Merge "refactor(st-i2c): use fdt_read_uint32_default()" into integration
diff --git a/.husky/pre-commit.copyright b/.husky/pre-commit.copyright
index a4dfee8..5f838a6 100755
--- a/.husky/pre-commit.copyright
+++ b/.husky/pre-commit.copyright
@@ -17,10 +17,24 @@
exit_code=0
+PLATPROV=
+ORG=`echo "$GIT_AUTHOR_EMAIL" | awk -F '[@]' '{ print $2;}'`
+
+case $ORG in
+ amd.com)
+ PLATPROV="Advanced Micro Devices, Inc. All rights reserved."
+ ;;
+ *arm.com)
+ PLATPROV="$ARM_RGX"
+ ;;
+ *)
+ ;;
+esac
+
function user_warning() {
echo -e "Copyright of $RED$FILE$BLANK is out of date/incorrect"
echo -e "Updated copyright to"
- grep -nr "opyright.*$YEAR_RGX.*$ARM_RGX" "$FILE"
+ grep -nr "opyright.*$YEAR_RGX.*$PLATPROV" "$FILE"
echo
}
@@ -29,31 +43,45 @@
then
break
fi
- # Check if correct copyright notice is in file.
- # To reduce false positives, we assume files with no
- # copyright notice do not require it.
- if ! grep "opyright.*$YEAR_NOW.*$ARM_RGX" "$FILE">/dev/null 2>&1
+
+ # Check if copyright header exists for the org
+ if ! grep "opyright.*$YEAR_RGX.*$PLATPROV" "$FILE">/dev/null 2>&1 && [[ $ORG != *arm* ]]
then
- # If it is "from_date - to_date" type of entry - change to_date entry.
- if grep "opyright.*$YEAR_RGX.*-.*$YEAR_RGX.*$ARM_RGX" "$FILE" >/dev/null 2>&1
- then
- exit_code=1
- sed -i "s/\(opyright.*\)$YEAR_RGX\(.*$ARM_RGX\)/\1$(date +"%Y"), Arm/" $FILE
- user_warning
- # If it is single "date" type of entry - add the copyright extension to current year.
- elif grep "opyright.*$YEAR_RGX.*$ARM_RGX" "$FILE" >/dev/null 2>&1
+ echo -e "Copyright header ""$RED""$PLATPROV""$BLANK"" is missing in ""$YELLOW""$FILE""$BLANK"
+ fi
+
+ # Check if the copyright year is updated for the org and update it
+ if [ ! -z "$PLATPROV" ]
+ then
+ if ! grep "opyright.*$YEAR_NOW.*$PLATPROV" "$FILE">/dev/null 2>&1
then
- exit_code=1
- sed -i "s/\(opyright.*$YEAR_RGX\)\(.*$ARM_RGX\)/\1-$(date +"%Y"), Arm/" $FILE
- user_warning
+ # If it is "from_date - to_date" type of entry - change to_date entry.
+ if grep "opyright.*$YEAR_RGX.*-.*$YEAR_RGX.*$PLATPROV" "$FILE" >/dev/null 2>&1
+ then
+ exit_code=1
+ sed -i "s/\(opyright.*\)$YEAR_RGX\(.*$PLATPROV\)/\1$(date +"%Y")\2/" $FILE
+ user_warning
+ # If it is single "date" type of entry - add the copyright extension to current year.
+ elif grep "opyright.*$YEAR_RGX.*$PLATPROV" "$FILE" >/dev/null 2>&1
+ then
+ exit_code=1
+ sed -i "s/\(opyright.*$YEAR_RGX\)\(.*$PLATPROV\)/\1-$(date +"%Y")\2/" $FILE
+ user_warning
+ fi
+
+ # Even if the year is correct - verify that Arm copyright is formatted correctly.
+ if [[ $ORG == *arm* ]]
+ then
+ if grep "opyright.*\(ARM\|arm\)" "$FILE">/dev/null 2>&1
+ then
+ exit_code=1
+ sed -i "s/\(opyright.*\)\(ARM\|arm\)/\1Arm/" $FILE
+ user_warning
+ fi
+ fi
fi
- # Even if the year is correct - verify that Arm copyright is formatted correctly.
