Merge "fix(gpt_rme): fix compilation error for gpt_rme.c" into integration
diff --git a/bl32/tsp/ffa_helpers.c b/bl32/tsp/ffa_helpers.c
index 3639c22..ad70c2b 100644
--- a/bl32/tsp/ffa_helpers.c
+++ b/bl32/tsp/ffa_helpers.c
@@ -149,13 +149,15 @@
{
smc_args_t ret;
uint32_t descriptor_size;
- struct ffa_mtd *memory_region = (struct ffa_mtd *)mb->tx_buffer;
+ struct ffa_mtd *memory_region;
if (retrieved == NULL || mb == NULL) {
ERROR("Invalid parameters!\n");
return false;
}
+ memory_region = (struct ffa_mtd *)mb->tx_buffer;
+
/* Clear TX buffer. */
memset(memory_region, 0, PAGE_SIZE);
diff --git a/bl32/tsp/tsp_ffa_main.c b/bl32/tsp/tsp_ffa_main.c
index 53dbd03..2c53977 100644
--- a/bl32/tsp/tsp_ffa_main.c
+++ b/bl32/tsp/tsp_ffa_main.c
@@ -216,10 +216,10 @@
(uint64_t)composite->address_range_array[i].address,
size, mem_attrs);
- /* Remove mappings created in this transaction. */
- for (i--; i >= 0U; i--) {
+ /* Remove mappings previously created in this transaction. */
+ for (i--; i >= 0; i--) {
ret = mmap_remove_dynamic_region(
- (uint64_t)ptr,
+ (uint64_t)composite->address_range_array[i].address,
composite->address_range_array[i].page_count * PAGE_SIZE);
if (ret != 0) {
@@ -227,6 +227,7 @@
panic();
}
}
+
return FFA_ERROR_NO_MEMORY;
}
@@ -298,8 +299,8 @@
tsp_stats[linear_id].eret_count++;
tsp_stats[linear_id].cpu_off_count++;
- INFO("TSP: cpu 0x%lx off request\n", read_mpidr());
- INFO("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu off requests\n",
+ VERBOSE("TSP: cpu 0x%lx off request\n", read_mpidr());
+ VERBOSE("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu off requests\n",
read_mpidr(),
tsp_stats[linear_id].smc_count,
tsp_stats[linear_id].eret_count,
@@ -336,7 +337,7 @@
tsp_stats[linear_id].eret_count++;
tsp_stats[linear_id].cpu_suspend_count++;
- INFO("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu suspend requests\n",
+ VERBOSE("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu suspend requests\n",
read_mpidr(),
tsp_stats[linear_id].smc_count,
tsp_stats[linear_id].eret_count,
@@ -369,9 +370,9 @@
tsp_stats[linear_id].eret_count++;
tsp_stats[linear_id].cpu_resume_count++;
- INFO("TSP: cpu 0x%lx resumed. maximum off power level %" PRId64 "\n",
+ VERBOSE("TSP: cpu 0x%lx resumed. maximum off power level %" PRId64 "\n",
read_mpidr(), max_off_pwrlvl);
- INFO("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu resume requests\n",
+ VERBOSE("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu resume requests\n",
read_mpidr(),
tsp_stats[linear_id].smc_count,
tsp_stats[linear_id].eret_count,
@@ -611,7 +612,7 @@
tsp_stats[linear_id].eret_count++;
tsp_stats[linear_id].cpu_on_count++;
- INFO("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu on requests\n",
+ VERBOSE("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu on requests\n",
read_mpidr(),
tsp_stats[linear_id].smc_count,
tsp_stats[linear_id].eret_count,
@@ -640,8 +641,8 @@
tsp_stats[linear_id].smc_count++;
tsp_stats[linear_id].eret_count++;
tsp_stats[linear_id].cpu_on_count++;
- INFO("TSP: cpu 0x%lx turned on\n", read_mpidr());
- INFO("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu on requests\n",
+ VERBOSE("TSP: cpu 0x%lx turned on\n", read_mpidr());
+ VERBOSE("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu on requests\n",
read_mpidr(),
tsp_stats[linear_id].smc_count,
tsp_stats[linear_id].eret_count,
diff --git a/docs/components/rmm-el3-comms-spec.rst b/docs/components/rmm-el3-comms-spec.rst
index 8070ff4..25c4269 100644
--- a/docs/components/rmm-el3-comms-spec.rst
+++ b/docs/components/rmm-el3-comms-spec.rst
@@ -101,7 +101,7 @@
x2,Maximum number of CPUs to be supported at runtime. RMM should ensure that it can support this maximum number.
x3,Base address for the shared buffer used for communication between EL3 firmware and RMM. This buffer must be of 4KB size (1 page). The boot manifest must be present at the base of this shared buffer during cold boot.
-During cold boot, EL3 firmware needs to allocate a 4K page that will be
+During cold boot, EL3 firmware needs to allocate a 4KB page that will be
passed to RMM in x3. This memory will be used as shared buffer for communication
between EL3 and RMM. It must be assigned to Realm world and must be mapped with
Normal memory attributes (IWB-OWB-ISH) at EL3. At boot, this memory will be
@@ -522,8 +522,8 @@
.. _rmm_el3_manifest_struct:
-RMM-EL3 Boot Manifest Version
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+RMM-EL3 Boot Manifest structure
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The RMM-EL3 Boot Manifest structure contains platform boot information passed
from EL3 to RMM. The width of the Boot Manifest is 128 bits
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index d48f284..c07a0aa 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -518,6 +518,10 @@
Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0 and r2p0
of the CPU and is fixed in r2p1.
+- ``ERRATA_A710_2768515``: This applies errata 2768515 workaround to
+ Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and
+ r2p1 of the CPU and is still open.
+
For Neoverse N2, the following errata build flags are defined :
- ``ERRATA_N2_2002655``: This applies errata 2002655 workaround to Neoverse-N2
@@ -595,6 +599,10 @@
Cortex-X2 CPU. This needs to be enabled for revisions r0p0, r1p0 and r2p0
of the CPU and is fixed in r2p1.
+- ``ERRATA_X2_2768515``: This applies errata 2768515 workaround to
+ Cortex-X2 CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0
+ and r2p1 of the CPU and is still open.
+
For Cortex-X3, the following errata build flags are defined :
- ``ERRATA_X3_2313909``: This applies errata 2313909 workaround to
diff --git a/docs/design/trusted-board-boot-build.rst b/docs/design/trusted-board-boot-build.rst
index c3f3a2f..caf367b 100644
--- a/docs/design/trusted-board-boot-build.rst
+++ b/docs/design/trusted-board-boot-build.rst
@@ -42,7 +42,7 @@
are loaded from that path instead of the default OS path. Export this
variable if necessary.
- In the case of Arm platforms, the location of the ROTPK hash must also be
+ In the case of Arm platforms, the location of the ROTPK must also be
specified at build time. The following locations are currently supported (see
``ARM_ROTPK_LOCATION`` build option):
@@ -62,6 +62,9 @@
``plat/arm/board/common/rotpk/arm_rotpk_ecdsa_sha256.bin``. Enforce
generation of the new hash if ``ROT_KEY`` is specified.
+ - ``ARM_ROTPK_LOCATION=devel_full_dev_rsa_key``: use the key located in
+ ``plat/arm/board/common/rotpk/arm_full_dev_rsa_rotpk.S``.
+
Example of command line using RSA development keys:
.. code:: shell
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 7cd9b2b..e54ff41 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -818,6 +818,11 @@
disabled). This configuration supports pre-Armv8.4 platforms (aka not
implementing the ``FEAT_SEL2`` extension). This is an experimental feature.
+- ``SPMC_OPTEE`` : This boolean option is used jointly with the SPM
+ Dispatcher option (``SPD=spmd``) and with ``SPMD_SPM_AT_SEL2=0`` to
+ indicate that the SPMC at S-EL1 is OP-TEE and an OP-TEE specific loading
+ mechanism should be used.
+
- ``SPMD_SPM_AT_SEL2`` : This boolean option is used jointly with the SPM
Dispatcher option (``SPD=spmd``). When enabled (1) it indicates the SPMC
component runs at the S-EL2 exception level provided by the ``FEAT_SEL2``
diff --git a/docs/plat/arm/arm-build-options.rst b/docs/plat/arm/arm-build-options.rst
index 407c04b..68eb3ec 100644
--- a/docs/plat/arm/arm-build-options.rst
+++ b/docs/plat/arm/arm-build-options.rst
@@ -49,7 +49,7 @@
field of power-state parameter.
- ``ARM_ROTPK_LOCATION``: used when ``TRUSTED_BOARD_BOOT=1``. It specifies the
- location of the ROTPK hash returned by the function ``plat_get_rotpk_info()``
+ location of the ROTPK returned by the function ``plat_get_rotpk_info()``
for Arm platforms. Depending on the selected option, the proper private key
must be specified using the ``ROT_KEY`` option when building the Trusted
Firmware. This private key will be used by the certificate generation tool
@@ -68,12 +68,16 @@
``arm_rotpk_ecdsa.der``, located in ``plat/arm/board/common/rotpk``. To
use this option, ``arm_rotprivk_ecdsa.pem`` must be specified as
``ROT_KEY`` when creating the certificates.
+ - ``devel_full_dev_rsa_key`` : returns a development public key embedded in
+ the BL1 and BL2 binaries. This key has been obtained from the RSA public
+ key ``arm_rotpk_rsa.der``, located in ``plat/arm/board/common/rotpk``.
-- ``ARM_ROTPK_HASH``: used when ``ARM_ROTPK_LOCATION=devel_*``. Specifies the
- location of the ROTPK hash. Not expected to be a build option. This defaults to
- ``plat/arm/board/common/rotpk/*_sha256.bin`` depending on the specified algorithm.
- Providing ``ROT_KEY`` enforces generation of the hash from the ``ROT_KEY`` and
- overwrites the default hash file.
+- ``ARM_ROTPK_HASH``: used when ``ARM_ROTPK_LOCATION=devel_*``, excluding
+ ``devel_full_dev_rsa_key``. Specifies the location of the ROTPK hash. Not
+ expected to be a build option. This defaults to
+ ``plat/arm/board/common/rotpk/*_sha256.bin`` depending on the specified
+ algorithm. Providing ``ROT_KEY`` enforces generation of the hash from the
+ ``ROT_KEY`` and overwrites the default hash file.
- ``ARM_TSP_RAM_LOCATION``: location of the TSP binary. Options:
diff --git a/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml b/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml
new file mode 100644
index 0000000..23f5b17
--- /dev/null
+++ b/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml
@@ -0,0 +1,77 @@
+/'
+ ' Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+ '
+ ' SPDX-License-Identifier: BSD-3-Clause
+ '/
+
+/'
+TF-A Data Flow Diagram including RSS
+'/
+
+@startuml
+digraph tfa_dfd {
+
+ # Arrange nodes from left to right
+ rankdir="LR"
+
+ # Allow arrows to end on cluster boundaries
+ compound=true
+
+ # Default settings for edges and nodes
+ edge [minlen=2 color="#8c1b07"]
+ node [fillcolor="#ffb866" style=filled shape=box fixedsize=true width=1.6 height=0.7]
+
+ # Nodes outside of the trust boundary
+ nsec [label="Non-secure\nClients"]
+ sec [label="Secure\nClients"]
+ dbg [label="Debug & Trace"]
+ logs [label="Logs\n(UART)"]
+ nvm [label="Non-volatile\nMemory"]
+
+
+ # Trust boundary cluster
+ subgraph cluster_trusted{
+ graph [style=dashed color="#f22430"]
+
+ # HW IPs cluster
+ subgraph cluster_ip{
+ label ="Hardware IPs";
+ graph [style=filled color="#000000" fillcolor="#ffd29e"]
+
+ rank="same"
+ gic [label="GIC" width=1.2 height=0.5]
+ tzc [label="TZ\nController" width=1.2 height=0.5]
+ etc [label="..." shape=none style=none height=0.5]
+ }
+
+ # TF-A cluster
+ subgraph cluster_tfa{
+ label ="TF-A";
+ graph [style=filled color="#000000" fillcolor="#faf9cd"]
+
+ bl1 [label="Boot ROM\n(BL1)" fillcolor="#ddffb3"];
+ bl2 [label="Trusted Boot\nFirmware\n(BL2)" fillcolor="#ddffb3" height=1]
+ bl31 [label="TF-A Runtime\n(BL31)" fillcolor="#ddffb3"]
+ }
+
+ # RSS cluster
+ subgraph cluster_rss{
+ label ="RSS";
+ graph [style=filled color="#000000" fillcolor="#faf9cd"]
+
+ rss [label="Runtime Security\n\ Subsystem\n\ (RSS)" fillcolor="#ddffb3"]
+ }
+ }
+
+ # Interactions between nodes
+ nvm -> bl31 [lhead=cluster_tfa label="DF1"]
+ logs -> bl31 [dir="back" lhead=cluster_tfa label="DF2"]
+ dbg -> bl2 [dir="both" lhead=cluster_tfa label="DF3"]
+ sec -> bl2 [dir="both" lhead=cluster_tfa label="DF4"]
+ nsec -> bl1 [dir="both" lhead=cluster_tfa, label="DF5"]
+ bl2 -> tzc [dir="both" ltail=cluster_tfa lhead=cluster_ip label="DF6" minlen=1]
+ bl31 -> rss [dir="both" ltail=cluster_tfa lhead=cluster_rss label="DF7" minlen=1]
+
+}
+
+@enduml
diff --git a/docs/threat_model/index.rst b/docs/threat_model/index.rst
index ad8b82a..9fd55a9 100644
--- a/docs/threat_model/index.rst
+++ b/docs/threat_model/index.rst
@@ -16,7 +16,8 @@
threat_model_spm
threat_model_el3_spm
threat_model_fvp_r
+ threat_model_rss_interface
--------------
-*Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/threat_model.rst
index 38e5c87..99bbb3a 100644
--- a/docs/threat_model/threat_model.rst
+++ b/docs/threat_model/threat_model.rst
@@ -170,7 +170,7 @@
For each threat identified, a risk rating that ranges
from *informational* to *critical* is given based on the likelihood of the
-threat occuring if a mitigation is not in place, and the impact of the
+threat occurring if a mitigation is not in place, and the impact of the
threat (i.e. how severe the consequences could be). Table 4 explains each
rating in terms of score, impact and likelihood.
