
__COHERENT_RAM_END_UNALIGNED__ = .;
+
/*
- * Memory page(s) mapped to this section will be marked
- * as device memory. No other unexpected data must creep in.
- * Ensure the rest of the current memory page is unused.
+ * Memory page(s) mapped to this section will be marked as device
+ * memory. No other unexpected data must creep in. Ensure that the rest
+ * of the current memory page is unused.
*/
. = ALIGN(PAGE_SIZE);
+
__COHERENT_RAM_END__ = .;
} >RAM
-#endif
+#endif /* USE_COHERENT_MEM */
- /*
- * Define a linker symbol to mark the end of the RW memory area for this
- * image.
- */
__RW_END__ = .;
__BL32_END__ = .;
@@ -114,10 +114,11 @@
}
__BSS_SIZE__ = SIZEOF(.bss);
+
#if USE_COHERENT_MEM
__COHERENT_RAM_UNALIGNED_SIZE__ =
__COHERENT_RAM_END_UNALIGNED__ - __COHERENT_RAM_START__;
-#endif
+#endif /* USE_COHERENT_MEM */
ASSERT(. <= BL32_LIMIT, "BL32 image has exceeded its limit.")
}
diff --git a/bl32/tsp/tsp.mk b/bl32/tsp/tsp.mk
index c31b9b5..cfffbdb 100644
--- a/bl32/tsp/tsp.mk
+++ b/bl32/tsp/tsp.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -22,7 +22,7 @@
common/aarch64/early_exceptions.S \
lib/locks/exclusive/aarch64/spinlock.S
-BL32_LINKERFILE := bl32/tsp/tsp.ld.S
+BL32_DEFAULT_LINKER_SCRIPT_SOURCE := bl32/tsp/tsp.ld.S
# This flag determines if the TSPD initializes BL32 in tspd_init() (synchronous
# method) or configures BL31 to pass control to BL32 instead of BL33
diff --git a/bl32/tsp/tsp_ffa_main.c b/bl32/tsp/tsp_ffa_main.c
index 2c53977..268d329 100644
--- a/bl32/tsp/tsp_ffa_main.c
+++ b/bl32/tsp/tsp_ffa_main.c
@@ -201,7 +201,7 @@
/* Only expecting to be sent memory from NWd so map accordingly. */
mem_attrs |= MT_NS;
- for (uint32_t i = 0U; i < composite->address_range_count; i++) {
+ for (int32_t i = 0; i < (int32_t)composite->address_range_count; i++) {
size_t size = composite->address_range_array[i].page_count * PAGE_SIZE;
ptr = (char *) composite->address_range_array[i].address;
@@ -211,7 +211,7 @@
size, mem_attrs);
if (ret != 0) {
- ERROR("Failed [%u] mmap_add_dynamic_region %u (%lx) (%lx) (%x)!\n",
+ ERROR("Failed [%d] mmap_add_dynamic_region %u (%lx) (%lx) (%x)!\n",
i, ret,
(uint64_t)composite->address_range_array[i].address,
size, mem_attrs);
diff --git a/common/aarch32/debug.S b/common/aarch32/debug.S
index ae0bb7a..2937f56 100644
--- a/common/aarch32/debug.S
+++ b/common/aarch32/debug.S
@@ -12,7 +12,7 @@
.globl asm_print_hex
.globl asm_print_hex_bits
.globl asm_assert
- .globl do_panic
+ .globl el3_panic
.globl report_exception
.globl report_prefetch_abort
.globl report_data_abort
@@ -159,14 +159,14 @@
endfunc asm_print_hex
/***********************************************************
- * The common implementation of do_panic for all BL stages
+ * The common implementation of el3_panic for all BL stages
***********************************************************/
.section .rodata.panic_str, "aS"
panic_msg: .asciz "PANIC at PC : 0x"
panic_end: .asciz "\r\n"
-func do_panic
+func el3_panic
/* Have LR copy point to PC at the time of panic */
sub r6, lr, #4
@@ -194,7 +194,7 @@
_panic_handler:
mov lr, r6
b plat_panic_handler
-endfunc do_panic
+endfunc el3_panic
/***********************************************************
* This function is called from the vector table for
diff --git a/common/aarch64/debug.S b/common/aarch64/debug.S
index 742e022..8768a1f 100644
--- a/common/aarch64/debug.S
+++ b/common/aarch64/debug.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2023 Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,7 +13,8 @@
.globl asm_print_hex_bits
.globl asm_print_newline
.globl asm_assert
- .globl do_panic
+ .globl el3_panic
+ .globl elx_panic
/* Since the max decimal input number is 65536 */
#define MAX_DEC_DIVISOR 10000
@@ -145,54 +146,33 @@
endfunc asm_print_newline
/***********************************************************
- * The common implementation of do_panic for all BL stages
+ * The common implementation of el3_panic for all BL stages
***********************************************************/
.section .rodata.panic_str, "aS"
panic_msg: .asciz "PANIC at PC : 0x"
+func elx_panic
+#if CRASH_REPORTING && defined(IMAGE_BL31)
+ b report_elx_panic
+#endif /* CRASH_REPORTING && IMAGE_BL31 */
+
+ b panic_common
+endfunc elx_panic
+
/* ---------------------------------------------------------------------------
- * do_panic assumes that it is invoked from a C Runtime Environment ie a
+ * el3_panic assumes that it is invoked from a C Runtime Environment ie a
* valid stack exists. This call will not return.
* Clobber list : if CRASH_REPORTING is not enabled then x30, x0 - x6
* ---------------------------------------------------------------------------
*/
-/* This is for the non el3 BL stages to compile through */
- .weak el3_panic
- .weak elx_panic
-
-func do_panic
-#if CRASH_REPORTING
- str x0, [sp, #-0x10]!
- mrs x0, currentel
- ubfx x0, x0, #MODE_EL_SHIFT, #MODE_EL_WIDTH
- cmp x0, #MODE_EL3
-#if !HANDLE_EA_EL3_FIRST_NS
- ldr x0, [sp], #0x10
- b.eq el3_panic
-#else
- b.ne to_panic_common
-
- /* Check EL the exception taken from */
- mrs x0, spsr_el3
- ubfx x0, x0, #SPSR_EL_SHIFT, #SPSR_EL_WIDTH
- cmp x0, #MODE_EL3
- b.ne elx_panic
- ldr x0, [sp], #0x10
- b el3_panic
-
-to_panic_common:
- ldr x0, [sp], #0x10
-#endif /* HANDLE_EA_EL3_FIRST_NS */
-#endif /* CRASH_REPORTING */
+func el3_panic
+#if CRASH_REPORTING && defined(IMAGE_BL31)
+ b report_el3_panic
+#endif /* CRASH_REPORTING && IMAGE_BL31 */
panic_common:
-/*
- * el3_panic will be redefined by the BL31
- * crash reporting mechanism (if enabled)
- */
-el3_panic:
mov x6, x30
bl plat_crash_console_init
@@ -218,4 +198,5 @@
* called, not the address of the call from el3_panic. */
mov x30, x6
b plat_panic_handler
-endfunc do_panic
+
+endfunc el3_panic
diff --git a/common/feat_detect.c b/common/feat_detect.c
index a8c40f7..5fb56b9 100644
--- a/common/feat_detect.c
+++ b/common/feat_detect.c
@@ -36,19 +36,28 @@
/*******************************************************************************
* Function : check_feature
* Check for a valid combination of build time flags (ENABLE_FEAT_xxx) and
- * feature availability on the hardware.
- * Panics if a feature is forcefully enabled, but not available on the PE.
+ * feature availability on the hardware. <min> is the smallest feature
+ * ID field value that is required for that feature.
+ * Triggers a panic later if a feature is forcefully enabled, but not
+ * available on the PE. Also will panic if the hardware feature ID field
+ * is larger than the maximum known and supported number, specified by <max>.
*
* We force inlining here to let the compiler optimise away the whole check
* if the feature is disabled at build time (FEAT_STATE_DISABLED).
******************************************************************************/
static inline void __attribute((__always_inline__))
-check_feature(int state, unsigned long field, const char *feat_name)
+check_feature(int state, unsigned long field, const char *feat_name,
+ unsigned int min, unsigned int max)
{
- if (state == FEAT_STATE_ALWAYS && field == 0U) {
+ if (state == FEAT_STATE_ALWAYS && field < min) {
ERROR("FEAT_%s not supported by the PE\n", feat_name);
tainted = true;
}
+ if (state >= FEAT_STATE_ALWAYS && field > max) {
+ ERROR("FEAT_%s is version %ld, but is only known up to version %d\n",
+ feat_name, field, max);
+ tainted = true;
+ }
}
/******************************************
@@ -153,16 +162,6 @@
#endif
}
-/****************************************************
- * Feature : FEAT_TRF (Self-hosted Trace Extensions)
- ***************************************************/
-static void read_feat_trf(void)
-{
-#if (ENABLE_TRF_FOR_NS == FEAT_STATE_ALWAYS)
- feat_detect_panic(is_arm8_4_feat_trf_present(), "TRF");
-#endif
-}
-
/************************************************
* Feature : FEAT_MTE (Memory Tagging Extension)
***********************************************/
@@ -239,26 +238,6 @@
#endif
}
-/******************************************************
- * Feature : FEAT_BRBE (Branch Record Buffer Extension)
- *****************************************************/
-static void read_feat_brbe(void)
-{
-#if (ENABLE_BRBE_FOR_NS == FEAT_STATE_ALWAYS)
- feat_detect_panic(is_feat_brbe_present(), "BRBE");
-#endif
-}
-
-/******************************************************
- * Feature : FEAT_TRBE (Trace Buffer Extension)
- *****************************************************/
-static void read_feat_trbe(void)
-{
-#if (ENABLE_TRBE_FOR_NS == FEAT_STATE_ALWAYS)
- feat_detect_panic(is_feat_trbe_present(), "TRBE");
-#endif
-}
-
/******************************************************************
* Feature : FEAT_RNG_TRAP (Trapping support for RNDR/RNDRRS)
*****************************************************************/
@@ -312,11 +291,13 @@
/* v8.4 features */
read_feat_dit();
- check_feature(ENABLE_FEAT_AMUv1, read_feat_amu_id_field(), "AMUv1");
+ check_feature(ENABLE_FEAT_AMUv1, read_feat_amu_id_field(),
+ "AMUv1", 1, 2);
read_feat_mpam();
read_feat_nv2();
read_feat_sel2();
- read_feat_trf();
+ check_feature(ENABLE_TRF_FOR_NS, read_feat_trf_id_field(),
+ "TRF", 1, 1);
/* v8.5 features */
read_feat_mte();
@@ -326,16 +307,18 @@
/* v8.6 features */
read_feat_amuv1p1();
- check_feature(ENABLE_FEAT_FGT, read_feat_fgt_id_field(), "FGT");
+ check_feature(ENABLE_FEAT_FGT, read_feat_fgt_id_field(), "FGT", 1, 1);
read_feat_ecv();
read_feat_twed();
/* v8.7 features */
- check_feature(ENABLE_FEAT_HCX, read_feat_hcx_id_field(), "HCX");
+ check_feature(ENABLE_FEAT_HCX, read_feat_hcx_id_field(), "HCX", 1, 1);
/* v9.0 features */
- read_feat_brbe();
- read_feat_trbe();
+ check_feature(ENABLE_BRBE_FOR_NS, read_feat_brbe_id_field(),
+ "BRBE", 1, 2);
+ check_feature(ENABLE_TRBE_FOR_NS, read_feat_trbe_id_field(),
+ "TRBE", 1, 1);
/* v9.2 features */
read_feat_rme();
diff --git a/docs/components/fconf/fconf_properties.rst b/docs/components/fconf/fconf_properties.rst
index 20cc758..3479576 100644
--- a/docs/components/fconf/fconf_properties.rst
+++ b/docs/components/fconf/fconf_properties.rst
@@ -20,7 +20,9 @@
- load-address [mandatory]
- value type: <u64>
- - Physical loading base address of the configuration.
+ - Physical loading base address of the configuration.
+ If secondary-load-address is also provided (see below), then this is the
+ primary load address.
- max-size [mandatory]
- value type: <u32>
@@ -30,10 +32,11 @@
- value type: <u32>
- Image ID of the configuration.
-- ns-load-address [optional]
+- secondary-load-address [optional]
- value type: <u64>
- - Physical loading base address of the configuration in the non-secure
- memory.
- Only needed by those configuration files which require being loaded
- in secure memory (at load-address) as well as in non-secure memory
- e.g. HW_CONFIG
+ - A platform uses this physical address to copy the configuration to
+ another location during the boot-flow.
+
+--------------
+
+*Copyright (c) 2023, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/components/ffa-manifest-binding.rst b/docs/components/ffa-manifest-binding.rst
index 7483c90..1061ca0 100644
--- a/docs/components/ffa-manifest-binding.rst
+++ b/docs/components/ffa-manifest-binding.rst
@@ -128,18 +128,19 @@
- This field supersedes the managed-exit field in the FF-A v1.0 spec.
+- other-s-interrupts-action
+ - value type: <u32>
+ - Specifies the action that the SPMC must take in response to a Other-Secure
+ physical interrupt.
+
+ - 0x0: Other-Secure interrupt is queued
+ - 0x1: Other-Secure interrupt is signaled
+
- has-primary-scheduler
- value type: <empty>
- Presence of this field indicates that the partition implements the primary
scheduler. If so, run-time EL must be EL1.
-- run-time-model
- - value type: <u32>
- - Run time model that the SPM must enforce for this SP:
-
- - 0x0: Run to completion
- - 0x1: Preemptible
-
- time-slice-mem
- value type: <empty>
- Presence of this field indicates that the partition doesn't expect the
@@ -286,6 +287,18 @@
- PPI: 0b01
- SGI: 0b00
+- interrupts-target
+ - value type: <prop-encoded-array>
+ - A list of (id, mpdir upper bits, mpidr lower bits) tuples describing which
+ mpidr the interrupt is routed to, where:
+
+ - id: The <u32> interrupt ID. Must be one of those specified in the
+ "interrupts" field.
+ - mpidr upper bits: The <u32> describing the upper bits of the 64 bits
+ mpidr
+ - mpidr lower bits: The <u32> describing the lower bits of the 64 bits
+ mpidr
+
- exclusive-access
- value type: <empty>
- Presence of this field implies that this endpoint must be granted exclusive
diff --git a/docs/components/rmm-el3-comms-spec.rst b/docs/components/rmm-el3-comms-spec.rst
index 25c4269..6b57c0e 100644
--- a/docs/components/rmm-el3-comms-spec.rst
+++ b/docs/components/rmm-el3-comms-spec.rst
@@ -53,7 +53,7 @@
consistency with the versioning schemes used in other parts of RMM.
This document specifies the 0.1 version of Boot Interface ABI and RMM-EL3
-services specification and the 0.1 version of the Boot Manifest.
+services specification and the 0.2 version of the Boot Manifest.
.. _rmm_el3_boot_interface:
@@ -71,7 +71,7 @@
The Boot Interface ABI defines a set of register conventions and
also a memory based manifest file to pass information from EL3 to RMM. The
-boot manifest and the associated platform data in it can be dynamically created
+Boot Manifest and the associated platform data in it can be dynamically created
by EL3 and there is no restriction on how the data can be obtained (e.g by DTB,
hoblist or other).
@@ -99,7 +99,7 @@
x0,Linear index of this PE. This index starts from 0 and must be less than the maximum number of CPUs to be supported at runtime (see x2).
x1,Version for this Boot Interface as defined in :ref:`rmm_el3_ifc_versioning`.
x2,Maximum number of CPUs to be supported at runtime. RMM should ensure that it can support this maximum number.
- x3,Base address for the shared buffer used for communication between EL3 firmware and RMM. This buffer must be of 4KB size (1 page). The boot manifest must be present at the base of this shared buffer during cold boot.
+ x3,Base address for the shared buffer used for communication between EL3 firmware and RMM. This buffer must be of 4KB size (1 page). The Boot Manifest must be present at the base of this shared buffer during cold boot.
During cold boot, EL3 firmware needs to allocate a 4KB page that will be
passed to RMM in x3. This memory will be used as shared buffer for communication
@@ -162,8 +162,8 @@
``E_RMM_BOOT_CPUS_OUT_OF_RAGE``,Number of CPUs reported by EL3 larger than maximum supported by RMM,-3
``E_RMM_BOOT_CPU_ID_OUT_OF_RAGE``,Current CPU Id is higher or equal than the number of CPUs supported by RMM,-4
``E_RMM_BOOT_INVALID_SHARED_BUFFER``,Invalid pointer to shared memory area,-5
- ``E_RMM_BOOT_MANIFEST_VERSION_NOT_SUPPORTED``,Version reported by the boot manifest not supported by RMM,-6
- ``E_RMM_BOOT_MANIFEST_DATA_ERROR``,Error parsing core boot manifest,-7
+ ``E_RMM_BOOT_MANIFEST_VERSION_NOT_SUPPORTED``,Version reported by the Boot Manifest not supported by RMM,-6
+ ``E_RMM_BOOT_MANIFEST_DATA_ERROR``,Error parsing core Boot Manifest,-7
For any error detected in RMM during cold or warm boot, RMM will return back to
EL3 using ``RMM_BOOT_COMPLETE`` SMC with an appropriate error code. It is
@@ -177,25 +177,28 @@
Boot Manifest
~~~~~~~~~~~~~
-During cold boot, EL3 Firmware passes a memory boot manifest to RMM containing
+During cold boot, EL3 Firmware passes a memory Boot Manifest to RMM containing
platform information.
-This boot manifest is versioned independently of the boot interface, to help
-evolve the boot manifest independent of the rest of Boot Manifest.
-The current version for the boot manifest is ``v0.1`` and the rules explained
+This Boot Manifest is versioned independently of the Boot Interface, to help
+evolve the former independent of the latter.
+The current version for the Boot Manifest is ``v0.2`` and the rules explained
in :ref:`rmm_el3_ifc_versioning` apply on this version as well.
-The boot manifest is divided into two different components:
+The Boot Manifest v0.2 has the following fields:
- - Core Manifest: This is the generic parameters passed to RMM by EL3 common to all platforms.
- - Platform data: This is defined by the platform owner and contains information specific to that platform.
+ - version : Version of the Manifest (v0.2)
+ - plat_data : Pointer to the platform specific data and not specified by this
+ document. These data are optional and can be NULL.
+ - plat_dram : Structure encoding the NS DRAM information on the platform. This
+ field is also optional and platform can choose to zero out this structure if
+ RMM does not need EL3 to send this information during the boot.
-For the current version of the manifest, the core manifest contains a pointer
-to the platform data. EL3 must ensure that the whole boot manifest,
-including the platform data, if available, fits inside the RMM EL3 shared
-buffer.
+For the current version of the Boot Manifest, the core manifest contains a pointer
+to the platform data. EL3 must ensure that the whole Boot Manifest, including
+the platform data, if available, fits inside the RMM EL3 shared buffer.
-For the type specification of the RMM Boot Manifest v0.1, refer to
+For the data structure specification of Boot Manifest, refer to
:ref:`rmm_el3_manifest_struct`
.. _runtime_services_and_interface:
@@ -525,19 +528,59 @@
RMM-EL3 Boot Manifest structure
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-The RMM-EL3 Boot Manifest structure contains platform boot information passed
-from EL3 to RMM. The width of the Boot Manifest is 128 bits
-
-.. image:: ../resources/diagrams/rmm_el3_manifest_struct.png
+The RMM-EL3 Boot Manifest v0.2 structure contains platform boot information passed
+from EL3 to RMM. The size of the Boot Manifest is 40 bytes.
The members of the RMM-EL3 Boot Manifest structure are shown in the following
table:
-.. csv-table::
- :header: "Name", "Range", "Type", Description
- :widths: 2 1 1 4
++-----------+--------+----------------+----------------------------------------+
+| Name | Offset | Type | Description |
++===========+========+================+========================================+
+| version | 0 | uint32_t | Boot Manifest version |
++-----------+--------+----------------+----------------------------------------+
+| padding | 4 | uint32_t | Reserved, set to 0 |
++-----------+--------+----------------+----------------------------------------+
+| plat_data | 8 | uintptr_t | Pointer to Platform Data section |
++-----------+--------+----------------+----------------------------------------+
+| plat_dram | 16 | ns_dram_info | NS DRAM Layout Info structure |
++-----------+--------+----------------+----------------------------------------+
+
+.. _ns_dram_info_struct:
+
+NS DRAM Layout Info structure
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+NS DRAM Layout Info structure contains information about platform Non-secure
+DRAM layout. The members of this structure are shown in the table below:
+
++-----------+--------+----------------+----------------------------------------+
+| Name | Offset | Type | Description |
++===========+========+================+========================================+
+| num_banks | 0 | uint64_t | Number of NS DRAM banks |
++-----------+--------+----------------+----------------------------------------+
+| banks | 8 | ns_dram_bank * | Pointer to 'ns_dram_bank'[] array |
++-----------+--------+----------------+----------------------------------------+
+| checksum | 16 | uint64_t | Checksum |
++-----------+--------+----------------+----------------------------------------+
+
+Checksum is calculated as two's complement sum of 'num_banks', 'banks' pointer
+and DRAM banks data array pointed by it.
+
+.. _ns_dram_bank_struct:
+
+NS DRAM Bank structure
+~~~~~~~~~~~~~~~~~~~~~~
+
+NS DRAM Bank structure contains information about each Non-secure DRAM bank:
+
++-----------+--------+----------------+----------------------------------------+
+| Name | Offset | Type | Description |
++===========+========+================+========================================+
+| base | 0 | uintptr_t | Base address |
++-----------+--------+----------------+----------------------------------------+
+| size | 8 | uint64_t | Size of bank in bytes |
++-----------+--------+----------------+----------------------------------------+
+
+
- ``Version Minor``,15:0,uint16_t,Version Minor part of the Boot Manifest Version.
- ``Version Major``,30:16,uint16_t,Version Major part of the Boot Manifest Version.
- ``RES0``,31,bit,Reserved. Set to 0.
- ``Platform Data``,127:64,Address,Pointer to the Platform Data section of the Boot Manifest.
diff --git a/docs/components/spd/optee-dispatcher.rst b/docs/components/spd/optee-dispatcher.rst
index 63baccc..81476f1 100644
--- a/docs/components/spd/optee-dispatcher.rst
+++ b/docs/components/spd/optee-dispatcher.rst
@@ -6,9 +6,26 @@
To build and execute OP-TEE follow the instructions at
`OP-TEE build.git`_
+There are two different modes for loading the OP-TEE OS. The default mode will
+load it as the BL32 payload during boot, and is the recommended technique for
+platforms to use. There is also another technique that will load OP-TEE OS after
+boot via an SMC call by enabling the option for OPTEE_ALLOW_SMC_LOAD that was
+specifically added for ChromeOS. Loading OP-TEE via an SMC call may be insecure
+depending upon the platform configuration. If using that option, be sure to
+understand the risks involved with allowing the Trusted OS to be loaded this
+way. ChromeOS uses a boot flow where it verifies the signature of the firmware
+before executing it, and then only if the signature is valid will the 'secrets'
+used by the TEE become accessible. The firmware then verifies the signature of
+the kernel using depthcharge, and the kernel verifies the rootfs using
+dm-verity. The SMC call to load OP-TEE is then invoked immediately after the
+kernel finishes loading and before any attack vectors can be opened up by
+mounting writable filesystems or opening network/device connections. this
+ensures the platform is 'closed' and running signed code through the point where
+OP-TEE is loaded.
+
--------------
-*Copyright (c) 2014-2018, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.*
.. _OP-TEE OS: https://github.com/OP-TEE/build
.. _OP-TEE build.git: https://github.com/OP-TEE/build
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index 5b67299..8a20186 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -317,6 +317,10 @@
CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1, and r1p2, and
it is still open.
+- ``ERRATA_A78_2742426``: This applies erratum 2742426 workaround to Cortex-A78
+ CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1 and r1p2 and
+ it is still open.
+
- ``ERRATA_A78_2772019``: This applies errata 2772019 workaround to Cortex-A78
CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1, and r1p2, and
it is still open.
@@ -361,6 +365,14 @@
Cortex-A78C CPU. This needs to be enabled for revisions r0p1 and r0p2. This
erratum is still open.
+- ``ERRATA_A78C_2772121`` : This applies errata 2772121 workaround to
+ Cortex-A78C CPU. This needs to be enabled for revisions r0p0, r0p1 and r0p2.
+ This erratum is still open.
+
+- ``ERRATA_A78C_2779484`` : This applies errata 2779484 workaround to
+ Cortex-A78C CPU. This needs to be enabled for revisions r0p1 and r0p2.
+ This erratum is still open.
+
For Cortex-X1 CPU, the following errata build flags are defined:
- ``ERRATA_X1_1821534`` : This applies errata 1821534 workaround to Cortex-X1
@@ -472,6 +484,10 @@
CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1 and r1p2 of the
CPU. It is still open.
+- ``ERRATA_V1_2743233``: This applies erratum 2743233 workaround to Neoverse-V1
+ CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1, and r1p2 of the
+ CPU. It is still open.
+
- ``ERRATA_V1_2779461``: This applies erratum 2779461 workaround to Neoverse-V1
CPU. This needs to be enabled for revisions r0p0, r1p0, r1p1, r1p2 of the
CPU. It is still open.
diff --git a/docs/design/firmware-design.rst b/docs/design/firmware-design.rst
index 84bba18..97f3550 100644
--- a/docs/design/firmware-design.rst
+++ b/docs/design/firmware-design.rst
@@ -25,7 +25,6 @@
:ref:`Translation (XLAT) Tables Library`.
TF-A can be built to support either AArch64 or AArch32 execution state.
-
.. note::
The descriptions in this chapter are for the Arm TrustZone architecture.
@@ -484,8 +483,8 @@
as its only purpose is to ensure TF-A BL2 is entered at S-EL1. To avoid
this waste, a special mode enables BL2 to execute at EL3, which allows
a non-TF-A Boot ROM to load and jump directly to BL2. This mode is selected
-when the build flag BL2_AT_EL3 is enabled. The main differences in this
-mode are:
+when the build flag RESET_TO_BL2 is enabled.
+The main differences in this mode are:
#. BL2 includes the reset code and the mailbox mechanism to differentiate
cold boot and warm boot. It runs at EL3 doing the arch
@@ -900,7 +899,7 @@
A runtime service is registered using the ``DECLARE_RT_SVC()`` macro, specifying
the name of the service, the range of OENs covered, the type of service and
initialization and call handler functions. This macro instantiates a ``const struct rt_svc_desc`` for the service with these details (see ``runtime_svc.h``).
-This structure is allocated in a special ELF section ``rt_svc_descs``, enabling
+This structure is allocated in a special ELF section ``.rt_svc_descs``, enabling
the framework to find all service descriptors included into BL31.
The specific service for a SMC Function is selected based on the OEN and call
@@ -1330,7 +1329,7 @@
(priority, group, configuration). Each element of the array shall be populated
by the macro ``INTR_PROP_DESC()``. The macro takes the following arguments:
-- 10-bit interrupt number,
+- 13-bit interrupt number,
- 8-bit interrupt priority,
@@ -2165,7 +2164,7 @@
has been redesigned. The changes utilise the characteristic of Lamport's Bakery
algorithm mentioned earlier. The bakery_lock structure only allocates the memory
for a single CPU. The macro ``DEFINE_BAKERY_LOCK`` allocates all the bakery locks
-needed for a CPU into a section ``bakery_lock``. The linker allocates the memory
+needed for a CPU into a section ``.bakery_lock``. The linker allocates the memory
for other cores by using the total size allocated for the bakery_lock section
and multiplying it with (PLATFORM_CORE_COUNT - 1). This enables software to
perform software cache maintenance on the lock data structure without running
@@ -2193,7 +2192,7 @@
::
- bakery_lock section start
+ .bakery_lock section start
|----------------|
| `bakery_info_t`| <-- Lock_0 per-CPU field
| Lock_0 | for CPU0
@@ -2230,7 +2229,7 @@
Consider a system of 2 CPUs with 'N' bakery locks as shown above. For an
operation on Lock_N, the corresponding ``bakery_info_t`` in both CPU0 and CPU1
-``bakery_lock`` section need to be fetched and appropriate cache operations need
+``.bakery_lock`` section need to be fetched and appropriate cache operations need
to be performed for each access.
On Arm Platforms, bakery locks are used in psci (``psci_locks``) and power controller
@@ -2752,7 +2751,7 @@
--------------
-*Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.*
.. _Power State Coordination Interface PDD: http://infocenter.arm.com/help/topic/com.arm.doc.den0022d/Power_State_Coordination_Interface_PDD_v1_1_DEN0022D.pdf
.. _SMCCC: https://developer.arm.com/docs/den0028/latest
diff --git a/docs/design_documents/index.rst b/docs/design_documents/index.rst
index 3e20c07..3d82e69 100644
--- a/docs/design_documents/index.rst
+++ b/docs/design_documents/index.rst
@@ -9,6 +9,7 @@
context_mgmt_rework
measured_boot_poc
drtm_poc
+ rss
--------------
diff --git a/docs/design_documents/measured_boot_poc.rst b/docs/design_documents/measured_boot_poc.rst
index 3ae539b..2e25057 100644
--- a/docs/design_documents/measured_boot_poc.rst
+++ b/docs/design_documents/measured_boot_poc.rst
@@ -6,7 +6,7 @@
security state can be attested later.
The current implementation of the driver included in Trusted Firmware-A
-(TF-A) stores the measurements into a `TGC event log`_ in secure
+(TF-A) stores the measurements into a `TCG event log`_ in secure
memory. No other means of recording measurements (such as a discrete TPM) is
supported right now.
@@ -24,7 +24,7 @@
platforms might have different needs and configurations (e.g. different
SHA algorithms) and they might also use different types of TPM services
(or even a different type of service to provide the attestation)
- and therefore the instuctions given here might not apply in such scenarios.
+ and therefore the instructions given here might not apply in such scenarios.
Components
~~~~~~~~~~
@@ -497,11 +497,11 @@
--------------
-*Copyright (c) 2021, Arm Limited. All rights reserved.*
+*Copyright (c) 2021-2023, Arm Limited. All rights reserved.*
.. _OP-TEE Toolkit: https://github.com/OP-TEE/build
.. _ms-tpm-20-ref: https://github.com/microsoft/ms-tpm-20-ref
.. _Get and build the solution: https://optee.readthedocs.io/en/latest/building/gits/build.html#get-and-build-the-solution
.. _Armv8-A Foundation Platform (For Linux Hosts Only): https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms/arm-ecosystem-models
.. _tpm2-tools: https://github.com/tpm2-software/tpm2-tools
-.. _TGC event log: https://trustedcomputinggroup.org/resource/tcg-efi-platform-specification/
+.. _TCG event log: https://trustedcomputinggroup.org/resource/tcg-efi-platform-specification/
diff --git a/docs/design_documents/rss.rst b/docs/design_documents/rss.rst
new file mode 100644
index 0000000..2be8067
--- /dev/null
+++ b/docs/design_documents/rss.rst
@@ -0,0 +1,611 @@
+Runtime Security Subsystem (RSS)
+================================
+
+This document focuses on the relationship between the Runtime Security Subsystem
+(RSS) and the application processor (AP). According to the ARM reference design
+the RSS is an independent core next to the AP and the SCP on the same die. It
+provides fundamental security guarantees and runtime services for the rest of
+the system (e.g.: trusted boot, measured boot, platform attestation,
+key management, and key derivation).
+
+At power up RSS boots first from its private ROM code. It validates and loads
+its own images and the initial images of SCP and AP. When AP and SCP are
+released from reset and their initial code is loaded then they continue their
+own boot process, which is the same as on non-RSS systems. Please refer to the
+``RSS documentation`` [1]_ for more details about the RSS boot flow.
+
+The last stage of the RSS firmware is a persistent, runtime component. Much
+like AP_BL31, this is a passive entity which has no periodical task to do and
+just waits for external requests from other subsystems. RSS and other
+subsystems can communicate with each other over message exchange. RSS waits
+in idle for the incoming request, handles them, and sends a response then goes
+back to idle.
+
+RSS communication layer
+-----------------------
+
+The communication between RSS and other subsystems are primarily relying on the
+Message Handling Unit (MHU) module. The number of MHU interfaces between RSS
+and other cores is IMPDEF. Besides MHU other modules also could take part in
+the communication. RSS is capable of mapping the AP memory to its address space.
+Thereby either RSS core itself or a DMA engine if it is present, can move the
+data between memory belonging to RSS or AP. In this way, a bigger amount of data
+can be transferred in a short time.
+
+The MHU comes in pairs. There is a sender and receiver side. They are connected
+to each other. An MHU interface consists of two pairs of MHUs, one sender and
+one receiver on both sides. Bidirectional communication is possible over an
+interface. One pair provides message sending from AP to RSS and the other pair
+from RSS to AP. The sender and receiver are connected via channels. There is an
+IMPDEF number of channels (e.g: 4-16) between a sender and a receiver module.
+
+The RSS communication layer provides two ways for message exchange:
+
+- ``Embedded messaging``: The full message, including header and payload, are
+ exchanged over the MHU channels. A channel is capable of delivering a single
+ word. The sender writes the data to the channel register on its side and the
+ receiver can read the data from the channel on the other side. One dedicated
+ channel is used for signalling. It does not deliver any payload it is just
+ meant for signalling that the sender loaded the data to the channel registers
+ so the receiver can read them. The receiver uses the same channel to signal
+ that data was read. Signalling happens via IRQ. If the message is longer than
+ the data fit to the channel registers then the message is sent over in
+ multiple rounds. Both, sender and receiver allocate a local buffer for the
+ messages. Data is copied from/to these buffers to/from the channel registers.
+- ``Pointer-access messaging``: The message header and the payload are
+ separated and they are conveyed in different ways. The header is sent
+ over the channels, similar to the embedded messaging but the payload is
+ copied over by RSS core (or by DMA) between the sender and the receiver. This
+ could be useful in the case of long messages because transaction time is less
+ compared to the embedded messaging mode. Small payloads are copied by the RSS
+ core because setting up DMA would require more CPU cycles. The payload is
+ either copied into an internal buffer or directly read-written by RSS. Actual
+ behavior depends on RSS setup, whether the partition supports memory-mapped
+ ``iovec``. Therefore, the sender must handle both cases and prevent access to
+ the memory, where payload data lives, while the RSS handles the request.
+
+The RSS communication layer supports both ways of messaging in parallel. It is
+decided at runtime based on the message size which way to transfer the message.
+
+.. code-block:: bash
+
+ +----------------------------------------------+ +-------------------+
+ | | | |
+ | AP | | |
+ | | +--->| SRAM |
+ +----------------------------------------------| | | |
+ | BL1 / BL2 / BL31 | | | |
+ +----------------------------------------------+ | +-------------------+
+ | ^ | ^ ^
+ | send IRQ | receive |direct | |
+ V | |access | |
+ +--------------------+ +--------------------+ | | |
+ | MHU sender | | MHU receiver | | | Copy data |
+ +--------------------+ +--------------------+ | | |
+ | | | | | | | | | | |
+ | | channels | | | | channels | | | | |
+ | | e.g: 4-16 | | | | e.g: 4-16 | | | V |
+ +--------------------+ +--------------------+ | +-------+ |
+ | MHU receiver | | MHU sender | | +->| DMA | |
+ +--------------------+ +--------------------+ | | +-------+ |
+ | ^ | | ^ |
+ IRQ | receive | send | | | Copy data |
+ V | | | V V
+ +----------------------------------------------+ | | +-------------------+
+ | |--+-+ | |
+ | RSS | | SRAM |
+ | | | |
+ +----------------------------------------------+ +-------------------+
+
+.. Note::
+
+ The RSS communication layer is not prepared for concurrent execution. The
+ current use case only requires message exchange during the boot phase. In
+ the boot phase, only a single core is running and the rest of the cores are
+ in reset.
+
+Message structure
+^^^^^^^^^^^^^^^^^
+A description of the message format can be found in the ``RSS communication
+design`` [2]_ document.
+
+Source files
+^^^^^^^^^^^^
+- RSS comms: ``drivers/arm/rss``
+- MHU driver: ``drivers/arm/mhu``
+
+
+API for communication over MHU
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+The API is defined in these header files:
+
+- ``include/drivers/arm/rss_comms.h``
+- ``include/drivers/arm/mhu.h``
+
+RSS provided runtime services
+-----------------------------
+
+RSS provides the following runtime services:
+
+- ``Measured boot``: Securely store the firmware measurements which were
+ computed during the boot process and the associated metadata (image
+ description, measurement algorithm, etc.). More info on measured boot service
+ in RSS can be found in the ``measured_boot_integration_guide`` [3]_ .
+- ``Delegated attestation``: Query the platform attestation token and derive a
+ delegated attestation key. More info on the delegated attestation service
+ in RSS can be found in the ``delegated_attestation_integration_guide`` [4]_ .
+- ``OTP assets management``: RSS provides access for AP to assets in OTP.
+ These are keys for image signature verification and non-volatile counters
+ for anti-rollback protection. Only RSS has direct access to the OTP. Public
+ keys used by AP during the trusted boot process can be requested from RSS.
+ Furthermore, AP can request RSS to increase a non-volatile counter. Please
+ refer to the ``RSS key management`` [5]_ document for more details.
+
+Runtime service API
+^^^^^^^^^^^^^^^^^^^
+The RSS provided runtime services implement a PSA aligned API. The parameter
+encoding follows the PSA client protocol described in the
+``Firmware Framework for M`` [6]_ document in chapter 4.4. The implementation is
+restricted to the static handle use case therefore only the ``psa_call`` API is
+implemented.
+
+
+Software and API layers
+^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: bash
+
+ +----------------+ +---------------------+
+ | BL1 / BL2 | | BL31 |
+ +----------------+ +---------------------+
+ | |
+ | extend_measurement() | get_delegated_key()
+ | | get_platform_token()
+ V V
+ +----------------+ +---------------------+
+ | PSA protocol | | PSA protocol |
+ +----------------+ +---------------------+
+ | |
+ | psa_call() | psa_call()
+ | |
+ V V
+ +------------------------------------------------+
+ | RSS communication protocol |
+ +------------------------------------------------+
+ | ^
+ | mhu_send_data() | mhu_receive_data()
+ | |
+ V |
+ +------------------------------------------------+
+ | MHU driver |
+ +------------------------------------------------+
+ | ^
+ | Register access | IRQ
+ V |
+ +------------------------------------------------+
+ | MHU HW on AP side |
+ +------------------------------------------------+
+ ^
+ | Physical wires
+ |
+ V
+ +------------------------------------------------+
+ | MHU HW on RSS side |
+ +------------------------------------------------+
+ | ^
+ | IRQ | Register access
+ V |
+ +------------------------------------------------+
+ | MHU driver |
+ +------------------------------------------------+
+ | |
+ V V
+ +---------------+ +------------------------+
+ | Measured boot | | Delegated attestation |
+ | service | | service |
+ +---------------+ +------------------------+
+
+
+RSS based Measured Boot
+-----------------------
+
+Measured Boot is the process of cryptographically measuring (computing the hash
+value of a binary) the code and critical data used at boot time. The
+measurement must be stored in a tamper-resistant way, so the security state
+of the device can be attested later to an external party. RSS provides a runtime
+service which is meant to store measurements and associated metadata alongside.
+
+Data is stored in internal SRAM which is only accessible by the secure runtime
+firmware of RSS. Data is stored in so-called measurement slots. A platform has
+IMPDEF number of measurement slots. The measurement storage follows extend
+semantics. This means that measurements are not stored directly (as it was
+taken) instead they contribute to the current value of the measurement slot.
+The extension implements this logic, where ``||`` stands for concatenation:
+
+.. code-block:: bash
+
+ new_value_of_measurement_slot = Hash(old_value_of_measurement_slot || measurement)
+
+Supported hash algorithms: sha-256, sha-512
+
+Measured Boot API
+^^^^^^^^^^^^^^^^^
+
+Defined here:
+
+- ``include/lib/psa/measured_boot.h``
+
+.. code-block:: c
+
+ psa_status_t
+ rss_measured_boot_extend_measurement(uint8_t index,
+ const uint8_t *signer_id,
+ size_t signer_id_size,
+ const uint8_t *version,
+ size_t version_size,
+ uint32_t measurement_algo,
+ const uint8_t *sw_type,
+ size_t sw_type_size,
+ const uint8_t *measurement_value,
+ size_t measurement_value_size,
+ bool lock_measurement);
+
+Measured Boot Metadata
+^^^^^^^^^^^^^^^^^^^^^^
+
+The following metadata can be stored alongside the measurement:
+
+- ``Signer-id``: Mandatory. The hash of the firmware image signing public key.
+- ``Measurement algorithm``: Optional. The hash algorithm which was used to
+ compute the measurement (e.g.: sha-256, etc.).
+- ``Version info``: Optional. The firmware version info (e.g.: 2.7).
+- ``SW type``: Optional. Short text description (e.g.: BL1, BL2, BL31, etc.)
+
+.. Note::
+ Signer-id and version info is not implemented in TF-A yet.
+
+The caller must specify in which measurement slot to extend a certain
+measurement and metadata. A measurement slot can be extended by multiple
+measurements. The default value is IMPDEF. All measurement slot is cleared at
+reset, there is no other way to clear them. In the reference implementation,
+the measurement slots are initialized to 0. At the first call to extend the
+measurement in a slot, the extend operation uses the default value of the
+measurement slot. All upcoming extend operation on the same slot contributes
+to the previous value of that measurement slot.
+
+The following rules are kept when a slot is extended multiple times:
+
+- ``Signer-id`` must be the same as the previous call(s), otherwise a
+ PSA_ERROR_NOT_PERMITTED error code is returned.
+
+- ``Measurement algorithm``: must be the same as the previous call(s),
+ otherwise, a PSA_ERROR_NOT_PERMITTED error code is returned.
+
+In case of error no further action is taken (slot is not locked). If there is
+a valid data in a sub-sequent call then measurement slot will be extended. The
+rest of the metadata is handled as follows when a measurement slot is extended
+multiple times:
+
+- ``SW type``: Cleared.
+- ``Version info``: Cleared.
+
+.. Note::
+
+ Extending multiple measurements in the same slot leads to some metadata
+ information loss. Since RSS is not constrained on special HW resources to
+ store the measurements and metadata, therefore it is worth considering to
+ store all of them one by one in distinct slots. However, they are one-by-one
+ included in the platform attestation token. So, the number of distinct
+ firmware image measurements has an impact on the size of the attestation
+ token.
+
+The allocation of the measurement slot among RSS, Root and Realm worlds is
+platform dependent. The platform must provide an allocation of the measurement
+slot at build time. An example can be found in
+``tf-a/plat/arm/board/tc/tc_bl1_measured_boot.c``
+Furthermore, the memory, which holds the metadata is also statically allocated
+in RSS memory. Some of the fields have a static value (measurement algorithm),
+and some of the values have a dynamic value (measurement value) which is updated
+by the bootloaders when the firmware image is loaded and measured. The metadata
+structure is defined in
+``include/drivers/measured_boot/rss/rss_measured_boot.h``.
+
+.. code-block:: c
+
+ struct rss_mboot_metadata {
+ unsigned int id;
+ uint8_t slot;
+ uint8_t signer_id[SIGNER_ID_MAX_SIZE];
+ size_t signer_id_size;
+ uint8_t version[VERSION_MAX_SIZE];
+ size_t version_size;
+ uint8_t sw_type[SW_TYPE_MAX_SIZE];
+ size_t sw_type_size;
+ bool lock_measurement;
+ };
+
+Build time config options
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+- ``MEASURED_BOOT``: Enable measured boot. It depends on the platform
+ implementation whether RSS or TPM (or both) backend based measured boot is
+ enabled.
+- ``MBOOT_RSS_HASH_ALG``: Determine the hash algorithm to measure the images.
+ The default value is sha-256.
+
+Measured boot flow
+^^^^^^^^^^^^^^^^^^
+
+.. figure:: ../resources/diagrams/rss_measured_boot_flow.svg
+ :align: center
+
+Sample console log
+^^^^^^^^^^^^^^^^^^
+
+.. code-block:: bash
+
+ INFO: Measured boot extend measurement:
+ INFO: - slot : 6
+ INFO: - signer_id : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ INFO: : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ INFO: - version :
+ INFO: - version_size: 0
+ INFO: - sw_type : FW_CONFIG
+ INFO: - sw_type_size: 10
+ INFO: - algorithm : 2000009
+ INFO: - measurement : aa ea d3 a7 a8 e2 ab 7d 13 a6 cb 34 99 10 b9 a1
+ INFO: : 1b 9f a0 52 c5 a8 b1 d7 76 f2 c1 c1 ef ca 1a df
+ INFO: - locking : true
+ INFO: FCONF: Config file with image ID:31 loaded at address = 0x4001010
+ INFO: Loading image id=24 at address 0x4001300
+ INFO: Image id=24 loaded: 0x4001300 - 0x400153a
+ INFO: Measured boot extend measurement:
+ INFO: - slot : 7
+ INFO: - signer_id : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ INFO: : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ INFO: - version :
+ INFO: - version_size: 0
+ INFO: - sw_type : TB_FW_CONFIG
+ INFO: - sw_type_size: 13
+ INFO: - algorithm : 2000009
+ INFO: - measurement : 05 b9 dc 98 62 26 a7 1c 2d e5 bb af f0 90 52 28
+ INFO: : f2 24 15 8a 3a 56 60 95 d6 51 3a 7a 1a 50 9b b7
+ INFO: - locking : true
+ INFO: FCONF: Config file with image ID:24 loaded at address = 0x4001300
+ INFO: BL1: Loading BL2
+ INFO: Loading image id=1 at address 0x404d000
+ INFO: Image id=1 loaded: 0x404d000 - 0x406412a
+ INFO: Measured boot extend measurement:
+ INFO: - slot : 8
+ INFO: - signer_id : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ INFO: : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ INFO: - version :
+ INFO: - version_size: 0
+ INFO: - sw_type : BL_2
+ INFO: - sw_type_size: 5
+ INFO: - algorithm : 2000009
+ INFO: - measurement : 53 a1 51 75 25 90 fb a1 d9 b8 c8 34 32 3a 01 16
+ INFO: : c9 9e 74 91 7d 28 02 56 3f 5c 40 94 37 58 50 68
+ INFO: - locking : true
+
+Delegated Attestation
+---------------------
+
+Delegated Attestation Service was mainly developed to support the attestation
+flow on the ``ARM Confidential Compute Architecture`` (ARM CCA) [7]_.
+The detailed description of the delegated attestation service can be found in
+the ``Delegated Attestation Service Integration Guide`` [4]_ document.
+
+In the CCA use case, the Realm Management Monitor (RMM) relies on the delegated
+attestation service of the RSS to get a realm attestation key and the CCA
+platform token. BL31 does not use the service for its own purpose, only calls
+it on behalf of RMM. The access to MHU interface and thereby to RSS is
+restricted to BL31 only. Therefore, RMM does not have direct access, all calls
+need to go through BL31. The RMM dispatcher module of the BL31 is responsible
+for delivering the calls between the two parties.
+
+.. Note::
+ Currently the connection between the RMM dispatcher and the PSA/RSS layer
+ is not yet implemented. RMM dispatcher just returns hard coded data.
+
+Delegated Attestation API
+^^^^^^^^^^^^^^^^^^^^^^^^^
+Defined here:
+
+- ``include/lib/psa/delegated_attestation.h``
+
+.. code-block:: c
+
+ psa_status_t
+ rss_delegated_attest_get_delegated_key(uint8_t ecc_curve,
+ uint32_t key_bits,
+ uint8_t *key_buf,
+ size_t key_buf_size,
+ size_t *key_size,
+ uint32_t hash_algo);
+
+ psa_status_t
+ rss_delegated_attest_get_token(const uint8_t *dak_pub_hash,
+ size_t dak_pub_hash_size,
+ uint8_t *token_buf,
+ size_t token_buf_size,
+ size_t *token_size);
+
+Attestation flow
+^^^^^^^^^^^^^^^^
+
+.. figure:: ../resources/diagrams/rss_attestation_flow.svg
+ :align: center
+
+Sample attestation token
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+Binary format:
+
+.. code-block:: bash
+
+ INFO: DELEGATED ATTEST TEST START
+ INFO: Get delegated attestation key start
+ INFO: Get delegated attest key succeeds, len: 48
+ INFO: Delegated attest key:
+ INFO: 0d 2a 66 61 d4 89 17 e1 70 c6 73 56 df f4 11 fd
+ INFO: 7d 1f 3b 8a a3 30 3d 70 4c d9 06 c3 c7 ef 29 43
+ INFO: 0f ee b5 e7 56 e0 71 74 1b c4 39 39 fd 85 f6 7b
+ INFO: Get platform token start
+ INFO: Get platform token succeeds, len: 1086
+ INFO: Platform attestation token:
+ INFO: d2 84 44 a1 01 38 22 a0 59 03 d1 a9 0a 58 20 00
+ INFO: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ INFO: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19
+ INFO: 01 00 58 21 01 cb 8c 79 f7 a0 0a 6c ce 12 66 f8
+ INFO: 64 45 48 42 0e c5 10 bf 84 ee 22 18 b9 8f 11 04
+ INFO: c7 22 31 9d fb 19 09 5c 58 20 aa aa aa aa aa aa
+ INFO: aa aa bb bb bb bb bb bb bb bb cc cc cc cc cc cc
+ INFO: cc cc dd dd dd dd dd dd dd dd 19 09 5b 19 30 00
+ INFO: 19 09 5f 89 a4 05 58 20 bf e6 d8 6f 88 26 f4 ff
+ INFO: 97 fb 96 c4 e6 fb c4 99 3e 46 19 fc 56 5d a2 6a
+ INFO: df 34 c3 29 48 9a dc 38 04 67 31 2e 36 2e 30 2b
+ INFO: 30 01 64 52 54 5f 30 02 58 20 90 27 f2 46 ab 31
+ INFO: 85 36 46 c4 d7 c6 60 ed 31 0d 3c f0 14 de f0 6c
+ INFO: 24 0b de b6 7a 84 fc 3f 5b b7 a4 05 58 20 b3 60
+ INFO: ca f5 c9 8c 6b 94 2a 48 82 fa 9d 48 23 ef b1 66
+ INFO: a9 ef 6a 6e 4a a3 7c 19 19 ed 1f cc c0 49 04 67
+ INFO: 30 2e 30 2e 30 2b 30 01 64 52 54 5f 31 02 58 20
+ INFO: 52 13 15 d4 9d b2 cf 54 e4 99 37 44 40 68 f0 70
+ INFO: 7d 73 64 ae f7 08 14 b0 f7 82 ad c6 17 db a3 91
+ INFO: a4 05 58 20 bf e6 d8 6f 88 26 f4 ff 97 fb 96 c4
+ INFO: e6 fb c4 99 3e 46 19 fc 56 5d a2 6a df 34 c3 29
+ INFO: 48 9a dc 38 04 67 31 2e 35 2e 30 2b 30 01 64 52
+ INFO: 54 5f 32 02 58 20 8e 5d 64 7e 6f 6c c6 6f d4 4f
+ INFO: 54 b6 06 e5 47 9a cc 1b f3 7f ce 87 38 49 c5 92
+ INFO: d8 2f 85 2e 85 42 a4 05 58 20 bf e6 d8 6f 88 26
+ INFO: f4 ff 97 fb 96 c4 e6 fb c4 99 3e 46 19 fc 56 5d
+ INFO: a2 6a df 34 c3 29 48 9a dc 38 04 67 31 2e 35 2e
+ INFO: 30 2b 30 01 60 02 58 20 b8 01 65 a7 78 8b c6 59
+ INFO: 42 8d 33 10 85 d1 49 0a dc 9e c3 ee df 85 1b d2
+ INFO: f0 73 73 6a 0c 07 11 b8 a4 05 58 20 00 00 00 00
+ INFO: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ INFO: 00 00 00 00 00 00 00 00 00 00 00 00 04 60 01 6a
+ INFO: 46 57 5f 43 4f 4e 46 49 47 00 02 58 20 21 9e a0
+ INFO: 13 82 e6 d7 97 5a 11 13 a3 5f 45 39 68 b1 d9 a3
+ INFO: ea 6a ab 84 23 3b 8c 06 16 98 20 ba b9 a4 05 58
+ INFO: 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ INFO: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ INFO: 00 04 60 01 6d 54 42 5f 46 57 5f 43 4f 4e 46 49
+ INFO: 47 00 02 58 20 41 39 f6 c2 10 84 53 c5 17 ae 9a
+ INFO: e5 be c1 20 7b cc 24 24 f3 9d 20 a8 fb c7 b3 10
+ INFO: e3 ee af 1b 05 a4 05 58 20 00 00 00 00 00 00 00
+ INFO: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ INFO: 00 00 00 00 00 00 00 00 00 04 60 01 65 42 4c 5f
+ INFO: 32 00 02 58 20 5c 96 20 e1 e3 3b 0f 2c eb c1 8e
+ INFO: 1a 02 a6 65 86 dd 34 97 a7 4c 98 13 bf 74 14 45
+ INFO: 2d 30 28 05 c3 a4 05 58 20 00 00 00 00 00 00 00
+ INFO: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ INFO: 00 00 00 00 00 00 00 00 00 04 60 01 6e 53 45 43
+ INFO: 55 52 45 5f 52 54 5f 45 4c 33 00 02 58 20 f6 fb
+ INFO: 62 99 a5 0c df db 02 0b 72 5b 1c 0b 63 6e 94 ee
+ INFO: 66 50 56 3a 29 9c cb 38 f0 ec 59 99 d4 2e a4 05
+ INFO: 58 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ INFO: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ INFO: 00 00 04 60 01 6a 48 57 5f 43 4f 4e 46 49 47 00
+ INFO: 02 58 20 98 5d 87 21 84 06 33 9d c3 1f 91 f5 68
+ INFO: 8d a0 5a f0 d7 7e 20 51 ce 3b f2 a5 c3 05 2e 3c
+ INFO: 8b 52 31 19 01 09 78 1c 68 74 74 70 3a 2f 2f 61
+ INFO: 72 6d 2e 63 6f 6d 2f 43 43 41 2d 53 53 44 2f 31
+ INFO: 2e 30 2e 30 19 09 62 71 6e 6f 74 2d 68 61 73 68
+ INFO: 2d 65 78 74 65 6e 64 65 64 19 09 61 44 ef be ad
+ INFO: de 19 09 60 77 77 77 77 2e 74 72 75 73 74 65 64
+ INFO: 66 69 72 6d 77 61 72 65 2e 6f 72 67 58 60 29 4e
+ INFO: 4a d3 98 1e 3b 70 9f b6 66 ed 47 33 0e 99 f0 b1
+ INFO: c3 f2 bc b2 1d b0 ae 90 0c c4 82 ff a2 6f ae 45
+ INFO: f6 87 09 4a 09 21 77 ec 36 1c 53 b8 a7 9b 8e f7
+ INFO: 27 eb 7a 09 da 6f fb bf cb fd b3 e5 e9 36 91 b1
+ INFO: 92 13 c1 30 16 b4 5c 49 5e c0 c1 b9 01 5c 88 2c
+ INFO: f8 2f 3e a4 a2 6d e4 9d 31 6a 06 f7 a7 73
+ INFO: DELEGATED ATTEST TEST END
+
+JSON format:
+
+.. code-block:: JSON
+
+ {
+ "CCA_PLATFORM_CHALLENGE": "b'0000000000000000000000000000000000000000000000000000000000000000'",
+ "CCA_PLATFORM_INSTANCE_ID": "b'01CB8C79F7A00A6CCE1266F8644548420EC510BF84EE2218B98F1104C722319DFB'",
+ "CCA_PLATFORM_IMPLEMENTATION_ID": "b'AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDD'",
+ "CCA_PLATFORM_LIFECYCLE": "secured_3000",
+ "CCA_PLATFORM_SW_COMPONENTS": [
+ {
+ "SIGNER_ID": "b'BFE6D86F8826F4FF97FB96C4E6FBC4993E4619FC565DA26ADF34C329489ADC38'",
+ "SW_COMPONENT_VERSION": "1.6.0+0",
+ "SW_COMPONENT_TYPE": "RT_0",
+ "MEASUREMENT_VALUE": "b'9027F246AB31853646C4D7C660ED310D3CF014DEF06C240BDEB67A84FC3F5BB7'"
+ },
+ {
+ "SIGNER_ID": "b'B360CAF5C98C6B942A4882FA9D4823EFB166A9EF6A6E4AA37C1919ED1FCCC049'",
+ "SW_COMPONENT_VERSION": "0.0.0+0",
+ "SW_COMPONENT_TYPE": "RT_1",
+ "MEASUREMENT_VALUE": "b'521315D49DB2CF54E49937444068F0707D7364AEF70814B0F782ADC617DBA391'"
+ },
+ {
+ "SIGNER_ID": "b'BFE6D86F8826F4FF97FB96C4E6FBC4993E4619FC565DA26ADF34C329489ADC38'",
+ "SW_COMPONENT_VERSION": "1.5.0+0",
+ "SW_COMPONENT_TYPE": "RT_2",
+ "MEASUREMENT_VALUE": "b'8E5D647E6F6CC66FD44F54B606E5479ACC1BF37FCE873849C592D82F852E8542'"
+ },
+ {
+ "SIGNER_ID": "b'BFE6D86F8826F4FF97FB96C4E6FBC4993E4619FC565DA26ADF34C329489ADC38'",
+ "SW_COMPONENT_VERSION": "1.5.0+0",
+ "SW_COMPONENT_TYPE": "",
+ "MEASUREMENT_VALUE": "b'B80165A7788BC659428D331085D1490ADC9EC3EEDF851BD2F073736A0C0711B8'"
+ },
+ {
+ "SIGNER_ID": "b'0000000000000000000000000000000000000000000000000000000000000000'",
+ "SW_COMPONENT_VERSION": "",
+ "SW_COMPONENT_TYPE": "FW_CONFIG\u0000",
+ "MEASUREMENT_VALUE": "b'219EA01382E6D7975A1113A35F453968B1D9A3EA6AAB84233B8C06169820BAB9'"
+ },
+ {
+ "SIGNER_ID": "b'0000000000000000000000000000000000000000000000000000000000000000'",
+ "SW_COMPONENT_VERSION": "",
+ "SW_COMPONENT_TYPE": "TB_FW_CONFIG\u0000",
+ "MEASUREMENT_VALUE": "b'4139F6C2108453C517AE9AE5BEC1207BCC2424F39D20A8FBC7B310E3EEAF1B05'"
+ },
+ {
+ "SIGNER_ID": "b'0000000000000000000000000000000000000000000000000000000000000000'",
+ "SW_COMPONENT_VERSION": "",
+ "SW_COMPONENT_TYPE": "BL_2\u0000",
+ "MEASUREMENT_VALUE": "b'5C9620E1E33B0F2CEBC18E1A02A66586DD3497A74C9813BF7414452D302805C3'"
+ },
+ {
+ "SIGNER_ID": "b'0000000000000000000000000000000000000000000000000000000000000000'",
+ "SW_COMPONENT_VERSION": "",
+ "SW_COMPONENT_TYPE": "SECURE_RT_EL3\u0000",
+ "MEASUREMENT_VALUE": "b'F6FB6299A50CDFDB020B725B1C0B636E94EE6650563A299CCB38F0EC5999D42E'"
+ },
+ {
+ "SIGNER_ID": "b'0000000000000000000000000000000000000000000000000000000000000000'",
+ "SW_COMPONENT_VERSION": "",
+ "SW_COMPONENT_TYPE": "HW_CONFIG\u0000",
+ "MEASUREMENT_VALUE": "b'985D87218406339DC31F91F5688DA05AF0D77E2051CE3BF2A5C3052E3C8B5231'"
+ }
+ ],
+ "CCA_ATTESTATION_PROFILE": "http://arm.com/CCA-SSD/1.0.0",
+ "CCA_PLATFORM_HASH_ALGO_ID": "not-hash-extended",
+ "CCA_PLATFORM_CONFIG": "b'EFBEADDE'",
+ "CCA_PLATFORM_VERIFICATION_SERVICE": "www.trustedfirmware.org"
+ }
+
+References
+----------
+
+.. [1] https://tf-m-user-guide.trustedfirmware.org/platform/arm/rss/readme.html
+.. [2] https://tf-m-user-guide.trustedfirmware.org/platform/arm/rss/rss_comms.html
+.. [3] https://git.trustedfirmware.org/TF-M/tf-m-extras.git/tree/partitions/measured_boot/measured_boot_integration_guide.rst
+.. [4] https://git.trustedfirmware.org/TF-M/tf-m-extras.git/tree/partitions/delegated_attestation/delegated_attest_integration_guide.rst
+.. [5] https://tf-m-user-guide.trustedfirmware.org/platform/arm/rss/rss_key_management.html
+.. [6] https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Architect/DEN0063-PSA_Firmware_Framework-1.0.0-2.pdf?revision=2d1429fa-4b5b-461a-a60e-4ef3d8f7f4b4&hash=3BFD6F3E687F324672F18E5BE9F08EDC48087C93
+.. [7] https://developer.arm.com/documentation/DEN0096/A_a/?lang=en
+
+--------------
+
+*Copyright (c) 2023, Arm Limited. All rights reserved.*
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index d5ded5e..0dc8b71 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -52,8 +52,14 @@
- ``BL2U``: This is an optional build option which specifies the path to
BL2U image. In this case, the BL2U in TF-A will not be built.
-- ``BL2_AT_EL3``: This is an optional build option that enables the use of
- BL2 at EL3 execution level.
+- ``RESET_TO_BL2``: Boolean option to enable BL2 entrypoint as the CPU reset
+ vector instead of the BL1 entrypoint. It can take the value 0 (CPU reset to BL1
+ entrypoint) or 1 (CPU reset to BL2 entrypoint).
+ The default value is 0.
+
+- ``BL2_RUNS_AT_EL3``: This is an implicit flag to denote that BL2 runs at EL3.
+ While it is explicitly set to 1 when RESET_TO_BL2 is set to 1 it can also be
+ true in a 4-world system where RESET_TO_BL2 is 0.
- ``BL2_ENABLE_SP_LOAD``: Boolean option to enable loading SP packages from the
FIP. Automatically enabled if ``SP_LAYOUT_FILE`` is provided.
@@ -61,8 +67,8 @@
- ``BL2_IN_XIP_MEM``: In some use-cases BL2 will be stored in eXecute In Place
(XIP) memory, like BL1. In these use-cases, it is necessary to initialize
the RW sections in RAM, while leaving the RO sections in place. This option
- enable this use-case. For now, this option is only supported when BL2_AT_EL3
- is set to '1'.
+ enable this use-case. For now, this option is only supported
+ when RESET_TO_BL2 is set to '1'.
- ``BL31``: This is an optional build option which specifies the path to
BL31 image for the ``fip`` target. In this case, the BL31 in TF-A will not
@@ -377,8 +383,8 @@
- ``ENABLE_PIE``: Boolean option to enable Position Independent Executable(PIE)
support within generic code in TF-A. This option is currently only supported
- in BL2_AT_EL3, BL31, and BL32 (TSP) for AARCH64 binaries, and in BL32
- (SP_min) for AARCH32. Default is 0.
+ in BL2, BL31, and BL32 (TSP) for AARCH64 binaries, and
+ in BL32 (SP_min) for AARCH32. Default is 0.
- ``ENABLE_PMF``: Boolean option to enable support for optional Performance
Measurement Framework(PMF). Default is 0.
@@ -670,7 +676,7 @@
the measurements and recording them as per `PSA DRTM specification`_. For
platforms which use BL2 to load/authenticate BL31 ``TRUSTED_BOARD_BOOT`` can
be used and for the platforms which use ``RESET_TO_BL31`` platform owners
- should have mechanism to authenticate BL31.
+ should have mechanism to authenticate BL31. This is an experimental feature.
This option defaults to 0.
@@ -1199,7 +1205,7 @@
--------------
-*Copyright (c) 2019-2022, Arm Limited. All rights reserved.*
+*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
.. _DEN0115: https://developer.arm.com/docs/den0115/latest
.. _PSA FW update specification: https://developer.arm.com/documentation/den0118/a/
diff --git a/docs/getting_started/porting-guide.rst b/docs/getting_started/porting-guide.rst
index 80b72e5..6735cb1 100644
--- a/docs/getting_started/porting-guide.rst
+++ b/docs/getting_started/porting-guide.rst
@@ -14,10 +14,17 @@
The platform-specific functions and variables are declared in
``include/plat/common/platform.h``. The firmware provides a default
-implementation of variables and functions to fulfill the optional requirements.
-These implementations are all weakly defined; they are provided to ease the
-porting effort. Each platform port can override them with its own implementation
-if the default implementation is inadequate.
+implementation of variables and functions to fulfill the optional requirements
+in order to ease the porting effort. Each platform port can use them as is or
+provide their own implementation if the default implementation is inadequate.
+
+ .. note::
+
+ TF-A historically provided default implementations of platform interfaces
+ as *weak* functions. This practice is now discouraged and new platform
+ interfaces as they get introduced in the code base should be *strongly*
+ defined. We intend to convert existing weak functions over time. Until
+ then, you will find references to *weak* functions in this document.
Some modifications are common to all Boot Loader (BL) stages. Section 2
discusses these in detail. The subsequent sections discuss the remaining
@@ -66,22 +73,22 @@
If the build option ``USE_COHERENT_MEM`` is enabled, each platform can allocate a
block of identity mapped secure memory with Device-nGnRE attributes aligned to
page boundary (4K) for each BL stage. All sections which allocate coherent
-memory are grouped under ``coherent_ram``. For ex: Bakery locks are placed in a
-section identified by name ``bakery_lock`` inside ``coherent_ram`` so that its
+memory are grouped under ``.coherent_ram``. For ex: Bakery locks are placed in a
+section identified by name ``.bakery_lock`` inside ``.coherent_ram`` so that its
possible for the firmware to place variables in it using the following C code
directive:
::
- __section("bakery_lock")
+ __section(".bakery_lock")
Or alternatively the following assembler code directive:
::
- .section bakery_lock
+ .section .bakery_lock
-The ``coherent_ram`` section is a sum of all sections like ``bakery_lock`` which are
+The ``.coherent_ram`` section is a sum of all sections like ``.bakery_lock`` which are
used to allocate any data structures that are accessed both when a CPU is
executing with its MMU and caches enabled, and when it's running with its MMU
and caches disabled. Examples are given below.
@@ -2411,7 +2418,7 @@
accommodate all the bakery locks.
If this constant is not defined when ``USE_COHERENT_MEM = 0``, the linker
-calculates the size of the ``bakery_lock`` input section, aligns it to the
+calculates the size of the ``.bakery_lock`` input section, aligns it to the
nearest ``CACHE_WRITEBACK_GRANULE``, multiplies it with ``PLATFORM_CORE_COUNT``
and stores the result in a linker symbol. This constant prevents a platform
from relying on the linker and provide a more efficient mechanism for
@@ -3204,9 +3211,20 @@
Common helper functions
-----------------------
+Function : elx_panic()
+~~~~~~~~~~~~~~~~~~~~~~
+
+::
-Function : do_panic()
-~~~~~~~~~~~~~~~~~~~~~
+ Argument : void
+ Return : void
+
+This API is called from assembly files when reporting a critical failure
+that has occured in lower EL and is been trapped in EL3. This call
+**must not** return.
+
+Function : el3_panic()
+~~~~~~~~~~~~~~~~~~~~~~
::
@@ -3214,9 +3232,8 @@
Return : void
This API is called from assembly files when encountering a critical failure that
-cannot be recovered from. It also invokes elx_panic() which allows to report a
-crash from lower exception level. This function assumes that it is invoked from
-a C runtime environment i.e. valid stack exists. This call **must not** return.
+cannot be recovered from. This function assumes that it is invoked from a C
+runtime environment i.e. valid stack exists. This call **must not** return.
Function : panic()
~~~~~~~~~~~~~~~~~~
@@ -3228,7 +3245,7 @@
This API called from C files when encountering a critical failure that cannot
be recovered from. This function in turn prints backtrace (if enabled) and calls
-do_panic(). This call **must not** return.
+el3_panic(). This call **must not** return.
Crash Reporting mechanism (in BL31)
-----------------------------------
@@ -3540,7 +3557,7 @@
--------------
-*Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.*
.. _PSCI: http://infocenter.arm.com/help/topic/com.arm.doc.den0022c/DEN0022C_Power_State_Coordination_Interface.pdf
.. _Arm Generic Interrupt Controller version 2.0 (GICv2): http://infocenter.arm.com/help/topic/com.arm.doc.ihi0048b/index.html
diff --git a/docs/getting_started/prerequisites.rst b/docs/getting_started/prerequisites.rst
index 3723294..5b49d2e 100644
--- a/docs/getting_started/prerequisites.rst
+++ b/docs/getting_started/prerequisites.rst
@@ -31,12 +31,18 @@
You will need the targets ``arm-none-eabi`` and ``aarch64-none-elf`` for
AArch32 and AArch64 builds respectively.
-- Clang >= 14.0.0
-- Arm Compiler >= 6.18
+- Clang == 14.0.0
+- Arm Compiler == 6.18
In addition, a native compiler is required to build the supporting tools.
.. note::
+ Versions greater than the ones specified are likely but not guaranteed to
+ work. This is predominantly because TF-A carries its own copy of compiler-rt,
+ which may be older than the version expected by the compiler. Fixes and bug
+ reports are always welcome.
+
+.. note::
The software has also been built on Windows 7 Enterprise SP1, using CMD.EXE,
Cygwin, and Msys (MinGW) shells, using version 5.3.1 of the GNU toolchain.
diff --git a/docs/perf/psci-performance-juno.rst b/docs/perf/psci-performance-juno.rst
index eab3e4d..7418669 100644
--- a/docs/perf/psci-performance-juno.rst
+++ b/docs/perf/psci-performance-juno.rst
@@ -286,7 +286,7 @@
--------------
-*Copyright (c) 2019-2020, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2019-2023, Arm Limited and Contributors. All rights reserved.*
-.. _Juno R1 platform: https://static.docs.arm.com/100122/0100/arm_versatile_express_juno_r1_development_platform_(v2m_juno_r1)_technical_reference_manual_100122_0100_05_en.pdf
+.. _Juno R1 platform: https://developer.arm.com/documentation/100122/latest/
.. _TF master as of 31/01/2017: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/?id=c38b36d
diff --git a/docs/plat/arm/corstone1000/index.rst b/docs/plat/arm/corstone1000/index.rst
index b889b7f..dc626e1 100644
--- a/docs/plat/arm/corstone1000/index.rst
+++ b/docs/plat/arm/corstone1000/index.rst
@@ -47,7 +47,7 @@
ARCH=aarch64 \
TARGET_PLATFORM=<fpga or fvp> \
ENABLE_PIE=1 \
- BL2_AT_EL3=1 \
+ RESET_TO_BL2=1 \
CREATE_KEYS=1 \
GENERATE_COT=1 \
TRUSTED_BOARD_BOOT=1 \
@@ -58,4 +58,4 @@
BL33=<path to u-boot binary> \
bl2
-*Copyright (c) 2021, Arm Limited. All rights reserved.*
+*Copyright (c) 2021-2023, Arm Limited. All rights reserved.*
diff --git a/docs/plat/arm/juno/index.rst b/docs/plat/arm/juno/index.rst
index 91e681f..d741d58 100644
--- a/docs/plat/arm/juno/index.rst
+++ b/docs/plat/arm/juno/index.rst
@@ -241,7 +241,7 @@
--------------
-*Copyright (c) 2019-2022, Arm Limited. All rights reserved.*
+*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
.. _Linaro release software stack: http://releases.linaro.org/members/arm/platforms/
.. _Juno platform software user guide: https://git.linaro.org/landing-teams/working/arm/arm-reference-platforms.git/about/docs/juno/user-guide.rst
@@ -250,4 +250,3 @@
.. _Arm Platforms Portal: https://community.arm.com/dev-platforms/
.. _Juno Getting Started Guide: https://developer.arm.com/documentation/den0928/f/?lang=en
.. _PSCI: http://infocenter.arm.com/help/topic/com.arm.doc.den0022d/Power_State_Coordination_Interface_PDD_v1_1_DEN0022D.pdf
-.. _Juno Arm Development Platform: http://www.arm.com/products/tools/development-boards/versatile-express/juno-arm-development-platform.php
diff --git a/docs/plat/qemu.rst b/docs/plat/qemu.rst
index 6986326..f2a39e9 100644
--- a/docs/plat/qemu.rst
+++ b/docs/plat/qemu.rst
@@ -44,7 +44,7 @@
Then, you will get ``Build/ArmVirtQemuKernel-AARCH64/DEBUG_GCC5/FV/QEMU_EFI.fd``
Please note you do not need to use GCC 5 in spite of the environment variable
-``GCC5_AARCH64_PREFIX``
+``GCC5_AARCH64_PREFIX``.