- elif grep "opyright.*\(ARM\|arm\)" "$FILE">/dev/null 2>&1
- then
- exit_code=1
- sed -i "s/\(opyright.*\)\(ARM\|arm\)/\1Arm/" $FILE
- user_warning
fi
+
done <<< "$FILES"
if [ $exit_code -eq 1 ]
diff --git a/.versionrc.js b/.versionrc.js
index c7ee4a2..ac473b0 100644
--- a/.versionrc.js
+++ b/.versionrc.js
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -84,9 +84,9 @@
"filename": "pyproject.toml",
"updater": {
"readVersion": function (contents) {
- const _ver = contents.match(/version\s=.*"(\d)\.(\d)\.(\d)/);
+ const _ver = contents.match(/version\s=.*"(\d+?)\.(\d+?)\.(\d+?)/);
- return `${_ver[1]}.${_ver[2]}.${_ver[2]}`;
+ return `${_ver[1]}.${_ver[2]}.${_ver[3]}`;
},
"writeVersion": function (contents, version) {
@@ -104,9 +104,9 @@
"filename": "docs/conf.py",
"updater": {
"readVersion": function (contents) {
- const _ver = contents.match(/version\s=.*"(\d)\.(\d)\.(\d)/);
+ const _ver = contents.match(/version\s=.*"(\d+?)\.(\d+?)\.(\d+?)/);
- return `${_ver[1]}.${_ver[2]}.${_ver[2]}`;
+ return `${_ver[1]}.${_ver[2]}.${_ver[3]}`;
},
"writeVersion": function (contents, version) {
diff --git a/Makefile b/Makefile
index f8b230d..2892f21 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -9,7 +9,8 @@
#
VERSION_MAJOR := 2
VERSION_MINOR := 10
-VERSION_PATCH := 0 # Only used for LTS releases
+# VERSION_PATCH is only used for LTS releases
+VERSION_PATCH := 0
VERSION := ${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}
# Default goal is build all images
@@ -30,6 +31,12 @@
include ${MAKE_HELPERS_DIRECTORY}defaults.mk
+################################################################################
+# Configure the toolchains used to build TF-A and its tools
+################################################################################
+
+include ${MAKE_HELPERS_DIRECTORY}toolchain.mk
+
# Assertions enabled for DEBUG builds by default
ENABLE_ASSERTIONS := ${DEBUG}
ENABLE_PMF := ${ENABLE_RUNTIME_INSTRUMENTATION}
@@ -93,30 +100,6 @@
export Q ECHO
################################################################################
-# Toolchain
-################################################################################
-
-HOSTCC := gcc
-export HOSTCC
-
-CC := ${CROSS_COMPILE}gcc
-CPP := ${CROSS_COMPILE}cpp
-AS := ${CROSS_COMPILE}gcc
-AR := ${CROSS_COMPILE}ar
-LINKER := ${CROSS_COMPILE}ld
-OC := ${CROSS_COMPILE}objcopy
-OD := ${CROSS_COMPILE}objdump
-NM := ${CROSS_COMPILE}nm
-PP := ${CROSS_COMPILE}gcc -E
-DTC := dtc
-
-# Use ${LD}.bfd instead if it exists (as absolute path or together with $PATH).
-ifneq ($(strip $(wildcard ${LD}.bfd) \
- $(foreach dir,$(subst :, ,${PATH}),$(wildcard ${dir}/${LINKER}.bfd))),)
-LINKER := ${LINKER}.bfd
-endif
-
-################################################################################
# Auxiliary tools (fiptool, cert_create, etc)
################################################################################
@@ -162,45 +145,22 @@
################################################################################
arch-features = ${ARM_ARCH_FEATURE}
-# Set the compiler's architecture feature modifiers
-ifneq ($(arch-features), none)
- # Strip "none+" from arch-features
- arch-features := $(subst none+,,$(arch-features))
- march-directive := $(march-directive)+$(arch-features)