@@ -778,8 +778,9 @@
+========================+====================================================+
| Threat | | **Misconfiguration of the Memory Management Unit |
| | (MMU) may allow a normal world software to |
-| | access sensitive data or execute arbitrary |
-| | code** |
+| | access sensitive data, execute arbitrary |
+| | code or access otherwise restricted HW |
+| | interface** |
| | |
| | | A misconfiguration of the MMU could |
| | lead to an open door for software running in the |
@@ -853,6 +854,8 @@
+------------------------+-----------------------------------------------------+
| Threat Type | Information Disclosure |
+------------------------+-------------------+----------------+----------------+
+| Application | Server | IoT | Mobile |
++------------------------+-------------------+----------------+----------------+
| Impact | Medium (3) | Medium (3) | Medium (3) |
+------------------------+-------------------+----------------+----------------+
| Likelihood | Low (2) | Low (2) | Low (2) |
@@ -880,6 +883,41 @@
| | mitigated. |
+------------------------+-----------------------------------------------------+
++------------------------+-----------------------------------------------------+
+| ID | 13 |
++========================+=====================================================+
+| Threat | | **Leaving sensitive information in the memory, |
+| | can allow an attacker to retrieve them.** |
+| | |
+| | | Accidentally leaving not-needed sensitive data in |
+| | internal buffers can leak them if an attacker |
+| | gains access to memory due to a vulnerability. |
++------------------------+-----------------------------------------------------+
+| Diagram Elements | DF4, DF5 |
++------------------------+-----------------------------------------------------+
+| Affected TF-A | BL1, BL2, BL31 |
+| Components | |
++------------------------+-----------------------------------------------------+
+| Assets | Sensitive Data |
++------------------------+-----------------------------------------------------+
+| Threat Agent | NSCode, SecCode |
++------------------------+-----------------------------------------------------+
+| Threat Type | Information Disclosure |
++------------------------+-------------------+----------------+----------------+
+| Application | Server | IoT | Mobile |
++------------------------+-------------------+----------------+----------------+
+| Impact | Critical (5) | Critical (5) | Critical (5) |
++------------------------+-------------------+----------------+----------------+
+| Likelihood | Medium (3) | Medium (3) | Medium (3) |
++------------------------+-------------------+----------------+----------------+
+| Total Risk Rating | High (15) | High (15) | High (15) |
++------------------------+-------------------+----------------+----------------+
+| Mitigations | Clear the sensitive data from internal buffers as |
+| | soon as they are not needed anymore. |
++------------------------+-----------------------------------------------------+
+| Mitigations | | Yes / Platform specific |
++------------------------+-----------------------------------------------------+
+
--------------
*Copyright (c) 2021-2022, Arm Limited. All rights reserved.*
diff --git a/docs/threat_model/threat_model_rss_interface.rst b/docs/threat_model/threat_model_rss_interface.rst
new file mode 100644
index 0000000..4bceb63
--- /dev/null
+++ b/docs/threat_model/threat_model_rss_interface.rst
@@ -0,0 +1,59 @@
+Threat Model for RSS - AP interface
+***********************************
+
+************
+Introduction
+************
+This document is an extension for the general TF-A threat-model. It considers
+those platforms where a Runtime Security Subsystem (RSS) is included in the SoC
+next to the Application Processor (AP).
+
+********************
+Target of Evaluation
+********************
+The scope of this threat model only includes the interface between the RSS and
+AP. Otherwise, the TF-A :ref:`Generic Threat Model` document is applicable for
+the AP core. The threat model for the RSS firmware will be provided by the RSS
+firmware project in the future.
+
+
+Data Flow Diagram
+=================
+This diagram is different only from the general TF-A data flow diagram in that
+it includes the RSS and highlights the interface between the AP and the RSS
+cores. The interface description only focuses on the AP-RSS interface the rest
+is the same as in the general TF-A threat-model document.
+
+.. uml:: ../resources/diagrams/plantuml/tfa_rss_dfd.puml
+ :caption: Figure 1: TF-A Data Flow Diagram including RSS
+
+.. table:: Table 1: TF-A - RSS data flow diagram
+
+ +-----------------+--------------------------------------------------------+
+ | Diagram Element | Description |
+ +=================+========================================================+
+ | DF7 | | Boot images interact with RSS over a communication |
+ | | channel to record boot measurements and get image |
+ | | verification keys. At runtime, BL31 obtains the |
+ | | realm world attestation signing key from RSS. |
+ +-----------------+--------------------------------------------------------+
+
+Threat Assessment
+=================
+For this section, please reference the Threat Assessment under the general TF-A
+threat-model document, :ref:`Generic Threat Model`. All the threats listed there
+are applicable for the AP core, here only the differences are highlighted.
+
+ - ID 11: The access to the communication interface between AP and RSS is
+ allowed only for firmware running at EL3. Accidentally exposing this
+ interface to NSCode can allow malicious code to interact with RSS and
+ gain access to sensitive data.
+ - ID 13: Relevant in the context of the realm attestation key, which can be
+ retrieved by BL31 through DF7. The RSS communication protocol layer
+ mitigates against this by clearing its internal buffer when reply is
+ received. The caller of the API must do the same if data is not needed
+ anymore.
+
+--------------
+
+*Copyright (c) 2022, Arm Limited. All rights reserved.*
\ No newline at end of file
diff --git a/drivers/st/clk/clk-stm32-core.c b/drivers/st/clk/clk-stm32-core.c
index bb03125..9fe8c8c 100644
--- a/drivers/st/clk/clk-stm32-core.c
+++ b/drivers/st/clk/clk-stm32-core.c
@@ -466,10 +466,9 @@
{
const struct clk_stm32 *clk = _clk_get(priv, id);
int parent;
- unsigned long rate = 0UL;
if ((unsigned int)id >= priv->num) {
- return rate;
+ return 0UL;
}
parent = _clk_stm32_get_parent(priv, id);
@@ -484,21 +483,14 @@
prate = _clk_stm32_get_rate(priv, parent);
}
- rate = clk->ops->recalc_rate(priv, id, prate);
-
- return rate;
+ return clk->ops->recalc_rate(priv, id, prate);
}
- switch (parent) {
- case CLK_IS_ROOT:
+ if (parent == CLK_IS_ROOT) {
panic();
-
- default:
- rate = _clk_stm32_get_rate(priv, parent);
- break;
}
- return rate;
+ return _clk_stm32_get_rate(priv, parent);
}
unsigned long _clk_stm32_get_parent_rate(struct stm32_clk_priv *priv, int id)
@@ -519,7 +511,7 @@
bool _stm32_clk_is_flags(struct stm32_clk_priv *priv, int id, uint8_t flag)
{
- if (_stm32_clk_get_flags(priv, id) & flag) {
+ if ((_stm32_clk_get_flags(priv, id) & flag) != 0U) {
return true;
}
@@ -549,7 +541,7 @@
}
if (parent != CLK_IS_ROOT) {
ret = _clk_stm32_enable_core(priv, parent);
- if (ret) {
+ if (ret != 0) {
return ret;
}
}
diff --git a/drivers/st/clk/clk-stm32mp13.c b/drivers/st/clk/clk-stm32mp13.c
index c960928..db427ad 100644
--- a/drivers/st/clk/clk-stm32mp13.c
+++ b/drivers/st/clk/clk-stm32mp13.c
@@ -456,7 +456,7 @@
},\
}
-static const struct parent_cfg parent_mp13[] = {
+static const struct parent_cfg parent_mp13[MUX_MAX] = {
MUX_CFG(MUX_ADC1, ADC1_src, RCC_ADC12CKSELR, 0, 2),
MUX_CFG(MUX_ADC2, ADC2_src, RCC_ADC12CKSELR, 2, 2),
MUX_RDY_CFG(MUX_AXI, AXI_src, RCC_ASSCKSELR, 0, 3),
@@ -841,7 +841,7 @@
.bitrdy = _bitrdy,\
}
-static const struct div_cfg dividers_mp13[] = {
+static const struct div_cfg dividers_mp13[DIV_MAX] = {
DIV_CFG(DIV_PLL1DIVP, RCC_PLL1CFGR2, 0, 7, 0, NULL, DIV_NO_BIT_RDY),
DIV_CFG(DIV_PLL2DIVP, RCC_PLL2CFGR2, 0, 7, 0, NULL, DIV_NO_BIT_RDY),
DIV_CFG(DIV_PLL2DIVQ, RCC_PLL2CFGR2, 8, 7, 0, NULL, DIV_NO_BIT_RDY),
@@ -1119,7 +1119,7 @@
return ret;
}
- if (enable) {
+ if (enable != 0) {
clk_stm32_enable_call_ops(priv, clk_id);
} else {
clk_stm32_disable_call_ops(priv, clk_id);
@@ -1450,7 +1450,7 @@
/* Configure PLLs source */
ret = stm32_clk_configure_mux(priv, pll_conf->vco.src);
- if (ret) {
+ if (ret != 0) {
return ret;
}
@@ -1485,7 +1485,7 @@
{
struct stm32_pll_dt_cfg *pll_conf = clk_stm32_pll_get_pdata(pll_idx);
- if (pll_conf->vco.status) {
+ if (pll_conf->vco.status != 0U) {
return _clk_stm32_pll_init(priv, pll_idx, pll_conf);
}
@@ -1497,22 +1497,22 @@
int err = 0;
err = clk_stm32_pll_init(priv, _PLL1);
- if (err) {
+ if (err != 0) {
return err;
}
err = clk_stm32_pll_init(priv, _PLL2);
- if (err) {
+ if (err != 0) {
return err;
}
err = clk_stm32_pll_init(priv, _PLL3);
- if (err) {
+ if (err != 0) {
return err;
}
err = clk_stm32_pll_init(priv, _PLL4);
- if (err) {
+ if (err != 0) {
return err;
}
@@ -2242,7 +2242,7 @@
size_t i = 0U;
for (i = _PLL1; i < pdata->npll; i++) {
- struct stm32_pll_dt_cfg *pll = pdata->pll + i;
+ struct stm32_pll_dt_cfg *pll = &pdata->pll[i];
char name[RCC_PLL_NAME_SIZE];
int subnode = 0;
int err = 0;
diff --git a/drivers/st/gpio/stm32_gpio.c b/drivers/st/gpio/stm32_gpio.c
index 708989f..a4a64ca 100644
--- a/drivers/st/gpio/stm32_gpio.c
+++ b/drivers/st/gpio/stm32_gpio.c
@@ -234,27 +234,27 @@
clk_enable(clock);
mmio_clrsetbits_32(base + GPIO_MODE_OFFSET,
- (uint32_t)GPIO_MODE_MASK << (pin << 1),
- mode << (pin << 1));
+ (uint32_t)GPIO_MODE_MASK << (pin << 1U),
+ mode << (pin << 1U));
mmio_clrsetbits_32(base + GPIO_TYPE_OFFSET,
(uint32_t)GPIO_TYPE_MASK << pin,
type << pin);
mmio_clrsetbits_32(base + GPIO_SPEED_OFFSET,
- (uint32_t)GPIO_SPEED_MASK << (pin << 1),
- speed << (pin << 1));
+ (uint32_t)GPIO_SPEED_MASK << (pin << 1U),
+ speed << (pin << 1U));
mmio_clrsetbits_32(base + GPIO_PUPD_OFFSET,
- (uint32_t)GPIO_PULL_MASK << (pin << 1),