The rootfs can be built by using Buildroot as follows:
@@ -88,54 +88,73 @@
-initrd rootfs.cpio.gz -smp 2 -m 1024 -bios bl1.bin \
-d unimp -semihosting-config enable,target=native
-Booting via flash based firmwares
----------------------------------
+Booting via flash based firmware
+--------------------------------
-Boot firmwares are loaded via secure FLASH0 device so ``bl1.bin`` and
-``fip.bin`` should be concatenated to create a ``flash.bin`` that is flashed
-onto secure FLASH0.
+An alternate approach to deploy a full system stack on QEMU is to load the
+firmware via a secure flash device. This involves concatenating ``bl1.bin`` and
+``fip.bin`` to create a boot ROM that is flashed onto secure FLASH0 with the
+``-bios`` option.
-- ``bl32.bin`` -> BL32 (``tee-header_v2.bin``)
-- ``bl32_extra1.bin`` -> BL32 Extra1 (``tee-pager_v2.bin``)
-- ``bl32_extra2.bin`` -> BL32 Extra2 (``tee-pageable_v2.bin``)
-- ``bl33.bin`` -> BL33 (``QEMU_EFI.fd``)
+For example, to test the following firmware stack:
+
+
+- BL32 - ``bl32.bin`` -> ``tee-header_v2.bin``
+- BL32 Extra1 - ``bl32_extra1.bin`` -> ``tee-pager_v2.bin``
+- BL32 Extra2 - ``bl32_extra2.bin`` -> ``tee-pageable_v2.bin``
+- BL33 - ``bl33.bin`` -> ``QEMU_EFI.fd`` (EDK II)
- ``Image`` -> linux/arch/arm64/boot/Image
-To build:
-.. code:: shell
+1. Compile TF-A
- make CROSS_COMPILE=aarch64-linux-gnu- PLAT=qemu BL32=bl32.bin \
- BL32_EXTRA1=bl32_extra1.bin BL32_EXTRA2=bl32_extra2.bin \
- BL33=bl33.bin BL32_RAM_LOCATION=tdram SPD=opteed all fip
+ .. code:: shell
-To build with TBBR enabled, BL31 and BL32 encrypted with test key:
+ make CROSS_COMPILE=aarch64-linux-gnu- PLAT=qemu BL32=bl32.bin \
+ BL32_EXTRA1=bl32_extra1.bin BL32_EXTRA2=bl32_extra2.bin \
+ BL33=bl33.bin BL32_RAM_LOCATION=tdram SPD=opteed all fip
-.. code:: shell
+ Or, alternatively, to build with TBBR enabled, as well as, BL31 and BL32 encrypted with
+ test key:
- make CROSS_COMPILE=aarch64-linux-gnu- PLAT=qemu BL32=bl32.bin \
- BL32_EXTRA1=bl32_extra1.bin BL32_EXTRA2=bl32_extra2.bin \
- BL33=bl33.bin BL32_RAM_LOCATION=tdram SPD=opteed all fip \
- MBEDTLS_DIR=<path-to-mbedtls-repo> TRUSTED_BOARD_BOOT=1 \
- GENERATE_COT=1 DECRYPTION_SUPPORT=aes_gcm FW_ENC_STATUS=0 \
- ENCRYPT_BL31=1 ENCRYPT_BL32=1
+ .. code:: shell
-To build flash.bin:
+ make CROSS_COMPILE=aarch64-linux-gnu- PLAT=qemu BL32=bl32.bin \
+ BL32_EXTRA1=bl32_extra1.bin BL32_EXTRA2=bl32_extra2.bin \
+ BL33=bl33.bin BL32_RAM_LOCATION=tdram SPD=opteed all fip \
+ MBEDTLS_DIR=<path-to-mbedtls-repo> TRUSTED_BOARD_BOOT=1 \
+ GENERATE_COT=1 DECRYPTION_SUPPORT=aes_gcm FW_ENC_STATUS=0 \
+ ENCRYPT_BL31=1 ENCRYPT_BL32=1
-.. code:: shell
+2. Concatenate ``bl1.bin`` and ``fip.bin`` to create the boot ROM
- dd if=build/qemu/release/bl1.bin of=flash.bin bs=4096 conv=notrunc
- dd if=build/qemu/release/fip.bin of=flash.bin seek=64 bs=4096 conv=notrunc
+ .. code:: shell
-To start (QEMU v5.0.0):
+ dd if=build/qemu/release/bl1.bin of=flash.bin bs=4096 conv=notrunc
+ dd if=build/qemu/release/fip.bin of=flash.bin seek=64 bs=4096 conv=notrunc
-.. code:: shell
+3. Launch QEMU
- qemu-system-aarch64 -nographic -machine virt,secure=on -cpu cortex-a57 \
- -kernel Image -no-acpi \
- -append 'console=ttyAMA0,38400 keep_bootcon' \
- -initrd rootfs.cpio.gz -smp 2 -m 1024 -bios flash.bin \
- -d unimp
+ .. code:: shell
+
+ qemu-system-aarch64 -nographic -machine virt,secure=on
+ -cpu cortex-a57 -kernel Image \
+ -append 'console=ttyAMA0,38400 keep_bootcon' \
+ -initrd rootfs.cpio.gz -smp 2 -m 1024 -bios flash.bin \
+ -d unimp
+
+The ``-bios`` option abstracts the loading of raw bare metal binaries into flash
+or ROM memory. QEMU loads the binary into the region corresponding to
+the hardware's entrypoint, from which the binary is executed upon a platform
+"reset". In addition to this, it places the information about the kernel
+provided with option ``-kernel``, and the RamDisk provided with ``-initrd``,
+into the firmware configuration ``fw_cfg``. In this setup, EDK II is responsible
+for extracting and launching these from ``fw_cfg``.
+
+.. note::
+ QEMU may be launched with or without ACPI (``-acpi``/``-no-acpi``). In
+ either case, ensure that the kernel build options are aligned with the
+ parameters passed to QEMU.
Running QEMU in OpenCI
-----------------------
diff --git a/docs/plat/stm32mp1.rst b/docs/plat/stm32mp1.rst
index 23ea25a..a983606 100644
--- a/docs/plat/stm32mp1.rst
+++ b/docs/plat/stm32mp1.rst
@@ -107,11 +107,11 @@
Boot sequence
~~~~~~~~~~~~~
-ROM code -> BL2 (compiled with BL2_AT_EL3) -> BL32 (SP_min) -> BL33 (U-Boot)
+ROM code -> BL2(compiled with RESET_TO_BL2) -> BL32(SP_min)-> BL33(U-Boot)
or if Op-TEE is used:
-ROM code -> BL2 (compiled with BL2_AT_EL3) -> OP-TEE -> BL33 (U-Boot)
+ROM code -> BL2 (compiled with RESET_TO_BL2) -> OP-TEE -> BL33 (U-Boot)
Build Instructions
diff --git a/docs/plat/xilinx-versal-net.rst b/docs/plat/xilinx-versal-net.rst
index 5d2e663..5d04639 100644
--- a/docs/plat/xilinx-versal-net.rst
+++ b/docs/plat/xilinx-versal-net.rst
@@ -14,6 +14,11 @@
make RESET_TO_BL31=1 CROSS_COMPILE=aarch64-none-elf- PLAT=versal_net bl31
```
+To build TF-A for JTAG DCC console:
+```bash
+make RESET_TO_BL31=1 CROSS_COMPILE=aarch64-none-elf- PLAT=versal_net VERSAL_NET_CONSOLE=dcc bl31
+```
+
Xilinx Versal NET platform specific build options
-------------------------------------------------
@@ -23,8 +28,9 @@
* `VERSAL_NET_BL32_MEM_SIZE`: Specifies the size of the memory region of the bl32 binary.
* `VERSAL_NET_CONSOLE`: Select the console driver. Options:
- - `pl011`, `pl011_0`: ARM pl011 UART 0
+ - `pl011`, `pl011_0`: ARM pl011 UART 0 (default)
- `pl011_1` : ARM pl011 UART 1
+ - `dcc` : JTAG Debug Communication Channel(DCC)
* `TFA_NO_PM` : Platform Management support.
- 0 : Enable Platform Management (Default)
diff --git a/docs/plat/xilinx-zynqmp.rst b/docs/plat/xilinx-zynqmp.rst
index af1cb22..81f4fbe 100644
--- a/docs/plat/xilinx-zynqmp.rst
+++ b/docs/plat/xilinx-zynqmp.rst
@@ -31,6 +31,7 @@
ZynqMP platform specific build options
--------------------------------------
+- ``XILINX_OF_BOARD_DTB_ADDR`` : Specifies the base address of Device tree.
- ``ZYNQMP_ATF_MEM_BASE``: Specifies the base address of the bl31 binary.
- ``ZYNQMP_ATF_MEM_SIZE``: Specifies the size of the memory region of the bl31 binary.
- ``ZYNQMP_BL32_MEM_BASE``: Specifies the base address of the bl32 binary.
@@ -41,6 +42,53 @@
- ``cadence``, ``cadence0``: Cadence UART 0
- ``cadence1`` : Cadence UART 1
+ZynqMP Debug behavior
+---------------------
+
+With DEBUG=1, TF-A for ZynqMP uses DDR memory range instead of OCM memory range
+due to size constraints.
+For DEBUG=1 configuration for ZynqMP the BL31_BASE is set to the DDR location
+of 0x1000 and BL31_LIMIT is set to DDR location of 0x7FFFF. By default the
+above memory range will NOT be reserved in device tree.
+
+To reserve the above memory range in device tree, the device tree base address
+must be provided during build as,
+
+make CROSS_COMPILE=aarch64-none-elf- PLAT=zynqmp RESET_TO_BL31=1 DEBUG=1 \
+ XILINX_OF_BOARD_DTB_ADDR=<DTB address> bl31
+
+The default DTB base address for ZynqMP platform is 0x100000. This default value
+is not set in the code and to use this default address, user still needs to
+provide it through the build command as above.
+
+If the user wants to move the bl31 to a different DDR location, user can provide
+the DDR address location using the build time parameters ZYNQMP_ATF_MEM_BASE and
+ZYNQMP_ATF_MEM_SIZE.
+
+The DDR address must be reserved in the DTB by the user, either by manually
+adding the reserved memory node, in the device tree, with the required address
+range OR let TF-A modify the device tree on the run.
+
+To let TF-A access and modify the device tree, the DTB address must be provided
+to the build command as follows,
+
+make CROSS_COMPILE=aarch64-none-elf- PLAT=zynqmp RESET_TO_BL31=1 DEBUG=1 \
+ ZYNQMP_ATF_MEM_BASE=<DDR address> ZYNQMP_ATF_MEM_SIZE=<size> \
+ XILINX_OF_BOARD_DTB_ADDR=<DTB address> bl31
+
+DDR Address Range Usage
+-----------------------
+
+When FSBL runs on RPU and TF-A is to be placed in DDR address range,
+then the user needs to make sure that the DDR address is beyond 256KB.
+In the RPU view, the first 256 KB is TCM memory.
+
+For this use case, with the minimum base address in DDR for TF-A,
+the build command example is;
+
+make CROSS_COMPILE=aarch64-none-elf- PLAT=zynqmp RESET_TO_BL31=1 DEBUG=1 \
+ ZYNQMP_ATF_MEM_BASE=0x40000 ZYNQMP_ATF_MEM_SIZE=<size>
+
FSBL->TF-A Parameter Passing
----------------------------
@@ -71,3 +119,40 @@
The 4 leaf power domains represent the individual A53 cores, while resources
common to the cluster are grouped in the power domain on the top.
+
+CUSTOM SIP service support
+--------------------------
+
+- Dedicated SMC FID ZYNQMP_SIP_SVC_CUSTOM(0x82002000)(32-bit)/
+ (0xC2002000)(64-bit) to be used by a custom package for
+ providing CUSTOM SIP service.
+
+- by default platform provides bare minimum definition for
+ custom_smc_handler in this service.
+
+- to use this service, custom package should implement their
+ smc handler with the name custom_smc_handler. once custom package is
+ included in TF-A build, their definition of custom_smc_handler is
+ enabled.
+
+Custom package makefile fragment inclusion in TF-A build
+--------------------------------------------------------
+
+- custom package is not directly part of TF-A source.
+
+- <CUSTOM_PKG_PATH> is the location at which user clones a
+ custom package locally.
+
+- custom package needs to implement makefile fragment named
+ custom_pkg.mk so as to get included in TF-A build.
+
+- custom_pkg.mk specify all the rules to include custom package
+ specific header files, dependent libs, source files that are
+ supposed to be included in TF-A build.
+
+- when <CUSTOM_PKG_PATH> is specified in TF-A build command,
+ custom_pkg.mk is included from <CUSTOM_PKG_PATH> in TF-A build.
+
+- TF-A build command:
+ make CROSS_COMPILE=aarch64-none-elf- PLAT=zynqmp RESET_TO_BL31=1
+ bl31 CUSTOM_PKG_PATH=<...>
diff --git a/docs/process/coding-guidelines.rst b/docs/process/coding-guidelines.rst
index 26c272d..13fb7cb 100644
--- a/docs/process/coding-guidelines.rst
+++ b/docs/process/coding-guidelines.rst
@@ -461,9 +461,56 @@
- Low-level code where specific system-level instructions must be used, such
as cache maintenance operations.
+Do not use weak functions
+-------------------------
+
+.. note::
+
+ The following guideline applies more strongly to common, platform-independent
+ code. For plaform code (under ``plat/`` directory), it is up to each platform
+ maintainer to decide whether this should be striclty enforced or not.
+
+The use of weak functions is highly discouraged in the TF-A codebase. Newly
+introduced platform interfaces should be strongly defined, wherever possible. In
+the rare cases where this is not possible or where weak functions appear as the
+best tool to solve the problem at hand, this should be discussed with the
+project's maintainers and justified in the code.
+
+For the purpose of providing a default implementation of a platform interface,
+an alternative to weak functions is to provide a strongly-defined implementation
+under the ``plat/common/`` directory. Then platforms have two options to pull
+in this implementation:
+
+ - They can include the source file through the platform's makefile. Note that
+ this method is suitable only if the platform wants *all* default
+ implementations defined in this file, else either the file should be
+ refactored or the next approach should be used.
+
+ - They access the platform interface through a **constant** function pointer.
+
+In both cases, what matters is that platforms include the default implementation
+as a conscious decision.
+
+.. rubric:: Rationale
+
+Weak functions may sound useful to simplify the initial porting effort to a
+new platform, such that one can quickly get the firmware to build and link,
+without implementing all platform interfaces from the beginning. For this
+reason, the TF-A project used to make heavy use of weak functions and there
+are still many outstanding usages of them across the code base today. We
+intend to convert them to strongly-defined functions over time.
+
+However, weak functions also have major drawbacks, which we consider
+outweighing their benefits. They can make it hard to identify which
+implementation gets built into the firmware, especially when using multiple
+levels of "weakness". This has resulted in bugs in the past.
+
+Weak functions are also forbidden by MISRA coding guidelines, which TF-A aims to
+comply with.
+
--------------
-*Copyright (c) 2020, 2022, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2020 - 2023, Arm Limited and Contributors. All rights reserved.*
.. _`Linux master tree`: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/
.. _`Procedure Call Standard for the Arm Architecture`: https://github.com/ARM-software/abi-aa/blob/main/aapcs32/aapcs32.rst
diff --git a/docs/process/coding-style.rst b/docs/process/coding-style.rst
index be13b14..483780b 100644
--- a/docs/process/coding-style.rst
+++ b/docs/process/coding-style.rst
@@ -386,6 +386,27 @@
#include "a_header.h"
+The preferred approach for third-party headers is to include them immediately
+following system header files like in the example below, where the
+``version.h`` header from the Mbed TLS library immediately follows the
+``stddef.h`` system header.
+
+.. code:: c
+
+ /* system header files */
+ #include <stddef.h>
+
+ /* Mbed TLS header files */
+ #include <mbedtls/version.h>
+
+ /* project header files */
+ #include <drivers/auth/auth_mod.h>
+ #include <drivers/auth/tbbr_cot_common.h>
+
+ /* platform header files */
+ #include <platform_def.h>
+
+
Include statement variants
^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -463,7 +484,7 @@
--------------
-*Copyright (c) 2020, Arm Limited. All rights reserved.*
+*Copyright (c) 2020-2023, Arm Limited. All rights reserved.*
.. _`Linux kernel coding style`: https://www.kernel.org/doc/html/latest/process/coding-style.html
.. _`MISRA C:2012 Guidelines`: https://www.misra.org.uk/Activities/MISRAC/tabid/160/Default.aspx
diff --git a/docs/process/security.rst b/docs/process/security.rst
index f1e7a9d..c6429ad 100644
--- a/docs/process/security.rst
+++ b/docs/process/security.rst
@@ -67,6 +67,12 @@
| |TFV-8| | Not saving x0 to x3 registers can leak information from one |
| | Normal World SMC client to another |
+-----------+------------------------------------------------------------------+
+| |TFV-9| | Trusted Firmware-A exposure to speculative processor |
+| | vulnerabilities with branch prediction target reuse |
++-----------+------------------------------------------------------------------+
+| |TFV-10| | Incorrect validation of X.509 certificate extensions can result |
+| | in an out-of-bounds read |
++-----------+------------------------------------------------------------------+
.. _issue tracker: https://developer.trustedfirmware.org/project/board/1/
.. _mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/
@@ -79,6 +85,8 @@
.. |TFV-6| replace:: :ref:`Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)`
.. |TFV-7| replace:: :ref:`Advisory TFV-7 (CVE-2018-3639)`
.. |TFV-8| replace:: :ref:`Advisory TFV-8 (CVE-2018-19440)`
+.. |TFV-9| replace:: :ref:`Advisory TFV-9 (CVE-2022-23960)`
+.. |TFV-10| replace:: :ref:`Advisory TFV-10 (CVE-2022-47630)`
.. _TrustedFirmware.org security incident process: https://developer.trustedfirmware.org/w/collaboration/security_center/
diff --git a/docs/requirements.in b/docs/requirements.in
index 5d771e5..ae20b7d 100644
--- a/docs/requirements.in
+++ b/docs/requirements.in
@@ -1,5 +1,5 @@
-myst-parser==0.15.2
+myst-parser==0.18.1
pip-tools==6.4.0
-sphinx==4.2.0
-sphinx-rtd-theme==1.0.0
-sphinxcontrib-plantuml==0.22
+sphinx==5.3.0
+sphinx-rtd-theme==1.1.1
+sphinxcontrib-plantuml==0.24.1
diff --git a/docs/requirements.txt b/docs/requirements.txt
index 03b1189..1ed78d0 100644
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -1,71 +1,71 @@
#
-# This file is autogenerated by pip-compile with python 3.8
-# To update, run:
+# This file is autogenerated by pip-compile with Python 3.8
+# by the following command:
#
-# pip-compile
+# pip-compile docs/requirements.in
#
alabaster==0.7.12
# via sphinx
-attrs==21.2.0
- # via markdown-it-py
-babel==2.9.1
+babel==2.11.0
# via sphinx
-certifi==2021.5.30
+certifi==2022.12.7
# via requests
-charset-normalizer==2.0.4
+charset-normalizer==2.1.1
# via requests
-click==8.0.1
+click==8.1.3
# via pip-tools
-docutils==0.16
+docutils==0.17.1
# via
# myst-parser
# sphinx
# sphinx-rtd-theme
-idna==3.2
+idna==3.4
# via requests
-imagesize==1.2.0
+imagesize==1.4.1
+ # via sphinx
+importlib-metadata==6.0.0
# via sphinx
-jinja2==3.0.1
+jinja2==3.1.2
# via
# myst-parser
# sphinx
-markdown-it-py==1.1.0
+markdown-it-py==2.1.0
# via
# mdit-py-plugins
# myst-parser
-markupsafe==2.0.1
+markupsafe==2.1.1
# via jinja2
-mdit-py-plugins==0.2.8
+mdit-py-plugins==0.3.3
# via myst-parser
-myst-parser==0.15.2
- # via -r requirements.in
-packaging==21.0
+mdurl==0.1.2
+ # via markdown-it-py
+myst-parser==0.18.1
+ # via -r docs/requirements.in
+packaging==23.0
# via sphinx
-pep517==0.11.0
+pep517==0.13.0
# via pip-tools
pip-tools==6.4.0
- # via -r requirements.in
-pygments==2.10.0
+ # via -r docs/requirements.in
+pygments==2.14.0
# via sphinx
-pyparsing==2.4.7
- # via packaging
-pytz==2021.1
+pytz==2022.7
# via babel
pyyaml==6.0
# via myst-parser
-requests==2.26.0
+requests==2.28.1
# via sphinx
-snowballstemmer==2.1.0
+snowballstemmer==2.2.0
# via sphinx
-sphinx==4.2.0
+sphinx==5.3.0
# via
- # -r requirements.in
+ # -r docs/requirements.in
# myst-parser
# sphinx-rtd-theme
# sphinxcontrib-plantuml
-sphinx-rtd-theme==1.0.0
- # via -r requirements.in
-sphinxcontrib-applehelp==1.0.2
+sphinx-rtd-theme==1.1.1
+ # via -r docs/requirements.in
+sphinxcontrib-applehelp==1.0.3
# via sphinx
sphinxcontrib-devhelp==1.0.2
# via sphinx
@@ -73,18 +73,22 @@
# via sphinx
sphinxcontrib-jsmath==1.0.1
# via sphinx
-sphinxcontrib-plantuml==0.22
- # via -r requirements.in
+sphinxcontrib-plantuml==0.24.1
+ # via -r docs/requirements.in
sphinxcontrib-qthelp==1.0.3
# via sphinx
sphinxcontrib-serializinghtml==1.1.5
# via sphinx
-tomli==1.2.1
+tomli==2.0.1
# via pep517
-urllib3==1.26.6
+typing-extensions==4.4.0
+ # via myst-parser
+urllib3==1.26.13
# via requests
-wheel==0.37.0
+wheel==0.38.4
# via pip-tools
+zipp==3.11.0
+ # via importlib-metadata
# The following packages are considered to be unsafe in a requirements file:
# pip
diff --git a/docs/resources/diagrams/plantuml/rss_attestation_flow.puml b/docs/resources/diagrams/plantuml/rss_attestation_flow.puml
new file mode 100644
index 0000000..aca5c01
--- /dev/null
+++ b/docs/resources/diagrams/plantuml/rss_attestation_flow.puml
@@ -0,0 +1,39 @@
+@startuml
+skinparam ParticipantPadding 10
+skinparam BoxPadding 10
+box AP
+participant RMM
+participant BL31
+endbox
+box RSS
+participant DelegAttest
+participant InitAttest
+participant MeasuredBoot
+participant Crypto
+endbox
+
+== RMM Boot phase ==
+
+RMM -> BL31: get_realm_key(\n\t**hash_algo**, ...)
+BL31 -> DelegAttest: get_delegated_key
+DelegAttest -> MeasuredBoot: read_measurement
+Rnote over DelegAttest: Compute input\n\ for key derivation\n\ (hash of measurements)
+DelegAttest -> Crypto: derive_key
+Rnote over DelegAttest: Compute public key\n\ hash with **hash_algo**.
+Rnote over Crypto: Seed is provisioned\n\ in the factory.
+DelegAttest --> BL31: get_delegated_key
+BL31 --> RMM: get_realm_key
+Rnote over RMM: Only private key\n\ is returned. Public\n\ key and its hash\n\ must be computed.\n\
+Public key is included\n\ in the realm token.\n\ Its hash is the input\n\ for get_platform_token
+RMM -> BL31: get_platform_token(\n\t**pub_key_hash**, ...)
+BL31 -> DelegAttest: get_delegated_token
+Rnote over DelegAttest: Check **pub_key_hash**\n\ against derived key.
+DelegAttest -> InitAttest: get_initial_token
+Rnote over InitAttest: Create the token including\n\ the **pub_key_hash** as the\n\ challenge claim
+InitAttest -> MeasuredBoot: read_measurement
+InitAttest -> Crypto: sign_token
+InitAttest --> DelegAttest: get_initial_token
+DelegAttest --> BL31: get_delegated_token
+BL31 --> RMM: get_platform_token
+Rnote over RMM: Platform token is\n\ cached. It is not\n\ changing within\n\ a power cycle.
+@enduml
diff --git a/docs/resources/diagrams/plantuml/rss_measured_boot_flow.puml b/docs/resources/diagrams/plantuml/rss_measured_boot_flow.puml
new file mode 100644
index 0000000..1aeb1a9
--- /dev/null
+++ b/docs/resources/diagrams/plantuml/rss_measured_boot_flow.puml
@@ -0,0 +1,79 @@
+@startuml
+skinparam ParticipantPadding 10
+skinparam BoxPadding 10
+box RSS
+participant RSS_BL1_1
+participant RSS_BL1_2
+participant RSS_BL2
+participant RSS_S
+endbox
+box SCP
+participant SCP_BL1
+endbox
+box AP
+participant AP_BL1
+participant AP_BL2
+participant AP_BL31
+endbox
+
+== RSS Boot phase ==
+-> RSS_BL1_1: Reset
+Rnote over RSS_BL1_1: ROM code, XIP
+Rnote over RSS_BL1_2: OTP code, XIP
+Rnote over RSS_BL2, AP_BL31: Stored in flash, loaded and executed in RAM
+activate RSS_BL1_1 #Green
+RSS_BL1_1 -->> RSS_BL1_2: Validate, measure
+Rnote over RSS_BL1_1: BL1_2 measurement\n\ saved to a shared buffer
+RSS_BL1_1 -> RSS_BL1_2: Pass execution
+deactivate RSS_BL1_1
+activate RSS_BL1_2 #Green
+RSS_BL1_2 -->> RSS_BL2: Validate, measure, load
+Rnote over RSS_BL1_2: RSS_BL2 measurement\n\ saved to a shared buffer
+RSS_BL1_2 -> RSS_BL2: Pass execution
+deactivate RSS_BL1_2
+activate RSS_BL2 #Green
+RSS_BL2 -->> RSS_S: Validate, measure, load
+RSS_BL2 -->> SCP_BL1: Validate, measure, load
+Rnote over RSS_BL2: RSS_S and SCP_BL1\n\ measurements saved\n\ to a shared buffer
+RSS_BL2 -> SCP_BL1: Release from reset
+activate SCP_BL1 #Green
+Rnote over RSS_BL2, SCP_BL1: MHU init between RSS and SCP
+Rnote over SCP_BL1: Configure memory
+Rnote over RSS_BL2: Waits for SCP
+SCP_BL1 --> RSS_BL2: Done
+RSS_BL2 -->> AP_BL1: Validate, measure, load
+Rnote over RSS_BL2: AP_BL1 measurement\n\ saved to a shared buffer
+RSS_BL2 -> AP_BL1: Release from reset
+activate AP_BL1 #Green
+RSS_BL2 -> RSS_S: Pass execution
+deactivate RSS_BL2
+activate RSS_S #Green
+Rnote over RSS_S: Measurements read from\n\ shared buffer and saved by\n\
+Measured Boot service to\n\ measurement slots.
+
+== RSS Runtime / AP Boot phase ==
+Rnote over RSS_S, AP_BL1: MHU init between RSS and AP
+Rnote over AP_BL1: Measure and load:\n\ FW_CONFIG\n\ TB_FW_CONFIG
+AP_BL1 -> RSS_S: Extend measurement
+Rnote over RSS_S: Measured Boot:\n\ store measurement
+AP_BL1 -->> AP_BL2: Validate, measure,load
+AP_BL1 -> RSS_S: Extend measurement
+Rnote over RSS_S: Measured Boot:\n\ store measurement
+AP_BL1 -> AP_BL2: Pass execution
+deactivate AP_BL1
+activate AP_BL2 #Green
+Rnote over AP_BL2: Measure and load:\n\ HW_CONFIG
+AP_BL2 -> RSS_S: Extend measurement
+Rnote over RSS_S: Measured Boot:\n\ store measurement
+AP_BL2 -->> AP_BL31: Validate, measure,load
+Rnote over AP_BL2: Measure and load:\n\ BL31
+AP_BL2 -> RSS_S: Extend measurement
+Rnote over RSS_S: Measured Boot:\n\ store measurement
+Rnote over AP_BL2: Measure and load:\n\ RMM
+AP_BL2 -> RSS_S: Extend measurement
+Rnote over RSS_S: Measured Boot:\n\ store measurement
+AP_BL2 -> AP_BL31: Pass execution
+deactivate AP_BL2
+activate AP_BL31 #Green
+== RSS / AP Runtime ==
+@enduml
diff --git a/docs/resources/diagrams/rmm_el3_manifest_struct.dia b/docs/resources/diagrams/rmm_el3_manifest_struct.dia
deleted file mode 100644
index 7b7a9c2..0000000
--- a/docs/resources/diagrams/rmm_el3_manifest_struct.dia
+++ /dev/null
Binary files differ
diff --git a/docs/resources/diagrams/rmm_el3_manifest_struct.png b/docs/resources/diagrams/rmm_el3_manifest_struct.png
deleted file mode 100644
index 8b5776c..0000000
--- a/docs/resources/diagrams/rmm_el3_manifest_struct.png
+++ /dev/null
Binary files differ
diff --git a/docs/resources/diagrams/rss_attestation_flow.svg b/docs/resources/diagrams/rss_attestation_flow.svg
new file mode 100644
index 0000000..3728c6f
--- /dev/null
+++ b/docs/resources/diagrams/rss_attestation_flow.svg
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" contentStyleType="text/css" height="1087px" preserveAspectRatio="none" style="width:900px;height:1087px;background:#FFFFFF;" version="1.1" viewBox="0 0 900 1087" width="900px" zoomAndPan="magnify"><defs/><g><rect fill="#DDDDDD" height="1075.1719" style="stroke:#181818;stroke-width:0.5;" width="261.5" x="44" y="6"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="20" x="164.75" y="18.0669">AP</text><rect fill="#DDDDDD" height="1075.1719" style="stroke:#181818;stroke-width:0.5;" width="502" x="364" y="6"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="28" x="601" y="18.0669">RSS</text><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="82" x2="82" y1="56.4297" y2="1046.875"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="266.5" x2="266.5" y1="56.4297" y2="1046.875"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="426" x2="426" y1="56.4297" y2="1046.875"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="553.5" x2="553.5" y1="56.4297" y2="1046.875"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="705" x2="705" y1="56.4297" y2="1046.875"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="822" x2="822" y1="56.4297" y2="1046.875"/><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="48" x="58" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="34" x="65" y="45.1279">RMM</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="48" x="58" y="1045.875"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="34" x="65" y="1065.8701">RMM</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="49" x="242.5" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="35" x="249.5" y="45.1279">BL31</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="49" x="242.5" y="1045.875"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="35" x="249.5" y="1065.8701">BL31</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="96" x="378" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="82" x="385" y="45.1279">DelegAttest</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="96" x="378" y="1045.875"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="82" x="385" y="1065.8701">DelegAttest</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="75" x="516.5" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="61" x="523.5" y="45.1279">InitAttest</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="75" x="516.5" y="1045.875"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="61" x="523.5" y="1065.8701">InitAttest</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="116" x="647" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="102" x="654" y="45.1279">MeasuredBoot</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="116" x="647" y="1045.875"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="102" x="654" y="1065.8701">MeasuredBoot</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="59" x="793" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="45" x="800" y="45.1279">Crypto</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="59" x="793" y="1045.875"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="45" x="800" y="1065.8701">Crypto</text><rect fill="#EEEEEE" height="3" style="stroke:#EEEEEE;stroke-width:1.0;" width="893" x="0" y="86.9961"/><line style="stroke:#000000;stroke-width:1.0;" x1="0" x2="893" y1="86.9961" y2="86.9961"/><line style="stroke:#000000;stroke-width:1.0;" x1="0" x2="893" y1="89.9961" y2="89.9961"/><rect fill="#EEEEEE" height="23.1328" style="stroke:#000000;stroke-width:2.0;" width="144" x="374.5" y="76.4297"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="125" x="380.5" y="92.4966">RMM Boot phase</text><polygon fill="#181818" points="255,141.8281,265,145.8281,255,149.8281,259,145.8281" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="82" x2="261" y1="145.8281" y2="145.8281"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="99" x="89" y="125.6294">get_realm_key(</text><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="74" x="121" y="140.7622">hash_algo</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="25" x="195" y="140.7622">, ...)</text><polygon fill="#181818" points="414,170.9609,424,174.9609,414,178.9609,418,174.9609" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="267" x2="420" y1="174.9609" y2="174.9609"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="121" x="274" y="169.895">get_delegated_key</text><polygon fill="#181818" points="693,200.0938,703,204.0938,693,208.0938,697,204.0938" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="426" x2="699" y1="204.0938" y2="204.0938"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="127" x="433" y="199.0278">read_measurement</text><rect fill="#FEFFDD" height="53" style="stroke:#181818;stroke-width:0.5;" width="167" x="342" y="217.0938"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="95" x="346" y="233.1606">Compute input</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="110" x="346" y="248.2935">for key derivation</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="159" x="346" y="263.4263">(hash of measurements)</text><polygon fill="#181818" points="810.5,292.625,820.5,296.625,810.5,300.625,814.5,296.625" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="426" x2="816.5" y1="296.625" y2="296.625"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="68" x="433" y="291.5591">derive_key</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="150" x="351" y="309.625"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="126" x="355" y="325.6919">Compute public key</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="60" x="355" y="340.8247">hash with</text><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="74" x="419" y="340.8247">hash_algo</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="4" x="493" y="340.8247">.</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="132" x="756" y="357.8906"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="124" x="760" y="373.9575">Seed is provisioned</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="88" x="760" y="389.0903">in the factory.</text><polygon fill="#181818" points="278,418.2891,268,422.2891,278,426.2891,274,422.2891" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="272" x2="425" y1="422.2891" y2="422.2891"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="121" x="284" y="417.2231">get_delegated_key</text><polygon fill="#181818" points="93,447.4219,83,451.4219,93,455.4219,89,451.4219" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="87" x2="266" y1="451.4219" y2="451.4219"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="94" x="99" y="446.356">get_realm_key</text><rect fill="#FEFFDD" height="129" style="stroke:#181818;stroke-width:0.5;" width="154" x="5" y="464.4219"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="102" x="9" y="480.4888">Only private key</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="114" x="9" y="495.6216">is returned. Public</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="104" x="9" y="510.7544">key and its hash</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="126" x="9" y="525.8872">must be computed.</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="134" x="9" y="541.02">Public key is included</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="121" x="9" y="556.1528">in the realm token.</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="125" x="9" y="571.2856">Its hash is the input</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="146" x="9" y="586.4185">for get_platform_token</text><polygon fill="#181818" points="255,630.75,265,634.75,255,638.75,259,634.75" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="82" x2="261" y1="634.75" y2="634.75"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="130" x="89" y="614.5513">get_platform_token(</text><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="104" x="121" y="629.6841">pub_key_hash</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="25" x="225" y="629.6841">, ...)</text><polygon fill="#181818" points="414,659.8828,424,663.8828,414,667.8828,418,663.8828" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="267" x2="420" y1="663.8828" y2="663.8828"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="135" x="274" y="658.8169">get_delegated_token</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="155" x="348" y="676.8828"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="39" x="352" y="692.9497">Check</text><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="104" x="395" y="692.9497">pub_key_hash</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="128" x="352" y="708.0825">against derived key.</text><polygon fill="#181818" points="542,737.2813,552,741.2813,542,745.2813,546,741.2813" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="426" x2="548" y1="741.2813" y2="741.2813"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="104" x="433" y="736.2153">get_initial_token</text><rect fill="#FEFFDD" height="53" style="stroke:#181818;stroke-width:0.5;" width="181" x="463" y="754.2813"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="168" x="467" y="770.3481">Create the token including</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="21" x="467" y="785.481">the</text><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="104" x="492" y="785.481">pub_key_hash</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="40" x="600" y="785.481">as the</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="99" x="467" y="800.6138">challenge claim</text><polygon fill="#181818" points="693,829.8125,703,833.8125,693,837.8125,697,833.8125" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="554" x2="699" y1="833.8125" y2="833.8125"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="127" x="561" y="828.7466">read_measurement</text><polygon fill="#181818" points="810.5,858.9453,820.5,862.9453,810.5,866.9453,814.5,862.9453" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="554" x2="816.5" y1="862.9453" y2="862.9453"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="69" x="561" y="857.8794">sign_token</text><polygon fill="#181818" points="437,888.0781,427,892.0781,437,896.0781,433,892.0781" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="431" x2="553" y1="892.0781" y2="892.0781"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="104" x="443" y="887.0122">get_initial_token</text><polygon fill="#181818" points="278,917.2109,268,921.2109,278,925.2109,274,921.2109" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="272" x2="425" y1="921.2109" y2="921.2109"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="135" x="284" y="916.145">get_delegated_token</text><polygon fill="#181818" points="93,946.3438,83,950.3438,93,954.3438,89,950.3438" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="87" x2="266" y1="950.3438" y2="950.3438"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="125" x="99" y="945.2778">get_platform_token</text><rect fill="#FEFFDD" height="68" style="stroke:#181818;stroke-width:0.5;" width="116" x="24" y="963.3438"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="108" x="28" y="979.4106">Platform token is</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="101" x="28" y="994.5435">cached. It is not</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="98" x="28" y="1009.6763">changing within</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="90" x="28" y="1024.8091">a power cycle.</text><!--MD5=[84fabec568a656165bea957fac178b53]
+@startuml
+skinparam ParticipantPadding 10
+skinparam BoxPadding 10
+box AP
+participant RMM
+participant BL31
+endbox
+box RSS
+participant DelegAttest
+participant InitAttest
+participant MeasuredBoot
+participant Crypto
+endbox
+
+== RMM Boot phase ==
+
+RMM -> BL31: get_realm_key(\n\t**hash_algo**, ...)
+BL31 -> DelegAttest: get_delegated_key
+DelegAttest -> MeasuredBoot: read_measurement
+Rnote over DelegAttest: Compute input\n\ for key derivation\n\ (hash of measurements)
+DelegAttest -> Crypto: derive_key
+Rnote over DelegAttest: Compute public key\n\ hash with **hash_algo**.
+Rnote over Crypto: Seed is provisioned\n\ in the factory.
+DelegAttest - -> BL31: get_delegated_key
+BL31 - -> RMM: get_realm_key
+Rnote over RMM: Only private key\n\ is returned. Public\n\ key and its hash\n\ must be computed.\nPublic key is included\n\ in the realm token.\n\ Its hash is the input\n\ for get_platform_token
+RMM -> BL31: get_platform_token(\n\t**pub_key_hash**, ...)
+BL31 -> DelegAttest: get_delegated_token
+Rnote over DelegAttest: Check **pub_key_hash**\n\ against derived key.
+DelegAttest -> InitAttest: get_initial_token
+Rnote over InitAttest: Create the token including\n\ the **pub_key_hash** as the\n\ challenge claim
+InitAttest -> MeasuredBoot: read_measurement
+InitAttest -> Crypto: sign_token
+InitAttest - -> DelegAttest: get_initial_token
+DelegAttest - -> BL31: get_delegated_token
+BL31 - -> RMM: get_platform_token
+Rnote over RMM: Platform token is\n\ cached. It is not\n\ changing within\n\ a power cycle.
+@enduml
+
+PlantUML version 1.2022.7(Mon Aug 22 19:01:30 CEST 2022)
+(GPL source distribution)
+Java Runtime: OpenJDK Runtime Environment
+JVM: OpenJDK 64-Bit Server VM
+Default Encoding: UTF-8
+Language: hu
+Country: HU
+--></g></svg>
\ No newline at end of file
diff --git a/docs/resources/diagrams/rss_measured_boot_flow.svg b/docs/resources/diagrams/rss_measured_boot_flow.svg
new file mode 100644
index 0000000..f5bf311
--- /dev/null
+++ b/docs/resources/diagrams/rss_measured_boot_flow.svg
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" contentStyleType="text/css" height="1826px" preserveAspectRatio="none" style="width:1254px;height:1826px;background:#FFFFFF;" version="1.1" viewBox="0 0 1254 1826" width="1254px" zoomAndPan="magnify"><defs/><g><rect fill="#DDDDDD" height="1814.0938" style="stroke:#181818;stroke-width:0.5;" width="610.5" x="27" y="6"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="28" x="318.25" y="18.0669">RSS</text><rect fill="#DDDDDD" height="1814.0938" style="stroke:#181818;stroke-width:0.5;" width="103" x="659.5" y="6"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="29" x="696.5" y="18.0669">SCP</text><rect fill="#DDDDDD" height="1814.0938" style="stroke:#181818;stroke-width:0.5;" width="451.5" x="784.5" y="6"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="20" x="1000.25" y="18.0669">AP</text><rect fill="#008000" height="205.9297" style="stroke:#181818;stroke-width:1.0;" width="10" x="81.5" y="130.6953"/><rect fill="#008000" height="106.5313" style="stroke:#181818;stroke-width:1.0;" width="10" x="227.5" y="336.625"/><rect fill="#008000" height="414.9922" style="stroke:#181818;stroke-width:1.0;" width="10" x="408.5" y="443.1563"/><rect fill="#008000" height="918.6484" style="stroke:#181818;stroke-width:1.0;" width="10" x="589.5" y="858.1484"/><rect fill="#008000" height="1182.8438" style="stroke:#181818;stroke-width:1.0;" width="10" x="706" y="593.9531"/><rect fill="#008000" height="460.3906" style="stroke:#181818;stroke-width:1.0;" width="10" x="826" y="829.0156"/><rect fill="#008000" height="435.2578" style="stroke:#181818;stroke-width:1.0;" width="10" x="1003" y="1289.4063"/><rect fill="#008000" height="52.1328" style="stroke:#181818;stroke-width:1.0;" width="10" x="1180" y="1724.6641"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="86" x2="86" y1="56.4297" y2="1785.7969"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="232" x2="232" y1="56.4297" y2="1785.7969"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="413" x2="413" y1="56.4297" y2="1785.7969"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="594.5" x2="594.5" y1="56.4297" y2="1785.7969"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="710.5" x2="710.5" y1="56.4297" y2="1785.7969"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="830.5" x2="830.5" y1="56.4297" y2="1785.7969"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="1007.5" x2="1007.5" y1="56.4297" y2="1785.7969"/><line style="stroke:#181818;stroke-width:0.5;stroke-dasharray:5.0,5.0;" x1="1185" x2="1185" y1="56.4297" y2="1785.7969"/><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="91" x="41" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="77" x="48" y="45.1279">RSS_BL1_1</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="91" x="41" y="1784.7969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="77" x="48" y="1804.792">RSS_BL1_1</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="91" x="187" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="77" x="194" y="45.1279">RSS_BL1_2</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="91" x="187" y="1784.7969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="77" x="194" y="1804.792">RSS_BL1_2</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="75" x="376" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="61" x="383" y="45.1279">RSS_BL2</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="75" x="376" y="1784.7969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="61" x="383" y="1804.792">RSS_BL2</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="58" x="565.5" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="44" x="572.5" y="45.1279">RSS_S</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="58" x="565.5" y="1784.7969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="44" x="572.5" y="1804.792">RSS_S</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="75" x="673.5" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="61" x="680.5" y="45.1279">SCP_BL1</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="75" x="673.5" y="1784.7969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="61" x="680.5" y="1804.792">SCP_BL1</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="65" x="798.5" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="51" x="805.5" y="45.1279">AP_BL1</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="65" x="798.5" y="1784.7969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="51" x="805.5" y="1804.792">AP_BL1</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="65" x="975.5" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="51" x="982.5" y="45.1279">AP_BL2</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="65" x="975.5" y="1784.7969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="51" x="982.5" y="1804.792">AP_BL2</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="74" x="1148" y="25.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="60" x="1155" y="45.1279">AP_BL31</text><rect fill="#E2E2F0" height="30.2969" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="74" x="1148" y="1784.7969"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="60" x="1155" y="1804.792">AP_BL31</text><rect fill="#008000" height="205.9297" style="stroke:#181818;stroke-width:1.0;" width="10" x="81.5" y="130.6953"/><rect fill="#008000" height="106.5313" style="stroke:#181818;stroke-width:1.0;" width="10" x="227.5" y="336.625"/><rect fill="#008000" height="414.9922" style="stroke:#181818;stroke-width:1.0;" width="10" x="408.5" y="443.1563"/><rect fill="#008000" height="918.6484" style="stroke:#181818;stroke-width:1.0;" width="10" x="589.5" y="858.1484"/><rect fill="#008000" height="1182.8438" style="stroke:#181818;stroke-width:1.0;" width="10" x="706" y="593.9531"/><rect fill="#008000" height="460.3906" style="stroke:#181818;stroke-width:1.0;" width="10" x="826" y="829.0156"/><rect fill="#008000" height="435.2578" style="stroke:#181818;stroke-width:1.0;" width="10" x="1003" y="1289.4063"/><rect fill="#008000" height="52.1328" style="stroke:#181818;stroke-width:1.0;" width="10" x="1180" y="1724.6641"/><rect fill="#EEEEEE" height="3" style="stroke:#EEEEEE;stroke-width:1.0;" width="1247" x="0" y="86.9961"/><line style="stroke:#000000;stroke-width:1.0;" x1="0" x2="1247" y1="86.9961" y2="86.9961"/><line style="stroke:#000000;stroke-width:1.0;" x1="0" x2="1247" y1="89.9961" y2="89.9961"/><rect fill="#EEEEEE" height="23.1328" style="stroke:#000000;stroke-width:2.0;" width="136" x="555.5" y="76.4297"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="117" x="561.5" y="92.4966">RSS Boot phase</text><polygon fill="#181818" points="69.5,126.6953,79.5,130.6953,69.5,134.6953,73.5,130.6953" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="0" x2="75.5" y1="130.6953" y2="130.6953"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="36" x="7" y="125.6294">Reset</text><rect fill="#FEFFDD" height="23" style="stroke:#181818;stroke-width:0.5;" width="99" x="37" y="143.6953"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="91" x="41" y="159.7622">ROM code, XIP</text><rect fill="#FEFFDD" height="23" style="stroke:#181818;stroke-width:0.5;" width="95" x="185" y="176.8281"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="87" x="189" y="192.895">OTP code, XIP</text><rect fill="#FEFFDD" height="23" style="stroke:#181818;stroke-width:0.5;" width="861" x="368" y="209.9609"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="281" x="658" y="226.0278">Stored in flash, loaded and executed in RAM</text><line style="stroke:#181818;stroke-width:1.0;" x1="230.5" x2="220.5" y1="259.2266" y2="255.2266"/><line style="stroke:#181818;stroke-width:1.0;" x1="230.5" x2="220.5" y1="259.2266" y2="263.2266"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="91.5" x2="231.5" y1="259.2266" y2="259.2266"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="117" x="98.5" y="254.1606">Validate, measure</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="164" x="5" y="272.2266"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="134" x="9" y="288.2935">BL1_2 measurement</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="156" x="9" y="303.4263">saved to a shared buffer</text><polygon fill="#181818" points="215.5,332.625,225.5,336.625,215.5,340.625,219.5,336.625" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="86.5" x2="221.5" y1="336.625" y2="336.625"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="96" x="93.5" y="331.5591">Pass execution</text><line style="stroke:#181818;stroke-width:1.0;" x1="411.5" x2="401.5" y1="365.7578" y2="361.7578"/><line style="stroke:#181818;stroke-width:1.0;" x1="411.5" x2="401.5" y1="365.7578" y2="369.7578"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="237.5" x2="412.5" y1="365.7578" y2="365.7578"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="152" x="244.5" y="360.6919">Validate, measure, load</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="164" x="150" y="378.7578"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="152" x="154" y="394.8247">RSS_BL2 measurement</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="156" x="154" y="409.9575">saved to a shared buffer</text><polygon fill="#181818" points="396.5,439.1563,406.5,443.1563,396.5,447.1563,400.5,443.1563" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="232.5" x2="402.5" y1="443.1563" y2="443.1563"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="96" x="239.5" y="438.0903">Pass execution</text><line style="stroke:#181818;stroke-width:1.0;" x1="592.5" x2="582.5" y1="472.2891" y2="468.2891"/><line style="stroke:#181818;stroke-width:1.0;" x1="592.5" x2="582.5" y1="472.2891" y2="476.2891"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="418.5" x2="593.5" y1="472.2891" y2="472.2891"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="152" x="425.5" y="467.2231">Validate, measure, load</text><line style="stroke:#181818;stroke-width:1.0;" x1="709" x2="699" y1="501.4219" y2="497.4219"/><line style="stroke:#181818;stroke-width:1.0;" x1="709" x2="699" y1="501.4219" y2="505.4219"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="418.5" x2="710" y1="501.4219" y2="501.4219"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="152" x="425.5" y="496.356">Validate, measure, load</text><rect fill="#FEFFDD" height="53" style="stroke:#181818;stroke-width:0.5;" width="148" x="339" y="514.4219"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="131" x="343" y="530.4888">RSS_S and SCP_BL1</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="140" x="343" y="545.6216">measurements saved</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="114" x="343" y="560.7544">to a shared buffer</text><polygon fill="#181818" points="694,589.9531,704,593.9531,694,597.9531,698,593.9531" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="418.5" x2="700" y1="593.9531" y2="593.9531"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="121" x="425.5" y="588.8872">Release from reset</text><rect fill="#FEFFDD" height="23" style="stroke:#181818;stroke-width:0.5;" width="387" x="368" y="606.9531"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="200" x="461.75" y="623.02">MHU init between RSS and SCP</text><rect fill="#FEFFDD" height="23" style="stroke:#181818;stroke-width:0.5;" width="127" x="647" y="640.0859"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="119" x="651" y="656.1528">Configure memory</text><rect fill="#FEFFDD" height="23" style="stroke:#181818;stroke-width:0.5;" width="93" x="367" y="673.2188"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="85" x="371" y="689.2856">Waits for SCP</text><polygon fill="#181818" points="429.5,718.4844,419.5,722.4844,429.5,726.4844,425.5,722.4844" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="423.5" x2="705" y1="722.4844" y2="722.4844"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="34" x="435.5" y="717.4185">Done</text><line style="stroke:#181818;stroke-width:1.0;" x1="829" x2="819" y1="751.6172" y2="747.6172"/><line style="stroke:#181818;stroke-width:1.0;" x1="829" x2="819" y1="751.6172" y2="755.6172"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="418.5" x2="830" y1="751.6172" y2="751.6172"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="152" x="425.5" y="746.5513">Validate, measure, load</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="164" x="331" y="764.6172"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="143" x="335" y="780.6841">AP_BL1 measurement</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="156" x="335" y="795.8169">saved to a shared buffer</text><polygon fill="#181818" points="814,825.0156,824,829.0156,814,833.0156,818,829.0156" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="418.5" x2="820" y1="829.0156" y2="829.0156"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="121" x="425.5" y="823.9497">Release from reset</text><polygon fill="#181818" points="577.5,854.1484,587.5,858.1484,577.5,862.1484,581.5,858.1484" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="413.5" x2="583.5" y1="858.1484" y2="858.1484"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="96" x="420.5" y="853.0825">Pass execution</text><rect fill="#FEFFDD" height="68" style="stroke:#181818;stroke-width:0.5;" width="182" x="503" y="871.1484"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="163" x="507" y="887.2153">Measurements read from</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="174" x="507" y="902.3481">shared buffer and saved by</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="163" x="507" y="917.481">Measured Boot service to</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="129" x="507" y="932.6138">measurement slots.</text><rect fill="#EEEEEE" height="3" style="stroke:#EEEEEE;stroke-width:1.0;" width="1247" x="0" y="965.2461"/><line style="stroke:#000000;stroke-width:1.0;" x1="0" x2="1247" y1="965.2461" y2="965.2461"/><line style="stroke:#000000;stroke-width:1.0;" x1="0" x2="1247" y1="968.2461" y2="968.2461"/><rect fill="#EEEEEE" height="23.1328" style="stroke:#000000;stroke-width:2.0;" width="237" x="505" y="954.6797"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="218" x="511" y="970.7466">RSS Runtime / AP Boot phase</text><rect fill="#FEFFDD" height="23" style="stroke:#181818;stroke-width:0.5;" width="313" x="556" y="992.8125"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="191" x="617" y="1008.8794">MHU init between RSS and AP</text><rect fill="#FEFFDD" height="53" style="stroke:#181818;stroke-width:0.5;" width="126" x="768" y="1025.9453"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="118" x="772" y="1042.0122">Measure and load:</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="74" x="772" y="1057.145">FW_CONFIG</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="97" x="772" y="1072.2778">TB_FW_CONFIG</text><polygon fill="#181818" points="610.5,1101.4766,600.5,1105.4766,610.5,1109.4766,606.5,1105.4766" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="604.5" x2="825" y1="1105.4766" y2="1105.4766"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="139" x="616.5" y="1100.4106">Extend measurement</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="136" x="526" y="1118.4766"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="101" x="530" y="1134.5435">Measured Boot:</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="128" x="530" y="1149.6763">store measurement</text><line style="stroke:#181818;stroke-width:1.0;" x1="1006" x2="996" y1="1182.875" y2="1178.875"/><line style="stroke:#181818;stroke-width:1.0;" x1="1006" x2="996" y1="1182.875" y2="1186.875"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="836" x2="1007" y1="1182.875" y2="1182.875"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="148" x="843" y="1177.8091">Validate, measure,load</text><polygon fill="#181818" points="610.5,1208.0078,600.5,1212.0078,610.5,1216.0078,606.5,1212.0078" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="604.5" x2="825" y1="1212.0078" y2="1212.0078"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="139" x="616.5" y="1206.9419">Extend measurement</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="136" x="526" y="1225.0078"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="101" x="530" y="1241.0747">Measured Boot:</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="128" x="530" y="1256.2075">store measurement</text><polygon fill="#181818" points="991,1285.4063,1001,1289.4063,991,1293.4063,995,1289.4063" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="831" x2="997" y1="1289.4063" y2="1289.4063"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="96" x="838" y="1284.3403">Pass execution</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="126" x="945" y="1302.4063"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="118" x="949" y="1318.4731">Measure and load:</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="77" x="949" y="1333.606">HW_CONFIG</text><polygon fill="#181818" points="610.5,1362.8047,600.5,1366.8047,610.5,1370.8047,606.5,1366.8047" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="604.5" x2="1002" y1="1366.8047" y2="1366.8047"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="139" x="616.5" y="1361.7388">Extend measurement</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="136" x="526" y="1379.8047"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="101" x="530" y="1395.8716">Measured Boot:</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="128" x="530" y="1411.0044">store measurement</text><line style="stroke:#181818;stroke-width:1.0;" x1="1183" x2="1173" y1="1444.2031" y2="1440.2031"/><line style="stroke:#181818;stroke-width:1.0;" x1="1183" x2="1173" y1="1444.2031" y2="1448.2031"/><line style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" x1="1013" x2="1184" y1="1444.2031" y2="1444.2031"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="148" x="1020" y="1439.1372">Validate, measure,load</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="126" x="945" y="1457.2031"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="118" x="949" y="1473.27">Measure and load:</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="32" x="949" y="1488.4028">BL31</text><polygon fill="#181818" points="610.5,1517.6016,600.5,1521.6016,610.5,1525.6016,606.5,1521.6016" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="604.5" x2="1002" y1="1521.6016" y2="1521.6016"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="139" x="616.5" y="1516.5356">Extend measurement</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="136" x="526" y="1534.6016"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="101" x="530" y="1550.6685">Measured Boot:</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="128" x="530" y="1565.8013">store measurement</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="126" x="945" y="1582.8672"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="118" x="949" y="1598.9341">Measure and load:</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="30" x="949" y="1614.0669">RMM</text><polygon fill="#181818" points="610.5,1643.2656,600.5,1647.2656,610.5,1651.2656,606.5,1647.2656" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="604.5" x2="1002" y1="1647.2656" y2="1647.2656"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="139" x="616.5" y="1642.1997">Extend measurement</text><rect fill="#FEFFDD" height="38" style="stroke:#181818;stroke-width:0.5;" width="136" x="526" y="1660.2656"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="101" x="530" y="1676.3325">Measured Boot:</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="128" x="530" y="1691.4653">store measurement</text><polygon fill="#181818" points="1168,1720.6641,1178,1724.6641,1168,1728.6641,1172,1724.6641" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="1008" x2="1174" y1="1724.6641" y2="1724.6641"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="96" x="1015" y="1719.5981">Pass execution</text><rect fill="#EEEEEE" height="3" style="stroke:#EEEEEE;stroke-width:1.0;" width="1247" x="0" y="1753.2305"/><line style="stroke:#000000;stroke-width:1.0;" x1="0" x2="1247" y1="1753.2305" y2="1753.2305"/><line style="stroke:#000000;stroke-width:1.0;" x1="0" x2="1247" y1="1756.2305" y2="1756.2305"/><rect fill="#EEEEEE" height="23.1328" style="stroke:#000000;stroke-width:2.0;" width="148" x="549.5" y="1742.6641"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacing" textLength="129" x="555.5" y="1758.731">RSS / AP Runtime</text><!--MD5=[e3f0ee259d2a4aa9c2a97ff856de0312]
+@startuml
+skinparam ParticipantPadding 10
+skinparam BoxPadding 10
+box RSS
+participant RSS_BL1_1
+participant RSS_BL1_2
+participant RSS_BL2
+participant RSS_S
+endbox
+box SCP
+participant SCP_BL1
+endbox
+box AP
+participant AP_BL1
+participant AP_BL2
+participant AP_BL31
+endbox
+
+== RSS Boot phase ==
+-> RSS_BL1_1: Reset
+Rnote over RSS_BL1_1: ROM code, XIP
+Rnote over RSS_BL1_2: OTP code, XIP
+Rnote over RSS_BL2, AP_BL31: Stored in flash, loaded and executed in RAM
+activate RSS_BL1_1 #Green
+RSS_BL1_1 - ->> RSS_BL1_2: Validate, measure
+Rnote over RSS_BL1_1: BL1_2 measurement\n\ saved to a shared buffer
+RSS_BL1_1 -> RSS_BL1_2: Pass execution
+deactivate RSS_BL1_1
+activate RSS_BL1_2 #Green
+RSS_BL1_2 - ->> RSS_BL2: Validate, measure, load
+Rnote over RSS_BL1_2: RSS_BL2 measurement\n\ saved to a shared buffer
+RSS_BL1_2 -> RSS_BL2: Pass execution
+deactivate RSS_BL1_2
+activate RSS_BL2 #Green
+RSS_BL2 - ->> RSS_S: Validate, measure, load
+RSS_BL2 - ->> SCP_BL1: Validate, measure, load
+Rnote over RSS_BL2: RSS_S and SCP_BL1\n\ measurements saved\n\ to a shared buffer
+RSS_BL2 -> SCP_BL1: Release from reset
+activate SCP_BL1 #Green
+Rnote over RSS_BL2, SCP_BL1: MHU init between RSS and SCP
+Rnote over SCP_BL1: Configure memory
+Rnote over RSS_BL2: Waits for SCP
+SCP_BL1 - -> RSS_BL2: Done
+RSS_BL2 - ->> AP_BL1: Validate, measure, load
+Rnote over RSS_BL2: AP_BL1 measurement\n\ saved to a shared buffer
+RSS_BL2 -> AP_BL1: Release from reset
+activate AP_BL1 #Green
+RSS_BL2 -> RSS_S: Pass execution
+deactivate RSS_BL2
+activate RSS_S #Green
+Rnote over RSS_S: Measurements read from\n\ shared buffer and saved by\nMeasured Boot service to\n\ measurement slots.
+
+== RSS Runtime / AP Boot phase ==
+Rnote over RSS_S, AP_BL1: MHU init between RSS and AP
+Rnote over AP_BL1: Measure and load:\n\ FW_CONFIG\n\ TB_FW_CONFIG
+AP_BL1 -> RSS_S: Extend measurement
+Rnote over RSS_S: Measured Boot:\n\ store measurement
+AP_BL1 - ->> AP_BL2: Validate, measure,load
+AP_BL1 -> RSS_S: Extend measurement
+Rnote over RSS_S: Measured Boot:\n\ store measurement
+AP_BL1 -> AP_BL2: Pass execution
+deactivate AP_BL1
+activate AP_BL2 #Green
+Rnote over AP_BL2: Measure and load:\n\ HW_CONFIG
+AP_BL2 -> RSS_S: Extend measurement
+Rnote over RSS_S: Measured Boot:\n\ store measurement
+AP_BL2 - ->> AP_BL31: Validate, measure,load
+Rnote over AP_BL2: Measure and load:\n\ BL31
+AP_BL2 -> RSS_S: Extend measurement
+Rnote over RSS_S: Measured Boot:\n\ store measurement
+Rnote over AP_BL2: Measure and load:\n\ RMM
+AP_BL2 -> RSS_S: Extend measurement
+Rnote over RSS_S: Measured Boot:\n\ store measurement
+AP_BL2 -> AP_BL31: Pass execution
+deactivate AP_BL2
+activate AP_BL31 #Green
+== RSS / AP Runtime ==
+@enduml
+
+PlantUML version 1.2022.7(Mon Aug 22 19:01:30 CEST 2022)
+(GPL source distribution)
+Java Runtime: OpenJDK Runtime Environment
+JVM: OpenJDK 64-Bit Server VM
+Default Encoding: UTF-8
+Language: hu
+Country: HU
+--></g></svg>
\ No newline at end of file
diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/threat_model.rst
index 99bbb3a..940cad5 100644
--- a/docs/threat_model/threat_model.rst
+++ b/docs/threat_model/threat_model.rst
@@ -918,9 +918,54 @@
| Mitigations | | Yes / Platform specific |
+------------------------+-----------------------------------------------------+
++------------------------+-----------------------------------------------------+
+| ID | 14 |
++========================+=====================================================+
+| Threat | | **Attacker wants to execute an arbitrary or |
+| | untrusted binary as the secure OS.** |
+| | |
+| | | When the option OPTEE_ALLOW_SMC_LOAD is enabled, |
+| | this trusts the non-secure world up until the |
+| | point it issues the SMC call to load the Secure |
+| | BL32 payload. If a compromise occurs before the |
+| | SMC call is invoked, then arbitrary code execution|
+| | in S-EL1 can occur or arbitrary memory in EL3 can |
+| | be overwritten. |
++------------------------+-----------------------------------------------------+
+| Diagram Elements | DF5 |
++------------------------+-----------------------------------------------------+
+| Affected TF-A | BL31, BL32 |
+| Components | |
++------------------------+-----------------------------------------------------+
+| Assets | Code Execution, Sensitive Data |
++------------------------+-----------------------------------------------------+
+| Threat Agent | NSCode |
++------------------------+-----------------------------------------------------+
+| Threat Type | Tampering, Information Disclosure, |
+| | Elevation of privilege |
++------------------------+-----------------+-----------------+-----------------+
+| Application | Server | IoT | Mobile |
++------------------------+-----------------+-----------------+-----------------+
+| Impact | Critical (5) | Critical (5) | Critical (5) |
++------------------------+-----------------+-----------------+-----------------+
+| Likelihood | High (4) | High (4) | High (4) |
++------------------------+-----------------+-----------------+-----------------+
+| Total Risk Rating | Critical (20) | Critical (20) | Critical (20) |
++------------------------+-----------------+-----------------+-----------------+
+| Mitigations | When enabling the option OPTEE_ALLOW_SMC_LOAD, |
+| | the non-secure OS must be considered a closed |
+| | platform up until the point the SMC can be invoked |
+| | to load OP-TEE. |
++------------------------+-----------------------------------------------------+
+| Mitigations | | None in TF-A itself. This option is only used by |
+| implemented? | ChromeOS currently which has other mechanisms to |
+| | to mitigate this threat which are described in |
+| | `OP-TEE Dispatcher`_. |
++------------------------+-----------------------------------------------------+
+
--------------
-*Copyright (c) 2021-2022, Arm Limited. All rights reserved.*
+*Copyright (c) 2021-2023, Arm Limited. All rights reserved.*
.. _STRIDE threat analysis technique: https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats#stride-model
@@ -932,3 +977,4 @@
.. _TF-A error handling policy: https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-guidelines.html#error-handling-and-robustness
.. _Secure Development Guidelines: https://trustedfirmware-a.readthedocs.io/en/latest/process/security-hardening.html#secure-development-guidelines
.. _Trusted Firmware-A Tests: https://git.trustedfirmware.org/TF-A/tf-a-tests.git/about/
+.. _OP-TEE Dispatcher: https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/components/spd/optee-dispatcher.rst
diff --git a/drivers/allwinner/axp/common.c b/drivers/allwinner/axp/common.c
index f1250b0..79f9089 100644
--- a/drivers/allwinner/axp/common.c
+++ b/drivers/allwinner/axp/common.c
@@ -9,6 +9,7 @@
#include <libfdt.h>
#include <common/debug.h>
+#include <common/fdt_wrappers.h>
#include <drivers/allwinner/axp.h>
int axp_check_id(void)
@@ -97,19 +98,9 @@
return 0;
}
-static bool is_node_disabled(const void *fdt, int node)
-{
- const char *cell;
- cell = fdt_getprop(fdt, node, "status", NULL);
- if (cell == NULL) {
- return false;
- }
- return strcmp(cell, "okay") != 0;
-}
-
static bool should_enable_regulator(const void *fdt, int node)
{
- if (is_node_disabled(fdt, node)) {
+ if (!fdt_node_is_enabled(fdt, node)) {
return false;
}
if (fdt_getprop(fdt, node, "phandle", NULL) != NULL) {
diff --git a/drivers/arm/css/mhu/css_mhu_doorbell.c b/drivers/arm/css/mhu/css_mhu_doorbell.c
index c51f3b1..479bb21 100644
--- a/drivers/arm/css/mhu/css_mhu_doorbell.c
+++ b/drivers/arm/css/mhu/css_mhu_doorbell.c
@@ -15,7 +15,6 @@
MHU_RING_DOORBELL(plat_info->db_reg_addr,
plat_info->db_modify_mask,
plat_info->db_preserve_mask);
- return;
}
void mhuv2_ring_doorbell(struct scmi_channel_plat_info *plat_info)
@@ -35,6 +34,4 @@
/* clear the access request for the receiver */
MHU_V2_CLEAR_REQUEST(mhuv2_base);
-
- return;
}
diff --git a/drivers/arm/gic/v3/gicv3_helpers.c b/drivers/arm/gic/v3/gicv3_helpers.c
index 446d0ad..940c939 100644
--- a/drivers/arm/gic/v3/gicv3_helpers.c
+++ b/drivers/arm/gic/v3/gicv3_helpers.c
@@ -253,7 +253,7 @@
}
/*******************************************************************************
- * Helper function to configure the default attributes of (E)SPIs
+ * Helper function to configure the default attributes of (E)PPIs/SGIs
******************************************************************************/
void gicv3_ppi_sgi_config_defaults(uintptr_t gicr_base)
{
@@ -292,7 +292,7 @@
regs_num = ppi_regs_num << 3;
for (i = 0U; i < regs_num; ++i) {
/* Setup the default (E)PPI/SGI priorities doing 4 at a time */
- gicr_write_ipriorityr(gicr_base, i, GICD_IPRIORITYR_DEF_VAL);
+ gicr_write_ipriorityr(gicr_base, i << 2, GICD_IPRIORITYR_DEF_VAL);
}
/* 16 interrupt IDs per GICR_ICFGR register */
diff --git a/drivers/arm/rss/rss_comms_protocol_embed.c b/drivers/arm/rss/rss_comms_protocol_embed.c
index 801b7cc..c453258 100644
--- a/drivers/arm/rss/rss_comms_protocol_embed.c
+++ b/drivers/arm/rss/rss_comms_protocol_embed.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -54,7 +54,9 @@
if (in_vec[i].len > sizeof(msg->trailer) - payload_size) {
return PSA_ERROR_INVALID_ARGUMENT;
}
- memcpy(msg->trailer + payload_size, in_vec[i].base, in_vec[i].len);
+ memcpy(msg->trailer + payload_size,
+ in_vec[i].base,
+ in_vec[i].len);
payload_size += in_vec[i].len;
}
@@ -77,12 +79,16 @@
assert(return_val != NULL);
for (i = 0U; i < out_len; ++i) {
- if (sizeof(reply) - sizeof(reply->trailer) + payload_offset > reply_size) {
+ if ((sizeof(*reply) - sizeof(reply->trailer) + payload_offset)
+ > reply_size) {
return PSA_ERROR_INVALID_ARGUMENT;
}
- memcpy(out_vec[i].base, reply->trailer + payload_offset, out_vec[i].len);
- payload_offset += out_vec[i].len;
+ memcpy(out_vec[i].base,
+ reply->trailer + payload_offset,
+ reply->out_size[i]);
+ out_vec[i].len = reply->out_size[i];
+ payload_offset += reply->out_size[i];
}
*return_val = reply->return_val;
diff --git a/drivers/auth/cca/cot.c b/drivers/auth/cca/cot.c
index d3f3087..e8f4d9c 100644
--- a/drivers/auth/cca/cot.c
+++ b/drivers/auth/cca/cot.c
@@ -1,13 +1,15 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <stddef.h>
+#include <mbedtls/version.h>
+
+#include <common/tbbr/cot_def.h>
#include <drivers/auth/auth_mod.h>
-#include MBEDTLS_CONFIG_FILE
#include <tools_share/cca_oid.h>
#include <platform_def.h>
diff --git a/drivers/auth/cryptocell/712/cryptocell_crypto.c b/drivers/auth/cryptocell/712/cryptocell_crypto.c
index c7ee36f..e2b189b 100644
--- a/drivers/auth/cryptocell/712/cryptocell_crypto.c
+++ b/drivers/auth/cryptocell/712/cryptocell_crypto.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,7 +7,8 @@
#include <stddef.h>
#include <string.h>
-#include <platform_def.h>
+#include <mbedtls/oid.h>
+#include <mbedtls/x509.h>
#include <arch_helpers.h>
#include <common/debug.h>
@@ -21,8 +22,7 @@
#include <drivers/auth/mbedtls/mbedtls_common.h>
#include <lib/utils.h>
-#include <mbedtls/oid.h>
-#include <mbedtls/x509.h>
+#include <platform_def.h>
#define LIB_NAME "CryptoCell 712 SBROM"
#define RSA_SALT_LEN 32
@@ -95,11 +95,10 @@
CCError_t error;
CCSbNParams_t pk;
CCSbSignature_t signature;
- int rc, exp;
+ int rc, exp, expected_salt_len;
mbedtls_asn1_buf sig_oid, alg_oid, params;
- mbedtls_md_type_t md_alg;
+ mbedtls_md_type_t md_alg, mgf1_hash_id;
mbedtls_pk_type_t pk_alg;
- mbedtls_pk_rsassa_pss_options pss_opts;
size_t len;
uint8_t *p, *end;
/* Temp buf to store the public key modulo (N) in LE format */
@@ -110,70 +109,85 @@
p = sig_alg;
end = p + sig_alg_len;
rc = mbedtls_asn1_get_alg(&p, end, &sig_oid, ¶ms);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
/* Get the actual signature algorithm (MD + PK) */
rc = mbedtls_oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
/* The CryptoCell only supports RSASSA-PSS signature */
- if (pk_alg != MBEDTLS_PK_RSASSA_PSS || md_alg != MBEDTLS_MD_NONE)
+ if ((pk_alg != MBEDTLS_PK_RSASSA_PSS) || (md_alg != MBEDTLS_MD_NONE)) {
return CRYPTO_ERR_SIGNATURE;
+ }
/* Verify the RSASSA-PSS params */
/* The trailer field is verified to be 0xBC internally by this API */
rc = mbedtls_x509_get_rsassa_pss_params(¶ms, &md_alg,
- &pss_opts.mgf1_hash_id,
- &pss_opts.expected_salt_len);
- if (rc != 0)
+ &mgf1_hash_id,
+ &expected_salt_len);
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
/* The CryptoCell only supports SHA256 as hash algorithm */
- if (md_alg != MBEDTLS_MD_SHA256 || pss_opts.mgf1_hash_id != MBEDTLS_MD_SHA256)
+ if ((md_alg != MBEDTLS_MD_SHA256) || (mgf1_hash_id != MBEDTLS_MD_SHA256)) {
return CRYPTO_ERR_SIGNATURE;
+ }
- if (pss_opts.expected_salt_len != RSA_SALT_LEN)
+ if (expected_salt_len != RSA_SALT_LEN) {
return CRYPTO_ERR_SIGNATURE;
+ }
/* Parse the public key */
p = pk_ptr;
end = p + pk_len;
rc = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
end = p + len;
rc = mbedtls_asn1_get_alg_null(&p, end, &alg_oid);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
- if (mbedtls_oid_get_pk_alg(&alg_oid, &pk_alg) != 0)
+ if (mbedtls_oid_get_pk_alg(&alg_oid, &pk_alg) != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
- if (pk_alg != MBEDTLS_PK_RSA)
+ if (pk_alg != MBEDTLS_PK_RSA) {
return CRYPTO_ERR_SIGNATURE;
+ }
rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
rc = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
if (*p == 0) {
p++; len--;
}
- if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end))
+
+ if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end)) {
return CRYPTO_ERR_SIGNATURE;
+ }
/*
* The CCSbVerifySignature() API expects N and Np in BE format and
@@ -184,11 +198,13 @@
/* Verify the RSA exponent */
p += len;
rc = mbedtls_asn1_get_int(&p, end, &exp);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
- if (exp != RSA_EXPONENT)
+ if (exp != RSA_EXPONENT) {
return CRYPTO_ERR_SIGNATURE;
+ }
/*
* Calculate the Np (Barrett n' value). The RSA_CalcNp() API expects
@@ -205,11 +221,13 @@
p = sig_ptr;
end = p + sig_len;
rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
- if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end))
+ if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end)) {
return CRYPTO_ERR_SIGNATURE;
+ }
/*
* The signature is BE format. Convert it to LE before calling
@@ -227,8 +245,9 @@
error = CCSbVerifySignature((uintptr_t)PLAT_CRYPTOCELL_BASE,
(uint32_t *)data_ptr, &pk, &signature,
data_len, RSA_PSS);
- if (error != CC_OK)
+ if (error != CC_OK) {
return CRYPTO_ERR_SIGNATURE;
+ }
/* Signature verification success */
return CRYPTO_SUCCESS;
@@ -256,29 +275,36 @@
end = p + digest_info_len;
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_HASH;
+ }
/* Get the hash algorithm */
rc = mbedtls_asn1_get_alg(&p, end, &hash_oid, ¶ms);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_HASH;
+ }
rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_HASH;
+ }
+
/* Verify that hash algorithm is SHA256 */
- if (md_alg != MBEDTLS_MD_SHA256)
+ if (md_alg != MBEDTLS_MD_SHA256) {
return CRYPTO_ERR_HASH;
+ }
/* Hash should be octet string type */
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_HASH;
+ }
/* Length of hash must match the algorithm's size */
- if (len != HASH_RESULT_SIZE_IN_BYTES)
+ if (len != HASH_RESULT_SIZE_IN_BYTES) {
return CRYPTO_ERR_HASH;
+ }
/*
* CryptoCell utilises DMA internally to transfer data. Flush the data
@@ -289,12 +315,14 @@
hash = p;
error = SBROM_CryptoHash((uintptr_t)PLAT_CRYPTOCELL_BASE,
(uintptr_t)data_ptr, data_len, pubKeyHash);
- if (error != CC_OK)
+ if (error != CC_OK) {
return CRYPTO_ERR_HASH;
+ }
rc = memcmp(pubKeyHash, hash, HASH_RESULT_SIZE_IN_BYTES);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_HASH;
+ }
return CRYPTO_SUCCESS;
}
diff --git a/drivers/auth/cryptocell/713/cryptocell_crypto.c b/drivers/auth/cryptocell/713/cryptocell_crypto.c
index 3ac16af..388264e 100644
--- a/drivers/auth/cryptocell/713/cryptocell_crypto.c
+++ b/drivers/auth/cryptocell/713/cryptocell_crypto.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -8,14 +8,14 @@
#include <stddef.h>
#include <string.h>
-#include <platform_def.h>
+#include <mbedtls/oid.h>
+#include <mbedtls/x509.h>
#include <drivers/arm/cryptocell/713/bsv_api.h>
#include <drivers/arm/cryptocell/713/bsv_crypto_asym_api.h>
#include <drivers/auth/crypto_mod.h>
-#include <mbedtls/oid.h>
-#include <mbedtls/x509.h>
+#include <platform_def.h>
#define LIB_NAME "CryptoCell 713 SBROM"
#define RSA_SALT_LEN 32
@@ -82,11 +82,11 @@
CCError_t error;
CCBsvNBuff_t NBuff;
CCBsvSignature_t signature;
- int rc, exp;
+ int rc, exp, expected_salt_len;
mbedtls_asn1_buf sig_oid, alg_oid, params;
- mbedtls_md_type_t md_alg;
+ mbedtls_md_type_t md_alg, mgf1_hash_id;
mbedtls_pk_type_t pk_alg;
- mbedtls_pk_rsassa_pss_options pss_opts;
+
size_t len;
uint8_t *p, *end;
CCHashResult_t digest;
@@ -99,72 +99,86 @@
p = sig_alg;
end = p + sig_alg_len;
rc = mbedtls_asn1_get_alg(&p, end, &sig_oid, ¶ms);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
/* Get the actual signature algorithm (MD + PK) */
rc = mbedtls_oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
/* The CryptoCell only supports RSASSA-PSS signature */
- if (pk_alg != MBEDTLS_PK_RSASSA_PSS || md_alg != MBEDTLS_MD_NONE)
+ if (pk_alg != MBEDTLS_PK_RSASSA_PSS || md_alg != MBEDTLS_MD_NONE) {
return CRYPTO_ERR_SIGNATURE;
+ }
/* Verify the RSASSA-PSS params */
/* The trailer field is verified to be 0xBC internally by this API */
rc = mbedtls_x509_get_rsassa_pss_params(¶ms, &md_alg,
- &pss_opts.mgf1_hash_id,
- &pss_opts.expected_salt_len);
- if (rc != 0)
+ &mgf1_hash_id,
+ &expected_salt_len);
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
/* The CryptoCell only supports SHA256 as hash algorithm */
if (md_alg != MBEDTLS_MD_SHA256 ||
- pss_opts.mgf1_hash_id != MBEDTLS_MD_SHA256)
+ mgf1_hash_id != MBEDTLS_MD_SHA256) {
return CRYPTO_ERR_SIGNATURE;
+ }
- if (pss_opts.expected_salt_len != RSA_SALT_LEN)
+ if (expected_salt_len != RSA_SALT_LEN) {
return CRYPTO_ERR_SIGNATURE;
+ }
/* Parse the public key */
p = pk_ptr;
end = p + pk_len;
rc = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
end = p + len;
rc = mbedtls_asn1_get_alg_null(&p, end, &alg_oid);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
- if (mbedtls_oid_get_pk_alg(&alg_oid, &pk_alg) != 0)
+ if (mbedtls_oid_get_pk_alg(&alg_oid, &pk_alg) != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
- if (pk_alg != MBEDTLS_PK_RSA)
+ if (pk_alg != MBEDTLS_PK_RSA) {
return CRYPTO_ERR_SIGNATURE;
+ }
rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
rc = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
if (*p == 0) {
p++; len--;
}
- if (len != BSV_CERT_RSA_KEY_SIZE_IN_BYTES || ((p + len) > end))
+ if (len != BSV_CERT_RSA_KEY_SIZE_IN_BYTES || ((p + len) > end)) {
return CRYPTO_ERR_SIGNATURE;
+ }
/*
* Copy N from certificate.