-# Print features
- $(info Arm Architecture Features specified: $(subst +, ,$(arch-features)))
-endif #(arch-features)
-
-ifneq ($(findstring clang,$(notdir $(CC))),)
- ifneq ($(findstring armclang,$(notdir $(CC))),)
+ifneq ($(filter %-clang,$($(ARCH)-cc-id)),)
+ ifeq ($($(ARCH)-cc-id),arm-clang)
TF_CFLAGS_aarch32 := -target arm-arm-none-eabi
TF_CFLAGS_aarch64 := -target aarch64-arm-none-eabi
- LD := $(LINKER)
else
TF_CFLAGS_aarch32 = $(target32-directive)
TF_CFLAGS_aarch64 := -target aarch64-elf
- LD := $(shell $(CC) --print-prog-name ld.lld)
-
- AR := $(shell $(CC) --print-prog-name llvm-ar)
- OD := $(shell $(CC) --print-prog-name llvm-objdump)
- OC := $(shell $(CC) --print-prog-name llvm-objcopy)
endif
- CPP := $(CC) -E $(TF_CFLAGS_$(ARCH))
- PP := $(CC) -E $(TF_CFLAGS_$(ARCH))
- AS := $(CC) -c -x assembler-with-cpp $(TF_CFLAGS_$(ARCH))
-else ifneq ($(findstring gcc,$(notdir $(CC))),)
+else ifeq ($($(ARCH)-cc-id),gnu-gcc)
ifeq ($(ENABLE_LTO),1)
# Enable LTO only for aarch64
ifeq (${ARCH},aarch64)
LTO_CFLAGS = -flto
- # Use gcc as a wrapper for the ld, recommended for LTO
- LINKER := ${CROSS_COMPILE}gcc
endif
endif
- LD = $(LINKER)
-else
- LD = $(LINKER)
endif #(clang)
# Process Debug flag
@@ -235,8 +195,6 @@
TF_CFLAGS_aarch32 += -mno-unaligned-access
TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align
-ASFLAGS += $(march-directive)
-
##############################################################################
# WARNINGS Configuration
###############################################################################
@@ -299,7 +257,7 @@
endif #(W)
# Compiler specific warnings
-ifeq ($(findstring clang,$(notdir $(CC))),)
+ifeq ($(filter %-clang,$($(ARCH)-cc-id)),)
# not using clang
WARNINGS += -Wunused-but-set-variable -Wmaybe-uninitialized \
-Wpacked-bitfield-compat -Wshift-overflow=2 \
@@ -343,19 +301,20 @@
-fsanitize-undefined-trap-on-error
endif #(${SANITIZE_UB},trap)
-GCC_V_OUTPUT := $(shell $(CC) -v 2>&1)
+GCC_V_OUTPUT := $(shell $($(ARCH)-cc) -v 2>&1)
TF_LDFLAGS += -z noexecstack
# LD = armlink
-ifneq ($(findstring armlink,$(notdir $(LD))),)
+ifeq ($($(ARCH)-ld-id),arm-link)
TF_LDFLAGS += --diag_error=warning --lto_level=O1
TF_LDFLAGS += --remove --info=unused,unusedsymbols
TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH))
# LD = gcc (used when GCC LTO is enabled)
-else ifneq ($(findstring gcc,$(notdir $(LD))),)
+else ifeq ($($(ARCH)-ld-id),gnu-gcc)
# Pass ld options with Wl or Xlinker switches
+ TF_LDFLAGS += $(call ld_option,-Xlinker --no-warn-rwx-segments)
TF_LDFLAGS += -Wl,--fatal-warnings -O1
TF_LDFLAGS += -Wl,--gc-sections
@@ -395,7 +354,7 @@
# therefore don't add those in that case.
# ld.lld reports section type mismatch warnings,
# therefore don't add --fatal-warnings to it.
- ifeq ($(findstring ld.lld,$(notdir $(LD))),)
+ ifneq ($($(ARCH)-ld-id),llvm-lld)
TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) --fatal-warnings
endif
@@ -427,7 +386,7 @@
plat/common/${ARCH}/platform_helpers.S \
${COMPILER_RT_SRCS}
-ifeq ($(notdir $(CC)),armclang)
+ifeq ($($(ARCH)-cc-id),arm-clang)
BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S
endif
@@ -608,14 +567,14 @@
ifeq (${SUPPORT_STACK_MEMTAG},yes)
ifdef mem_tag_arch_support
# Check for armclang and clang compilers
- ifneq ( ,$(filter $(notdir $(CC)),armclang clang))