- pull << (pin << 1));
+ (uint32_t)GPIO_PULL_MASK << (pin << 1U),
+ pull << (pin << 1U));
if (pin < GPIO_ALT_LOWER_LIMIT) {
mmio_clrsetbits_32(base + GPIO_AFRL_OFFSET,
- (uint32_t)GPIO_ALTERNATE_MASK << (pin << 2),
- alternate << (pin << 2));
+ (uint32_t)GPIO_ALTERNATE_MASK << (pin << 2U),
+ alternate << (pin << 2U));
} else {
- size_t shift = (pin - GPIO_ALT_LOWER_LIMIT) << 2;
+ uint32_t shift = (pin - GPIO_ALT_LOWER_LIMIT) << 2U;
mmio_clrsetbits_32(base + GPIO_AFRH_OFFSET,
(uint32_t)GPIO_ALTERNATE_MASK << shift,
diff --git a/drivers/st/mmc/stm32_sdmmc2.c b/drivers/st/mmc/stm32_sdmmc2.c
index 6bdd782..1ee3580 100644
--- a/drivers/st/mmc/stm32_sdmmc2.c
+++ b/drivers/st/mmc/stm32_sdmmc2.c
@@ -528,12 +528,12 @@
uint32_t data_ctrl = SDMMC_DCTRLR_DTDIR;
uint32_t arg_size;
- assert(size != 0U);
+ assert((size != 0U) && (size <= UINT32_MAX));
if (size > MMC_BLOCK_SIZE) {
arg_size = MMC_BLOCK_SIZE;
} else {
- arg_size = size;
+ arg_size = (uint32_t)size;
}
sdmmc2_params.use_dma = plat_sdmmc2_use_dma(base, buf);
diff --git a/drivers/st/pmic/stm32mp_pmic.c b/drivers/st/pmic/stm32mp_pmic.c
index 5b43760..1e16287 100644
--- a/drivers/st/pmic/stm32mp_pmic.c
+++ b/drivers/st/pmic/stm32mp_pmic.c
@@ -20,6 +20,7 @@
#include <platform_def.h>
#define PMIC_NODE_NOT_FOUND 1
+#define NB_REG 14U
static struct i2c_handle_s i2c_handle;
static uint32_t pmic_i2c_addr;
@@ -454,13 +455,13 @@
};
#define DEFINE_REGU(name) { \
- .node_name = name, \
+ .node_name = (name), \
.ops = &pmic_ops, \
.driver_data = NULL, \
.enable_ramp_delay = 1000, \
}
-static const struct regul_description pmic_regs[] = {
+static const struct regul_description pmic_regs[NB_REG] = {
[STPMIC1_BUCK1] = DEFINE_REGU("buck1"),
[STPMIC1_BUCK2] = DEFINE_REGU("buck2"),
[STPMIC1_BUCK3] = DEFINE_REGU("buck3"),
@@ -477,8 +478,6 @@
[STPMIC1_SW_OUT] = DEFINE_REGU("pwr_sw2"),
};
-#define NB_REG ARRAY_SIZE(pmic_regs)
-
static int register_pmic(void)
{
void *fdt;
@@ -506,7 +505,7 @@
unsigned int i;
int ret;
- for (i = 0; i < NB_REG; i++) {
+ for (i = 0U; i < NB_REG; i++) {
desc = &pmic_regs[i];
if (strcmp(desc->node_name, reg_name) == 0) {
break;
diff --git a/drivers/st/regulator/regulator_core.c b/drivers/st/regulator/regulator_core.c
index 5cc8329..2a5d0f7 100644
--- a/drivers/st/regulator/regulator_core.c
+++ b/drivers/st/regulator/regulator_core.c
@@ -17,14 +17,16 @@
#define MAX_PROPERTY_LEN 64
+CASSERT(PLAT_NB_RDEVS >= 1U, plat_nb_rdevs_must_be_higher);
+
static struct rdev rdev_array[PLAT_NB_RDEVS];
#define for_each_rdev(rdev) \
- for (rdev = rdev_array; rdev < (rdev_array + PLAT_NB_RDEVS); rdev++)
+ for ((rdev) = rdev_array; (rdev) <= &rdev_array[PLAT_NB_RDEVS - 1U]; (rdev)++)
#define for_each_registered_rdev(rdev) \
- for (rdev = rdev_array; \
- (rdev < (rdev_array + PLAT_NB_RDEVS)) && (rdev->desc != NULL); rdev++)
+ for ((rdev) = rdev_array; \
+ ((rdev) <= &rdev_array[PLAT_NB_RDEVS - 1U]) && ((rdev)->desc != NULL); (rdev)++)
static void lock_driver(const struct rdev *rdev)
{
@@ -86,7 +88,7 @@
char prop_name[MAX_PROPERTY_LEN];
len = snprintf(prop_name, MAX_PROPERTY_LEN - 1, "%s-supply", name);
- assert((len >= 0) && (len < MAX_PROPERTY_LEN - 1));
+ assert((len >= 0) && (len < (MAX_PROPERTY_LEN - 1)));
cuint = fdt_getprop(fdt, node, prop_name, NULL);
if (cuint != NULL) {
@@ -156,7 +158,7 @@
assert(rdev != NULL);
- if (rdev->flags & REGUL_ALWAYS_ON) {
+ if ((rdev->flags & REGUL_ALWAYS_ON) != 0U) {
return 0;
}
@@ -525,7 +527,7 @@
}
}
- if (rdev == rdev_array + PLAT_NB_RDEVS) {
+ if (rdev > &rdev_array[PLAT_NB_RDEVS - 1U]) {
WARN("Not enough place for regulators, PLAT_NB_RDEVS should be increased.\n");
return -ENOMEM;
}
diff --git a/include/drivers/arm/css/scmi.h b/include/drivers/arm/css/scmi.h
index 9dd08e5..356012b 100644
--- a/include/drivers/arm/css/scmi.h
+++ b/include/drivers/arm/css/scmi.h
@@ -168,7 +168,7 @@
int scmi_ap_core_get_reset_addr(void *p, uint64_t *reset_addr, uint32_t *attr);
/* API to get the platform specific SCMI channel information. */
-scmi_channel_plat_info_t *plat_css_get_scmi_info(int channel_id);
+scmi_channel_plat_info_t *plat_css_get_scmi_info(unsigned int channel_id);
/* API to override default PSCI callbacks for platforms that support SCMI. */
const plat_psci_ops_t *css_scmi_override_pm_ops(plat_psci_ops_t *ops);
diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h
index ab0e4ff..36b1bdb 100644
--- a/include/plat/arm/common/arm_def.h
+++ b/include/plat/arm/common/arm_def.h
@@ -20,10 +20,12 @@
*****************************************************************************/
/*
- * Root of trust key hash lengths
+ * Root of trust key lengths
*/
#define ARM_ROTPK_HEADER_LEN 19
#define ARM_ROTPK_HASH_LEN 32
+/* ARM_ROTPK_KEY_LEN includes DER header + raw key material */
+#define ARM_ROTPK_KEY_LEN 294
/* Special value used to verify platform parameters from BL2 to BL31 */
#define ARM_BL31_PLAT_PARAM_VAL ULL(0x0f1e2d3c4b5a6978)
diff --git a/include/plat/arm/common/plat_arm.h b/include/plat/arm/common/plat_arm.h
index 6c0d91d..494e470 100644
--- a/include/plat/arm/common/plat_arm.h
+++ b/include/plat/arm/common/plat_arm.h
@@ -159,7 +159,7 @@
#define ARM_ROTPK_REGS_ID 1
#define ARM_ROTPK_DEVEL_RSA_ID 2
#define ARM_ROTPK_DEVEL_ECDSA_ID 3
-
+#define ARM_ROTPK_DEVEL_FULL_DEV_RSA_KEY_ID 4
/* IO storage utility functions */
int arm_io_setup(void);
diff --git a/include/services/rmm_core_manifest.h b/include/services/rmm_core_manifest.h
index 2f25858..7edef46 100644
--- a/include/services/rmm_core_manifest.h
+++ b/include/services/rmm_core_manifest.h
@@ -38,6 +38,7 @@
/* Boot manifest core structure as per v0.1 */
typedef struct rmm_manifest {
uint32_t version; /* Manifest version */
+ uint32_t padding; /* RES0 */
uintptr_t plat_data; /* Manifest platform data */
} rmm_manifest_t;
diff --git a/lib/cpus/aarch64/cortex_a710.S b/lib/cpus/aarch64/cortex_a710.S
index fed3f33..3ea55df 100644
--- a/lib/cpus/aarch64/cortex_a710.S
+++ b/lib/cpus/aarch64/cortex_a710.S
@@ -482,6 +482,30 @@
b cpu_rev_var_ls
endfunc check_errata_2371105
+/* ----------------------------------------------------
+ * Errata Workaround for Cortex-A710 Errata #2768515
+ * This applies to revisions <= r2p1 and is still open.
+ * x0: variant[4:7] and revision[0:3] of current cpu.
+ * Shall clobber: x0-x17
+ * ----------------------------------------------------
+ */
+func errata_a710_2768515_wa
+ mov x17, x30
+ bl check_errata_2768515
+ cbz x0, 1f
+
+ /* dsb before isb of power down sequence */
+ dsb sy
+1:
+ ret x17
+endfunc errata_a710_2768515_wa
+
+func check_errata_2768515
+ /* Applies to all revisions <= r2p1 */
+ mov x1, #0x21
+ b cpu_rev_var_ls
+endfunc check_errata_2768515
+
func check_errata_cve_2022_23960
#if WORKAROUND_CVE_2022_23960
mov x0, #ERRATA_APPLIES
@@ -518,6 +542,12 @@
mrs x0, CORTEX_A710_CPUPWRCTLR_EL1
orr x0, x0, #CORTEX_A710_CPUPWRCTLR_EL1_CORE_PWRDN_BIT
msr CORTEX_A710_CPUPWRCTLR_EL1, x0
+#if ERRATA_A710_2768515
+ mov x15, x30
+ bl cpu_get_rev_var
+ bl errata_a710_2768515_wa
+ mov x30, x15
+#endif /* ERRATA_A710_2768515 */
isb
ret
endfunc cortex_a710_core_pwr_dwn
@@ -550,6 +580,7 @@
report_errata ERRATA_A710_2216384, cortex_a710, 2216384
report_errata ERRATA_A710_2291219, cortex_a710, 2291219
report_errata ERRATA_A710_2371105, cortex_a710, 2371105
+ report_errata ERRATA_A710_2768515, cortex_a710, 2768515
report_errata WORKAROUND_CVE_2022_23960, cortex_a710, cve_2022_23960
report_errata ERRATA_DSU_2313941, cortex_a710, dsu_2313941
diff --git a/lib/cpus/aarch64/cortex_x2.S b/lib/cpus/aarch64/cortex_x2.S
index c810be6..f56d50a 100644
--- a/lib/cpus/aarch64/cortex_x2.S
+++ b/lib/cpus/aarch64/cortex_x2.S
@@ -295,6 +295,30 @@
b cpu_rev_var_ls
endfunc check_errata_2371105
+/* ----------------------------------------------------
+ * Errata Workaround for Cortex-X2 Errata #2768515
+ * This applies to revisions <= r2p1 and is still open.
+ * x0: variant[4:7] and revision[0:3] of current cpu.
+ * Shall clobber: x0-x17
+ * ----------------------------------------------------
+ */
+func errata_x2_2768515_wa
+ mov x17, x30
+ bl check_errata_2768515
+ cbz x0, 1f
+
+ /* dsb before isb of power down sequence */
+ dsb sy
+1:
+ ret x17
+endfunc errata_x2_2768515_wa
+
+func check_errata_2768515
+ /* Applies to all revisions <= r2p1 */
+ mov x1, #0x21
+ b cpu_rev_var_ls
+endfunc check_errata_2768515
+
/* ----------------------------------------------------
* HW will do the cache maintenance while powering down
* ----------------------------------------------------
@@ -307,6 +331,12 @@
mrs x0, CORTEX_X2_CPUPWRCTLR_EL1
orr x0, x0, #CORTEX_X2_CPUPWRCTLR_EL1_CORE_PWRDN_BIT
msr CORTEX_X2_CPUPWRCTLR_EL1, x0
+#if ERRATA_X2_2768515
+ mov x15, x30
+ bl cpu_get_rev_var
+ bl errata_x2_2768515_wa
+ mov x30, x15
+#endif /* ERRATA_X2_2768515 */
isb
ret
endfunc cortex_x2_core_pwr_dwn
@@ -333,6 +363,7 @@
report_errata ERRATA_X2_2147715, cortex_x2, 2147715
report_errata ERRATA_X2_2216384, cortex_x2, 2216384
report_errata ERRATA_X2_2371105, cortex_x2, 2371105
+ report_errata ERRATA_X2_2768515, cortex_x2, 2768515
report_errata WORKAROUND_CVE_2022_23960, cortex_x2, cve_2022_23960
report_errata ERRATA_DSU_2313941, cortex_x2, dsu_2313941
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index 8ef794b..527a82f 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk
@@ -572,6 +572,11 @@
# to revision r0p0, r1p0 and r2p0 of the Cortex-A710 cpu and is fixed in r2p1.
ERRATA_A710_2371105 ?=0
+# Flag to apply erratum 2768515 workaround during power down. This erratum
+# applies to revision r0p0, r1p0, r2p0 and r2p1 of the Cortex-A710 cpu and is
+# still open.
+ERRATA_A710_2768515 ?=0
+
# Flag to apply erratum 2067956 workaround during reset. This erratum applies
# to revision r0p0 of the Neoverse N2 cpu and is still open.
ERRATA_N2_2067956 ?=0
@@ -655,6 +660,11 @@
# to revision r0p0, r1p0 and r2p0 of the Cortex-X2 cpu and is fixed in r2p1.
ERRATA_X2_2371105 ?=0
+# Flag to apply erratum 2768515 workaround during power down. This erratum
+# applies to revision r0p0, r1p0, r2p0 and r2p1 of the Cortex-X2 cpu and is
+# still open.