@@ -174,21 +188,25 @@
/* Verify the RSA exponent */
p += len;
rc = mbedtls_asn1_get_int(&p, end, &exp);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
- if (exp != RSA_EXPONENT)
+ if (exp != RSA_EXPONENT) {
return CRYPTO_ERR_SIGNATURE;
+ }
/* Get the signature (bitstring) */
p = sig_ptr;
end = p + sig_len;
rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
- if (len != BSV_CERT_RSA_KEY_SIZE_IN_BYTES || ((p + len) > end))
+ if (len != BSV_CERT_RSA_KEY_SIZE_IN_BYTES || ((p + len) > end)) {
return CRYPTO_ERR_SIGNATURE;
+ }
/*
* Copy the signature (in BE format)
@@ -197,15 +215,17 @@
error = CC_BsvSha256((uintptr_t)PLAT_CRYPTOCELL_BASE,
data_ptr, data_len, digest);
- if (error != CC_OK)
+ if (error != CC_OK) {
return CRYPTO_ERR_SIGNATURE;
+ }
/* Verify the signature */
error = CC_BsvRsaPssVerify((uintptr_t)PLAT_CRYPTOCELL_BASE, NBuff,
NULL, signature, digest, workspace,
BSV_RSA_WORKSPACE_MIN_SIZE, &is_verified);
- if ((error != CC_OK) || (is_verified != CC_TRUE))
+ if ((error != CC_OK) || (is_verified != CC_TRUE)) {
return CRYPTO_ERR_SIGNATURE;
+ }
/* Signature verification success */
return CRYPTO_SUCCESS;
@@ -233,39 +253,48 @@
end = p + digest_info_len;
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_HASH;
+ }
/* Get the hash algorithm */
rc = mbedtls_asn1_get_alg(&p, end, &hash_oid, ¶ms);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_HASH;
+ }
rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_HASH;
+ }
+
/* Verify that hash algorithm is SHA256 */
- if (md_alg != MBEDTLS_MD_SHA256)
+ if (md_alg != MBEDTLS_MD_SHA256) {
return CRYPTO_ERR_HASH;
+ }
/* Hash should be octet string type */
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_HASH;
+ }
/* Length of hash must match the algorithm's size */
- if (len != HASH_RESULT_SIZE_IN_BYTES)
+ if (len != HASH_RESULT_SIZE_IN_BYTES) {
return CRYPTO_ERR_HASH;
+ }
hash = p;
error = CC_BsvSha256((uintptr_t)PLAT_CRYPTOCELL_BASE, data_ptr,
data_len, pubKeyHash);
- if (error != CC_OK)
+ if (error != CC_OK) {
return CRYPTO_ERR_HASH;
+ }
rc = memcmp(pubKeyHash, hash, HASH_RESULT_SIZE_IN_BYTES);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_HASH;
+ }
return CRYPTO_SUCCESS;
}
diff --git a/drivers/auth/dualroot/cot.c b/drivers/auth/dualroot/cot.c
index 8368503..c89930c 100644
--- a/drivers/auth/dualroot/cot.c
+++ b/drivers/auth/dualroot/cot.c
@@ -1,17 +1,20 @@
/*
- * Copyright (c) 2020-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <stddef.h>
-#include <platform_def.h>
+#include <mbedtls/version.h>
-#include MBEDTLS_CONFIG_FILE
+#include <common/tbbr/cot_def.h>
#include <drivers/auth/auth_mod.h>
+
#include <tools_share/dualroot_oid.h>
+#include <platform_def.h>
+
/*
* Allocate static buffers to store the authentication parameters extracted from
* the certificates.
diff --git a/drivers/auth/mbedtls/mbedtls_common.c b/drivers/auth/mbedtls/mbedtls_common.c
index a12e49c..4f30d82 100644
--- a/drivers/auth/mbedtls/mbedtls_common.c
+++ b/drivers/auth/mbedtls/mbedtls_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -10,10 +10,11 @@
/* mbed TLS headers */
#include <mbedtls/memory_buffer_alloc.h>
#include <mbedtls/platform.h>
+#include <mbedtls/version.h>
#include <common/debug.h>
#include <drivers/auth/mbedtls/mbedtls_common.h>
-#include MBEDTLS_CONFIG_FILE
+
#include <plat/common/platform.h>
static void cleanup(void)
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index ae4b067..79c4512 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015-2022, Arm Limited. All rights reserved.
+# Copyright (c) 2015-2023, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -15,42 +15,68 @@
MBEDTLS_INC = -I${MBEDTLS_DIR}/include
+MBEDTLS_MAJOR=$(shell grep -hP "define MBEDTLS_VERSION_MAJOR" ${MBEDTLS_DIR}/include/mbedtls/*.h | grep -oe '\([0-9.]*\)')
+MBEDTLS_MINOR=$(shell grep -hP "define MBEDTLS_VERSION_MINOR" ${MBEDTLS_DIR}/include/mbedtls/*.h | grep -oe '\([0-9.]*\)')
+$(info MBEDTLS_VERSION_MAJOR is [${MBEDTLS_MAJOR}] MBEDTLS_VERSION_MINOR is [${MBEDTLS_MINOR}])
+
# Specify mbed TLS configuration file
-MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config.h>"
+ifeq (${MBEDTLS_MAJOR}, 2)
+ MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-2.h>"
+else ifeq (${MBEDTLS_MAJOR}, 3)
+ MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-3.h>"
+endif
+
$(eval $(call add_define,MBEDTLS_CONFIG_FILE))
MBEDTLS_SOURCES += drivers/auth/mbedtls/mbedtls_common.c
-
-LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \
- aes.c \
- asn1parse.c \
- asn1write.c \
- cipher.c \
- cipher_wrap.c \
- memory_buffer_alloc.c \
- oid.c \
- platform.c \
- platform_util.c \
- bignum.c \
- gcm.c \
- md.c \
- pk.c \
- pk_wrap.c \
- pkparse.c \
- pkwrite.c \
- sha256.c \
- sha512.c \
- ecdsa.c \
- ecp_curves.c \
- ecp.c \
- rsa.c \
- rsa_internal.c \
- x509.c \
- x509_crt.c \
- constant_time.c \
+LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \
+ aes.c \
+ asn1parse.c \
+ asn1write.c \
+ cipher.c \
+ cipher_wrap.c \
+ constant_time.c \
+ memory_buffer_alloc.c \
+ oid.c \
+ platform.c \
+ platform_util.c \
+ bignum.c \
+ gcm.c \
+ md.c \
+ pk.c \
+ pk_wrap.c \
+ pkparse.c \
+ pkwrite.c \
+ sha256.c \
+ sha512.c \
+ ecdsa.c \
+ ecp_curves.c \
+ ecp.c \
+ rsa.c \
+ x509.c \
+ x509_crt.c \
)
+ifeq (${MBEDTLS_MAJOR}, 2)
+ LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \
+ rsa_internal.c \
+ )
+else ifeq (${MBEDTLS_MAJOR}, 3)
+ LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \
+ bignum_core.c \
+ rsa_alt_helpers.c \
+ hash_info.c \
+ )
+
+ # Currently on Mbedtls-3 there is outstanding bug due to usage
+ # of redundant declaration[1], So disable redundant-decls
+ # compilation flag to avoid compilation error when compiling with
+ # Mbedtls-3.
+ # [1]: https://github.com/Mbed-TLS/mbedtls/issues/6910
+ LIBMBEDTLS_CFLAGS += -Wno-error=redundant-decls
+endif
+
# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
# algorithm to use. If the variable is not defined, select it based on
# algorithm used for key generation `KEY_ALG`. If `KEY_ALG` is not defined,
diff --git a/drivers/auth/mbedtls/mbedtls_crypto.c b/drivers/auth/mbedtls/mbedtls_crypto.c
index 42a0925..4241d21 100644
--- a/drivers/auth/mbedtls/mbedtls_crypto.c
+++ b/drivers/auth/mbedtls/mbedtls_crypto.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -14,12 +14,13 @@
#include <mbedtls/memory_buffer_alloc.h>
#include <mbedtls/oid.h>
#include <mbedtls/platform.h>
+#include <mbedtls/version.h>
#include <mbedtls/x509.h>
#include <common/debug.h>
#include <drivers/auth/crypto_mod.h>
#include <drivers/auth/mbedtls/mbedtls_common.h>
-#include <drivers/auth/mbedtls/mbedtls_config.h>
+
#include <plat/common/platform.h>
#define LIB_NAME "mbed TLS"
@@ -294,6 +295,7 @@
unsigned char *pt = data_ptr;
size_t dec_len;
int diff, i, rc;
+ size_t output_length __unused;
mbedtls_gcm_init(&ctx);
@@ -303,7 +305,11 @@
goto exit_gcm;
}
+#if (MBEDTLS_VERSION_MAJOR < 3)
rc = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_DECRYPT, iv, iv_len, NULL, 0);
+#else
+ rc = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_DECRYPT, iv, iv_len);
+#endif
if (rc != 0) {
rc = CRYPTO_ERR_DECRYPTION;
goto exit_gcm;
@@ -312,7 +318,12 @@
while (len > 0) {
dec_len = MIN(sizeof(buf), len);
+#if (MBEDTLS_VERSION_MAJOR < 3)
rc = mbedtls_gcm_update(&ctx, dec_len, pt, buf);
+#else
+ rc = mbedtls_gcm_update(&ctx, pt, dec_len, buf, sizeof(buf), &output_length);
+#endif
+
if (rc != 0) {
rc = CRYPTO_ERR_DECRYPTION;
goto exit_gcm;
@@ -323,7 +334,12 @@
len -= dec_len;
}
+#if (MBEDTLS_VERSION_MAJOR < 3)
rc = mbedtls_gcm_finish(&ctx, tag_buf, sizeof(tag_buf));
+#else
+ rc = mbedtls_gcm_finish(&ctx, NULL, 0, &output_length, tag_buf, sizeof(tag_buf));
+#endif
+
if (rc != 0) {
rc = CRYPTO_ERR_DECRYPTION;
goto exit_gcm;
diff --git a/drivers/auth/mbedtls/mbedtls_x509_parser.c b/drivers/auth/mbedtls/mbedtls_x509_parser.c
index bbabd9b..fb5b036 100644
--- a/drivers/auth/mbedtls/mbedtls_x509_parser.c
+++ b/drivers/auth/mbedtls/mbedtls_x509_parser.c
@@ -66,46 +66,63 @@
* Get X509v3 extension
*
* Global variable 'v3_ext' must point to the extensions region
- * in the certificate. No need to check for errors since the image has passed
- * the integrity check.
+ * in the certificate. OID may be NULL to request that get_ext()
+ * is only being called for integrity checking.
*/
static int get_ext(const char *oid, void **ext, unsigned int *ext_len)
{
- int oid_len;
+ int oid_len, ret, is_critical;
size_t len;
- unsigned char *end_ext_data, *end_ext_octet;
unsigned char *p;
const unsigned char *end;
char oid_str[MAX_OID_STR_LEN];
mbedtls_asn1_buf extn_oid;
- int is_critical;
-
- assert(oid != NULL);
p = v3_ext.p;
end = v3_ext.p + v3_ext.len;
- while (p < end) {
- zeromem(&extn_oid, sizeof(extn_oid));
- is_critical = 0; /* DEFAULT FALSE */
+ /*
+ * Check extensions integrity. At least one extension is
+ * required: the ASN.1 specifies a minimum size of 1, and at
+ * least one extension is needed to authenticate the next stage
+ * in the boot chain.
+ */
+ do {
+ unsigned char *end_ext_data;
- mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE);
+ ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE);
+ if (ret != 0) {
+ return IMG_PARSER_ERR_FORMAT;
+ }
end_ext_data = p + len;
/* Get extension ID */
- extn_oid.tag = *p;
- mbedtls_asn1_get_tag(&p, end, &extn_oid.len, MBEDTLS_ASN1_OID);
+ ret = mbedtls_asn1_get_tag(&p, end_ext_data, &extn_oid.len,
+ MBEDTLS_ASN1_OID);
+ if (ret != 0) {
+ return IMG_PARSER_ERR_FORMAT;
+ }
+ extn_oid.tag = MBEDTLS_ASN1_OID;
extn_oid.p = p;
p += extn_oid.len;
/* Get optional critical */
- mbedtls_asn1_get_bool(&p, end_ext_data, &is_critical);
+ ret = mbedtls_asn1_get_bool(&p, end_ext_data, &is_critical);
+ if ((ret != 0) && (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) {
+ return IMG_PARSER_ERR_FORMAT;
+ }
- /* Extension data */
- mbedtls_asn1_get_tag(&p, end_ext_data, &len,
- MBEDTLS_ASN1_OCTET_STRING);
- end_ext_octet = p + len;
+ /*
+ * Data should be octet string type and must use all bytes in
+ * the Extension.
+ */
+ ret = mbedtls_asn1_get_tag(&p, end_ext_data, &len,
+ MBEDTLS_ASN1_OCTET_STRING);
+ if ((ret != 0) || ((p + len) != end_ext_data)) {
+ return IMG_PARSER_ERR_FORMAT;
+ }
/* Detect requested extension */
oid_len = mbedtls_oid_get_numeric_string(oid_str,
@@ -114,17 +131,20 @@
if ((oid_len == MBEDTLS_ERR_OID_BUF_TOO_SMALL) || (oid_len < 0)) {
return IMG_PARSER_ERR;
}
- if (((size_t)oid_len == strlen(oid_str)) && !strcmp(oid, oid_str)) {
+
+ if ((oid != NULL) &&
+ ((size_t)oid_len == strlen(oid_str)) &&
+ (strcmp(oid, oid_str) == 0)) {
*ext = (void *)p;
*ext_len = (unsigned int)len;
return IMG_PARSER_OK;
}
/* Next */
- p = end_ext_octet;
- }
+ p = end_ext_data;
+ } while (p < end);
- return IMG_PARSER_ERR_NOT_FOUND;
+ return (oid == NULL) ? IMG_PARSER_OK : IMG_PARSER_ERR_NOT_FOUND;
}
@@ -139,7 +159,7 @@
*/
static int cert_parse(void *img, unsigned int img_len)
{
- int ret, is_critical;
+ int ret;
size_t len;
unsigned char *p, *end, *crt_end, *pk_end;
mbedtls_asn1_buf sig_alg1;
@@ -161,7 +181,8 @@
p = (unsigned char *)img;
len = img_len;
- end = p + len;
+ crt_end = p + len;
+ end = crt_end;
/*
* Certificate ::= SEQUENCE {
@@ -171,15 +192,10 @@
*/
ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE);
- if (ret != 0) {
+ if ((ret != 0) || ((p + len) != end)) {
return IMG_PARSER_ERR_FORMAT;
}
- if (len != (size_t)(end - p)) {
- return IMG_PARSER_ERR_FORMAT;
- }
- crt_end = p + len;
-
/*
* TBSCertificate ::= SEQUENCE {
*/
@@ -220,9 +236,6 @@
if (ret != 0) {
return IMG_PARSER_ERR_FORMAT;
}
- if ((end - p) < 1) {
- return IMG_PARSER_ERR_FORMAT;
- }
sig_alg1.len = (p + len) - sig_alg1.p;
p += len;
@@ -288,30 +301,24 @@
/*
* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
- */
- ret = mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC |
- MBEDTLS_ASN1_CONSTRUCTED | 1);
- if (ret != 0) {
- if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
- return IMG_PARSER_ERR_FORMAT;
- }
- } else {
- p += len;
- }
-
- /*
* subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
+ * -- technically these contain BIT STRINGs but that is not worth
+ * -- validating
*/
- ret = mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC |
- MBEDTLS_ASN1_CONSTRUCTED | 2);
- if (ret != 0) {
+ for (int i = 1; i < 3; i++) {
+ ret = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+ MBEDTLS_ASN1_CONSTRUCTED | i);
+ /*
+ * Unique IDs are obsolete, so MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+ * is the common case.
+ */
if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
- return IMG_PARSER_ERR_FORMAT;
+ if (ret != 0) {
+ return IMG_PARSER_ERR_FORMAT;
+ }
+ p += len;
}
- } else {
- p += len;
}
/*
@@ -347,51 +354,12 @@
}
v3_ext.p = p;
v3_ext.len = len;
-
- /*
- * Check extensions integrity. At least one extension is
- * required: the ASN.1 specifies a minimum size of 1, and at
- * least one extension is needed to authenticate the next stage
- * in the boot chain.
- */
- do {
- unsigned char *end_ext_data;
-
- ret = mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE);
- if (ret != 0) {
- return IMG_PARSER_ERR_FORMAT;
- }
- end_ext_data = p + len;
-
- /* Get extension ID */
- ret = mbedtls_asn1_get_tag(&p, end_ext_data, &len, MBEDTLS_ASN1_OID);
- if (ret != 0) {
- return IMG_PARSER_ERR_FORMAT;
- }
- p += len;
-
- /* Get optional critical */
- ret = mbedtls_asn1_get_bool(&p, end_ext_data, &is_critical);
- if ((ret != 0) && (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) {
- return IMG_PARSER_ERR_FORMAT;
- }
-
- /*
- * Data should be octet string type and must use all bytes in
- * the Extension.
- */
- ret = mbedtls_asn1_get_tag(&p, end_ext_data, &len,
- MBEDTLS_ASN1_OCTET_STRING);
- if ((ret != 0) || ((p + len) != end_ext_data)) {
- return IMG_PARSER_ERR_FORMAT;
- }
- p = end_ext_data;
- } while (p < end);
+ p += len;
- if (p != end) {
- return IMG_PARSER_ERR_FORMAT;
+ /* Check extensions integrity */
+ ret = get_ext(NULL, NULL, NULL);
+ if (ret != IMG_PARSER_OK) {
+ return ret;
}
end = crt_end;
@@ -414,19 +382,14 @@
/*
* signatureValue BIT STRING
+ * } -- must consume all bytes
*/
signature.p = p;
ret = mbedtls_asn1_get_bitstring_null(&p, end, &len);
- if (ret != 0) {
- return IMG_PARSER_ERR_FORMAT;
- }
- signature.len = (p + len) - signature.p;
- p += len;
-
- /* Check certificate length */
- if (p != end) {
+ if ((ret != 0) || ((p + len) != end)) {
return IMG_PARSER_ERR_FORMAT;
}
+ signature.len = end - signature.p;
return IMG_PARSER_OK;
}
@@ -511,5 +474,5 @@
return rc;
}
-REGISTER_IMG_PARSER_LIB(IMG_CERT, LIB_NAME, init, \
+REGISTER_IMG_PARSER_LIB(IMG_CERT, LIB_NAME, init,
check_integrity, get_auth_param);
diff --git a/drivers/auth/tbbr/tbbr_cot_bl1.c b/drivers/auth/tbbr/tbbr_cot_bl1.c
index 44f8638..21942b4 100644
--- a/drivers/auth/tbbr/tbbr_cot_bl1.c
+++ b/drivers/auth/tbbr/tbbr_cot_bl1.c
@@ -1,22 +1,24 @@
/*
- * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <stddef.h>
-#include <platform_def.h>
-#include MBEDTLS_CONFIG_FILE
+#include <mbedtls/version.h>
#include <drivers/auth/auth_mod.h>
#include <drivers/auth/tbbr_cot_common.h>
+
#if USE_TBBR_DEFS
#include <tools_share/tbbr_oid.h>
#else
#include <platform_oid.h>
#endif
+#include <platform_def.h>
+
static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID);
static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC(
diff --git a/drivers/auth/tbbr/tbbr_cot_bl1_r64.c b/drivers/auth/tbbr/tbbr_cot_bl1_r64.c
index 78e38f6..236823a 100644
--- a/drivers/auth/tbbr/tbbr_cot_bl1_r64.c
+++ b/drivers/auth/tbbr/tbbr_cot_bl1_r64.c
@@ -1,13 +1,14 @@
/*
- * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <stddef.h>
+#include <mbedtls/version.h>
+
#include <drivers/auth/auth_mod.h>
-#include MBEDTLS_CONFIG_FILE
#include <drivers/auth/tbbr_cot_common.h>
#if USE_TBBR_DEFS
@@ -15,8 +16,8 @@
#else
#include <platform_oid.h>
#endif
-#include <platform_def.h>
+#include <platform_def.h>
static unsigned char trusted_world_pk_buf[PK_DER_LEN];
static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
diff --git a/drivers/auth/tbbr/tbbr_cot_bl2.c b/drivers/auth/tbbr/tbbr_cot_bl2.c
index 11e2f46..ce2aa7e 100644
--- a/drivers/auth/tbbr/tbbr_cot_bl2.c
+++ b/drivers/auth/tbbr/tbbr_cot_bl2.c
@@ -1,22 +1,24 @@
/*
- * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <stddef.h>
-#include <platform_def.h>
-#include MBEDTLS_CONFIG_FILE
+#include <mbedtls/version.h>
#include <drivers/auth/auth_mod.h>
#include <drivers/auth/tbbr_cot_common.h>
+
#if USE_TBBR_DEFS
#include <tools_share/tbbr_oid.h>
#else
#include <platform_oid.h>
#endif
+#include <platform_def.h>
+
static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN];
diff --git a/drivers/auth/tbbr/tbbr_cot_common.c b/drivers/auth/tbbr/tbbr_cot_common.c
index 0983d42..8c37248 100644
--- a/drivers/auth/tbbr/tbbr_cot_common.c
+++ b/drivers/auth/tbbr/tbbr_cot_common.c
@@ -1,22 +1,23 @@
/*
- * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <stddef.h>
-#include <platform_def.h>
-#include MBEDTLS_CONFIG_FILE
+#include <mbedtls/version.h>
#include <drivers/auth/auth_mod.h>
#include <drivers/auth/tbbr_cot_common.h>
+
#if USE_TBBR_DEFS
#include <tools_share/tbbr_oid.h>
#else
#include <platform_oid.h>
#endif
+#include <platform_def.h>
/*
* The platform must allocate buffers to store the authentication parameters
* extracted from the certificates. In this case, because of the way the CoT is
diff --git a/drivers/nxp/auth/tbbr/tbbr_cot.c b/drivers/nxp/auth/tbbr/tbbr_cot.c
index bb21fa0..ac4595f 100644
--- a/drivers/nxp/auth/tbbr/tbbr_cot.c
+++ b/drivers/nxp/auth/tbbr/tbbr_cot.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
*
* Copyright 2020 NXP
*
@@ -8,6 +8,7 @@
#include <stddef.h>
+#include <common/tbbr/cot_def.h>
#include <drivers/auth/auth_mod.h>
#if USE_TBBR_DEFS
diff --git a/drivers/ufs/ufs.c b/drivers/ufs/ufs.c
index d8c0a14..6074374 100644
--- a/drivers/ufs/ufs.c
+++ b/drivers/ufs/ufs.c
@@ -225,7 +225,7 @@
}
continue;
}
- assert((mmio_read_32(base + HCS) & HCS_DP) == 0);
+ assert(mmio_read_32(base + HCS) & HCS_DP);
data = mmio_read_32(base + IS);
if (data & UFS_INT_ULSS)
mmio_write_32(base + IS, UFS_INT_ULSS);
@@ -234,42 +234,33 @@
return -EIO;
}
-/* Check Door Bell register to get an empty slot */
-static int get_empty_slot(int *slot)
+/* Read Door Bell register to check if slot zero is available */
+static int is_slot_available(void)
{
- unsigned int data;
- int i;
-
- data = mmio_read_32(ufs_params.reg_base + UTRLDBR);
- for (i = 0; i < nutrs; i++) {
- if ((data & 1) == 0)
- break;
- data = data >> 1;
- }
- if (i >= nutrs)
+ if (mmio_read_32(ufs_params.reg_base + UTRLDBR) & 0x1) {
return -EBUSY;
- *slot = i;
+ }
return 0;
}
static void get_utrd(utp_utrd_t *utrd)
{
uintptr_t base;
- int slot = 0, result;
+ int result;
utrd_header_t *hd;
assert(utrd != NULL);
- result = get_empty_slot(&slot);
+ result = is_slot_available();
assert(result == 0);
/* clear utrd */
memset((void *)utrd, 0, sizeof(utp_utrd_t));
- base = ufs_params.desc_base + (slot * sizeof(utrd_header_t));
+ base = ufs_params.desc_base;
/* clear the descriptor */
memset((void *)base, 0, UFS_DESC_SIZE);
utrd->header = base;
- utrd->task_tag = slot + 1;
+ utrd->task_tag = 1; /* We always use the first slot */
/* CDB address should be aligned with 128 bytes */
utrd->upiu = ALIGN_CDB(utrd->header + sizeof(utrd_header_t));
utrd->resp_upiu = ALIGN_8(utrd->upiu + sizeof(cmd_upiu_t));
@@ -297,7 +288,8 @@
prdt_t *prdt;
unsigned int ulba;
unsigned int lba_cnt;
- int prdt_size;
+ uintptr_t desc_limit;
+ uintptr_t prdt_end;
hd = (utrd_header_t *)utrd->header;
upiu = (cmd_upiu_t *)utrd->upiu;
@@ -351,17 +343,24 @@
assert(0);
break;
}
- if (hd->dd == DD_IN)
+ if (hd->dd == DD_IN) {
flush_dcache_range(buf, length);
- else if (hd->dd == DD_OUT)
+ } else if (hd->dd == DD_OUT) {
inv_dcache_range(buf, length);
+ }
+
+ utrd->prdt_length = 0;
if (length) {
upiu->exp_data_trans_len = htobe32(length);
assert(lba_cnt <= UINT16_MAX);
prdt = (prdt_t *)utrd->prdt;
- prdt_size = 0;
+ desc_limit = ufs_params.desc_base + ufs_params.desc_size;
while (length > 0) {
+ if ((uintptr_t)prdt + sizeof(prdt_t) > desc_limit) {
+ ERROR("UFS: Exceeded descriptor limit. Image is too large\n");
+ panic();
+ }
prdt->dba = (unsigned int)(buf & UINT32_MAX);
prdt->dbau = (unsigned int)((buf >> 32) & UINT32_MAX);
/* prdt->dbc counts from 0 */
@@ -374,14 +373,14 @@
}
buf += MAX_PRDT_SIZE;
prdt++;
- prdt_size += sizeof(prdt_t);
+ utrd->prdt_length++;
}
- utrd->size_prdt = ALIGN_8(prdt_size);
- hd->prdtl = utrd->size_prdt >> 2;
+ hd->prdtl = utrd->prdt_length;
hd->prdto = (utrd->size_upiu + utrd->size_resp_upiu) >> 2;
}
- flush_dcache_range((uintptr_t)utrd->header, UFS_DESC_SIZE);
+ prdt_end = utrd->prdt + utrd->prdt_length * sizeof(prdt_t);
+ flush_dcache_range(utrd->header, prdt_end - utrd->header);
return 0;
}
diff --git a/fdts/fvp-base-psci-common.dtsi b/fdts/fvp-base-psci-common.dtsi
index 7838fde..79cf37d 100644
--- a/fdts/fvp-base-psci-common.dtsi
+++ b/fdts/fvp-base-psci-common.dtsi
@@ -186,10 +186,7 @@
pmu {
compatible = "arm,armv8-pmuv3";
- interrupts = <GIC_SPI 60 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 61 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 62 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 63 IRQ_TYPE_LEVEL_HIGH>;
+ interrupts = <GIC_PPI 7 IRQ_TYPE_LEVEL_HIGH>;
};
panel {
diff --git a/fdts/morello-soc.dts b/fdts/morello-soc.dts
index 5f147b7..e87b617 100644
--- a/fdts/morello-soc.dts
+++ b/fdts/morello-soc.dts
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -213,6 +213,29 @@
clock-output-names = "aclk";
};
+ gpu@2d000000 {
+ compatible = "arm,mali-bifrost";
+ reg = <0x0 0x2d000000 0x0 0x4000>;
+ interrupts =
+ <GIC_SPI 65 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 66 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 67 IRQ_TYPE_LEVEL_HIGH>;
+ interrupt-names =
+ "gpu",
+ "job",
+ "mmu";
+ clocks = <&clk_gpu>;
+ clock-names = "clk_mali";
+ status = "okay";
+ };
+
+ clk_gpu: clk_gpu {
+ compatible = "fixed-clock";
+ #clock-cells = <0>;
+ clock-frequency = <650000000>;
+ clock-output-names = "clk_mali";
+ };
+
firmware {
scmi {
compatible = "arm,scmi";
diff --git a/fdts/tc.dts b/fdts/tc.dts
index 192f407..4f27589 100644
--- a/fdts/tc.dts
+++ b/fdts/tc.dts
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -456,13 +456,25 @@
clock-names = "mclk", "apb_pclk";
};
+ gpu_clk: gpu_clk {
+ compatible = "fixed-clock";
+ #clock-cells = <0>;
+ clock-frequency = <1000000000>;
+ };
+
+ gpu_core_clk: gpu_core_clk {
+ compatible = "fixed-clock";
+ #clock-cells = <0>;
+ clock-frequency = <1000000000>;
+ };
+
gpu: gpu@2d000000 {
compatible = "arm,mali-midgard";
reg = <0x0 0x2d000000 0x0 0x200000>;
interrupts = <0 66 4>, <0 67 4>, <0 65 4>;
interrupt-names = "JOB", "MMU", "GPU";
- clocks = <&soc_refclk100mhz>;
- clock-names = "clk_mali";
+ clocks = <&gpu_clk>, <&gpu_core_clk>;
+ clock-names = "clk_mali", "shadercores";
iommus = <&smmu_700 0x200>;
operating-points = <
/* KHz uV */
@@ -470,6 +482,18 @@
>;
};
+ power_model@simple {
+ /*
+ * Numbers used are irrelevant to Titan,
+ * it helps suppressing the kernel warnings.
+ */
+ compatible = "arm,mali-simple-power-model";
+ static-coefficient = <2427750>;
+ dynamic-coefficient = <4687>;
+ ts = <20000 2000 (-20) 2>;
+ thermal-zone = "";
+ };
+
smmu_700: smmu_700@3f000000 {
#iommu-cells = <1>;
compatible = "arm,smmu-v3";
@@ -519,6 +543,15 @@
};
};
+ /*
+ * L3 cache in the DSU is the Memory System Component (MSC)
+ * The MPAM registers are accessed through utility bus in the DSU
+ */
+ msc0 {
+ compatible = "arm,mpam-msc";
+ reg = <0x1 0x00010000 0x0 0x2000>;
+ };
+
ete0 {
compatible = "arm,embedded-trace-extension";
cpu = <&CPU0>;
diff --git a/include/arch/aarch32/arch_features.h b/include/arch/aarch32/arch_features.h
index ddf0968..a5a5e27 100644
--- a/include/arch/aarch32/arch_features.h
+++ b/include/arch/aarch32/arch_features.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -10,17 +10,37 @@
#include <stdbool.h>
#include <arch_helpers.h>
+#include <common/feat_detect.h>
+
+#define ISOLATE_FIELD(reg, feat) \
+ ((unsigned int)(((reg) >> (feat ## _SHIFT)) & (feat ## _MASK)))
static inline bool is_armv7_gentimer_present(void)
{
- return ((read_id_pfr1() >> ID_PFR1_GENTIMER_SHIFT) &
- ID_PFR1_GENTIMER_MASK) != 0U;
+ return ISOLATE_FIELD(read_id_pfr1(), ID_PFR1_GENTIMER) != 0U;
}
static inline bool is_armv8_2_ttcnp_present(void)
{
- return ((read_id_mmfr4() >> ID_MMFR4_CNP_SHIFT) &
- ID_MMFR4_CNP_MASK) != 0U;
+ return ISOLATE_FIELD(read_id_mmfr4(), ID_MMFR4_CNP) != 0U;
+}
+
+static inline unsigned int read_feat_trf_id_field(void)
+{
+ return ISOLATE_FIELD(read_id_dfr0(), ID_DFR0_TRACEFILT);
+}
+
+static inline bool is_feat_trf_supported(void)
+{
+ if (ENABLE_TRF_FOR_NS == FEAT_STATE_DISABLED) {
+ return false;
+ }
+
+ if (ENABLE_TRF_FOR_NS == FEAT_STATE_ALWAYS) {
+ return true;
+ }
+
+ return read_feat_trf_id_field() != 0U;
}
#endif /* ARCH_FEATURES_H */
diff --git a/include/arch/aarch32/el3_common_macros.S b/include/arch/aarch32/el3_common_macros.S
index 8b6765a..585a9ae 100644
--- a/include/arch/aarch32/el3_common_macros.S
+++ b/include/arch/aarch32/el3_common_macros.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -374,7 +374,7 @@
* ---------------------------------------------------------------------
*/
.if \_init_c_runtime
-#if defined(IMAGE_BL32) || (defined(IMAGE_BL2) && BL2_AT_EL3)
+#if defined(IMAGE_BL32) || (defined(IMAGE_BL2) && RESET_TO_BL2)
/* -----------------------------------------------------------------
* Invalidate the RW memory used by the image. This
* includes the data and NOBITS sections. This is done to
@@ -426,7 +426,8 @@
/* Restore r12 */
mov r12, r7
-#if defined(IMAGE_BL1) || (defined(IMAGE_BL2) && BL2_AT_EL3 && BL2_IN_XIP_MEM)
+#if defined(IMAGE_BL1) || \
+ (defined(IMAGE_BL2) && RESET_TO_BL2 && BL2_IN_XIP_MEM)
/* -----------------------------------------------------
* Copy data from ROM to RAM.
* -----------------------------------------------------
diff --git a/include/arch/aarch32/smccc_helpers.h b/include/arch/aarch32/smccc_helpers.h
index 2ce7874..8876da9 100644
--- a/include/arch/aarch32/smccc_helpers.h
+++ b/include/arch/aarch32/smccc_helpers.h
@@ -90,21 +90,21 @@
* ensure that the assembler and the compiler view of the offsets of
* the structure members is the same.
*/
-CASSERT(SMC_CTX_GPREG_R0 == __builtin_offsetof(smc_ctx_t, r0), \
+CASSERT(SMC_CTX_GPREG_R0 == __builtin_offsetof(smc_ctx_t, r0),
assert_smc_ctx_greg_r0_offset_mismatch);
-CASSERT(SMC_CTX_GPREG_R1 == __builtin_offsetof(smc_ctx_t, r1), \
+CASSERT(SMC_CTX_GPREG_R1 == __builtin_offsetof(smc_ctx_t, r1),
assert_smc_ctx_greg_r1_offset_mismatch);
-CASSERT(SMC_CTX_GPREG_R2 == __builtin_offsetof(smc_ctx_t, r2), \
+CASSERT(SMC_CTX_GPREG_R2 == __builtin_offsetof(smc_ctx_t, r2),
assert_smc_ctx_greg_r2_offset_mismatch);
-CASSERT(SMC_CTX_GPREG_R3 == __builtin_offsetof(smc_ctx_t, r3), \
+CASSERT(SMC_CTX_GPREG_R3 == __builtin_offsetof(smc_ctx_t, r3),
assert_smc_ctx_greg_r3_offset_mismatch);
-CASSERT(SMC_CTX_GPREG_R4 == __builtin_offsetof(smc_ctx_t, r4), \
+CASSERT(SMC_CTX_GPREG_R4 == __builtin_offsetof(smc_ctx_t, r4),
assert_smc_ctx_greg_r4_offset_mismatch);
-CASSERT(SMC_CTX_SP_USR == __builtin_offsetof(smc_ctx_t, sp_usr), \
+CASSERT(SMC_CTX_SP_USR == __builtin_offsetof(smc_ctx_t, sp_usr),
assert_smc_ctx_sp_usr_offset_mismatch);
-CASSERT(SMC_CTX_LR_MON == __builtin_offsetof(smc_ctx_t, lr_mon), \
+CASSERT(SMC_CTX_LR_MON == __builtin_offsetof(smc_ctx_t, lr_mon),
assert_smc_ctx_lr_mon_offset_mismatch);
-CASSERT(SMC_CTX_SPSR_MON == __builtin_offsetof(smc_ctx_t, spsr_mon), \
+CASSERT(SMC_CTX_SPSR_MON == __builtin_offsetof(smc_ctx_t, spsr_mon),
assert_smc_ctx_spsr_mon_offset_mismatch);
CASSERT((sizeof(smc_ctx_t) & 0x7U) == 0U, assert_smc_ctx_not_aligned);
diff --git a/include/arch/aarch64/arch.h b/include/arch/aarch64/arch.h
index 9e13c3d..9e4a3b7 100644
--- a/include/arch/aarch64/arch.h
+++ b/include/arch/aarch64/arch.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
* Copyright (c) 2020-2022, NVIDIA Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -1063,13 +1063,17 @@
#define PMBLIMITR_EL1 S3_0_C9_C10_0
/*******************************************************************************
- * Definitions for system register interface to MPAM
+ * Definitions for system register interface, shifts and masks for MPAM
******************************************************************************/
#define MPAMIDR_EL1 S3_0_C10_C4_4
#define MPAM2_EL2 S3_4_C10_C5_0
#define MPAMHCR_EL2 S3_4_C10_C4_0
#define MPAM3_EL3 S3_6_C10_C5_0
+#define MPAMIDR_EL1_HAS_HCR_SHIFT ULL(0x11)
+#define MPAMIDR_EL1_VPMR_MAX_SHIFT ULL(0x12)
+#define MPAMIDR_EL1_VPMR_MAX_WIDTH ULL(0x3)
+#define MPAMIDR_EL1_VPMR_MAX_POSSIBLE ULL(0x7)
/*******************************************************************************
* Definitions for system register interface to AMU for FEAT_AMUv1
******************************************************************************/
diff --git a/include/arch/aarch64/arch_features.h b/include/arch/aarch64/arch_features.h
index 2b801ac..9ff81aa 100644
--- a/include/arch/aarch64/arch_features.h
+++ b/include/arch/aarch64/arch_features.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -12,6 +12,9 @@
#include <arch_helpers.h>
#include <common/feat_detect.h>
+#define ISOLATE_FIELD(reg, feat) \
+ ((unsigned int)(((reg) >> (feat ## _SHIFT)) & (feat ## _MASK)))
+
static inline bool is_armv7_gentimer_present(void)
{
/* The Generic Timer is always present in an ARMv8-A implementation */
@@ -100,8 +103,7 @@
static unsigned int read_feat_fgt_id_field(void)
{
- return (read_id_aa64mmfr0_el1() >> ID_AA64MMFR0_EL1_FGT_SHIFT) &
- ID_AA64MMFR0_EL1_FGT_MASK;
+ return ISOLATE_FIELD(read_id_aa64mmfr0_el1(), ID_AA64MMFR0_EL1_FGT);
}
static inline bool is_feat_fgt_supported(void)
@@ -134,8 +136,7 @@
******************************************************************************/
static unsigned int read_feat_amu_id_field(void)
{
- return (read_id_aa64pfr0_el1() >> ID_AA64PFR0_AMU_SHIFT) &
- ID_AA64PFR0_AMU_MASK;
+ return ISOLATE_FIELD(read_id_aa64pfr0_el1(), ID_AA64PFR0_AMU);
}
static inline bool is_feat_amu_supported(void)
@@ -175,8 +176,7 @@
static inline unsigned int read_feat_hcx_id_field(void)
{
- return (read_id_aa64mmfr1_el1() >> ID_AA64MMFR1_EL1_HCX_SHIFT) &
- ID_AA64MMFR1_EL1_HCX_MASK;
+ return ISOLATE_FIELD(read_id_aa64mmfr1_el1(), ID_AA64MMFR1_EL1_HCX);
}
static inline bool is_feat_hcx_supported(void)
@@ -268,10 +268,22 @@
/*************************************************************************
* Function to identify the presence of FEAT_TRF (TraceLift)
************************************************************************/
-static inline bool is_arm8_4_feat_trf_present(void)
+static inline unsigned int read_feat_trf_id_field(void)
+{
+ return ISOLATE_FIELD(read_id_aa64dfr0_el1(), ID_AA64DFR0_TRACEFILT);
+}
+
+static inline bool is_feat_trf_supported(void)
{
- return (((read_id_aa64dfr0_el1() >> ID_AA64DFR0_TRACEFILT_SHIFT) &
- ID_AA64DFR0_TRACEFILT_MASK) == ID_AA64DFR0_TRACEFILT_SUPPORTED);
+ if (ENABLE_TRF_FOR_NS == FEAT_STATE_DISABLED) {
+ return false;
+ }
+
+ if (ENABLE_TRF_FOR_NS == FEAT_STATE_ALWAYS) {
+ return true;
+ }
+
+ return read_feat_trf_id_field() != 0U;
}
/********************************************************************************
@@ -288,19 +300,43 @@
* Function to identify the presence of FEAT_BRBE (Branch Record Buffer
* Extension)
******************************************************************************/
-static inline bool is_feat_brbe_present(void)
+static inline unsigned int read_feat_brbe_id_field(void)
{
- return (((read_id_aa64dfr0_el1() >> ID_AA64DFR0_BRBE_SHIFT) &
- ID_AA64DFR0_BRBE_MASK) == ID_AA64DFR0_BRBE_SUPPORTED);
+ return ISOLATE_FIELD(read_id_aa64dfr0_el1(), ID_AA64DFR0_BRBE);
+}
+
+static inline bool is_feat_brbe_supported(void)
+{
+ if (ENABLE_BRBE_FOR_NS == FEAT_STATE_DISABLED) {
+ return false;
+ }
+
+ if (ENABLE_BRBE_FOR_NS == FEAT_STATE_ALWAYS) {
+ return true;
+ }
+
+ return read_feat_brbe_id_field() != 0U;
}
/*******************************************************************************
* Function to identify the presence of FEAT_TRBE (Trace Buffer Extension)
******************************************************************************/
-static inline bool is_feat_trbe_present(void)
+static inline unsigned int read_feat_trbe_id_field(void)
{
- return (((read_id_aa64dfr0_el1() >> ID_AA64DFR0_TRACEBUFFER_SHIFT) &
- ID_AA64DFR0_TRACEBUFFER_MASK) == ID_AA64DFR0_TRACEBUFFER_SUPPORTED);
+ return ISOLATE_FIELD(read_id_aa64dfr0_el1(), ID_AA64DFR0_TRACEBUFFER);
}
+static inline bool is_feat_trbe_supported(void)
+{
+ if (ENABLE_TRBE_FOR_NS == FEAT_STATE_DISABLED) {
+ return false;
+ }
+
+ if (ENABLE_TRBE_FOR_NS == FEAT_STATE_ALWAYS) {
+ return true;
+ }
+
+ return read_feat_trbe_id_field() != 0U;
+
+}
#endif /* ARCH_FEATURES_H */
diff --git a/include/arch/aarch64/arch_helpers.h b/include/arch/aarch64/arch_helpers.h
index 86c1dbe..3350c8f 100644
--- a/include/arch/aarch64/arch_helpers.h
+++ b/include/arch/aarch64/arch_helpers.h
@@ -555,6 +555,9 @@
/* Armv8.4 Data Independent Timing Register */
DEFINE_RENAME_SYSREG_RW_FUNCS(dit, DIT)
+/* Armv8.4 FEAT_TRF Register */
+DEFINE_RENAME_SYSREG_RW_FUNCS(trfcr_el2, TRFCR_EL2)
+
/* Armv8.5 MTE Registers */
DEFINE_RENAME_SYSREG_RW_FUNCS(tfsre0_el1, TFSRE0_EL1)
DEFINE_RENAME_SYSREG_RW_FUNCS(tfsr_el1, TFSR_EL1)
@@ -689,7 +692,7 @@
isb(); \
}
#else
-#define AT(_at_inst, _va) _at_inst(_va);
+#define AT(_at_inst, _va) _at_inst(_va)
#endif
#endif /* ARCH_HELPERS_H */
diff --git a/include/arch/aarch64/el2_common_macros.S b/include/arch/aarch64/el2_common_macros.S
index 7bf4806..dcaea3d 100644
--- a/include/arch/aarch64/el2_common_macros.S
+++ b/include/arch/aarch64/el2_common_macros.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -347,7 +347,8 @@
sub x1, x1, x0
bl zeromem
-#if defined(IMAGE_BL1) || (defined(IMAGE_BL2) && BL2_AT_EL3 && BL2_IN_XIP_MEM)
+#if defined(IMAGE_BL1) || (defined(IMAGE_BL2) && \
+ RESET_TO_BL2 && BL2_IN_XIP_MEM)
adrp x0, __DATA_RAM_START__
add x0, x0, :lo12:__DATA_RAM_START__
adrp x1, __DATA_ROM_START__
@@ -384,13 +385,12 @@
.macro apply_at_speculative_wa
#if ERRATA_SPECULATIVE_AT
/*
- * Explicitly save x30 so as to free up a register and to enable
- * branching and also, save x29 which will be used in the called
- * function
+ * This function expects x30 has been saved.
+ * Also, save x29 which will be used in the called function.
*/
- stp x29, x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29]
+ str x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29]
bl save_and_update_ptw_el1_sys_regs
- ldp x29, x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29]
+ ldr x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29]
#endif
.endm
diff --git a/include/arch/aarch64/el3_common_macros.S b/include/arch/aarch64/el3_common_macros.S
index de2b931..45a86c1 100644
--- a/include/arch/aarch64/el3_common_macros.S
+++ b/include/arch/aarch64/el3_common_macros.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -433,7 +433,7 @@
*/
.if \_init_c_runtime
#if defined(IMAGE_BL31) || (defined(IMAGE_BL2) && \
- ((BL2_AT_EL3 && BL2_INV_DCACHE) || ENABLE_RME))
+ ((RESET_TO_BL2 && BL2_INV_DCACHE) || ENABLE_RME))
/* -------------------------------------------------------------
* Invalidate the RW memory used by the BL31 image. This
* includes the data and NOBITS sections. This is done to
@@ -495,7 +495,8 @@
bl zeromem
#endif
-#if defined(IMAGE_BL1) || (defined(IMAGE_BL2) && BL2_AT_EL3 && BL2_IN_XIP_MEM)
+#if defined(IMAGE_BL1) || \
+ (defined(IMAGE_BL2) && RESET_TO_BL2 && BL2_IN_XIP_MEM)
adrp x0, __DATA_RAM_START__
add x0, x0, :lo12:__DATA_RAM_START__
adrp x1, __DATA_ROM_START__
@@ -532,13 +533,12 @@
.macro apply_at_speculative_wa
#if ERRATA_SPECULATIVE_AT
/*
- * Explicitly save x30 so as to free up a register and to enable
- * branching and also, save x29 which will be used in the called
- * function
+ * This function expects x30 has been saved.
+ * Also, save x29 which will be used in the called function.
*/
- stp x29, x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29]
+ str x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29]
bl save_and_update_ptw_el1_sys_regs
- ldp x29, x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29]
+ ldr x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29]
#endif
.endm
diff --git a/include/arch/aarch64/smccc_helpers.h b/include/arch/aarch64/smccc_helpers.h
index 920f294..950a811 100644
--- a/include/arch/aarch64/smccc_helpers.h
+++ b/include/arch/aarch64/smccc_helpers.h
@@ -75,6 +75,24 @@
#define SMC_SET_GP(_h, _g, _v) \
write_ctx_reg((get_gpregs_ctx(_h)), (_g), (_v))
+
+/* Useful for SMCCCv1.2 */
+#define SMC_RET18(_h, _x0, _x1, _x2, _x3, _x4, _x5, _x6, _x7, _x8, _x9, \
+ _x10, _x11, _x12, _x13, _x14, _x15, _x16, _x17) { \
+ SMC_SET_GP(_h, CTX_GPREG_X8, _x8); \
+ SMC_SET_GP(_h, CTX_GPREG_X9, _x9); \
+ SMC_SET_GP(_h, CTX_GPREG_X10, _x10); \
+ SMC_SET_GP(_h, CTX_GPREG_X11, _x11); \
+ SMC_SET_GP(_h, CTX_GPREG_X12, _x12); \
+ SMC_SET_GP(_h, CTX_GPREG_X13, _x13); \
+ SMC_SET_GP(_h, CTX_GPREG_X14, _x14); \
+ SMC_SET_GP(_h, CTX_GPREG_X15, _x15); \
+ SMC_SET_GP(_h, CTX_GPREG_X16, _x16); \
+ SMC_SET_GP(_h, CTX_GPREG_X17, _x17); \
+ SMC_RET8(_h, (_x0), (_x1), (_x2), (_x3), (_x4), (_x5), (_x6), \
+ (_x7)); \
+}
+
/*
* Convenience macros to access EL3 context registers using handle provided to
* SMC handler. These take the offset values defined in context.h
diff --git a/include/bl1/bl1.h b/include/bl1/bl1.h
index 21d3ae7..7cd7e72 100644
--- a/include/bl1/bl1.h
+++ b/include/bl1/bl1.h
@@ -90,8 +90,8 @@
/*
* Check if the total number of FWU SMC calls are as expected.
*/
-CASSERT(FWU_NUM_SMC_CALLS == \
- (FWU_SMC_FID_END - FWU_SMC_FID_START + 1),\
+CASSERT(FWU_NUM_SMC_CALLS ==
+ (FWU_SMC_FID_END - FWU_SMC_FID_START + 1),
assert_FWU_NUM_SMC_CALLS_mismatch);
/* Utility functions */
diff --git a/include/common/bl_common.ld.h b/include/common/bl_common.ld.h
index 080e331..c9bed1a 100644
--- a/include/common/bl_common.ld.h
+++ b/include/common/bl_common.ld.h
@@ -24,7 +24,7 @@
#define CPU_OPS \
. = ALIGN(STRUCT_ALIGN); \
__CPU_OPS_START__ = .; \
- KEEP(*(cpu_ops)) \
+ KEEP(*(.cpu_ops)) \
__CPU_OPS_END__ = .;
#define PARSER_LIB_DESCS \
@@ -36,14 +36,14 @@
#define RT_SVC_DESCS \
. = ALIGN(STRUCT_ALIGN); \
__RT_SVC_DESCS_START__ = .; \
- KEEP(*(rt_svc_descs)) \
+ KEEP(*(.rt_svc_descs)) \
__RT_SVC_DESCS_END__ = .;
#if SPMC_AT_EL3
#define EL3_LP_DESCS \
. = ALIGN(STRUCT_ALIGN); \
__EL3_LP_DESCS_START__ = .; \
- KEEP(*(el3_lp_descs)) \
+ KEEP(*(.el3_lp_descs)) \
__EL3_LP_DESCS_END__ = .;
#else
#define EL3_LP_DESCS
@@ -52,7 +52,7 @@
#define PMF_SVC_DESCS \
. = ALIGN(STRUCT_ALIGN); \
__PMF_SVC_DESCS_START__ = .; \
- KEEP(*(pmf_svc_descs)) \
+ KEEP(*(.pmf_svc_descs)) \
__PMF_SVC_DESCS_END__ = .;
#define FCONF_POPULATOR \
@@ -81,7 +81,7 @@
#define BASE_XLAT_TABLE \
. = ALIGN(16); \
__BASE_XLAT_TABLE_START__ = .; \
- *(base_xlat_table) \
+ *(.base_xlat_table) \
__BASE_XLAT_TABLE_END__ = .;
#if PLAT_RO_XLAT_TABLES
@@ -135,9 +135,9 @@
#if !(defined(IMAGE_BL31) && RECLAIM_INIT_CODE)
#define STACK_SECTION \
- stacks (NOLOAD) : { \
+ .stacks (NOLOAD) : { \
__STACKS_START__ = .; \
- *(tzfw_normal_stacks) \
+ *(.tzfw_normal_stacks) \
__STACKS_END__ = .; \
}
#endif
@@ -170,7 +170,7 @@
. = ALIGN(CACHE_WRITEBACK_GRANULE); \
__BAKERY_LOCK_START__ = .; \
__PERCPU_BAKERY_LOCK_START__ = .; \
- *(bakery_lock) \
+ *(.bakery_lock) \
. = ALIGN(CACHE_WRITEBACK_GRANULE); \
__PERCPU_BAKERY_LOCK_END__ = .; \
__PERCPU_BAKERY_LOCK_SIZE__ = ABSOLUTE(__PERCPU_BAKERY_LOCK_END__ - __PERCPU_BAKERY_LOCK_START__); \
@@ -191,7 +191,7 @@
#define PMF_TIMESTAMP \
. = ALIGN(CACHE_WRITEBACK_GRANULE); \
__PMF_TIMESTAMP_START__ = .; \
- KEEP(*(pmf_timestamp_array)) \
+ KEEP(*(.pmf_timestamp_array)) \
. = ALIGN(CACHE_WRITEBACK_GRANULE); \
__PMF_PERCPU_TIMESTAMP_END__ = .; \
__PERCPU_TIMESTAMP_SIZE__ = ABSOLUTE(. - __PMF_TIMESTAMP_START__); \
@@ -216,15 +216,15 @@
}
/*
- * The xlat_table section is for full, aligned page tables (4K).
+ * The .xlat_table section is for full, aligned page tables (4K).
* Removing them from .bss avoids forcing 4K alignment on
* the .bss section. The tables are initialized to zero by the translation
* tables library.
*/
#define XLAT_TABLE_SECTION \
- xlat_table (NOLOAD) : { \
+ .xlat_table (NOLOAD) : { \
__XLAT_TABLE_START__ = .; \
- *(xlat_table) \
+ *(.xlat_table) \
__XLAT_TABLE_END__ = .; \
}
diff --git a/include/common/debug.h b/include/common/debug.h
index af47999..5ea541d 100644
--- a/include/common/debug.h
+++ b/include/common/debug.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -99,15 +99,31 @@
#define backtrace(x)
#endif
-void __dead2 do_panic(void);
+void __dead2 el3_panic(void);
+void __dead2 elx_panic(void);
#define panic() \
do { \
backtrace(__func__); \
console_flush(); \
- do_panic(); \
+ el3_panic(); \
} while (false)
+#if CRASH_REPORTING
+/* --------------------------------------------------------------------
+ * do_lower_el_panic assumes it's called due to a panic from a lower EL
+ * This call will not return.
+ * --------------------------------------------------------------------
+ */
+#define lower_el_panic() \
+ do { \
+ console_flush(); \
+ elx_panic(); \
+ } while (false)
+#else
+#define lower_el_panic()
+#endif
+
/* Function called when stack protection check code detects a corrupted stack */
void __dead2 __stack_chk_fail(void);
diff --git a/include/common/fdt_wrappers.h b/include/common/fdt_wrappers.h
index 2929fc2..b16510f 100644
--- a/include/common/fdt_wrappers.h
+++ b/include/common/fdt_wrappers.h
@@ -10,6 +10,7 @@
#define FDT_WRAPPERS_H
#include <libfdt_env.h>
+#include <libfdt.h>
/* Number of cells, given total length in bytes. Each cell is 4 bytes long */
#define NCELLS(len) ((len) / 4U)
@@ -53,6 +54,15 @@
return fdt32_to_cpu(dtb_header[1]);
}
+static inline bool fdt_node_is_enabled(const void *fdt, int node)
+{
+ int len;
+ const void *prop = fdt_getprop(fdt, node, "status", &len);
+
+ /* A non-existing status property means the device is enabled. */
+ return (prop == NULL) || (len == 5 && strcmp(prop, "okay") == 0);
+}
+
#define fdt_for_each_compatible_node(dtb, node, compatible_str) \
for (node = fdt_node_offset_by_compatible(dtb, -1, compatible_str); \
node >= 0; \
diff --git a/include/common/interrupt_props.h b/include/common/interrupt_props.h
index 07bafaa..681c896 100644
--- a/include/common/interrupt_props.h
+++ b/include/common/interrupt_props.h
@@ -19,7 +19,7 @@
}
typedef struct interrupt_prop {
- unsigned int intr_num:10;
+ unsigned int intr_num:13;
unsigned int intr_pri:8;
unsigned int intr_grp:2;
unsigned int intr_cfg:2;
diff --git a/include/common/runtime_svc.h b/include/common/runtime_svc.h
index 472a32a..26e8d6f 100644
--- a/include/common/runtime_svc.h
+++ b/include/common/runtime_svc.h
@@ -72,7 +72,7 @@
*/
#define DECLARE_RT_SVC(_name, _start, _end, _type, _setup, _smch) \
static const rt_svc_desc_t __svc_desc_ ## _name \
- __section("rt_svc_descs") __used = { \
+ __section(".rt_svc_descs") __used = { \
.start_oen = (_start), \
.end_oen = (_end), \
.call_type = (_type), \
@@ -90,11 +90,11 @@
* 3. ensure that the assembler and the compiler see the handler
* routine at the same offset.
*/
-CASSERT((sizeof(rt_svc_desc_t) == SIZEOF_RT_SVC_DESC), \
+CASSERT((sizeof(rt_svc_desc_t) == SIZEOF_RT_SVC_DESC),
assert_sizeof_rt_svc_desc_mismatch);
-CASSERT(RT_SVC_DESC_INIT == __builtin_offsetof(rt_svc_desc_t, init), \
+CASSERT(RT_SVC_DESC_INIT == __builtin_offsetof(rt_svc_desc_t, init),
assert_rt_svc_desc_init_offset_mismatch);
-CASSERT(RT_SVC_DESC_HANDLE == __builtin_offsetof(rt_svc_desc_t, handle), \
+CASSERT(RT_SVC_DESC_HANDLE == __builtin_offsetof(rt_svc_desc_t, handle),
assert_rt_svc_desc_handle_offset_mismatch);
diff --git a/include/common/tbbr/cot_def.h b/include/common/tbbr/cot_def.h
index 60dfb8a..822c474 100644
--- a/include/common/tbbr/cot_def.h
+++ b/include/common/tbbr/cot_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,8 +7,13 @@
#ifndef COT_DEF_H
#define COT_DEF_H
+/*
+ * Guard here with availability of mbedtls config since PLAT=lx2162aqds
+ * uses custom tbbr from 'drivers/nxp/auth/tbbr/tbbr_cot.c' and also may
+ * build without mbedtls folder only with TRUSTED_BOOT enabled.
+ */
#ifdef MBEDTLS_CONFIG_FILE
-#include MBEDTLS_CONFIG_FILE
+#include <mbedtls/version.h>
#endif
/* TBBR CoT definitions */
diff --git a/include/drivers/auth/auth_mod.h b/include/drivers/auth/auth_mod.h
index 94537f6..28aa407 100644
--- a/include/drivers/auth/auth_mod.h
+++ b/include/drivers/auth/auth_mod.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,7 +7,6 @@
#ifndef AUTH_MOD_H
#define AUTH_MOD_H
-#include <common/tbbr/cot_def.h>
#include <common/tbbr/tbbr_img_def.h>
#include <drivers/auth/auth_common.h>
#include <drivers/auth/img_parser_mod.h>
diff --git a/include/drivers/auth/mbedtls/mbedtls_config.h b/include/drivers/auth/mbedtls/mbedtls_config-2.h
similarity index 100%
rename from include/drivers/auth/mbedtls/mbedtls_config.h
rename to include/drivers/auth/mbedtls/mbedtls_config-2.h
diff --git a/include/drivers/auth/mbedtls/mbedtls_config-3.h b/include/drivers/auth/mbedtls/mbedtls_config-3.h
new file mode 100644
index 0000000..ba936a3
--- /dev/null
+++ b/include/drivers/auth/mbedtls/mbedtls_config-3.h
@@ -0,0 +1,153 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/**
+ * This set of compile-time options may be used to enable
+ * or disable features selectively, and reduce the global
+ * memory footprint.
+ */
+
+/*
+ * Key algorithms currently supported on mbed TLS libraries
+ */
+#define TF_MBEDTLS_RSA 1
+#define TF_MBEDTLS_ECDSA 2
+#define TF_MBEDTLS_RSA_AND_ECDSA 3
+
+#define TF_MBEDTLS_USE_RSA (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA \
+ || TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
+#define TF_MBEDTLS_USE_ECDSA (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA \
+ || TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
+
+/*
+ * Hash algorithms currently supported on mbed TLS libraries
+ */
+#define TF_MBEDTLS_SHA256 1
+#define TF_MBEDTLS_SHA384 2
+#define TF_MBEDTLS_SHA512 3
+
+/*
+ * Configuration file to build mbed TLS with the required features for
+ * Trusted Boot
+ */
+
+#define MBEDTLS_PLATFORM_MEMORY
+#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+/* Prevent mbed TLS from using snprintf so that it can use tf_snprintf. */
+#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+
+#define MBEDTLS_PKCS1_V21
+
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_BIGNUM_C
+
+#define MBEDTLS_ERROR_C
+#define MBEDTLS_MD_C
+
+#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
+#define MBEDTLS_OID_C
+
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PK_WRITE_C
+
+#define MBEDTLS_PLATFORM_C
+
+#if TF_MBEDTLS_USE_ECDSA
+#define MBEDTLS_ECDSA_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#endif
+#if TF_MBEDTLS_USE_RSA
+#define MBEDTLS_RSA_C
+#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
+#endif
+
+/* The library does not currently support enabling SHA-256 without SHA-224. */
+#define MBEDTLS_SHA224_C
+#define MBEDTLS_SHA256_C
+/*
+ * If either Trusted Boot or Measured Boot require a stronger algorithm than
+ * SHA-256, pull in SHA-512 support. Library currently needs to have SHA_384
+ * support when enabling SHA-512.
+ */
+#if (TF_MBEDTLS_HASH_ALG_ID != TF_MBEDTLS_SHA256) /* TBB hash algo */
+#define MBEDTLS_SHA384_C
+#define MBEDTLS_SHA512_C
+#else
+ /* TBB uses SHA-256, what about measured boot? */
+#if defined(TF_MBEDTLS_MBOOT_USE_SHA512)
+#define MBEDTLS_SHA384_C
+#define MBEDTLS_SHA512_C
+#endif
+#endif
+
+#define MBEDTLS_VERSION_C
+
+#define MBEDTLS_X509_USE_C
+#define MBEDTLS_X509_CRT_PARSE_C
+
+#if TF_MBEDTLS_USE_AES_GCM
+#define MBEDTLS_AES_C
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_GCM_C
+#endif
+
+/* MPI / BIGNUM options */
+#define MBEDTLS_MPI_WINDOW_SIZE 2
+
+#if TF_MBEDTLS_USE_RSA
+#if TF_MBEDTLS_KEY_SIZE <= 2048
+#define MBEDTLS_MPI_MAX_SIZE 256
+#else
+#define MBEDTLS_MPI_MAX_SIZE 512
+#endif
+#else
+#define MBEDTLS_MPI_MAX_SIZE 256
+#endif
+
+/* Memory buffer allocator options */
+#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 8
+
+/*
+ * Prevent the use of 128-bit division which
+ * creates dependency on external libraries.
+ */
+#define MBEDTLS_NO_UDBL_DIVISION
+
+#ifndef __ASSEMBLER__
+/* System headers required to build mbed TLS with the current configuration */
+#include <stdlib.h>
+#include <mbedtls/check_config.h>
+#endif
+
+/*
+ * Determine Mbed TLS heap size
+ * 13312 = 13*1024
+ * 11264 = 11*1024
+ * 7168 = 7*1024
+ */
+#if TF_MBEDTLS_USE_ECDSA
+#define TF_MBEDTLS_HEAP_SIZE U(13312)
+#elif TF_MBEDTLS_USE_RSA
+#if TF_MBEDTLS_KEY_SIZE <= 2048
+#define TF_MBEDTLS_HEAP_SIZE U(7168)
+#else
+#define TF_MBEDTLS_HEAP_SIZE U(11264)
+#endif
+#endif
+
+/*
+ * Warn if errors from certain functions are ignored.
+ *
+ * The warnings are always enabled (where supported) for critical functions
+ * where ignoring the return value is almost always a bug. This macro extends
+ * the warnings to more functions.
+ */
+#define MBEDTLS_CHECK_RETURN_WARNING
diff --git a/include/drivers/auth/tbbr_cot_common.h b/include/drivers/auth/tbbr_cot_common.h
index a51faee..b4f2d22 100644
--- a/include/drivers/auth/tbbr_cot_common.h
+++ b/include/drivers/auth/tbbr_cot_common.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020,2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,6 +7,7 @@
#ifndef TBBR_COT_COMMON_H
#define TBBR_COT_COMMON_H
+#include <common/tbbr/cot_def.h>
#include <drivers/auth/auth_mod.h>
extern unsigned char tb_fw_hash_buf[HASH_DER_LEN];
diff --git a/include/drivers/nxp/dcfg/dcfg.h b/include/drivers/nxp/dcfg/dcfg.h
index cf29b12..ee8f866 100644
--- a/include/drivers/nxp/dcfg/dcfg.h
+++ b/include/drivers/nxp/dcfg/dcfg.h
@@ -93,8 +93,8 @@
******************************************************************************/
bool check_boot_mode_secure(uint32_t *mode);
-const soc_info_t *get_soc_info();
-const devdisr5_info_t *get_devdisr5_info();
+const soc_info_t *get_soc_info(void);
+const devdisr5_info_t *get_devdisr5_info(void);
void dcfg_init(dcfg_init_info_t *dcfg_init_data);
bool is_sec_enabled(void);
diff --git a/include/drivers/ufs.h b/include/drivers/ufs.h
index 1cd1bee..e4ec00d 100644
--- a/include/drivers/ufs.h
+++ b/include/drivers/ufs.h
@@ -519,7 +519,7 @@
uintptr_t prdt;
size_t size_upiu;
size_t size_resp_upiu;
- size_t size_prdt;
+ size_t prdt_length;
int task_tag;
} utp_utrd_t;
diff --git a/include/lib/bakery_lock.h b/include/lib/bakery_lock.h
index 1fece01..2cf2b44 100644
--- a/include/lib/bakery_lock.h
+++ b/include/lib/bakery_lock.h
@@ -96,7 +96,7 @@
void bakery_lock_get(bakery_lock_t *bakery);
void bakery_lock_release(bakery_lock_t *bakery);
-#define DEFINE_BAKERY_LOCK(_name) bakery_lock_t _name __section("bakery_lock")
+#define DEFINE_BAKERY_LOCK(_name) bakery_lock_t _name __section(".bakery_lock")
#define DECLARE_BAKERY_LOCK(_name) extern bakery_lock_t _name
diff --git a/include/lib/cpus/aarch32/cpu_macros.S b/include/lib/cpus/aarch32/cpu_macros.S
index a5ae6a4..ab2f2c6 100644
--- a/include/lib/cpus/aarch32/cpu_macros.S
+++ b/include/lib/cpus/aarch32/cpu_macros.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -9,7 +9,8 @@
#include <arch.h>
#include <lib/cpus/errata_report.h>
-#if defined(IMAGE_BL1) || defined(IMAGE_BL32) || (defined(IMAGE_BL2) && BL2_AT_EL3)
+#if defined(IMAGE_BL1) || defined(IMAGE_BL32) \
+ || (defined(IMAGE_BL2) && RESET_TO_BL2)
#define IMAGE_AT_EL3
#endif
@@ -129,7 +130,7 @@
*/
.macro declare_cpu_ops _name:req, _midr:req, _resetfunc:req, \
_power_down_ops:vararg
- .section cpu_ops, "a"
+ .section .cpu_ops, "a"
.align 2
.type cpu_ops_\_name, %object
.word \_midr
diff --git a/include/lib/cpus/aarch64/cortex_a78.h b/include/lib/cpus/aarch64/cortex_a78.h
index fb325b6..66f565d 100644
--- a/include/lib/cpus/aarch64/cortex_a78.h
+++ b/include/lib/cpus/aarch64/cortex_a78.h
@@ -20,8 +20,8 @@
#define CORTEX_A78_CPUECTLR_EL1 S3_0_C15_C1_4
#define CORTEX_A78_CPUECTLR_EL1_BIT_8 (ULL(1) << 8)
#define CORTEX_A78_CPUECTLR_EL1_PF_MODE_CNSRV ULL(3)
-#define CPUECTLR_EL1_PF_MODE_LSB U(6)
-#define CPUECTLR_EL1_PF_MODE_WIDTH U(2)
+#define CPUECTLR_EL1_PF_MODE_LSB U(6)
+#define CPUECTLR_EL1_PF_MODE_WIDTH U(2)
/*******************************************************************************
* CPU Power Control register specific definitions
@@ -42,6 +42,8 @@
#define CORTEX_A78_ACTLR3_EL1 S3_0_C15_C1_2
+#define CORTEX_A78_ACTLR5_EL1 S3_0_C15_C9_0
+
/*******************************************************************************
* CPU Activity Monitor Unit register specific definitions.