+ ifneq ($(filter %-clang,$($(ARCH)-cc-id)),)
# Add "memtag" architecture feature modifier if not specified
ifeq ( ,$(findstring memtag,$(arch-features)))
arch-features := $(arch-features)+memtag
endif # memtag
- ifeq ($(notdir $(CC)),armclang)
+ ifeq ($($(ARCH)-cc-id),arm-clang)
TF_CFLAGS += -mmemtag-stack
- else ifeq ($(notdir $(CC)),clang)
+ else ifeq ($($(ARCH)-cc-id),llvm-clang)
TF_CFLAGS += -fsanitize=memtag
endif # armclang
endif
@@ -693,6 +652,7 @@
include ${MAKE_HELPERS_DIRECTORY}march.mk
TF_CFLAGS += $(march-directive)
+ASFLAGS += $(march-directive)
# This internal flag is common option which is set to 1 for scenarios
# when the BL2 is running in EL3 level. This occurs in two scenarios -
@@ -728,12 +688,12 @@
PIE_FOUND := $(findstring --enable-default-pie,${GCC_V_OUTPUT})
ifneq ($(PIE_FOUND),)
TF_CFLAGS += -fno-PIE
-ifneq ($(findstring gcc,$(notdir $(LD))),)
+ifeq ($($(ARCH)-ld-id),gnu-gcc)
TF_LDFLAGS += -no-pie
endif
endif #(PIE_FOUND)
-ifneq ($(findstring gcc,$(notdir $(LD))),)
+ifeq ($($(ARCH)-ld-id),gnu-gcc)
PIE_LDFLAGS += -Wl,-pie -Wl,--no-dynamic-linker
else
PIE_LDFLAGS += -pie --no-dynamic-linker
@@ -935,12 +895,6 @@
endif
endif #(CTX_INCLUDE_PAUTH_REGS)
-ifeq ($(CTX_INCLUDE_MTE_REGS),1)
- ifneq (${ARCH},aarch64)
- $(error CTX_INCLUDE_MTE_REGS requires AArch64)
- endif
-endif #(CTX_INCLUDE_MTE_REGS)
-
ifeq ($(PSA_FWU_SUPPORT),1)
$(info PSA_FWU_SUPPORT is an experimental feature)
endif #(PSA_FWU_SUPPORT)
@@ -1047,12 +1001,6 @@
endif
endif
-# Determine if FEAT_RNG is supported
-ENABLE_FEAT_RNG = $(if $(findstring rng,${arch-features}),1,0)
-
-# Determine if FEAT_SB is supported
-ENABLE_FEAT_SB = $(if $(findstring sb,${arch-features}),1,0)
-
ifeq ($(PSA_CRYPTO),1)
$(info PSA_CRYPTO is an experimental feature)
endif
@@ -1178,7 +1126,6 @@
ENABLE_AMU_FCONF \
AMU_RESTRICT_COUNTERS \
ENABLE_ASSERTIONS \
- ENABLE_FEAT_SB \
ENABLE_PIE \
ENABLE_PMF \
ENABLE_PSCI_STAT \
@@ -1254,7 +1201,6 @@
ARM_ARCH_MINOR \
BRANCH_PROTECTION \
CTX_INCLUDE_PAUTH_REGS \
- CTX_INCLUDE_MTE_REGS \
CTX_INCLUDE_NEVE_REGS \
CRYPTO_SUPPORT \
DISABLE_MTPMU \
@@ -1265,15 +1211,19 @@
ENABLE_FEAT_AMU \
ENABLE_FEAT_AMUv1p1 \
ENABLE_FEAT_CSV2_2 \
+ ENABLE_FEAT_CSV2_3 \
ENABLE_FEAT_DIT \
ENABLE_FEAT_ECV \
ENABLE_FEAT_FGT \
ENABLE_FEAT_HCX \
+ ENABLE_FEAT_MTE \
+ ENABLE_FEAT_MTE2 \
ENABLE_FEAT_PAN \
ENABLE_FEAT_RNG \
ENABLE_FEAT_RNG_TRAP \
ENABLE_FEAT_SEL2 \
ENABLE_FEAT_TCR2 \
+ ENABLE_FEAT_SB \
ENABLE_FEAT_S2PIE \
ENABLE_FEAT_S1PIE \
ENABLE_FEAT_S2POE \
@@ -1324,7 +1274,6 @@
CTX_INCLUDE_PAUTH_REGS \
CTX_INCLUDE_MPAM_REGS \
EL3_EXCEPTION_HANDLING \
- CTX_INCLUDE_MTE_REGS \
CTX_INCLUDE_EL2_REGS \
CTX_INCLUDE_NEVE_REGS \
DECRYPTION_SUPPORT_${DECRYPTION_SUPPORT} \
@@ -1420,6 +1369,7 @@
ENABLE_FEAT_SEL2 \
ENABLE_FEAT_VHE \
ENABLE_FEAT_CSV2_2 \
+ ENABLE_FEAT_CSV2_3 \
ENABLE_FEAT_PAN \
ENABLE_FEAT_TCR2 \
ENABLE_FEAT_S2PIE \
@@ -1427,6 +1377,8 @@
ENABLE_FEAT_S2POE \
ENABLE_FEAT_S1POE \
ENABLE_FEAT_GCS \
+ ENABLE_FEAT_MTE \
+ ENABLE_FEAT_MTE2 \
ENABLE_FEAT_MTE_PERM \
FEATURE_DETECTION \
TWED_DELAY \
@@ -1468,7 +1420,7 @@
$(eval $(call add_define,DYN_DISABLE_AUTH))
endif
-ifneq ($(findstring armlink,$(notdir $(LD))),)
+ifeq ($($(ARCH)-ld-id),arm-link)
$(eval $(call add_define,USE_ARM_LINK))
endif
@@ -1500,7 +1452,7 @@
ifeq (${ERROR_DEPRECATED},0)