+ERRATA_X2_2768515 ?=0
+
# Flag to apply erratum 2313909 workaround on powerdown. This erratum applies
# to revisions r0p0 and r1p0 of the Cortex-X3 cpu, it is fixed in r1p1.
ERRATA_X3_2313909 ?=0
@@ -1208,6 +1218,10 @@
$(eval $(call assert_boolean,ERRATA_A710_2371105))
$(eval $(call add_define,ERRATA_A710_2371105))
+# Process ERRATA_A710_2768515 flag
+$(eval $(call assert_boolean,ERRATA_A710_2768515))
+$(eval $(call add_define,ERRATA_A710_2768515))
+
# Process ERRATA_N2_2067956 flag
$(eval $(call assert_boolean,ERRATA_N2_2067956))
$(eval $(call add_define,ERRATA_N2_2067956))
@@ -1288,6 +1302,10 @@
$(eval $(call assert_boolean,ERRATA_X2_2371105))
$(eval $(call add_define,ERRATA_X2_2371105))
+# Process ERRATA_X2_2768515 flag
+$(eval $(call assert_boolean,ERRATA_X2_2768515))
+$(eval $(call add_define,ERRATA_X2_2768515))
+
# Process ERRATA_X3_2313909 flag
$(eval $(call assert_boolean,ERRATA_X3_2313909))
$(eval $(call add_define,ERRATA_X3_2313909))
diff --git a/plat/arm/board/common/board_arm_trusted_boot.c b/plat/arm/board/common/board_arm_trusted_boot.c
index 714c444..24d88ee 100644
--- a/plat/arm/board/common/board_arm_trusted_boot.c
+++ b/plat/arm/board/common/board_arm_trusted_boot.c
@@ -47,7 +47,8 @@
#pragma weak plat_get_nv_ctr
#pragma weak plat_set_nv_ctr
-extern unsigned char arm_rotpk_header[], arm_rotpk_hash_end[];
+extern unsigned char arm_rotpk_header[], arm_rotpk_key[], arm_rotpk_hash_end[],
+ arm_rotpk_key_end[];
#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID) || ARM_CRYPTOCELL_INTEG
static unsigned char rotpk_hash_der[ARM_ROTPK_HEADER_LEN + ARM_ROTPK_HASH_LEN];
@@ -93,16 +94,20 @@
#endif
#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_RSA_ID) || \
- (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_ECDSA_ID)
-/*
- * Return development ROTPK hash generated from ROT_KEY.
- */
+ (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_ECDSA_ID) || \
+ (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_FULL_DEV_RSA_KEY_ID)
int arm_get_rotpk_info_dev(void **key_ptr, unsigned int *key_len,
unsigned int *flags)
{
- *key_ptr = arm_rotpk_header;
- *key_len = arm_rotpk_hash_end - arm_rotpk_header;
- *flags = ROTPK_IS_HASH;
+ if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_FULL_DEV_RSA_KEY_ID) {
+ *key_ptr = arm_rotpk_key;
+ *key_len = arm_rotpk_key_end - arm_rotpk_key;
+ *flags = 0;
+ } else {
+ *key_ptr = arm_rotpk_header;
+ *key_len = arm_rotpk_hash_end - arm_rotpk_header;
+ *flags = ROTPK_IS_HASH;
+ }
return 0;
}
#endif
@@ -130,7 +135,7 @@
#endif
/*
- * Wrapper function for most Arm platforms to get ROTPK hash.
+ * Wrapper function for most Arm platforms to get ROTPK info.
*/
static int get_rotpk_info(void **key_ptr, unsigned int *key_len,
unsigned int *flags)
@@ -140,7 +145,8 @@
#else
#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_RSA_ID) || \
- (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_ECDSA_ID)
+ (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_ECDSA_ID) || \
+ (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_FULL_DEV_RSA_KEY_ID)
return arm_get_rotpk_info_dev(key_ptr, key_len, flags);
#elif (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID)
return arm_get_rotpk_info_regs(key_ptr, key_len, flags);
diff --git a/plat/arm/board/common/board_common.mk b/plat/arm/board/common/board_common.mk
index 1d0eb13..1f59a4f 100644
--- a/plat/arm/board/common/board_common.mk
+++ b/plat/arm/board/common/board_common.mk
@@ -20,6 +20,7 @@
CRYPTO_ALG=rsa
ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_RSA_ID
ARM_ROTPK_HASH = plat/arm/board/common/rotpk/arm_rotpk_rsa_sha256.bin
+ ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_dev_rotpk.S
$(eval $(call add_define_val,ARM_ROTPK_HASH,'"$(ARM_ROTPK_HASH)"'))
$(BUILD_PLAT)/bl2/arm_dev_rotpk.o : $(ARM_ROTPK_HASH)
$(warning Development keys support for FVP is deprecated. Use `regs` \
@@ -28,10 +29,17 @@
CRYPTO_ALG=ec
ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_ECDSA_ID
ARM_ROTPK_HASH = plat/arm/board/common/rotpk/arm_rotpk_ecdsa_sha256.bin
+ ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_dev_rotpk.S
$(eval $(call add_define_val,ARM_ROTPK_HASH,'"$(ARM_ROTPK_HASH)"'))
$(BUILD_PLAT)/bl2/arm_dev_rotpk.o : $(ARM_ROTPK_HASH)
$(warning Development keys support for FVP is deprecated. Use `regs` \
option instead)
+else ifeq (${ARM_ROTPK_LOCATION}, devel_full_dev_rsa_key)
+ CRYPTO_ALG=rsa
+ ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_FULL_DEV_RSA_KEY_ID
+ ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_full_dev_rsa_rotpk.S
+$(warning Development keys support for FVP is deprecated. Use `regs` \
+option instead)
else
$(error "Unsupported ARM_ROTPK_LOCATION value")
endif
@@ -67,9 +75,9 @@
NTFW_NVCTR_VAL ?= 0
endif
BL1_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \
- plat/arm/board/common/rotpk/arm_dev_rotpk.S
+ ${ARM_ROTPK_S}
BL2_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \
- plat/arm/board/common/rotpk/arm_dev_rotpk.S
+ ${ARM_ROTPK_S}
# Allows platform code to provide implementation variants depending on the
# selected chain of trust.
diff --git a/plat/arm/board/common/rotpk/arm_full_dev_rsa_rotpk.S b/plat/arm/board/common/rotpk/arm_full_dev_rsa_rotpk.S
new file mode 100644
index 0000000..4bb04dc
--- /dev/null
+++ b/plat/arm/board/common/rotpk/arm_full_dev_rsa_rotpk.S
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/* corstone1000 platform provides custom values for the macros defined in
+ * arm_def.h , so only platform_def.h needs to be included
+ */
+#if !defined(TARGET_PLATFORM_FVP) && !defined(TARGET_PLATFORM_FPGA)
+#include "plat/arm/common/arm_def.h"
+#else
+#include <platform_def.h>
+#endif
+
+ .global arm_rotpk_key
+ .global arm_rotpk_key_end
+
+ .section .rodata.arm_rotpk_key, "a"
+
+arm_rotpk_key:
+ .byte 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01
+ .byte 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01
+ .byte 0x00, 0xCB, 0x2C, 0x60, 0xD5, 0x8D, 0x63, 0xD4, 0x07, 0x79, 0x7E, 0xC7, 0x16, 0x96, 0xBD, 0x4D, 0x24, 0x4E, 0xAC, 0x86, 0xE6, 0xB7, 0x71, 0xE3, 0xC5, 0x54, 0x0B, 0xE7, 0x14, 0x1C, 0xBD, 0x29, 0x1A, 0xC1, 0x3F, 0x7A, 0xB6, 0x02, 0xAA, 0xAB, 0x36, 0xC4, 0xD9, 0x36, 0x69, 0x6C, 0xE2, 0x65, 0xC3, 0x9B, 0xB1, 0xBF, 0x3D, 0xA8, 0x56, 0x26, 0xCB, 0xFD, 0x04, 0x01, 0xBA, 0xAC, 0x3E, 0x54, 0x32, 0xCA, 0x79, 0x5E, 0xBB, 0xB2, 0x05, 0xEA, 0x06, 0x58, 0xF2, 0x74, 0xBA, 0xE1, 0xF4, 0x87, 0xC0, 0x19, 0x0A, 0x1F, 0x66, 0x07, 0x77, 0x84, 0x83, 0xA1, 0x1C, 0xEF, 0xFF, 0x28, 0x59, 0xE7, 0xC3, 0x68, 0x7D, 0x26, 0x20, 0x43, 0xEB, 0x56, 0x63, 0xF3, 0x39, 0x31, 0xD8, 0x2B, 0x51, 0xA9, 0xBC, 0x4F, 0xD0, 0xF6, 0xDE, 0x95, 0xDC, 0x5F, 0x5B, 0xC1, 0xED, 0x90, 0x6F, 0xEC, 0x28, 0x91, 0x7E, 0x17, 0xED, 0x78, 0x90, 0xF4, 0x60, 0xA7, 0xC4, 0xC7, 0x4F, 0x50, 0xED, 0x5D, 0x13, 0x3A, 0x21, 0x2B, 0x70, 0xC5, 0x61, 0x7B, 0x08, 0x21, 0x65, 0x3A, 0xCD, 0x82, 0x56, 0x8C, 0x7A, 0x47, 0xAC, 0x89, 0xE8, 0xA5, 0x48, 0x48
+ .byte 0x31, 0xD9, 0x1D, 0x46, 0xE5, 0x85, 0x86, 0x98, 0xA0, 0xE5, 0xC0, 0xA6, 0x6A, 0xBD, 0x07, 0xE4, 0x92, 0x57, 0x61, 0x07, 0x8F, 0x7D, 0x5A, 0x4D, 0xCA, 0xAE, 0x36, 0xB9, 0x56, 0x04, 0x10, 0xF2, 0x6C, 0xBE, 0xF6, 0x3B, 0x6C, 0x80, 0x3E, 0xBE , 0x0E, 0xA3, 0x4D , 0xC7 , 0xD4, 0x7E , 0xA7 , 0x49, 0xD4, 0xF2, 0xD2, 0xBC, 0xCF, 0x30, 0xA8, 0xE7, 0x74, 0x8F, 0x64, 0xDF, 0xBC, 0x5C, 0x47, 0x68, 0xCC, 0x40, 0x4C, 0xF8, 0x83, 0xCC, 0xCB, 0x40, 0x35, 0x04, 0x60, 0xCA, 0xB3, 0xA4, 0x17, 0x9F, 0x03, 0xCA, 0x1D, 0x5A, 0xFA, 0xD1, 0xAF, 0x21, 0x57, 0x10, 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01
+
+arm_rotpk_key_end:
+
+.if ARM_ROTPK_KEY_LEN != arm_rotpk_key_end - arm_rotpk_key
+.error "Invalid ROTPK length."