******************************************************************************/
diff --git a/include/lib/cpus/aarch64/cortex_a78c.h b/include/lib/cpus/aarch64/cortex_a78c.h
index 35e543c..18cba2c 100644
--- a/include/lib/cpus/aarch64/cortex_a78c.h
+++ b/include/lib/cpus/aarch64/cortex_a78c.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -34,6 +34,11 @@
#define CORTEX_A78C_CPUPWRCTLR_EL1_CORE_PWRDN_EN_BIT U(1)
/*******************************************************************************
+ * CPU Auxiliary Control register 3 specific definitions.
+ ******************************************************************************/
+#define CORTEX_A78C_ACTLR3_EL1 S3_0_C15_C1_2
+
+/*******************************************************************************
* CPU Implementation Specific Selected Instruction registers
******************************************************************************/
#define CORTEX_A78C_IMP_CPUPSELR_EL3 S3_6_C15_C8_0
diff --git a/include/lib/cpus/aarch64/cpu_macros.S b/include/lib/cpus/aarch64/cpu_macros.S
index 92e65ae..041be51 100644
--- a/include/lib/cpus/aarch64/cpu_macros.S
+++ b/include/lib/cpus/aarch64/cpu_macros.S
@@ -157,7 +157,7 @@
*/
.macro declare_cpu_ops_base _name:req, _midr:req, _resetfunc:req, \
_extra1:req, _extra2:req, _extra3:req, _e_handler:req, _power_down_ops:vararg
- .section cpu_ops, "a"
+ .section .cpu_ops, "a"
.align 3
.type cpu_ops_\_name, %object
.quad \_midr
diff --git a/include/lib/cpus/aarch64/neoverse_v1.h b/include/lib/cpus/aarch64/neoverse_v1.h
index 4c10484..3d48623 100644
--- a/include/lib/cpus/aarch64/neoverse_v1.h
+++ b/include/lib/cpus/aarch64/neoverse_v1.h
@@ -43,4 +43,6 @@
#define NEOVERSE_V1_ACTLR3_EL1 S3_0_C15_C1_2
+#define NEOVERSE_V1_ACTLR5_EL1 S3_0_C15_C9_0
+
#endif /* NEOVERSE_V1_H */
diff --git a/include/lib/el3_runtime/aarch32/context.h b/include/lib/el3_runtime/aarch32/context.h
index 5604c8e..df77c0f 100644
--- a/include/lib/el3_runtime/aarch32/context.h
+++ b/include/lib/el3_runtime/aarch32/context.h
@@ -62,7 +62,7 @@
* ensure that the assembler and the compiler view of the offsets of
* the structure members is the same.
*/
-CASSERT(CTX_REGS_OFFSET == __builtin_offsetof(cpu_context_t, regs_ctx), \
+CASSERT(CTX_REGS_OFFSET == __builtin_offsetof(cpu_context_t, regs_ctx),
assert_core_context_regs_offset_mismatch);
#endif /* __ASSEMBLER__ */
diff --git a/include/lib/el3_runtime/aarch64/context.h b/include/lib/el3_runtime/aarch64/context.h
index 6986e0e..40bfa39 100644
--- a/include/lib/el3_runtime/aarch64/context.h
+++ b/include/lib/el3_runtime/aarch64/context.h
@@ -445,24 +445,24 @@
* ensure that the assembler and the compiler view of the offsets of
* the structure members is the same.
*/
-CASSERT(CTX_GPREGS_OFFSET == __builtin_offsetof(cpu_context_t, gpregs_ctx), \
+CASSERT(CTX_GPREGS_OFFSET == __builtin_offsetof(cpu_context_t, gpregs_ctx),
assert_core_context_gp_offset_mismatch);
-CASSERT(CTX_EL1_SYSREGS_OFFSET == __builtin_offsetof(cpu_context_t, el1_sysregs_ctx), \
+CASSERT(CTX_EL1_SYSREGS_OFFSET == __builtin_offsetof(cpu_context_t, el1_sysregs_ctx),
assert_core_context_el1_sys_offset_mismatch);
#if CTX_INCLUDE_EL2_REGS
-CASSERT(CTX_EL2_SYSREGS_OFFSET == __builtin_offsetof(cpu_context_t, el2_sysregs_ctx), \
+CASSERT(CTX_EL2_SYSREGS_OFFSET == __builtin_offsetof(cpu_context_t, el2_sysregs_ctx),
assert_core_context_el2_sys_offset_mismatch);
#endif
#if CTX_INCLUDE_FPREGS
-CASSERT(CTX_FPREGS_OFFSET == __builtin_offsetof(cpu_context_t, fpregs_ctx), \
+CASSERT(CTX_FPREGS_OFFSET == __builtin_offsetof(cpu_context_t, fpregs_ctx),
assert_core_context_fp_offset_mismatch);
#endif
-CASSERT(CTX_EL3STATE_OFFSET == __builtin_offsetof(cpu_context_t, el3state_ctx), \
+CASSERT(CTX_EL3STATE_OFFSET == __builtin_offsetof(cpu_context_t, el3state_ctx),
assert_core_context_el3state_offset_mismatch);
-CASSERT(CTX_CVE_2018_3639_OFFSET == __builtin_offsetof(cpu_context_t, cve_2018_3639_ctx), \
+CASSERT(CTX_CVE_2018_3639_OFFSET == __builtin_offsetof(cpu_context_t, cve_2018_3639_ctx),
assert_core_context_cve_2018_3639_offset_mismatch);
#if CTX_INCLUDE_PAUTH_REGS
-CASSERT(CTX_PAUTH_REGS_OFFSET == __builtin_offsetof(cpu_context_t, pauth_ctx), \
+CASSERT(CTX_PAUTH_REGS_OFFSET == __builtin_offsetof(cpu_context_t, pauth_ctx),
assert_core_context_pauth_offset_mismatch);
#endif
@@ -539,10 +539,6 @@
void el2_sysregs_context_save_nv2(el2_sysregs_t *regs);
void el2_sysregs_context_restore_nv2(el2_sysregs_t *regs);
#endif /* CTX_INCLUDE_NEVE_REGS */
-#if ENABLE_TRF_FOR_NS
-void el2_sysregs_context_save_trf(el2_sysregs_t *regs);
-void el2_sysregs_context_restore_trf(el2_sysregs_t *regs);
-#endif /* ENABLE_TRF_FOR_NS */
#if ENABLE_FEAT_CSV2_2
void el2_sysregs_context_save_csv2(el2_sysregs_t *regs);
void el2_sysregs_context_restore_csv2(el2_sysregs_t *regs);
diff --git a/include/lib/el3_runtime/pubsub.h b/include/lib/el3_runtime/pubsub.h
index 64fe5cc..cbd8ecc 100644
--- a/include/lib/el3_runtime/pubsub.h
+++ b/include/lib/el3_runtime/pubsub.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -12,7 +12,7 @@
/* For the linker ... */
#define __pubsub_start_sym(event) __pubsub_##event##_start
#define __pubsub_end_sym(event) __pubsub_##event##_end
-#define __pubsub_section(event) __pubsub_##event
+#define __pubsub_section(event) .__pubsub_##event
/*
* REGISTER_PUBSUB_EVENT has a different definition between linker and compiler
@@ -54,7 +54,7 @@
#define __pubsub_end_sym(event) __pubsub_##event##_end
#endif
-#define __pubsub_section(event) __section("__pubsub_" #event)
+#define __pubsub_section(event) __section(".__pubsub_" #event)
/*
* In compiler context, REGISTER_PUBSUB_EVENT declares the per-event symbols
diff --git a/include/lib/extensions/brbe.h b/include/lib/extensions/brbe.h
index aac1ace..aee208d 100644
--- a/include/lib/extensions/brbe.h
+++ b/include/lib/extensions/brbe.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,6 +7,12 @@
#ifndef BRBE_H
#define BRBE_H
+#if ENABLE_BRBE_FOR_NS
void brbe_enable(void);
+#else
+void brbe_enable(void)
+{
+}
+#endif /* ENABLE_BRBE_FOR_NS */
#endif /* BRBE_H */
diff --git a/include/lib/extensions/trbe.h b/include/lib/extensions/trbe.h
index 1753ab6..0eff7c4 100644
--- a/include/lib/extensions/trbe.h
+++ b/include/lib/extensions/trbe.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,6 +7,12 @@
#ifndef TRBE_H
#define TRBE_H
+#if ENABLE_TRBE_FOR_NS
void trbe_enable(void);
+#else
+void trbe_enable(void)
+{
+}
+#endif /* ENABLE_TRBE_FOR_NS */
#endif /* TRBE_H */
diff --git a/include/lib/extensions/trf.h b/include/lib/extensions/trf.h
index 18f17f3..a440abd 100644
--- a/include/lib/extensions/trf.h
+++ b/include/lib/extensions/trf.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,6 +7,12 @@
#ifndef TRF_H
#define TRF_H
+#if ENABLE_TRF_FOR_NS
void trf_enable(void);
+#else
+void trf_enable(void)
+{
+}
+#endif /* ENABLE_TRF_FOR_NS */
#endif /* TRF_H */
diff --git a/include/lib/fconf/fconf_dyn_cfg_getter.h b/include/lib/fconf/fconf_dyn_cfg_getter.h
index 43f298e..3554673 100644
--- a/include/lib/fconf/fconf_dyn_cfg_getter.h
+++ b/include/lib/fconf/fconf_dyn_cfg_getter.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -19,12 +19,11 @@
uint32_t config_max_size;
unsigned int config_id;
/*
- * Load address in non-secure memory. Only needed by those
- * configuration files which require being loaded in secure
- * memory (at config_addr) as well as in non-secure memory
+ * A platform uses this address to copy the configuration
+ * to another location during the boot-flow.
* - e.g. HW_CONFIG
*/
- uintptr_t ns_config_addr;
+ uintptr_t secondary_config_addr;
};
unsigned int dyn_cfg_dtb_info_get_index(unsigned int config_id);
@@ -32,7 +31,7 @@
int fconf_populate_dtb_registry(uintptr_t config);
/* Set config information in global DTB array */
-void set_config_info(uintptr_t config_addr, uintptr_t ns_config_addr,
+void set_config_info(uintptr_t config_addr, uintptr_t secondary_config_addr,
uint32_t config_max_size,
unsigned int config_id);
diff --git a/include/lib/optee_utils.h b/include/lib/optee_utils.h
index 06378eb..8224d50 100644
--- a/include/lib/optee_utils.h
+++ b/include/lib/optee_utils.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -17,4 +17,40 @@
image_info_t *pager_image_info,
image_info_t *paged_image_info);
+/*
+ * load_addr_hi and load_addr_lo: image load address.
+ * image_id: 0 - pager, 1 - paged
+ * size: image size in bytes.
+ */
+typedef struct optee_image {
+ uint32_t load_addr_hi;
+ uint32_t load_addr_lo;
+ uint32_t image_id;
+ uint32_t size;
+} optee_image_t;
+
+#define OPTEE_PAGER_IMAGE_ID 0
+#define OPTEE_PAGED_IMAGE_ID 1
+
+#define OPTEE_MAX_NUM_IMAGES 2u
+
+#define TEE_MAGIC_NUM_OPTEE 0x4554504f
+/*
+ * magic: header magic number.
+ * version: OPTEE header version:
+ * 1 - not supported
+ * 2 - supported
+ * arch: OPTEE os architecture type: 0 - AARCH32, 1 - AARCH64.
+ * flags: unused currently.
+ * nb_images: number of images.
+ */
+typedef struct optee_header {
+ uint32_t magic;
+ uint8_t version;
+ uint8_t arch;
+ uint16_t flags;
+ uint32_t nb_images;
+ optee_image_t optee_image_list[];
+} optee_header_t;
+
#endif /* OPTEE_UTILS_H */
diff --git a/include/lib/pmf/pmf_helpers.h b/include/lib/pmf/pmf_helpers.h
index b49c6da..01cc179 100644
--- a/include/lib/pmf/pmf_helpers.h
+++ b/include/lib/pmf/pmf_helpers.h
@@ -154,7 +154,7 @@
extern unsigned long long pmf_ts_mem_ ## _name[_total_id]; \
unsigned long long pmf_ts_mem_ ## _name[_total_id] \
__aligned(CACHE_WRITEBACK_GRANULE) \
- __section("pmf_timestamp_array") \
+ __section(".pmf_timestamp_array") \
__used;
/*
@@ -225,7 +225,7 @@
#define PMF_DEFINE_SERVICE_DESC(_name, _implid, _svcid, _totalid, \
_init, _getts_by_mpidr) \
static const pmf_svc_desc_t __pmf_desc_ ## _name \
- __section("pmf_svc_descs") __used = { \
+ __section(".pmf_svc_descs") __used = { \
.h.type = PARAM_EP, \
.h.version = VERSION_1, \
.h.size = sizeof(pmf_svc_desc_t), \
diff --git a/include/lib/psa/psa_manifest/sid.h b/include/lib/psa/psa_manifest/sid.h
index 0bdeed4..be78bae 100644
--- a/include/lib/psa/psa_manifest/sid.h
+++ b/include/lib/psa/psa_manifest/sid.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -8,6 +8,9 @@
#ifndef PSA_MANIFEST_SID_H
#define PSA_MANIFEST_SID_H
+/******** RSS_SP_PLATFORM ********/
+#define RSS_PLATFORM_SERVICE_HANDLE (0x40000105U)
+
/******** PSA_SP_MEASURED_BOOT ********/
#define RSS_MEASURED_BOOT_HANDLE (0x40000110U)
diff --git a/include/lib/psa/rss_platform_api.h b/include/lib/psa/rss_platform_api.h
new file mode 100644
index 0000000..1dd7d05
--- /dev/null
+++ b/include/lib/psa/rss_platform_api.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef RSS_PLATFORM_API_H
+#define RSS_PLATFORM_API_H
+
+#include <stdint.h>
+
+#include "psa/error.h"
+
+#define RSS_PLATFORM_API_ID_NV_READ (1010)
+#define RSS_PLATFORM_API_ID_NV_INCREMENT (1011)
+
+/*
+ * Increments the given non-volatile (NV) counter by one
+ *
+ * counter_id NV counter ID.
+ *
+ * PSA_SUCCESS if the value is read correctly. Otherwise,
+ * it returns a PSA_ERROR.
+ */
+psa_status_t
+rss_platform_nv_counter_increment(uint32_t counter_id);
+
+/*
+ * Reads the given non-volatile (NV) counter
+ *
+ * counter_id NV counter ID.
+ * size Size of the buffer to store NV counter value
+ * in bytes.
+ * val Pointer to store the current NV counter value.
+ *
+ * PSA_SUCCESS if the value is read correctly. Otherwise,
+ * it returns a PSA_ERROR.
+ */
+psa_status_t
+rss_platform_nv_counter_read(uint32_t counter_id,
+ uint32_t size, uint8_t *val);
+
+#endif /* RSS_PLATFORM_API_H */
diff --git a/include/lib/xlat_tables/xlat_tables_v2.h b/include/lib/xlat_tables/xlat_tables_v2.h
index 69ad027..4d16ced 100644
--- a/include/lib/xlat_tables/xlat_tables_v2.h
+++ b/include/lib/xlat_tables/xlat_tables_v2.h
@@ -203,7 +203,7 @@
(_virt_addr_space_size), \
(_phy_addr_space_size), \
EL_REGIME_INVALID, \
- "xlat_table", "base_xlat_table")
+ ".xlat_table", ".base_xlat_table")
/*
* Same as REGISTER_XLAT_CONTEXT plus the additional parameters:
diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h
index 36b1bdb..1bb7db7 100644
--- a/include/plat/arm/common/arm_def.h
+++ b/include/plat/arm/common/arm_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -109,7 +109,7 @@
/*
* Define a region within the TZC secured DRAM for use by EL3 runtime
* firmware. This region is meant to be NOLOAD and will not be zero
- * initialized. Data sections with the attribute `arm_el3_tzc_dram` will be
+ * initialized. Data sections with the attribute `.arm_el3_tzc_dram` will be
* placed here. 3MB region is reserved if RME is enabled, 2MB otherwise.
*/
#define ARM_EL3_TZC_DRAM1_SIZE UL(0x00300000) /* 3MB */
@@ -235,6 +235,8 @@
#define ARM_DRAM2_SIZE PLAT_ARM_DRAM2_SIZE
#define ARM_DRAM2_END (ARM_DRAM2_BASE + \
ARM_DRAM2_SIZE - 1U)
+/* Number of DRAM banks */
+#define ARM_DRAM_NUM_BANKS 2UL
#define ARM_IRQ_SEC_PHY_TIMER 29
@@ -552,7 +554,7 @@
/*******************************************************************************
* BL2 specific defines.
******************************************************************************/
-#if BL2_AT_EL3
+#if RESET_TO_BL2
#if ENABLE_PIE
/*
* As the BL31 image size appears to be increased when built with the ENABLE_PIE
@@ -612,10 +614,11 @@
- PLAT_ARM_MAX_BL31_SIZE)
#define BL31_PROGBITS_LIMIT BL2_BASE
/*
- * For BL2_AT_EL3 make sure the BL31 can grow up until BL2_BASE. This is
- * because in the BL2_AT_EL3 configuration, BL2 is always resident.
+ * For RESET_TO_BL2 make sure the BL31 can grow up until BL2_BASE.
+ * This is because in the RESET_TO_BL2 configuration,
+ * BL2 is always resident.
*/
-#if BL2_AT_EL3
+#if RESET_TO_BL2
#define BL31_LIMIT BL2_BASE
#else
#define BL31_LIMIT (ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE)
diff --git a/include/plat/arm/common/arm_reclaim_init.ld.S b/include/plat/arm/common/arm_reclaim_init.ld.S
index 788e9ff..a77c964 100644
--- a/include/plat/arm/common/arm_reclaim_init.ld.S
+++ b/include/plat/arm/common/arm_reclaim_init.ld.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -26,9 +26,9 @@
#define ABS ABSOLUTE
#define STACK_SECTION \
- stacks (NOLOAD) : { \
+ .stacks (NOLOAD) : { \
__STACKS_START__ = .; \
- *(tzfw_normal_stacks) \
+ *(.tzfw_normal_stacks) \
__STACKS_END__ = .; \
/* Allow room for the init section where necessary. */ \
OFFSET = ABS(SIZEOF(.init) - (. - __STACKS_START__)); \
diff --git a/include/plat/arm/common/arm_tzc_dram.ld.S b/include/plat/arm/common/arm_tzc_dram.ld.S
index 6dcea0b..c790bb9 100644
--- a/include/plat/arm/common/arm_tzc_dram.ld.S
+++ b/include/plat/arm/common/arm_tzc_dram.ld.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -17,9 +17,9 @@
. = ARM_EL3_TZC_DRAM1_BASE;
ASSERT(. == ALIGN(PAGE_SIZE),
"ARM_EL3_TZC_DRAM_BASE address is not aligned on a page boundary.")
- el3_tzc_dram (NOLOAD) : ALIGN(PAGE_SIZE) {
+ .el3_tzc_dram (NOLOAD) : ALIGN(PAGE_SIZE) {
__EL3_SEC_DRAM_START__ = .;
- *(arm_el3_tzc_dram)
+ *(.arm_el3_tzc_dram)
__EL3_SEC_DRAM_UNALIGNED_END__ = .;
. = ALIGN(PAGE_SIZE);
diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h
index 3351036..a14d775 100644
--- a/include/plat/common/platform.h
+++ b/include/plat/common/platform.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -11,7 +11,7 @@
#include <lib/psci/psci.h>
#if defined(SPD_spmd)
- #include <services/spm_core_manifest.h>
+#include <services/spm_core_manifest.h>
#endif
#if ENABLE_RME
#include <services/rmm_core_manifest.h>
@@ -37,6 +37,7 @@
struct mmap_region;
struct spm_mm_boot_info;
struct sp_res_desc;
+struct rmm_manifest;
enum fw_enc_status_t;
/*******************************************************************************
@@ -255,8 +256,8 @@
#endif /* MEASURED_BOOT */
/*******************************************************************************
- * Mandatory BL2 at EL3 functions: Must be implemented if BL2_AT_EL3 image is
- * supported
+ * Mandatory BL2 at EL3 functions: Must be implemented
+ * if RESET_TO_BL2 image is supported
******************************************************************************/
void bl2_el3_early_platform_setup(u_register_t arg0, u_register_t arg1,
u_register_t arg2, u_register_t arg3);
@@ -322,7 +323,7 @@
int plat_rmmd_get_cca_realm_attest_key(uintptr_t buf, size_t *len,
unsigned int type);
size_t plat_rmmd_get_el3_rmm_shared_mem(uintptr_t *shared);
-int plat_rmmd_load_manifest(rmm_manifest_t *manifest);
+int plat_rmmd_load_manifest(struct rmm_manifest *manifest);
#endif
/*******************************************************************************
diff --git a/include/services/el3_spmc_logical_sp.h b/include/services/el3_spmc_logical_sp.h
index 7ec9958..5ce33ed 100644
--- a/include/services/el3_spmc_logical_sp.h
+++ b/include/services/el3_spmc_logical_sp.h
@@ -35,7 +35,7 @@
#define DECLARE_LOGICAL_PARTITION(_name, _init, _sp_id, _uuid, _properties, \
_direct_req) \
static const struct el3_lp_desc __partition_desc_ ## _name \
- __section("el3_lp_descs") __used = { \
+ __section(".el3_lp_descs") __used = { \
.debug_name = #_name, \
.init = (_init), \
.sp_id = (_sp_id), \
diff --git a/include/services/ffa_svc.h b/include/services/ffa_svc.h
index da016fd..8bc911a 100644
--- a/include/services/ffa_svc.h
+++ b/include/services/ffa_svc.h
@@ -24,7 +24,7 @@
/* The macros below are used to identify FFA calls from the SMC function ID */
#define FFA_FNUM_MIN_VALUE U(0x60)
-#define FFA_FNUM_MAX_VALUE U(0x87)
+#define FFA_FNUM_MAX_VALUE U(0x8B)
#define is_ffa_fid(fid) __extension__ ({ \
__typeof__(fid) _fid = (fid); \
((GET_SMC_NUM(_fid) >= FFA_FNUM_MIN_VALUE) && \
@@ -117,6 +117,7 @@
#define FFA_FNUM_SPM_ID_GET U(0x85)
#define FFA_FNUM_MSG_SEND2 U(0x86)
#define FFA_FNUM_SECONDARY_EP_REGISTER U(0x87)
+#define FFA_FNUM_PARTITION_INFO_GET_REGS U(0x8B)
/* FFA SMC32 FIDs */
#define FFA_ERROR FFA_FID(SMC_32, FFA_FNUM_ERROR)
@@ -180,6 +181,8 @@
FFA_FID(SMC_64, FFA_FNUM_SECONDARY_EP_REGISTER)
#define FFA_NOTIFICATION_INFO_GET_SMC64 \
FFA_FID(SMC_64, FFA_FNUM_NOTIFICATION_INFO_GET)
+#define FFA_PARTITION_INFO_GET_REGS_SMC64 \
+ FFA_FID(SMC_64, FFA_FNUM_PARTITION_INFO_GET_REGS)
/*
* FF-A partition properties values.
diff --git a/include/services/rmm_core_manifest.h b/include/services/rmm_core_manifest.h
index 7edef46..b89de9f 100644
--- a/include/services/rmm_core_manifest.h
+++ b/include/services/rmm_core_manifest.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -14,7 +14,7 @@
#include <lib/cassert.h>
#define RMMD_MANIFEST_VERSION_MAJOR U(0)
-#define RMMD_MANIFEST_VERSION_MINOR U(1)
+#define RMMD_MANIFEST_VERSION_MINOR U(2)
/*
* Manifest version encoding:
@@ -22,29 +22,57 @@
* - Bits [30:16] Major version
* - Bits [15:0] Minor version
*/
-#define _RMMD_MANIFEST_VERSION(_major, _minor) \
+#define SET_RMMD_MANIFEST_VERSION(_major, _minor) \
((((_major) & 0x7FFF) << 16) | ((_minor) & 0xFFFF))
-#define RMMD_MANIFEST_VERSION _RMMD_MANIFEST_VERSION( \
- RMMD_MANIFEST_VERSION_MAJOR, \
+#define RMMD_MANIFEST_VERSION SET_RMMD_MANIFEST_VERSION( \
+ RMMD_MANIFEST_VERSION_MAJOR, \
RMMD_MANIFEST_VERSION_MINOR)
-#define RMMD_GET_MANIFEST_VERSION_MAJOR(_version) \
+#define RMMD_GET_MANIFEST_VERSION_MAJOR(_version) \
((_version >> 16) & 0x7FFF)
-#define RMMD_GET_MANIFEST_VERSION_MINOR(_version) \
+#define RMMD_GET_MANIFEST_VERSION_MINOR(_version) \
(_version & 0xFFFF)
-/* Boot manifest core structure as per v0.1 */
-typedef struct rmm_manifest {
- uint32_t version; /* Manifest version */
- uint32_t padding; /* RES0 */
- uintptr_t plat_data; /* Manifest platform data */
-} rmm_manifest_t;
+/* NS DRAM bank structure */
+struct ns_dram_bank {
+ uintptr_t base; /* Base address */
+ uint64_t size; /* Size of bank */
+};
+
+CASSERT(offsetof(struct ns_dram_bank, base) == 0UL,
+ rmm_manifest_base_unaligned);
+CASSERT(offsetof(struct ns_dram_bank, size) == 8UL,
+ rmm_manifest_size_unaligned);
+
+/* NS DRAM layout info structure */
+struct ns_dram_info {
+ uint64_t num_banks; /* Number of NS DRAM banks */
+ struct ns_dram_bank *banks; /* Pointer to ns_dram_bank[] */
+ uint64_t checksum; /* Checksum of ns_dram_info data */
+};
+
+CASSERT(offsetof(struct ns_dram_info, num_banks) == 0UL,
+ rmm_manifest_num_banks_unaligned);
+CASSERT(offsetof(struct ns_dram_info, banks) == 8UL,
+ rmm_manifest_dram_data_unaligned);
+CASSERT(offsetof(struct ns_dram_info, checksum) == 16UL,
+ rmm_manifest_checksum_unaligned);
+
+/* Boot manifest core structure as per v0.2 */
+struct rmm_manifest {
+ uint32_t version; /* Manifest version */
+ uint32_t padding; /* RES0 */
+ uintptr_t plat_data; /* Manifest platform data */
+ struct ns_dram_info plat_dram; /* Platform NS DRAM data */
+};
-CASSERT(offsetof(rmm_manifest_t, version) == 0,
- rmm_manifest_t_version_unaligned);
-CASSERT(offsetof(rmm_manifest_t, plat_data) == 8,
- rmm_manifest_t_plat_data_unaligned);
+CASSERT(offsetof(struct rmm_manifest, version) == 0UL,
+ rmm_manifest_version_unaligned);
+CASSERT(offsetof(struct rmm_manifest, plat_data) == 8UL,
+ rmm_manifest_plat_data_unaligned);
+CASSERT(offsetof(struct rmm_manifest, plat_dram) == 16UL,
+ rmm_manifest_plat_dram_unaligned);
#endif /* RMM_CORE_MANIFEST_H */
diff --git a/include/services/trp/platform_trp.h b/include/services/trp/platform_trp.h
index 1c963c8..756e9db 100644
--- a/include/services/trp/platform_trp.h
+++ b/include/services/trp/platform_trp.h
@@ -9,9 +9,11 @@
#include <services/rmm_core_manifest.h>
+struct rmm_manifest;
+
/*******************************************************************************
* Mandatory TRP functions (only if platform contains a TRP)
******************************************************************************/
-void trp_early_platform_setup(rmm_manifest_t *manifest);
+void trp_early_platform_setup(struct rmm_manifest *manifest);
#endif /* PLATFORM_TRP_H */
diff --git a/lib/aarch64/misc_helpers.S b/lib/aarch64/misc_helpers.S
index e8110b0..f9c4baf 100644
--- a/lib/aarch64/misc_helpers.S
+++ b/lib/aarch64/misc_helpers.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -164,7 +164,7 @@
* register value and panic if the MMU is disabled.
*/
#if defined(IMAGE_BL1) || defined(IMAGE_BL31) || (defined(IMAGE_BL2) && \
- (BL2_AT_EL3 || ENABLE_RME))
+ BL2_RUNS_AT_EL3)
mrs tmp1, sctlr_el3
#else
mrs tmp1, sctlr_el1
diff --git a/lib/compiler-rt/builtins/arm/aeabi_memset.S b/lib/compiler-rt/builtins/arm/aeabi_memset.S
new file mode 100644
index 0000000..2aa8ec0
--- /dev/null
+++ b/lib/compiler-rt/builtins/arm/aeabi_memset.S
@@ -0,0 +1,49 @@
+//===-- aeabi_memset.S - EABI memset implementation -----------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#include "../assembly.h"
+
+// void __aeabi_memset(void *dest, size_t n, int c) { memset(dest, c, n); }
+// void __aeabi_memclr(void *dest, size_t n) { __aeabi_memset(dest, n, 0); }
+
+ .syntax unified
+ .p2align 2
+DEFINE_COMPILERRT_FUNCTION(__aeabi_memset)
+ mov r3, r1
+ mov r1, r2
+ mov r2, r3
+#ifdef USE_THUMB_1
+ push {r7, lr}
+ bl memset
+ pop {r7, pc}
+#else
+ b memset
+#endif
+END_COMPILERRT_FUNCTION(__aeabi_memset)
+
+DEFINE_AEABI_FUNCTION_ALIAS(__aeabi_memset4, __aeabi_memset)
+DEFINE_AEABI_FUNCTION_ALIAS(__aeabi_memset8, __aeabi_memset)
+
+ .p2align 2
+DEFINE_COMPILERRT_FUNCTION(__aeabi_memclr)
+ mov r2, r1
+ movs r1, #0
+#ifdef USE_THUMB_1
+ push {r7, lr}
+ bl memset
+ pop {r7, pc}
+#else
+ b memset
+#endif
+END_COMPILERRT_FUNCTION(__aeabi_memclr)
+
+DEFINE_AEABI_FUNCTION_ALIAS(__aeabi_memclr4, __aeabi_memclr)
+DEFINE_AEABI_FUNCTION_ALIAS(__aeabi_memclr8, __aeabi_memclr)
+
+NO_EXEC_STACK_DIRECTIVE
+
diff --git a/lib/compiler-rt/compiler-rt.mk b/lib/compiler-rt/compiler-rt.mk
index 2338908..b41c4d0 100644
--- a/lib/compiler-rt/compiler-rt.mk
+++ b/lib/compiler-rt/compiler-rt.mk
@@ -35,6 +35,7 @@
COMPILER_RT_SRCS += lib/compiler-rt/builtins/arm/aeabi_ldivmod.S \
lib/compiler-rt/builtins/arm/aeabi_uldivmod.S \
lib/compiler-rt/builtins/arm/aeabi_memcpy.S \
+ lib/compiler-rt/builtins/arm/aeabi_memset.S \
lib/compiler-rt/builtins/ctzdi2.c \
lib/compiler-rt/builtins/divdi3.c \
lib/compiler-rt/builtins/divmoddi4.c \
diff --git a/lib/cpus/aarch32/cpu_helpers.S b/lib/cpus/aarch32/cpu_helpers.S
index 6ed800c..e25ce2a 100644
--- a/lib/cpus/aarch32/cpu_helpers.S
+++ b/lib/cpus/aarch32/cpu_helpers.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -11,7 +11,8 @@
#include <common/bl_common.h>
#include <lib/el3_runtime/cpu_data.h>
-#if defined(IMAGE_BL1) || defined(IMAGE_BL32) || (defined(IMAGE_BL2) && BL2_AT_EL3)
+#if defined(IMAGE_BL1) || defined(IMAGE_BL32) || \
+ (defined(IMAGE_BL2) && RESET_TO_BL2)
/*
* The reset handler common to all platforms. After a matching
* cpu_ops structure entry is found, the correponding reset_handler
diff --git a/lib/cpus/aarch64/cortex_a78.S b/lib/cpus/aarch64/cortex_a78.S
index a3932e8..421509d 100644
--- a/lib/cpus/aarch64/cortex_a78.S
+++ b/lib/cpus/aarch64/cortex_a78.S
@@ -327,6 +327,36 @@
endfunc check_errata_2395406
/* ----------------------------------------------------
+ * Errata Workaround for Cortex A78 Errata 2742426.
+ * This applies to revisions r0p0, r1p0, r1p1 and r1p2.
+ * It is still open.
+ * x0: variant[4:7] and revision[0:3] of current cpu.
+ * Shall clobber: x0-x1, x17
+ * ----------------------------------------------------
+ */
+func errata_a78_2742426_wa
+ /* Check revision. */
+ mov x17, x30
+ bl check_errata_2742426
+ cbz x0, 1f
+
+ /* Apply the workaround */
+ mrs x1, CORTEX_A78_ACTLR5_EL1
+ bic x1, x1, #BIT(56)
+ orr x1, x1, #BIT(55)
+ msr CORTEX_A78_ACTLR5_EL1, x1
+
+1:
+ ret x17
+endfunc errata_a78_2742426_wa
+
+func check_errata_2742426
+ /* Applies to r0p0, r1p0, r1p1, r1p2 */
+ mov x1, #CPU_REV(1, 2)
+ b cpu_rev_var_ls
+endfunc check_errata_2742426
+
+/* ----------------------------------------------------
* Errata Workaround for Cortex-A78 Errata 2772019
* This applies to revisions <= r1p2 and is still open.
* x0: variant[4:7] and revision[0:3] of current cpu.
@@ -443,6 +473,11 @@
bl errata_a78_2395406_wa
#endif
+#if ERRATA_A78_2742426
+ mov x0, x18
+ bl errata_a78_2742426_wa
+#endif
+
#if ERRATA_A78_2779479
mov x0, x18
bl errata_a78_2779479_wa
@@ -526,6 +561,7 @@
report_errata ERRATA_A78_2242635, cortex_a78, 2242635
report_errata ERRATA_A78_2376745, cortex_a78, 2376745
report_errata ERRATA_A78_2395406, cortex_a78, 2395406
+ report_errata ERRATA_A78_2742426, cortex_a78, 2742426
report_errata ERRATA_A78_2772019, cortex_a78, 2772019
report_errata ERRATA_A78_2779479, cortex_a78, 2779479
report_errata WORKAROUND_CVE_2022_23960, cortex_a78, cve_2022_23960
diff --git a/lib/cpus/aarch64/cortex_a78c.S b/lib/cpus/aarch64/cortex_a78c.S
index 49cebfe..71f0725 100644
--- a/lib/cpus/aarch64/cortex_a78c.S
+++ b/lib/cpus/aarch64/cortex_a78c.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -117,13 +117,13 @@
b cpu_rev_var_range
endfunc check_errata_2132064
-/* --------------------------------------------------------------------
+/* ----------------------------------------------------------
* Errata Workaround for A78C Erratum 2242638.
* This applies to revisions r0p1 and r0p2 of the Cortex A78C
* processor and is still open.
* x0: variant[4:7] and revision[0:3] of current cpu.
* Shall clobber: x0-x17
- * --------------------------------------------------------------------
+ * ----------------------------------------------------------
*/
func errata_a78c_2242638_wa
/* Compare x0 against revisions r0p1 - r0p2 */
@@ -152,6 +152,61 @@
b cpu_rev_var_range
endfunc check_errata_2242638
+/* ----------------------------------------------------------------
+ * Errata Workaround for A78C Erratum 2772121.
+ * This applies to revisions r0p0, r0p1 and r0p2 of the Cortex A78C
+ * processor and is still open.
+ * x0: variant[4:7] and revision[0:3] of current cpu.
+ * Shall clobber: x0-x17
+ * ----------------------------------------------------------------
+ */
+func errata_a78c_2772121_wa
+ mov x17, x30
+ bl check_errata_2772121
+ cbz x0, 1f
+
+ /* dsb before isb of power down sequence */
+ dsb sy
+1:
+ ret x17
+endfunc errata_a78c_2772121_wa
+
+func check_errata_2772121
+ /* Applies to all revisions <= r0p2 */
+ mov x1, #0x02
+ b cpu_rev_var_ls
+endfunc check_errata_2772121
+
+/* --------------------------------------------------
+ * Errata Workaround for Cortex A78C Errata 2779484.
+ * This applies to revisions r0p1 and r0p2.
+ * It is still open.
+ * x0: variant[4:7] and revision[0:3] of current cpu.
+ * Shall clobber: x0-x1, x17
+ * --------------------------------------------------
+ */
+func errata_a78c_2779484_wa
+ /* Check revision. */
+ mov x17, x30
+ bl check_errata_2779484
+ cbz x0, 1f
+
+ /* Apply the workaround */
+ mrs x1, CORTEX_A78C_ACTLR3_EL1
+ orr x1, x1, #BIT(47)
+ msr CORTEX_A78C_ACTLR3_EL1, x1
+
+1:
+ ret x17
+endfunc errata_a78c_2779484_wa
+
+func check_errata_2779484
+ /* Applies to r0p1 and r0p2*/
+ mov x1, #0x01
+ mov x2, #0x02
+ b cpu_rev_var_range
+endfunc check_errata_2779484
+
func check_errata_cve_2022_23960
#if WORKAROUND_CVE_2022_23960
mov x0, #ERRATA_APPLIES
@@ -190,6 +245,11 @@
bl errata_a78c_2395411_wa
#endif
+#if ERRATA_A78C_2779484
+ mov x0, x18
+ bl errata_a78c_2779484_wa
+#endif
+
#if IMAGE_BL31 && WORKAROUND_CVE_2022_23960
/*
* The Cortex-A78c generic vectors are overridden to apply errata
@@ -215,6 +275,12 @@
mrs x0, CORTEX_A78C_CPUPWRCTLR_EL1
orr x0, x0, #CORTEX_A78C_CPUPWRCTLR_EL1_CORE_PWRDN_EN_BIT
msr CORTEX_A78C_CPUPWRCTLR_EL1, x0
+#if ERRATA_A78C_2772121
+ mov x15, x30
+ bl cpu_get_rev_var
+ bl errata_a78c_2772121_wa
+ mov x30, x15
+#endif /* ERRATA_A78C_2772121 */
isb
ret
endfunc cortex_a78c_core_pwr_dwn
@@ -237,6 +303,8 @@
report_errata ERRATA_A78C_2242638, cortex_a78c, 2242638
report_errata ERRATA_A78C_2376749, cortex_a78c, 2376749
report_errata ERRATA_A78C_2395411, cortex_a78c, 2395411
+ report_errata ERRATA_A78C_2772121, cortex_a78c, 2772121
+ report_errata ERRATA_A78C_2779484, cortex_a78c, 2779484
report_errata WORKAROUND_CVE_2022_23960, cortex_a78c, cve_2022_23960
ldp x8, x30, [sp], #16
diff --git a/lib/cpus/aarch64/cpu_helpers.S b/lib/cpus/aarch64/cpu_helpers.S
index 2385627..ee880f7 100644
--- a/lib/cpus/aarch64/cpu_helpers.S
+++ b/lib/cpus/aarch64/cpu_helpers.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -14,7 +14,8 @@
#include <lib/el3_runtime/cpu_data.h>
/* Reset fn is needed in BL at reset vector */
-#if defined(IMAGE_BL1) || defined(IMAGE_BL31) || (defined(IMAGE_BL2) && BL2_AT_EL3)
+#if defined(IMAGE_BL1) || defined(IMAGE_BL31) || \
+ (defined(IMAGE_BL2) && RESET_TO_BL2)
/*
* The reset handler common to all platforms. After a matching
* cpu_ops structure entry is found, the correponding reset_handler
diff --git a/lib/cpus/aarch64/neoverse_v1.S b/lib/cpus/aarch64/neoverse_v1.S
index f9a5789..363c2e6 100644
--- a/lib/cpus/aarch64/neoverse_v1.S
+++ b/lib/cpus/aarch64/neoverse_v1.S
@@ -486,6 +486,37 @@
b cpu_rev_var_ls
endfunc check_errata_2743093
+ /* ---------------------------------------------------
+ * Errata Workaround for Neoverse V1 Errata #2743233.
+ * This applies to revisions r0p0, r1p0, r1p1 and r1p2.
+ * It is still open.
+ * x0: variant[4:7] and revisions[0:3] of current cpu.
+ * Shall clobber: x0-x1, x17
+ * ---------------------------------------------------
+ */
+func errata_neoverse_v1_2743233_wa
+ /* Check revision. */
+ mov x17, x30
+ bl check_errata_2743233
+ cbz x0, 1f
+
+ /* Apply the workaround */
+ mrs x1, NEOVERSE_V1_ACTLR5_EL1
+ bic x1, x1, #BIT(56)
+ orr x1, x1, #BIT(55)
+ msr NEOVERSE_V1_ACTLR5_EL1, x1
+
+1:
+ ret x17
+endfunc errata_neoverse_v1_2743233_wa
+
+func check_errata_2743233
+ /* Applies to r0p0, r1p0, r1p1 and r1p2 */
+ mov x1, #CPU_REV(1,2)
+ b cpu_rev_var_ls
+endfunc check_errata_2743233
+
+
/* ----------------------------------------------------
* Errata Workaround for Neoverse V1 Errata #2779461.
* This applies to revisions r0p0, r1p0, r1p1, and r1p2.
@@ -573,6 +604,7 @@
report_errata ERRATA_V1_2294912, neoverse_v1, 2294912
report_errata ERRATA_V1_2372203, neoverse_v1, 2372203
report_errata ERRATA_V1_2743093, neoverse_v1, 2743093
+ report_errata ERRATA_V1_2743233, neoverse_v1, 2743233
report_errata ERRATA_V1_2779461, neoverse_v1, 2779461
report_errata WORKAROUND_CVE_2022_23960, neoverse_v1, cve_2022_23960
@@ -652,6 +684,11 @@
bl errata_neoverse_v1_2372203_wa
#endif
+#if ERRATA_V1_2743233
+ mov x0, x18
+ bl errata_neoverse_v1_2743233_wa
+#endif
+
#if ERRATA_V1_2779461
mov x0, x18
bl errata_neoverse_v1_2779461_wa
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index 1dc9419..51b2175 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk
@@ -357,6 +357,11 @@
# to revisions r0p0, r1p0, r1p1, and r1p2 of the A78 cpu. It is still open.
ERRATA_A78_2395406 ?=0
+# Flag to apply erratum 2742426 workaround during reset. This erratum
+# applies to revisions r0p0, r1p0, r1p1 and r1p2 of the A78 cpu. It is still
+# open.
+ERRATA_A78_2742426 ?=0
+
# Flag to apply erratum 2772019 workaround during powerdown. This erratum
# applies to revisions r0p0, r1p0, r1p1 and r1p2 of the A78 cpu. It is still
# open.
@@ -398,6 +403,14 @@
# to revisions r0p1 and r0p2 of the A78C cpu. It is still open.
ERRATA_A78C_2395411 ?=0
+# Flag to apply erratum 2772121 workaround during powerdown. This erratum
+# applies to revisions r0p0, r0p1 and r0p2 of the A78C cpu. It is still open.
+ERRATA_A78C_2772121 ?=0
+
+# Flag to apply erratum 2779484 workaround during reset. This erratum
+# applies to revisions r0p1 and r0p2 of the A78C cpu. It is still open.
+ERRATA_A78C_2779484 ?=0
+
# Flag to apply erratum 1821534 workaround during reset. This erratum applies
# to revisions r0p0 - r1p0 of the X1 cpu and fixed in r1p1.
ERRATA_X1_1821534 ?=0
@@ -526,6 +539,11 @@
# still open.
ERRATA_V1_2743093 ?=0
+# Flag to apply erratum 2743233 workaround during powerdown. This erratum
+# applies to revisions r0p0, r1p0, r1p1 and r1p2 of the Neoverse V1 cpu and is
+# still open.
+ERRATA_V1_2743233 ?=0
+
# Flag to apply erratum 2779461 workaround during powerdown. This erratum
# applies to revisions r0p0, r1p0, r1p1 and r1p2 of the Neoverse V1 cpu and is
# still open.
@@ -1040,6 +1058,10 @@
$(eval $(call assert_boolean,ERRATA_A78_2395406))
$(eval $(call add_define,ERRATA_A78_2395406))
+# Process ERRATA_A78_2742426 flag
+$(eval $(call assert_boolean,ERRATA_A78_2742426))
+$(eval $(call add_define,ERRATA_A78_2742426))
+
# Process ERRATA_A78_2772019 flag
$(eval $(call assert_boolean,ERRATA_A78_2772019))
$(eval $(call add_define,ERRATA_A78_2772019))
@@ -1080,6 +1102,14 @@
$(eval $(call assert_boolean,ERRATA_A78C_2395411))
$(eval $(call add_define,ERRATA_A78C_2395411))
+# Process ERRATA_A78C_2772121 flag
+$(eval $(call assert_boolean,ERRATA_A78C_2772121))
+$(eval $(call add_define,ERRATA_A78C_2772121))
+
+# Process ERRATA_A78C_2779484 flag
+$(eval $(call assert_boolean,ERRATA_A78C_2779484))
+$(eval $(call add_define,ERRATA_A78C_2779484))
+
# Process ERRATA_X1_1821534 flag
$(eval $(call assert_boolean,ERRATA_X1_1821534))
$(eval $(call add_define,ERRATA_X1_1821534))
@@ -1204,6 +1234,10 @@
$(eval $(call assert_boolean,ERRATA_V1_2743093))
$(eval $(call add_define,ERRATA_V1_2743093))
+# Process ERRATA_V1_2743233 flag
+$(eval $(call assert_boolean,ERRATA_V1_2743233))
+$(eval $(call add_define,ERRATA_V1_2743233))
+
# Process ERRATA_V1_2779461 flag
$(eval $(call assert_boolean,ERRATA_V1_2779461))
$(eval $(call add_define,ERRATA_V1_2779461))
diff --git a/lib/cpus/errata_report.c b/lib/cpus/errata_report.c
index 93b2744..5f41aee 100644
--- a/lib/cpus/errata_report.c
+++ b/lib/cpus/errata_report.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -21,7 +21,7 @@
# define BL_STRING "BL31"
#elif !defined(__aarch64__) && defined(IMAGE_BL32)
# define BL_STRING "BL32"
-#elif defined(IMAGE_BL2) && BL2_AT_EL3
+#elif defined(IMAGE_BL2) && RESET_TO_BL2
# define BL_STRING "BL2"
#else
# error This image should not be printing errata status
diff --git a/lib/el3_runtime/aarch32/context_mgmt.c b/lib/el3_runtime/aarch32/context_mgmt.c
index af8edf5..e494a86 100644
--- a/lib/el3_runtime/aarch32/context_mgmt.c
+++ b/lib/el3_runtime/aarch32/context_mgmt.c
@@ -11,6 +11,7 @@
#include <platform_def.h>
#include <arch.h>
+#include <arch_features.h>
#include <arch_helpers.h>
#include <common/bl_common.h>
#include <context.h>
@@ -143,9 +144,9 @@
sys_reg_trace_enable();
#endif /* ENABLE_SYS_REG_TRACE_FOR_NS */
-#if ENABLE_TRF_FOR_NS
- trf_enable();
-#endif /* ENABLE_TRF_FOR_NS */
+ if (is_feat_trf_supported()) {
+ trf_enable();
+ }
#endif
}
diff --git a/lib/el3_runtime/aarch64/context.S b/lib/el3_runtime/aarch64/context.S
index b5d61ff..d439148 100644
--- a/lib/el3_runtime/aarch64/context.S
+++ b/lib/el3_runtime/aarch64/context.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -41,10 +41,6 @@
.global el2_sysregs_context_save_nv2
.global el2_sysregs_context_restore_nv2
#endif /* CTX_INCLUDE_NEVE_REGS */
-#if ENABLE_TRF_FOR_NS
- .global el2_sysregs_context_save_trf
- .global el2_sysregs_context_restore_trf
-#endif /* ENABLE_TRF_FOR_NS */
#if ENABLE_FEAT_CSV2_2
.global el2_sysregs_context_save_csv2
.global el2_sysregs_context_restore_csv2
@@ -257,52 +253,200 @@
mrs x10, MPAM2_EL2
str x10, [x0, #CTX_MPAM2_EL2]
+ mrs x10, MPAMIDR_EL1
+
+ /*
+ * The context registers that we intend to save would be part of the
+ * PE's system register frame only if MPAMIDR_EL1.HAS_HCR == 1.
+ */
+ tbz w10, #MPAMIDR_EL1_HAS_HCR_SHIFT, 3f
+
+ /*
+ * MPAMHCR_EL2, MPAMVPMV_EL2 and MPAMVPM0_EL2 would be present in the
+ * system register frame if MPAMIDR_EL1.HAS_HCR == 1. Proceed to save
+ * the context of these registers.
+ */
mrs x11, MPAMHCR_EL2
mrs x12, MPAMVPM0_EL2
stp x11, x12, [x0, #CTX_MPAMHCR_EL2]
- mrs x13, MPAMVPM1_EL2
- mrs x14, MPAMVPM2_EL2
- stp x13, x14, [x0, #CTX_MPAMVPM1_EL2]
+ mrs x13, MPAMVPMV_EL2
+ str x13, [x0, #CTX_MPAMVPMV_EL2]
- mrs x15, MPAMVPM3_EL2
- mrs x16, MPAMVPM4_EL2
- stp x15, x16, [x0, #CTX_MPAMVPM3_EL2]
+ /*
+ * MPAMIDR_EL1.VPMR_MAX has to be probed to obtain the maximum supported
+ * VPMR value. Proceed to save the context of registers from
+ * MPAMVPM1_EL2 to MPAMVPM<x>_EL2 where x is VPMR_MAX. From MPAM spec,
+ * VPMR_MAX should not be zero if HAS_HCR == 1.
+ */
+ ubfx x10, x10, #MPAMIDR_EL1_VPMR_MAX_SHIFT, \
+ #MPAMIDR_EL1_VPMR_MAX_WIDTH
+
+ /*
+ * Once VPMR_MAX has been identified, calculate the offset relative to
+ * PC to jump to so that relevant context can be saved. The offset is
+ * calculated as (VPMR_POSSIBLE_MAX - VPMR_MAX) * (instruction size for
+ * saving one VPM register) + (absolute address of label "1").
+ */
+ mov w11, #MPAMIDR_EL1_VPMR_MAX_POSSIBLE
+ sub w10, w11, w10
- mrs x9, MPAMVPM5_EL2
- mrs x10, MPAMVPM6_EL2
- stp x9, x10, [x0, #CTX_MPAMVPM5_EL2]
+ /* Calculate the size of one block of MPAMVPM*_EL2 save */
+ adr x11, 1f
+ adr x12, 2f
+ sub x12, x12, x11
- mrs x11, MPAMVPM7_EL2
- mrs x12, MPAMVPMV_EL2
- stp x11, x12, [x0, #CTX_MPAMVPM7_EL2]
- ret
+ madd x10, x10, x12, x11
+ br x10
+
+ /*
+ * The branch above would land properly on one of the blocks following
+ * label "1". Make sure that the order of save is retained.
+ */
+1:
+#if ENABLE_BTI
+ bti j
+#endif
+ mrs x10, MPAMVPM7_EL2
+ str x10, [x0, #CTX_MPAMVPM7_EL2]
+2:
+#if ENABLE_BTI
+ bti j
+#endif
+ mrs x11, MPAMVPM6_EL2
+ str x11, [x0, #CTX_MPAMVPM6_EL2]
+
+#if ENABLE_BTI
+ bti j
+#endif
+ mrs x12, MPAMVPM5_EL2
+ str x12, [x0, #CTX_MPAMVPM5_EL2]
+
+#if ENABLE_BTI
+ bti j
+#endif
+ mrs x13, MPAMVPM4_EL2
+ str x13, [x0, #CTX_MPAMVPM4_EL2]
+
+#if ENABLE_BTI
+ bti j
+#endif
+ mrs x14, MPAMVPM3_EL2
+ str x14, [x0, #CTX_MPAMVPM3_EL2]
+
+#if ENABLE_BTI
+ bti j
+#endif
+ mrs x15, MPAMVPM2_EL2
+ str x15, [x0, #CTX_MPAMVPM2_EL2]
+
+#if ENABLE_BTI
+ bti j
+#endif
+ mrs x16, MPAMVPM1_EL2
+ str x16, [x0, #CTX_MPAMVPM1_EL2]
+
+3: ret
endfunc el2_sysregs_context_save_mpam
func el2_sysregs_context_restore_mpam
ldr x10, [x0, #CTX_MPAM2_EL2]
msr MPAM2_EL2, x10
+ mrs x10, MPAMIDR_EL1
+ /*
+ * The context registers that we intend to restore would be part of the
+ * PE's system register frame only if MPAMIDR_EL1.HAS_HCR == 1.
+ */
+ tbz w10, #MPAMIDR_EL1_HAS_HCR_SHIFT, 3f
+
+ /*
+ * MPAMHCR_EL2, MPAMVPMV_EL2 and MPAMVPM0_EL2 would be present in the
+ * system register frame if MPAMIDR_EL1.HAS_HCR == 1. Proceed to restore
+ * the context of these registers
+ */
ldp x11, x12, [x0, #CTX_MPAMHCR_EL2]
msr MPAMHCR_EL2, x11
msr MPAMVPM0_EL2, x12
- ldp x13, x14, [x0, #CTX_MPAMVPM1_EL2]
- msr MPAMVPM1_EL2, x13
- msr MPAMVPM2_EL2, x14
+ ldr x13, [x0, #CTX_MPAMVPMV_EL2]
+ msr MPAMVPMV_EL2, x13
- ldp x15, x16, [x0, #CTX_MPAMVPM3_EL2]
- msr MPAMVPM3_EL2, x15
- msr MPAMVPM4_EL2, x16
+ /*
+ * MPAMIDR_EL1.VPMR_MAX has to be probed to obtain the maximum supported
+ * VPMR value. Proceed to restore the context of registers from
+ * MPAMVPM1_EL2 to MPAMVPM<x>_EL2 where x is VPMR_MAX. from MPAM spec,
+ * VPMR_MAX should not be zero if HAS_HCR == 1.
+ */
+ ubfx x10, x10, #MPAMIDR_EL1_VPMR_MAX_SHIFT, \
+ #MPAMIDR_EL1_VPMR_MAX_WIDTH
- ldp x9, x10, [x0, #CTX_MPAMVPM5_EL2]
- msr MPAMVPM5_EL2, x9
- msr MPAMVPM6_EL2, x10
+ /*
+ * Once VPMR_MAX has been identified, calculate the offset relative to
+ * PC to jump to so that relevant context can be restored. The offset is
+ * calculated as (VPMR_POSSIBLE_MAX - VPMR_MAX) * (instruction size for
+ * restoring one VPM register) + (absolute address of label "1").
+ */
+ mov w11, #MPAMIDR_EL1_VPMR_MAX_POSSIBLE
+ sub w10, w11, w10
- ldp x11, x12, [x0, #CTX_MPAMVPM7_EL2]
- msr MPAMVPM7_EL2, x11
- msr MPAMVPMV_EL2, x12
- ret
+ /* Calculate the size of one block of MPAMVPM*_EL2 restore */
+ adr x11, 1f
+ adr x12, 2f
+ sub x12, x12, x11
+
+ madd x10, x10, x12, x11
+ br x10
+
+ /*
+ * The branch above would land properly on one of the blocks following
+ * label "1". Make sure that the order of restore is retained.
+ */
+1:
+
+#if ENABLE_BTI
+ bti j
+#endif
+ ldr x10, [x0, #CTX_MPAMVPM7_EL2]
+ msr MPAMVPM7_EL2, x10
+2:
+#if ENABLE_BTI
+ bti j
+#endif
+ ldr x11, [x0, #CTX_MPAMVPM6_EL2]
+ msr MPAMVPM6_EL2, x11
+
+#if ENABLE_BTI
+ bti j
+#endif
+ ldr x12, [x0, #CTX_MPAMVPM5_EL2]
+ msr MPAMVPM5_EL2, x12
+
+#if ENABLE_BTI
+ bti j
+#endif
+ ldr x13, [x0, #CTX_MPAMVPM4_EL2]
+ msr MPAMVPM4_EL2, x13
+
+#if ENABLE_BTI
+ bti j
+#endif
+ ldr x14, [x0, #CTX_MPAMVPM3_EL2]
+ msr MPAMVPM3_EL2, x14
+
+#if ENABLE_BTI
+ bti j
+#endif
+ ldr x15, [x0, #CTX_MPAMVPM2_EL2]
+ msr MPAMVPM2_EL2, x15
+
+#if ENABLE_BTI
+ bti j
+#endif
+ ldr x16, [x0, #CTX_MPAMVPM1_EL2]
+ msr MPAMVPM1_EL2, x16
+
+3: ret
endfunc el2_sysregs_context_restore_mpam
#endif /* ENABLE_MPAM_FOR_LOWER_ELS */
@@ -388,26 +532,6 @@
endfunc el2_sysregs_context_restore_nv2
#endif /* CTX_INCLUDE_NEVE_REGS */
-#if ENABLE_TRF_FOR_NS
-func el2_sysregs_context_save_trf
- /*
- * TRFCR_EL2 register is saved only when FEAT_TRF is supported.
- */
- mrs x12, TRFCR_EL2
- str x12, [x0, #CTX_TRFCR_EL2]
- ret
-endfunc el2_sysregs_context_save_trf
-
-func el2_sysregs_context_restore_trf
- /*
- * TRFCR_EL2 register is restored only when FEAT_TRF is supported.
- */
- ldr x12, [x0, #CTX_TRFCR_EL2]
- msr TRFCR_EL2, x12
- ret
-endfunc el2_sysregs_context_restore_trf
-#endif /* ENABLE_TRF_FOR_NS */
-
#if ENABLE_FEAT_CSV2_2
func el2_sysregs_context_save_csv2
/*
diff --git a/lib/el3_runtime/aarch64/context_mgmt.c b/lib/el3_runtime/aarch64/context_mgmt.c
index 3bcefdb..4d2079d 100644
--- a/lib/el3_runtime/aarch64/context_mgmt.c
+++ b/lib/el3_runtime/aarch64/context_mgmt.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
* Copyright (c) 2022, NVIDIA Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -169,7 +169,12 @@
state = get_el3state_ctx(ctx);
scr_el3 = read_ctx_reg(state, CTX_SCR_EL3);
- scr_el3 |= SCR_NS_BIT | SCR_NSE_BIT | SCR_EnSCXT_BIT;
+ scr_el3 |= SCR_NS_BIT | SCR_NSE_BIT;
+
+#if ENABLE_FEAT_CSV2_2
+ /* Enable access to the SCXTNUM_ELx registers. */
+ scr_el3 |= SCR_EnSCXT_BIT;
+#endif
write_ctx_reg(state, CTX_SCR_EL3, scr_el3);
}
@@ -222,6 +227,11 @@
scr_el3 |= SCR_TERR_BIT;
#endif
+#if ENABLE_FEAT_CSV2_2
+ /* Enable access to the SCXTNUM_ELx registers. */
+ scr_el3 |= SCR_EnSCXT_BIT;
+#endif
+
#ifdef IMAGE_BL31
/*
* SCR_EL3.IRQ, SCR_EL3.FIQ: Enable the physical FIQ and IRQ routing as
@@ -485,21 +495,21 @@
mpam_enable(el2_unused);
#endif
-#if ENABLE_TRBE_FOR_NS
- trbe_enable();
-#endif /* ENABLE_TRBE_FOR_NS */
+ if (is_feat_trbe_supported()) {
+ trbe_enable();
+ }
-#if ENABLE_BRBE_FOR_NS
- brbe_enable();
-#endif /* ENABLE_BRBE_FOR_NS */
+ if (is_feat_brbe_supported()) {
+ brbe_enable();
+ }
#if ENABLE_SYS_REG_TRACE_FOR_NS
sys_reg_trace_enable(ctx);
#endif /* ENABLE_SYS_REG_TRACE_FOR_NS */
-#if ENABLE_TRF_FOR_NS
- trf_enable();
-#endif /* ENABLE_TRF_FOR_NS */
+ if (is_feat_trf_supported()) {
+ trf_enable();
+ }
#endif
}
@@ -795,30 +805,26 @@
static void el2_sysregs_context_save_fgt(el2_sysregs_t *ctx)
{
- if (is_feat_fgt_supported()) {
- write_ctx_reg(ctx, CTX_HDFGRTR_EL2, read_hdfgrtr_el2());
- if (is_feat_amu_supported()) {
- write_ctx_reg(ctx, CTX_HAFGRTR_EL2, read_hafgrtr_el2());
- }
- write_ctx_reg(ctx, CTX_HDFGWTR_EL2, read_hdfgwtr_el2());
- write_ctx_reg(ctx, CTX_HFGITR_EL2, read_hfgitr_el2());
- write_ctx_reg(ctx, CTX_HFGRTR_EL2, read_hfgrtr_el2());
- write_ctx_reg(ctx, CTX_HFGWTR_EL2, read_hfgwtr_el2());
+ write_ctx_reg(ctx, CTX_HDFGRTR_EL2, read_hdfgrtr_el2());
+ if (is_feat_amu_supported()) {
+ write_ctx_reg(ctx, CTX_HAFGRTR_EL2, read_hafgrtr_el2());
}
+ write_ctx_reg(ctx, CTX_HDFGWTR_EL2, read_hdfgwtr_el2());
+ write_ctx_reg(ctx, CTX_HFGITR_EL2, read_hfgitr_el2());
+ write_ctx_reg(ctx, CTX_HFGRTR_EL2, read_hfgrtr_el2());
+ write_ctx_reg(ctx, CTX_HFGWTR_EL2, read_hfgwtr_el2());
}
static void el2_sysregs_context_restore_fgt(el2_sysregs_t *ctx)
{
- if (is_feat_fgt_supported()) {
- write_hdfgrtr_el2(read_ctx_reg(ctx, CTX_HDFGRTR_EL2));
- if (is_feat_amu_supported()) {
- write_hafgrtr_el2(read_ctx_reg(ctx, CTX_HAFGRTR_EL2));
- }
- write_hdfgwtr_el2(read_ctx_reg(ctx, CTX_HDFGWTR_EL2));
- write_hfgitr_el2(read_ctx_reg(ctx, CTX_HFGITR_EL2));
- write_hfgrtr_el2(read_ctx_reg(ctx, CTX_HFGRTR_EL2));
- write_hfgwtr_el2(read_ctx_reg(ctx, CTX_HFGWTR_EL2));
+ write_hdfgrtr_el2(read_ctx_reg(ctx, CTX_HDFGRTR_EL2));
+ if (is_feat_amu_supported()) {
+ write_hafgrtr_el2(read_ctx_reg(ctx, CTX_HAFGRTR_EL2));
}
+ write_hdfgwtr_el2(read_ctx_reg(ctx, CTX_HDFGWTR_EL2));
+ write_hfgitr_el2(read_ctx_reg(ctx, CTX_HFGITR_EL2));
+ write_hfgrtr_el2(read_ctx_reg(ctx, CTX_HFGRTR_EL2));
+ write_hfgwtr_el2(read_ctx_reg(ctx, CTX_HFGWTR_EL2));
}
/*******************************************************************************
@@ -853,7 +859,9 @@
el2_sysregs_context_save_mpam(el2_sysregs_ctx);
#endif
- el2_sysregs_context_save_fgt(el2_sysregs_ctx);
+ if (is_feat_fgt_supported()) {
+ el2_sysregs_context_save_fgt(el2_sysregs_ctx);
+ }
#if ENABLE_FEAT_ECV
el2_sysregs_context_save_ecv(el2_sysregs_ctx);
@@ -867,9 +875,9 @@
#if CTX_INCLUDE_NEVE_REGS
el2_sysregs_context_save_nv2(el2_sysregs_ctx);
#endif
-#if ENABLE_TRF_FOR_NS
- el2_sysregs_context_save_trf(el2_sysregs_ctx);
-#endif
+ if (is_feat_trf_supported()) {
+ write_ctx_reg(el2_sysregs_ctx, CTX_TRFCR_EL2, read_trfcr_el2());
+ }
#if ENABLE_FEAT_CSV2_2
el2_sysregs_context_save_csv2(el2_sysregs_ctx);
#endif
@@ -911,7 +919,9 @@
el2_sysregs_context_restore_mpam(el2_sysregs_ctx);
#endif
- el2_sysregs_context_restore_fgt(el2_sysregs_ctx);
+ if (is_feat_fgt_supported()) {
+ el2_sysregs_context_restore_fgt(el2_sysregs_ctx);
+ }
#if ENABLE_FEAT_ECV
el2_sysregs_context_restore_ecv(el2_sysregs_ctx);
@@ -925,9 +935,9 @@
#if CTX_INCLUDE_NEVE_REGS
el2_sysregs_context_restore_nv2(el2_sysregs_ctx);
#endif
-#if ENABLE_TRF_FOR_NS
- el2_sysregs_context_restore_trf(el2_sysregs_ctx);
-#endif
+ if (is_feat_trf_supported()) {
+ write_trfcr_el2(read_ctx_reg(el2_sysregs_ctx, CTX_TRFCR_EL2));
+ }
#if ENABLE_FEAT_CSV2_2
el2_sysregs_context_restore_csv2(el2_sysregs_ctx);
#endif
diff --git a/lib/extensions/brbe/brbe.c b/lib/extensions/brbe/brbe.c
index 1982619..329cf98 100644
--- a/lib/extensions/brbe/brbe.c
+++ b/lib/extensions/brbe/brbe.c
@@ -12,16 +12,14 @@
{
uint64_t val;
- if (is_feat_brbe_present()) {
- /*
- * MDCR_EL3.SBRBE = 0b01
- *
- * Allows BRBE usage in non-secure world and prohibited in
- * secure world.
- */
- val = read_mdcr_el3();
- val &= ~(MDCR_SBRBE_MASK << MDCR_SBRBE_SHIFT);
- val |= (0x1UL << MDCR_SBRBE_SHIFT);
- write_mdcr_el3(val);
- }
+ /*
+ * MDCR_EL3.SBRBE = 0b01
+ *
+ * Allows BRBE usage in non-secure world and prohibited in
+ * secure world.
+ */
+ val = read_mdcr_el3();
+ val &= ~(MDCR_SBRBE_MASK << MDCR_SBRBE_SHIFT);
+ val |= (0x1UL << MDCR_SBRBE_SHIFT);
+ write_mdcr_el3(val);
}
diff --git a/lib/extensions/trbe/trbe.c b/lib/extensions/trbe/trbe.c
index b346387..fa139ca 100644
--- a/lib/extensions/trbe/trbe.c
+++ b/lib/extensions/trbe/trbe.c
@@ -23,22 +23,20 @@
{
uint64_t val;
- if (is_feat_trbe_present()) {
- /*
- * MDCR_EL3.NSTB = 0b11
- * Allow access of trace buffer control registers from NS-EL1
- * and NS-EL2, tracing is prohibited in Secure and Realm state
- * (if implemented).
- */
- val = read_mdcr_el3();
- val |= MDCR_NSTB(MDCR_NSTB_EL1);
- write_mdcr_el3(val);
- }
+ /*
+ * MDCR_EL3.NSTB = 0b11
+ * Allow access of trace buffer control registers from NS-EL1
+ * and NS-EL2, tracing is prohibited in Secure and Realm state
+ * (if implemented).
+ */
+ val = read_mdcr_el3();
+ val |= MDCR_NSTB(MDCR_NSTB_EL1);
+ write_mdcr_el3(val);
}
static void *trbe_drain_trace_buffers_hook(const void *arg __unused)
{
- if (is_feat_trbe_present()) {
+ if (is_feat_trbe_supported()) {
/*
* Before switching from normal world to secure world
* the trace buffers need to be drained out to memory. This is
diff --git a/lib/extensions/trf/aarch32/trf.c b/lib/extensions/trf/aarch32/trf.c
index 834092d..0c63efa 100644
--- a/lib/extensions/trf/aarch32/trf.c
+++ b/lib/extensions/trf/aarch32/trf.c
@@ -10,26 +10,15 @@
#include <arch_helpers.h>
#include <lib/extensions/trf.h>
-static bool trf_supported(void)
-{
- uint32_t features;
-
- features = read_id_dfr0() >> ID_DFR0_TRACEFILT_SHIFT;
- return ((features & ID_DFR0_TRACEFILT_MASK) ==
- ID_DFR0_TRACEFILT_SUPPORTED);
-}
-
void trf_enable(void)
{
uint32_t val;
- if (trf_supported()) {
- /*
- * Allow access of trace filter control registers from
- * non-monitor mode
- */
- val = read_sdcr();
- val &= ~SDCR_TTRF_BIT;
- write_sdcr(val);
- }
+ /*
+ * Allow access of trace filter control registers from
+ * non-monitor mode
+ */
+ val = read_sdcr();
+ val &= ~SDCR_TTRF_BIT;
+ write_sdcr(val);
}
diff --git a/lib/extensions/trf/aarch64/trf.c b/lib/extensions/trf/aarch64/trf.c
index 1da5dce..941692b 100644
--- a/lib/extensions/trf/aarch64/trf.c
+++ b/lib/extensions/trf/aarch64/trf.c
@@ -4,33 +4,21 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
-#include <stdbool.h>
-
#include <arch.h>
+#include <arch_features.h>
#include <arch_helpers.h>
#include <lib/extensions/trf.h>
-static bool trf_supported(void)
-{
- uint64_t features;
-
- features = read_id_aa64dfr0_el1() >> ID_AA64DFR0_TRACEFILT_SHIFT;
- return ((features & ID_AA64DFR0_TRACEFILT_MASK) ==
- ID_AA64DFR0_TRACEFILT_SUPPORTED);
-}
-
void trf_enable(void)
{
uint64_t val;
- if (trf_supported()) {
- /*
- * MDCR_EL3.TTRF = b0
- * Allow access of trace filter control registers from NS-EL2
- * and NS-EL1 when NS-EL2 is implemented but not used
- */
- val = read_mdcr_el3();
- val &= ~MDCR_TTRF_BIT;
- write_mdcr_el3(val);
- }
+ /*
+ * MDCR_EL3.TTRF = b0
+ * Allow access of trace filter control registers from NS-EL2
+ * and NS-EL1 when NS-EL2 is implemented but not used
+ */
+ val = read_mdcr_el3();
+ val &= ~MDCR_TTRF_BIT;
+ write_mdcr_el3(val);
}
diff --git a/lib/fconf/fconf_cot_getter.c b/lib/fconf/fconf_cot_getter.c
index ae59d8c..1033018 100644
--- a/lib/fconf/fconf_cot_getter.c
+++ b/lib/fconf/fconf_cot_getter.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,8 +7,10 @@
#include <assert.h>
#include <stddef.h>
+#include <mbedtls/version.h>
+
#include <common/fdt_wrappers.h>
-#include MBEDTLS_CONFIG_FILE
+#include <common/tbbr/cot_def.h>
#include <drivers/auth/auth_mod.h>
#include <lib/fconf/fconf.h>
#include <lib/object_pool.h>
diff --git a/lib/fconf/fconf_dyn_cfg_getter.c b/lib/fconf/fconf_dyn_cfg_getter.c
index 351772e..13081b0 100644
--- a/lib/fconf/fconf_dyn_cfg_getter.c
+++ b/lib/fconf/fconf_dyn_cfg_getter.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -31,7 +31,7 @@
* This function is used to alloc memory for config information from
* global pool and set the configuration information.