# Check if deprecated declarations and cpp warnings should be treated as error or not.
-ifneq ($(findstring clang,$(notdir $(CC))),)
+ifneq ($(filter %-clang,$($(ARCH)-cc-id)),)
CPPFLAGS += -Wno-error=deprecated-declarations
else
CPPFLAGS += -Wno-error=deprecated-declarations -Wno-error=cpp
@@ -1591,8 +1543,8 @@
# Add Secure Partition packages
ifeq (${NEED_SP_PKG},yes)
-$(BUILD_PLAT)/sp_gen.mk : ${SP_MK_GEN} ${SP_LAYOUT_FILE} | ${BUILD_PLAT}
- ${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) ${COT} ${SP_DTS_LIST_FRAGMENT}
+$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | ${BUILD_PLAT}
+ @${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) ${COT} ${SP_DTS_LIST_FRAGMENT}
sp: $(DTBS) $(BUILD_PLAT)/sp_gen.mk $(SP_PKGS)
@${ECHO_BLANK_LINE}
@echo "Built SP Images successfully"
diff --git a/bl1/bl1.mk b/bl1/bl1.mk
index 53946ab..dbb646b 100644
--- a/bl1/bl1.mk
+++ b/bl1/bl1.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -29,9 +29,9 @@
BL1_SOURCES += lib/pmf/pmf_main.c
endif
-ifneq ($(findstring gcc,$(notdir $(LD))),)
+ifeq ($($(ARCH)-ld-id),gnu-gcc)
BL1_LDFLAGS += -Wl,--sort-section=alignment
-else ifneq ($(findstring ld,$(notdir $(LD))),)
+else ifneq ($(filter llvm-lld gnu-ld,$($(ARCH)-ld-id)),)
BL1_LDFLAGS += --sort-section=alignment
endif
diff --git a/bl2/bl2.mk b/bl2/bl2.mk
index b70a3fb..850d826 100644
--- a/bl2/bl2.mk
+++ b/bl2/bl2.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -15,9 +15,9 @@
BL2_SOURCES += common/aarch64/early_exceptions.S
endif
-ifneq ($(findstring gcc,$(notdir $(LD))),)
+ifeq ($($(ARCH)-ld-id),gnu-gcc)
BL2_LDFLAGS += -Wl,--sort-section=alignment
-else ifneq ($(findstring ld,$(notdir $(LD))),)
+else ifneq ($(filter llvm-lld gnu-ld,$($(ARCH)-ld-id)),)
BL2_LDFLAGS += --sort-section=alignment
endif
@@ -52,4 +52,4 @@
ifeq (${ENABLE_PMF},1)
BL2_SOURCES += lib/pmf/pmf_main.c
-endif
\ No newline at end of file
+endif
diff --git a/bl2u/bl2u.mk b/bl2u/bl2u.mk
index 9fe20f5..a4051ec 100644
--- a/bl2u/bl2u.mk
+++ b/bl2u/bl2u.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -14,8 +14,8 @@
BL2U_DEFAULT_LINKER_SCRIPT_SOURCE := bl2u/bl2u.ld.S
-ifneq ($(findstring gcc,$(notdir $(LD))),)
+ifeq ($($(ARCH)-ld-id),gnu-gcc)
BL2U_LDFLAGS += -Wl,--sort-section=alignment
-else ifneq ($(findstring ld,$(notdir $(LD))),)
+else ifneq ($(filter llvm-lld gnu-ld,$($(ARCH)-ld-id)),)
BL2U_LDFLAGS += --sort-section=alignment
endif
diff --git a/bl31/bl31.mk b/bl31/bl31.mk
index 40e3df8..cd61d01 100644
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -161,11 +161,15 @@
${MBEDTLS_SOURCES}
endif
+ifeq ($(CROS_WIDEVINE_SMC),1)
+BL31_SOURCES += services/oem/chromeos/widevine_smc_handlers.c
+endif
+
BL31_DEFAULT_LINKER_SCRIPT_SOURCE := bl31/bl31.ld.S
-ifneq ($(findstring gcc,$(notdir $(LD))),)
+ifeq ($($(ARCH)-ld-id),gnu-gcc)
BL31_LDFLAGS += -Wl,--sort-section=alignment
-else ifneq ($(findstring ld,$(notdir $(LD))),)
+else ifneq ($(filter llvm-lld gnu-ld,$($(ARCH)-ld-id)),)
BL31_LDFLAGS += --sort-section=alignment
endif
diff --git a/bl31/ehf.c b/bl31/ehf.c
index 6f3d941..5b78ebb 100644
--- a/bl31/ehf.c
+++ b/bl31/ehf.c
@@ -478,13 +478,10 @@
/* Route EL3 interrupts when in Non-secure. */
set_interrupt_rm_flag(flags, NON_SECURE);
- /*
- * Route EL3 interrupts when in secure, only when SPMC is not present
- * in S-EL2.