+.endif
+
diff --git a/plat/arm/board/fvp/fvp_common.c b/plat/arm/board/fvp/fvp_common.c
index f8463f1..f5d9940 100644
--- a/plat/arm/board/fvp/fvp_common.c
+++ b/plat/arm/board/fvp/fvp_common.c
@@ -536,6 +536,7 @@
assert(manifest != NULL);
manifest->version = RMMD_MANIFEST_VERSION;
+ manifest->padding = 0U; /* RES0 */
manifest->plat_data = (uintptr_t)NULL;
return 0;
diff --git a/plat/arm/board/juno/juno_topology.c b/plat/arm/board/juno/juno_topology.c
index 075f512..768741e 100644
--- a/plat/arm/board/juno/juno_topology.c
+++ b/plat/arm/board/juno/juno_topology.c
@@ -20,7 +20,7 @@
.ring_doorbell = &mhu_ring_doorbell,
};
-scmi_channel_plat_info_t *plat_css_get_scmi_info(int channel_id)
+scmi_channel_plat_info_t *plat_css_get_scmi_info(unsigned int channel_id)
{
return &juno_scmi_plat_info;
}
diff --git a/plat/arm/board/morello/morello_bl31_setup.c b/plat/arm/board/morello/morello_bl31_setup.c
index a044212..e04587d 100644
--- a/plat/arm/board/morello/morello_bl31_setup.c
+++ b/plat/arm/board/morello/morello_bl31_setup.c
@@ -19,7 +19,7 @@
.ring_doorbell = &mhu_ring_doorbell
};
-scmi_channel_plat_info_t *plat_css_get_scmi_info(int channel_id)
+scmi_channel_plat_info_t *plat_css_get_scmi_info(unsigned int channel_id)
{
return &morello_scmi_plat_info;
}
diff --git a/plat/arm/board/n1sdp/n1sdp_bl31_setup.c b/plat/arm/board/n1sdp/n1sdp_bl31_setup.c
index 5e897fe..ad6c1f8 100644
--- a/plat/arm/board/n1sdp/n1sdp_bl31_setup.c
+++ b/plat/arm/board/n1sdp/n1sdp_bl31_setup.c
@@ -62,7 +62,7 @@
0
};
-scmi_channel_plat_info_t *plat_css_get_scmi_info(int channel_id)
+scmi_channel_plat_info_t *plat_css_get_scmi_info(unsigned int channel_id)
{
return &n1sdp_scmi_plat_info;
}
diff --git a/plat/arm/board/rdn1edge/rdn1edge_plat.c b/plat/arm/board/rdn1edge/rdn1edge_plat.c
index 1dbbf26..045c316 100644
--- a/plat/arm/board/rdn1edge/rdn1edge_plat.c
+++ b/plat/arm/board/rdn1edge/rdn1edge_plat.c
@@ -65,7 +65,8 @@
#if defined(IMAGE_BL31)
void bl31_platform_setup(void)
{
- int i, ret;
+ unsigned int i;
+ int ret;
if (plat_arm_sgi_get_multi_chip_mode() == 0 && CSS_SGI_CHIP_COUNT > 1) {
ERROR("Chip Count is set to %d but multi-chip mode not enabled\n",
diff --git a/plat/arm/board/tc/tc_bl31_setup.c b/plat/arm/board/tc/tc_bl31_setup.c
index 0523ef8..2cdf045 100644
--- a/plat/arm/board/tc/tc_bl31_setup.c
+++ b/plat/arm/board/tc/tc_bl31_setup.c
@@ -33,7 +33,7 @@
tc_bl31_common_platform_setup();
}
-scmi_channel_plat_info_t *plat_css_get_scmi_info(int channel_id)
+scmi_channel_plat_info_t *plat_css_get_scmi_info(unsigned int channel_id)
{
return &tc_scmi_plat_info[channel_id];
diff --git a/plat/arm/common/trp/arm_trp_setup.c b/plat/arm/common/trp/arm_trp_setup.c
index 59b4c06..aeacd10 100644
--- a/plat/arm/common/trp/arm_trp_setup.c
+++ b/plat/arm/common/trp/arm_trp_setup.c
@@ -28,6 +28,9 @@
static int arm_trp_process_manifest(rmm_manifest_t *manifest)
{
+ /* padding field on the manifest must be RES0 */
+ assert(manifest->padding == 0U);
+
/* Verify the Boot Manifest Version. Only the Major is considered */
if (RMMD_MANIFEST_VERSION_MAJOR !=
RMMD_GET_MANIFEST_VERSION_MAJOR(manifest->version)) {
diff --git a/plat/arm/css/sgi/sgi_bl31_setup.c b/plat/arm/css/sgi/sgi_bl31_setup.c
index 27cf183..9adcb7c 100644
--- a/plat/arm/css/sgi/sgi_bl31_setup.c
+++ b/plat/arm/css/sgi/sgi_bl31_setup.c
@@ -74,7 +74,7 @@
#endif
};
-scmi_channel_plat_info_t *plat_css_get_scmi_info(int channel_id)
+scmi_channel_plat_info_t *plat_css_get_scmi_info(unsigned int channel_id)
{
if (sgi_plat_info.platform_id == RD_N1E1_EDGE_SID_VER_PART_NUM ||
sgi_plat_info.platform_id == RD_V1_SID_VER_PART_NUM ||
diff --git a/plat/imx/imx8m/imx8mq/imx8mq_bl31_setup.c b/plat/imx/imx8m/imx8mq/imx8mq_bl31_setup.c
index 59c3779..4706c20 100644
--- a/plat/imx/imx8m/imx8mq/imx8mq_bl31_setup.c
+++ b/plat/imx/imx8m/imx8mq/imx8mq_bl31_setup.c
@@ -124,6 +124,7 @@
void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1,
u_register_t arg2, u_register_t arg3)
{
+ static console_t console;
int i;
/* enable CSU NS access permission */
for (i = 0; i < 64; i++) {
@@ -132,12 +133,10 @@
imx_aipstz_init(aipstz);
-#if DEBUG_CONSOLE
- static console_t console;
-
console_imx_uart_register(IMX_BOOT_UART_BASE, IMX_BOOT_UART_CLK_IN_HZ,
IMX_CONSOLE_BAUDRATE, &console);
-#endif
+ /* This console is only used for boot stage */
+ console_set_scope(&console, CONSOLE_FLAG_BOOT);
imx8m_caam_init();
@@ -176,23 +175,22 @@
void bl31_plat_arch_setup(void)
{
- mmap_add_region(BL31_BASE, BL31_BASE, (BL31_LIMIT - BL31_BASE),
- MT_MEMORY | MT_RW | MT_SECURE);
- mmap_add_region(BL_CODE_BASE, BL_CODE_BASE, (BL_CODE_END - BL_CODE_BASE),
- MT_MEMORY | MT_RO | MT_SECURE);
-
- /* Map TEE memory */
- mmap_add_region(BL32_BASE, BL32_BASE, BL32_SIZE, MT_MEMORY | MT_RW);
-
- mmap_add(imx_mmap);
-
+ const mmap_region_t bl_regions[] = {
+ MAP_REGION_FLAT(BL31_START, BL31_SIZE,
+ MT_MEMORY | MT_RW | MT_SECURE),
+ MAP_REGION_FLAT(BL_CODE_BASE, BL_CODE_END - BL_CODE_BASE,
+ MT_MEMORY | MT_RO | MT_SECURE),
#if USE_COHERENT_MEM
- mmap_add_region(BL_COHERENT_RAM_BASE, BL_COHERENT_RAM_BASE,
- BL_COHERENT_RAM_END - BL_COHERENT_RAM_BASE,
- MT_DEVICE | MT_RW | MT_SECURE);
+ MAP_REGION_FLAT(BL_COHERENT_RAM_BASE,
+ BL_COHERENT_RAM_END - BL_COHERENT_RAM_BASE,
+ MT_DEVICE | MT_RW | MT_SECURE),
#endif
- /* setup xlat table */
- init_xlat_tables();
+ /* Map TEE memory */
+ MAP_REGION_FLAT(BL32_BASE, BL32_SIZE, MT_MEMORY | MT_RW),
+ {0},
+ };
+
+ setup_page_tables(bl_regions, imx_mmap);
/* enable the MMU */
enable_mmu_el3(0);
}
@@ -227,11 +225,6 @@
return COUNTER_FREQUENCY;
}
-void bl31_plat_runtime_setup(void)
-{
- return;
-}
-
#ifdef SPD_trusty
void plat_trusty_set_boot_args(aapcs64_params_t *args)
{
diff --git a/plat/imx/imx8m/imx8mq/imx8mq_psci.c b/plat/imx/imx8m/imx8mq/imx8mq_psci.c
index 662017d..01582af 100644
--- a/plat/imx/imx8m/imx8mq/imx8mq_psci.c
+++ b/plat/imx/imx8m/imx8mq/imx8mq_psci.c
@@ -41,7 +41,7 @@
void imx_domain_suspend(const psci_power_state_t *target_state)
{
- uint64_t base_addr = BL31_BASE;
+ uint64_t base_addr = BL31_START;
uint64_t mpidr = read_mpidr_el1();
unsigned int core_id = MPIDR_AFFLVL0_VAL(mpidr);
diff --git a/plat/imx/imx8m/imx8mq/include/platform_def.h b/plat/imx/imx8m/imx8mq/include/platform_def.h
index 1dd22d9..bb57074 100644
--- a/plat/imx/imx8m/imx8mq/include/platform_def.h
+++ b/plat/imx/imx8m/imx8mq/include/platform_def.h
@@ -4,6 +4,8 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
+#include <plat/common/common_def.h>
+
#define PLATFORM_LINKER_FORMAT "elf64-littleaarch64"
#define PLATFORM_LINKER_ARCH aarch64
@@ -31,7 +33,8 @@
#define PLAT_STOP_OFF_STATE U(3)
#define BL31_BASE U(0x910000)
-#define BL31_LIMIT U(0x920000)
+#define BL31_SIZE SZ_64K
+#define BL31_LIMIT (BL31_BASE + BL31_SIZE)
/* non-secure uboot base */
#define PLAT_NS_IMAGE_OFFSET U(0x40200000)
@@ -54,7 +57,6 @@
#define HAB_RVT_BASE U(0x00000880) /* HAB_RVT for i.MX8MQ */
-#define IMX_BOOT_UART_BASE U(0x30860000)
#define IMX_BOOT_UART_CLK_IN_HZ 25000000 /* Select 25Mhz oscillator */
#define PLAT_CRASH_UART_BASE IMX_BOOT_UART_BASE
#define PLAT_CRASH_UART_CLK_IN_HZ 25000000
@@ -128,5 +130,4 @@
#define COUNTER_FREQUENCY 8333333 /* 25MHz / 3 */
-#define DEBUG_CONSOLE 0
#define IMX_WDOG_B_RESET
diff --git a/plat/imx/imx8m/imx8mq/platform.mk b/plat/imx/imx8m/imx8mq/platform.mk
index 7b6df92..901a974 100644
--- a/plat/imx/imx8m/imx8mq/platform.mk
+++ b/plat/imx/imx8m/imx8mq/platform.mk
@@ -38,6 +38,7 @@
${XLAT_TABLES_LIB_SRCS} \
${IMX_GIC_SOURCES}
+ENABLE_PIE := 1
USE_COHERENT_MEM := 1
RESET_TO_BL31 := 1
A53_DISABLE_NON_TEMPORAL_HINT := 0
@@ -52,6 +53,9 @@
BL32_SIZE ?= 0x2000000
$(eval $(call add_define,BL32_SIZE))
+IMX_BOOT_UART_BASE ?= 0x30860000
+$(eval $(call add_define,IMX_BOOT_UART_BASE))
+
ifeq (${SPD},trusty)
BL31_CFLAGS += -DPLAT_XLAT_TABLES_DYNAMIC=1
endif
diff --git a/plat/qemu/common/qemu_bl2_mem_params_desc.c b/plat/qemu/common/qemu_bl2_mem_params_desc.c
index 5af3a22..bb1797d 100644
--- a/plat/qemu/common/qemu_bl2_mem_params_desc.c
+++ b/plat/qemu/common/qemu_bl2_mem_params_desc.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2022, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -9,6 +9,18 @@
#include <common/desc_image_load.h>
#include <plat/common/platform.h>
+#define SP_PKG_ENTRY(id) \
+ { \
+ .image_id = (id), \
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_IMAGE_BINARY, VERSION_2, \
+ entry_point_info_t, \
+ SECURE | NON_EXECUTABLE), \
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_IMAGE_BINARY, \
+ VERSION_2, image_info_t, \
+ IMAGE_ATTRIB_SKIP_LOADING), \
+ .next_handoff_image_id = INVALID_IMAGE_ID, \
+ }
+
/*******************************************************************************
* Following descriptor provides BL image/ep information that gets used
* by BL2 to load the images and also subset of this information is
@@ -122,6 +134,48 @@
#endif
.next_handoff_image_id = INVALID_IMAGE_ID,
},
+
+#if defined(SPD_spmd)
+ /* Fill TOS_FW_CONFIG related information */
+ {
+ .image_id = TOS_FW_CONFIG_ID,
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_IMAGE_BINARY,
+ VERSION_2, entry_point_info_t, SECURE | NON_EXECUTABLE),
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_IMAGE_BINARY,
+ VERSION_2, image_info_t, 0),
+ .image_info.image_base = TOS_FW_CONFIG_BASE,
+ .image_info.image_max_size = TOS_FW_CONFIG_LIMIT -
+ TOS_FW_CONFIG_BASE,
+ .next_handoff_image_id = INVALID_IMAGE_ID,
+ },
+
+#if SPMD_SPM_AT_SEL2
+ /* Fill TB_FW_CONFIG related information */
+ {
+ .image_id = TB_FW_CONFIG_ID,
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_IMAGE_BINARY,
+ VERSION_2, entry_point_info_t, SECURE | NON_EXECUTABLE),
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_IMAGE_BINARY,
+ VERSION_2, image_info_t, 0),
+ .image_info.image_base = TB_FW_CONFIG_BASE,
+ .image_info.image_max_size = TB_FW_CONFIG_LIMIT - TB_FW_CONFIG_BASE,
+ .next_handoff_image_id = INVALID_IMAGE_ID,
+ },
+
+ /*
+ * Empty entries for SP packages to be filled in according to
+ * TB_FW_CONFIG.
+ */
+ SP_PKG_ENTRY(SP_PKG1_ID),
+ SP_PKG_ENTRY(SP_PKG2_ID),
+ SP_PKG_ENTRY(SP_PKG3_ID),
+ SP_PKG_ENTRY(SP_PKG4_ID),
+ SP_PKG_ENTRY(SP_PKG5_ID),
+ SP_PKG_ENTRY(SP_PKG6_ID),
+ SP_PKG_ENTRY(SP_PKG7_ID),
+ SP_PKG_ENTRY(SP_PKG8_ID),
+#endif
+#endif
# endif /* QEMU_LOAD_BL32 */
/* Fill BL33 related information */
diff --git a/plat/qemu/common/qemu_bl2_setup.c b/plat/qemu/common/qemu_bl2_setup.c
index 2c0da15..be55877 100644
--- a/plat/qemu/common/qemu_bl2_setup.c
+++ b/plat/qemu/common/qemu_bl2_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -16,6 +16,7 @@
#include <common/debug.h>
#include <common/desc_image_load.h>
#include <common/fdt_fixup.h>
+#include <common/fdt_wrappers.h>
#include <lib/optee_utils.h>
#include <lib/utils.h>
#include <plat/common/platform.h>
@@ -140,6 +141,48 @@
return spsr;
}
+#if defined(SPD_spmd) && SPMD_SPM_AT_SEL2
+static int load_sps_from_tb_fw_config(struct image_info *image_info)
+{
+ void *dtb = (void *)image_info->image_base;
+ const char *compat_str = "arm,sp";
+ const struct fdt_property *uuid;
+ uint32_t load_addr;
+ const char *name;
+ int sp_node;
+ int node;
+
+ node = fdt_node_offset_by_compatible(dtb, -1, compat_str);
+ if (node < 0) {
+ ERROR("Can't find %s in TB_FW_CONFIG", compat_str);
+ return -1;
+ }
+
+ fdt_for_each_subnode(sp_node, dtb, node) {
+ name = fdt_get_name(dtb, sp_node, NULL);
+ if (name == NULL) {
+ ERROR("Can't get name of node in dtb\n");
+ return -1;
+ }
+ uuid = fdt_get_property(dtb, sp_node, "uuid", NULL);
+ if (uuid == NULL) {
+ ERROR("Can't find property uuid in node %s", name);
+ return -1;
+ }
+ if (fdt_read_uint32(dtb, sp_node, "load-address",
+ &load_addr) < 0) {
+ ERROR("Can't read load-address in node %s", name);
+ return -1;
+ }
+ if (qemu_io_register_sp_pkg(name, uuid->data, load_addr) < 0) {
+ return -1;
+ }
+ }
+
+ return 0;
+}
+#endif /*defined(SPD_spmd) && SPMD_SPM_AT_SEL2*/
+
static int qemu_bl2_handle_post_image_load(unsigned int image_id)
{
int err = 0;
@@ -149,8 +192,7 @@
bl_mem_params_node_t *paged_mem_params = NULL;
#endif
#if defined(SPD_spmd)
- unsigned int mode_rw = MODE_RW_64;
- uint64_t pagable_part = 0;
+ bl_mem_params_node_t *bl32_mem_params = NULL;
#endif
assert(bl_mem_params);
@@ -170,17 +212,18 @@
if (err != 0) {
WARN("OPTEE header parse error.\n");
}
-#if defined(SPD_spmd)
- mode_rw = bl_mem_params->ep_info.args.arg0;
- pagable_part = bl_mem_params->ep_info.args.arg1;
-#endif
#endif
-#if defined(SPD_spmd)
- bl_mem_params->ep_info.args.arg0 = ARM_PRELOADED_DTB_BASE;
- bl_mem_params->ep_info.args.arg1 = pagable_part;
- bl_mem_params->ep_info.args.arg2 = mode_rw;
- bl_mem_params->ep_info.args.arg3 = 0;
+#if defined(SPMC_OPTEE)
+ /*
+ * Explicit zeroes to unused registers since they may have
+ * been populated by parse_optee_header() above.