*/
-void set_config_info(uintptr_t config_addr, uintptr_t ns_config_addr,
+void set_config_info(uintptr_t config_addr, uintptr_t secondary_config_addr,
uint32_t config_max_size,
unsigned int config_id)
{
@@ -39,7 +39,7 @@
dtb_info = pool_alloc(&dtb_info_pool);
dtb_info->config_addr = config_addr;
- dtb_info->ns_config_addr = ns_config_addr;
+ dtb_info->secondary_config_addr = secondary_config_addr;
dtb_info->config_max_size = config_max_size;
dtb_info->config_id = config_id;
}
@@ -106,7 +106,7 @@
fdt_for_each_subnode(child, dtb, node) {
uint32_t config_max_size, config_id;
uintptr_t config_addr;
- uintptr_t ns_config_addr = ~0UL;
+ uintptr_t secondary_config_addr = ~0UL;
uint64_t val64;
/* Read configuration dtb information */
@@ -134,14 +134,16 @@
VERBOSE("\tmax-size = 0x%x\n", config_max_size);
VERBOSE("\tconfig-id = %u\n", config_id);
- rc = fdt_read_uint64(dtb, child, "ns-load-address", &val64);
+ rc = fdt_read_uint64(dtb, child, "secondary-load-address",
+ &val64);
if (rc == 0) {
- ns_config_addr = (uintptr_t)val64;
- VERBOSE("\tns-load-address = %lx\n", ns_config_addr);
+ secondary_config_addr = (uintptr_t)val64;
+ VERBOSE("\tsecondary-load-address = %lx\n",
+ secondary_config_addr);
}
- set_config_info(config_addr, ns_config_addr, config_max_size,
- config_id);
+ set_config_info(config_addr, secondary_config_addr,
+ config_max_size, config_id);
}
if ((child < 0) && (child != -FDT_ERR_NOTFOUND)) {
diff --git a/lib/locks/bakery/bakery_lock_normal.c b/lib/locks/bakery/bakery_lock_normal.c
index faea6c5..3c03ae6 100644
--- a/lib/locks/bakery/bakery_lock_normal.c
+++ b/lib/locks/bakery/bakery_lock_normal.c
@@ -44,7 +44,7 @@
* Using this value, if provided, rather than the linker generated value results in
* more efficient code
*/
-CASSERT((PLAT_PERCPU_BAKERY_LOCK_SIZE & (CACHE_WRITEBACK_GRANULE - 1)) == 0, \
+CASSERT((PLAT_PERCPU_BAKERY_LOCK_SIZE & (CACHE_WRITEBACK_GRANULE - 1)) == 0,
PLAT_PERCPU_BAKERY_LOCK_SIZE_not_cacheline_multiple);
#define PERCPU_BAKERY_LOCK_SIZE (PLAT_PERCPU_BAKERY_LOCK_SIZE)
#else
diff --git a/lib/optee/optee_utils.c b/lib/optee/optee_utils.c
index 6c87b0d..25272fc 100644
--- a/lib/optee/optee_utils.c
+++ b/lib/optee/optee_utils.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -11,42 +11,6 @@
#include <platform_def.h>
-/*
- * load_addr_hi and load_addr_lo: image load address.
- * image_id: 0 - pager, 1 - paged
- * size: image size in bytes.
- */
-typedef struct optee_image {
- uint32_t load_addr_hi;
- uint32_t load_addr_lo;
- uint32_t image_id;
- uint32_t size;
-} optee_image_t;
-
-#define OPTEE_PAGER_IMAGE_ID 0
-#define OPTEE_PAGED_IMAGE_ID 1
-
-#define OPTEE_MAX_NUM_IMAGES 2u
-
-#define TEE_MAGIC_NUM_OPTEE 0x4554504f
-/*
- * magic: header magic number.
- * version: OPTEE header version:
- * 1 - not supported
- * 2 - supported
- * arch: OPTEE os architecture type: 0 - AARCH32, 1 - AARCH64.
- * flags: unused currently.
- * nb_images: number of images.
- */
-typedef struct optee_header {
- uint32_t magic;
- uint8_t version;
- uint8_t arch;
- uint16_t flags;
- uint32_t nb_images;
- optee_image_t optee_image_list[];
-} optee_header_t;
-
/*******************************************************************************
* Check if it is a valid tee header
* Return true if valid
diff --git a/lib/pmf/pmf_main.c b/lib/pmf/pmf_main.c
index 131a055..ce2f0d9 100644
--- a/lib/pmf/pmf_main.c
+++ b/lib/pmf/pmf_main.c
@@ -17,7 +17,7 @@
/*******************************************************************************
* The 'pmf_svc_descs' array holds the PMF service descriptors exported by
- * services by placing them in the 'pmf_svc_descs' linker section.
+ * services by placing them in the '.pmf_svc_descs' linker section.
* The 'pmf_svc_descs_indices' array holds the index of a descriptor in the
* 'pmf_svc_descs' array. The TIF[15:10] bits in the time-stamp id are used
* to get an index into the 'pmf_svc_descs_indices' array. This gives the
diff --git a/lib/psa/rss_platform.c b/lib/psa/rss_platform.c
new file mode 100644
index 0000000..359f894
--- /dev/null
+++ b/lib/psa/rss_platform.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <stdint.h>
+
+#include <psa/client.h>
+#include <psa_manifest/sid.h>
+#include <rss_platform_api.h>
+
+psa_status_t
+rss_platform_nv_counter_increment(uint32_t counter_id)
+{
+ struct psa_invec in_vec[1];
+
+ in_vec[0].base = &counter_id;
+ in_vec[0].len = sizeof(counter_id);
+
+ return psa_call(RSS_PLATFORM_SERVICE_HANDLE,
+ RSS_PLATFORM_API_ID_NV_INCREMENT,
+ in_vec, 1, NULL, 0);
+}
+
+psa_status_t
+rss_platform_nv_counter_read(uint32_t counter_id,
+ uint32_t size, uint8_t *val)
+{
+ struct psa_invec in_vec[1];
+ struct psa_outvec out_vec[1];
+
+ in_vec[0].base = &counter_id;
+ in_vec[0].len = sizeof(counter_id);
+
+ out_vec[0].base = val;
+ out_vec[0].len = size;
+
+ return psa_call(RSS_PLATFORM_SERVICE_HANDLE,
+ RSS_PLATFORM_API_ID_NV_READ,
+ in_vec, 1, out_vec, 1);
+}
diff --git a/lib/psci/psci_common.c b/lib/psci/psci_common.c
index 8d736cc..f233be1 100644
--- a/lib/psci/psci_common.c
+++ b/lib/psci/psci_common.c
@@ -55,7 +55,7 @@
******************************************************************************/
non_cpu_pd_node_t psci_non_cpu_pd_nodes[PSCI_NUM_NON_CPU_PWR_DOMAINS]
#if USE_COHERENT_MEM
-__section("tzfw_coherent_mem")
+__section(".tzfw_coherent_mem")
#endif
;
diff --git a/lib/romlib/romlib.ld.S b/lib/romlib/romlib.ld.S
index 2aac4ad..d54a684 100644
--- a/lib/romlib/romlib.ld.S
+++ b/lib/romlib/romlib.ld.S
@@ -8,37 +8,42 @@
#include <platform_def.h>
MEMORY {
- ROM (rx): ORIGIN = ROMLIB_RO_BASE, LENGTH = ROMLIB_RO_LIMIT - ROMLIB_RO_BASE
- RAM (rwx): ORIGIN = ROMLIB_RW_BASE, LENGTH = ROMLIB_RW_END - ROMLIB_RW_BASE
+ ROM (rx): ORIGIN = ROMLIB_RO_BASE, LENGTH = ROMLIB_RO_LIMIT - ROMLIB_RO_BASE
+ RAM (rwx): ORIGIN = ROMLIB_RW_BASE, LENGTH = ROMLIB_RW_END - ROMLIB_RW_BASE
}
OUTPUT_FORMAT(PLATFORM_LINKER_FORMAT)
OUTPUT_ARCH(PLATFORM_LINKER_ARCH)
ENTRY(jmptbl)
-SECTIONS
-{
- . = ROMLIB_RO_BASE;
- .text : {
- *jmptbl.o(.text)
- *(.text*)
- *(.rodata*)
- } >ROM
+SECTIONS {
+ . = ROMLIB_RO_BASE;
- __DATA_ROM_START__ = LOADADDR(.data);
+ .text : {
+ *jmptbl.o(.text)
+ *(.text*)
+ *(.rodata*)
+ } >ROM
- .data : {
- __DATA_RAM_START__ = .;
- *(.data*)
- __DATA_RAM_END__ = .;
- } >RAM AT>ROM
+ __DATA_ROM_START__ = LOADADDR(.data);
- __DATA_SIZE__ = SIZEOF(.data);
+ .data : {
+ __DATA_RAM_START__ = .;
+
+ *(.data*)
+
+ __DATA_RAM_END__ = .;
+ } >RAM AT>ROM
+
+ __DATA_SIZE__ = SIZEOF(.data);
+
+ .bss : {
+ __BSS_START__ = .;
+
+ *(.bss*)
+
+ __BSS_END__ = .;
+ } >RAM
- .bss : {
- __BSS_START__ = .;
- *(.bss*)
- __BSS_END__ = .;
- } >RAM
- __BSS_SIZE__ = SIZEOF(.bss);
+ __BSS_SIZE__ = SIZEOF(.bss);
}
diff --git a/lib/xlat_tables/aarch32/nonlpae_tables.c b/lib/xlat_tables/aarch32/nonlpae_tables.c
index 7cd509d..5646f34 100644
--- a/lib/xlat_tables/aarch32/nonlpae_tables.c
+++ b/lib/xlat_tables/aarch32/nonlpae_tables.c
@@ -138,10 +138,10 @@
static uintptr_t xlat_max_va;
static uint32_t mmu_l1_base[NUM_1MB_IN_4GB]
- __aligned(MMU32B_L1_TABLE_ALIGN) __attribute__((section("xlat_table")));
+ __aligned(MMU32B_L1_TABLE_ALIGN) __attribute__((section(".xlat_table")));
static uint32_t mmu_l2_base[MAX_XLAT_TABLES][NUM_4K_IN_1MB]
- __aligned(MMU32B_L2_TABLE_ALIGN) __attribute__((section("xlat_table")));
+ __aligned(MMU32B_L2_TABLE_ALIGN) __attribute__((section(".xlat_table")));
/*
* Array of all memory regions stored in order of ascending base address.
@@ -518,9 +518,9 @@
/* Enable Access flag (simplified access permissions) and TEX remap */
write_sctlr(read_sctlr() | SCTLR_AFE_BIT | SCTLR_TRE_BIT);
- prrr = MMU32B_PRRR_IDX(MMU32B_ATTR_DEVICE_INDEX, 1, 0) \
+ prrr = MMU32B_PRRR_IDX(MMU32B_ATTR_DEVICE_INDEX, 1, 0)
| MMU32B_PRRR_IDX(MMU32B_ATTR_IWBWA_OWBWA_INDEX, 2, 1);
- nmrr = MMU32B_NMRR_IDX(MMU32B_ATTR_DEVICE_INDEX, 0, 0) \
+ nmrr = MMU32B_NMRR_IDX(MMU32B_ATTR_DEVICE_INDEX, 0, 0)
| MMU32B_NMRR_IDX(MMU32B_ATTR_IWBWA_OWBWA_INDEX, 1, 1);
prrr |= MMU32B_PRRR_NS1 | MMU32B_PRRR_DS1;
diff --git a/lib/xlat_tables/xlat_tables_common.c b/lib/xlat_tables/xlat_tables_common.c
index 23fe3f0..71273cb 100644
--- a/lib/xlat_tables/xlat_tables_common.c
+++ b/lib/xlat_tables/xlat_tables_common.c
@@ -39,7 +39,7 @@
#define MT_UNKNOWN ~0U
static uint64_t xlat_tables[MAX_XLAT_TABLES][XLAT_TABLE_ENTRIES]
- __aligned(XLAT_TABLE_SIZE) __section("xlat_table");
+ __aligned(XLAT_TABLE_SIZE) __section(".xlat_table");
static unsigned int next_xlat;
static unsigned long long xlat_max_pa;
diff --git a/lib/zlib/crc32.c b/lib/zlib/crc32.c
index f8357b0..21a69a8 100644
--- a/lib/zlib/crc32.c
+++ b/lib/zlib/crc32.c
@@ -279,7 +279,7 @@
combinations of CRC register values and incoming bytes.
*/
-local void make_crc_table()
+local void make_crc_table(void)
{
unsigned i, j, n;
z_crc_t p;
@@ -498,7 +498,7 @@
}
/* Actually do the deed. */
-int main()
+int main(void)
{
make_crc_table();
return 0;
diff --git a/lib/zlib/inflate.c b/lib/zlib/inflate.c
index 8acbef4..aa25e61 100644
--- a/lib/zlib/inflate.c
+++ b/lib/zlib/inflate.c
@@ -342,7 +342,7 @@
a.out > inffixed.h
*/
-void makefixed()
+void makefixed(void)
{
unsigned low, size;
struct inflate_state state;
diff --git a/make_helpers/build_macros.mk b/make_helpers/build_macros.mk
index 426e344..89f43f2 100644
--- a/make_helpers/build_macros.mk
+++ b/make_helpers/build_macros.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -13,6 +13,7 @@
# Some utility macros for manipulating awkward (whitespace) characters.
blank :=
space :=${blank} ${blank}
+comma := ,
# A user defined function to recursively search for a filename below a directory
# $1 is the directory root of the recursive search (blank for current directory).
@@ -86,6 +87,12 @@
$(foreach num,$1,$(eval $(call assert_numeric,$(num))))
endef
+# Convenience function to check for a given linker option. An call to
+# $(call ld_option, --no-XYZ) will return --no-XYZ if supported by the linker
+define ld_option
+ $(shell if $(LD) $(1) -v >/dev/null 2>&1; then echo $(1); fi )
+endef
+
# CREATE_SEQ is a recursive function to create sequence of numbers from 1 to
# $(2) and assign the sequence to $(1)
define CREATE_SEQ
@@ -97,12 +104,6 @@
)
endef
-# IMG_LINKERFILE defines the linker script corresponding to a BL stage
-# $(1) = BL stage
-define IMG_LINKERFILE
- ${BUILD_DIR}/$(1).ld
-endef
-
# IMG_MAPFILE defines the output file describing the memory map corresponding
# to a BL stage
# $(1) = BL stage
@@ -279,10 +280,11 @@
define MAKE_C_LIB
$(eval OBJ := $(1)/$(patsubst %.c,%.o,$(notdir $(2))))
$(eval DEP := $(patsubst %.o,%.d,$(OBJ)))
+$(eval LIB := $(call uppercase, $(notdir $(1))))
$(OBJ): $(2) $(filter-out %.d,$(MAKEFILE_LIST)) | lib$(3)_dirs
$$(ECHO) " CC $$<"
- $$(Q)$$(CC) $$(TF_CFLAGS) $$(CFLAGS) $(MAKE_DEP) -c $$< -o $$@
+ $$(Q)$$(CC) $$($(LIB)_CFLAGS) $$(TF_CFLAGS) $$(CFLAGS) $(MAKE_DEP) -c $$< -o $$@
-include $(DEP)
@@ -457,6 +459,15 @@
$$(Q)$$(AR) cr $$@ $$?
endef
+# Generate the path to one or more preprocessed linker scripts given the paths
+# of their sources.
+#
+# Arguments:
+# $(1) = path to one or more linker script sources
+define linker_script_path
+ $(patsubst %.S,$(BUILD_DIR)/%,$(1))
+endef
+
# MAKE_BL macro defines the targets and options to build each BL image.
# Arguments:
# $(1) = BL stage
@@ -468,17 +479,22 @@
$(eval BL_SOURCES := $($(call uppercase,$(1))_SOURCES))
$(eval SOURCES := $(BL_SOURCES) $(BL_COMMON_SOURCES) $(PLAT_BL_COMMON_SOURCES))
$(eval OBJS := $(addprefix $(BUILD_DIR)/,$(call SOURCES_TO_OBJS,$(SOURCES))))
- $(eval LINKERFILE := $(call IMG_LINKERFILE,$(1)))
$(eval MAPFILE := $(call IMG_MAPFILE,$(1)))
$(eval ELF := $(call IMG_ELF,$(1)))
$(eval DUMP := $(call IMG_DUMP,$(1)))
$(eval BIN := $(call IMG_BIN,$(1)))
$(eval ENC_BIN := $(call IMG_ENC_BIN,$(1)))
- $(eval BL_LINKERFILE := $($(call uppercase,$(1))_LINKERFILE))
$(eval BL_LIBS := $($(call uppercase,$(1))_LIBS))
+
+ $(eval DEFAULT_LINKER_SCRIPT_SOURCE := $($(call uppercase,$(1))_DEFAULT_LINKER_SCRIPT_SOURCE))
+ $(eval DEFAULT_LINKER_SCRIPT := $(call linker_script_path,$(DEFAULT_LINKER_SCRIPT_SOURCE)))
+
+ $(eval LINKER_SCRIPT_SOURCES := $($(call uppercase,$(1))_LINKER_SCRIPT_SOURCES))
+ $(eval LINKER_SCRIPTS := $(call linker_script_path,$(LINKER_SCRIPT_SOURCES)))
+
# We use sort only to get a list of unique object directory names.
# ordering is not relevant but sort removes duplicates.
- $(eval TEMP_OBJ_DIRS := $(sort $(dir ${OBJS} ${LINKERFILE})))
+ $(eval TEMP_OBJ_DIRS := $(sort $(dir ${OBJS} ${DEFAULT_LINKER_SCRIPT} ${LINKER_SCRIPTS})))
# The $(dir ) function leaves a trailing / on the directory names
# Rip off the / to match directory names with make rule targets.
$(eval OBJ_DIRS := $(patsubst %/,%,$(TEMP_OBJ_DIRS)))
@@ -487,7 +503,8 @@
$(eval $(call MAKE_PREREQ_DIR,${BUILD_DIR},${BUILD_PLAT}))
-$(eval $(foreach objd,${OBJ_DIRS},$(call MAKE_PREREQ_DIR,${objd},${BUILD_DIR})))
+$(eval $(foreach objd,${OBJ_DIRS},
+ $(call MAKE_PREREQ_DIR,${objd},${BUILD_DIR})))
.PHONY : ${1}_dirs
@@ -496,7 +513,11 @@
${1}_dirs: | ${OBJ_DIRS}
$(eval $(call MAKE_OBJS,$(BUILD_DIR),$(SOURCES),$(1)))
-$(eval $(call MAKE_LD,$(LINKERFILE),$(BL_LINKERFILE),$(1)))
+
+# Generate targets to preprocess each required linker script
+$(eval $(foreach source,$(DEFAULT_LINKER_SCRIPT_SOURCE) $(LINKER_SCRIPT_SOURCES), \
+ $(call MAKE_LD,$(call linker_script_path,$(source)),$(source),$(1))))
+
$(eval BL_LDFLAGS := $($(call uppercase,$(1))_LDFLAGS))
ifeq ($(USE_ROMLIB),1)
@@ -507,7 +528,7 @@
# object file path, and prebuilt object file path.
$(eval OBJS += $(MODULE_OBJS))
-$(ELF): $(OBJS) $(LINKERFILE) | $(1)_dirs libraries $(BL_LIBS)
+$(ELF): $(OBJS) $(DEFAULT_LINKER_SCRIPT) $(LINKER_SCRIPTS) | $(1)_dirs libraries $(BL_LIBS)
$$(ECHO) " LD $$@"
ifdef MAKE_BUILD_STRINGS
$(call MAKE_BUILD_STRINGS, $(BUILD_DIR)/build_message.o)
@@ -526,11 +547,13 @@
$(BUILD_DIR)/build_message.o $(OBJS)
else ifneq ($(findstring gcc,$(notdir $(LD))),)
$$(Q)$$(LD) -o $$@ $$(TF_LDFLAGS) $$(LDFLAGS) -Wl,-Map=$(MAPFILE) \
- -Wl,-dT $(LINKERFILE) $(EXTRA_LINKERFILE) $(BUILD_DIR)/build_message.o \
+ $(addprefix -Wl$(comma)--script$(comma),$(LINKER_SCRIPTS)) -Wl,--script,$(DEFAULT_LINKER_SCRIPT) \
+ $(BUILD_DIR)/build_message.o \
$(OBJS) $(LDPATHS) $(LIBWRAPPER) $(LDLIBS) $(BL_LIBS)
else
$$(Q)$$(LD) -o $$@ $$(TF_LDFLAGS) $$(LDFLAGS) $(BL_LDFLAGS) -Map=$(MAPFILE) \
- --script $(LINKERFILE) $(BUILD_DIR)/build_message.o \
+ $(addprefix -T ,$(LINKER_SCRIPTS)) --script $(DEFAULT_LINKER_SCRIPT) \
+ $(BUILD_DIR)/build_message.o \
$(OBJS) $(LDPATHS) $(LIBWRAPPER) $(LDLIBS) $(BL_LIBS)
endif
ifeq ($(DISABLE_BIN_GENERATION),1)
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index a66123a..4f94cd0 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2016-2022, Arm Limited. All rights reserved.
+# Copyright (c) 2016-2023, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -30,13 +30,13 @@
BASE_COMMIT := origin/master
# Execute BL2 at EL3
-BL2_AT_EL3 := 0
+RESET_TO_BL2 := 0
# Only use SP packages if SP layout JSON is defined
BL2_ENABLE_SP_LOAD := 0
# BL2 image is stored in XIP memory, for now, this option is only supported
-# when BL2_AT_EL3 is 1.
+# when RESET_TO_BL2 is 1.
BL2_IN_XIP_MEM := 0
# Do dcache invalidate upon BL2 entry at EL3
diff --git a/make_helpers/tbbr/tbbr_tools.mk b/make_helpers/tbbr/tbbr_tools.mk
index 5ef2d85..8605bae 100644
--- a/make_helpers/tbbr/tbbr_tools.mk
+++ b/make_helpers/tbbr/tbbr_tools.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -83,7 +83,7 @@
# Add the BL2 CoT (image cert)
ifeq (${NEED_BL2},yes)
-ifeq (${BL2_AT_EL3}, 0)
+ifeq (${RESET_TO_BL2}, 0)
ifneq (${COT},cca)
$(eval $(call TOOL_ADD_PAYLOAD,${BUILD_PLAT}/tb_fw.crt,--tb-fw-cert))
endif
diff --git a/plat/allwinner/sun50i_h6/sunxi_power.c b/plat/allwinner/sun50i_h6/sunxi_power.c
index d298e6b..1257076 100644
--- a/plat/allwinner/sun50i_h6/sunxi_power.c
+++ b/plat/allwinner/sun50i_h6/sunxi_power.c
@@ -8,8 +8,10 @@
#include <errno.h>
#include <common/debug.h>
+#include <common/fdt_wrappers.h>
#include <drivers/allwinner/axp.h>
#include <drivers/allwinner/sunxi_rsb.h>
+#include <libfdt.h>
#include <lib/mmio.h>
#include <sunxi_cpucfg.h>
@@ -63,7 +65,12 @@
int sunxi_pmic_setup(uint16_t socid, const void *fdt)
{
- int ret;
+ int node, ret;
+
+ node = fdt_node_offset_by_compatible(fdt, 0, "allwinner,sun8i-a23-rsb");
+ if ((node < 0) || !fdt_node_is_enabled(fdt, node)) {
+ return -ENODEV;
+ }
INFO("PMIC: Probing AXP805 on RSB\n");
diff --git a/plat/arm/board/arm_fpga/build_axf.ld.S b/plat/arm/board/arm_fpga/build_axf.ld.S
index d8254e5..bd3d163 100644
--- a/plat/arm/board/arm_fpga/build_axf.ld.S
+++ b/plat/arm/board/arm_fpga/build_axf.ld.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, ARM Limited. All rights reserved.
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -46,7 +46,7 @@
KEEP(*(.kern_tramp))
}
- /DISCARD/ : { *(stacks) }
+ /DISCARD/ : { *(.stacks) }
/DISCARD/ : { *(.debug_*) }
/DISCARD/ : { *(.note*) }
/DISCARD/ : { *(.comment*) }
diff --git a/plat/arm/board/fvp/fconf/fconf_hw_config_getter.c b/plat/arm/board/fvp/fconf/fconf_hw_config_getter.c
index 45e3b7e..43dc17b 100644
--- a/plat/arm/board/fvp/fconf/fconf_hw_config_getter.c
+++ b/plat/arm/board/fvp/fconf/fconf_hw_config_getter.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -18,6 +18,15 @@
struct hw_topology_t soc_topology;
struct uart_serial_config_t uart_serial_config;
struct cpu_timer_t cpu_timer;
+struct ns_dram_layout dram_layout;
+
+/*
+ * Each NS DRAM bank entry is 'reg' node property which is
+ * a sequence of (address, length) pairs of 32-bit values.
+ */
+#define DRAM_ENTRY_SIZE (4UL * sizeof(uint32_t))
+
+CASSERT(ARM_DRAM_NUM_BANKS == 2UL, ARM_DRAM_NUM_BANKS_mismatch);
#define ILLEGAL_ADDR ULL(~0)
@@ -293,7 +302,58 @@
return 0;
}
+int fconf_populate_dram_layout(uintptr_t config)
+{
+ int node, len;
+ const uint32_t *reg;
+
+ /* Necessary to work with libfdt APIs */
+ const void *hw_config_dtb = (const void *)config;
+
+ /* Find 'memory' node */
+ node = fdt_node_offset_by_prop_value(hw_config_dtb, -1, "device_type",
+ "memory", sizeof("memory"));
+ if (node < 0) {
+ WARN("FCONF: Unable to locate 'memory' node\n");
+ return node;
+ }
+
+ reg = fdt_getprop(hw_config_dtb, node, "reg", &len);
+ if (reg == NULL) {
+ ERROR("FCONF failed to read 'reg' property\n");
+ return len;
+ }
+
+ switch (len) {
+ case DRAM_ENTRY_SIZE:
+ /* 1 DRAM bank */
+ dram_layout.num_banks = 1UL;
+ break;
+ case 2UL * DRAM_ENTRY_SIZE:
+ /* 2 DRAM banks */
+ dram_layout.num_banks = 2UL;
+ break;
+ default:
+ ERROR("FCONF: Invalid 'memory' node\n");
+ return -FDT_ERR_BADLAYOUT;
+ }
+
+ for (unsigned long i = 0UL; i < dram_layout.num_banks; i++) {
+ int err = fdt_get_reg_props_by_index(
+ hw_config_dtb, node, (int)i,
+ &dram_layout.dram_bank[i].base,
+ (size_t *)&dram_layout.dram_bank[i].size);
+ if (err < 0) {
+ ERROR("FCONF: Failed to read 'reg' property #%lu of 'memory' node\n", i);
+ return err;
+ }
+ }
+
+ return 0;
+}
+
FCONF_REGISTER_POPULATOR(HW_CONFIG, gicv3_config, fconf_populate_gicv3_config);
FCONF_REGISTER_POPULATOR(HW_CONFIG, topology, fconf_populate_topology);
FCONF_REGISTER_POPULATOR(HW_CONFIG, uart_config, fconf_populate_uart_config);
FCONF_REGISTER_POPULATOR(HW_CONFIG, cpu_timer, fconf_populate_cpu_timer);
+FCONF_REGISTER_POPULATOR(HW_CONFIG, dram_layout, fconf_populate_dram_layout);
diff --git a/plat/arm/board/fvp/fdts/fvp_fw_config.dts b/plat/arm/board/fvp/fdts/fvp_fw_config.dts
index 577ac74..4adf5d5 100644
--- a/plat/arm/board/fvp/fdts/fvp_fw_config.dts
+++ b/plat/arm/board/fvp/fdts/fvp_fw_config.dts
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -22,7 +22,7 @@
load-address = <0x0 0x07f00000>;
max-size = <0x00100000>;
id = <HW_CONFIG_ID>;
- ns-load-address = <0x0 0x82000000>;
+ secondary-load-address = <0x0 0x82000000>;
};
/*
@@ -40,7 +40,11 @@
/* If required, SPD should enable loading of trusted OS fw config */
#if defined(SPD_tspd) || defined(SPD_spmd)
tos_fw-config {
+
load-address = <0x0 0x04001500>;
+#if ENABLE_RME
+ secondary-load-address = <0x0 0x7e00000>;
+#endif /* ENABLE_RME */
max-size = <0xB00>;
id = <TOS_FW_CONFIG_ID>;
};
diff --git a/plat/arm/board/fvp/fvp_bl2_setup.c b/plat/arm/board/fvp/fvp_bl2_setup.c
index 74e5d72..b93922a 100644
--- a/plat/arm/board/fvp/fvp_bl2_setup.c
+++ b/plat/arm/board/fvp/fvp_bl2_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -45,7 +45,7 @@
arm_bl_params = arm_get_next_bl_params();
-#if !BL2_AT_EL3 && !EL3_PAYLOAD_BASE
+#if !RESET_TO_BL2 && !EL3_PAYLOAD_BASE
const struct dyn_cfg_dtb_info_t *fw_config_info;
uintptr_t fw_config_base = 0UL;
entry_point_info_t *ep_info;
@@ -82,7 +82,7 @@
assert(param_node != NULL);
/* Copy HW config from Secure address to NS address */
- memcpy((void *)hw_config_info->ns_config_addr,
+ memcpy((void *)hw_config_info->secondary_config_addr,
(void *)hw_config_info->config_addr,
(size_t)param_node->image_info.image_size);
@@ -91,15 +91,15 @@
* a possibility to use HW-config without cache and MMU enabled
* at BL33
*/
- flush_dcache_range(hw_config_info->ns_config_addr,
+ flush_dcache_range(hw_config_info->secondary_config_addr,
param_node->image_info.image_size);
param_node = get_bl_mem_params_node(BL33_IMAGE_ID);
assert(param_node != NULL);
/* Update BL33's ep info with NS HW config address */
- param_node->ep_info.args.arg1 = hw_config_info->ns_config_addr;
-#endif /* !BL2_AT_EL3 && !EL3_PAYLOAD_BASE */
+ param_node->ep_info.args.arg1 = hw_config_info->secondary_config_addr;
+#endif /* !RESET_TO_BL2 && !EL3_PAYLOAD_BASE */
return arm_bl_params;
}
diff --git a/plat/arm/board/fvp/fvp_bl31_setup.c b/plat/arm/board/fvp/fvp_bl31_setup.c
index dd90965..e46dbc9 100644
--- a/plat/arm/board/fvp/fvp_bl31_setup.c
+++ b/plat/arm/board/fvp/fvp_bl31_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -25,7 +25,7 @@
/* Initialize the console to provide early debug support */
arm_console_boot_init();
-#if !RESET_TO_BL31 && !BL2_AT_EL3
+#if !RESET_TO_BL31 && !RESET_TO_BL2
const struct dyn_cfg_dtb_info_t *soc_fw_config_info;
INFO("BL31 FCONF: FW_CONFIG address = %lx\n", (uintptr_t)arg1);
@@ -45,9 +45,9 @@
*/
hw_config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, HW_CONFIG_ID);
assert(hw_config_info != NULL);
- assert(hw_config_info->ns_config_addr != 0UL);
- arg2 = hw_config_info->ns_config_addr;
-#endif /* !RESET_TO_BL31 && !BL2_AT_EL3 */
+ assert(hw_config_info->secondary_config_addr != 0UL);
+ arg2 = hw_config_info->secondary_config_addr;
+#endif /* !RESET_TO_BL31 && !RESET_TO_BL2 */
arm_bl31_early_platform_setup((void *)arg0, arg1, arg2, (void *)arg3);
@@ -93,7 +93,7 @@
* TODO: remove the ARM_XLAT_TABLES_LIB_V1 check when its support
* gets deprecated.
*/
-#if !RESET_TO_BL31 && !BL2_AT_EL3 && !ARM_XLAT_TABLES_LIB_V1
+#if !RESET_TO_BL31 && !RESET_TO_BL2 && !ARM_XLAT_TABLES_LIB_V1
assert(hw_config_info != NULL);
assert(hw_config_info->config_addr != 0UL);
@@ -129,14 +129,14 @@
rc);
panic();
}
-#endif /* !RESET_TO_BL31 && !BL2_AT_EL3 && !ARM_XLAT_TABLES_LIB_V1 */
+#endif /* !RESET_TO_BL31 && !RESET_TO_BL2 && !ARM_XLAT_TABLES_LIB_V1 */
}
unsigned int plat_get_syscnt_freq2(void)
{
unsigned int counter_base_frequency;
-#if !RESET_TO_BL31 && !BL2_AT_EL3
+#if !RESET_TO_BL31 && !RESET_TO_BL2
/* Get the frequency through FCONF API for HW_CONFIG */
counter_base_frequency = FCONF_GET_PROPERTY(hw_config, cpu_timer, clock_freq);
if (counter_base_frequency > 0U) {
diff --git a/plat/arm/board/fvp/fvp_common.c b/plat/arm/board/fvp/fvp_common.c
index f5d9940..f500f3a 100644
--- a/plat/arm/board/fvp/fvp_common.c
+++ b/plat/arm/board/fvp/fvp_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -12,19 +12,19 @@
#include <drivers/arm/gicv2.h>
#include <drivers/arm/sp804_delay_timer.h>
#include <drivers/generic_delay_timer.h>
+#include <fconf_hw_config_getter.h>
#include <lib/mmio.h>
#include <lib/smccc.h>
#include <lib/xlat_tables/xlat_tables_compat.h>
#include <platform_def.h>
#include <services/arm_arch_svc.h>
-#if ENABLE_RME
#include <services/rmm_core_manifest.h>
-#endif
#if SPM_MM
#include <services/spm_mm_partition.h>
#endif
#include <plat/arm/common/arm_config.h>
+#include <plat/arm/common/arm_pas_def.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
@@ -123,13 +123,13 @@
MAP_DEVICE2,
#endif /* TRUSTED_BOARD_BOOT */
-#if CRYPTO_SUPPORT && !BL2_AT_EL3
+#if CRYPTO_SUPPORT && !RESET_TO_BL2
/*
* To access shared the Mbed TLS heap while booting the
* system with Crypto support
*/
ARM_MAP_BL1_RW,
-#endif /* CRYPTO_SUPPORT && !BL2_AT_EL3 */
+#endif /* CRYPTO_SUPPORT && !RESET_TO_BL2 */
#if SPM_MM || SPMC_AT_EL3
ARM_SP_IMAGE_MMAP,
#endif
@@ -180,8 +180,8 @@
#if defined(IMAGE_BL31) && SPM_MM
const mmap_region_t plat_arm_secure_partition_mmap[] = {
V2M_MAP_IOFPGA_EL0, /* for the UART */
- MAP_REGION_FLAT(DEVICE0_BASE, \
- DEVICE0_SIZE, \
+ MAP_REGION_FLAT(DEVICE0_BASE,
+ DEVICE0_SIZE,
MT_DEVICE | MT_RO | MT_SECURE | MT_USER),
ARM_SP_IMAGE_MMAP,
ARM_SP_IMAGE_NS_BUF_MMAP,
@@ -531,15 +531,73 @@
return (size_t)RMM_SHARED_SIZE;
}
-int plat_rmmd_load_manifest(rmm_manifest_t *manifest)
+int plat_rmmd_load_manifest(struct rmm_manifest *manifest)
{
+ uint64_t checksum, num_banks;
+ struct ns_dram_bank *bank_ptr;
+
assert(manifest != NULL);
+ /* Get number of DRAM banks */
+ num_banks = FCONF_GET_PROPERTY(hw_config, dram_layout, num_banks);
+ assert(num_banks <= ARM_DRAM_NUM_BANKS);
+
manifest->version = RMMD_MANIFEST_VERSION;
manifest->padding = 0U; /* RES0 */
manifest->plat_data = (uintptr_t)NULL;
+ manifest->plat_dram.num_banks = num_banks;
+
+ /*
+ * Array ns_dram_banks[] follows ns_dram_info structure:
+ *
+ * +-----------------------------------+
+ * | offset | field | comment |
+ * +----------+-----------+------------+
+ * | 0 | version | 0x00000002 |
+ * +----------+-----------+------------+
+ * | 4 | padding | 0x00000000 |
+ * +----------+-----------+------------+
+ * | 8 | plat_data | NULL |
+ * +----------+-----------+------------+
+ * | 16 | num_banks | |
+ * +----------+-----------+ |
+ * | 24 | banks | plat_dram |
+ * +----------+-----------+ |
+ * | 32 | checksum | |
+ * +----------+-----------+------------+
+ * | 40 | base 0 | |
+ * +----------+-----------+ bank[0] |
+ * | 48 | size 0 | |
+ * +----------+-----------+------------+
+ * | 56 | base 1 | |
+ * +----------+-----------+ bank[1] |
+ * | 64 | size 1 | |
+ * +----------+-----------+------------+
+ */
+ bank_ptr = (struct ns_dram_bank *)
+ ((uintptr_t)&manifest->plat_dram.checksum +
+ sizeof(manifest->plat_dram.checksum));
+
+ manifest->plat_dram.banks = bank_ptr;
+
+ /* Calculate checksum of plat_dram structure */
+ checksum = num_banks + (uint64_t)bank_ptr;
+
+ /* Store FVP DRAM banks data in Boot Manifest */
+ for (unsigned long i = 0UL; i < num_banks; i++) {
+ uintptr_t base = FCONF_GET_PROPERTY(hw_config, dram_layout, dram_bank[i].base);
+ uint64_t size = FCONF_GET_PROPERTY(hw_config, dram_layout, dram_bank[i].size);
+
+ bank_ptr[i].base = base;
+ bank_ptr[i].size = size;
+
+ /* Update checksum */
+ checksum += base + size;
+ }
+
+ /* Checksum must be 0 */
+ manifest->plat_dram.checksum = ~checksum + 1UL;
return 0;
}
-
-#endif
+#endif /* ENABLE_RME */
diff --git a/plat/arm/board/fvp/fvp_console.c b/plat/arm/board/fvp/fvp_console.c
index 1a6cd42..3aa454b 100644
--- a/plat/arm/board/fvp/fvp_console.c
+++ b/plat/arm/board/fvp/fvp_console.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -24,9 +24,9 @@
/*
* fconf APIs are not supported for RESET_TO_SP_MIN, RESET_TO_BL31 and
- * BL2_AT_EL3 systems.
+ * RESET_TO_BL2 systems.
*/
-#if RESET_TO_SP_MIN || RESET_TO_BL31 || BL2_AT_EL3
+#if RESET_TO_SP_MIN || RESET_TO_BL31 || RESET_TO_BL2
uart_base = PLAT_ARM_RUN_UART_BASE;
uart_clk = PLAT_ARM_RUN_UART_CLK_IN_HZ;
#else
diff --git a/plat/arm/board/fvp/fvp_el3_spmc.c b/plat/arm/board/fvp/fvp_el3_spmc.c
index 2b347ed..6b44f63 100644
--- a/plat/arm/board/fvp/fvp_el3_spmc.c
+++ b/plat/arm/board/fvp/fvp_el3_spmc.c
@@ -18,7 +18,7 @@
#define PLAT_SPMC_SHMEM_DATASTORE_SIZE 512 * 1024
-__section("arm_el3_tzc_dram") static uint8_t
+__section(".arm_el3_tzc_dram") static uint8_t
plat_spmc_shmem_datastore[PLAT_SPMC_SHMEM_DATASTORE_SIZE];
int plat_spmc_shmem_datastore_get(uint8_t **datastore, size_t *size)
diff --git a/plat/arm/board/fvp/fvp_plat_attest_token.c b/plat/arm/board/fvp/fvp_plat_attest_token.c
index 4dd37a4..dda2156 100644
--- a/plat/arm/board/fvp/fvp_plat_attest_token.c
+++ b/plat/arm/board/fvp/fvp_plat_attest_token.c
@@ -10,88 +10,90 @@
/* Using hardcoded token values for AEM FVP */
static uint8_t platform_token[] = {
- 0xD2, 0x84, 0x40, 0xA0, 0x59, 0x02, 0x46, 0xA9,
- 0x19, 0x01, 0x09, 0x78, 0x1C, 0x68, 0x74, 0x74,
- 0x70, 0x3A, 0x2F, 0x2F, 0x61, 0x72, 0x6D, 0x2E,
- 0x63, 0x6F, 0x6D, 0x2F, 0x43, 0x43, 0x41, 0x2D,
- 0x53, 0x53, 0x44, 0x2F, 0x31, 0x2E, 0x30, 0x2E,
- 0x30, 0x0A, 0x58, 0x20, 0x07, 0x06, 0x05, 0x04,
- 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E, 0x0D, 0x0C,
- 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16, 0x15, 0x14,
- 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E, 0x1D, 0x1C,
- 0x1B, 0x1A, 0x19, 0x18, 0x19, 0x09, 0x5C, 0x58,
- 0x40, 0x7F, 0x45, 0x4C, 0x46, 0x02, 0x01, 0x01,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x03, 0x00, 0x3E, 0x00, 0x01, 0x00, 0x00,
- 0x00, 0x50, 0x58, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0xA0, 0x03, 0x02, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x38,
- 0x00, 0x09, 0x00, 0x40, 0x00, 0x1C, 0x00, 0x1B,
- 0x00, 0x19, 0x01, 0x00, 0x58, 0x21, 0x01, 0x07,
- 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F,
- 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17,
- 0x16, 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F,
- 0x1E, 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0x19,
- 0x09, 0x61, 0x58, 0x21, 0x01, 0x07, 0x06, 0x05,
- 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E, 0x0D,
- 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16, 0x15,
- 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E, 0x1D,
- 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0x19, 0x09, 0x5B,
- 0x19, 0x30, 0x03, 0x19, 0x09, 0x62, 0x67, 0x73,
- 0x68, 0x61, 0x2D, 0x32, 0x35, 0x36, 0x19, 0x09,
- 0x5F, 0x84, 0xA5, 0x01, 0x62, 0x42, 0x4C, 0x05,
- 0x58, 0x20, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02,
- 0x01, 0x00, 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A,
- 0x09, 0x08, 0x17, 0x16, 0x15, 0x14, 0x13, 0x12,
- 0x11, 0x10, 0x1F, 0x1E, 0x1D, 0x1C, 0x1B, 0x1A,
- 0x19, 0x18, 0x04, 0x65, 0x33, 0x2E, 0x34, 0x2E,
- 0x32, 0x02, 0x58, 0x20, 0x07, 0x06, 0x05, 0x04,
- 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E, 0x0D, 0x0C,
- 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16, 0x15, 0x14,
- 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E, 0x1D, 0x1C,
- 0x1B, 0x1A, 0x19, 0x18, 0x06, 0x67, 0x73, 0x68,
- 0x61, 0x2D, 0x32, 0x35, 0x36, 0xA4, 0x01, 0x62,
- 0x4D, 0x31, 0x05, 0x58, 0x20, 0x07, 0x06, 0x05,
- 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E, 0x0D,
- 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16, 0x15,
- 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E, 0x1D,
- 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0x04, 0x63, 0x31,
- 0x2E, 0x32, 0x02, 0x58, 0x20, 0x07, 0x06, 0x05,
- 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E, 0x0D,
- 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16, 0x15,
- 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E, 0x1D,
- 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0xA4, 0x01, 0x62,
- 0x4D, 0x32, 0x05, 0x58, 0x20, 0x07, 0x06, 0x05,
- 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E, 0x0D,
- 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16, 0x15,
- 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E, 0x1D,
- 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0x04, 0x65, 0x31,
- 0x2E, 0x32, 0x2E, 0x33, 0x02, 0x58, 0x20, 0x07,
- 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F,
- 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17,
- 0x16, 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F,
- 0x1E, 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0xA4,
- 0x01, 0x62, 0x4D, 0x33, 0x05, 0x58, 0x20, 0x07,
- 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F,
- 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17,
- 0x16, 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F,
- 0x1E, 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0x04,
- 0x61, 0x31, 0x02, 0x58, 0x20, 0x07, 0x06, 0x05,
- 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E, 0x0D,
- 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16, 0x15,
- 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E, 0x1D,
- 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0x19, 0x09, 0x60,
- 0x6C, 0x77, 0x68, 0x61, 0x74, 0x65, 0x76, 0x65,
- 0x72, 0x2E, 0x63, 0x6F, 0x6D, 0x58, 0x40, 0x84,
- 0x32, 0x12, 0x5B, 0x92, 0x6B, 0x20, 0xD8, 0x14,
- 0xC1, 0xC1, 0x8C, 0x3C, 0x73, 0xB8, 0x29, 0x0F,
- 0x42, 0xBC, 0x0B, 0x25, 0x87, 0x5C, 0x4F, 0xA4,
- 0xFA, 0xD9, 0xDE, 0xC1, 0x2B, 0x20, 0xED, 0xDF,
- 0x1C, 0xDD, 0x1A, 0x09, 0xBD, 0xA0, 0x25, 0x48,
- 0xC6, 0xBB, 0x99, 0xA1, 0x30, 0x4F, 0x2C, 0xDC,
- 0x89, 0xE8, 0xB7, 0xFF, 0x32, 0xE9, 0x3F, 0xBB,
- 0xC6, 0xBF, 0x9D, 0x38, 0x68, 0xE1, 0xB2,
+ 0xD2, 0x84, 0x44, 0xA1, 0x01, 0x38, 0x22, 0xA0,
+ 0x59, 0x02, 0x33, 0xA9, 0x19, 0x01, 0x09, 0x78,
+ 0x1C, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F,
+ 0x61, 0x72, 0x6D, 0x2E, 0x63, 0x6F, 0x6D, 0x2F,
+ 0x43, 0x43, 0x41, 0x2D, 0x53, 0x53, 0x44, 0x2F,
+ 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x0A, 0x58, 0x20,
+ 0xB5, 0x97, 0x3C, 0xB6, 0x8B, 0xAA, 0x9F, 0xC5,
+ 0x55, 0x58, 0x78, 0x6B, 0x7E, 0xC6, 0x7F, 0x69,
+ 0xE4, 0x0D, 0xF5, 0xBA, 0x5A, 0xA9, 0x21, 0xCD,
+ 0x0C, 0x27, 0xF4, 0x05, 0x87, 0xA0, 0x11, 0xEA,
+ 0x19, 0x09, 0x5C, 0x58, 0x20, 0x7F, 0x45, 0x4C,
+ 0x46, 0x02, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x3E,
+ 0x00, 0x01, 0x00, 0x00, 0x00, 0x50, 0x58, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x19, 0x01, 0x00,
+ 0x58, 0x21, 0x01, 0x07, 0x06, 0x05, 0x04, 0x03,
+ 0x02, 0x01, 0x00, 0x0F, 0x0E, 0x0D, 0x0C, 0x0B,
+ 0x0A, 0x09, 0x08, 0x17, 0x16, 0x15, 0x14, 0x13,
+ 0x12, 0x11, 0x10, 0x1F, 0x1E, 0x1D, 0x1C, 0x1B,
+ 0x1A, 0x19, 0x18, 0x19, 0x09, 0x61, 0x58, 0x21,
+ 0x01, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01,
+ 0x00, 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09,
+ 0x08, 0x17, 0x16, 0x15, 0x14, 0x13, 0x12, 0x11,
+ 0x10, 0x1F, 0x1E, 0x1D, 0x1C, 0x1B, 0x1A, 0x19,
+ 0x18, 0x19, 0x09, 0x5B, 0x19, 0x30, 0x03, 0x19,
+ 0x09, 0x62, 0x67, 0x73, 0x68, 0x61, 0x2D, 0x32,
+ 0x35, 0x36, 0x19, 0x09, 0x5F, 0x84, 0xA5, 0x01,
+ 0x62, 0x42, 0x4C, 0x05, 0x58, 0x20, 0x07, 0x06,
+ 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E,
+ 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16,
+ 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E,
+ 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0x04, 0x65,
+ 0x33, 0x2E, 0x34, 0x2E, 0x32, 0x02, 0x58, 0x20,
+ 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
+ 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08,
+ 0x17, 0x16, 0x15, 0x14, 0x13, 0x12, 0x11, 0x10,
+ 0x1F, 0x1E, 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18,
+ 0x06, 0x74, 0x54, 0x46, 0x2D, 0x4D, 0x5F, 0x53,
+ 0x48, 0x41, 0x32, 0x35, 0x36, 0x4D, 0x65, 0x6D,
+ 0x50, 0x72, 0x65, 0x58, 0x49, 0x50, 0xA4, 0x01,
+ 0x62, 0x4D, 0x31, 0x05, 0x58, 0x20, 0x07, 0x06,
+ 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E,
+ 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16,
+ 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E,
+ 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0x04, 0x63,
+ 0x31, 0x2E, 0x32, 0x02, 0x58, 0x20, 0x07, 0x06,
+ 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E,
+ 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16,
+ 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E,
+ 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0xA4, 0x01,
+ 0x62, 0x4D, 0x32, 0x05, 0x58, 0x20, 0x07, 0x06,
+ 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E,
+ 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16,
+ 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E,
+ 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0x04, 0x65,
+ 0x31, 0x2E, 0x32, 0x2E, 0x33, 0x02, 0x58, 0x20,
+ 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
+ 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08,
+ 0x17, 0x16, 0x15, 0x14, 0x13, 0x12, 0x11, 0x10,
+ 0x1F, 0x1E, 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18,
+ 0xA4, 0x01, 0x62, 0x4D, 0x33, 0x05, 0x58, 0x20,
+ 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
+ 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08,
+ 0x17, 0x16, 0x15, 0x14, 0x13, 0x12, 0x11, 0x10,
+ 0x1F, 0x1E, 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18,
+ 0x04, 0x61, 0x31, 0x02, 0x58, 0x20, 0x07, 0x06,
+ 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x0F, 0x0E,
+ 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x17, 0x16,
+ 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, 0x1F, 0x1E,
+ 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0x19, 0x09,
+ 0x60, 0x6C, 0x77, 0x68, 0x61, 0x74, 0x65, 0x76,
+ 0x65, 0x72, 0x2E, 0x63, 0x6F, 0x6D, 0x58, 0x60,
+ 0xE6, 0xB6, 0x38, 0x4F, 0xAE, 0x3F, 0x6E, 0x67,
+ 0xF5, 0xD4, 0x97, 0x4B, 0x3F, 0xFD, 0x0A, 0xFA,
+ 0x1D, 0xF0, 0x2F, 0x73, 0xB8, 0xFF, 0x5F, 0x02,
+ 0xC0, 0x0F, 0x40, 0xAC, 0xF3, 0xA2, 0x9D, 0xB5,
+ 0x31, 0x50, 0x16, 0x4F, 0xFA, 0x34, 0x3D, 0x0E,
+ 0xAF, 0xE0, 0xD0, 0xD1, 0x6C, 0xF0, 0x9D, 0xC1,
+ 0x01, 0x42, 0xA2, 0x3C, 0xCE, 0xD4, 0x4A, 0x59,
+ 0xDC, 0x29, 0x0A, 0x30, 0x93, 0x5F, 0xB4, 0x98,
+ 0x61, 0xBA, 0xE3, 0x91, 0x22, 0x95, 0x24, 0xF4,
+ 0xAE, 0x47, 0x93, 0xD3, 0x84, 0xA3, 0x76, 0xD0,
+ 0xC1, 0x26, 0x96, 0x53, 0xA3, 0x60, 0x3F, 0x6C,
+ 0x75, 0x96, 0x90, 0x6A, 0xF9, 0x4E, 0xDA, 0x30
};
int plat_rmmd_get_cca_attest_token(uintptr_t buf, size_t *len,
diff --git a/plat/arm/board/fvp/fvp_topology.c b/plat/arm/board/fvp/fvp_topology.c
index 80cfbd5..971e35b 100644
--- a/plat/arm/board/fvp/fvp_topology.c
+++ b/plat/arm/board/fvp/fvp_topology.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -34,9 +34,9 @@
/*
* fconf APIs are not supported for RESET_TO_SP_MIN, RESET_TO_BL31 and
- * BL2_AT_EL3 systems.
+ * RESET_TO_BL2 systems.
*/
-#if RESET_TO_SP_MIN || RESET_TO_BL31 || BL2_AT_EL3
+#if RESET_TO_SP_MIN || RESET_TO_BL31 || RESET_TO_BL2
cluster_count = FVP_CLUSTER_COUNT;
cpus_per_cluster = FVP_MAX_CPUS_PER_CLUSTER * FVP_MAX_PE_PER_CPU;
#else
diff --git a/plat/arm/board/fvp/include/fconf_hw_config_getter.h b/plat/arm/board/fvp/include/fconf_hw_config_getter.h
index ca85f7a..b7a1247 100644
--- a/plat/arm/board/fvp/include/fconf_hw_config_getter.h
+++ b/plat/arm/board/fvp/include/fconf_hw_config_getter.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -8,12 +8,16 @@
#define FCONF_HW_CONFIG_GETTER_H
#include <lib/fconf/fconf.h>
+#include <services/rmm_core_manifest.h>
+
+#include <plat/arm/common/arm_def.h>
/* Hardware Config related getter */
#define hw_config__gicv3_config_getter(prop) gicv3_config.prop
#define hw_config__topology_getter(prop) soc_topology.prop
#define hw_config__uart_serial_config_getter(prop) uart_serial_config.prop
#define hw_config__cpu_timer_getter(prop) cpu_timer.prop
+#define hw_config__dram_layout_getter(prop) dram_layout.prop
struct gicv3_config_t {
uint64_t gicd_base;
@@ -36,13 +40,21 @@
uint32_t clock_freq;
};
+struct ns_dram_layout {
+ uint64_t num_banks;
+ struct ns_dram_bank dram_bank[ARM_DRAM_NUM_BANKS];
+};
+
int fconf_populate_gicv3_config(uintptr_t config);
int fconf_populate_topology(uintptr_t config);
int fconf_populate_uart_config(uintptr_t config);
int fconf_populate_cpu_timer(uintptr_t config);
+int fconf_populate_dram_layout(uintptr_t config);
extern struct gicv3_config_t gicv3_config;
extern struct hw_topology_t soc_topology;
extern struct uart_serial_config_t uart_serial_config;
extern struct cpu_timer_t cpu_timer;
+extern struct ns_dram_layout dram_layout;
+
#endif /* FCONF_HW_CONFIG_GETTER_H */
diff --git a/plat/arm/board/fvp/include/platform_def.h b/plat/arm/board/fvp/include/platform_def.h
index 1ef6c87..52146a3 100644
--- a/plat/arm/board/fvp/include/platform_def.h
+++ b/plat/arm/board/fvp/include/platform_def.h
@@ -16,6 +16,10 @@
#include "../fvp_def.h"
+#if TRUSTED_BOARD_BOOT
+#include MBEDTLS_CONFIG_FILE
+#endif
+
/* Required platform porting definitions */
#define PLATFORM_CORE_COUNT (U(FVP_CLUSTER_COUNT) * \
U(FVP_MAX_CPUS_PER_CLUSTER) * \
@@ -171,7 +175,11 @@
* PLAT_ARM_MAX_BL1_RW_SIZE is calculated using the current BL1 RW debug size
* plus a little space for growth.
*/
+#if TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA
+#define PLAT_ARM_MAX_BL1_RW_SIZE UL(0xC000)
+#else
#define PLAT_ARM_MAX_BL1_RW_SIZE UL(0xB000)
+#endif
/*
* PLAT_ARM_MAX_ROMLIB_RW_SIZE is define to use a full page
@@ -191,10 +199,12 @@
* PLAT_ARM_MAX_BL2_SIZE is calculated using the current BL2 debug size plus a
* little space for growth.
*/
-#if TRUSTED_BOARD_BOOT && COT_DESC_IN_DTB
+#if CRYPTO_SUPPORT
+#if (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA) || COT_DESC_IN_DTB
# define PLAT_ARM_MAX_BL2_SIZE (UL(0x1E000) - FVP_BL2_ROMLIB_OPTIMIZATION)
-#elif CRYPTO_SUPPORT
+#else
# define PLAT_ARM_MAX_BL2_SIZE (UL(0x1D000) - FVP_BL2_ROMLIB_OPTIMIZATION)
+#endif
#elif ARM_BL31_IN_DRAM
/* When ARM_BL31_IN_DRAM is set, BL2 can use almost all of Trusted SRAM. */
# define PLAT_ARM_MAX_BL2_SIZE (UL(0x1F000) - FVP_BL2_ROMLIB_OPTIMIZATION)
diff --git a/plat/arm/board/fvp/jmptbl.i b/plat/arm/board/fvp/jmptbl.i
index 85e6e3a..927ffef 100644
--- a/plat/arm/board/fvp/jmptbl.i
+++ b/plat/arm/board/fvp/jmptbl.i
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -21,6 +21,7 @@
fdt fdt_setprop_inplace
fdt fdt_check_header
fdt fdt_node_offset_by_compatible
+fdt fdt_node_offset_by_prop_value
fdt fdt_setprop_inplace_namelen_partial
fdt fdt_first_subnode
fdt fdt_next_subnode
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index efbf68f..6e95fdc 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -65,7 +65,8 @@
plat/common/plat_gicv3.c \
plat/arm/common/arm_gicv3.c
- ifeq ($(filter 1,${BL2_AT_EL3} ${RESET_TO_BL31} ${RESET_TO_SP_MIN}),)
+ ifeq ($(filter 1,${RESET_TO_BL2} \
+ ${RESET_TO_BL31} ${RESET_TO_SP_MIN}),)
FVP_GIC_SOURCES += plat/arm/board/fvp/fvp_gicv3.c
endif
@@ -202,7 +203,7 @@
BL31_SOURCES += plat/arm/board/fvp/fvp_sync_traps.c
endif
-ifeq (${BL2_AT_EL3},1)
+ifeq (${RESET_TO_BL2},1)
BL2_SOURCES += plat/arm/board/fvp/${ARCH}/fvp_helpers.S \
plat/arm/board/fvp/fvp_bl2_el3_setup.c \
${FVP_CPU_LIBS} \
@@ -238,7 +239,7 @@
# Support for fconf in BL31
# Added separately from the above list for better readability
-ifeq ($(filter 1,${BL2_AT_EL3} ${RESET_TO_BL31}),)
+ifeq ($(filter 1,${RESET_TO_BL2} ${RESET_TO_BL31}),)
BL31_SOURCES += lib/fconf/fconf.c \
lib/fconf/fconf_dyn_cfg_getter.c \
plat/arm/board/fvp/fconf/fconf_hw_config_getter.c
@@ -338,7 +339,7 @@
endif
# Enable the dynamic translation tables library.
-ifeq ($(filter 1,${BL2_AT_EL3} ${ARM_XLAT_TABLES_LIB_V1}),)
+ifeq ($(filter 1,${RESET_TO_BL2} ${ARM_XLAT_TABLES_LIB_V1}),)
ifeq (${ARCH},aarch32)
BL32_CPPFLAGS += -DPLAT_XLAT_TABLES_DYNAMIC
else # AArch64
@@ -364,7 +365,7 @@
# Add support for platform supplied linker script for BL31 build
$(eval $(call add_define,PLAT_EXTRA_LD_SCRIPT))
-ifneq (${BL2_AT_EL3}, 0)
+ifneq (${RESET_TO_BL2}, 0)
override BL1_SOURCES =
endif
@@ -446,14 +447,14 @@
endif
# enable trace buffer control registers access to NS by default
-ENABLE_TRBE_FOR_NS := 1
+ENABLE_TRBE_FOR_NS := 2
# enable branch record buffer control registers access in NS by default
# only enable for aarch64
# do not enable when ENABLE_RME=1
ifeq (${ARCH}, aarch64)
ifeq (${ENABLE_RME},0)
- ENABLE_BRBE_FOR_NS := 1
+ ENABLE_BRBE_FOR_NS := 2
endif
endif
@@ -461,7 +462,7 @@
ENABLE_SYS_REG_TRACE_FOR_NS := 1
# enable trace filter control registers access to NS by default
-ENABLE_TRF_FOR_NS := 1
+ENABLE_TRF_FOR_NS := 2
# Linux relies on EL3 enablement if those features are present
ENABLE_FEAT_FGT := 2
diff --git a/plat/arm/board/fvp/sp_min/fvp_sp_min_setup.c b/plat/arm/board/fvp/sp_min/fvp_sp_min_setup.c
index 9ab36a6..b961da9 100644
--- a/plat/arm/board/fvp/sp_min/fvp_sp_min_setup.c
+++ b/plat/arm/board/fvp/sp_min/fvp_sp_min_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -22,7 +22,7 @@
/* Initialize the console to provide early debug support */
arm_console_boot_init();
-#if !RESET_TO_SP_MIN && !BL2_AT_EL3
+#if !RESET_TO_SP_MIN && !RESET_TO_BL2
INFO("SP_MIN FCONF: FW_CONFIG address = %lx\n", (uintptr_t)arg1);
/* Fill the properties struct with the info from the config dtb */
@@ -32,7 +32,7 @@
if (tos_fw_config_info != NULL) {
arg1 = tos_fw_config_info->config_addr;
}
-#endif /* !RESET_TO_SP_MIN && !BL2_AT_EL3 */
+#endif /* !RESET_TO_SP_MIN && !RESET_TO_BL2 */
arm_sp_min_early_platform_setup((void *)arg0, arg1, arg2, (void *)arg3);
@@ -68,13 +68,14 @@
* For RESET_TO_SP_MIN systems, SP_MIN(BL32) is the first bootloader
* to run. So there is no BL2 to load the HW_CONFIG dtb into memory
* before control is passed to SP_MIN.
- * Also, BL2 skips loading HW_CONFIG dtb for BL2_AT_EL3 builds.
- * The code below relies on dynamic mapping capability, which is not
- * supported by xlat tables lib V1.
+ * Also, BL2 skips loading HW_CONFIG dtb for
+ * RESET_TO_BL2 builds.
+ * The code below relies on dynamic mapping capability,
+ * which is not supported by xlat tables lib V1.
* TODO: remove the ARM_XLAT_TABLES_LIB_V1 check when its support
* gets deprecated.
*/
-#if !RESET_TO_SP_MIN && !BL2_AT_EL3 && !ARM_XLAT_TABLES_LIB_V1
+#if !RESET_TO_SP_MIN && !RESET_TO_BL2 && !ARM_XLAT_TABLES_LIB_V1
hw_config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, HW_CONFIG_ID);
assert(hw_config_info != NULL);
assert(hw_config_info->config_addr != 0UL);
@@ -117,5 +118,5 @@
rc);
panic();
}
-#endif /* !RESET_TO_SP_MIN && !BL2_AT_EL3 && !ARM_XLAT_TABLES_LIB_V1 */
+#endif /*!RESET_TO_SP_MIN && !RESET_TO_BL2 && !ARM_XLAT_TABLES_LIB_V1*/
}
diff --git a/plat/arm/board/fvp/sp_min/sp_min-fvp.mk b/plat/arm/board/fvp/sp_min/sp_min-fvp.mk
index 183d802..4ddba6f 100644
--- a/plat/arm/board/fvp/sp_min/sp_min-fvp.mk
+++ b/plat/arm/board/fvp/sp_min/sp_min-fvp.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2016-2022, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2016-2023, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -23,7 +23,7 @@
# Support for fconf in SP_MIN(BL32)
# Added separately from the above list for better readability
-ifeq ($(filter 1,${BL2_AT_EL3} ${RESET_TO_SP_MIN}),)
+ifeq ($(filter 1,${RESET_TO_BL2} ${RESET_TO_SP_MIN}),)
BL32_SOURCES += lib/fconf/fconf.c \
lib/fconf/fconf_dyn_cfg_getter.c \
plat/arm/board/fvp/fconf/fconf_hw_config_getter.c \
diff --git a/plat/arm/board/fvp_r/fvp_r_bl1_setup.c b/plat/arm/board/fvp_r/fvp_r_bl1_setup.c
index 1ac0a9c..a642929 100644
--- a/plat/arm/board/fvp_r/fvp_r_bl1_setup.c
+++ b/plat/arm/board/fvp_r/fvp_r_bl1_setup.c
@@ -109,10 +109,10 @@
ARM_MAP_BL_COHERENT_RAM,
#endif
/* DRAM1_region: */
- MAP_REGION_FLAT( \
- PLAT_ARM_DRAM1_BASE, \
- PLAT_ARM_DRAM1_SIZE, \
- MT_MEMORY | MT_SECURE | MT_EXECUTE \
+ MAP_REGION_FLAT(
+ PLAT_ARM_DRAM1_BASE,
+ PLAT_ARM_DRAM1_SIZE,
+ MT_MEMORY | MT_SECURE | MT_EXECUTE
| MT_RW | MT_NON_CACHEABLE),
/* NULL terminator: */
{0}
diff --git a/plat/arm/board/fvp_r/fvp_r_debug.S b/plat/arm/board/fvp_r/fvp_r_debug.S
index 88f0a29..cc5ffc0 100644
--- a/plat/arm/board/fvp_r/fvp_r_debug.S
+++ b/plat/arm/board/fvp_r/fvp_r_debug.S
@@ -11,7 +11,7 @@
.globl el2_panic
/***********************************************************
- * The common implementation of do_panic for all BL stages
+ * The common implementation of el3_panic for all BL stages
***********************************************************/
.section .rodata.panic_str, "aS"
diff --git a/plat/arm/board/juno/juno_common.c b/plat/arm/board/juno/juno_common.c
index 038f604..451c7df 100644
--- a/plat/arm/board/juno/juno_common.c
+++ b/plat/arm/board/juno/juno_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -50,7 +50,7 @@
ARM_MAP_OPTEE_CORE_MEM,
ARM_OPTEE_PAGEABLE_LOAD_MEM,
#endif
-#if TRUSTED_BOARD_BOOT && !BL2_AT_EL3
+#if TRUSTED_BOARD_BOOT && !RESET_TO_BL2
ARM_MAP_BL1_RW,
#endif
{0}
diff --git a/plat/arm/board/morello/fdts/morello_fw_config.dts b/plat/arm/board/morello/fdts/morello_fw_config.dts
index c47bae5..a63d7eb 100644
--- a/plat/arm/board/morello/fdts/morello_fw_config.dts
+++ b/plat/arm/board/morello/fdts/morello_fw_config.dts
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -19,8 +19,14 @@
nt_fw-config {
load-address = <0x0 0xFEF00000>;
- max-size = <0x0100000>;
+ max-size = <0xF8000>;
id = <NT_FW_CONFIG_ID>;
};
+
+ hw-config {
+ load-address = <0x0 0xFEFF8000>;
+ max-size = <0x8000>;
+ id = <HW_CONFIG_ID>;
+ };
};
};
diff --git a/plat/arm/board/morello/include/platform_def.h b/plat/arm/board/morello/include/platform_def.h
index 08e2d60..76e63aa 100644
--- a/plat/arm/board/morello/include/platform_def.h
+++ b/plat/arm/board/morello/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -191,4 +191,7 @@
/* Number of SCMI channels on the platform */
#define PLAT_ARM_SCMI_CHANNEL_COUNT U(1)
+/* Platform ID address */
+#define SSC_VERSION (SSC_REG_BASE + SSC_VERSION_OFFSET)
+
#endif /* PLATFORM_DEF_H */
diff --git a/plat/arm/board/morello/morello_bl2_setup.c b/plat/arm/board/morello/morello_bl2_setup.c
index da1f7ae..ec87a8e 100644
--- a/plat/arm/board/morello/morello_bl2_setup.c
+++ b/plat/arm/board/morello/morello_bl2_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -33,6 +33,7 @@
* - remote_chip_count
* - multichip mode
* - scc configuration
+ * - silicon revision
*/
struct morello_plat_info {
uint64_t local_ddr_size;
@@ -40,6 +41,7 @@
uint8_t remote_chip_count;
bool multichip_mode;
uint32_t scc_config;
+ uint32_t silicon_revision;
} __packed;
#endif
diff --git a/plat/arm/board/morello/morello_bl31_setup.c b/plat/arm/board/morello/morello_bl31_setup.c
index e04587d..8f01592 100644
--- a/plat/arm/board/morello/morello_bl31_setup.c
+++ b/plat/arm/board/morello/morello_bl31_setup.c
@@ -1,16 +1,57 @@
/*
- * Copyright (c) 2020-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <drivers/arm/css/css_mhu_doorbell.h>
#include <drivers/arm/css/scmi.h>
+#include <drivers/arm/css/sds.h>
+#include <lib/smccc.h>
#include <plat/arm/common/plat_arm.h>
+#include <services/arm_arch_svc.h>
#include "morello_def.h"
#include <platform_def.h>
+#ifdef TARGET_PLATFORM_FVP
+/*
+ * Platform information structure stored in SDS.
+ * This structure holds information about platform's DDR
+ * size
+ * - Local DDR size in bytes, DDR memory in main board
+ */
+struct morello_plat_info {
+ uint64_t local_ddr_size;
+} __packed;
+#else
+/*
+ * Platform information structure stored in SDS.
+ * This structure holds information about platform's DDR
+ * size which is an information about multichip setup
+ * - Local DDR size in bytes, DDR memory in main board
+ * - Remote DDR size in bytes, DDR memory in remote board
+ * - remote_chip_count
+ * - multichip mode
+ * - scc configuration
+ * - silicon revision
+ */
+struct morello_plat_info {
+ uint64_t local_ddr_size;
+ uint64_t remote_ddr_size;
+ uint8_t remote_chip_count;
+ bool multichip_mode;
+ uint32_t scc_config;
+ uint32_t silicon_revision;
+} __packed;
+
+struct morello_plat_info plat_info;
+#endif
+
+/* Compile time assertion to ensure the size of structure is of the required bytes */
+CASSERT(sizeof(struct morello_plat_info) == MORELLO_SDS_PLATFORM_INFO_SIZE,
+ assert_invalid_plat_info_size);
+
static scmi_channel_plat_info_t morello_scmi_plat_info = {
.scmi_mbx_mem = MORELLO_SCMI_PAYLOAD_BASE,
.db_reg_addr = PLAT_CSS_MHU_BASE + CSS_SCMI_MHU_DB_REG_OFF,
@@ -31,5 +72,63 @@
void bl31_platform_setup(void)
{
+#ifdef TARGET_PLATFORM_SOC
+ int ret;
+
+ ret = sds_init();
+ if (ret != SDS_OK) {
+ ERROR("SDS initialization failed. ret:%d\n", ret);
+ panic();
+ }
+
+ ret = sds_struct_read(MORELLO_SDS_PLATFORM_INFO_STRUCT_ID,
+ MORELLO_SDS_PLATFORM_INFO_OFFSET,
+ &plat_info,
+ MORELLO_SDS_PLATFORM_INFO_SIZE,
+ SDS_ACCESS_MODE_NON_CACHED);
+ if (ret != SDS_OK) {
+ ERROR("Error getting platform info from SDS. ret:%d\n", ret);
+ panic();
+ }
+#endif
arm_bl31_platform_setup();
}
+
+#ifdef TARGET_PLATFORM_SOC
+/*****************************************************************************
+ * plat_is_smccc_feature_available() - This function checks whether SMCCC
+ * feature is availabile for platform.
+ * @fid: SMCCC function id
+ *
+ * Return SMC_ARCH_CALL_SUCCESS if SMCCC feature is available and
+ * SMC_ARCH_CALL_NOT_SUPPORTED otherwise.
+ *****************************************************************************/
+int32_t plat_is_smccc_feature_available(u_register_t fid)
+{
+ switch (fid) {
+ case SMCCC_ARCH_SOC_ID:
+ return SMC_ARCH_CALL_SUCCESS;
+ default:
+ return SMC_ARCH_CALL_NOT_SUPPORTED;
+ }
+}
+
+/* Get SOC version */
+int32_t plat_get_soc_version(void)
+{
+ int ssc_version;
+
+ ssc_version = mmio_read_32(SSC_VERSION);
+
+ return (int32_t)
+ (SOC_ID_SET_JEP_106(ARM_SOC_CONTINUATION_CODE,
+ ARM_SOC_IDENTIFICATION_CODE) |
+ (GET_SSC_VERSION_PART_NUM(ssc_version) & SOC_ID_IMPL_DEF_MASK));
+}
+
+/* Get SOC revision */
+int32_t plat_get_soc_revision(void)
+{
+ return (int32_t)plat_info.silicon_revision;
+}
+#endif
diff --git a/plat/arm/board/morello/morello_def.h b/plat/arm/board/morello/morello_def.h
index f154924..2898774 100644
--- a/plat/arm/board/morello/morello_def.h
+++ b/plat/arm/board/morello/morello_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -21,7 +21,7 @@
#ifdef TARGET_PLATFORM_FVP
# define MORELLO_SDS_PLATFORM_INFO_SIZE U(8)
#else
-# define MORELLO_SDS_PLATFORM_INFO_SIZE U(22)
+# define MORELLO_SDS_PLATFORM_INFO_SIZE U(26)
#endif
#define MORELLO_MAX_DDR_CAPACITY U(0x1000000000)
#define MORELLO_MAX_REMOTE_CHIP_COUNT U(16)
diff --git a/plat/arm/board/morello/morello_image_load.c b/plat/arm/board/morello/morello_image_load.c
index 52d46f3..5fc87a0 100644
--- a/plat/arm/board/morello/morello_image_load.c
+++ b/plat/arm/board/morello/morello_image_load.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -34,6 +34,7 @@
* - remote_chip_count
* - multichip mode
* - scc configuration
+ * - silicon revision
*/
struct morello_plat_info {
uint64_t local_ddr_size;
@@ -41,6 +42,7 @@
uint8_t remote_chip_count;
bool multichip_mode;
uint32_t scc_config;
+ uint32_t silicon_revision;
} __packed;
#endif
diff --git a/plat/arm/board/morello/morello_plat.c b/plat/arm/board/morello/morello_plat.c
index 1da0ff9..2ca3d08 100644
--- a/plat/arm/board/morello/morello_plat.c
+++ b/plat/arm/board/morello/morello_plat.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -42,7 +42,7 @@
MORELLO_MAP_NS_SRAM,
ARM_MAP_DRAM1,
ARM_MAP_DRAM2,
-#if TRUSTED_BOARD_BOOT && !BL2_AT_EL3
+#if TRUSTED_BOARD_BOOT && !RESET_TO_BL2
ARM_MAP_BL1_RW,
#endif
{0}
diff --git a/plat/arm/board/morello/platform.mk b/plat/arm/board/morello/platform.mk
index 156b7ea..0f0cabb 100644
--- a/plat/arm/board/morello/platform.mk
+++ b/plat/arm/board/morello/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2020-2022, Arm Limited. All rights reserved.