- */
-#if !(defined(SPD_spmd) && (SPMD_SPM_AT_SEL2 == 1))
+ /* Route EL3 interrupts only when SPM_MM present in secure. */
+#if SPM_MM
set_interrupt_rm_flag(flags, SECURE);
-#endif /* !(defined(SPD_spmd) && (SPMD_SPM_AT_SEL2 == 1)) */
+#endif
/* Register handler for EL3 interrupts */
ret = register_interrupt_type_handler(INTR_TYPE_EL3,
diff --git a/bl32/sp_min/sp_min.mk b/bl32/sp_min/sp_min.mk
index 065468c..427e39b 100644
--- a/bl32/sp_min/sp_min.mk
+++ b/bl32/sp_min/sp_min.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2016-2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2016-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -57,9 +57,9 @@
BL32_DEFAULT_LINKER_SCRIPT_SOURCE := bl32/sp_min/sp_min.ld.S
-ifneq ($(findstring gcc,$(notdir $(LD))),)
+ifeq ($($(ARCH)-ld-id),gnu-gcc)
BL32_LDFLAGS += -Wl,--sort-section=alignment
-else ifneq ($(findstring ld,$(notdir $(LD))),)
+else ifneq ($(filter llvm-lld gnu-ld,$($(ARCH)-ld-id)),)
BL32_LDFLAGS += --sort-section=alignment
endif
diff --git a/bl32/tsp/tsp.mk b/bl32/tsp/tsp.mk
index 4c18131..6d8f74b 100644
--- a/bl32/tsp/tsp.mk
+++ b/bl32/tsp/tsp.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -24,9 +24,9 @@
BL32_DEFAULT_LINKER_SCRIPT_SOURCE := bl32/tsp/tsp.ld.S
-ifneq ($(findstring gcc,$(notdir $(LD))),)
+ifeq ($($(ARCH)-ld-id),gnu-gcc)
BL32_LDFLAGS += -Wl,--sort-section=alignment
-else ifneq ($(findstring ld,$(notdir $(LD))),)
+else ifneq ($(filter llvm-lld gnu-ld,$($(ARCH)-ld-id)),)
BL32_LDFLAGS += --sort-section=alignment
endif
diff --git a/bl32/tsp/tsp_main.c b/bl32/tsp/tsp_main.c
index 1ab2260..d8031f9 100644
--- a/bl32/tsp/tsp_main.c
+++ b/bl32/tsp/tsp_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -238,13 +238,13 @@
service_arg0 = (uint64_t)service_args;
service_arg1 = (uint64_t)(service_args >> 64U);
-#if CTX_INCLUDE_MTE_REGS
/*
* Write a dummy value to an MTE register, to simulate usage in the
* secure world
*/
- write_gcr_el1(0x99);
-#endif
+ if (is_feat_mte_supported()) {
+ write_gcr_el1(0x99);
+ }
/* Determine the function to perform based on the function ID */
switch (TSP_BARE_FID(func)) {
diff --git a/changelog.yaml b/changelog.yaml
index c5e157d..35ffaa8 100644
--- a/changelog.yaml
+++ b/changelog.yaml
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+# Copyright (c) 2021-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -774,6 +774,9 @@
- title: PSCI
scope: psci
+ - title: ROMlib
+ scope: romlib
+
- title: GPT
scope: gpt
@@ -1369,6 +1372,9 @@
deprecated:
- cert_create
+ - title: Marvell Tools
+ scope: marvell-tools
+
- title: Dependencies
scope: deps
diff --git a/common/feat_detect.c b/common/feat_detect.c
index be22c6e..7a2f0d7 100644
--- a/common/feat_detect.c
+++ b/common/feat_detect.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -70,18 +70,6 @@
#endif
}
-/************************************************
- * Feature : FEAT_MTE (Memory Tagging Extension)
- ***********************************************/
-static void read_feat_mte(void)
-{
-#if (CTX_INCLUDE_MTE_REGS == FEAT_STATE_ALWAYS)
- unsigned int mte = get_armv8_5_mte_support();
-
- feat_detect_panic((mte != MTE_UNIMPLEMENTED), "MTE");
-#endif
-}
-
/****************************************************
* Feature : FEAT_BTI (Branch Target Identification)
***************************************************/
@@ -179,7 +167,10 @@
"TRF", 1, 1);
/* v8.5 features */
- read_feat_mte();
+ check_feature(ENABLE_FEAT_MTE, read_feat_mte_id_field(), "MTE",
+ MTE_IMPLEMENTED_EL0, MTE_IMPLEMENTED_ASY);
+ check_feature(ENABLE_FEAT_MTE2, read_feat_mte_id_field(), "MTE2",
+ MTE_IMPLEMENTED_ELX, MTE_IMPLEMENTED_ASY);
check_feature(ENABLE_FEAT_RNG, read_feat_rng_id_field(), "RNG", 1, 1);
read_feat_bti();
read_feat_rng_trap();
@@ -215,6 +206,8 @@
"S1POE", 1, 1);
check_feature(ENABLE_FEAT_MTE_PERM, read_feat_mte_perm_id_field(),
"MTE_PERM", 1, 1);
+ check_feature(ENABLE_FEAT_CSV2_3, read_feat_csv2_id_field(),
+ "CSV2_3", 3, 3);
/* v9.0 features */
check_feature(ENABLE_BRBE_FOR_NS, read_feat_brbe_id_field(),
diff --git a/docs/about/contact.rst b/docs/about/contact.rst
index 4f482bd..bb73dfe 100644
--- a/docs/about/contact.rst
+++ b/docs/about/contact.rst
@@ -36,9 +36,8 @@
Issue Tracker
^^^^^^^^^^^^^
-Bug reports may be filed on the `issue tracker`_ on the TrustedFirmware.org
-website. Using this tracker gives everyone visibility of the known issues in
-TF-A.