+ *
+ * OP-TEE expects system DTB in x2 and TOS_FW_CONFIG in x0,
+ * the latter is filled in below for TOS_FW_CONFIG_ID and
+ * applies to any other SPMC too.
+ */
+ bl_mem_params->ep_info.args.arg2 = ARM_PRELOADED_DTB_BASE;
#elif defined(SPD_opteed)
/*
* OP-TEE expect to receive DTB address in x2.
@@ -224,6 +267,19 @@
bl_mem_params->ep_info.spsr = qemu_get_spsr_for_bl33_entry();
break;
+#ifdef SPD_spmd
+#if SPMD_SPM_AT_SEL2
+ case TB_FW_CONFIG_ID:
+ err = load_sps_from_tb_fw_config(&bl_mem_params->image_info);
+ break;
+#endif
+ case TOS_FW_CONFIG_ID:
+ /* An SPMC expects TOS_FW_CONFIG in x0/r0 */
+ bl32_mem_params = get_bl_mem_params_node(BL32_IMAGE_ID);
+ bl32_mem_params->ep_info.args.arg0 =
+ bl_mem_params->image_info.image_base;
+ break;
+#endif
default:
/* Do nothing in default case */
break;
diff --git a/plat/qemu/common/qemu_common.c b/plat/qemu/common/qemu_common.c
index 0c184f4..23ac581 100644
--- a/plat/qemu/common/qemu_common.c
+++ b/plat/qemu/common/qemu_common.c
@@ -10,6 +10,7 @@
#include <arch_helpers.h>
#include <common/bl_common.h>
#include <lib/xlat_tables/xlat_tables_v2.h>
+#include <services/el3_spmc_ffa_memory.h>
#include <plat/common/platform.h>
#include "qemu_private.h"
@@ -100,7 +101,7 @@
#if SPM_MM
MAP_NS_DRAM0,
QEMU_SPM_BUF_EL3_MMAP,
-#else
+#elif !SPMC_AT_EL3
MAP_BL32_MEM,
#endif
{0}
@@ -167,3 +168,30 @@
return get_mbedtls_heap_helper(heap_addr, heap_size);
}
#endif
+
+#if SPMC_AT_EL3
+/*
+ * When using the EL3 SPMC implementation allocate the datastore
+ * for tracking shared memory descriptors in normal memory.
+ */
+#define PLAT_SPMC_SHMEM_DATASTORE_SIZE 64 * 1024
+
+uint8_t plat_spmc_shmem_datastore[PLAT_SPMC_SHMEM_DATASTORE_SIZE];
+
+int plat_spmc_shmem_datastore_get(uint8_t **datastore, size_t *size)
+{
+ *datastore = plat_spmc_shmem_datastore;
+ *size = PLAT_SPMC_SHMEM_DATASTORE_SIZE;
+ return 0;
+}
+
+int plat_spmc_shmem_begin(struct ffa_mtd *desc)
+{
+ return 0;
+}
+
+int plat_spmc_shmem_reclaim(struct ffa_mtd *desc)
+{
+ return 0;
+}
+#endif
diff --git a/plat/qemu/common/qemu_io_storage.c b/plat/qemu/common/qemu_io_storage.c
index 1107e44..4c61b14 100644
--- a/plat/qemu/common/qemu_io_storage.c
+++ b/plat/qemu/common/qemu_io_storage.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -11,6 +11,8 @@
#include <common/bl_common.h>
#include <common/debug.h>
+#include <common/desc_image_load.h>
+#include <common/uuid.h>
#include <drivers/io/io_driver.h>
#include <drivers/io/io_encrypted.h>
#include <drivers/io/io_fip.h>
@@ -20,10 +22,14 @@
#include <lib/semihosting.h>
#include <tools_share/firmware_image_package.h>
+#include "qemu_private.h"
+
/* Semihosting filenames */
#define BL2_IMAGE_NAME "bl2.bin"
#define BL31_IMAGE_NAME "bl31.bin"
#define BL32_IMAGE_NAME "bl32.bin"
+#define TB_FW_CONFIG_NAME "tb_fw_config.dtb"
+#define TOS_FW_CONFIG_NAME "tos_fw_config.dtb"
#define BL32_EXTRA1_IMAGE_NAME "bl32_extra1.bin"
#define BL32_EXTRA2_IMAGE_NAME "bl32_extra2.bin"
#define BL33_IMAGE_NAME "bl33.bin"
@@ -78,6 +84,14 @@
.uuid = UUID_SECURE_PAYLOAD_BL32_EXTRA2,
};
+static const io_uuid_spec_t tb_fw_config_uuid_spec = {
+ .uuid = UUID_TB_FW_CONFIG,
+};
+
+static const io_uuid_spec_t tos_fw_config_uuid_spec = {
+ .uuid = UUID_TOS_FW_CONFIG,
+};
+
static const io_uuid_spec_t bl33_uuid_spec = {
.uuid = UUID_NON_TRUSTED_FIRMWARE_BL33,
};
@@ -137,6 +151,14 @@
.path = BL32_EXTRA2_IMAGE_NAME,
.mode = FOPEN_MODE_RB
},
+ [TB_FW_CONFIG_ID] = {
+ .path = TB_FW_CONFIG_NAME,
+ .mode = FOPEN_MODE_RB
+ },
+ [TOS_FW_CONFIG_ID] = {
+ .path = TOS_FW_CONFIG_NAME,
+ .mode = FOPEN_MODE_RB
+ },
[BL33_IMAGE_ID] = {
.path = BL33_IMAGE_NAME,
.mode = FOPEN_MODE_RB
@@ -252,6 +274,16 @@
open_fip
},
#endif
+ [TB_FW_CONFIG_ID] = {
+ &fip_dev_handle,
+ (uintptr_t)&tb_fw_config_uuid_spec,
+ open_fip
+ },
+ [TOS_FW_CONFIG_ID] = {
+ &fip_dev_handle,
+ (uintptr_t)&tos_fw_config_uuid_spec,
+ open_fip
+ },
[BL33_IMAGE_ID] = {
&fip_dev_handle,
(uintptr_t)&bl33_uuid_spec,
@@ -301,6 +333,80 @@
#endif /* TRUSTED_BOARD_BOOT */
};
+#if defined(SPD_spmd)
+static struct sp_pkg {
+ struct plat_io_policy policy;
+ io_file_spec_t sh_file_spec;
+ uint8_t uuid[UUID_BYTES_LENGTH];
+ char path[80];
+} sp_pkgs[MAX_SP_IDS];
+static unsigned int sp_pkg_count;
+
+int qemu_io_register_sp_pkg(const char *name, const char *uuid,
+ uintptr_t load_addr)
+{
+ struct sp_pkg *pkg;
+ bl_mem_params_node_t *mem_params;
+
+ if (sp_pkg_count == MAX_SP_IDS) {
+ INFO("Reached Max number of SPs\n");
+ return -1;
+ }
+ mem_params = get_bl_mem_params_node(SP_PKG1_ID + sp_pkg_count);
+ if (mem_params == NULL) {
+ ERROR("Can't find SP_PKG ID %u (SP_PKG%u_ID)\n",
+ SP_PKG1_ID + sp_pkg_count, sp_pkg_count);
+ return -1;
+ }
+ pkg = sp_pkgs + sp_pkg_count;
+
+ if (read_uuid(pkg->uuid, (char *)uuid)) {
+ return -1;
+ }
+
+ strlcpy(pkg->path, name, sizeof(pkg->path));
+ strlcat(pkg->path, ".pkg", sizeof(pkg->path));
+
+ pkg->policy.dev_handle = &fip_dev_handle;
+ pkg->policy.image_spec = (uintptr_t)&pkg->uuid;
+ pkg->policy.check = open_fip;
+ pkg->sh_file_spec.path = pkg->path;
+ pkg->sh_file_spec.mode = FOPEN_MODE_RB;
+
+ mem_params->image_info.image_base = load_addr;
+ mem_params->image_info.image_max_size = SZ_4M;
+ mem_params->image_info.h.attr &= ~IMAGE_ATTRIB_SKIP_LOADING;
+
+ sp_pkg_count++;
+
+ return 0;
+}
+#endif /*SPD_spmd*/
+
+static const io_file_spec_t *get_io_file_spec(unsigned int image_id)
+{
+#if defined(SPD_spmd)
+ if (image_id >= SP_PKG1_ID && image_id <= SP_PKG8_ID) {
+ return &sp_pkgs[image_id - SP_PKG1_ID].sh_file_spec;
+ }
+#endif
+
+ assert(image_id < ARRAY_SIZE(sh_file_spec));
+ return &sh_file_spec[image_id];
+}
+
+static const struct plat_io_policy *get_io_policy(unsigned int image_id)
+{
+#if defined(SPD_spmd)
+ if (image_id >= SP_PKG1_ID && image_id <= SP_PKG8_ID) {
+ return &sp_pkgs[image_id - SP_PKG1_ID].policy;
+ }
+#endif
+
+ assert(image_id < ARRAY_SIZE(policies));
+ return &policies[image_id];
+}
+
static int open_fip(const uintptr_t spec)
{
int result;
@@ -413,11 +519,13 @@
static int get_alt_image_source(unsigned int image_id, uintptr_t *dev_handle,
uintptr_t *image_spec)
{
- int result = open_semihosting((const uintptr_t)&sh_file_spec[image_id]);
+ const io_file_spec_t *spec = get_io_file_spec(image_id);
+ int result;
+ result = open_semihosting((const uintptr_t)spec);
if (result == 0) {
*dev_handle = sh_dev_handle;
- *image_spec = (uintptr_t)&sh_file_spec[image_id];
+ *image_spec = (uintptr_t)spec;
}
return result;
@@ -430,12 +538,9 @@
int plat_get_image_source(unsigned int image_id, uintptr_t *dev_handle,
uintptr_t *image_spec)
{
+ const struct plat_io_policy *policy = get_io_policy(image_id);
int result;
- const struct plat_io_policy *policy;
-
- assert(image_id < ARRAY_SIZE(policies));
- policy = &policies[image_id];
result = policy->check(policy->image_spec);
if (result == 0) {
*image_spec = policy->image_spec;
diff --git a/plat/qemu/common/qemu_private.h b/plat/qemu/common/qemu_private.h
index c313cb6..159c44f 100644
--- a/plat/qemu/common/qemu_private.h
+++ b/plat/qemu/common/qemu_private.h
@@ -26,6 +26,8 @@
unsigned long coh_start, unsigned long coh_limit);
void plat_qemu_io_setup(void);
+int qemu_io_register_sp_pkg(const char *name, const char *uuid,
+ uintptr_t load_addr);
unsigned int plat_qemu_calc_core_pos(u_register_t mpidr);
void qemu_console_init(void);
diff --git a/plat/qemu/common/qemu_spmd_manifest.c b/plat/qemu/common/qemu_spmd_manifest.c
deleted file mode 100644
index fd46e26..0000000
--- a/plat/qemu/common/qemu_spmd_manifest.c
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <assert.h>
-
-#include <services/spm_core_manifest.h>
-
-#include <plat/common/platform.h>
-#include <platform_def.h>
-
-int plat_spm_core_manifest_load(spmc_manifest_attribute_t *manifest,
- const void *pm_addr)
-{
- entry_point_info_t *ep_info = bl31_plat_get_next_image_ep_info(SECURE);
-
- assert(ep_info != NULL);
- assert(manifest != NULL);
-
- manifest->major_version = 1;
- manifest->minor_version = 0;
- manifest->exec_state = ep_info->args.arg2;
- manifest->load_address = BL32_BASE;
- manifest->entrypoint = BL32_BASE;
- manifest->binary_size = BL32_LIMIT - BL32_BASE;
- manifest->spmc_id = 0x8000;
-
- return 0;
-}
diff --git a/plat/qemu/qemu/include/platform_def.h b/plat/qemu/qemu/include/platform_def.h
index a22fbe5..803f8e2 100644
--- a/plat/qemu/qemu/include/platform_def.h
+++ b/plat/qemu/qemu/include/platform_def.h
@@ -118,6 +118,11 @@
#define BL_RAM_BASE (SHARED_RAM_BASE + SHARED_RAM_SIZE)
#define BL_RAM_SIZE (SEC_SRAM_SIZE - SHARED_RAM_SIZE)
+#define TB_FW_CONFIG_BASE BL_RAM_BASE
+#define TB_FW_CONFIG_LIMIT (TB_FW_CONFIG_BASE + PAGE_SIZE)
+#define TOS_FW_CONFIG_BASE TB_FW_CONFIG_LIMIT
+#define TOS_FW_CONFIG_LIMIT (TOS_FW_CONFIG_BASE + PAGE_SIZE)
+
/*
* BL1 specific defines.