+# Copyright (c) 2020-2023, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -59,11 +59,14 @@
${MORELLO_BASE}/fdts/morello_nt_fw_config.dts
FW_CONFIG := ${BUILD_PLAT}/fdts/morello_fw_config.dtb
+HW_CONFIG := ${BUILD_PLAT}/fdts/morello-${TARGET_PLATFORM}.dtb
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/morello_tb_fw_config.dtb
NT_FW_CONFIG := ${BUILD_PLAT}/fdts/morello_nt_fw_config.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
+# Add the HW_CONFIG to FIP and specify the same to certtool
+$(eval $(call TOOL_ADD_PAYLOAD,${HW_CONFIG},--hw-config,${HW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG}))
# Add the NT_FW_CONFIG to FIP and specify the same to certtool
diff --git a/plat/arm/board/n1sdp/n1sdp_plat.c b/plat/arm/board/n1sdp/n1sdp_plat.c
index 502268c..747ff06 100644
--- a/plat/arm/board/n1sdp/n1sdp_plat.c
+++ b/plat/arm/board/n1sdp/n1sdp_plat.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -33,7 +33,7 @@
N1SDP_MAP_NS_SRAM,
ARM_MAP_DRAM1,
ARM_MAP_DRAM2,
-#if TRUSTED_BOARD_BOOT && !BL2_AT_EL3
+#if TRUSTED_BOARD_BOOT && !RESET_TO_BL2
ARM_MAP_BL1_RW,
#endif
{0}
diff --git a/plat/arm/board/rde1edge/rde1edge_topology.c b/plat/arm/board/rde1edge/rde1edge_topology.c
index a16283e..91cc37e 100644
--- a/plat/arm/board/rde1edge/rde1edge_topology.c
+++ b/plat/arm/board/rde1edge/rde1edge_topology.c
@@ -31,6 +31,6 @@
* to the SCMI power domain ID implemented by SCP.
******************************************************************************/
const uint32_t plat_css_core_pos_to_scmi_dmn_id_map[] = {
- 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, \
+ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31
};
diff --git a/plat/arm/board/tc/include/platform_def.h b/plat/arm/board/tc/include/platform_def.h
index 5341458..eea1be6 100644
--- a/plat/arm/board/tc/include/platform_def.h
+++ b/plat/arm/board/tc/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -304,4 +304,17 @@
/* virtual address used by dynamic mem_protect for chunk_base */
#define PLAT_ARM_MEM_PROTEC_VA_FRAME UL(0xc0000000)
+#if ARM_GPT_SUPPORT
+/*
+ * This overrides the default PLAT_ARM_FIP_OFFSET_IN_GPT in board_css_def.h.
+ * Offset of the FIP in the GPT image. BL1 component uses this option
+ * as it does not load the partition table to get the FIP base
+ * address. At sector 48 for TC to align with ATU page size boundaries (8KiB)
+ * (i.e. after reserved sectors 0-47).
+ * Offset = 48 * 512 = 0x6000
+ */
+#undef PLAT_ARM_FIP_OFFSET_IN_GPT
+#define PLAT_ARM_FIP_OFFSET_IN_GPT 0x6000
+#endif /* ARM_GPT_SUPPORT */
+
#endif /* PLATFORM_DEF_H */
diff --git a/plat/arm/board/tc/include/tc_plat.h b/plat/arm/board/tc/include/tc_plat.h
index f7ce2fe..ba1831f 100644
--- a/plat/arm/board/tc/include/tc_plat.h
+++ b/plat/arm/board/tc/include/tc_plat.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -11,6 +11,7 @@
#ifdef PLATFORM_TEST
void run_platform_tests(void);
+void nv_counter_test(void);
#endif
#endif /* TC_PLAT_H */
diff --git a/plat/arm/board/tc/nv_counter_test.c b/plat/arm/board/tc/nv_counter_test.c
new file mode 100644
index 0000000..76c9915
--- /dev/null
+++ b/plat/arm/board/tc/nv_counter_test.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2023, ARM Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stdint.h>
+#include <stdio.h>
+
+#include <drivers/arm/rss_comms.h>
+#include <plat/common/platform.h>
+#include "rss_platform_api.h"
+
+#include <platform_def.h>
+
+void nv_counter_test(void)
+{
+ psa_status_t status;
+ uint32_t old_val;
+ uint32_t new_val;
+ uint32_t id;
+
+ status = rss_comms_init(PLAT_RSS_AP_SND_MHU_BASE, PLAT_RSS_AP_RCV_MHU_BASE);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to initialize RSS communication channel\n");
+ plat_error_handler(-1);
+ }
+
+ for (id = 0; id < 3; id++) {
+ status = rss_platform_nv_counter_read(id, sizeof(old_val), (uint8_t *)&old_val);
+ if (status != PSA_SUCCESS) {
+ printf("Failed during first id=(%d) rss_platform_nv_counter_read\n",
+ id);
+ plat_error_handler(-1);
+ }
+
+ status = rss_platform_nv_counter_increment(id);
+ if (status != PSA_SUCCESS) {
+ printf("Failed during id=(%d) rss_platform_nv_counter_increment\n",
+ id);
+ plat_error_handler(-1);
+ }
+
+ status = rss_platform_nv_counter_read(id, sizeof(new_val), (uint8_t *)&new_val);
+ if (status != PSA_SUCCESS) {
+ printf("Failed during second id=(%d) rss_platform_nv_counter_read\n",
+ id);
+ plat_error_handler(-1);
+ }
+
+ if (old_val + 1 != new_val) {
+ printf("Failed nv_counter_test: old_val (%d) + 1 != new_val (%d)\n",
+ old_val, new_val);
+ plat_error_handler(-1);
+ }
+ }
+ printf("Passed nv_counter_test\n");
+}
diff --git a/plat/arm/board/tc/platform.mk b/plat/arm/board/tc/platform.mk
index 2182477..05dca91 100644
--- a/plat/arm/board/tc/platform.mk
+++ b/plat/arm/board/tc/platform.mk
@@ -1,4 +1,4 @@
-# Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+# Copyright (c) 2021-2023, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -196,10 +196,30 @@
endif
-# Add this include as first, before arm_common.mk. This is necessary because
-# arm_common.mk builds Mbed TLS, and platform_test.mk can change the list of
-# Mbed TLS files that are to be compiled (LIBMBEDTLS_SRCS).
-include plat/arm/board/tc/platform_test.mk
+ifeq (${PLATFORM_TEST},rss-nv-counters)
+ include drivers/arm/rss/rss_comms.mk
+
+ # Test code.
+ BL31_SOURCES += plat/arm/board/tc/nv_counter_test.c
+
+ # Code under testing.
+ BL31_SOURCES += lib/psa/rss_platform.c \
+ drivers/arm/rss/rss_comms.c \
+ ${RSS_COMMS_SOURCES}
+
+ PLAT_INCLUDES += -Iinclude/lib/psa
+
+ $(eval $(call add_define,PLATFORM_TEST))
+else ifeq (${PLATFORM_TEST},tfm-testsuite)
+ # Add this include as first, before arm_common.mk. This is necessary
+ # because arm_common.mk builds Mbed TLS, and platform_test.mk can
+ # change the list of Mbed TLS files that are to be compiled
+ # (LIBMBEDTLS_SRCS).
+ include plat/arm/board/tc/platform_test.mk
+else ifneq (${PLATFORM_TEST},)
+ $(error "Unsupported PLATFORM_TEST value")
+endif
+
include plat/arm/common/arm_common.mk
include plat/arm/css/common/css_common.mk
diff --git a/plat/arm/board/tc/platform_test.mk b/plat/arm/board/tc/platform_test.mk
index c2ee69e..5cdbb86 100644
--- a/plat/arm/board/tc/platform_test.mk
+++ b/plat/arm/board/tc/platform_test.mk
@@ -1,9 +1,9 @@
-# Copyright (c) 2022, Arm Limited. All rights reserved.
+# Copyright (c) 2022-2023, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
-ifeq (${PLATFORM_TEST},1)
+ifeq (${PLATFORM_TEST},tfm-testsuite)
# The variables need to be set to compile the platform test:
ifeq (${TF_M_TESTS_PATH},)
diff --git a/plat/arm/board/tc/tc_bl31_setup.c b/plat/arm/board/tc/tc_bl31_setup.c
index c79558d..1c1e2fb 100644
--- a/plat/arm/board/tc/tc_bl31_setup.c
+++ b/plat/arm/board/tc/tc_bl31_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -52,9 +52,13 @@
void tc_bl31_common_platform_setup(void)
{
arm_bl31_platform_setup();
-#ifdef PLATFORM_TEST
- run_platform_tests();
+#ifdef PLATFORM_TEST
+#if PLATFORM_TEST == rss-nv-counters
+ nv_counter_test();
+#elif PLATFORM_TEST == tfm-testsuite
+ run_platform_tests()
+#endif
/* Suspend booting */
plat_error_handler(-1);
#endif
diff --git a/plat/arm/board/tc/tc_plat.c b/plat/arm/board/tc/tc_plat.c
index 77db023..228f2fa 100644
--- a/plat/arm/board/tc/tc_plat.c
+++ b/plat/arm/board/tc/tc_plat.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -48,7 +48,7 @@
#if SPM_MM
ARM_SP_IMAGE_MMAP,
#endif
-#if TRUSTED_BOARD_BOOT && !BL2_AT_EL3
+#if TRUSTED_BOARD_BOOT && !RESET_TO_BL2
ARM_MAP_BL1_RW,
#endif
#ifdef SPD_opteed
diff --git a/plat/arm/common/aarch64/arm_helpers.S b/plat/arm/common/aarch64/arm_helpers.S
index b470781..ed85ea1 100644
--- a/plat/arm/common/aarch64/arm_helpers.S
+++ b/plat/arm/common/aarch64/arm_helpers.S
@@ -129,7 +129,7 @@
* Single cpu stack in coherent memory.
* ----------------------------------------------------
*/
-declare_stack platform_coherent_stacks, tzfw_coherent_mem, \
+declare_stack platform_coherent_stacks, .tzfw_coherent_mem, \
PLATFORM_STACK_SIZE, 1, CACHE_WRITEBACK_GRANULE
#endif /* defined(IMAGE_BL1) || defined(IMAGE_BL2) */
diff --git a/plat/arm/common/aarch64/arm_sdei.c b/plat/arm/common/aarch64/arm_sdei.c
index 3c74a46..2e76118 100644
--- a/plat/arm/common/aarch64/arm_sdei.c
+++ b/plat/arm/common/aarch64/arm_sdei.c
@@ -38,7 +38,7 @@
}
for (i = 0; i < FCONF_GET_PROPERTY(sdei, dyn_config, shared_ev_cnt); i++) {
- arm_sdei_shared[i] = (sdei_ev_map_t)SDEI_SHARED_EVENT( \
+ arm_sdei_shared[i] = (sdei_ev_map_t)SDEI_SHARED_EVENT(
FCONF_GET_PROPERTY(sdei, dyn_config, shared_ev_nums[i]),
FCONF_GET_PROPERTY(sdei, dyn_config, shared_ev_intrs[i]),
FCONF_GET_PROPERTY(sdei, dyn_config, shared_ev_flags[i]));
diff --git a/plat/arm/common/arm_bl2_el3_setup.c b/plat/arm/common/arm_bl2_el3_setup.c
index 97b5a88..b598c59 100644
--- a/plat/arm/common/arm_bl2_el3_setup.c
+++ b/plat/arm/common/arm_bl2_el3_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -34,7 +34,7 @@
/*
* Allow BL2 to see the whole Trusted RAM. This is determined
* statically since we cannot rely on BL1 passing this information
- * in the BL2_AT_EL3 case.
+ * in the RESET_TO_BL2 case.
*/
bl2_el3_tzram_layout.total_base = ARM_BL_RAM_BASE;
bl2_el3_tzram_layout.total_size = ARM_BL_RAM_SIZE;
@@ -71,7 +71,9 @@
{
#if USE_COHERENT_MEM
- /* Ensure ARM platforms dont use coherent memory in BL2_AT_EL3 */
+ /* Ensure ARM platforms dont use coherent memory
+ * in RESET_TO_BL2
+ */
assert(BL_COHERENT_RAM_END - BL_COHERENT_RAM_BASE == 0U);
#endif
diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c
index 02e419a..b142b62 100644
--- a/plat/arm/common/arm_bl2_setup.c
+++ b/plat/arm/common/arm_bl2_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -18,16 +18,14 @@
#include <drivers/partition/partition.h>
#include <lib/fconf/fconf.h>
#include <lib/fconf/fconf_dyn_cfg_getter.h>
-#if ENABLE_RME
#include <lib/gpt_rme/gpt_rme.h>
-#endif /* ENABLE_RME */
#ifdef SPD_opteed
#include <lib/optee_utils.h>
#endif
#include <lib/utils.h>
#if ENABLE_RME
#include <plat/arm/common/arm_pas_def.h>
-#endif /* ENABLE_RME */
+#endif
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
@@ -131,7 +129,6 @@
}
#if ENABLE_RME
-
static void arm_bl2_plat_gpt_setup(void)
{
/*
@@ -171,7 +168,6 @@
panic();
}
}
-
#endif /* ENABLE_RME */
/*******************************************************************************
diff --git a/plat/arm/common/arm_bl31_setup.c b/plat/arm/common/arm_bl31_setup.c
index cf403b1..19efdd3 100644
--- a/plat/arm/common/arm_bl31_setup.c
+++ b/plat/arm/common/arm_bl31_setup.c
@@ -13,9 +13,7 @@
#include <drivers/console.h>
#include <lib/debugfs.h>
#include <lib/extensions/ras.h>
-#if ENABLE_RME
#include <lib/gpt_rme/gpt_rme.h>
-#endif
#include <lib/mmio.h>
#include <lib/xlat_tables/xlat_tables_compat.h>
#include <plat/arm/common/plat_arm.h>
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 7162ce9..4d5a56a 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -283,7 +283,7 @@
BL1_SOURCES += ${DYN_CFG_SOURCES}
BL2_SOURCES += ${DYN_CFG_SOURCES}
-ifeq (${BL2_AT_EL3},1)
+ifeq (${RESET_TO_BL2},1)
BL2_SOURCES += plat/arm/common/arm_bl2_el3_setup.c
endif
diff --git a/plat/arm/common/arm_dyn_cfg.c b/plat/arm/common/arm_dyn_cfg.c
index c88621e..99e2809 100644
--- a/plat/arm/common/arm_dyn_cfg.c
+++ b/plat/arm/common/arm_dyn_cfg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -8,20 +8,20 @@
#include <string.h>
#include <libfdt.h>
-#include <platform_def.h>
+#if CRYPTO_SUPPORT
+#include <mbedtls/version.h>
+#endif /* CRYPTO_SUPPORT */
#include <common/debug.h>
#include <common/desc_image_load.h>
#include <common/tbbr/tbbr_img_def.h>
-#if CRYPTO_SUPPORT
-#include MBEDTLS_CONFIG_FILE
-#endif /* CRYPTO_SUPPORT */
#include <lib/fconf/fconf.h>
#include <lib/fconf/fconf_dyn_cfg_getter.h>
#include <lib/fconf/fconf_tbbr_getter.h>
#include <plat/arm/common/arm_dyn_cfg_helpers.h>
#include <plat/arm/common/plat_arm.h>
+#include <platform_def.h>
#if CRYPTO_SUPPORT
@@ -45,9 +45,9 @@
assert(heap_addr != NULL);
assert(heap_size != NULL);
-#if defined(IMAGE_BL1) || BL2_AT_EL3 || defined(IMAGE_BL31)
+#if defined(IMAGE_BL1) || RESET_TO_BL2 || defined(IMAGE_BL31)
- /* If in BL1 or BL2_AT_EL3 define a heap */
+ /* If in BL1 or RESET_TO_BL2 define a heap */
static unsigned char heap[TF_MBEDTLS_HEAP_SIZE];
*heap_addr = heap;
diff --git a/plat/arm/common/arm_gicv3.c b/plat/arm/common/arm_gicv3.c
index 469e22a..1c95afb 100644
--- a/plat/arm/common/arm_gicv3.c
+++ b/plat/arm/common/arm_gicv3.c
@@ -48,8 +48,8 @@
* data in the designated EL3 Secure carve-out memory. The `used` attribute
* is used to prevent the compiler from removing the gicv3 contexts.
*/
-static gicv3_redist_ctx_t rdist_ctx __section("arm_el3_tzc_dram") __used;
-static gicv3_dist_ctx_t dist_ctx __section("arm_el3_tzc_dram") __used;
+static gicv3_redist_ctx_t rdist_ctx __section(".arm_el3_tzc_dram") __used;
+static gicv3_dist_ctx_t dist_ctx __section(".arm_el3_tzc_dram") __used;
/* Define accessor function to get reference to the GICv3 context */
DEFINE_LOAD_SYM_ADDR(rdist_ctx)
diff --git a/plat/arm/common/arm_pm.c b/plat/arm/common/arm_pm.c
index 5434c94..62cc8bb 100644
--- a/plat/arm/common/arm_pm.c
+++ b/plat/arm/common/arm_pm.c
@@ -191,7 +191,7 @@
* ARM_SHARED_RAM region.
*/
assert((PLAT_ARM_TRUSTED_MAILBOX_BASE >= ARM_SHARED_RAM_BASE) &&
- ((PLAT_ARM_TRUSTED_MAILBOX_BASE + sizeof(*mailbox)) <= \
+ ((PLAT_ARM_TRUSTED_MAILBOX_BASE + sizeof(*mailbox)) <=
(ARM_SHARED_RAM_BASE + ARM_SHARED_RAM_SIZE)));
}
diff --git a/plat/arm/common/fconf/fconf_ethosn_getter.c b/plat/arm/common/fconf/fconf_ethosn_getter.c
index 0b48a98..251471e 100644
--- a/plat/arm/common/fconf/fconf_ethosn_getter.c
+++ b/plat/arm/common/fconf/fconf_ethosn_getter.c
@@ -20,21 +20,6 @@
uint32_t stream_id;
};
-static bool fdt_node_is_enabled(const void *fdt, int node)
-{
- int len;
- const char *node_status;
-
- node_status = fdt_getprop(fdt, node, "status", &len);
- if (node_status == NULL ||
- (len == 5 && /* Includes null character */
- strncmp(node_status, "okay", 4U) == 0)) {
- return true;
- }
-
- return false;
-}
-
static bool fdt_node_has_reserved_memory(const void *fdt, int dev_node)
{
return fdt_get_property(fdt, dev_node, "memory-region", NULL) != NULL;
diff --git a/plat/arm/common/trp/arm_trp_setup.c b/plat/arm/common/trp/arm_trp_setup.c
index aeacd10..0406321 100644
--- a/plat/arm/common/trp/arm_trp_setup.c
+++ b/plat/arm/common/trp/arm_trp_setup.c
@@ -26,7 +26,7 @@
******************************************************************************/
static console_t arm_trp_runtime_console;
-static int arm_trp_process_manifest(rmm_manifest_t *manifest)
+static int arm_trp_process_manifest(struct rmm_manifest *manifest)
{
/* padding field on the manifest must be RES0 */
assert(manifest->padding == 0U);
@@ -38,12 +38,12 @@
}
trp_boot_manifest_version = manifest->version;
- flush_dcache_range((uintptr_t)manifest, sizeof(rmm_manifest_t));
+ flush_dcache_range((uintptr_t)manifest, sizeof(struct rmm_manifest));
return 0;
}
-void arm_trp_early_platform_setup(rmm_manifest_t *manifest)
+void arm_trp_early_platform_setup(struct rmm_manifest *manifest)
{
int rc;
@@ -66,10 +66,9 @@
console_set_scope(&arm_trp_runtime_console,
CONSOLE_FLAG_BOOT | CONSOLE_FLAG_RUNTIME);
-
}
-void trp_early_platform_setup(rmm_manifest_t *manifest)
+void trp_early_platform_setup(struct rmm_manifest *manifest)
{
arm_trp_early_platform_setup(manifest);
}
diff --git a/plat/arm/css/sgi/sgi_plat.c b/plat/arm/css/sgi/sgi_plat.c
index a0199c3..b8ba49f 100644
--- a/plat/arm/css/sgi/sgi_plat.c
+++ b/plat/arm/css/sgi/sgi_plat.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -64,7 +64,7 @@
#if SPM_MM
ARM_SP_IMAGE_MMAP,
#endif
-#if TRUSTED_BOARD_BOOT && !BL2_AT_EL3
+#if TRUSTED_BOARD_BOOT && !RESET_TO_BL2
ARM_MAP_BL1_RW,
#endif
{0}
diff --git a/plat/arm/css/sgi/sgi_plat_v2.c b/plat/arm/css/sgi/sgi_plat_v2.c
index cef5345..8d38108 100644
--- a/plat/arm/css/sgi/sgi_plat_v2.c
+++ b/plat/arm/css/sgi/sgi_plat_v2.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -57,7 +57,7 @@
#if SPM_MM
ARM_SP_IMAGE_MMAP,
#endif
-#if TRUSTED_BOARD_BOOT && !BL2_AT_EL3
+#if TRUSTED_BOARD_BOOT && !RESET_TO_BL2
ARM_MAP_BL1_RW,
#endif
{0}
diff --git a/plat/common/aarch32/platform_mp_stack.S b/plat/common/aarch32/platform_mp_stack.S
index 6c3d08d..314e87a 100644
--- a/plat/common/aarch32/platform_mp_stack.S
+++ b/plat/common/aarch32/platform_mp_stack.S
@@ -43,5 +43,5 @@
* stack of PLATFORM_STACK_SIZE bytes.
* -----------------------------------------------------
*/
-declare_stack platform_normal_stacks, tzfw_normal_stacks, \
+declare_stack platform_normal_stacks, .tzfw_normal_stacks, \
PLATFORM_STACK_SIZE, PLATFORM_CORE_COUNT
diff --git a/plat/common/aarch32/platform_up_stack.S b/plat/common/aarch32/platform_up_stack.S
index 836c13a..69e112f 100644
--- a/plat/common/aarch32/platform_up_stack.S
+++ b/plat/common/aarch32/platform_up_stack.S
@@ -43,5 +43,5 @@
* stack of PLATFORM_STACK_SIZE bytes.
* -----------------------------------------------------
*/
-declare_stack platform_normal_stacks, tzfw_normal_stacks, \
+declare_stack platform_normal_stacks, .tzfw_normal_stacks, \
PLATFORM_STACK_SIZE, 1, CACHE_WRITEBACK_GRANULE
diff --git a/plat/common/aarch64/plat_common.c b/plat/common/aarch64/plat_common.c
index 8ce1d6c..042916a 100644
--- a/plat/common/aarch64/plat_common.c
+++ b/plat/common/aarch64/plat_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -77,7 +77,7 @@
return "EL1";
}
-/* RAS functions common to AArch64 ARM platforms */
+/* Handler for External Aborts from lower EL including RAS errors */
void plat_default_ea_handler(unsigned int ea_reason, uint64_t syndrome, void *cookie,
void *handle, uint64_t flags)
{
@@ -93,12 +93,9 @@
ERROR("Unhandled External Abort received on 0x%lx from %s\n",
read_mpidr_el1(), get_el_str(level));
ERROR("exception reason=%u syndrome=0x%" PRIx64 "\n", ea_reason, syndrome);
-#if HANDLE_EA_EL3_FIRST_NS
- /* Skip backtrace for lower EL */
- if (level != MODE_EL3) {
- console_flush();
- do_panic();
- }
-#endif
- panic();
+
+ /* We reached here due to a panic from a lower EL and assuming this is the default
+ * platform registered handler that we could call on a lower EL panic.
+ */
+ lower_el_panic();
}
diff --git a/plat/common/aarch64/platform_mp_stack.S b/plat/common/aarch64/platform_mp_stack.S
index c0668ea..fa1ca22 100644
--- a/plat/common/aarch64/platform_mp_stack.S
+++ b/plat/common/aarch64/platform_mp_stack.S
@@ -56,6 +56,6 @@
* stack of PLATFORM_STACK_SIZE bytes.
* -----------------------------------------------------
*/
-declare_stack platform_normal_stacks, tzfw_normal_stacks, \
+declare_stack platform_normal_stacks, .tzfw_normal_stacks, \
PLATFORM_STACK_SIZE, PLATFORM_CORE_COUNT, \
CACHE_WRITEBACK_GRANULE
diff --git a/plat/common/aarch64/platform_up_stack.S b/plat/common/aarch64/platform_up_stack.S
index c6e5e2d..2c87219 100644
--- a/plat/common/aarch64/platform_up_stack.S
+++ b/plat/common/aarch64/platform_up_stack.S
@@ -46,5 +46,5 @@
* are allocated
* -----------------------------------------------------
*/
-declare_stack platform_normal_stacks, tzfw_normal_stacks, \
+declare_stack platform_normal_stacks, .tzfw_normal_stacks, \
PLATFORM_STACK_SIZE, 1, CACHE_WRITEBACK_GRANULE
diff --git a/plat/common/plat_spmd_manifest.c b/plat/common/plat_spmd_manifest.c
index b1fc13c..5f7d142 100644
--- a/plat/common/plat_spmd_manifest.c
+++ b/plat/common/plat_spmd_manifest.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -150,7 +150,7 @@
rc = mmap_add_dynamic_region((unsigned long long)pm_base_align,
pm_base_align,
PAGE_SIZE,
- MT_RO_DATA);
+ MT_RO_DATA | EL3_PAS);
if (rc != 0) {
ERROR("Error while mapping SPM Core manifest (%d).\n", rc);
return rc;
diff --git a/plat/hisilicon/hikey/platform.mk b/plat/hisilicon/hikey/platform.mk
index 2bfc582..807a915 100644
--- a/plat/hisilicon/hikey/platform.mk
+++ b/plat/hisilicon/hikey/platform.mk
@@ -1,11 +1,11 @@
#
-# Copyright (c) 2017-2022, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2017-2023, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
# Non-TF Boot ROM
-BL2_AT_EL3 := 1
+RESET_TO_BL2 := 1
# On Hikey, the TSP can execute from TZC secure area in DRAM (default)
# or SRAM.
diff --git a/plat/hisilicon/hikey960/hikey960_bl31_setup.c b/plat/hisilicon/hikey960/hikey960_bl31_setup.c
index 0debe1e..50751ee 100644
--- a/plat/hisilicon/hikey960/hikey960_bl31_setup.c
+++ b/plat/hisilicon/hikey960/hikey960_bl31_setup.c
@@ -183,7 +183,7 @@
#define SPMC_SHARED_MEMORY_OBJ_SIZE (512 * 1024)
-__section("ram2_region") uint8_t plat_spmc_shmem_datastore[SPMC_SHARED_MEMORY_OBJ_SIZE];
+__section(".ram2_region") uint8_t plat_spmc_shmem_datastore[SPMC_SHARED_MEMORY_OBJ_SIZE];
int plat_spmc_shmem_datastore_get(uint8_t **datastore, size_t *size)
{
diff --git a/plat/hisilicon/hikey960/include/plat.ld.S b/plat/hisilicon/hikey960/include/plat.ld.S
index 0cc25cd..f8bd376 100644
--- a/plat/hisilicon/hikey960/include/plat.ld.S
+++ b/plat/hisilicon/hikey960/include/plat.ld.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2022-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -14,8 +14,8 @@
SECTIONS
{
- ram2_region (NOLOAD) : {
- *(ram2_region)
+ .ram2_region (NOLOAD) : {
+ *(.ram2_region)
}>RAM2
}
diff --git a/plat/hisilicon/hikey960/platform.mk b/plat/hisilicon/hikey960/platform.mk
index 4c3c817..fd11a4d 100644
--- a/plat/hisilicon/hikey960/platform.mk
+++ b/plat/hisilicon/hikey960/platform.mk
@@ -1,11 +1,11 @@
#
-# Copyright (c) 2017-2022, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2017-2023, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
# Non-TF Boot ROM
-BL2_AT_EL3 := 1
+RESET_TO_BL2 := 1
# On Hikey960, the TSP can execute from TZC secure area in DRAM.
HIKEY960_TSP_RAM_LOCATION ?= dram
diff --git a/plat/imx/common/imx_sip_svc.c b/plat/imx/common/imx_sip_svc.c
index 11d02f3..6d6633c 100644
--- a/plat/imx/common/imx_sip_svc.c
+++ b/plat/imx/common/imx_sip_svc.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -33,6 +33,11 @@
case IMX_SIP_GET_SOC_INFO:
SMC_RET1(handle, imx_soc_info_handler(smc_fid, x1, x2, x3));
break;
+ case IMX_SIP_GPC:
+ SMC_RET1(handle, imx_gpc_handler(smc_fid, x1, x2, x3));
+ break;
+ case IMX_SIP_DDR_DVFS:
+ return dram_dvfs_handler(smc_fid, handle, x1, x2, x3);
#endif
#if defined(PLAT_imx8mm) || defined(PLAT_imx8mn) || defined(PLAT_imx8mp)
case IMX_SIP_DDR_DVFS:
diff --git a/plat/imx/common/imx_uart_console.S b/plat/imx/common/imx_uart_console.S
index ceeb3a7..4d17288 100644
--- a/plat/imx/common/imx_uart_console.S
+++ b/plat/imx/common/imx_uart_console.S
@@ -12,6 +12,7 @@
#define URXD 0x0 /* Receiver Register */
#define UTXD 0x40 /* Transmitter Register */
+#define USR2 0x98 /* UART Status Register 2 */
#define UTS 0xb4 /* UART Test Register (mx31) */
#define URXD_RX_DATA (0xFF)
@@ -53,13 +54,13 @@
1:
/* Check if the transmit FIFO is full */
ldr w2, [x1, #UTS]
- tbz w2, #6, 1b
+ tbnz w2, #4, 1b
mov w2, #0xD
str w2, [x1, #UTXD]
2:
/* Check if the transmit FIFO is full */
ldr w2, [x1, #UTS]
- tbz w2, #6, 2b
+ tbnz w2, #4, 2b
str w0, [x1, #UTXD]
ret
putc_error:
@@ -84,5 +85,13 @@
endfunc console_imx_uart_getc
func console_imx_uart_flush
+ ldr x0, [x0, #CONSOLE_T_BASE]
+ cbz x0, flush_exit
+1:
+ /* Wait for the transmit complete bit */
+ ldr w1, [x0, #USR2]
+ tbz w1, #3, 1b
+
+flush_exit:
ret
endfunc console_imx_uart_flush
diff --git a/plat/imx/common/include/imx_sip_svc.h b/plat/imx/common/include/imx_sip_svc.h
index 1f45985..0e91c71 100644
--- a/plat/imx/common/include/imx_sip_svc.h
+++ b/plat/imx/common/include/imx_sip_svc.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -55,6 +55,10 @@
#if defined(PLAT_imx8mq)
int imx_soc_info_handler(uint32_t smc_fid, u_register_t x1,
u_register_t x2, u_register_t x3);
+int imx_gpc_handler(uint32_t smc_fid, u_register_t x1,
+ u_register_t x2, u_register_t x3);
+int dram_dvfs_handler(uint32_t smc_fid, void *handle,
+ u_register_t x1, u_register_t x2, u_register_t x3);
#endif
#if defined(PLAT_imx8mm) || defined(PLAT_imx8mn) || defined(PLAT_imx8mp)
int dram_dvfs_handler(uint32_t smc_fid, void *handle,
diff --git a/plat/imx/common/sci/svc/pm/pm_rpc_clnt.c b/plat/imx/common/sci/svc/pm/pm_rpc_clnt.c
index 66a57a1..228cff8 100644
--- a/plat/imx/common/sci/svc/pm/pm_rpc_clnt.c
+++ b/plat/imx/common/sci/svc/pm/pm_rpc_clnt.c
@@ -412,8 +412,6 @@
RPC_SIZE(&msg) = 2U;
sc_call_rpc(ipc, &msg, SC_TRUE);
-
- return;
}
sc_err_t sc_pm_reboot_partition(sc_ipc_t ipc, sc_rm_pt_t pt,
diff --git a/plat/imx/common/sci/svc/rm/rm_rpc_clnt.c b/plat/imx/common/sci/svc/rm/rm_rpc_clnt.c
index 16771a5..2cea01f 100644
--- a/plat/imx/common/sci/svc/rm/rm_rpc_clnt.c
+++ b/plat/imx/common/sci/svc/rm/rm_rpc_clnt.c
@@ -632,8 +632,6 @@
RPC_SIZE(&msg) = 1U;
sc_call_rpc(ipc, &msg, SC_FALSE);
-
- return;
}
/**@}*/
diff --git a/plat/imx/imx7/picopi/platform.mk b/plat/imx/imx7/picopi/platform.mk
index 5901001..0267a8b 100644
--- a/plat/imx/imx7/picopi/platform.mk
+++ b/plat/imx/imx7/picopi/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2018-2023, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -22,7 +22,7 @@
RESET_TO_BL31 := 0
# Non-TF Boot ROM
-BL2_AT_EL3 := 1
+RESET_TO_BL2 := 1
# Indicate single-core
COLD_BOOT_SINGLE_CPU := 1
diff --git a/plat/imx/imx7/warp7/platform.mk b/plat/imx/imx7/warp7/platform.mk
index ea0f001..bd3d8d3 100644
--- a/plat/imx/imx7/warp7/platform.mk
+++ b/plat/imx/imx7/warp7/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2018-2023, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -22,7 +22,7 @@
RESET_TO_BL31 := 0
# Non-TF Boot ROM
-BL2_AT_EL3 := 1
+RESET_TO_BL2 := 1
# Indicate single-core
COLD_BOOT_SINGLE_CPU := 1
diff --git a/plat/imx/imx8m/ddr/clock.c b/plat/imx/imx8m/ddr/clock.c
index 7fb5730..8b132d2 100644
--- a/plat/imx/imx8m/ddr/clock.c
+++ b/plat/imx/imx8m/ddr/clock.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2018-2022 NXP
+ * Copyright 2018-2023 NXP
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -76,7 +76,7 @@
/* unbypass the PLL */
mmio_clrbits_32(HW_DRAM_PLL_CFG0, 0x30);
- while (!(mmio_read_32(HW_DRAM_PLL_CFG0) & (1 << 31))) {
+ while (!(mmio_read_32(HW_DRAM_PLL_CFG0) & BIT(31))) {
;
}
}
@@ -88,6 +88,12 @@
mmio_clrbits_32(DRAM_PLL_CTRL, (1 << 9));
switch (drate) {
+ case 4000:
+ mmio_write_32(DRAM_PLL_CTRL + 0x4, (250 << 12) | (3 << 4) | 1);
+ break;
+ case 3200:
+ mmio_write_32(DRAM_PLL_CTRL + 0x4, (200 << 12) | (3 << 4) | 1);
+ break;
case 2400:
mmio_write_32(DRAM_PLL_CTRL + 0x4, (300 << 12) | (3 << 4) | 2);
break;
diff --git a/plat/imx/imx8m/ddr/ddr4_dvfs.c b/plat/imx/imx8m/ddr/ddr4_dvfs.c
index cdc7dc2..94bfaba 100644
--- a/plat/imx/imx8m/ddr/ddr4_dvfs.c
+++ b/plat/imx/imx8m/ddr/ddr4_dvfs.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2018-2022 NXP
+ * Copyright 2018-2023 NXP
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -9,7 +9,8 @@
#include <dram.h>
-void ddr4_mr_write(uint32_t mr, uint32_t data, uint32_t mr_type, uint32_t rank)
+void ddr4_mr_write(uint32_t mr, uint32_t data, uint32_t mr_type,
+ uint32_t rank, uint32_t dram_type)
{
uint32_t val, mr_mirror, data_mirror;
@@ -17,20 +18,40 @@
* 1. Poll MRSTAT.mr_wr_busy until it is 0 to make sure
* that there is no outstanding MR transAction.
*/
- while (mmio_read_32(DDRC_MRSTAT(0)) & 0x1) {
- ;
- }
/*
+ * ERR050712:
+ * When performing a software driven MR access, the following sequence
+ * must be done automatically before performing other APB register accesses.
+ * 1. Set MRCTRL0.mr_wr=1
+ * 2. Check for MRSTAT.mr_wr_busy=0. If not, go to step (2)
+ * 3. Check for MRSTAT.mr_wr_busy=0 again (for the second time). If not, go to step (2)
+ */
+ mmio_setbits_32(DDRC_MRCTRL0(0), BIT(31));
+
+ do {
+ while (mmio_read_32(DDRC_MRSTAT(0)) & 0x1) {
+ ;
+ }
+
+ } while (mmio_read_32(DDRC_MRSTAT(0)) & 0x1);
+
+ /*
* 2. Write the MRCTRL0.mr_type, MRCTRL0.mr_addr, MRCTRL0.mr_rank
* and (for MRWs) MRCTRL1.mr_data to define the MR transaction.
*/
val = mmio_read_32(DDRC_DIMMCTL(0));
if ((val & 0x2) && (rank == 0x2)) {
mr_mirror = (mr & 0x4) | ((mr & 0x1) << 1) | ((mr & 0x2) >> 1); /* BA0, BA1 swap */
- data_mirror = (data & 0x1607) | ((data & 0x8) << 1) | ((data & 0x10) >> 1) |
+ if (dram_type == DDRC_DDR4) {
+ data_mirror = (data & 0x1607) | ((data & 0x8) << 1) | ((data & 0x10) >> 1) |
((data & 0x20) << 1) | ((data & 0x40) >> 1) | ((data & 0x80) << 1) |
- ((data & 0x100) >> 1) | ((data & 0x800) << 2) | ((data & 0x2000) >> 2) ;
+ ((data & 0x100) >> 1) | ((data & 0x800) << 2) | ((data & 0x2000) >> 2) ;
+ } else {
+ data_mirror = (data & 0xfe07) | ((data & 0x8) << 1) | ((data & 0x10) >> 1) |
+ ((data & 0x20) << 1) | ((data & 0x40) >> 1) | ((data & 0x80) << 1) |
+ ((data & 0x100) >> 1);
+ }
} else {
mr_mirror = mr;
data_mirror = data;
@@ -56,6 +77,7 @@
void dram_cfg_all_mr(struct dram_info *info, uint32_t pstate)
{
uint32_t num_rank = info->num_rank;
+ uint32_t dram_type = info->dram_type;
/*
* 15. Perform MRS commands as required to re-program
* timing registers in the SDRAM for the new frequency
@@ -64,9 +86,9 @@
for (int i = 1; i <= num_rank; i++) {
for (int j = 0; j < 6; j++) {
- ddr4_mr_write(j, info->mr_table[pstate][j], 0, i);
+ ddr4_mr_write(j, info->mr_table[pstate][j], 0, i, dram_type);
}
- ddr4_mr_write(6, info->mr_table[pstate][7], 0, i);
+ ddr4_mr_write(6, info->mr_table[pstate][7], 0, i, dram_type);
}
}
@@ -189,8 +211,8 @@
* 12. Wait until STAT.operating_mode[1:0]!=11 indicating that the
* controller is not in self-refresh mode.
*/
- while ((mmio_read_32(DDRC_STAT(0)) & 0x3) == 0x3) {
- ;
+ if ((mmio_read_32(DDRC_STAT(0)) & 0x3) == 0x3) {
+ VERBOSE("DRAM is in Self Refresh\n");
}
/*
diff --git a/plat/imx/imx8m/ddr/dram.c b/plat/imx/imx8m/ddr/dram.c
index 8ea9ba1..b5f6973 100644
--- a/plat/imx/imx8m/ddr/dram.c
+++ b/plat/imx/imx8m/ddr/dram.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2022 NXP
+ * Copyright 2019-2023 NXP
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -11,6 +11,7 @@
#include <plat/common/platform.h>
#include <dram.h>
+#include <gpc.h>
#define IMX_SIP_DDR_DVFS_GET_FREQ_COUNT 0x10
#define IMX_SIP_DDR_DVFS_GET_FREQ_INFO 0x11
@@ -20,6 +21,11 @@
/* lock used for DDR DVFS */
spinlock_t dfs_lock;
+#if defined(PLAT_imx8mq)
+/* ocram used to dram timing */
+static uint8_t dram_timing_saved[13 * 1024] __aligned(8);
+#endif
+
static volatile uint32_t wfe_done;
static volatile bool wait_ddrc_hwffc_done = true;
static unsigned int dev_fsp = 0x1;
@@ -30,6 +36,64 @@
{ DDRC_FREQ2_INIT3(0), DDRC_FREQ2_INIT4(0), DDRC_FREQ2_INIT6(0), DDRC_FREQ2_INIT7(0) },
};
+#if defined(PLAT_imx8mq)
+static inline struct dram_cfg_param *get_cfg_ptr(void *ptr,
+ void *old_base, void *new_base)
+{
+ uintptr_t offset = (uintptr_t)ptr & ~((uintptr_t)old_base);
+
+ return (struct dram_cfg_param *)(offset + new_base);
+}
+
+/* copy the dram timing info from DRAM to OCRAM */
+void imx8mq_dram_timing_copy(struct dram_timing_info *from)
+{
+ struct dram_timing_info *info = (struct dram_timing_info *)dram_timing_saved;
+
+ /* copy the whole 13KB content used for dram timing info */
+ memcpy(dram_timing_saved, from, sizeof(dram_timing_saved));
+
+ /* correct the header after copied into ocram */
+ info->ddrc_cfg = get_cfg_ptr(info->ddrc_cfg, from, dram_timing_saved);
+ info->ddrphy_cfg = get_cfg_ptr(info->ddrphy_cfg, from, dram_timing_saved);
+ info->ddrphy_trained_csr = get_cfg_ptr(info->ddrphy_trained_csr, from, dram_timing_saved);
+ info->ddrphy_pie = get_cfg_ptr(info->ddrphy_pie, from, dram_timing_saved);
+}
+#endif
+
+#if defined(PLAT_imx8mp)
+static uint32_t lpddr4_mr_read(unsigned int mr_rank, unsigned int mr_addr)
+{
+ unsigned int tmp, drate_byte;
+
+ tmp = mmio_read_32(DRC_PERF_MON_MRR0_DAT(0));
+ mmio_write_32(DRC_PERF_MON_MRR0_DAT(0), tmp | 0x1);
+ do {
+ tmp = mmio_read_32(DDRC_MRSTAT(0));
+ } while (tmp & 0x1);
+
+ mmio_write_32(DDRC_MRCTRL0(0), (mr_rank << 4) | 0x1);
+ mmio_write_32(DDRC_MRCTRL1(0), (mr_addr << 8));
+ mmio_write_32(DDRC_MRCTRL0(0), (mr_rank << 4) | BIT(31) | 0x1);
+
+ /* Workaround for SNPS STAR 9001549457 */
+ do {
+ tmp = mmio_read_32(DDRC_MRSTAT(0));
+ } while (tmp & 0x1);
+
+ do {
+ tmp = mmio_read_32(DRC_PERF_MON_MRR0_DAT(0));
+ } while (!(tmp & 0x8));
+ tmp = mmio_read_32(DRC_PERF_MON_MRR1_DAT(0));
+
+ drate_byte = (mmio_read_32(DDRC_DERATEEN(0)) >> 4) & 0xff;
+ tmp = (tmp >> (drate_byte * 8)) & 0xff;
+ mmio_write_32(DRC_PERF_MON_MRR0_DAT(0), 0x4);
+
+ return tmp;
+}
+#endif
+
static void get_mr_values(uint32_t (*mr_value)[8])
{
uint32_t init_val;
@@ -41,9 +105,38 @@
mr_value[fsp_index][2*i] = init_val >> 16;
mr_value[fsp_index][2*i + 1] = init_val & 0xFFFF;
}
+
+#if defined(PLAT_imx8mp)
+ if (dram_info.dram_type == DDRC_LPDDR4) {
+ mr_value[fsp_index][5] = lpddr4_mr_read(1, MR12); /* read MR12 from DRAM */
+ mr_value[fsp_index][7] = lpddr4_mr_read(1, MR14); /* read MR14 from DRAM */
+ }
+#endif
}
}
+static void save_rank_setting(void)
+{
+ uint32_t i, offset;
+ uint32_t pstate_num = dram_info.num_fsp;
+
+ /* only support maximum 3 setpoints */
+ pstate_num = (pstate_num > MAX_FSP_NUM) ? MAX_FSP_NUM : pstate_num;
+
+ for (i = 0U; i < pstate_num; i++) {
+ offset = i ? (i + 1) * 0x1000 : 0U;
+ dram_info.rank_setting[i][0] = mmio_read_32(DDRC_DRAMTMG2(0) + offset);
+ if (dram_info.dram_type != DDRC_LPDDR4) {
+ dram_info.rank_setting[i][1] = mmio_read_32(DDRC_DRAMTMG9(0) + offset);
+ }
+#if !defined(PLAT_imx8mq)
+ dram_info.rank_setting[i][2] = mmio_read_32(DDRC_RANKCTL(0) + offset);
+#endif
+ }
+#if defined(PLAT_imx8mq)
+ dram_info.rank_setting[0][2] = mmio_read_32(DDRC_RANKCTL(0));
+#endif
+}
/* Restore the ddrc configs */
void dram_umctl2_init(struct dram_timing_info *timing)
{
@@ -129,13 +222,19 @@
ddrc_mstr = mmio_read_32(DDRC_MSTR(0));
dram_info.dram_type = ddrc_mstr & DDR_TYPE_MASK;
- dram_info.num_rank = (ddrc_mstr >> 24) & ACTIVE_RANK_MASK;
+ dram_info.num_rank = ((ddrc_mstr >> 24) & ACTIVE_RANK_MASK) == 0x3 ?
+ DDRC_ACTIVE_TWO_RANK : DDRC_ACTIVE_ONE_RANK;
/* Get current fsp info */
- current_fsp = mmio_read_32(DDRC_DFIMISC(0)) & 0xf;
+ current_fsp = mmio_read_32(DDRC_DFIMISC(0));
+ current_fsp = (current_fsp >> 8) & 0xf;
dram_info.boot_fsp = current_fsp;
dram_info.current_fsp = current_fsp;
+#if defined(PLAT_imx8mq)
+ imx8mq_dram_timing_copy((struct dram_timing_info *)dram_timing_base);
+ dram_timing_base = (unsigned long) dram_timing_saved;
+#endif
get_mr_values(dram_info.mr_table);
dram_info.timing_info = (struct dram_timing_info *)dram_timing_base;
@@ -147,7 +246,17 @@
}
idx = i;
}
- dram_info.num_fsp = i;
+
+ /* only support maximum 3 setpoints */
+ dram_info.num_fsp = (i > MAX_FSP_NUM) ? MAX_FSP_NUM : i;
+
+ /* no valid fsp table, return directly */
+ if (i == 0U) {
+ return;
+ }
+
+ /* save the DRAMTMG2/9 for rank to rank workaround */
+ save_rank_setting();
/* check if has bypass mode support */
if (dram_info.timing_info->fsp_table[idx] < 666) {
@@ -162,8 +271,18 @@
if (rc != 0) {
panic();
}
-}
+ if (dram_info.dram_type == DDRC_LPDDR4 && current_fsp != 0x0) {
+ /* flush the L1/L2 cache */
+ dcsw_op_all(DCCSW);
+ lpddr4_swffc(&dram_info, dev_fsp, 0x0);
+ dev_fsp = (~dev_fsp) & 0x1;
+ } else if (current_fsp != 0x0) {
+ /* flush the L1/L2 cache */
+ dcsw_op_all(DCCSW);
+ ddr4_swffc(&dram_info, 0x0);
+ }
+}
/*
* For each freq return the following info:
@@ -222,7 +341,7 @@
SMC_RET1(handle, dram_info.num_fsp);
} else if (x1 == IMX_SIP_DDR_DVFS_GET_FREQ_INFO) {
return dram_dvfs_get_freq_info(handle, x2);
- } else if (x1 < 4) {
+ } else if (x1 < 3U) {
wait_ddrc_hwffc_done = true;
dsb();
@@ -232,7 +351,13 @@
plat_ic_raise_el3_sgi(0x8, i);
}
}
-
+#if defined(PLAT_imx8mq)
+ for (unsigned int i = 0; i < PLATFORM_CORE_COUNT; i++) {
+ if (i != cpu_id && online_cores & (1 << (i * 8))) {
+ imx_gpc_core_wake(1 << i);
+ }
+ }
+#endif
/* make sure all the core in WFE */
online_cores &= ~(0x1 << (cpu_id * 8));
while (1) {
@@ -247,7 +372,7 @@
if (dram_info.dram_type == DDRC_LPDDR4) {
lpddr4_swffc(&dram_info, dev_fsp, fsp_index);
dev_fsp = (~dev_fsp) & 0x1;
- } else if (dram_info.dram_type == DDRC_DDR4) {
+ } else {
ddr4_swffc(&dram_info, fsp_index);
}
diff --git a/plat/imx/imx8m/ddr/dram_retention.c b/plat/imx/imx8m/ddr/dram_retention.c
index 7d4f823..983f6e2 100644
--- a/plat/imx/imx8m/ddr/dram_retention.c
+++ b/plat/imx/imx8m/ddr/dram_retention.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2018-2022 NXP
+ * Copyright 2018-2023 NXP
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -18,13 +18,38 @@
#define GPC_PU_PWRHSK (IMX_GPC_BASE + 0x01FC)
#define CCM_SRC_CTRL_OFFSET (IMX_CCM_BASE + 0x800)
#define CCM_CCGR_OFFSET (IMX_CCM_BASE + 0x4000)
+#define CCM_TARGET_ROOT_OFFSET (IMX_CCM_BASE + 0x8000)
#define CCM_SRC_CTRL(n) (CCM_SRC_CTRL_OFFSET + 0x10 * (n))
#define CCM_CCGR(n) (CCM_CCGR_OFFSET + 0x10 * (n))
-
-#define DRAM_PLL_CTRL (IMX_ANAMIX_BASE + 0x50)
+#define CCM_TARGET_ROOT(n) (CCM_TARGET_ROOT_OFFSET + 0x80 * (n))
#define DBGCAM_EMPTY 0x36000000
+static void rank_setting_update(void)
+{
+ uint32_t i, offset;
+ uint32_t pstate_num = dram_info.num_fsp;
+
+ /* only support maximum 3 setpoints */
+ pstate_num = (pstate_num > MAX_FSP_NUM) ? MAX_FSP_NUM : pstate_num;
+
+ for (i = 0U; i < pstate_num; i++) {
+ offset = i ? (i + 1) * 0x1000 : 0U;
+ mmio_write_32(DDRC_DRAMTMG2(0) + offset, dram_info.rank_setting[i][0]);
+ if (dram_info.dram_type != DDRC_LPDDR4) {
+ mmio_write_32(DDRC_DRAMTMG9(0) + offset, dram_info.rank_setting[i][1]);
+ }
+
+#if !defined(PLAT_imx8mq)
+ mmio_write_32(DDRC_RANKCTL(0) + offset,
+ dram_info.rank_setting[i][2]);
+#endif
+ }
+#if defined(PLAT_imx8mq)
+ mmio_write_32(DDRC_RANKCTL(0), dram_info.rank_setting[0][2]);
+#endif
+}
+
void dram_enter_retention(void)
{
/* Wait DBGCAM to be empty */
@@ -120,6 +145,10 @@
mmio_write_32(CCM_CCGR(5), 2);
mmio_write_32(CCM_SRC_CTRL(15), 2);
+ /* change the clock source of dram_apb_clk_root */
+ mmio_write_32(CCM_TARGET_ROOT(65) + 0x8, (0x7 << 24) | (0x7 << 16));
+ mmio_write_32(CCM_TARGET_ROOT(65) + 0x4, (0x4 << 24) | (0x3 << 16));
+
/* disable iso */
mmio_setbits_32(IMX_GPC_BASE + PU_PGC_UP_TRG, BIT(5));
mmio_write_32(SRC_DDR1_RCR, 0x8F000006);
@@ -157,6 +186,9 @@
/* dram phy re-init */
dram_phy_init(dram_info.timing_info);
+ /* workaround for rank-to-rank issue */
+ rank_setting_update();
+
/* DWC_DDRPHYA_APBONLY0_MicroContMuxSel */
dwc_ddrphy_apb_wr(0xd0000, 0x0);
while (dwc_ddrphy_apb_rd(0x20097)) {
diff --git a/plat/imx/imx8m/ddr/lpddr4_dvfs.c b/plat/imx/imx8m/ddr/lpddr4_dvfs.c
index 2b4f300..2f5f7b5 100644
--- a/plat/imx/imx8m/ddr/lpddr4_dvfs.c
+++ b/plat/imx/imx8m/ddr/lpddr4_dvfs.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2018-2022 NXP
+ * Copyright 2018-2023 NXP
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -37,6 +37,7 @@
uint32_t val;
uint32_t derate_backup[3];
uint32_t (*mr_data)[8];
+ uint32_t phy_master;
/* 1. program targetd UMCTL2_REGS_FREQ1/2/3,already done, skip it. */
@@ -57,6 +58,8 @@
/* 12. set PWRCTL.selfref_en=0 */
mmio_clrbits_32(DDRC_PWRCTL(0), 0xf);
+ phy_master = mmio_read_32(DDRC_DFIPHYMSTR(0));
+
/* It is more safe to config it here */
mmio_clrbits_32(DDRC_DFIPHYMSTR(0), 0x1);
@@ -225,8 +228,8 @@
emr3 = (emr3 & 0x00f7) | 0x0d00;
lpddr4_mr_write(3, 13, emr3);
- /* enable PHY master */
- mmio_write_32(DDRC_DFIPHYMSTR(0), 0x1);
+ /* restore the PHY master */
+ mmio_write_32(DDRC_DFIPHYMSTR(0), phy_master);
/* 32. issue ZQ if required: zq_calib_short, bit 4 */
/* polling zq_calib_short_busy */
diff --git a/plat/imx/imx8m/gpc_common.c b/plat/imx/imx8m/gpc_common.c
index e674d7a..32a35ef 100644
--- a/plat/imx/imx8m/gpc_common.c
+++ b/plat/imx/imx8m/gpc_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -29,6 +29,10 @@
#pragma weak imx_set_cpu_pwr_on
#pragma weak imx_set_cpu_lpm
#pragma weak imx_set_cluster_powerdown
+#pragma weak imx_set_sys_wakeup
+#pragma weak imx_noc_slot_config
+#pragma weak imx_gpc_handler
+#pragma weak imx_anamix_override
void imx_set_cpu_secure_entry(unsigned int core_id, uintptr_t sec_entrypoint)
{
@@ -211,7 +215,6 @@
}
}
-#pragma weak imx_noc_slot_config
/*
* this function only need to be override by platform
* that support noc power down, for example: imx8mm.
@@ -233,7 +236,7 @@
if (retention)
val |= (SLPCR_EN_DSM | SLPCR_VSTBY | SLPCR_SBYOS |
- SLPCR_BYPASS_PMIC_READY | SLPCR_A53_FASTWUP_STOP_MODE);
+ SLPCR_BYPASS_PMIC_READY);
mmio_write_32(IMX_GPC_BASE + SLPCR, val);
@@ -256,11 +259,6 @@
(0x3f << SLPCR_RBC_COUNT_SHIFT));
}
-struct pll_override {
- uint32_t reg;
- uint32_t override_mask;
-};
-
struct pll_override pll[MAX_PLL_NUM] = {
{.reg = 0x0, .override_mask = (1 << 12) | (1 << 8), },
{.reg = 0x14, .override_mask = (1 << 12) | (1 << 8), },
diff --git a/plat/imx/imx8m/imx8m_psci_common.c b/plat/imx/imx8m/imx8m_psci_common.c
index 8f545d6..48eb8a6 100644
--- a/plat/imx/imx8m/imx8m_psci_common.c
+++ b/plat/imx/imx8m/imx8m_psci_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -24,6 +24,7 @@
* reuse below ones.
*/
#pragma weak imx_validate_power_state
+#pragma weak imx_pwr_domain_off
#pragma weak imx_domain_suspend
#pragma weak imx_domain_suspend_finish
#pragma weak imx_get_sys_suspend_power_state
diff --git a/plat/imx/imx8m/imx8mm/platform.mk b/plat/imx/imx8m/imx8mm/platform.mk
index 7a42554..24582f8 100644
--- a/plat/imx/imx8m/imx8mm/platform.mk
+++ b/plat/imx/imx8m/imx8mm/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2019-2022, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2019-2023, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -101,7 +101,7 @@
$(eval $(call add_define,NEED_BL2))
LOAD_IMAGE_V2 := 1
# Non-TF Boot ROM
-BL2_AT_EL3 := 1
+RESET_TO_BL2 := 1
endif
ifneq (${TRUSTED_BOARD_BOOT},0)
diff --git a/plat/imx/imx8m/imx8mp/include/platform_def.h b/plat/imx/imx8m/imx8mp/include/platform_def.h
index 14cb709..1281270 100644
--- a/plat/imx/imx8m/imx8mp/include/platform_def.h
+++ b/plat/imx/imx8m/imx8mp/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2022 NXP
+ * Copyright 2020-2023 NXP
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -112,7 +112,7 @@
#define IMX_DDRC_BASE U(0x3d400000)
#define IMX_DDRPHY_BASE U(0x3c000000)
#define IMX_DDR_IPS_BASE U(0x3d000000)
-#define IMX_DDR_IPS_SIZE U(0x1800000)
+#define IMX_DDR_IPS_SIZE U(0x1900000)
#define IMX_ROM_BASE U(0x0)
#define IMX_ROM_SIZE U(0x40000)
#define IMX_NS_OCRAM_BASE U(0x900000)
diff --git a/plat/imx/imx8m/imx8mp/platform.mk b/plat/imx/imx8m/imx8mp/platform.mk
index 5414c0a..1102316 100644
--- a/plat/imx/imx8m/imx8mp/platform.mk
+++ b/plat/imx/imx8m/imx8mp/platform.mk
@@ -98,7 +98,7 @@
$(eval $(call add_define,NEED_BL2))
LOAD_IMAGE_V2 := 1
# Non-TF Boot ROM
-BL2_AT_EL3 := 1
+RESET_TO_BL2 := 1
endif
ifneq (${TRUSTED_BOARD_BOOT},0)
diff --git a/plat/imx/imx8m/imx8mq/gpc.c b/plat/imx/imx8m/imx8mq/gpc.c
index fa83324..0a029d6 100644
--- a/plat/imx/imx8m/imx8mq/gpc.c
+++ b/plat/imx/imx8m/imx8mq/gpc.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -8,14 +8,210 @@
#include <stdint.h>
#include <stdbool.h>
+#include <arch_helpers.h>
#include <common/debug.h>
#include <drivers/delay_timer.h>
#include <lib/mmio.h>
#include <lib/psci/psci.h>
-#include <platform_def.h>
+#include <lib/smccc.h>
+#include <lib/spinlock.h>
+#include <plat/common/platform.h>
#include <services/std_svc.h>
#include <gpc.h>
+#include <platform_def.h>
+
+#define FSL_SIP_CONFIG_GPC_MASK U(0x00)
+#define FSL_SIP_CONFIG_GPC_UNMASK U(0x01)
+#define FSL_SIP_CONFIG_GPC_SET_WAKE U(0x02)
+#define FSL_SIP_CONFIG_GPC_PM_DOMAIN U(0x03)
+#define FSL_SIP_CONFIG_GPC_SET_AFF U(0x04)
+#define FSL_SIP_CONFIG_GPC_CORE_WAKE U(0x05)
+
+#define MAX_HW_IRQ_NUM U(128)
+#define MAX_IMR_NUM U(4)
+
+static uint32_t gpc_saved_imrs[16];
+static uint32_t gpc_wake_irqs[4];
+static uint32_t gpc_imr_offset[] = {
+ IMX_GPC_BASE + IMR1_CORE0_A53,
+ IMX_GPC_BASE + IMR1_CORE1_A53,
+ IMX_GPC_BASE + IMR1_CORE2_A53,
+ IMX_GPC_BASE + IMR1_CORE3_A53,
+ IMX_GPC_BASE + IMR1_CORE0_M4,
+};
+
+spinlock_t gpc_imr_lock[4];
+
+static void gpc_imr_core_spin_lock(unsigned int core_id)
+{
+ spin_lock(&gpc_imr_lock[core_id]);
+}
+
+static void gpc_imr_core_spin_unlock(unsigned int core_id)
+{
+ spin_unlock(&gpc_imr_lock[core_id]);
+}
+
+static void gpc_save_imr_lpm(unsigned int core_id, unsigned int imr_idx)
+{
+ uint32_t reg = gpc_imr_offset[core_id] + imr_idx * 4;
+
+ gpc_imr_core_spin_lock(core_id);
+
+ gpc_saved_imrs[core_id + imr_idx * 4] = mmio_read_32(reg);
+ mmio_write_32(reg, ~gpc_wake_irqs[imr_idx]);
+
+ gpc_imr_core_spin_unlock(core_id);
+}
+
+static void gpc_restore_imr_lpm(unsigned int core_id, unsigned int imr_idx)
+{
+ uint32_t reg = gpc_imr_offset[core_id] + imr_idx * 4;
+ uint32_t val = gpc_saved_imrs[core_id + imr_idx * 4];
+
+ gpc_imr_core_spin_lock(core_id);
+
+ mmio_write_32(reg, val);
+
+ gpc_imr_core_spin_unlock(core_id);
+}
+
+/*
+ * On i.MX8MQ, only in system suspend mode, the A53 cluster can
+ * enter LPM mode and shutdown the A53 PLAT power domain. So LPM
+ * wakeup only used for system suspend. when system enter suspend,
+ * any A53 CORE can be the last core to suspend the system, But
+ * the LPM wakeup can only use the C0's IMR to wakeup A53 cluster
+ * from LPM, so save C0's IMRs before suspend, restore back after
+ * resume.
+ */
+void imx_set_sys_wakeup(unsigned int last_core, bool pdn)
+{
+ unsigned int imr, core;
+
+ if (pdn) {
+ for (imr = 0U; imr < MAX_IMR_NUM; imr++) {
+ for (core = 0U; core < PLATFORM_CORE_COUNT; core++) {
+ gpc_save_imr_lpm(core, imr);
+ }
+ }
+ } else {
+ for (imr = 0U; imr < MAX_IMR_NUM; imr++) {
+ for (core = 0U; core < PLATFORM_CORE_COUNT; core++) {
+ gpc_restore_imr_lpm(core, imr);
+ }
+ }
+ }
+}
+
+static void imx_gpc_hwirq_mask(unsigned int hwirq)
+{
+ uintptr_t reg;
+ unsigned int val;
+
+ if (hwirq >= MAX_HW_IRQ_NUM) {
+ return;
+ }
+
+ gpc_imr_core_spin_lock(0);
+ reg = gpc_imr_offset[0] + (hwirq / 32) * 4;
+ val = mmio_read_32(reg);
+ val |= 1 << hwirq % 32;
+ mmio_write_32(reg, val);
+ gpc_imr_core_spin_unlock(0);
+}
+
+static void imx_gpc_hwirq_unmask(unsigned int hwirq)
+{
+ uintptr_t reg;
+ unsigned int val;
+
+ if (hwirq >= MAX_HW_IRQ_NUM) {
+ return;
+ }
+
+ gpc_imr_core_spin_lock(0);
+ reg = gpc_imr_offset[0] + (hwirq / 32) * 4;
+ val = mmio_read_32(reg);
+ val &= ~(1 << hwirq % 32);
+ mmio_write_32(reg, val);
+ gpc_imr_core_spin_unlock(0);
+}
+
+static void imx_gpc_set_wake(uint32_t hwirq, bool on)
+{
+ uint32_t mask, idx;
+
+ if (hwirq >= MAX_HW_IRQ_NUM) {
+ return;
+ }
+
+ mask = 1 << hwirq % 32;
+ idx = hwirq / 32;
+ gpc_wake_irqs[idx] = on ? gpc_wake_irqs[idx] | mask :
+ gpc_wake_irqs[idx] & ~mask;
+}
+
+static void imx_gpc_mask_irq0(uint32_t core_id, uint32_t mask)
+{
+ gpc_imr_core_spin_lock(core_id);
+ if (mask) {
+ mmio_setbits_32(gpc_imr_offset[core_id], 1);
+ } else {
+ mmio_clrbits_32(gpc_imr_offset[core_id], 1);
+ }
+
+ dsb();
+ gpc_imr_core_spin_unlock(core_id);
+}
+
+void imx_gpc_core_wake(uint32_t cpumask)
+{
+ for (int i = 0; i < PLATFORM_CORE_COUNT; i++) {
+ if (cpumask & (1 << i)) {
+ imx_gpc_mask_irq0(i, false);
+ }
+ }
+}
+
+void imx_gpc_set_a53_core_awake(uint32_t core_id)
+{
+ imx_gpc_mask_irq0(core_id, true);
+}
+
+static void imx_gpc_set_affinity(uint32_t hwirq, unsigned int cpu_idx)
+{
+ uintptr_t reg;
+ unsigned int val;
+
+ if (hwirq >= MAX_HW_IRQ_NUM || cpu_idx >= 4) {
+ return;
+ }
+
+ /*
+ * using the mask/unmask bit as affinity function.unmask the
+ * IMR bit to enable IRQ wakeup for this core.
+ */
+ gpc_imr_core_spin_lock(cpu_idx);
+ reg = gpc_imr_offset[cpu_idx] + (hwirq / 32) * 4;
+ val = mmio_read_32(reg);
+ val &= ~(1 << hwirq % 32);
+ mmio_write_32(reg, val);
+ gpc_imr_core_spin_unlock(cpu_idx);
+
+ /* clear affinity of other core */
+ for (int i = 0; i < PLATFORM_CORE_COUNT; i++) {
+ if (cpu_idx != i) {
+ gpc_imr_core_spin_lock(i);
+ reg = gpc_imr_offset[i] + (hwirq / 32) * 4;
+ val = mmio_read_32(reg);
+ val |= (1 << hwirq % 32);
+ mmio_write_32(reg, val);
+ gpc_imr_core_spin_unlock(i);
+ }
+ }
+}
/* use wfi power down the core */
void imx_set_cpu_pwr_off(unsigned int core_id)
@@ -65,7 +261,7 @@
mmio_setbits_32(IMX_GPC_BASE + SLTx_CFG(2), SLT_COREx_PUP(last_core));
/* ACK setting: PLAT ACK for PDN, CORE ACK for PUP */
mmio_clrsetbits_32(IMX_GPC_BASE + PGC_ACK_SEL_A53, 0xFFFFFFFF,
- A53_PLAT_PDN_ACK | A53_PLAT_PUP_ACK);
+ A53_PLAT_PDN_ACK | SLT_COREx_PUP_ACK(last_core));
} else {
mmio_clrbits_32(IMX_GPC_BASE + SLTx_CFG(0), 0xFFFFFFFF);
mmio_clrbits_32(IMX_GPC_BASE + SLTx_CFG(1), 0xFFFFFFFF);
@@ -124,26 +320,89 @@
}
}
+#define MAX_PLL_NUM U(12)
+
+static const struct pll_override imx8mq_pll[MAX_PLL_NUM] = {
+ {.reg = 0x0, .override_mask = 0x140000, },
+ {.reg = 0x8, .override_mask = 0x140000, },
+ {.reg = 0x10, .override_mask = 0x140000, },
+ {.reg = 0x18, .override_mask = 0x140000, },
+ {.reg = 0x20, .override_mask = 0x140000, },
+ {.reg = 0x28, .override_mask = 0x140000, },
+ {.reg = 0x30, .override_mask = 0x1555540, },
+ {.reg = 0x3c, .override_mask = 0x1555540, },
+ {.reg = 0x48, .override_mask = 0x140, },
+ {.reg = 0x54, .override_mask = 0x140, },
+ {.reg = 0x60, .override_mask = 0x140, },
+ {.reg = 0x70, .override_mask = 0xa, },
+};
+
+void imx_anamix_override(bool enter)
+{
+ unsigned int i;
+
+ /* enable the pll override bit before entering DSM mode */
+ for (i = 0; i < MAX_PLL_NUM; i++) {
+ if (enter) {
+ mmio_setbits_32(IMX_ANAMIX_BASE + imx8mq_pll[i].reg,
+ imx8mq_pll[i].override_mask);
+ } else {
+ mmio_clrbits_32(IMX_ANAMIX_BASE + imx8mq_pll[i].reg,
+ imx8mq_pll[i].override_mask);
+ }
+ }
+}
+
+int imx_gpc_handler(uint32_t smc_fid,
+ u_register_t x1,
+ u_register_t x2,
+ u_register_t x3)
+{
+ switch (x1) {
+ case FSL_SIP_CONFIG_GPC_CORE_WAKE:
+ imx_gpc_core_wake(x2);
+ break;
+ case FSL_SIP_CONFIG_GPC_SET_WAKE:
+ imx_gpc_set_wake(x2, x3);
+ break;
+ case FSL_SIP_CONFIG_GPC_MASK:
+ imx_gpc_hwirq_mask(x2);
+ break;
+ case FSL_SIP_CONFIG_GPC_UNMASK:
+ imx_gpc_hwirq_unmask(x2);
+ break;
+ case FSL_SIP_CONFIG_GPC_SET_AFF:
+ imx_gpc_set_affinity(x2, x3);
+ break;
+ default:
+ return SMC_UNK;
+ }
+
+ return 0;
+}
+
void imx_gpc_init(void)
{
uint32_t val;
- int i;
+ unsigned int i, j;
+
/* mask all the interrupt by default */
- for (i = 0; i < 4; i++) {
- mmio_write_32(IMX_GPC_BASE + IMR1_CORE0_A53 + i * 4, ~0x0);
- mmio_write_32(IMX_GPC_BASE + IMR1_CORE1_A53 + i * 4, ~0x0);
- mmio_write_32(IMX_GPC_BASE + IMR1_CORE2_A53 + i * 4, ~0x0);
- mmio_write_32(IMX_GPC_BASE + IMR1_CORE3_A53 + i * 4, ~0x0);
- mmio_write_32(IMX_GPC_BASE + IMR1_CORE0_M4 + i * 4, ~0x0);
+ for (i = 0U; i < PLATFORM_CORE_COUNT; i++) {
+ for (j = 0U; j < ARRAY_SIZE(gpc_imr_offset); j++) {
+ mmio_write_32(gpc_imr_offset[j] + i * 4, ~0x0);
+ }
}
+
/* Due to the hardware design requirement, need to make
* sure GPR interrupt(#32) is unmasked during RUN mode to
* avoid entering DSM mode by mistake.