+Bug reports may be filed on the `issue tracker`_ on Github. Using this tracker
+gives everyone visibility of the known issues in TF-A.
Arm Licensees
^^^^^^^^^^^^^
@@ -46,7 +45,7 @@
Arm licensees have an additional support conduit - they may contact Arm directly
via their partner managers.
-.. _`issue tracker`: https://developer.trustedfirmware.org
+.. _`issue tracker`: https://github.com/TrustedFirmware-A/trusted-firmware-a/issues
.. _`TF-A development`: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/
.. _`TF-A-Tests development`: https://lists.trustedfirmware.org/mailman3/lists/tf-a-tests.lists.trustedfirmware.org/
.. _`summary of all the lists`: https://lists.trustedfirmware.org/mailman3/lists/
diff --git a/docs/components/cot-binding.rst b/docs/components/cot-binding.rst
index 4f8c8b7..702bb56 100644
--- a/docs/components/cot-binding.rst
+++ b/docs/components/cot-binding.rst
@@ -67,14 +67,16 @@
- signing-key
Usage:
- This property is used to refer public key node present in
- parent certificate node and it is required property for all
- non-root certificates which are authenticated using public-key
- present in parent certificate.
+ For non-root certificates, this property is used to refer
+ public key node present in parent certificate node and it is
+ required property for all non-root certificates which are
+ authenticated using public-key present in parent certificate.
- This property is not required for root-certificates
- as root-certificates are validated using root of trust
- public key provided by platform.
+ This property is not required for all root-certificates. If
+ omitted, the root certificate will be validated using the
+ default platform ROTPK. If instead the root certificate needs
+ validating using a different ROTPK, the signing-key property
+ should provide a reference to the ROTPK node to use.
Value type: <phandle>
@@ -323,10 +325,50 @@
};
};
+rot_keys node binding definition
+---------------------------------
+
+- rot_keys node
+ Description: Contains root-of-trust keys for the root certificates.
+
+ SUBNODES
+ - Description:
+
+ Root of trust key information present in the root certificates
+ are shown by these nodes.
+
+ - rot key node
+ Description: Provide ROT key information in the certificate.
+
+ PROPERTIES
+
+ - oid
+ Usage:
+
+ This property provides the Object ID of ROT key provided
+ in the certificate.
+
+ Value type: <string>
+
+Example:
+Below is rot_keys example for CCA platform
+
+.. code:: c
+
+ rot_keys {
+ swd_rot_pk: swd_rot_pk {
+ oid = SWD_ROT_PK_OID;
+ };
+
+ prot_pk: prot_pk {
+ oid = PROT_PK_OID;
+ };
+ };
+
Future update to chain of trust binding
---------------------------------------
This binding document needs to be revisited to generalise some terminologies
which are currently specific to X.509 certificates for e.g. Object IDs.
-*Copyright (c) 2020, Arm Limited. All rights reserved.*
+*Copyright (c) 2020-2024, Arm Limited. All rights reserved.*
diff --git a/docs/components/granule-protection-tables-design.rst b/docs/components/granule-protection-tables-design.rst
index 07637dd..9d85bef 100644
--- a/docs/components/granule-protection-tables-design.rst
+++ b/docs/components/granule-protection-tables-design.rst
@@ -80,8 +80,8 @@
below.
In the reference implementation for FVP models, you can find an example of PAS
-region definitions in the file ``include/plat/arm/common/arm_pas_def.h``. Table
-creation API calls can be found in ``plat/arm/common/arm_bl2_setup.c`` and
+region definitions in the file ``plat/arm/board/fvp/include/fvp_pas_def.h``.
+Table creation API calls can be found in ``plat/arm/common/arm_common.c`` and
runtime initialization API calls can be seen in
``plat/arm/common/arm_bl31_setup.c``.
diff --git a/docs/components/realm-management-extension.rst b/docs/components/realm-management-extension.rst
index f228e6b..39186b4 100644
--- a/docs/components/realm-management-extension.rst
+++ b/docs/components/realm-management-extension.rst
@@ -237,7 +237,7 @@
-C bp.ve_sysregs.exit_on_shutdown=1 \
-C cache_state_modelled=1 \
-C bp.dram_size=4 \
- -C bp.secure_memory=1 \
+ -C bp.secure_memory=0 \
-C pci.pci_smmuv3.mmu.SMMU_ROOT_IDR0=3 \
-C pci.pci_smmuv3.mmu.SMMU_ROOT_IIDR=0x43B \
-C pci.pci_smmuv3.mmu.root_register_page_offset=0x20000 \
diff --git a/docs/components/sdei.rst b/docs/components/sdei.rst
index 60259c8..309375f 100644
--- a/docs/components/sdei.rst
+++ b/docs/components/sdei.rst
@@ -354,7 +354,51 @@
--------------
-*Copyright (c) 2017-2019, Arm Limited and Contributors. All rights reserved.*
+Security Considerations
+-----------------------
+
+SDEI introduces concept of providing software based non-maskable interrupts to
+Hypervisor/OS. In doing so, it modifies the priority scheme defined by Interrupt
+controllers and relies on Non-Secure clients, Hypervisor or OS, to create/manage
+high priority events.