*
@@ -183,8 +188,8 @@
#define PLAT_PHY_ADDR_SPACE_SIZE (1ULL << 32)
#define PLAT_VIRT_ADDR_SPACE_SIZE (1ULL << 32)
-#define MAX_MMAP_REGIONS 11
-#define MAX_XLAT_TABLES 6
+#define MAX_MMAP_REGIONS (11 + MAX_MMAP_REGIONS_SPMC)
+#define MAX_XLAT_TABLES (6 + MAX_XLAT_TABLES_SPMC)
#define MAX_IO_DEVICES 4
#define MAX_IO_HANDLES 4
@@ -275,4 +280,32 @@
*/
#define PLAT_EVENT_LOG_MAX_SIZE UL(0x400)
+#if SPMC_AT_EL3
+/*
+ * Number of Secure Partitions supported.
+ * SPMC at EL3, uses this count to configure the maximum number of
+ * supported secure partitions.
+ */
+#define SECURE_PARTITION_COUNT 1
+
+/*
+ * Number of Logical Partitions supported.
+ * SPMC at EL3, uses this count to configure the maximum number of
+ * supported logical partitions.
+ */
+#define MAX_EL3_LP_DESCS_COUNT 0
+
+/*
+ * Number of Normal World Partitions supported.
+ * SPMC at EL3, uses this count to configure the maximum number of
+ * supported normal world partitions.
+ */
+#define NS_PARTITION_COUNT 1
+
+#define MAX_MMAP_REGIONS_SPMC 2
+#define MAX_XLAT_TABLES_SPMC 4
+#else
+#define MAX_MMAP_REGIONS_SPMC 0
+#define MAX_XLAT_TABLES_SPMC 0
+#endif
#endif /* PLATFORM_DEF_H */
diff --git a/plat/qemu/qemu/platform.mk b/plat/qemu/qemu/platform.mk
index 2cf2b9a..4cbce9d 100644
--- a/plat/qemu/qemu/platform.mk
+++ b/plat/qemu/qemu/platform.mk
@@ -161,7 +161,8 @@
${PLAT_QEMU_COMMON_PATH}/qemu_image_load.c \
common/fdt_fixup.c \
common/fdt_wrappers.c \
- common/desc_image_load.c
+ common/desc_image_load.c \
+ common/uuid.c
ifeq ($(add-lib-optee),yes)
BL2_SOURCES += lib/optee/optee_utils.c
@@ -217,7 +218,10 @@
endif
ifeq (${SPD},spmd)
-BL31_SOURCES += plat/qemu/common/qemu_spmd_manifest.c
+BL31_SOURCES += plat/common/plat_spmd_manifest.c \
+ common/uuid.c \
+ ${LIBFDT_SRCS} \
+ ${FDT_WRAPPERS_SOURCES}
endif
endif
@@ -238,6 +242,20 @@
endif
endif
+ifneq ($(QEMU_TB_FW_CONFIG_DTS),)
+FDT_SOURCES += ${QEMU_TB_FW_CONFIG_DTS}
+QEMU_TB_FW_CONFIG := ${BUILD_PLAT}/fdts/$(notdir $(basename ${QEMU_TB_FW_CONFIG_DTS})).dtb
+# Add the TB_FW_CONFIG to FIP
+$(eval $(call TOOL_ADD_PAYLOAD,${QEMU_TB_FW_CONFIG},--tb-fw-config,${QEMU_TB_FW_CONFIG}))
+endif
+
+ifneq ($(QEMU_TOS_FW_CONFIG_DTS),)
+FDT_SOURCES += ${QEMU_TOS_FW_CONFIG_DTS}
+QEMU_TOS_FW_CONFIG := ${BUILD_PLAT}/fdts/$(notdir $(basename ${QEMU_TOS_FW_CONFIG_DTS})).dtb
+# Add the TOS_FW_CONFIG to FIP
+$(eval $(call TOOL_ADD_PAYLOAD,${QEMU_TOS_FW_CONFIG},--tos-fw-config,${QEMU_TOS_FW_CONFIG}))
+endif
+
SEPARATE_CODE_AND_RODATA := 1
ENABLE_STACK_PROTECTOR := 0
ifneq ($(ENABLE_STACK_PROTECTOR), 0)
diff --git a/plat/st/common/bl2_io_storage.c b/plat/st/common/bl2_io_storage.c
index b271ed6..1bbaff6 100644
--- a/plat/st/common/bl2_io_storage.c
+++ b/plat/st/common/bl2_io_storage.c
@@ -607,7 +607,7 @@
* - we already boot FWU_MAX_TRIAL_REBOOT times in trial mode.
* we select the previous_active_index.
*/
-#define INVALID_BOOT_IDX 0xFFFFFFFF
+#define INVALID_BOOT_IDX 0xFFFFFFFFU
uint32_t plat_fwu_get_boot_idx(void)
{
diff --git a/plat/st/common/include/stm32mp_efi.h b/plat/st/common/include/stm32mp_efi.h
index 490560f..af9165f 100644
--- a/plat/st/common/include/stm32mp_efi.h
+++ b/plat/st/common/include/stm32mp_efi.h
@@ -1,6 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause */
/*
* Copyright (c) 2021, Linaro Limited
+ * Copyright (c) 2022, STMicroelectronics - All Rights Reserved
*/
#ifndef STM32MP_EFI_H
@@ -9,7 +10,7 @@
#include <drivers/partition/efi.h>
#define STM32MP_FIP_GUID \
- EFI_GUID(0x19d5df83, 0x11b0, 0x457b, \
- 0xbe, 0x2c, 0x75, 0x59, 0xc1, 0x31, 0x42, 0xa5)
+ EFI_GUID(0x19d5df83U, 0x11b0U, 0x457bU, \
+ 0xbeU, 0x2cU, 0x75U, 0x59U, 0xc1U, 0x31U, 0x42U, 0xa5U)
#endif /* STM32MP_EFI_H */
diff --git a/plat/st/common/stm32mp_crypto_lib.c b/plat/st/common/stm32mp_crypto_lib.c
index d644242..acfe701 100644
--- a/plat/st/common/stm32mp_crypto_lib.c
+++ b/plat/st/common/stm32mp_crypto_lib.c
@@ -16,6 +16,7 @@
#include <drivers/st/stm32_pka.h>
#include <drivers/st/stm32_rng.h>
#include <drivers/st/stm32_saes.h>
+#include <lib/utils.h>
#include <lib/xlat_tables/xlat_tables_v2.h>
#include <mbedtls/asn1.h>
#include <mbedtls/md.h>
diff --git a/plat/st/common/stm32mp_dt.c b/plat/st/common/stm32mp_dt.c
index c9efeb5..34d52e1 100644
--- a/plat/st/common/stm32mp_dt.c
+++ b/plat/st/common/stm32mp_dt.c
@@ -79,11 +79,8 @@
}
cchar = fdt_getprop(fdt, node, "secure-status", NULL);
- if (cchar == NULL) {
- if (status == DT_NON_SECURE) {
- status |= DT_SECURE;
- }
- } else if (strncmp(cchar, "okay", strlen("okay")) == 0) {
+ if (((cchar == NULL) && (status == DT_NON_SECURE)) ||
+ ((cchar != NULL) && (strncmp(cchar, "okay", strlen("okay")) == 0))) {
status |= DT_SECURE;
}
@@ -350,7 +347,7 @@
return -FDT_ERR_BADVALUE;
}
- if (fdt32_to_cpu(*cuint) % sizeof(uint32_t)) {
+ if ((fdt32_to_cpu(*cuint) % sizeof(uint32_t)) != 0U) {
ERROR("Misaligned nvmem %s element: ignored\n", name);
return -FDT_ERR_BADVALUE;
}
@@ -386,7 +383,7 @@
fdt_for_each_subnode(node, fdt, pinctrl_node) {
const fdt32_t *cuint;
- int pin_count;
+ int pin_count = 0;
int len;
int i;
@@ -415,11 +412,9 @@
}
/* Get the last defined gpio line (offset + nb of pins) */
- pin_count = fdt32_to_cpu(*(cuint + 1)) + fdt32_to_cpu(*(cuint + 3));
- for (i = 0; i < len / 4; i++) {
- pin_count = MAX(pin_count, (int)(fdt32_to_cpu(*(cuint + 1)) +
- fdt32_to_cpu(*(cuint + 3))));
- cuint += 4;
+ for (i = 0; i < len; i += 4) {
+ pin_count = MAX(pin_count, (int)(fdt32_to_cpu(cuint[i + 1]) +
+ fdt32_to_cpu(cuint[i + 3])));
}
return pin_count;
diff --git a/plat/st/stm32mp1/bl2_plat_setup.c b/plat/st/stm32mp1/bl2_plat_setup.c
index 4f04a6f..87d2d39 100644
--- a/plat/st/stm32mp1/bl2_plat_setup.c
+++ b/plat/st/stm32mp1/bl2_plat_setup.c
@@ -543,20 +543,15 @@
void bl2_el3_plat_prepare_exit(void)
{
+#if STM32MP_UART_PROGRAMMER || STM32MP_USB_PROGRAMMER
uint16_t boot_itf = stm32mp_get_boot_itf_selected();
- switch (boot_itf) {
-#if STM32MP_UART_PROGRAMMER || STM32MP_USB_PROGRAMMER
- case BOOT_API_CTX_BOOT_INTERFACE_SEL_SERIAL_UART:
- case BOOT_API_CTX_BOOT_INTERFACE_SEL_SERIAL_USB:
+ if ((boot_itf == BOOT_API_CTX_BOOT_INTERFACE_SEL_SERIAL_UART) ||
+ (boot_itf == BOOT_API_CTX_BOOT_INTERFACE_SEL_SERIAL_USB)) {
/* Invalidate the downloaded buffer used with io_memmap */
inv_dcache_range(DWL_BUFFER_BASE, DWL_BUFFER_SIZE);
- break;
-#endif /* STM32MP_UART_PROGRAMMER || STM32MP_USB_PROGRAMMER */
- default:
- /* Do nothing in default case */
- break;
}
+#endif /* STM32MP_UART_PROGRAMMER || STM32MP_USB_PROGRAMMER */
stm32mp1_security_setup();
}
diff --git a/plat/st/stm32mp1/stm32mp1_fconf_firewall.c b/plat/st/stm32mp1/stm32mp1_fconf_firewall.c
index f2568ab..7d99564 100644
--- a/plat/st/stm32mp1/stm32mp1_fconf_firewall.c
+++ b/plat/st/stm32mp1/stm32mp1_fconf_firewall.c
@@ -99,15 +99,16 @@
/* Locate the memory cells and read all values */
for (i = 0U; i < (unsigned int)(len / (sizeof(uint32_t) * STM32MP_REGION_PARAMS)); i++) {
+ uint32_t idx = i * STM32MP_REGION_PARAMS;
uint32_t base;
uint32_t size;
uint32_t sec_attr;
uint32_t nsaid;
- base = fdt32_to_cpu(conf_list->id_attr[i * STM32MP_REGION_PARAMS]);
- size = fdt32_to_cpu(conf_list->id_attr[i * STM32MP_REGION_PARAMS + 1]);
- sec_attr = fdt32_to_cpu(conf_list->id_attr[i * STM32MP_REGION_PARAMS + 2]);
- nsaid = fdt32_to_cpu(conf_list->id_attr[i * STM32MP_REGION_PARAMS + 3]);
+ base = fdt32_to_cpu(conf_list->id_attr[idx]);
+ size = fdt32_to_cpu(conf_list->id_attr[idx + 1]);
+ sec_attr = fdt32_to_cpu(conf_list->id_attr[idx + 2]);
+ nsaid = fdt32_to_cpu(conf_list->id_attr[idx + 3]);
VERBOSE("FCONF: stm32mp1-firewall cell found with value = 0x%x 0x%x 0x%x 0x%x\n",
base, size, sec_attr, nsaid);
diff --git a/plat/st/stm32mp1/stm32mp1_private.c b/plat/st/stm32mp1/stm32mp1_private.c
index 9bdb075..e6cb071 100644
--- a/plat/st/stm32mp1/stm32mp1_private.c
+++ b/plat/st/stm32mp1/stm32mp1_private.c
@@ -140,14 +140,14 @@
uintptr_t stm32_get_gpio_bank_base(unsigned int bank)
{
#if STM32MP13
- assert(GPIO_BANK_A == 0 && bank <= GPIO_BANK_I);
+ assert((GPIO_BANK_A == 0) && (bank <= GPIO_BANK_I));
#endif
#if STM32MP15
if (bank == GPIO_BANK_Z) {
return GPIOZ_BASE;
}
- assert(GPIO_BANK_A == 0 && bank <= GPIO_BANK_K);
+ assert((GPIO_BANK_A == 0) && (bank <= GPIO_BANK_K));
#endif
return GPIOA_BASE + (bank * GPIO_BANK_OFFSET);
@@ -156,14 +156,14 @@
uint32_t stm32_get_gpio_bank_offset(unsigned int bank)
{
#if STM32MP13
- assert(GPIO_BANK_A == 0 && bank <= GPIO_BANK_I);
+ assert((GPIO_BANK_A == 0) && (bank <= GPIO_BANK_I));
#endif
#if STM32MP15
if (bank == GPIO_BANK_Z) {
return 0;
}
- assert(GPIO_BANK_A == 0 && bank <= GPIO_BANK_K);
+ assert((GPIO_BANK_A == 0) && (bank <= GPIO_BANK_K));
#endif
return bank * GPIO_BANK_OFFSET;
@@ -186,14 +186,14 @@
unsigned long stm32_get_gpio_bank_clock(unsigned int bank)
{
#if STM32MP13
- assert(GPIO_BANK_A == 0 && bank <= GPIO_BANK_I);
+ assert((GPIO_BANK_A == 0) && (bank <= GPIO_BANK_I));
#endif
#if STM32MP15
if (bank == GPIO_BANK_Z) {
return GPIOZ;
}