*/
- mmio_write_32(IMX_GPC_BASE + IMR1_CORE0_A53, 0xFFFFFFFE);
- mmio_write_32(IMX_GPC_BASE + IMR1_CORE1_A53, 0xFFFFFFFE);
- mmio_write_32(IMX_GPC_BASE + IMR1_CORE2_A53, 0xFFFFFFFE);
- mmio_write_32(IMX_GPC_BASE + IMR1_CORE3_A53, 0xFFFFFFFE);
+ for (i = 0U; i < PLATFORM_CORE_COUNT; i++) {
+ mmio_write_32(gpc_imr_offset[i], ~0x1);
+ }
+
+ /* leave the IOMUX_GPC bit 12 on for core wakeup */
+ mmio_setbits_32(IMX_IOMUX_GPR_BASE + 0x4, 1 << 12);
/* use external IRQs to wakeup C0~C3 from LPM */
val = mmio_read_32(IMX_GPC_BASE + LPCR_A53_BSC);
diff --git a/plat/imx/imx8m/imx8mq/imx8mq_bl31_setup.c b/plat/imx/imx8m/imx8mq/imx8mq_bl31_setup.c
index 4706c20..661f8e2 100644
--- a/plat/imx/imx8m/imx8mq/imx8mq_bl31_setup.c
+++ b/plat/imx/imx8m/imx8mq/imx8mq_bl31_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -21,6 +21,7 @@
#include <lib/xlat_tables/xlat_tables_v2.h>
#include <plat/common/platform.h>
+#include <dram.h>
#include <gpc.h>
#include <imx_aipstz.h>
#include <imx_uart.h>
@@ -34,6 +35,8 @@
MAP_REGION_FLAT(IMX_ROM_BASE, IMX_ROM_SIZE, MT_MEMORY | MT_RO), /* ROM map */
MAP_REGION_FLAT(IMX_AIPS_BASE, IMX_AIPS_SIZE, MT_DEVICE | MT_RW), /* AIPS map */
MAP_REGION_FLAT(IMX_GIC_BASE, IMX_GIC_SIZE, MT_DEVICE | MT_RW), /* GIC map */
+ MAP_REGION_FLAT(IMX_DDRPHY_BASE, IMX_DDR_IPS_SIZE, MT_DEVICE | MT_RW), /* DDRMIX map */
+ MAP_REGION_FLAT(IMX_DRAM_BASE, IMX_DRAM_SIZE, MT_MEMORY | MT_RW | MT_NS),
{0},
};
@@ -82,7 +85,11 @@
ocotp_val = mmio_read_32(IMX_OCOTP_BASE + OCOTP_SOC_INFO_B1);
if (ocotp_val == 0xff0055aa) {
imx_soc_revision &= ~0xff;
- imx_soc_revision |= 0x21;
+ if (rom_version == 0x22) {
+ imx_soc_revision |= 0x22;
+ } else {
+ imx_soc_revision |= 0x21;
+ }
return;
}
}
@@ -208,6 +215,8 @@
/* gpc init */
imx_gpc_init();
+
+ dram_info_init(SAVED_DRAM_TIMING_BASE);
}
entry_point_info_t *bl31_plat_get_next_image_ep_info(unsigned int type)
diff --git a/plat/imx/imx8m/imx8mq/imx8mq_psci.c b/plat/imx/imx8m/imx8mq/imx8mq_psci.c
index 01582af..3375ce7 100644
--- a/plat/imx/imx8m/imx8mq/imx8mq_psci.c
+++ b/plat/imx/imx8m/imx8mq/imx8mq_psci.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -9,9 +9,11 @@
#include <arch.h>
#include <arch_helpers.h>
#include <common/debug.h>
+#include <drivers/delay_timer.h>
#include <lib/mmio.h>
#include <lib/psci/psci.h>
+#include <dram.h>
#include <gpc.h>
#include <imx8m_psci.h>
#include <plat_imx8.h>
@@ -39,6 +41,21 @@
return PSCI_E_SUCCESS;
}
+void imx_pwr_domain_off(const psci_power_state_t *target_state)
+{
+ uint64_t mpidr = read_mpidr_el1();
+ unsigned int core_id = MPIDR_AFFLVL0_VAL(mpidr);
+
+ plat_gic_cpuif_disable();
+ imx_set_cpu_pwr_off(core_id);
+
+ /*
+ * TODO: Find out why this is still
+ * needed in order not to break suspend
+ */
+ udelay(50);
+}
+
void imx_domain_suspend(const psci_power_state_t *target_state)
{
uint64_t base_addr = BL31_START;
@@ -57,12 +74,14 @@
}
if (is_local_state_off(CLUSTER_PWR_STATE(target_state)))
- imx_set_cluster_powerdown(core_id, true);
+ imx_set_cluster_powerdown(core_id, CLUSTER_PWR_STATE(target_state));
else
imx_set_cluster_standby(true);
if (is_local_state_retn(SYSTEM_PWR_STATE(target_state))) {
imx_set_sys_lpm(core_id, true);
+ dram_enter_retention();
+ imx_anamix_override(true);
}
}
@@ -73,18 +92,22 @@
/* check the system level status */
if (is_local_state_retn(SYSTEM_PWR_STATE(target_state))) {
+ imx_anamix_override(false);
+ dram_exit_retention();
imx_set_sys_lpm(core_id, false);
imx_clear_rbc_count();
}
/* check the cluster level power status */
if (is_local_state_off(CLUSTER_PWR_STATE(target_state)))
- imx_set_cluster_powerdown(core_id, false);
+ imx_set_cluster_powerdown(core_id, PSCI_LOCAL_STATE_RUN);
else
imx_set_cluster_standby(false);
/* check the core level power status */
if (is_local_state_off(CORE_PWR_STATE(target_state))) {
+ /* mark this core as awake by masking IRQ0 */
+ imx_gpc_set_a53_core_awake(core_id);
/* clear the core lpm setting */
imx_set_cpu_lpm(core_id, false);
/* enable the gic cpu interface */
diff --git a/plat/imx/imx8m/imx8mq/include/platform_def.h b/plat/imx/imx8m/imx8mq/include/platform_def.h
index bb57074..2526a02 100644
--- a/plat/imx/imx8m/imx8mq/include/platform_def.h
+++ b/plat/imx/imx8m/imx8mq/include/platform_def.h
@@ -4,6 +4,7 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
+#include <lib/utils_def.h>
#include <plat/common/common_def.h>
#define PLATFORM_LINKER_FORMAT "elf64-littleaarch64"
@@ -82,6 +83,9 @@
#define IMX_DDRC_BASE U(0x3d400000)
#define IMX_DDRPHY_BASE U(0x3c000000)
#define IMX_DDR_IPS_BASE U(0x3d000000)
+#define IMX_DDR_IPS_SIZE U(0x1800000)
+#define IMX_DRAM_BASE U(0x40000000)
+#define IMX_DRAM_SIZE U(0xc0000000)
#define IMX_ROM_BASE U(0x00000000)
#define IMX_ROM_SIZE U(0x20000)
@@ -119,6 +123,12 @@
#define SNVS_LPCR_DP_EN BIT(5)
#define SNVS_LPCR_TOP BIT(6)
+#define SAVED_DRAM_TIMING_BASE U(0x40000000)
+
+#define HW_DRAM_PLL_CFG0 (IMX_ANAMIX_BASE + 0x60)
+#define HW_DRAM_PLL_CFG1 (IMX_ANAMIX_BASE + 0x64)
+#define HW_DRAM_PLL_CFG2 (IMX_ANAMIX_BASE + 0x68)
+#define DRAM_PLL_CTRL HW_DRAM_PLL_CFG0
#define IOMUXC_GPR10 U(0x28)
#define GPR_TZASC_EN BIT(0)
diff --git a/plat/imx/imx8m/imx8mq/platform.mk b/plat/imx/imx8m/imx8mq/platform.mk
index 901a974..b1c189f 100644
--- a/plat/imx/imx8m/imx8mq/platform.mk
+++ b/plat/imx/imx8m/imx8mq/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2018-2023, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -14,6 +14,12 @@
# Include GICv3 driver files
include drivers/arm/gic/v3/gicv3.mk
+IMX_DRAM_SOURCES := plat/imx/imx8m/ddr/dram.c \
+ plat/imx/imx8m/ddr/clock.c \
+ plat/imx/imx8m/ddr/dram_retention.c \
+ plat/imx/imx8m/ddr/ddr4_dvfs.c \
+ plat/imx/imx8m/ddr/lpddr4_dvfs.c
+
IMX_GIC_SOURCES := ${GICV3_SOURCES} \
plat/common/plat_gicv3.c \
plat/common/plat_psci_common.c \
@@ -36,12 +42,14 @@
drivers/delay_timer/delay_timer.c \
drivers/delay_timer/generic_delay_timer.c \
${XLAT_TABLES_LIB_SRCS} \
+ ${IMX_DRAM_SOURCES} \
${IMX_GIC_SOURCES}
ENABLE_PIE := 1
USE_COHERENT_MEM := 1
RESET_TO_BL31 := 1
A53_DISABLE_NON_TEMPORAL_HINT := 0
+WARMBOOT_ENABLE_DCACHE_EARLY := 1
ERRATA_A53_835769 := 1
ERRATA_A53_843419 := 1
diff --git a/plat/imx/imx8m/include/dram.h b/plat/imx/imx8m/include/dram.h
index ad11a27..719c390 100644
--- a/plat/imx/imx8m/include/dram.h
+++ b/plat/imx/imx8m/include/dram.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2022 NXP
+ * Copyright 2019-2023 NXP
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -20,6 +20,13 @@
#define DDRC_DDR3L BIT(0)
#define DDR_TYPE_MASK U(0x3f)
#define ACTIVE_RANK_MASK U(0x3)
+#define DDRC_ACTIVE_ONE_RANK U(0x1)
+#define DDRC_ACTIVE_TWO_RANK U(0x2)
+
+#define MR12 U(12)
+#define MR14 U(14)
+
+#define MAX_FSP_NUM U(3)
/* reg & config param */
struct dram_cfg_param {
@@ -57,6 +64,8 @@
struct dram_timing_info *timing_info;
/* mr, emr, emr2, emr3, mr11, mr12, mr22, mr14 */
uint32_t mr_table[3][8];
+ /* used for workaround for rank to rank issue */
+ uint32_t rank_setting[3][3];
};
extern struct dram_info dram_info;
diff --git a/plat/imx/imx8m/include/gpc.h b/plat/imx/imx8m/include/gpc.h
index a41030e..8eb3e06 100644
--- a/plat/imx/imx8m/include/gpc.h
+++ b/plat/imx/imx8m/include/gpc.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -24,6 +24,7 @@
#define COREx_LPM_PUP(core_id) ((core_id) < 2 ? (1 << ((core_id) * 2 + 9)) : (1 << ((core_id) * 2 + 21)))
#define SLTx_CFG(n) ((SLT0_CFG + ((n) * 4)))
#define SLT_COREx_PUP(core_id) (0x2 << ((core_id) * 2))
+#define SLT_COREx_PUP_ACK(core_id) ((core_id) < 2 ? (1 << ((core_id) + 16)) : (1 << ((core_id) + 27)))
#define IMR_MASK_ALL 0xffffffff
@@ -54,6 +55,11 @@
bool always_on;
};
+struct pll_override {
+ uint32_t reg;
+ uint32_t override_mask;
+};
+
DECLARE_BAKERY_LOCK(gpc_lock);
/* function declare */
@@ -72,4 +78,9 @@
void imx_anamix_override(bool enter);
void imx_gpc_pm_domain_enable(uint32_t domain_id, bool on);
+#if defined(PLAT_imx8mq)
+void imx_gpc_set_a53_core_awake(uint32_t core_id);
+void imx_gpc_core_wake(uint32_t cpumask);
+#endif
+
#endif /*IMX8M_GPC_H */
diff --git a/plat/intel/soc/agilex/platform.mk b/plat/intel/soc/agilex/platform.mk
index a1e58fc..e9fa666 100644
--- a/plat/intel/soc/agilex/platform.mk
+++ b/plat/intel/soc/agilex/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2019-2022, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2019-2023, ARM Limited and Contributors. All rights reserved.
# Copyright (c) 2019-2022, Intel Corporation. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
@@ -77,7 +77,7 @@
plat/intel/soc/common/soc/socfpga_reset_manager.c
PROGRAMMABLE_RESET_ADDRESS := 0
-BL2_AT_EL3 := 1
+RESET_TO_BL2 := 1
BL2_INV_DCACHE := 0
MULTI_CONSOLE_API := 1
USE_COHERENT_MEM := 1
diff --git a/plat/intel/soc/n5x/platform.mk b/plat/intel/soc/n5x/platform.mk
index be1ad8c..4f3da4e 100644
--- a/plat/intel/soc/n5x/platform.mk
+++ b/plat/intel/soc/n5x/platform.mk
@@ -46,7 +46,7 @@
plat/intel/soc/common/soc/socfpga_reset_manager.c
PROGRAMMABLE_RESET_ADDRESS := 0
-BL2_AT_EL3 := 1
+RESET_TO_BL2 := 1
BL2_INV_DCACHE := 0
MULTI_CONSOLE_API := 1
USE_COHERENT_MEM := 1
diff --git a/plat/intel/soc/stratix10/platform.mk b/plat/intel/soc/stratix10/platform.mk
index b7eb4bd..6bc96fb 100644
--- a/plat/intel/soc/stratix10/platform.mk
+++ b/plat/intel/soc/stratix10/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2019-2022, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2019-2023, ARM Limited and Contributors. All rights reserved.
# Copyright (c) 2019-2022, Intel Corporation. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
@@ -76,5 +76,5 @@
plat/intel/soc/common/soc/socfpga_reset_manager.c
PROGRAMMABLE_RESET_ADDRESS := 0
-BL2_AT_EL3 := 1
+RESET_TO_BL2 := 1
USE_COHERENT_MEM := 1
diff --git a/plat/marvell/armada/a8k/common/ble/ble.ld.S b/plat/marvell/armada/a8k/common/ble/ble.ld.S
index d7a0592..446849b 100644
--- a/plat/marvell/armada/a8k/common/ble/ble.ld.S
+++ b/plat/marvell/armada/a8k/common/ble/ble.ld.S
@@ -19,7 +19,7 @@
{
. = BLE_BASE;
- ro . : {
+ .ro . : {
__RO_START__ = .;
*ble_main.o(.entry*)
*(.text*)
@@ -40,9 +40,9 @@
__DATA_END__ = .;
} >RAM
- stacks . (NOLOAD) : {
+ .stacks . (NOLOAD) : {
__STACKS_START__ = .;
- *(tzfw_normal_stacks)
+ *(.tzfw_normal_stacks)
__STACKS_END__ = .;
} >RAM
diff --git a/plat/marvell/armada/a8k/common/ble/ble.mk b/plat/marvell/armada/a8k/common/ble/ble.mk
index 160e98f..752ab41 100644
--- a/plat/marvell/armada/a8k/common/ble/ble.mk
+++ b/plat/marvell/armada/a8k/common/ble/ble.mk
@@ -21,7 +21,7 @@
-I$(CURDIR)/include/lib/libc \
-I$(CURDIR)/include/lib/libc/aarch64
-BLE_LINKERFILE := $(BLE_PATH)/ble.ld.S
+BLE_DEFAULT_LINKER_SCRIPT_SOURCE := $(BLE_PATH)/ble.ld.S
BLE_OBJS := $(addprefix $(BUILD_PLAT)/ble/,$(call SOURCES_TO_OBJS,$(BLE_SOURCES)))
$(BLE_OBJS): PLAT_INCLUDES += -I$(MV_DDR_PATH)
diff --git a/plat/marvell/armada/common/marvell_gicv3.c b/plat/marvell/armada/common/marvell_gicv3.c
index 0bd5545..5419506 100644
--- a/plat/marvell/armada/common/marvell_gicv3.c
+++ b/plat/marvell/armada/common/marvell_gicv3.c
@@ -38,8 +38,8 @@
* We save and restore the GICv3 context on system suspend. Allocate the
* data in the designated EL3 Secure carve-out memory
*/
-static gicv3_redist_ctx_t rdist_ctx __section("arm_el3_tzc_dram");
-static gicv3_dist_ctx_t dist_ctx __section("arm_el3_tzc_dram");
+static gicv3_redist_ctx_t rdist_ctx __section(".arm_el3_tzc_dram");
+static gicv3_dist_ctx_t dist_ctx __section(".arm_el3_tzc_dram");
/*
* MPIDR hashing function for translating MPIDRs read from GICR_TYPER register
diff --git a/plat/mediatek/build_helpers/mtk_build_helpers.mk b/plat/mediatek/build_helpers/mtk_build_helpers.mk
index fc3876e..83a4dd2 100644
--- a/plat/mediatek/build_helpers/mtk_build_helpers.mk
+++ b/plat/mediatek/build_helpers/mtk_build_helpers.mk
@@ -61,31 +61,6 @@
$(eval $(call uppercase,$(2))_SOURCES += $(1))
endef
-# MAKE_LINKERFILE change linker script source file name to
-# target linker script
-# $(1) = linker script source file
-# $(2) = BL stage
-define MAKE_LINKERFILE
-$(eval EXTRA_GENERATED_LINKER_SCRIPT += $(BUILD_PLAT)/$(2)/$(patsubst %.ld.S,%.ld,$(notdir $(1))))
-endef
-
-# MAKE_LINKERFILE_ITER call MAKE_LINKERFILE iteratively
-# $(1) = linker script source file
-# $(2) = BL stage
-define MAKE_LINKERFILE_ITER
-$(eval $(foreach link_src,$(1),$(call MAKE_LINKERFILE,$(link_src),$(2))))
-endef
-
-# MAKE_LD_ITER generate the linker scripts using the C preprocessor iteratively
-# $(1) = output linker script
-# $(2) = input template
-# $(3) = BL stage (1, 2, 2u, 31, 32)
-define MAKE_LD_ITER
-$(eval index_list=$(shell seq $(words $(1))))
-$(eval $(foreach i, $(index_list), \
-$(call MAKE_LD,$(word $(i), $(1)), $(word $(i), $(2)),$(3))))
-endef
-
# MAKE_MODULE reference MAKE_OBJS.
# Create module folder under out/bl$(BL)/$(module)
# Arguments:
diff --git a/plat/mediatek/build_helpers/mtk_build_helpers_epilogue.mk b/plat/mediatek/build_helpers/mtk_build_helpers_epilogue.mk
index 22a546c..4fed41f 100644
--- a/plat/mediatek/build_helpers/mtk_build_helpers_epilogue.mk
+++ b/plat/mediatek/build_helpers/mtk_build_helpers_epilogue.mk
@@ -9,22 +9,7 @@
# Make next section align to page size
ifneq ($(MTK_EXTRA_LINKERFILE),)
-$(eval $(call MAKE_LINKERFILE_ITER,$(MTK_LINKERFILE_SOURCE),bl31))
-
-# EXTRA_GENERATED_LINKER_SCRIPT is a global variable of derived linker
-# script list(from MTK_LINKERFILE_SOURCE) after MAKE_LINKERFILE_ITER
-# function call
-EXTRA_LINKERFILE += ${EXTRA_GENERATED_LINKER_SCRIPT}
-
-# Expand derived linker script as build target
-$(eval $(call MAKE_LD_ITER, $(EXTRA_GENERATED_LINKER_SCRIPT),$(MTK_LINKERFILE_SOURCE),bl31))
-
-# mtk_align.ld MUST BE THE LAST LINKER SCRIPT!
-EXTRA_LINKERFILE += ${MTK_PLAT}/include/mtk_align.ld
-
-# bl31.ld should depend on EXTRA_LINKERFILE
-$(eval ${BUILD_PLAT}/bl31/bl31.ld: ${EXTRA_LINKERFILE})
-EXTRA_LINKERFILE := $(addprefix -T,$(EXTRA_LINKERFILE))
-else
-EXTRA_LINKERFILE :=
+ # mtk_align.ld MUST BE THE LAST LINKER SCRIPT!
+ BL31_LINKER_SCRIPT_SOURCES += $(MTK_LINKERFILE_SOURCE)
+ BL31_LINKER_SCRIPT_SOURCES += ${MTK_PLAT}/include/mtk_align.ld
endif
diff --git a/plat/mediatek/common/mtk_smc_handlers.c b/plat/mediatek/common/mtk_smc_handlers.c
index 92b3873..a8a5a48 100644
--- a/plat/mediatek/common/mtk_smc_handlers.c
+++ b/plat/mediatek/common/mtk_smc_handlers.c
@@ -72,7 +72,7 @@
}
#define SMC_ID_EXPAND_AS_DESCRIPTOR_INDEX(_smc_id, _smc_num) \
- short _smc_id##_descriptor_index __section("mtk_plat_ro") = -1;
+ short _smc_id##_descriptor_index __section(".mtk_plat_ro") = -1;
MTK_SIP_SMC_FROM_BL33_TABLE(SMC_ID_EXPAND_AS_DESCRIPTOR_INDEX);
MTK_SIP_SMC_FROM_NS_EL1_TABLE(SMC_ID_EXPAND_AS_DESCRIPTOR_INDEX);
diff --git a/plat/mediatek/include/plat.ld.rodata.inc b/plat/mediatek/include/plat.ld.rodata.inc
index 06ad491..e766472 100644
--- a/plat/mediatek/include/plat.ld.rodata.inc
+++ b/plat/mediatek/include/plat.ld.rodata.inc
@@ -25,6 +25,6 @@
__MTK_SMC_POOL_END_UNALIGNED__ = .;
. = ALIGN(8);
#include <vendor_pubsub_events.h>
- *(mtk_plat_ro)
+ *(.mtk_plat_ro)
#endif /* PLAT_LD_RODATA_INC */
diff --git a/plat/mediatek/mt8173/drivers/spm/spm.c b/plat/mediatek/mt8173/drivers/spm/spm.c
index 1caab3b..8980e07 100644
--- a/plat/mediatek/mt8173/drivers/spm/spm.c
+++ b/plat/mediatek/mt8173/drivers/spm/spm.c
@@ -29,9 +29,9 @@
DEFINE_BAKERY_LOCK(spm_lock);
-static int spm_hotplug_ready __section("tzfw_coherent_mem");
-static int spm_mcdi_ready __section("tzfw_coherent_mem");
-static int spm_suspend_ready __section("tzfw_coherent_mem");
+static int spm_hotplug_ready __section(".tzfw_coherent_mem");
+static int spm_mcdi_ready __section(".tzfw_coherent_mem");
+static int spm_suspend_ready __section(".tzfw_coherent_mem");
void spm_lock_init(void)
{
diff --git a/plat/mediatek/mt8186/drivers/mcdi/mt_mcdi.c b/plat/mediatek/mt8186/drivers/mcdi/mt_mcdi.c
index 0103612..efcf87f 100644
--- a/plat/mediatek/mt8186/drivers/mcdi/mt_mcdi.c
+++ b/plat/mediatek/mt8186/drivers/mcdi/mt_mcdi.c
@@ -62,7 +62,7 @@
#define MCDI_INIT_2 U(2)
#define MCDI_INIT_DONE U(3)
-static int mcdi_init_status __section("tzfw_coherent_mem");
+static int mcdi_init_status __section(".tzfw_coherent_mem");
static inline uint32_t mcdi_mbox_read(uint32_t id)
{
diff --git a/plat/mediatek/mt8192/drivers/mcdi/mt_mcdi.c b/plat/mediatek/mt8192/drivers/mcdi/mt_mcdi.c
index 1635b67..765c7b2 100644
--- a/plat/mediatek/mt8192/drivers/mcdi/mt_mcdi.c
+++ b/plat/mediatek/mt8192/drivers/mcdi/mt_mcdi.c
@@ -63,7 +63,7 @@
#define MCDI_INIT_2 2
#define MCDI_INIT_DONE 3
-static int mcdi_init_status __section("tzfw_coherent_mem");
+static int mcdi_init_status __section(".tzfw_coherent_mem");
static inline uint32_t mcdi_mbox_read(uint32_t id)
{
diff --git a/plat/mediatek/mt8195/drivers/mcdi/mt_mcdi.c b/plat/mediatek/mt8195/drivers/mcdi/mt_mcdi.c
index c14e83b..f7dfec3 100644
--- a/plat/mediatek/mt8195/drivers/mcdi/mt_mcdi.c
+++ b/plat/mediatek/mt8195/drivers/mcdi/mt_mcdi.c
@@ -63,7 +63,7 @@
#define MCDI_INIT_2 2
#define MCDI_INIT_DONE 3
-static int mcdi_init_status __section("tzfw_coherent_mem");
+static int mcdi_init_status __section(".tzfw_coherent_mem");
static inline uint32_t mcdi_mbox_read(uint32_t id)
{
diff --git a/plat/nvidia/tegra/common/tegra_platform.c b/plat/nvidia/tegra/common/tegra_platform.c
index f3aa3ea..6d736b5 100644
--- a/plat/nvidia/tegra/common/tegra_platform.c
+++ b/plat/nvidia/tegra/common/tegra_platform.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2016-2021, ARM Limited and Contributors. All rights reserved.
- * Copyright (c) 2020-2021, NVIDIA Corporation. All rights reserved.
+ * Copyright (c) 2020-2023, NVIDIA Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -272,10 +272,12 @@
*/
int32_t plat_get_soc_version(void)
{
- uint32_t chip_id = ((tegra_get_chipid() >> CHIP_ID_SHIFT) & CHIP_ID_MASK);
+ uint32_t chip_id = (tegra_get_chipid() >> CHIP_ID_SHIFT) & CHIP_ID_MASK;
+ uint32_t major_rev = tegra_get_chipid_major();
uint32_t manfid = SOC_ID_SET_JEP_106(JEDEC_NVIDIA_BKID, JEDEC_NVIDIA_MFID);
- return (int32_t)(manfid | (chip_id & SOC_ID_IMPL_DEF_MASK));
+ return (int32_t)(manfid | (((chip_id << MAJOR_VERSION_SHIFT) | major_rev) &
+ SOC_ID_IMPL_DEF_MASK));
}
/*
diff --git a/plat/nvidia/tegra/drivers/flowctrl/flowctrl.c b/plat/nvidia/tegra/drivers/flowctrl/flowctrl.c
index 8f55554..4c9f4af 100644
--- a/plat/nvidia/tegra/drivers/flowctrl/flowctrl.c
+++ b/plat/nvidia/tegra/drivers/flowctrl/flowctrl.c
@@ -84,7 +84,7 @@
void tegra_fc_ccplex_pgexit_lock(void)
{
unsigned int i, cpu = read_mpidr() & MPIDR_CPU_MASK;
- uint32_t flags = tegra_fc_read_32(FLOWCTRL_FC_SEQ_INTERCEPT) & ~INTERCEPT_IRQ_PENDING;;
+ uint32_t flags = tegra_fc_read_32(FLOWCTRL_FC_SEQ_INTERCEPT) & ~INTERCEPT_IRQ_PENDING;
uint32_t icept_cpu_flags[] = {
INTERCEPT_EXIT_PG_CORE0,
INTERCEPT_EXIT_PG_CORE1,
diff --git a/plat/nvidia/tegra/drivers/pmc/pmc.c b/plat/nvidia/tegra/drivers/pmc/pmc.c
index 6c5a73b..e70e7a6 100644
--- a/plat/nvidia/tegra/drivers/pmc/pmc.c
+++ b/plat/nvidia/tegra/drivers/pmc/pmc.c
@@ -103,7 +103,7 @@
bool tegra_pmc_is_last_on_cpu(void)
{
int i, cpu = read_mpidr() & MPIDR_CPU_MASK;
- uint32_t val = tegra_pmc_read_32(PMC_PWRGATE_STATUS);;
+ uint32_t val = tegra_pmc_read_32(PMC_PWRGATE_STATUS);
bool status = true;
/* check if this is the last standing CPU */
diff --git a/plat/nvidia/tegra/platform.mk b/plat/nvidia/tegra/platform.mk
index 6ed1cdf..2365564 100644
--- a/plat/nvidia/tegra/platform.mk
+++ b/plat/nvidia/tegra/platform.mk
@@ -90,8 +90,8 @@
# o resolve undefined symbols to el3_panic
# o include only required sections
TF_LDFLAGS += --diag_suppress=L6314,L6332 --no_scanlib --callgraph
-TF_LDFLAGS += --keep="*(__pubsub*)" --keep="*(rt_svc_descs*)" --keep="*(*cpu_ops)"
+TF_LDFLAGS += --keep="*(.__pubsub*)" --keep="*(.rt_svc_descs*)" --keep="*(.cpu_ops)"
ifeq (${ENABLE_PMF},1)
-TF_LDFLAGS += --keep="*(*pmf_svc_descs*)"
+TF_LDFLAGS += --keep="*(.pmf_svc_descs*)"
endif
endif
diff --git a/plat/nvidia/tegra/scat/bl31.scat b/plat/nvidia/tegra/scat/bl31.scat
index 2d6d2b3..fdd6e33 100644
--- a/plat/nvidia/tegra/scat/bl31.scat
+++ b/plat/nvidia/tegra/scat/bl31.scat
@@ -48,14 +48,14 @@
/* Ensure 8-byte alignment for descriptors and ensure inclusion */
__RT_SVC_DESCS__ AlignExpr(ImageLimit(__RODATA__), 8) FIXED
{
- *(rt_svc_descs)
+ *(.rt_svc_descs)
}
#if ENABLE_PMF
/* Ensure 8-byte alignment for descriptors and ensure inclusion */
__PMF_SVC_DESCS__ AlignExpr(ImageLimit(__RT_SVC_DESCS__), 8) FIXED
{
- *(pmf_svc_descs)
+ *(.pmf_svc_descs)
}
#endif /* ENABLE_PMF */
@@ -65,7 +65,7 @@
*/
__CPU_OPS__ AlignExpr(+0, 8) FIXED
{
- *(cpu_ops)
+ *(.cpu_ops)
}
/*
@@ -150,7 +150,7 @@
{
__STACKS__ AlignExpr(+0, 64) FIXED
{
- *(tzfw_normal_stacks)
+ *(.tzfw_normal_stacks)
}
}
@@ -180,7 +180,7 @@
*/
__BAKERY_LOCKS__ AlignExpr(ImageLimit(__BSS__), CACHE_WRITEBACK_GRANULE) FIXED
{
- *(bakery_lock)
+ *(.bakery_lock)
}
__BAKERY_LOCKS_EPILOGUE__ AlignExpr(ImageLimit(__BAKERY_LOCKS__), CACHE_WRITEBACK_GRANULE) FIXED EMPTY 0
@@ -229,9 +229,9 @@
LR_XLAT_TABLE +0
{
- xlat_table +0 FIXED
+ .xlat_table +0 FIXED
{
- *(xlat_table)
+ *(.xlat_table)
}
}
@@ -251,8 +251,8 @@
*
* Each lock's data is contiguous and fully allocated by the compiler
*/
- *(bakery_lock)
- *(tzfw_coherent_mem)
+ *(.bakery_lock)
+ *(.tzfw_coherent_mem)
}
__COHERENT_RAM_EPILOGUE_UNALIGNED__ +0 FIXED EMPTY 0
diff --git a/plat/nvidia/tegra/soc/t186/drivers/mce/ari.c b/plat/nvidia/tegra/soc/t186/drivers/mce/ari.c
index a57bc11..6414e07 100644
--- a/plat/nvidia/tegra/soc/t186/drivers/mce/ari.c
+++ b/plat/nvidia/tegra/soc/t186/drivers/mce/ari.c
@@ -372,8 +372,8 @@
* StandbyWFI or the equivalent signal, and always keeping the IDLE
* voltage/frequency request register enabled.
*/
- val = (((freq & MCE_AUTO_CC3_FREQ_MASK) << MCE_AUTO_CC3_FREQ_SHIFT) |\
- ((volt & MCE_AUTO_CC3_VTG_MASK) << MCE_AUTO_CC3_VTG_SHIFT) |\
+ val = (((freq & MCE_AUTO_CC3_FREQ_MASK) << MCE_AUTO_CC3_FREQ_SHIFT) |
+ ((volt & MCE_AUTO_CC3_VTG_MASK) << MCE_AUTO_CC3_VTG_SHIFT) |
((enable != 0U) ? MCE_AUTO_CC3_ENABLE_BIT : 0U));
return ari_request_wait(ari_base, 0U,
diff --git a/plat/nvidia/tegra/soc/t186/drivers/mce/nvg.c b/plat/nvidia/tegra/soc/t186/drivers/mce/nvg.c
index cbc9aa3..1a48563 100644
--- a/plat/nvidia/tegra/soc/t186/drivers/mce/nvg.c
+++ b/plat/nvidia/tegra/soc/t186/drivers/mce/nvg.c
@@ -246,8 +246,8 @@
* StandbyWFI or the equivalent signal, and always keeping the IDLE
* voltage/frequency request register enabled.
*/
- val = (((freq & MCE_AUTO_CC3_FREQ_MASK) << MCE_AUTO_CC3_FREQ_SHIFT) |\
- ((volt & MCE_AUTO_CC3_VTG_MASK) << MCE_AUTO_CC3_VTG_SHIFT) |\
+ val = (((freq & MCE_AUTO_CC3_FREQ_MASK) << MCE_AUTO_CC3_FREQ_SHIFT) |
+ ((volt & MCE_AUTO_CC3_VTG_MASK) << MCE_AUTO_CC3_VTG_SHIFT) |
((enable != 0U) ? MCE_AUTO_CC3_ENABLE_BIT : 0U));
nvg_set_request_data((uint64_t)TEGRA_NVG_CHANNEL_CC3_CTRL, (uint64_t)val);
diff --git a/plat/nvidia/tegra/soc/t194/plat_ras.c b/plat/nvidia/tegra/soc/t194/plat_ras.c
index 02f6158..a9fed0a 100644
--- a/plat/nvidia/tegra/soc/t194/plat_ras.c
+++ b/plat/nvidia/tegra/soc/t194/plat_ras.c
@@ -249,7 +249,6 @@
* of range.
*/
*cookie = 0ULL;
- return;
}
/* Function to probe an error from error record group. */
diff --git a/plat/nvidia/tegra/soc/t194/plat_smmu.c b/plat/nvidia/tegra/soc/t194/plat_smmu.c
index 310e951..710d5c5 100644
--- a/plat/nvidia/tegra/soc/t194/plat_smmu.c
+++ b/plat/nvidia/tegra/soc/t194/plat_smmu.c
@@ -24,7 +24,7 @@
uint32_t plat_get_num_smmu_devices(void)
{
uint32_t ret_num = MAX_NUM_SMMU_DEVICES;
- uint32_t board_revid = ((tegra_misc_read_32(MISCREG_EMU_REVID) >> \
+ uint32_t board_revid = ((tegra_misc_read_32(MISCREG_EMU_REVID) >>
BOARD_SHIFT_BITS) & BOARD_MASK_BITS);
if (board_revid == BOARD_SYSTEM_FPGA_BASE) {
diff --git a/plat/nvidia/tegra/soc/t210/plat_sip_calls.c b/plat/nvidia/tegra/soc/t210/plat_sip_calls.c
index e3484be..93d1283 100644
--- a/plat/nvidia/tegra/soc/t210/plat_sip_calls.c
+++ b/plat/nvidia/tegra/soc/t210/plat_sip_calls.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
- * Copyright (c) 2020, NVIDIA Corporation. All rights reserved.
+ * Copyright (c) 2020-2023, NVIDIA Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -33,6 +33,7 @@
/*******************************************************************************
* Tegra210 SiP SMCs
******************************************************************************/
+#define TEGRA_SIP_PMC_COMMANDS_LEGACY U(0xC2FEFE00)
#define TEGRA_SIP_PMC_COMMANDS U(0xC2FFFE00)
/*******************************************************************************
@@ -54,7 +55,7 @@
if (!ns)
SMC_RET1(handle, SMC_UNK);
- if (smc_fid == TEGRA_SIP_PMC_COMMANDS) {
+ if ((smc_fid == TEGRA_SIP_PMC_COMMANDS) || (smc_fid == TEGRA_SIP_PMC_COMMANDS_LEGACY)) {
/* check the address is within PMC range and is 4byte aligned */
if ((x2 >= TEGRA_PMC_SIZE) || (x2 & 0x3))
return -EINVAL;
diff --git a/plat/nxp/common/setup/common.mk b/plat/nxp/common/setup/common.mk
index 1fcf1d0..b7e16ae 100644
--- a/plat/nxp/common/setup/common.mk
+++ b/plat/nxp/common/setup/common.mk
@@ -7,7 +7,7 @@
###############################################################################
# Flow begins in BL2 at EL3 mode
-BL2_AT_EL3 := 1
+RESET_TO_BL2 := 1
# Though one core is powered up by default, there are
# platform specific ways to release more than one core
diff --git a/plat/nxp/soc-ls1046a/aarch64/ls1046a_helpers.S b/plat/nxp/soc-ls1046a/aarch64/ls1046a_helpers.S
index d2a48ea..a213594 100644
--- a/plat/nxp/soc-ls1046a/aarch64/ls1046a_helpers.S
+++ b/plat/nxp/soc-ls1046a/aarch64/ls1046a_helpers.S
@@ -44,7 +44,7 @@
func plat_reset_handler
mov x29, x30
-#if (defined(IMAGE_BL2) && BL2_AT_EL3)
+#if (defined(IMAGE_BL2) && RESET_TO_BL2)
bl l2_mem_init
#endif
bl apply_platform_errata
diff --git a/plat/qemu/qemu_sbsa/include/platform_def.h b/plat/qemu/qemu_sbsa/include/platform_def.h
index d971ebe..85fbb4d 100644
--- a/plat/qemu/qemu_sbsa/include/platform_def.h
+++ b/plat/qemu/qemu_sbsa/include/platform_def.h
@@ -364,8 +364,8 @@
* Name of the section to put the translation tables used by the S-EL1/S-EL0
* context of a Secure Partition.
*/
-#define PLAT_SP_IMAGE_XLAT_SECTION_NAME "qemu_sp_xlat_table"
-#define PLAT_SP_IMAGE_BASE_XLAT_SECTION_NAME "qemu_sp_xlat_table"
+#define PLAT_SP_IMAGE_XLAT_SECTION_NAME ".qemu_sp_xlat_table"
+#define PLAT_SP_IMAGE_BASE_XLAT_SECTION_NAME ".qemu_sp_xlat_table"
/* Cookies passed to the Secure Partition at boot. Not used by QEMU platforms.*/
#define PLAT_SPM_COOKIE_0 ULL(0)
diff --git a/plat/renesas/common/aarch64/plat_helpers.S b/plat/renesas/common/aarch64/plat_helpers.S
index 21c3bed..a7fdfa0 100644
--- a/plat/renesas/common/aarch64/plat_helpers.S
+++ b/plat/renesas/common/aarch64/plat_helpers.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
* Copyright (c) 2015-2021, Renesas Electronics Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -126,7 +126,7 @@
exit:
ret x9
_panic:
- b do_panic
+ b el3_panic
#endif
endfunc plat_get_my_entrypoint
diff --git a/plat/renesas/common/aarch64/platform_common.c b/plat/renesas/common/aarch64/platform_common.c
index b0a88cb..17ccb28 100644
--- a/plat/renesas/common/aarch64/platform_common.c
+++ b/plat/renesas/common/aarch64/platform_common.c
@@ -28,7 +28,7 @@
#endif
const uint8_t version_of_renesas[VERSION_OF_RENESAS_MAXLEN]
- __attribute__ ((__section__("ro"))) = VERSION_OF_RENESAS;
+ __attribute__ ((__section__(".ro"))) = VERSION_OF_RENESAS;
#define MAP_SHARED_RAM MAP_REGION_FLAT(RCAR_SHARED_MEM_BASE, \
RCAR_SHARED_MEM_SIZE, \
diff --git a/plat/renesas/common/common.mk b/plat/renesas/common/common.mk
index ca61f0e..25fbb2f 100644
--- a/plat/renesas/common/common.mk
+++ b/plat/renesas/common/common.mk
@@ -10,7 +10,7 @@
TRUSTED_BOARD_BOOT := 1
RESET_TO_BL31 := 1
GENERATE_COT := 1
-BL2_AT_EL3 := 1
+RESET_TO_BL2 := 1
ENABLE_SVE_FOR_NS := 0
MULTI_CONSOLE_API := 1
diff --git a/plat/rockchip/common/aarch32/plat_helpers.S b/plat/rockchip/common/aarch32/plat_helpers.S
index 475c297..9f49cbd 100644
--- a/plat/rockchip/common/aarch32/plat_helpers.S
+++ b/plat/rockchip/common/aarch32/plat_helpers.S
@@ -151,7 +151,7 @@
* Per-CPU Secure entry point - resume or power up
* --------------------------------------------------------------------
*/
- .section tzfw_coherent_mem, "a"
+ .section .tzfw_coherent_mem, "a"
.align 3
cpuson_entry_point:
.rept PLATFORM_CORE_COUNT
diff --git a/plat/rockchip/common/aarch64/plat_helpers.S b/plat/rockchip/common/aarch64/plat_helpers.S
index 4af052b..c4c0dec 100644
--- a/plat/rockchip/common/aarch64/plat_helpers.S
+++ b/plat/rockchip/common/aarch64/plat_helpers.S
@@ -150,7 +150,7 @@
* Per-CPU Secure entry point - resume or power up
* --------------------------------------------------------------------
*/
- .section tzfw_coherent_mem, "a"
+ .section .tzfw_coherent_mem, "a"
.align 3
cpuson_entry_point:
.rept PLATFORM_CORE_COUNT
diff --git a/plat/rockchip/px30/drivers/pmu/pmu.c b/plat/rockchip/px30/drivers/pmu/pmu.c
index 5f4e64f..8770b2e 100644
--- a/plat/rockchip/px30/drivers/pmu/pmu.c
+++ b/plat/rockchip/px30/drivers/pmu/pmu.c
@@ -45,7 +45,7 @@
static uint32_t cores_pd_cfg_info[PLATFORM_CORE_COUNT]
#if USE_COHERENT_MEM
-__attribute__ ((section("tzfw_coherent_mem")))
+__attribute__ ((section(".tzfw_coherent_mem")))
#endif
;
@@ -101,7 +101,7 @@
static struct px30_sleep_ddr_data ddr_data
#if USE_COHERENT_MEM
-__attribute__ ((section("tzfw_coherent_mem")))
+__attribute__ ((section(".tzfw_coherent_mem")))
#endif
;
diff --git a/plat/rockchip/rk3399/drivers/dp/cdn_dp.h b/plat/rockchip/rk3399/drivers/dp/cdn_dp.h
index c5cbae2..52c72d6 100644
--- a/plat/rockchip/rk3399/drivers/dp/cdn_dp.h
+++ b/plat/rockchip/rk3399/drivers/dp/cdn_dp.h
@@ -34,7 +34,7 @@
#define HDCP_KEY_1X_STORE_DATA_ALIGN_SIZE (6 * 64) / 8
/* Checks the cdn_dp_hdcp_key_1x must be aligned on 6 x 64-bit word boundary */
-CASSERT(sizeof(struct cdn_dp_hdcp_key_1x) % HDCP_KEY_1X_STORE_DATA_ALIGN_SIZE, \
+CASSERT(sizeof(struct cdn_dp_hdcp_key_1x) % HDCP_KEY_1X_STORE_DATA_ALIGN_SIZE,
assert_hdcp_key_1x_store_data_align_size_mismatch);
uint64_t dp_hdcp_ctrl(uint64_t type);
diff --git a/plat/rockchip/rk3399/drivers/pmu/pmu.c b/plat/rockchip/rk3399/drivers/pmu/pmu.c
index 3084c4f..7bdefcc 100644
--- a/plat/rockchip/rk3399/drivers/pmu/pmu.c
+++ b/plat/rockchip/rk3399/drivers/pmu/pmu.c
@@ -64,7 +64,7 @@
static uint32_t core_pm_cfg_info[PLATFORM_CORE_COUNT]
#if USE_COHERENT_MEM
-__attribute__ ((section("tzfw_coherent_mem")))
+__attribute__ ((section(".tzfw_coherent_mem")))
#endif
;/* coheront */
diff --git a/plat/socionext/synquacer/include/plat.ld.S b/plat/socionext/synquacer/include/plat.ld.S
index af7a172..d02afa7 100644
--- a/plat/socionext/synquacer/include/plat.ld.S
+++ b/plat/socionext/synquacer/include/plat.ld.S
@@ -23,8 +23,8 @@
* not support inner shareable WBWA mappings so it is mapped normal
* non-cacheable)
*/
- sp_xlat_table (NOLOAD) : ALIGN(PAGE_SIZE) {
- *(sp_xlat_table)
+ .sp_xlat_table (NOLOAD) : ALIGN(PAGE_SIZE) {
+ *(.sp_xlat_table)
} >SP_DRAM
}
diff --git a/plat/socionext/synquacer/include/platform_def.h b/plat/socionext/synquacer/include/platform_def.h
index d6bfe42..acc74e2 100644
--- a/plat/socionext/synquacer/include/platform_def.h
+++ b/plat/socionext/synquacer/include/platform_def.h
@@ -180,8 +180,8 @@
#define PLAT_SP_IMAGE_MMAP_REGIONS 30
#define PLAT_SP_IMAGE_MAX_XLAT_TABLES 20
-#define PLAT_SP_IMAGE_XLAT_SECTION_NAME "sp_xlat_table"
-#define PLAT_SP_IMAGE_BASE_XLAT_SECTION_NAME "sp_xlat_table"
+#define PLAT_SP_IMAGE_XLAT_SECTION_NAME ".sp_xlat_table"
+#define PLAT_SP_IMAGE_BASE_XLAT_SECTION_NAME ".sp_xlat_table"
#define PLAT_SQ_UART1_BASE PLAT_SQ_BOOT_UART_BASE
#define PLAT_SQ_UART1_SIZE ULL(0x1000)
diff --git a/plat/socionext/synquacer/platform.mk b/plat/socionext/synquacer/platform.mk
index b76ae88..a6d9bef 100644
--- a/plat/socionext/synquacer/platform.mk
+++ b/plat/socionext/synquacer/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2018-2023, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -17,7 +17,7 @@
SQ_USE_SCMI_DRIVER ?= 0
else
override RESET_TO_BL31 := 0
-override BL2_AT_EL3 := 1
+override RESET_TO_BL2 := 1
SQ_USE_SCMI_DRIVER := 1
BL2_CPPFLAGS += -DPLAT_XLAT_TABLES_DYNAMIC
endif
diff --git a/plat/socionext/uniphier/platform.mk b/plat/socionext/uniphier/platform.mk
index 378497a..d466aa1 100644
--- a/plat/socionext/uniphier/platform.mk
+++ b/plat/socionext/uniphier/platform.mk
@@ -1,10 +1,10 @@
#
-# Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2017-2023, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
-override BL2_AT_EL3 := 1
+override RESET_TO_BL2 := 1
override COLD_BOOT_SINGLE_CPU := 1
override PROGRAMMABLE_RESET_ADDRESS := 1
override USE_COHERENT_MEM := 1
diff --git a/plat/st/stm32mp1/include/stm32mp1_mbedtls_config.h b/plat/st/stm32mp1/include/stm32mp1_mbedtls_config-2.h
similarity index 100%
rename from plat/st/stm32mp1/include/stm32mp1_mbedtls_config.h
rename to plat/st/stm32mp1/include/stm32mp1_mbedtls_config-2.h
diff --git a/plat/st/stm32mp1/include/stm32mp1_mbedtls_config-3.h b/plat/st/stm32mp1/include/stm32mp1_mbedtls_config-3.h
new file mode 100644
index 0000000..d7dab1f
--- /dev/null
+++ b/plat/st/stm32mp1/include/stm32mp1_mbedtls_config-3.h
@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 2022, STMicroelectronics - All Rights Reserved
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/*
+ * Key algorithms currently supported on mbed TLS libraries
+ */
+#define TF_MBEDTLS_USE_RSA 0
+#define TF_MBEDTLS_USE_ECDSA 1
+
+/*
+ * Hash algorithms currently supported on mbed TLS libraries
+ */
+#define TF_MBEDTLS_SHA256 1
+#define TF_MBEDTLS_SHA384 2
+#define TF_MBEDTLS_SHA512 3
+
+/*
+ * Configuration file to build mbed TLS with the required features for
+ * Trusted Boot
+ */
+
+#define MBEDTLS_PLATFORM_MEMORY
+#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+/* Prevent mbed TLS from using snprintf so that it can use tf_snprintf. */
+#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+
+#define MBEDTLS_PKCS1_V21
+
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_BIGNUM_C
+
+#define MBEDTLS_ERROR_C
+#define MBEDTLS_MD_C
+
+#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
+#define MBEDTLS_OID_C
+
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PK_WRITE_C
+
+#define MBEDTLS_PLATFORM_C
+
+#if TF_MBEDTLS_USE_ECDSA
+#define MBEDTLS_ECDSA_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#endif
+#if TF_MBEDTLS_USE_RSA
+#define MBEDTLS_RSA_C
+#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
+#endif
+
+/* The library does not currently support enabling SHA-256 without SHA-224. */
+#define MBEDTLS_SHA224_C
+#define MBEDTLS_SHA256_C
+
+#if (TF_MBEDTLS_HASH_ALG_ID != TF_MBEDTLS_SHA256)
+#define MBEDTLS_SHA384_C
+#define MBEDTLS_SHA512_C
+#endif
+
+#define MBEDTLS_VERSION_C
+
+#define MBEDTLS_X509_USE_C
+#define MBEDTLS_X509_CRT_PARSE_C
+
+#if TF_MBEDTLS_USE_AES_GCM
+#define MBEDTLS_AES_C
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_GCM_C
+#endif
+
+/* MPI / BIGNUM options */
+#define MBEDTLS_MPI_WINDOW_SIZE 2
+
+#if TF_MBEDTLS_USE_RSA
+#if TF_MBEDTLS_KEY_SIZE <= 2048
+#define MBEDTLS_MPI_MAX_SIZE 256
+#else
+#define MBEDTLS_MPI_MAX_SIZE 512
+#endif
+#else
+#define MBEDTLS_MPI_MAX_SIZE 256
+#endif
+
+/* Memory buffer allocator options */
+#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 8
+
+/*
+ * Prevent the use of 128-bit division which
+ * creates dependency on external libraries.
+ */
+#define MBEDTLS_NO_UDBL_DIVISION
+
+#ifndef __ASSEMBLER__
+/* System headers required to build mbed TLS with the current configuration */
+#include <stdlib.h>
+#include <mbedtls/check_config.h>
+#endif
+
+/*
+ * Mbed TLS heap size is smal as we only use the asn1
+ * parsing functions
+ * digest, signature and crypto algorithm are done by
+ * other library.
+ */
+
+#define TF_MBEDTLS_HEAP_SIZE U(5120)
diff --git a/plat/st/stm32mp1/platform.mk b/plat/st/stm32mp1/platform.mk
index 236296e..cddc695 100644
--- a/plat/st/stm32mp1/platform.mk
+++ b/plat/st/stm32mp1/platform.mk
@@ -1,12 +1,12 @@
#
-# Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
ARM_CORTEX_A7 := yes
ARM_WITH_NEON := yes
-BL2_AT_EL3 := 1
+RESET_TO_BL2 := 1
USE_COHERENT_MEM := 0
STM32MP_EARLY_CONSOLE ?= 0
@@ -381,7 +381,19 @@
endif
TF_MBEDTLS_KEY_ALG := ecdsa
-MBEDTLS_CONFIG_FILE ?= "<stm32mp1_mbedtls_config.h>"
+
+ifneq (${MBEDTLS_DIR},)
+MBEDTLS_MAJOR=$(shell grep -hP "define MBEDTLS_VERSION_MAJOR" \
+${MBEDTLS_DIR}/include/mbedtls/*.h | grep -oe '\([0-9.]*\)')
+
+ifeq (${MBEDTLS_MAJOR}, 2)
+MBEDTLS_CONFIG_FILE ?= "<stm32mp1_mbedtls_config-2.h>"
+endif
+
+ifeq (${MBEDTLS_MAJOR}, 3)
+MBEDTLS_CONFIG_FILE ?= "<stm32mp1_mbedtls_config-3.h>"
+endif
+endif
include drivers/auth/mbedtls/mbedtls_x509.mk
diff --git a/plat/ti/k3/common/drivers/ti_sci/ti_sci.c b/plat/ti/k3/common/drivers/ti_sci/ti_sci.c
index 569e60c..ade10a6 100644
--- a/plat/ti/k3/common/drivers/ti_sci/ti_sci.c
+++ b/plat/ti/k3/common/drivers/ti_sci/ti_sci.c
@@ -21,7 +21,7 @@
#include "ti_sci.h"
#if USE_COHERENT_MEM
-__section("tzfw_coherent_mem")
+__section(".tzfw_coherent_mem")
#endif
static uint8_t message_sequence;
diff --git a/plat/ti/k3/common/k3_bl31_setup.c b/plat/ti/k3/common/k3_bl31_setup.c
index 9a1fd94..242b1ea 100644
--- a/plat/ti/k3/common/k3_bl31_setup.c
+++ b/plat/ti/k3/common/k3_bl31_setup.c
@@ -121,10 +121,6 @@
k3_gic_init();
ti_sci_init();
-
- if (ti_sci_device_get(PLAT_BOARD_DEVICE_ID)) {
- WARN("Unable to take system power reference\n");
- }
}
void platform_mem_init(void)
diff --git a/plat/xilinx/common/include/plat_startup.h b/plat/xilinx/common/include/plat_startup.h
index 1733930..ce356f6 100644
--- a/plat/xilinx/common/include/plat_startup.h
+++ b/plat/xilinx/common/include/plat_startup.h
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (C) 2023, Advanced Micro Devices, Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -38,4 +39,8 @@
entry_point_info_t *bl33,
uint64_t atf_handoff_addr);
+/* JEDEC Standard Manufacturer's Identification Code and Bank ID JEP106 */
+#define JEDEC_XILINX_MFID U(0x49)
+#define JEDEC_XILINX_BKID U(0)
+
#endif /* PLAT_STARTUP_H */
diff --git a/plat/xilinx/common/include/pm_ipi.h b/plat/xilinx/common/include/pm_ipi.h
index 52dfc47..ede71df 100644
--- a/plat/xilinx/common/include/pm_ipi.h
+++ b/plat/xilinx/common/include/pm_ipi.h
@@ -25,7 +25,7 @@
enum pm_ret_status pm_ipi_send_sync(const struct pm_proc *proc,
uint32_t payload[PAYLOAD_ARG_CNT],
uint32_t *value, size_t count);
-void pm_ipi_buff_read_callb(uint32_t *value, size_t count);
+enum pm_ret_status pm_ipi_buff_read_callb(uint32_t *value, size_t count);
void pm_ipi_irq_enable(const struct pm_proc *proc);
void pm_ipi_irq_clear(const struct pm_proc *proc);
uint32_t pm_ipi_irq_status(const struct pm_proc *proc);
diff --git a/plat/xilinx/common/pm_service/pm_ipi.c b/plat/xilinx/common/pm_service/pm_ipi.c
index 513d6be..37d0384 100644
--- a/plat/xilinx/common/pm_service/pm_ipi.c
+++ b/plat/xilinx/common/pm_service/pm_ipi.c
@@ -136,7 +136,9 @@
uint32_t *value, size_t count)
{
size_t i;
+ enum pm_ret_status ret;
#if IPI_CRC_CHECK
+ uint32_t *payload_ptr = value;
size_t j;
uint32_t response_payload[PAYLOAD_ARG_CNT];
#endif
@@ -155,6 +157,8 @@
*value = mmio_read_32(buffer_base + (i * PAYLOAD_ARG_SIZE));
value++;
}
+
+ ret = mmio_read_32(buffer_base);
#if IPI_CRC_CHECK
for (j = 0; j < PAYLOAD_ARG_CNT; j++) {
response_payload[j] = mmio_read_32(buffer_base +
@@ -165,30 +169,39 @@
calculate_crc(response_payload, IPI_W0_TO_W6_SIZE)) {
NOTICE("ERROR in CRC response payload value:0x%x\n",
response_payload[PAYLOAD_CRC_POS]);
+ ret = PM_RET_ERROR_INVALID_CRC;
+ /* Payload data is invalid as CRC validation failed
+ * Clear the payload to avoid leakage of data to upper layers
+ */
+ memset(payload_ptr, 0, count);
}
#endif
- return mmio_read_32(buffer_base);
+ return ret;
}
/**
- * pm_ipi_buff_read_callb() - Reads IPI response after remote processor has
- * handled interrupt
- * @value Used to return value from IPI buffer element (optional)
+ * pm_ipi_buff_read_callb() - Callback function that reads value from
+ * ipi response buffer
+ * @value Used to return value from IPI buffer element
* @count Number of values to return in @value
*
- * @return Returns status, either success or error+reason
+ * This callback function fills requested data in @value from ipi response
+ * buffer.
+ * @return Returns status, either success or error
*/
-void pm_ipi_buff_read_callb(uint32_t *value, size_t count)
+enum pm_ret_status pm_ipi_buff_read_callb(uint32_t *value, size_t count)
{
size_t i;
#if IPI_CRC_CHECK
+ uint32_t *payload_ptr = value;
size_t j;
unsigned int response_payload[PAYLOAD_ARG_CNT] = {0};
#endif
uintptr_t buffer_base = IPI_BUFFER_REMOTE_BASE +
IPI_BUFFER_TARGET_LOCAL_OFFSET +
IPI_BUFFER_REQ_OFFSET;
+ enum pm_ret_status ret = PM_RET_SUCCESS;
if (count > IPI_BUFFER_MAX_WORDS) {
count = IPI_BUFFER_MAX_WORDS;
@@ -208,8 +221,14 @@
calculate_crc(response_payload, IPI_W0_TO_W6_SIZE)) {
NOTICE("ERROR in CRC response payload value:0x%x\n",
response_payload[PAYLOAD_CRC_POS]);
+ ret = PM_RET_ERROR_INVALID_CRC;
+ /* Payload data is invalid as CRC validation failed
+ * Clear the payload to avoid leakage of data to upper layers
+ */
+ memset(payload_ptr, 0, count);
}
#endif
+ return ret;
}
/**
diff --git a/plat/xilinx/versal/aarch64/versal_common.c b/plat/xilinx/versal/aarch64/versal_common.c
index f55cde9..ed7f270 100644
--- a/plat/xilinx/versal/aarch64/versal_common.c
+++ b/plat/xilinx/versal/aarch64/versal_common.c
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2018-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (C) 2022-2023, Advanced Micro Devices, Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -34,7 +35,7 @@
static void versal_print_platform_name(void)
{
- NOTICE("ATF running on Xilinx %s\n", PLATFORM_NAME);
+ NOTICE("TF-A running on %s\n", PLATFORM_NAME);
}
void versal_config_setup(void)
diff --git a/plat/xilinx/versal/include/plat_ipi.h b/plat/xilinx/versal/include/plat_ipi.h
index 36a4380..9143dc6 100644
--- a/plat/xilinx/versal/include/plat_ipi.h
+++ b/plat/xilinx/versal/include/plat_ipi.h
@@ -34,7 +34,6 @@
#define IPI_BUFFER_TARGET_APU_OFFSET 0x80U
#define IPI_BUFFER_TARGET_PMC_OFFSET 0x40U
-#define IPI_BUFFER_LOCAL_BASE IPI_BUFFER_APU_BASE
#define IPI_BUFFER_REMOTE_BASE IPI_BUFFER_PMC_BASE
#define IPI_BUFFER_TARGET_LOCAL_OFFSET IPI_BUFFER_TARGET_APU_OFFSET
diff --git a/plat/xilinx/versal/include/versal_def.h b/plat/xilinx/versal/include/versal_def.h
index 60431a5..ce4d98c 100644
--- a/plat/xilinx/versal/include/versal_def.h
+++ b/plat/xilinx/versal/include/versal_def.h
@@ -129,9 +129,10 @@
#define PMC_GLOBAL_GLOB_GEN_STORAGE4 (PMC_GLOBAL_BASE + 0x40U)
/* IPI registers and bitfields */
+#define PMC_REG_BASE U(0xFF320000)
+#define PMC_IPI_TRIG_BIT (1U << 1U)
#define IPI0_REG_BASE U(0xFF330000)
#define IPI0_TRIG_BIT (1U << 2U)
-#define PMC_IPI_TRIG_BIT (1U << 1U)
#define IPI1_REG_BASE U(0xFF340000)
#define IPI1_TRIG_BIT (1U << 3U)
#define IPI2_REG_BASE U(0xFF350000)
diff --git a/plat/xilinx/versal/pm_service/pm_api_sys.c b/plat/xilinx/versal/pm_service/pm_api_sys.c
index db9fae4..cc99f11 100644
--- a/plat/xilinx/versal/pm_service/pm_api_sys.c
+++ b/plat/xilinx/versal/pm_service/pm_api_sys.c
@@ -196,19 +196,23 @@
* 1 - Ack IPI after reading payload
*
* Read value from ipi buffer response buffer.
+ * @return Returns status, either success or error
*/
-void pm_get_callbackdata(uint32_t *data, size_t count, uint32_t flag, uint32_t ack)
+enum pm_ret_status pm_get_callbackdata(uint32_t *data, size_t count, uint32_t flag, uint32_t ack)
{
+ enum pm_ret_status ret = PM_RET_SUCCESS;
/* Return if interrupt is not from PMU */
if (pm_ipi_irq_status(primary_proc) == 0) {
- return;
+ return ret;
}
- pm_ipi_buff_read_callb(data, count);
+ ret = pm_ipi_buff_read_callb(data, count);
if (ack != 0U) {
pm_ipi_irq_clear(primary_proc);
}
+
+ return ret;
}
/**
diff --git a/plat/xilinx/versal/pm_service/pm_api_sys.h b/plat/xilinx/versal/pm_service/pm_api_sys.h
index c539aa7..8625e95 100644
--- a/plat/xilinx/versal/pm_service/pm_api_sys.h
+++ b/plat/xilinx/versal/pm_service/pm_api_sys.h
@@ -38,7 +38,7 @@
uintptr_t address, uint8_t ack, uint32_t flag);
enum pm_ret_status pm_set_wakeup_source(uint32_t target, uint32_t device_id,
uint8_t enable, uint32_t flag);
-void pm_get_callbackdata(uint32_t *data, size_t count, uint32_t flag,
+enum pm_ret_status pm_get_callbackdata(uint32_t *data, size_t count, uint32_t flag,
uint32_t ack);
enum pm_ret_status pm_pll_set_param(uint32_t clk_id, uint32_t param,
uint32_t value, uint32_t flag);
diff --git a/plat/xilinx/versal/pm_service/pm_defs.h b/plat/xilinx/versal/pm_service/pm_defs.h
index 2922b5d..dbc801c 100644
--- a/plat/xilinx/versal/pm_service/pm_defs.h
+++ b/plat/xilinx/versal/pm_service/pm_defs.h
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2019-2022, Xilinx, Inc. All rights reserved.
+ * Copyright (c) 2022-2023, Advanced Micro Devices Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -115,11 +116,13 @@
XPM_SUBSYSID_MAX,
} XPm_SubsystemId;
+/* TODO: move pm_ret_status from device specific location to common location */
/**
* @PM_RET_SUCCESS: success
* @PM_RET_ERROR_ARGS: illegal arguments provided (deprecated)
* @PM_RET_ERROR_NOTSUPPORTED: feature not supported (deprecated)
* @PM_RET_ERROR_NOFEATURE: feature is not available
+ * @PM_RET_ERROR_INVALID_CRC: invalid crc in IPI communication
* @PM_RET_ERROR_INTERNAL: internal error
* @PM_RET_ERROR_CONFLICT: conflict
* @PM_RET_ERROR_ACCESS: access rights violation
@@ -134,6 +137,7 @@
PM_RET_ERROR_ARGS = 1,
PM_RET_ERROR_NOTSUPPORTED = 4,
PM_RET_ERROR_NOFEATURE = 19,
+ PM_RET_ERROR_INVALID_CRC = 301,
PM_RET_ERROR_INTERNAL = 2000,
PM_RET_ERROR_CONFLICT = 2001,
PM_RET_ERROR_ACCESS = 2002,
diff --git a/plat/xilinx/versal/pm_service/pm_svc_main.c b/plat/xilinx/versal/pm_service/pm_svc_main.c
index c90f9e1..185bfdb 100644
--- a/plat/xilinx/versal/pm_service/pm_svc_main.c
+++ b/plat/xilinx/versal/pm_service/pm_svc_main.c
@@ -48,12 +48,17 @@
void *cookie)
{
uint32_t payload[4] = {0};
+ enum pm_ret_status ret;
VERBOSE("Received IPI FIQ from firmware\n");
(void)plat_ic_acknowledge_interrupt();
+ ret = pm_get_callbackdata(payload, ARRAY_SIZE(payload), 0, 0);
+ if (ret != PM_RET_SUCCESS) {
+ payload[0] = ret;
+ }
+
- pm_get_callbackdata(payload, ARRAY_SIZE(payload), 0, 0);
switch (payload[0]) {
case PM_INIT_SUSPEND_CB:
case PM_NOTIFY_CB:
@@ -61,6 +66,11 @@
notify_os();
}
break;
+ case PM_RET_ERROR_INVALID_CRC:
+ pm_ipi_irq_clear(primary_proc);
+ WARN("Invalid CRC in the payload\n");
+ break;
+
default:
pm_ipi_irq_clear(primary_proc);
WARN("Invalid IPI payload\n");
@@ -274,8 +284,13 @@
case PM_GET_CALLBACK_DATA:
{
uint32_t result[4] = {0};
+ enum pm_ret_status ret;
+
+ ret = pm_get_callbackdata(result, ARRAY_SIZE(result), security_flag, 1U);
+ if (ret != 0) {
+ result[0] = ret;
+ }
- pm_get_callbackdata(result, ARRAY_SIZE(result), security_flag, 1U);
SMC_RET2(handle,
(uint64_t)result[0] | ((uint64_t)result[1] << 32U),
(uint64_t)result[2] | ((uint64_t)result[3] << 32U));
diff --git a/plat/xilinx/versal/sip_svc_setup.c b/plat/xilinx/versal/sip_svc_setup.c
index 6f2ff94..28a4cb9 100644
--- a/plat/xilinx/versal/sip_svc_setup.c
+++ b/plat/xilinx/versal/sip_svc_setup.c
@@ -6,6 +6,8 @@
/* Top level SMC handler for SiP calls. Dispatch PM calls to PM SMC handler. */
+#include <inttypes.h>
+
#include <common/debug.h>
#include <common/runtime_svc.h>
#include <tools_share/uuid.h>
@@ -23,11 +25,12 @@
#define SIP_SVC_VERSION_MINOR U(1)
/* These macros are used to identify PM calls from the SMC function ID */
-#define PM_FID_MASK 0xf000u
+#define SIP_FID_MASK GENMASK(23, 16)
+#define XLNX_FID_MASK GENMASK(23, 12)
#define PM_FID_VALUE 0u
#define IPI_FID_VALUE 0x1000u
-#define is_pm_fid(_fid) (((_fid) & PM_FID_MASK) == PM_FID_VALUE)
-#define is_ipi_fid(_fid) (((_fid) & PM_FID_MASK) == IPI_FID_VALUE)
+#define is_pm_fid(_fid) (((_fid) & XLNX_FID_MASK) == PM_FID_VALUE)
+#define is_ipi_fid(_fid) (((_fid) & XLNX_FID_MASK) == IPI_FID_VALUE)
/* SiP Service UUID */
DEFINE_SVC_UUID2(versal_sip_uuid,
@@ -62,6 +65,14 @@
void *handle,
u_register_t flags)
{
+ VERBOSE("SMCID: 0x%08x, x1: 0x%016" PRIx64 ", x2: 0x%016" PRIx64 ", x3: 0x%016" PRIx64 ", x4: 0x%016" PRIx64 "\n",
+ smc_fid, x1, x2, x3, x4);
+
+ if (smc_fid & SIP_FID_MASK) {
+ WARN("SMC out of SiP assinged range: 0x%x\n", smc_fid);
+ SMC_RET1(handle, SMC_UNK);
+ }
+
/* Let PM SMC handler deal with PM-related requests */
if (is_pm_fid(smc_fid)) {
return pm_smc_handler(smc_fid, x1, x2, x3, x4, cookie, handle,
diff --git a/plat/xilinx/versal/versal_gicv3.c b/plat/xilinx/versal/versal_gicv3.c
index d410906..0959c8e 100644
--- a/plat/xilinx/versal/versal_gicv3.c
+++ b/plat/xilinx/versal/versal_gicv3.c
@@ -36,8 +36,8 @@
* We save and restore the GICv3 context on system suspend. Allocate the
* data in the designated EL3 Secure carve-out memory.
*/
-static gicv3_redist_ctx_t rdist_ctx __section("versal_el3_tzc_dram");
-static gicv3_dist_ctx_t dist_ctx __section("versal_el3_tzc_dram");
+static gicv3_redist_ctx_t rdist_ctx __section(".versal_el3_tzc_dram");
+static gicv3_dist_ctx_t dist_ctx __section(".versal_el3_tzc_dram");
/*
* MPIDR hashing function for translating MPIDRs read from GICR_TYPER register
diff --git a/plat/xilinx/versal/versal_ipi.c b/plat/xilinx/versal/versal_ipi.c
index d821929..67915f4 100644
--- a/plat/xilinx/versal/versal_ipi.c
+++ b/plat/xilinx/versal/versal_ipi.c
@@ -20,16 +20,16 @@
/* versal ipi configuration table */
static const struct ipi_config versal_ipi_table[] = {
- /* A72 IPI */
- [IPI_ID_APU] = {
- .ipi_bit_mask = IPI0_TRIG_BIT,
- .ipi_reg_base = IPI0_REG_BASE,
- .secure_only = 0U,
- },
-
/* PMC IPI */
[IPI_ID_PMC] = {
.ipi_bit_mask = PMC_IPI_TRIG_BIT,
+ .ipi_reg_base = PMC_REG_BASE,
+ .secure_only = 0U,
+ },
+
+ /* A72 IPI */
+ [IPI_ID_APU] = {
+ .ipi_bit_mask = IPI0_TRIG_BIT,
.ipi_reg_base = IPI0_REG_BASE,
.secure_only = 0U,
},
diff --git a/plat/xilinx/versal_net/bl31_versal_net_setup.c b/plat/xilinx/versal_net/bl31_versal_net_setup.c
index c9942d6..a7bae72 100644
--- a/plat/xilinx/versal_net/bl31_versal_net_setup.c
+++ b/plat/xilinx/versal_net/bl31_versal_net_setup.c
@@ -1,7 +1,7 @@
/*
* Copyright (c) 2018-2020, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2018-2022, Xilinx, Inc. All rights reserved.
- * Copyright (C) 2022, Advanced Micro Devices, Inc. All rights reserved.
+ * Copyright (C) 2022-2023, Advanced Micro Devices, Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -14,6 +14,7 @@
#include <common/debug.h>
#include <common/fdt_fixup.h>
#include <common/fdt_wrappers.h>
+#include <drivers/arm/dcc.h>
#include <drivers/arm/pl011.h>
#include <drivers/console.h>
#include <lib/mmio.h>
@@ -28,7 +29,6 @@
static entry_point_info_t bl32_image_ep_info;
static entry_point_info_t bl33_image_ep_info;
-static console_t versal_net_runtime_console;
/*
* Return a pointer to the 'entry_point_info' structure of the next image for
@@ -95,18 +95,30 @@
panic();
}
- /* Initialize the console to provide early debug support */
- rc = console_pl011_register(VERSAL_NET_UART_BASE, uart_clock,
+ if (VERSAL_NET_CONSOLE_IS(pl011_0) || VERSAL_NET_CONSOLE_IS(pl011_1)) {
+ static console_t versal_net_runtime_console;
+
+ /* Initialize the console to provide early debug support */
+ rc = console_pl011_register(VERSAL_NET_UART_BASE, uart_clock,
VERSAL_NET_UART_BAUDRATE,
&versal_net_runtime_console);
- if (rc == 0) {
- panic();
- }
+ if (rc == 0) {
+ panic();
+ }
- console_set_scope(&versal_net_runtime_console, CONSOLE_FLAG_BOOT |
- CONSOLE_FLAG_RUNTIME);
+ console_set_scope(&versal_net_runtime_console, CONSOLE_FLAG_BOOT |
+ CONSOLE_FLAG_RUNTIME);
+ } else if (VERSAL_NET_CONSOLE_IS(dcc)) {
+ /* Initialize the dcc console for debug.
+ * dcc is over jtag and does not configures uart0 or uart1.
+ */
+ rc = console_dcc_register();
+ if (rc == 0) {
+ panic();
+ }
+ }
- NOTICE("TF-A running on Xilinx %s %d.%d\n", board_name_decode(),
+ NOTICE("TF-A running on %s %d.%d\n", board_name_decode(),
platform_version / 10U, platform_version % 10U);
/* Initialize the platform config for future decision making */
diff --git a/plat/xilinx/versal_net/include/plat_ipi.h b/plat/xilinx/versal_net/include/plat_ipi.h
index 5255f8f..5ac611c 100644
--- a/plat/xilinx/versal_net/include/plat_ipi.h
+++ b/plat/xilinx/versal_net/include/plat_ipi.h
@@ -37,7 +37,6 @@
#define IPI_BUFFER_TARGET_APU_OFFSET 0x80U
#define IPI_BUFFER_TARGET_PMC_OFFSET 0x40U
-#define IPI_BUFFER_LOCAL_BASE IPI_BUFFER_APU_BASE
#define IPI_BUFFER_REMOTE_BASE IPI_BUFFER_PMC_BASE
#define IPI_BUFFER_TARGET_LOCAL_OFFSET IPI_BUFFER_TARGET_APU_OFFSET
diff --git a/plat/xilinx/versal_net/include/platform_def.h b/plat/xilinx/versal_net/include/platform_def.h
index 696771f..9aa1441 100644
--- a/plat/xilinx/versal_net/include/platform_def.h
+++ b/plat/xilinx/versal_net/include/platform_def.h
@@ -103,12 +103,15 @@
* terminology. On a GICv2 system or mode, the lists will be merged and treated
* as Group 0 interrupts.
*/
-#define PLAT_VERSAL_IPI_IRQ 62
+#define PLAT_VERSAL_NET_IPI_IRQ 89
+#define PLAT_VERSAL_IPI_IRQ PLAT_VERSAL_NET_IPI_IRQ
#define PLAT_VERSAL_NET_G1S_IRQ_PROPS(grp) \
INTR_PROP_DESC(VERSAL_NET_IRQ_SEC_PHY_TIMER, GIC_HIGHEST_SEC_PRIORITY, grp, \
GIC_INTR_CFG_LEVEL)
-#define PLAT_VERSAL_NET_G0_IRQ_PROPS(grp)
+#define PLAT_VERSAL_NET_G0_IRQ_PROPS(grp) \
+ INTR_PROP_DESC(PLAT_VERSAL_IPI_IRQ, GIC_HIGHEST_SEC_PRIORITY, grp, \
+ GIC_INTR_CFG_EDGE), \
#endif /* PLATFORM_DEF_H */
diff --git a/plat/xilinx/versal_net/include/versal_net_def.h b/plat/xilinx/versal_net/include/versal_net_def.h
index 14e63d5..9d1b7c2 100644
--- a/plat/xilinx/versal_net/include/versal_net_def.h
+++ b/plat/xilinx/versal_net/include/versal_net_def.h
@@ -1,7 +1,7 @@
/*
* Copyright (c) 2022, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2021-2022, Xilinx, Inc. All rights reserved.
- * Copyright (C) 2022, Advanced Micro Devices, Inc. All rights reserved.
+ * Copyright (C) 2022-2023, Advanced Micro Devices, Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -24,6 +24,7 @@
#define VERSAL_NET_CONSOLE_ID_pl011 U(1)
#define VERSAL_NET_CONSOLE_ID_pl011_0 U(1)
#define VERSAL_NET_CONSOLE_ID_pl011_1 U(2)
+#define VERSAL_NET_CONSOLE_ID_dcc U(3)
#define VERSAL_NET_CONSOLE_IS(con) (VERSAL_NET_CONSOLE_ID_ ## con == VERSAL_NET_CONSOLE)
@@ -142,12 +143,11 @@
#define VERSAL_NET_UART_BAUDRATE 115200
-#if VERSAL_NET_CONSOLE_IS(pl011) || VERSAL_NET_CONSOLE_IS(pl011_0)
-#define VERSAL_NET_UART_BASE VERSAL_NET_UART0_BASE
-#elif VERSAL_NET_CONSOLE_IS(pl011_1)
+#if VERSAL_NET_CONSOLE_IS(pl011_1)
#define VERSAL_NET_UART_BASE VERSAL_NET_UART1_BASE
#else
-# error "invalid VERSAL_NET_CONSOLE"
+/* Default console is UART0 */
+#define VERSAL_NET_UART_BASE VERSAL_NET_UART0_BASE
#endif
#define PLAT_VERSAL_NET_CRASH_UART_BASE VERSAL_NET_UART_BASE
diff --git a/plat/xilinx/versal_net/platform.mk b/plat/xilinx/versal_net/platform.mk
index 622ae98..28e3295 100644
--- a/plat/xilinx/versal_net/platform.mk
+++ b/plat/xilinx/versal_net/platform.mk
@@ -53,7 +53,7 @@
HW_ASSISTED_COHERENCY := 1
VERSAL_NET_CONSOLE ?= pl011
-ifeq (${VERSAL_NET_CONSOLE}, $(filter ${VERSAL_NET_CONSOLE},pl011 pl011_0 pl011_1))
+ifeq (${VERSAL_NET_CONSOLE}, $(filter ${VERSAL_NET_CONSOLE},pl011 pl011_0 pl011_1 dcc))
else
$(error Please define VERSAL_NET_CONSOLE)
endif
@@ -72,6 +72,7 @@
include lib/libfdt/libfdt.mk
PLAT_BL_COMMON_SOURCES := \
+ drivers/arm/dcc/dcc_console.c \
drivers/delay_timer/delay_timer.c \
drivers/delay_timer/generic_delay_timer.c \
${GICV3_SOURCES} \
diff --git a/plat/xilinx/versal_net/sip_svc_setup.c b/plat/xilinx/versal_net/sip_svc_setup.c
index 0e3940f..c91497c 100644
--- a/plat/xilinx/versal_net/sip_svc_setup.c
+++ b/plat/xilinx/versal_net/sip_svc_setup.c
@@ -9,6 +9,7 @@
/* Top level SMC handler for SiP calls. Dispatch PM calls to PM SMC handler. */
#include <errno.h>
+#include <inttypes.h>
#include <common/debug.h>
#include <common/runtime_svc.h>
@@ -28,11 +29,12 @@
#define SIP_SVC_VERSION_MINOR (1U)
/* These macros are used to identify PM calls from the SMC function ID */
-#define PM_FID_MASK 0xf000u
+#define SIP_FID_MASK GENMASK(23, 16)
+#define XLNX_FID_MASK GENMASK(23, 12)
#define PM_FID_VALUE 0u
#define IPI_FID_VALUE 0x1000u
-#define is_pm_fid(_fid) (((_fid) & PM_FID_MASK) == PM_FID_VALUE)
-#define is_ipi_fid(_fid) (((_fid) & PM_FID_MASK) == IPI_FID_VALUE)
+#define is_pm_fid(_fid) (((_fid) & XLNX_FID_MASK) == PM_FID_VALUE)
+#define is_ipi_fid(_fid) (((_fid) & XLNX_FID_MASK) == IPI_FID_VALUE)
/* SiP Service UUID */
DEFINE_SVC_UUID2(versal_net_sip_uuid,
@@ -62,6 +64,14 @@
void *handle,
u_register_t flags)
{
+ VERBOSE("SMCID: 0x%08x, x1: 0x%016" PRIx64 ", x2: 0x%016" PRIx64 ", x3: 0x%016" PRIx64 ", x4: 0x%016" PRIx64 "\n",
+ smc_fid, x1, x2, x3, x4);
+
+ if (smc_fid & SIP_FID_MASK) {
+ WARN("SMC out of SiP assinged range: 0x%x\n", smc_fid);
+ SMC_RET1(handle, SMC_UNK);
+ }
+
/* Let PM SMC handler deal with PM-related requests */
if (is_pm_fid(smc_fid)) {
return smc_handler(smc_fid, x1, x2, x3, x4, cookie, handle,
diff --git a/plat/xilinx/versal_net/versal_net_gicv3.c b/plat/xilinx/versal_net/versal_net_gicv3.c
index b7ac6ab..138d2c2 100644
--- a/plat/xilinx/versal_net/versal_net_gicv3.c
+++ b/plat/xilinx/versal_net/versal_net_gicv3.c
@@ -1,7 +1,7 @@
/*
* Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2018-2022, Xilinx, Inc. All rights reserved.
- * Copyright (C) 2022, Advanced Micro Devices, Inc. All rights reserved.
+ * Copyright (C) 2022-2023, Advanced Micro Devices, Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -30,14 +30,6 @@
/* The GICv3 driver only needs to be initialized in EL3 */
static uintptr_t rdistif_base_addrs[PLATFORM_CORE_COUNT];
-static const uintptr_t gicr_base_addrs[2] = {
- PLAT_VERSAL_NET_GICR_BASE, /* GICR Base address of the primary CPU */
- 0U /* Zero Termination */
-};
-
-/* List of zero terminated GICR frame addresses which CPUs will probe */
-static const uintptr_t *gicr_frames;
-
static const interrupt_prop_t versal_net_interrupt_props[] = {
PLAT_VERSAL_NET_G1S_IRQ_PROPS(INTR_GROUP1S),
PLAT_VERSAL_NET_G0_IRQ_PROPS(INTR_GROUP0)
@@ -47,8 +39,8 @@
* We save and restore the GICv3 context on system suspend. Allocate the
* data in the designated EL3 Secure carve-out memory.
*/
-static gicv3_redist_ctx_t rdist_ctx __section("versal_net_el3_tzc_dram");
-static gicv3_dist_ctx_t dist_ctx __section("versal_net_el3_tzc_dram");
+static gicv3_redist_ctx_t rdist_ctx __section(".versal_net_el3_tzc_dram");
+static gicv3_dist_ctx_t dist_ctx __section(".versal_net_el3_tzc_dram");
/*
* MPIDR hashing function for translating MPIDRs read from GICR_TYPER register
@@ -72,7 +64,7 @@
static const gicv3_driver_data_t versal_net_gic_data __unused = {
.gicd_base = PLAT_VERSAL_NET_GICD_BASE,
- .gicr_base = 0U,
+ .gicr_base = PLAT_VERSAL_NET_GICR_BASE,
.interrupt_props = versal_net_interrupt_props,
.interrupt_props_num = ARRAY_SIZE(versal_net_interrupt_props),
.rdistif_num = PLATFORM_CORE_COUNT,
@@ -90,12 +82,6 @@
*/
#if IMAGE_BL31
gicv3_driver_init(&versal_net_gic_data);
- gicr_frames = gicr_base_addrs;
-
- if (gicv3_rdistif_probe(gicr_frames[0]) == -1) {
- ERROR("No GICR base frame found for Primary CPU\n");
- panic();
- }
#endif
}
@@ -131,25 +117,6 @@
*****************************************************************************/
void plat_versal_net_gic_pcpu_init(void)
{
- int32_t result;
- const uintptr_t *plat_gicr_frames = gicr_frames;
-
- do {
- result = gicv3_rdistif_probe(*plat_gicr_frames);
-
- /* If the probe is successful, no need to proceed further */
- if (result == 0) {
- break;
- }
-
- plat_gicr_frames++;
- } while (*plat_gicr_frames != 0U);
-
- if (result == -1) {
- ERROR("No GICR base frame found for CPU 0x%lx\n", read_mpidr());
- panic();
- }
-
gicv3_rdistif_init(plat_my_core_pos());
}
diff --git a/plat/xilinx/zynqmp/aarch64/zynqmp_common.c b/plat/xilinx/zynqmp/aarch64/zynqmp_common.c
index 7bdd5bd..95a266e 100644
--- a/plat/xilinx/zynqmp/aarch64/zynqmp_common.c
+++ b/plat/xilinx/zynqmp/aarch64/zynqmp_common.c
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (C) 2022-2023, Advanced Micro Devices, Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -10,10 +11,13 @@
#include <common/debug.h>
#include <drivers/generic_delay_timer.h>
#include <lib/mmio.h>
+#include <lib/smccc.h>
#include <lib/xlat_tables/xlat_tables.h>
#include <plat_ipi.h>
#include <plat_private.h>
+#include <plat_startup.h>
#include <plat/common/platform.h>
+#include <services/arm_arch_svc.h>
#include "pm_api_sys.h"
@@ -303,13 +307,38 @@
maskid = ZYNQMP_CSU_IDCODE_XILINX_ID << ZYNQMP_CSU_IDCODE_XILINX_ID_SHIFT |
ZYNQMP_CSU_IDCODE_FAMILY << ZYNQMP_CSU_IDCODE_FAMILY_SHIFT;
if (tmp != maskid) {
- ERROR("Incorrect XILINX IDCODE 0x%x, maskid 0x%x\n", id, maskid);
+ ERROR("Incorrect IDCODE 0x%x, maskid 0x%x\n", id, maskid);
return "UNKN";
}
- VERBOSE("Xilinx IDCODE 0x%x\n", id);
+ VERBOSE("IDCODE 0x%x\n", id);
return zynqmp_get_silicon_idcode_name();
}
+int32_t plat_is_smccc_feature_available(u_register_t fid)
+{
+ switch (fid) {
+ case SMCCC_ARCH_SOC_ID:
+ return SMC_ARCH_CALL_SUCCESS;
+ default:
+ return SMC_ARCH_CALL_NOT_SUPPORTED;
+ }
+
+ return SMC_ARCH_CALL_NOT_SUPPORTED;
+}
+
+int32_t plat_get_soc_version(void)
+{
+ uint32_t chip_id = zynqmp_get_silicon_ver();
+ uint32_t manfid = SOC_ID_SET_JEP_106(JEDEC_XILINX_BKID, JEDEC_XILINX_MFID);
+
+ return (int32_t)(manfid | (chip_id & 0xFFFF));
+}
+
+int32_t plat_get_soc_revision(void)
+{
+ return mmio_read_32(ZYNQMP_CSU_BASEADDR + ZYNQMP_CSU_IDCODE_OFFSET);
+}
+
static uint32_t zynqmp_get_ps_ver(void)
{
uint32_t ver = mmio_read_32(ZYNQMP_CSU_BASEADDR + ZYNQMP_CSU_VERSION_OFFSET);
diff --git a/plat/xilinx/zynqmp/bl31_zynqmp_setup.c b/plat/xilinx/zynqmp/bl31_zynqmp_setup.c
index 1d59537..0ebd088 100644
--- a/plat/xilinx/zynqmp/bl31_zynqmp_setup.c
+++ b/plat/xilinx/zynqmp/bl31_zynqmp_setup.c
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2023, Advanced Micro Devices Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -16,6 +17,7 @@
#include <plat/common/platform.h>
#include <lib/mmio.h>
+#include <custom_svc.h>
#include <plat_startup.h>
#include <plat_private.h>
#include <zynqmp_def.h>
@@ -118,9 +120,7 @@
enum fsbl_handoff ret = fsbl_atf_handover(&bl32_image_ep_info,
&bl33_image_ep_info,
atf_handoff_addr);
- if (ret == FSBL_HANDOFF_NO_STRUCT) {
- bl31_set_default_config();
- } else if (ret != FSBL_HANDOFF_SUCCESS) {
+ if (ret != FSBL_HANDOFF_SUCCESS) {
panic();
}
}
@@ -130,6 +130,9 @@
if (bl33_image_ep_info.pc != 0) {
VERBOSE("BL31: Non secure code at 0x%lx\n", bl33_image_ep_info.pc);
}
+
+ custom_early_setup();
+
}
#if ZYNQMP_WDT_RESTART
@@ -168,7 +171,7 @@
}
#endif
-#if (BL31_LIMIT < PLAT_DDR_LOWMEM_MAX)
+#if (defined(XILINX_OF_BOARD_DTB_ADDR) && !IS_TFA_IN_OCM(BL31_BASE))
static void prepare_dtb(void)
{
void *dtb = (void *)XILINX_OF_BOARD_DTB_ADDR;
@@ -197,8 +200,9 @@
}
/* Reserve memory used by Trusted Firmware. */
- if (fdt_add_reserved_memory(dtb, "tf-a", BL31_BASE, BL31_LIMIT - BL31_BASE)) {
- WARN("Failed to add reserved memory nodes to DT.\n");
+ if (fdt_add_reserved_memory(dtb, "tf-a", BL31_BASE,
+ BL31_LIMIT - BL31_BASE + 1)) {
+ WARN("Failed to add reserved memory nodes for BL31 to DT.\n");
}
ret = fdt_pack(dtb);
@@ -213,8 +217,8 @@
void bl31_platform_setup(void)
{
-#if (BL31_LIMIT < PLAT_DDR_LOWMEM_MAX)
- prepare_dtb();
+#if (defined(XILINX_OF_BOARD_DTB_ADDR) && !IS_TFA_IN_OCM(BL31_BASE))
+ prepare_dtb();
#endif
/* Initialize the gic cpu and distributor interfaces */
@@ -245,9 +249,8 @@
plat_arm_interconnect_init();
plat_arm_interconnect_enter_coherency();
-
const mmap_region_t bl_regions[] = {
-#if (BL31_LIMIT < PLAT_DDR_LOWMEM_MAX)
+#if (defined(XILINX_OF_BOARD_DTB_ADDR) && !IS_TFA_IN_OCM(BL31_BASE))
MAP_REGION_FLAT(XILINX_OF_BOARD_DTB_ADDR, XILINX_OF_BOARD_DTB_MAX_SIZE,
MT_MEMORY | MT_RW | MT_NS),
#endif
@@ -263,6 +266,8 @@
{0}
};
+ custom_mmap_add();
+
setup_page_tables(bl_regions, plat_arm_get_mmap());
enable_mmu_el3(0);
}
diff --git a/plat/xilinx/zynqmp/custom_sip_svc.c b/plat/xilinx/zynqmp/custom_sip_svc.c
new file mode 100644
index 0000000..fbb0a33
--- /dev/null
+++ b/plat/xilinx/zynqmp/custom_sip_svc.c
@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2022-2023, Advanced Micro Devices Inc. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <common/bl_common.h>
+#include <common/debug.h>
+#include <smccc_helpers.h>
+
+uint64_t custom_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2,
+ uint64_t x3, uint64_t x4, void *cookie,
+ void *handle, uint64_t flags)
+{
+ WARN("Unimplemented SiP Service Call: 0x%x\n", smc_fid);
+ SMC_RET1(handle, SMC_UNK);
+}
+
+void custom_early_setup(void)
+{
+}
+
+void custom_mmap_add(void)
+{
+}
diff --git a/plat/xilinx/zynqmp/include/custom_svc.h b/plat/xilinx/zynqmp/include/custom_svc.h
new file mode 100644
index 0000000..ef0eb67
--- /dev/null
+++ b/plat/xilinx/zynqmp/include/custom_svc.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright (c) 2022-2023, Advanced Micro Devices Inc. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+#ifndef CUSTOM_SVC_H
+#define CUSTOM_SVC_H
+
+#define ZYNQMP_SIP_SVC_CUSTOM U(0x82002000)
+#define ZYNQMP_SIP_SVC64_CUSTOM U(0xC2002000)
+
+uint64_t custom_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2,
+ uint64_t x3, uint64_t x4, void *cookie,
+ void *handle, uint64_t flags);
+
+void custom_early_setup(void);
+void custom_mmap_add(void);
+
+#endif /* CUSTOM_SVC_H */
diff --git a/plat/xilinx/zynqmp/include/plat_ipi.h b/plat/xilinx/zynqmp/include/plat_ipi.h
index a78f93a..bf56d5e 100644
--- a/plat/xilinx/zynqmp/include/plat_ipi.h
+++ b/plat/xilinx/zynqmp/include/plat_ipi.h
@@ -35,7 +35,6 @@
#define IPI_BUFFER_APU_BASE (IPI_BUFFER_BASEADDR + 0x400U)
#define IPI_BUFFER_PMU_BASE (IPI_BUFFER_BASEADDR + 0xE00U)
-#define IPI_BUFFER_LOCAL_BASE IPI_BUFFER_APU_BASE
#define IPI_BUFFER_REMOTE_BASE IPI_BUFFER_PMU_BASE
#define IPI_BUFFER_TARGET_LOCAL_OFFSET 0x80U
diff --git a/plat/xilinx/zynqmp/include/platform_def.h b/plat/xilinx/zynqmp/include/platform_def.h
index c2d22c2..aebce30 100644
--- a/plat/xilinx/zynqmp/include/platform_def.h
+++ b/plat/xilinx/zynqmp/include/platform_def.h
@@ -1,5 +1,7 @@
/*
* Copyright (c) 2014-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2022, Xilinx, Inc. All rights reserved.
+ * Copyright (c) 2022-2023, Advanced Micro Devices, Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -40,8 +42,8 @@
# define BL31_BASE U(0xfffea000)
# define BL31_LIMIT U(0x100000000)
#else
-# define BL31_BASE U(0xfffe5000)
-# define BL31_LIMIT U(0x100000000)
+# define BL31_BASE U(0x1000)
+# define BL31_LIMIT U(0x7ffff)
#endif
#else
# define BL31_BASE (ZYNQMP_ATF_MEM_BASE)
@@ -83,19 +85,31 @@
/*******************************************************************************
* Platform specific page table and MMU setup constants
******************************************************************************/
-#define XILINX_OF_BOARD_DTB_ADDR U(0x100000)
#define XILINX_OF_BOARD_DTB_MAX_SIZE U(0x200000)
#define PLAT_DDR_LOWMEM_MAX U(0x80000000)
+#define PLAT_OCM_BASE U(0xFFFC0000)
+#define PLAT_OCM_LIMIT U(0xFFFFFFFF)
+
+#define IS_TFA_IN_OCM(x) ((x >= PLAT_OCM_BASE) && (x < PLAT_OCM_LIMIT))
#define PLAT_PHY_ADDR_SPACE_SIZE (1ULL << 32)
#define PLAT_VIRT_ADDR_SPACE_SIZE (1ULL << 32)
-#if (BL31_LIMIT < PLAT_DDR_LOWMEM_MAX)
+
+#ifndef MAX_MMAP_REGIONS
+#if (defined(XILINX_OF_BOARD_DTB_ADDR) && !IS_TFA_IN_OCM(BL31_BASE))
#define MAX_MMAP_REGIONS 8
-#define MAX_XLAT_TABLES 6
#else
#define MAX_MMAP_REGIONS 7
+#endif
+#endif
+
+#ifndef MAX_XLAT_TABLES
+#if !IS_TFA_IN_OCM(BL31_BASE)
+#define MAX_XLAT_TABLES 8
+#else
#define MAX_XLAT_TABLES 5
#endif
+#endif
#define CACHE_WRITEBACK_SHIFT 6
#define CACHE_WRITEBACK_GRANULE (1 << CACHE_WRITEBACK_SHIFT)
diff --git a/plat/xilinx/zynqmp/platform.mk b/plat/xilinx/zynqmp/platform.mk
index 05adbd0..4671f5f 100644
--- a/plat/xilinx/zynqmp/platform.mk
+++ b/plat/xilinx/zynqmp/platform.mk
@@ -1,10 +1,13 @@
#
# Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
# Portions copyright (c) 2021-2022, ProvenRun S.A.S. All rights reserved.
+# Copyright (c) 2018-2022, Xilinx, Inc. All rights reserved.
+# Copyright (c) 2022-2023, Advanced Micro Devices, Inc. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
override ERRATA_A53_855873 := 1
+ERRATA_A53_1530924 := 1
override PROGRAMMABLE_RESET_ADDRESS := 1
PSCI_EXTENDED_STATE_ID := 1
A53_DISABLE_NON_TEMPORAL_HINT := 0
@@ -74,6 +77,10 @@
$(eval $(call add_define,ZYNQMP_SECURE_EFUSES))
endif
+ifdef XILINX_OF_BOARD_DTB_ADDR
+$(eval $(call add_define,XILINX_OF_BOARD_DTB_ADDR))
+endif
+
PLAT_INCLUDES := -Iinclude/plat/arm/common/ \
-Iinclude/plat/arm/common/aarch64/ \
-Iplat/xilinx/common/include/ \
@@ -138,6 +145,12 @@
BL31_CPPFLAGS += -fno-jump-tables
TF_CFLAGS_aarch64 += -mbranch-protection=none
+ifdef CUSTOM_PKG_PATH
+include $(CUSTOM_PKG_PATH)/custom_pkg.mk
+else
+BL31_SOURCES += plat/xilinx/zynqmp/custom_sip_svc.c
+endif
+
ifneq (${RESET_TO_BL31},1)
$(error "Using BL31 as the reset vector is only one option supported on ZynqMP. Please set RESET_TO_BL31 to 1.")
endif
diff --git a/plat/xilinx/zynqmp/pm_service/pm_api_sys.c b/plat/xilinx/zynqmp/pm_service/pm_api_sys.c
index a17b6c5..58491a0 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_api_sys.c
+++ b/plat/xilinx/zynqmp/pm_service/pm_api_sys.c
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2022-2023, Advanced Micro Devices Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -252,10 +253,6 @@
return pm_shutdown_scope;
}
-#define EM_PACK_PAYLOAD1(pl, arg0) { \
- pl[0] = (uint16_t)(0xE) << 16 | (uint16_t)arg0; \
-}
-
/**
* pm_self_suspend() - PM call for processor to suspend itself
* @nid Node id of the processor or subsystem
@@ -690,16 +687,19 @@
* @data - array of PAYLOAD_ARG_CNT elements
*
* Read value from ipi buffer response buffer.
+ * @return Returns status, either success or error
*/
-void pm_get_callbackdata(uint32_t *data, size_t count)
+enum pm_ret_status pm_get_callbackdata(uint32_t *data, size_t count)
{
+ enum pm_ret_status ret = PM_RET_SUCCESS;
/* Return if interrupt is not from PMU */
if (!pm_ipi_irq_status(primary_proc)) {
- return;
+ return ret;
}
- pm_ipi_buff_read_callb(data, count);
+ ret = pm_ipi_buff_read_callb(data, count);
pm_ipi_irq_clear(primary_proc);
+ return ret;
}
/**
@@ -786,7 +786,7 @@
{
switch (api_id) {
case PM_QUERY_DATA:
- *version = ATF_API_BASE_VERSION;
+ *version = TFA_API_QUERY_DATA_VERSION;
bit_mask[0] = (uint32_t)(PM_QUERY_FEATURE_BITMASK);
bit_mask[1] = (uint32_t)(PM_QUERY_FEATURE_BITMASK >> 32);
return PM_RET_SUCCESS;
@@ -922,14 +922,16 @@
*version = ret_payload[0];
/* Update IOCTL bit mask which are implemented in ATF */
- if (api_id == PM_IOCTL) {
+ if ((api_id == PM_IOCTL) || (api_id == PM_GET_OP_CHARACTERISTIC)) {
if (len < 2) {
return PM_RET_ERROR_ARGS;
}
bit_mask[0] = ret_payload[1];
bit_mask[1] = ret_payload[2];
- /* Get IOCTL's implemented by ATF */
- status = atf_ioctl_bitmask(bit_mask);
+ if (api_id == PM_IOCTL) {
+ /* Get IOCTL's implemented by ATF */
+ status = atf_ioctl_bitmask(bit_mask);
+ }
} else {
/* Requires for MISRA */
}
@@ -1805,32 +1807,5 @@
/* Send request to the PMU */
PM_PACK_PAYLOAD3(payload, PM_EFUSE_ACCESS, address_high, address_low);
- return pm_ipi_send_sync(primary_proc, payload, value, 1);
-}
-
-enum pm_ret_status em_set_action(uint32_t *value)
-{
- uint32_t payload[PAYLOAD_ARG_CNT];
-
- /* Send request to the PMU */
- EM_PACK_PAYLOAD1(payload, EM_SET_ACTION);
- return pm_ipi_send_sync(primary_proc, payload, value, 1);
-}
-
-enum pm_ret_status em_remove_action(uint32_t *value)
-{
- uint32_t payload[PAYLOAD_ARG_CNT];
-
- /* Send request to the PMU */
- EM_PACK_PAYLOAD1(payload, EM_REMOVE_ACTION);
- return pm_ipi_send_sync(primary_proc, payload, value, 1);
-}
-
-enum pm_ret_status em_send_errors(uint32_t *value)
-{
- uint32_t payload[PAYLOAD_ARG_CNT];
-
- /* Send request to the PMU */
- EM_PACK_PAYLOAD1(payload, EM_SEND_ERRORS);
return pm_ipi_send_sync(primary_proc, payload, value, 1);
}
diff --git a/plat/xilinx/zynqmp/pm_service/pm_api_sys.h b/plat/xilinx/zynqmp/pm_service/pm_api_sys.h
index 9ba9475..1341e7b 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_api_sys.h
+++ b/plat/xilinx/zynqmp/pm_service/pm_api_sys.h
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2023, Advanced Micro Devices Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -127,7 +128,7 @@
uint32_t size,
uint32_t flags);
uint32_t pm_get_shutdown_scope(void);
-void pm_get_callbackdata(uint32_t *data, size_t count);
+enum pm_ret_status pm_get_callbackdata(uint32_t *data, size_t count);
enum pm_ret_status pm_ioctl(enum pm_node_id nid,
uint32_t ioctl_id,
uint32_t arg1,
@@ -187,9 +188,6 @@
enum pm_ret_status pm_pll_get_mode(enum pm_node_id nid, enum pm_pll_mode *mode);
enum pm_ret_status pm_efuse_access(uint32_t address_high,
uint32_t address_low, uint32_t *value);
-enum pm_ret_status em_set_action(uint32_t *value);
-enum pm_ret_status em_remove_action(uint32_t *value);
-enum pm_ret_status em_send_errors(uint32_t *value);
enum pm_ret_status pm_feature_check(uint32_t api_id, uint32_t *version,
uint32_t *bit_mask, uint8_t len);
enum pm_ret_status check_api_dependency(uint8_t id);
diff --git a/plat/xilinx/zynqmp/pm_service/pm_defs.h b/plat/xilinx/zynqmp/pm_service/pm_defs.h
index e335b94..f00ab4b 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_defs.h
+++ b/plat/xilinx/zynqmp/pm_service/pm_defs.h
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2022-2023, Advanced Micro Devices Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -31,6 +32,9 @@
#define FW_API_VERSION_2 (2U)
/* Version of APIs implemented in ATF */
#define ATF_API_BASE_VERSION (1U)
+/* Updating the QUERY_DATA API versioning as the bitmask functionality
+ * support is added in the v2.*/
+#define TFA_API_QUERY_DATA_VERSION (2U)
/* Capabilities for RAM */
#define PM_CAP_ACCESS 0x1U
@@ -49,8 +53,6 @@
#define PM_PROC_STATE_SLEEP 2U
#define PM_PROC_STATE_SUSPENDING 3U
-#define EM_FUNID_NUM_MASK 0xF0000U
-
#define PM_GET_CALLBACK_DATA 0xa01
#define PM_SET_SUSPEND_MODE 0xa02
#define PM_GET_TRUSTZONE_VERSION 0xa03
@@ -122,9 +124,9 @@
/* PM Register Access API */
PM_REGISTER_ACCESS,
PM_EFUSE_ACCESS,
- PM_FPGA_GET_VERSION,
- PM_FPGA_GET_FEATURE_LIST,
PM_FEATURE_CHECK = 63,
+ PM_FPGA_GET_VERSION = 72,
+ PM_FPGA_GET_FEATURE_LIST,
PM_API_MAX
};
@@ -241,11 +243,13 @@
PM_OPCHAR_TYPE_LATENCY,
};
+/* TODO: move pm_ret_status from device specific location to common location */
/**
* @PM_RET_SUCCESS: success
* @PM_RET_ERROR_ARGS: illegal arguments provided (deprecated)
* @PM_RET_ERROR_NOTSUPPORTED: feature not supported (deprecated)
* @PM_RET_ERROR_NOT_ENABLED: feature is not enabled
+ * @PM_RET_ERROR_INVALID_CRC: invalid crc in IPI communication
* @PM_RET_ERROR_INTERNAL: internal error
* @PM_RET_ERROR_CONFLICT: conflict
* @PM_RET_ERROR_ACCESS: access rights violation
@@ -260,6 +264,7 @@
PM_RET_ERROR_ARGS = (1U),
PM_RET_ERROR_NOTSUPPORTED = (4U),
PM_RET_ERROR_NOT_ENABLED = (29U),
+ PM_RET_ERROR_INVALID_CRC = (301U),
PM_RET_ERROR_INTERNAL = (2000U),
PM_RET_ERROR_CONFLICT = (2001U),
PM_RET_ERROR_ACCESS = (2002U),
@@ -351,13 +356,4 @@
PM_CLOCK_DIV1_ID,
};
-/**
- * EM API IDs
- */
-enum em_api_id {
- EM_SET_ACTION = 1,
- EM_REMOVE_ACTION,
- EM_SEND_ERRORS,
-};
-
#endif /* PM_DEFS_H */
diff --git a/plat/xilinx/zynqmp/pm_service/pm_svc_main.c b/plat/xilinx/zynqmp/pm_service/pm_svc_main.c
index a3f0278..b35859d 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_svc_main.c
+++ b/plat/xilinx/zynqmp/pm_service/pm_svc_main.c
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2023, Advanced Micro Devices Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -364,7 +365,11 @@
SMC_RET1(handle, (uint64_t)ret);
case PM_GET_CALLBACK_DATA:
- pm_get_callbackdata(result, ARRAY_SIZE(result));
+ ret = pm_get_callbackdata(result, ARRAY_SIZE(result));
+ if (ret != PM_RET_SUCCESS) {
+ result[0] = ret;
+ }
+
SMC_RET2(handle,
(uint64_t)result[0] | ((uint64_t)result[1] << 32),
(uint64_t)result[2] | ((uint64_t)result[3] << 32));
@@ -568,56 +573,3 @@
(uint64_t)result[1] | ((uint64_t)result[2] << 32U));
}
}
-
-/**
- * em_smc_handler() - SMC handler for EM-API calls coming from EL1/EL2.
- * @smc_fid - Function Identifier
- * @x1 - x4 - Arguments
- * @cookie - Unused
- * @handler - Pointer to caller's context structure
- *
- * @return - Unused
- *
- * Determines that smc_fid is valid and supported EM SMC Function ID from the
- * list of em_api_ids, otherwise completes the request with
- * the unknown SMC Function ID
- *
- * The SMC calls for EM service are forwarded from SIP Service SMC handler
- * function with rt_svc_handle signature
- */
-uint64_t em_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, uint64_t x3,
- uint64_t x4, const void *cookie, void *handle, uint64_t flags)
-{
- enum pm_ret_status ret;
-
- switch (smc_fid & FUNCID_NUM_MASK) {
- /* EM API Functions */
- case EM_SET_ACTION:
- {
- uint32_t value;
-
- ret = em_set_action(&value);
- SMC_RET1(handle, (uint64_t)ret | ((uint64_t)value) << 32U);
- }
-
- case EM_REMOVE_ACTION:
- {
- uint32_t value;
-
- ret = em_remove_action(&value);
- SMC_RET1(handle, (uint64_t)ret | ((uint64_t)value) << 32U);
- }
-
- case EM_SEND_ERRORS:
- {
- uint32_t value;
-
- ret = em_send_errors(&value);
- SMC_RET1(handle, (uint64_t)ret | ((uint64_t)value) << 32U);
- }
-
- default:
- WARN("Unimplemented EM Service Call: 0x%x\n", smc_fid);
- SMC_RET1(handle, SMC_UNK);
- }
-}
diff --git a/plat/xilinx/zynqmp/pm_service/pm_svc_main.h b/plat/xilinx/zynqmp/pm_service/pm_svc_main.h
index c1781f3..3c3082f 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_svc_main.h
+++ b/plat/xilinx/zynqmp/pm_service/pm_svc_main.h
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2023, Advanced Micro Devices Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,8 +14,4 @@
uint64_t pm_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, uint64_t x3,
uint64_t x4, const void *cookie, void *handle,
uint64_t flags);
-
-uint64_t em_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, uint64_t x3,
- uint64_t x4, const void *cookie, void *handle,
- uint64_t flags);
#endif /* PM_SVC_MAIN_H */
diff --git a/plat/xilinx/zynqmp/sip_svc_setup.c b/plat/xilinx/zynqmp/sip_svc_setup.c
index 4ce9b8a..c55784e 100644
--- a/plat/xilinx/zynqmp/sip_svc_setup.c
+++ b/plat/xilinx/zynqmp/sip_svc_setup.c
@@ -1,14 +1,18 @@
/*
* Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2023, Advanced Micro Devices Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
/* Top level SMC handler for SiP calls. Dispatch PM calls to PM SMC handler. */
+#include <inttypes.h>
+
#include <common/runtime_svc.h>
#include <tools_share/uuid.h>
+#include <custom_svc.h>
#include "ipi_mailbox_svc.h"
#include "pm_svc_main.h"
@@ -22,14 +26,12 @@
#define SIP_SVC_VERSION_MINOR 1
/* These macros are used to identify PM, IPI calls from the SMC function ID */
-#define PM_FID_MASK 0xf000u
+#define SIP_FID_MASK GENMASK(23, 16)
+#define XLNX_FID_MASK GENMASK(23, 12)
#define PM_FID_VALUE 0u
#define IPI_FID_VALUE 0x1000u
-#define EM_FID_MASK 0xf0000u
-#define EM_FID_VALUE 0xE0000u
-#define is_em_fid(_fid) (((_fid) & EM_FID_MASK) == EM_FID_VALUE)
-#define is_pm_fid(_fid) (((_fid) & PM_FID_MASK) == PM_FID_VALUE)
-#define is_ipi_fid(_fid) (((_fid) & PM_FID_MASK) == IPI_FID_VALUE)
+#define is_pm_fid(_fid) (((_fid) & XLNX_FID_MASK) == PM_FID_VALUE)
+#define is_ipi_fid(_fid) (((_fid) & XLNX_FID_MASK) == IPI_FID_VALUE)
/* SiP Service UUID */
DEFINE_SVC_UUID2(zynqmp_sip_uuid,
@@ -62,12 +64,16 @@
void *handle,
u_register_t flags)
{
- /* Let EM SMC handler deal with EM-related requests */
- if (is_em_fid(smc_fid)) {
- return em_smc_handler(smc_fid, x1, x2, x3, x4, cookie, handle,
- flags);
- } else if (is_pm_fid(smc_fid)) {
+ VERBOSE("SMCID: 0x%08x, x1: 0x%016" PRIx64 ", x2: 0x%016" PRIx64 ", x3: 0x%016" PRIx64 ", x4: 0x%016" PRIx64 "\n",
+ smc_fid, x1, x2, x3, x4);
+
+ if (smc_fid & SIP_FID_MASK) {
+ WARN("SMC out of SiP assinged range: 0x%x\n", smc_fid);
+ SMC_RET1(handle, SMC_UNK);
+ }
+
/* Let PM SMC handler deal with PM-related requests */
+ if (is_pm_fid(smc_fid)) {
return pm_smc_handler(smc_fid, x1, x2, x3, x4, cookie, handle,
flags);
}
@@ -89,6 +95,11 @@
case ZYNQMP_SIP_SVC_VERSION:
SMC_RET2(handle, SIP_SVC_VERSION_MAJOR, SIP_SVC_VERSION_MINOR);
+ case ZYNQMP_SIP_SVC_CUSTOM:
+ case ZYNQMP_SIP_SVC64_CUSTOM:
+ return custom_smc_handler(smc_fid, x1, x2, x3, x4, cookie,
+ handle, flags);
+
default:
WARN("Unimplemented SiP Service Call: 0x%x\n", smc_fid);
SMC_RET1(handle, SMC_UNK);
diff --git a/services/spd/opteed/opteed.mk b/services/spd/opteed/opteed.mk
index 643b054..477b45d 100644
--- a/services/spd/opteed/opteed.mk
+++ b/services/spd/opteed/opteed.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2023, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -16,3 +16,19 @@
# required so that optee code can control access to the timer registers
NS_TIMER_SWITCH := 1
+
+# WARNING: This enables loading of OP-TEE via an SMC, which can be potentially
+# insecure. This removes the boundary between the startup of the secure and
+# non-secure worlds until the point where this SMC is invoked. Only use this
+# setting if you can ensure that the non-secure OS can remain trusted up until
+# the point where this SMC is invoked.
+OPTEE_ALLOW_SMC_LOAD := 0
+ifeq ($(OPTEE_ALLOW_SMC_LOAD),1)
+ifeq ($(PLAT_XLAT_TABLES_DYNAMIC),0)
+$(error When OPTEE_ALLOW_SMC_LOAD=1, PLAT_XLAT_TABLES_DYNAMIC must also be 1)
+endif
+$(warning "OPTEE_ALLOW_SMC_LOAD is enabled which may result in an insecure \
+ platform")
+$(eval $(call add_define,PLAT_XLAT_TABLES_DYNAMIC))
+$(eval $(call add_define,OPTEE_ALLOW_SMC_LOAD))
+endif
diff --git a/services/spd/opteed/opteed_main.c b/services/spd/opteed/opteed_main.c
index 160a693..ff09e7e 100644
--- a/services/spd/opteed/opteed_main.c
+++ b/services/spd/opteed/opteed_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -16,6 +16,7 @@
******************************************************************************/
#include <assert.h>
#include <errno.h>
+#include <inttypes.h>
#include <stddef.h>
#include <arch_helpers.h>
@@ -24,12 +25,13 @@
#include <common/debug.h>
#include <common/runtime_svc.h>
#include <lib/el3_runtime/context_mgmt.h>
+#include <lib/optee_utils.h>
+#include <lib/xlat_tables/xlat_tables_v2.h>
#include <plat/common/platform.h>
#include <tools_share/uuid.h>
#include "opteed_private.h"
#include "teesmc_opteed.h"
-#include "teesmc_opteed_macros.h"
/*******************************************************************************
* Address of the entrypoint vector table in OPTEE. It is
@@ -43,7 +45,16 @@
optee_context_t opteed_sp_context[OPTEED_CORE_COUNT];
uint32_t opteed_rw;
+#if OPTEE_ALLOW_SMC_LOAD
+static bool opteed_allow_load;
+#else
static int32_t opteed_init(void);
+#endif
+
+uint64_t dual32to64(uint32_t high, uint32_t low)
+{
+ return ((uint64_t)high << 32) | low;
+}
/*******************************************************************************
* This function is the handler registered for S-EL1 interrupts by the
@@ -93,6 +104,11 @@
******************************************************************************/
static int32_t opteed_setup(void)
{
+#if OPTEE_ALLOW_SMC_LOAD
+ opteed_allow_load = true;
+ INFO("Delaying OP-TEE setup until we receive an SMC call to load it\n");
+ return 0;
+#else
entry_point_info_t *optee_ep_info;
uint32_t linear_id;
uint64_t opteed_pageable_part;
@@ -142,6 +158,7 @@
bl31_register_bl32_init(&opteed_init);
return 0;
+#endif /* OPTEE_ALLOW_SMC_LOAD */
}
/*******************************************************************************
@@ -151,20 +168,15 @@
* used. It also assumes that a valid non-secure context has been
* initialised by PSCI so it does not need to save and restore any
* non-secure state. This function performs a synchronous entry into
- * OPTEE. OPTEE passes control back to this routine through a SMC.
+ * OPTEE. OPTEE passes control back to this routine through a SMC. This returns
+ * a non-zero value on success and zero on failure.
******************************************************************************/
-static int32_t opteed_init(void)
+static int32_t
+opteed_init_with_entry_point(entry_point_info_t *optee_entry_point)
{
uint32_t linear_id = plat_my_core_pos();
optee_context_t *optee_ctx = &opteed_sp_context[linear_id];
- entry_point_info_t *optee_entry_point;
uint64_t rc;
-
- /*
- * Get information about the OPTEE (BL32) image. Its
- * absence is a critical failure.
- */
- optee_entry_point = bl31_plat_get_next_image_ep_info(SECURE);
assert(optee_entry_point);
cm_init_my_context(optee_entry_point);
@@ -179,6 +191,121 @@
return rc;
}
+#if !OPTEE_ALLOW_SMC_LOAD
+static int32_t opteed_init(void)
+{
+ entry_point_info_t *optee_entry_point;
+ /*
+ * Get information about the OP-TEE (BL32) image. Its
+ * absence is a critical failure.
+ */
+ optee_entry_point = bl31_plat_get_next_image_ep_info(SECURE);
+ return opteed_init_with_entry_point(optee_entry_point);
+}
+#endif /* !OPTEE_ALLOW_SMC_LOAD */
+
+#if OPTEE_ALLOW_SMC_LOAD
+/*******************************************************************************
+ * This function is responsible for handling the SMC that loads the OP-TEE
+ * binary image via a non-secure SMC call. It takes the size and physical
+ * address of the payload as parameters.
+ ******************************************************************************/
+static int32_t opteed_handle_smc_load(uint64_t data_size, uint32_t data_pa)
+{
+ uintptr_t data_va = data_pa;
+ uint64_t mapped_data_pa;
+ uintptr_t mapped_data_va;
+ uint64_t data_map_size;
+ int32_t rc;
+ optee_header_t *image_header;
+ uint8_t *image_ptr;
+ uint64_t target_pa;
+ uint64_t target_end_pa;
+ uint64_t image_pa;
+ uintptr_t image_va;
+ optee_image_t *curr_image;
+ uintptr_t target_va;
+ uint64_t target_size;
+ entry_point_info_t optee_ep_info;
+ uint32_t linear_id = plat_my_core_pos();
+
+ mapped_data_pa = page_align(data_pa, DOWN);
+ mapped_data_va = mapped_data_pa;
+ data_map_size = page_align(data_size + (mapped_data_pa - data_pa), UP);
+
+ /*
+ * We do not validate the passed in address because we are trusting the
+ * non-secure world at this point still.
+ */
+ rc = mmap_add_dynamic_region(mapped_data_pa, mapped_data_va,
+ data_map_size, MT_MEMORY | MT_RO | MT_NS);
+ if (rc != 0) {
+ return rc;
+ }
+
+ image_header = (optee_header_t *)data_va;
+ if (image_header->magic != TEE_MAGIC_NUM_OPTEE ||
+ image_header->version != 2 || image_header->nb_images != 1) {
+ mmap_remove_dynamic_region(mapped_data_va, data_map_size);
+ return -EINVAL;
+ }
+
+ image_ptr = (uint8_t *)data_va + sizeof(optee_header_t) +
+ sizeof(optee_image_t);
+ if (image_header->arch == 1) {
+ opteed_rw = OPTEE_AARCH64;
+ } else {
+ opteed_rw = OPTEE_AARCH32;
+ }
+
+ curr_image = &image_header->optee_image_list[0];
+ image_pa = dual32to64(curr_image->load_addr_hi,
+ curr_image->load_addr_lo);
+ image_va = image_pa;
+ target_end_pa = image_pa + curr_image->size;
+
+ /* Now also map the memory we want to copy it to. */
+ target_pa = page_align(image_pa, DOWN);
+ target_va = target_pa;
+ target_size = page_align(target_end_pa, UP) - target_pa;
+
+ rc = mmap_add_dynamic_region(target_pa, target_va, target_size,
+ MT_MEMORY | MT_RW | MT_SECURE);
+ if (rc != 0) {
+ mmap_remove_dynamic_region(mapped_data_va, data_map_size);
+ return rc;
+ }
+
+ INFO("Loaded OP-TEE via SMC: size %d addr 0x%" PRIx64 "\n",
+ curr_image->size, image_va);
+
+ memcpy((void *)image_va, image_ptr, curr_image->size);
+ flush_dcache_range(target_pa, target_size);
+
+ mmap_remove_dynamic_region(mapped_data_va, data_map_size);
+ mmap_remove_dynamic_region(target_va, target_size);
+
+ /* Save the non-secure state */
+ cm_el1_sysregs_context_save(NON_SECURE);
+
+ opteed_init_optee_ep_state(&optee_ep_info,
+ opteed_rw,
+ image_pa,
+ 0,
+ 0,
+ 0,
+ &opteed_sp_context[linear_id]);
+ if (opteed_init_with_entry_point(&optee_ep_info) == 0) {
+ rc = -EFAULT;
+ }
+
+ /* Restore non-secure state */
+ cm_el1_sysregs_context_restore(NON_SECURE);
+ cm_set_next_eret_context(NON_SECURE);
+
+ return rc;
+}
+#endif /* OPTEE_ALLOW_SMC_LOAD */
/*******************************************************************************
* This function is responsible for handling all SMCs in the Trusted OS/App
@@ -207,6 +334,34 @@
*/
if (is_caller_non_secure(flags)) {
+#if OPTEE_ALLOW_SMC_LOAD
+ if (smc_fid == NSSMC_OPTEED_CALL_LOAD_IMAGE) {
+ /*
+ * TODO: Consider wiping the code for SMC loading from
+ * memory after it has been invoked similar to what is
+ * done under RECLAIM_INIT, but extended to happen
+ * later.
+ */
+ if (!opteed_allow_load) {
+ SMC_RET1(handle, -EPERM);
+ }
+
+ opteed_allow_load = false;
+ uint64_t data_size = dual32to64(x1, x2);
+ uint64_t data_pa = dual32to64(x3, x4);
+ if (!data_size || !data_pa) {
+ /*
+ * This is invoked when the OP-TEE image didn't
+ * load correctly in the kernel but we want to
+ * block off loading of it later for security
+ * reasons.
+ */
+ SMC_RET1(handle, -EINVAL);
+ }
+ SMC_RET1(handle, opteed_handle_smc_load(
+ data_size, data_pa));
+ }
+#endif /* OPTEE_ALLOW_SMC_LOAD */
/*
* This is a fresh request from the non-secure client.
* The parameters are in x1 and x2. Figure out which
@@ -219,8 +374,18 @@
/*
* We are done stashing the non-secure context. Ask the
- * OPTEE to do the work now.
+ * OP-TEE to do the work now. If we are loading vi an SMC,
+ * then we also need to init this CPU context if not done
+ * already.
*/
+ if (optee_vector_table == NULL) {
+ SMC_RET1(handle, -EINVAL);
+ }
+
+ if (get_optee_pstate(optee_ctx->state) ==
+ OPTEE_PSTATE_UNKNOWN) {
+ opteed_cpu_on_finish_handler(0);
+ }
/*
* Verify if there is a valid context to use, copy the
diff --git a/services/spd/opteed/opteed_pm.c b/services/spd/opteed/opteed_pm.c
index 719eeb7..fa724a1 100644
--- a/services/spd/opteed/opteed_pm.c
+++ b/services/spd/opteed/opteed_pm.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -32,6 +32,10 @@
uint32_t linear_id = plat_my_core_pos();
optee_context_t *optee_ctx = &opteed_sp_context[linear_id];
+ if (get_optee_pstate(optee_ctx->state) == OPTEE_PSTATE_UNKNOWN) {
+ return 0;
+ }
+
assert(optee_vector_table);
assert(get_optee_pstate(optee_ctx->state) == OPTEE_PSTATE_ON);
@@ -65,6 +69,10 @@
uint32_t linear_id = plat_my_core_pos();
optee_context_t *optee_ctx = &opteed_sp_context[linear_id];
+ if (get_optee_pstate(optee_ctx->state) == OPTEE_PSTATE_UNKNOWN) {
+ return;
+ }
+
assert(optee_vector_table);
assert(get_optee_pstate(optee_ctx->state) == OPTEE_PSTATE_ON);
@@ -92,7 +100,7 @@
* after initialising minimal architectural state that guarantees safe
* execution.
******************************************************************************/
-static void opteed_cpu_on_finish_handler(u_register_t unused)
+void opteed_cpu_on_finish_handler(u_register_t unused)
{
int32_t rc = 0;
uint32_t linear_id = plat_my_core_pos();
@@ -100,7 +108,8 @@
entry_point_info_t optee_on_entrypoint;
assert(optee_vector_table);
- assert(get_optee_pstate(optee_ctx->state) == OPTEE_PSTATE_OFF);
+ assert(get_optee_pstate(optee_ctx->state) == OPTEE_PSTATE_OFF ||
+ get_optee_pstate(optee_ctx->state) == OPTEE_PSTATE_UNKNOWN);
opteed_init_optee_ep_state(&optee_on_entrypoint, opteed_rw,
(uint64_t)&optee_vector_table->cpu_on_entry,
@@ -134,6 +143,10 @@
uint32_t linear_id = plat_my_core_pos();
optee_context_t *optee_ctx = &opteed_sp_context[linear_id];
+ if (get_optee_pstate(optee_ctx->state) == OPTEE_PSTATE_UNKNOWN) {
+ return;
+ }
+
assert(optee_vector_table);
assert(get_optee_pstate(optee_ctx->state) == OPTEE_PSTATE_SUSPEND);
@@ -173,6 +186,14 @@
uint32_t linear_id = plat_my_core_pos();
optee_context_t *optee_ctx = &opteed_sp_context[linear_id];
+ /*
+ * OP-TEE must have been initialized in order to reach this location so
+ * it is safe to init the CPU context if not already done for this core.
+ */
+ if (get_optee_pstate(optee_ctx->state) == OPTEE_PSTATE_UNKNOWN) {
+ opteed_cpu_on_finish_handler(0);
+ }
+
assert(optee_vector_table);
assert(get_optee_pstate(optee_ctx->state) == OPTEE_PSTATE_ON);
@@ -193,6 +214,14 @@
uint32_t linear_id = plat_my_core_pos();
optee_context_t *optee_ctx = &opteed_sp_context[linear_id];
+ /*
+ * OP-TEE must have been initialized in order to reach this location so
+ * it is safe to init the CPU context if not already done for this core.
+ */
+ if (get_optee_pstate(optee_ctx->state) == OPTEE_PSTATE_UNKNOWN) {
+ opteed_cpu_on_finish_handler(0);
+ }
+
assert(optee_vector_table);
assert(get_optee_pstate(optee_ctx->state) == OPTEE_PSTATE_ON);
diff --git a/services/spd/opteed/opteed_private.h b/services/spd/opteed/opteed_private.h
index 242154f..c8fbc22 100644
--- a/services/spd/opteed/opteed_private.h
+++ b/services/spd/opteed/opteed_private.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -18,9 +18,10 @@
* OPTEE PM state information e.g. OPTEE is suspended, uninitialised etc
* and macros to access the state information in the per-cpu 'state' flags
******************************************************************************/
-#define OPTEE_PSTATE_OFF 0
-#define OPTEE_PSTATE_ON 1
-#define OPTEE_PSTATE_SUSPEND 2
+#define OPTEE_PSTATE_OFF 1
+#define OPTEE_PSTATE_ON 2
+#define OPTEE_PSTATE_SUSPEND 3
+#define OPTEE_PSTATE_UNKNOWN 0
#define OPTEE_PSTATE_SHIFT 0
#define OPTEE_PSTATE_MASK 0x3
#define get_optee_pstate(state) ((state >> OPTEE_PSTATE_SHIFT) & \
@@ -113,7 +114,7 @@
* have the same double word aligned view of the size of the C runtime
* register context.
*/
-CASSERT(OPTEED_C_RT_CTX_SIZE == sizeof(c_rt_regs_t), \
+CASSERT(OPTEED_C_RT_CTX_SIZE == sizeof(c_rt_regs_t),
assert_spd_c_rt_regs_size_mismatch);
/*******************************************************************************
@@ -153,6 +154,7 @@
uint64_t mem_limit,
uint64_t dt_addr,
optee_context_t *optee_ctx);
+void opteed_cpu_on_finish_handler(u_register_t unused);
extern optee_context_t opteed_sp_context[OPTEED_CORE_COUNT];
extern uint32_t opteed_rw;
diff --git a/services/spd/opteed/teesmc_opteed.h b/services/spd/opteed/teesmc_opteed.h
index c82b58a..eae3ed2 100644
--- a/services/spd/opteed/teesmc_opteed.h
+++ b/services/spd/opteed/teesmc_opteed.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -9,8 +9,10 @@
#ifndef TEESMC_OPTEED_H
#define TEESMC_OPTEED_H
+#include "teesmc_opteed_macros.h"
+
/*
- * This file specifies SMC function IDs used when returning from TEE to the
+ * This section specifies SMC function IDs used when returning from TEE to the
* secure monitor.
*
* All SMC Function IDs indicates SMC32 Calling Convention but will carry
@@ -120,4 +122,39 @@
#define TEESMC_OPTEED_RETURN_SYSTEM_RESET_DONE \
TEESMC_OPTEED_RV(TEESMC_OPTEED_FUNCID_RETURN_SYSTEM_RESET_DONE)
+/*
+ * This section specifies SMC function IDs used when the secure monitor is
+ * invoked from the non-secure world.
+ */
+
+/*
+ * Load OP-TEE image from the payload specified in the registers.
+ *
+ * WARNING: Use this cautiously as it could lead to insecure loading of the
+ * Trusted OS. Further details are in opteed.mk.
+ *
+ * Call register usage:
+ * x0 SMC Function ID, OPTEE_SMC_CALL_LOAD_IMAGE
+ * x1 Upper 32bit of a 64bit size for the payload
+ * x2 Lower 32bit of a 64bit size for the payload
+ * x3 Upper 32bit of the physical address for the payload
+ * x4 Lower 32bit of the physical address for the payload
+ *
+ * The payload consists of a optee_header struct that contains optee_image
+ * structs in a flex array, immediately following that in memory is the data
+ * referenced by the optee_image structs.
+ * Example:
+ *
+ * struct optee_header (with n images specified)
+ * image 0 data
+ * image 1 data
+ * ...
+ * image n-1 data
+ *
+ * Returns 0 on success and an error code otherwise.
+ */
+#define NSSMC_OPTEED_FUNCID_LOAD_IMAGE 2
+#define NSSMC_OPTEED_CALL_LOAD_IMAGE \
+ NSSMC_OPTEED_CALL(NSSMC_OPTEED_FUNCID_LOAD_IMAGE)
+
#endif /*TEESMC_OPTEED_H*/
diff --git a/services/spd/opteed/teesmc_opteed_macros.h b/services/spd/opteed/teesmc_opteed_macros.h
index 9d8a169..ad3ed75 100644
--- a/services/spd/opteed/teesmc_opteed_macros.h
+++ b/services/spd/opteed/teesmc_opteed_macros.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -14,4 +14,10 @@
(62 << FUNCID_OEN_SHIFT) | \
((func_num) & FUNCID_NUM_MASK))
+#define NSSMC_OPTEED_CALL(func_num) \
+ ((SMC_TYPE_FAST << FUNCID_TYPE_SHIFT) | \
+ ((SMC_32) << FUNCID_CC_SHIFT) | \
+ (50 << FUNCID_OEN_SHIFT) | \
+ ((func_num) & FUNCID_NUM_MASK))
+
#endif /* TEESMC_OPTEED_MACROS_H */
diff --git a/services/spd/tlkd/tlkd_private.h b/services/spd/tlkd/tlkd_private.h
index 5d5d0e8..ad36f5e 100644
--- a/services/spd/tlkd/tlkd_private.h
+++ b/services/spd/tlkd/tlkd_private.h
@@ -85,7 +85,7 @@
* have the same double word aligned view of the size of the C runtime
* register context.
*/
-CASSERT(TLKD_C_RT_CTX_SIZE == sizeof(c_rt_regs_t), \
+CASSERT(TLKD_C_RT_CTX_SIZE == sizeof(c_rt_regs_t),
assert_tlkd_c_rt_regs_size_mismatch);
/*******************************************************************************
diff --git a/services/spd/tspd/tspd_private.h b/services/spd/tspd/tspd_private.h
index d6c03c9..043644a 100644
--- a/services/spd/tspd/tspd_private.h
+++ b/services/spd/tspd/tspd_private.h
@@ -146,7 +146,7 @@
* have the same double word aligned view of the size of the C runtime
* register context.
*/
-CASSERT(TSPD_C_RT_CTX_SIZE == sizeof(c_rt_regs_t), \
+CASSERT(TSPD_C_RT_CTX_SIZE == sizeof(c_rt_regs_t),
assert_spd_c_rt_regs_size_mismatch);
/* SEL1 Secure payload (SP) caller saved register context structure. */
@@ -157,7 +157,7 @@
* have the same double word aligned view of the size of the C runtime
* register context.
*/
-CASSERT(TSPD_SP_CTX_SIZE == sizeof(sp_ctx_regs_t), \
+CASSERT(TSPD_SP_CTX_SIZE == sizeof(sp_ctx_regs_t),
assert_spd_sp_regs_size_mismatch);
/*******************************************************************************
diff --git a/services/std_svc/rmmd/rmmd_main.c b/services/std_svc/rmmd/rmmd_main.c
index 6bd9fdf..e12eae7 100644
--- a/services/std_svc/rmmd/rmmd_main.c
+++ b/services/std_svc/rmmd/rmmd_main.c
@@ -171,7 +171,7 @@
uint32_t ep_attr;
unsigned int linear_id = plat_my_core_pos();
rmmd_rmm_context_t *rmm_ctx = &rmm_context[linear_id];
- rmm_manifest_t *manifest;
+ struct rmm_manifest *manifest;
int rc;
/* Make sure RME is supported. */
@@ -206,7 +206,7 @@
((void *)shared_buf_base != NULL));
/* Load the boot manifest at the beginning of the shared area */
- manifest = (rmm_manifest_t *)shared_buf_base;
+ manifest = (struct rmm_manifest *)shared_buf_base;
rc = plat_rmmd_load_manifest(manifest);
if (rc != 0) {
ERROR("Error loading RMM Boot Manifest (%i)\n", rc);
diff --git a/services/std_svc/rmmd/trp/linker.lds b/services/std_svc/rmmd/trp/linker.ld.S
similarity index 89%
rename from services/std_svc/rmmd/trp/linker.lds
rename to services/std_svc/rmmd/trp/linker.ld.S
index 2b7f383..9895cf9 100644
--- a/services/std_svc/rmmd/trp/linker.lds
+++ b/services/std_svc/rmmd/trp/linker.ld.S
@@ -1,6 +1,7 @@
/*
- * (C) COPYRIGHT 2021 Arm Limited or its affiliates.
- * ALL RIGHTS RESERVED
+ * Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
*/
#include <common/bl_common.ld.h>
diff --git a/services/std_svc/rmmd/trp/trp.mk b/services/std_svc/rmmd/trp/trp.mk
index 44bbf22..e511bf5 100644
--- a/services/std_svc/rmmd/trp/trp.mk
+++ b/services/std_svc/rmmd/trp/trp.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2021-2022 Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2021-2023 Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -8,7 +8,7 @@
services/std_svc/rmmd/trp/trp_main.c \
services/std_svc/rmmd/trp/trp_helpers.c
-RMM_LINKERFILE := services/std_svc/rmmd/trp/linker.lds
+RMM_DEFAULT_LINKER_SCRIPT_SOURCE := services/std_svc/rmmd/trp/linker.ld.S
# Include the platform-specific TRP Makefile
# If no platform-specific TRP Makefile exists, it means TRP is not supported
diff --git a/services/std_svc/rmmd/trp/trp_main.c b/services/std_svc/rmmd/trp/trp_main.c
index 196bc11..4eb3e12 100644
--- a/services/std_svc/rmmd/trp/trp_main.c
+++ b/services/std_svc/rmmd/trp/trp_main.c
@@ -62,7 +62,7 @@
sizeof(trp_shared_region_start));
/* Perform early platform-specific setup */
- trp_early_platform_setup((rmm_manifest_t *)trp_shared_region_start);
+ trp_early_platform_setup((struct rmm_manifest *)trp_shared_region_start);
}
int trp_validate_warmboot_args(uint64_t x0, uint64_t x1,
diff --git a/services/std_svc/spm/spm_mm/spm_mm_xlat.c b/services/std_svc/spm/spm_mm/spm_mm_xlat.c
index 6261016..b1ca55a 100644
--- a/services/std_svc/spm/spm_mm/spm_mm_xlat.c
+++ b/services/std_svc/spm/spm_mm/spm_mm_xlat.c
@@ -19,7 +19,7 @@
/* Place translation tables by default along with the ones used by BL31. */
#ifndef PLAT_SP_IMAGE_XLAT_SECTION_NAME
-#define PLAT_SP_IMAGE_XLAT_SECTION_NAME "xlat_table"
+#define PLAT_SP_IMAGE_XLAT_SECTION_NAME ".xlat_table"
#endif
#ifndef PLAT_SP_IMAGE_BASE_XLAT_SECTION_NAME
#define PLAT_SP_IMAGE_BASE_XLAT_SECTION_NAME ".bss"
diff --git a/services/std_svc/spmd/spmd_main.c b/services/std_svc/spmd/spmd_main.c
index afd0f2e..e85109d 100644
--- a/services/std_svc/spmd/spmd_main.c
+++ b/services/std_svc/spmd/spmd_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -16,10 +16,14 @@
#include <bl31/interrupt_mgmt.h>
#include <common/debug.h>
#include <common/runtime_svc.h>
+#include <common/tbbr/tbbr_img_def.h>
#include <lib/el3_runtime/context_mgmt.h>
+#include <lib/fconf/fconf.h>
+#include <lib/fconf/fconf_dyn_cfg_getter.h>
#include <lib/smccc.h>
#include <lib/spinlock.h>
#include <lib/utils.h>
+#include <lib/xlat_tables/xlat_tables_v2.h>
#include <plat/common/common_def.h>
#include <plat/common/platform.h>
#include <platform_def.h>
@@ -245,6 +249,92 @@
SMC_RET0(&ctx->cpu_ctx);
}
+#if ENABLE_RME && SPMD_SPM_AT_SEL2 && !RESET_TO_BL31
+static int spmd_dynamic_map_mem(uintptr_t base_addr, size_t size,
+ unsigned int attr, uintptr_t *align_addr,
+ size_t *align_size)
+{
+ uintptr_t base_addr_align;
+ size_t mapped_size_align;
+ int rc;
+
+ /* Page aligned address and size if necessary */
+ base_addr_align = page_align(base_addr, DOWN);
+ mapped_size_align = page_align(size, UP);
+
+ if ((base_addr != base_addr_align) &&
+ (size == mapped_size_align)) {
+ mapped_size_align += PAGE_SIZE;
+ }
+
+ /*
+ * Map dynamically given region with its aligned base address and
+ * size
+ */
+ rc = mmap_add_dynamic_region((unsigned long long)base_addr_align,
+ base_addr_align,
+ mapped_size_align,
+ attr);
+ if (rc == 0) {
+ *align_addr = base_addr_align;
+ *align_size = mapped_size_align;
+ }
+
+ return rc;
+}
+
+static void spmd_do_sec_cpy(uintptr_t root_base_addr, uintptr_t sec_base_addr,
+ size_t size)
+{
+ uintptr_t root_base_addr_align, sec_base_addr_align;
+ size_t root_mapped_size_align, sec_mapped_size_align;
+ int rc;
+
+ assert(root_base_addr != 0UL);
+ assert(sec_base_addr != 0UL);
+ assert(size != 0UL);
+
+ /* Map the memory with required attributes */
+ rc = spmd_dynamic_map_mem(root_base_addr, size, MT_RO_DATA | MT_ROOT,
+ &root_base_addr_align,
+ &root_mapped_size_align);
+ if (rc != 0) {
+ ERROR("%s %s %lu (%d)\n", "Error while mapping", "root region",
+ root_base_addr, rc);
+ panic();
+ }
+
+ rc = spmd_dynamic_map_mem(sec_base_addr, size, MT_RW_DATA | MT_SECURE,
+ &sec_base_addr_align, &sec_mapped_size_align);
+ if (rc != 0) {
+ ERROR("%s %s %lu (%d)\n", "Error while mapping",
+ "secure region", sec_base_addr, rc);
+ panic();
+ }
+
+ /* Do copy operation */
+ (void)memcpy((void *)sec_base_addr, (void *)root_base_addr, size);
+
+ /* Unmap root memory region */
+ rc = mmap_remove_dynamic_region(root_base_addr_align,
+ root_mapped_size_align);
+ if (rc != 0) {
+ ERROR("%s %s %lu (%d)\n", "Error while unmapping",
+ "root region", root_base_addr_align, rc);
+ panic();
+ }
+
+ /* Unmap secure memory region */
+ rc = mmap_remove_dynamic_region(sec_base_addr_align,
+ sec_mapped_size_align);
+ if (rc != 0) {
+ ERROR("%s %s %lu (%d)\n", "Error while unmapping",
+ "secure region", sec_base_addr_align, rc);
+ panic();
+ }
+}
+#endif /* ENABLE_RME && SPMD_SPM_AT_SEL2 && !RESET_TO_BL31 */
+
/*******************************************************************************
* Loads SPMC manifest and inits SPMC.
******************************************************************************/
@@ -254,6 +344,7 @@
unsigned int core_id;
uint32_t ep_attr, flags;
int rc;
+ const struct dyn_cfg_dtb_info_t *image_info __unused;
/* Load the SPM Core manifest */
rc = plat_spm_core_manifest_load(&spmc_attrs, pm_addr);
@@ -344,6 +435,26 @@
DISABLE_ALL_EXCEPTIONS);
}
+#if ENABLE_RME && SPMD_SPM_AT_SEL2 && !RESET_TO_BL31
+ image_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, TOS_FW_CONFIG_ID);
+ assert(image_info != NULL);
+
+ if ((image_info->config_addr == 0UL) ||
+ (image_info->secondary_config_addr == 0UL) ||
+ (image_info->config_max_size == 0UL)) {
+ return -EINVAL;
+ }
+
+ /* Copy manifest from root->secure region */
+ spmd_do_sec_cpy(image_info->config_addr,
+ image_info->secondary_config_addr,
+ image_info->config_max_size);
+
+ /* Update ep info of BL32 */
+ assert(spmc_ep_info != NULL);
+ spmc_ep_info->args.arg0 = image_info->secondary_config_addr;
+#endif /* ENABLE_RME && SPMD_SPM_AT_SEL2 && !RESET_TO_BL31 */
+
/* Set an initial SPMC context state for all cores. */
for (core_id = 0U; core_id < PLATFORM_CORE_COUNT; core_id++) {
spm_core_context[core_id].state = SPMC_STATE_OFF;
@@ -402,15 +513,15 @@
rc = spmc_setup();
if (rc != 0) {
- ERROR("SPMC initialisation failed 0x%x.\n", rc);
+ WARN("SPMC initialisation failed 0x%x.\n", rc);
}
- return rc;
+ return 0;
}
spmc_ep_info = bl31_plat_get_next_image_ep_info(SECURE);
if (spmc_ep_info == NULL) {
WARN("No SPM Core image provided by BL2 boot loader.\n");
- return -EINVAL;
+ return 0;
}
/* Under no circumstances will this parameter be 0 */
@@ -422,8 +533,8 @@
*/
spmc_manifest = (void *)spmc_ep_info->args.arg0;
if (spmc_manifest == NULL) {
- ERROR("Invalid or absent SPM Core manifest.\n");
- return -EINVAL;
+ WARN("Invalid or absent SPM Core manifest.\n");
+ return 0;
}
/* Load manifest, init SPMC */
@@ -432,7 +543,7 @@
WARN("Booting device without SPM initialization.\n");
}
- return rc;
+ return 0;
}
/*******************************************************************************
@@ -470,10 +581,40 @@
#endif
cm_set_next_eret_context(secure_state_out);
+#if SPMD_SPM_AT_SEL2
+ /*
+ * If SPMC is at SEL2, save additional registers x8-x17, which may
+ * be used in FF-A calls such as FFA_PARTITION_INFO_GET_REGS.
+ * Note that technically, all SPMCs can support this, but this code is
+ * under ifdef to minimize breakage in case other SPMCs do not save
+ * and restore x8-x17.
+ * We also need to pass through these registers since not all FF-A ABIs
+ * modify x8-x17, in which case, SMCCC requires that these registers be
+ * preserved, so the SPMD passes through these registers and expects the
+ * SPMC to save and restore (potentially also modify) them.
+ */
+ SMC_RET18(cm_get_context(secure_state_out), smc_fid, x1, x2, x3, x4,
+ SMC_GET_GP(handle, CTX_GPREG_X5),
+ SMC_GET_GP(handle, CTX_GPREG_X6),
+ SMC_GET_GP(handle, CTX_GPREG_X7),
+ SMC_GET_GP(handle, CTX_GPREG_X8),
+ SMC_GET_GP(handle, CTX_GPREG_X9),
+ SMC_GET_GP(handle, CTX_GPREG_X10),
+ SMC_GET_GP(handle, CTX_GPREG_X11),
+ SMC_GET_GP(handle, CTX_GPREG_X12),
+ SMC_GET_GP(handle, CTX_GPREG_X13),
+ SMC_GET_GP(handle, CTX_GPREG_X14),
+ SMC_GET_GP(handle, CTX_GPREG_X15),
+ SMC_GET_GP(handle, CTX_GPREG_X16),
+ SMC_GET_GP(handle, CTX_GPREG_X17)
+ );
+
+#else
SMC_RET8(cm_get_context(secure_state_out), smc_fid, x1, x2, x3, x4,
SMC_GET_GP(handle, CTX_GPREG_X5),
SMC_GET_GP(handle, CTX_GPREG_X6),
SMC_GET_GP(handle, CTX_GPREG_X7));
+#endif
}
/*******************************************************************************
@@ -931,7 +1072,23 @@
return spmd_ffa_error_return(handle, FFA_ERROR_DENIED);
}
break; /* Not reached */
+#if MAKE_FFA_VERSION(1, 1) <= FFA_VERSION_COMPILED
+ case FFA_PARTITION_INFO_GET_REGS_SMC64:
+ if (secure_origin) {
+ /* TODO: Future patches to enable support for this */
+ return spmd_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED);
+ }
+
+ /* Call only supported with SMCCC 1.2+ */
+ if (MAKE_SMCCC_VERSION(SMCCC_MAJOR_VERSION, SMCCC_MINOR_VERSION) < 0x10002) {
+ return spmd_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED);
+ }
+ return spmd_smc_forward(smc_fid, secure_origin,
+ x1, x2, x3, x4, cookie,
+ handle, flags);
+ break; /* Not reached */
+#endif
default:
WARN("SPM: Unsupported call 0x%08x\n", smc_fid);
return spmd_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED);
diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index 487777b..27ec979 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -212,7 +212,7 @@
*err_code = KEY_ERR_OPEN;
}
} else {
- WARN("Key filename not specified\n");
+ VERBOSE("Key filename not specified\n");
*err_code = KEY_ERR_FILENAME;
}
diff --git a/tools/marvell/doimage/doimage.c b/tools/marvell/doimage/doimage.c
index e08b820..513f33f 100644
--- a/tools/marvell/doimage/doimage.c
+++ b/tools/marvell/doimage/doimage.c
@@ -17,12 +17,6 @@
#ifdef CONFIG_MVEBU_SECURE_BOOT
#include <libconfig.h> /* for parsing config file */
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
/* mbedTLS stuff */
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_SHA256_C) && \
@@ -34,6 +28,7 @@
#include <mbedtls/md.h>
#include <mbedtls/pk.h>
#include <mbedtls/sha256.h>
+#include <mbedtls/version.h>
#include <mbedtls/x509.h>
#else
#error "Bad mbedTLS configuration!"