- assert(GPIO_BANK_A == 0 && bank <= GPIO_BANK_K);
+ assert((GPIO_BANK_A == 0) && (bank <= GPIO_BANK_K));
#endif
return GPIOA + (bank - GPIO_BANK_A);
@@ -378,7 +378,7 @@
void stm32mp_get_soc_name(char name[STM32_SOC_NAME_SIZE])
{
- char *cpu_s, *cpu_r, *pkg;
+ const char *cpu_s, *cpu_r, *pkg;
/* MPUs Part Numbers */
switch (get_part_number()) {
diff --git a/plat/st/stm32mp1/stm32mp1_syscfg.c b/plat/st/stm32mp1/stm32mp1_syscfg.c
index ff79428..75dd709 100644
--- a/plat/st/stm32mp1/stm32mp1_syscfg.c
+++ b/plat/st/stm32mp1/stm32mp1_syscfg.c
@@ -235,7 +235,9 @@
}
if (apply_hslv) {
- mmio_write_32(SYSCFG_BASE + SYSCFG_HSLVEN0R + index * sizeof(uint32_t), HSLV_KEY);
+ uint32_t reg_offset = index * sizeof(uint32_t);
+
+ mmio_write_32(SYSCFG_BASE + SYSCFG_HSLVEN0R + reg_offset, HSLV_KEY);
}
}
#endif
diff --git a/plat/xilinx/common/ipi_mailbox_service/ipi_mailbox_svc.c b/plat/xilinx/common/ipi_mailbox_service/ipi_mailbox_svc.c
index cb6aaa5..30b0176 100644
--- a/plat/xilinx/common/ipi_mailbox_service/ipi_mailbox_svc.c
+++ b/plat/xilinx/common/ipi_mailbox_service/ipi_mailbox_svc.c
@@ -21,7 +21,6 @@
#include <plat_private.h>
#include "ipi_mailbox_svc.h"
-#include "../../../services/spd/trusty/smcall.h"
/*********************************************************************
* Macros definitions
@@ -75,17 +74,19 @@
ipi_local_id = x1 & UNSIGNED32_MASK;
ipi_remote_id = x2 & UNSIGNED32_MASK;
- if (SMC_ENTITY(smc_fid) >= SMC_ENTITY_TRUSTED_APP)
+ if ((GET_SMC_OEN(smc_fid) >= OEN_TAP_START) &&
+ (GET_SMC_OEN(smc_fid) <= OEN_TOS_END)) {
is_secure = 1;
- else
+ } else {
is_secure = 0;
+ }
/* Validate IPI mailbox access */
ret = ipi_mb_validate(ipi_local_id, ipi_remote_id, is_secure);
if (ret)
SMC_RET1(handle, ret);
- switch (SMC_FUNCTION(smc_fid)) {
+ switch (GET_SMC_NUM(smc_fid)) {
case IPI_MAILBOX_OPEN:
ipi_mb_open(ipi_local_id, ipi_remote_id);
SMC_RET1(handle, 0);
diff --git a/services/std_svc/rmmd/trp/trp_entry.S b/services/std_svc/rmmd/trp/trp_entry.S
index ae9f9aa..3e1d8c9 100644
--- a/services/std_svc/rmmd/trp/trp_entry.S
+++ b/services/std_svc/rmmd/trp/trp_entry.S
@@ -83,7 +83,17 @@
mov x3, x23
bl trp_setup
bl trp_main
+ b 1f
+
warm_boot:
+ mov x0, x20
+ mov x1, x21
+ mov x2, x22
+ mov x3, x23
+ bl trp_validate_warmboot_args
+ cbnz x0, trp_panic /* Failed to validate warmboot args */
+
+1:
mov_imm x0, RMM_BOOT_COMPLETE
mov x1, xzr /* RMM_BOOT_SUCCESS */
smc #0
diff --git a/services/std_svc/rmmd/trp/trp_main.c b/services/std_svc/rmmd/trp/trp_main.c
index ce3260f..196bc11 100644
--- a/services/std_svc/rmmd/trp/trp_main.c
+++ b/services/std_svc/rmmd/trp/trp_main.c
@@ -65,6 +65,24 @@
trp_early_platform_setup((rmm_manifest_t *)trp_shared_region_start);
}
+int trp_validate_warmboot_args(uint64_t x0, uint64_t x1,
+ uint64_t x2, uint64_t x3)
+{
+ /*
+ * Validate boot parameters for warm boot
+ *
+ * According to the Boot Interface ABI v.0.1, the parameters
+ * received from EL3 during warm boot are:
+ *
+ * x0: CPUID (verified earlier so not used here)
+ * [x1:x3]: RES0
+ */
+
+ (void)x0;
+
+ return ((x1 | x2 | x3) == 0UL) ? 0 : E_RMM_BOOT_UNKNOWN;
+}
+
/* Main function for TRP */
void trp_main(void)
{
diff --git a/services/std_svc/rmmd/trp/trp_private.h b/services/std_svc/rmmd/trp/trp_private.h
index 945ae1c..d8c6960 100644
--- a/services/std_svc/rmmd/trp/trp_private.h
+++ b/services/std_svc/rmmd/trp/trp_private.h
@@ -53,5 +53,9 @@
uint64_t x2,
uint64_t x3);
+/* Validate arguments for warm boot only */
+int trp_validate_warmboot_args(uint64_t x0, uint64_t x1,
+ uint64_t x2, uint64_t x3);
+
#endif /* __ASSEMBLER__ */
#endif /* TRP_PRIVATE_H */
diff --git a/services/std_svc/spm/el3_spmc/spmc.mk b/services/std_svc/spm/el3_spmc/spmc.mk
index c674e71..6442af0 100644
--- a/services/std_svc/spm/el3_spmc/spmc.mk
+++ b/services/std_svc/spm/el3_spmc/spmc.mk
@@ -20,7 +20,9 @@
${PLAT}_el3_spmc_logical_sp.c)
+ifneq ($(wildcard $(SPMC_LP_SOURCES)),)
SPMC_SOURCES += $(SPMC_LP_SOURCES)
+endif
# Let the top-level Makefile know that we intend to include a BL32 image
NEED_BL32 := yes
diff --git a/services/std_svc/spm/el3_spmc/spmc_shared_mem.c b/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
index 89d7b31..c039350 100644
--- a/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
+++ b/services/std_svc/spm/el3_spmc/spmc_shared_mem.c
@@ -274,13 +274,15 @@
* spmc_shmem_obj_validate_id - Validate a partition ID is participating in
* a given memory transaction.
* @sp_id: Partition ID to validate.
- * @desc: Descriptor of the memory transaction.
- *
+ * @obj: The shared memory object containing the descriptor
+ * of the memory transaction.
* Return: true if ID is valid, else false.
*/
-bool spmc_shmem_obj_validate_id(const struct ffa_mtd *desc, uint16_t sp_id)
+bool spmc_shmem_obj_validate_id(struct spmc_shmem_obj *obj, uint16_t sp_id)
{
bool found = false;
+ struct ffa_mtd *desc = &obj->desc;
+ size_t desc_size = obj->desc_size;
/* Validate the partition is a valid participant. */
for (unsigned int i = 0U; i < desc->emad_count; i++) {
@@ -290,6 +292,15 @@
emad = spmc_shmem_obj_get_emad(desc, i,
MAKE_FFA_VERSION(1, 1),
&emad_size);
+ /*
+ * Validate the calculated emad address resides within the
+ * descriptor.
+ */
+ if ((emad == NULL) || (uintptr_t) emad >=
+ (uintptr_t)((uint8_t *) desc + desc_size)) {
+ VERBOSE("Invalid emad.\n");
+ break;
+ }
if (sp_id == emad->mapd.endpoint_id) {
found = true;
break;
@@ -385,7 +396,8 @@
emad_array[0].comp_mrd_offset);
/* Check the calculated address is within the memory descriptor. */
- if ((uintptr_t) mrd >= (uintptr_t)((uint8_t *) orig + desc_size)) {
+ if (((uintptr_t) mrd + sizeof(struct ffa_comp_mrd)) >
+ (uintptr_t)((uint8_t *) orig + desc_size)) {
return 0;
}
size += mrd->address_range_count * sizeof(struct ffa_cons_mrd);
@@ -424,7 +436,8 @@
emad_array[0].comp_mrd_offset);
/* Check the calculated address is within the memory descriptor. */
- if ((uintptr_t) mrd >= (uintptr_t)((uint8_t *) orig + desc_size)) {
+ if (((uintptr_t) mrd + sizeof(struct ffa_comp_mrd)) >
+ (uintptr_t)((uint8_t *) orig + desc_size)) {
return 0;
}
size += mrd->address_range_count * sizeof(struct ffa_cons_mrd);
@@ -475,6 +488,12 @@
/* Copy across the emad structs. */
for (unsigned int i = 0U; i < out->emad_count; i++) {
+ /* Bound check for emad array. */
+ if (((uint8_t *)emad_array_in + sizeof(struct ffa_emad_v1_0)) >
+ ((uint8_t *) mtd_orig + orig->desc_size)) {
+ VERBOSE("%s: Invalid mtd structure.\n", __func__);
+ return false;
+ }
memcpy(&emad_array_out[i], &emad_array_in[i],
sizeof(struct ffa_emad_v1_0));
}
@@ -542,6 +561,7 @@
size_t mrd_out_offset;
size_t emad_out_array_size;
size_t mrd_size = 0;
+ size_t orig_desc_size = orig->desc_size;
/* Populate the v1.0 descriptor format from the v1.1 struct. */
out->sender_id = mtd_orig->sender_id;
@@ -559,6 +579,12 @@
/* Copy across the emad structs. */
emad_in = emad_array_in;
for (unsigned int i = 0U; i < out->emad_count; i++) {
+ /* Bound check for emad array. */
+ if (((uint8_t *)emad_in + sizeof(struct ffa_emad_v1_0)) >
+ ((uint8_t *) mtd_orig + orig_desc_size)) {
+ VERBOSE("%s: Invalid mtd structure.\n", __func__);
+ return false;
+ }
memcpy(&emad_array_out[i], emad_in,
sizeof(struct ffa_emad_v1_0));
@@ -1442,7 +1468,7 @@
}
/* Validate the caller is a valid participant. */
- if (!spmc_shmem_obj_validate_id(&obj->desc, sp_ctx->sp_id)) {
+ if (!spmc_shmem_obj_validate_id(obj, sp_ctx->sp_id)) {
WARN("%s: Invalid endpoint ID (0x%x).\n",
__func__, sp_ctx->sp_id);
ret = FFA_ERROR_INVALID_PARAMETER;
@@ -1761,7 +1787,7 @@
}
/* Validate the caller is a valid participant. */
- if (!spmc_shmem_obj_validate_id(&obj->desc, sp_ctx->sp_id)) {
+ if (!spmc_shmem_obj_validate_id(obj, sp_ctx->sp_id)) {
WARN("%s: Invalid endpoint ID (0x%x).\n",
__func__, req->endpoint_array[0]);
ret = FFA_ERROR_INVALID_PARAMETER;
diff --git a/tools/sptool/sp_mk_generator.py b/tools/sptool/sp_mk_generator.py
index f3af584..4067331 100644
--- a/tools/sptool/sp_mk_generator.py
+++ b/tools/sptool/sp_mk_generator.py
@@ -132,20 +132,21 @@
sp_pkg = get_sp_pkg(sp, args)
sp_dtb_name = os.path.basename(get_file_from_layout(sp_layout[sp]["pm"]))[:-1] + "b"
sp_dtb = os.path.join(args["out_dir"], f"fdts/{sp_dtb_name}")
+ sp_img = get_sp_img_full_path(sp_layout[sp], args)
# Do not generate rule if already there.
if is_line_in_sp_gen(f'{sp_pkg}:', args):
return args
write_to_sp_mk_gen(f"SP_PKGS += {sp_pkg}\n", args)
- sptool_args = f" -i {get_sp_img_full_path(sp_layout[sp], args)}:{sp_dtb}"
+ sptool_args = f" -i {sp_img}:{sp_dtb}"
pm_offset = get_pm_offset(sp_layout[sp])
sptool_args += f" --pm-offset {pm_offset}" if pm_offset is not None else ""
image_offset = get_image_offset(sp_layout[sp])
sptool_args += f" --img-offset {image_offset}" if image_offset is not None else ""
sptool_args += f" -o {sp_pkg}"
sppkg_rule = f'''
-{sp_pkg}: {sp_dtb}
+{sp_pkg}: {sp_dtb} {sp_img}
\t$(Q)echo Generating {sp_pkg}
\t$(Q)$(PYTHON) $(SPTOOL) {sptool_args}
'''