+
+Considering a Non-secure client is involved in SDEI state management, there exists
+some security considerations which needs to be taken care of in both client and EL3
+when using SDEI. Few of them are mentioned below.
+
+Bound events
+~~~~~~~~~~~~
+
+A bound event is an SDEI event that corresponds to a client interrupt.
+The binding of event is done using ``SDEI_INTERRUPT_BIND`` SMC call to associate
+an SDEI event with a client interrupt. There is a possibility that a rogue
+client can request an invalid interrupt to be bound. This may potentially
+cause out-of-bound memory read.
+
+Even though TF-A implementation has checks to ensure that interrupt ID passed
+by client is architecturally valid, Non-secure client should also ensure the
+validity of interrupts.
+
+Recurring events
+~~~~~~~~~~~~~~~~
+
+For a given event source, if the events are generated continuously, then NS client
+may be unusable. To mitigate against this, the Non-secure client must have
+mechanism in place to remove such interrupt source from the system.
+
+One of the examples is a memory region which continuously generates RAS errors.
+This may result in unusable Non-secure client.
+
+Dispatched events
+~~~~~~~~~~~~~~~~~
+
+For a dispatched event, it is the client's responsibility to ensure that the
+handling finishes in finite time and notify the dispatcher through
+``SDEI_EVENT_COMPLETE`` or ``SDEI_EVENT_COMPLETE_AND_RESUME``. If the client
+fails to complete the event handling, it might result in ``UNPREDICTABLE`` behavior
+in the client and potentially end up in unusable PE.
+
+*Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.*
.. rubric:: Footnotes
diff --git a/docs/components/secure-partition-manager.rst b/docs/components/secure-partition-manager.rst
index 5d3adec..4834d3a 100644
--- a/docs/components/secure-partition-manager.rst
+++ b/docs/components/secure-partition-manager.rst
@@ -215,7 +215,7 @@
ARM_ARCH_MINOR=5 \
BRANCH_PROTECTION=1 \
CTX_INCLUDE_PAUTH_REGS=1 \
- CTX_INCLUDE_MTE_REGS=1 \
+ ENABLE_FEAT_MTE=1 \
BL32=<path-to-hafnium-binary> \
BL33=<path-to-bl33-binary> \
SP_LAYOUT_FILE=sp_layout.json \
@@ -233,7 +233,7 @@
ARM_ARCH_MINOR=5 \
BRANCH_PROTECTION=1 \
CTX_INCLUDE_PAUTH_REGS=1 \
- CTX_INCLUDE_MTE_REGS=1 \
+ ENABLE_FEAT_MTE=1 \
BL32=<path-to-hafnium-binary> \
BL33=<path-to-bl33-binary> \
SP_LAYOUT_FILE=sp_layout.json \
@@ -1670,4 +1670,4 @@
--------------
-*Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2020-2024, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/design/auth-framework.rst b/docs/design/auth-framework.rst
index 281f35f..6dc2245 100644
--- a/docs/design/auth-framework.rst
+++ b/docs/design/auth-framework.rst
@@ -505,11 +505,12 @@
typedef enum {
AUTH_PARAM_NONE,
- AUTH_PARAM_RAW_DATA, /* Raw image data */
+ AUTH_PARAM_RAW_DATA, /* Raw image data */
AUTH_PARAM_SIG, /* The image signature */
AUTH_PARAM_SIG_ALG, /* The image signature algorithm */
AUTH_PARAM_HASH, /* A hash (including the algorithm) */
AUTH_PARAM_PUB_KEY, /* A public key */
+ AUTH_PARAM_NV_CTR, /* A non-volatile counter */
} auth_param_type_t;
The AM defines the following structure to identify an authentication parameter
@@ -1018,4 +1019,4 @@
*Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.*
-.. _TBBR-Client specification: https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
+.. _TBBR-Client specification: https://developer.arm.com/docs/den0006/latest
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index 905b016..abd9f87 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -384,6 +384,10 @@
Cortex-A78C CPU. This needs to be enabled for revisions r0p1 and r0p2. This
erratum is still open.
+- ``ERRATA_A78C_2683027`` : This applies errata 2683027 workaround to
+ Cortex-A78C CPU. This needs to be enabled for revisions r0p1 and r0p2. This
+ erratum is still open.
+
- ``ERRATA_A78C_2712575`` : This applies erratum 2712575 workaround to
Cortex-A78C CPU, this erratum affects system configurations that do not use
an ARM interconnect IP. This needs to be enabled for revisions r0p1 and r0p2
@@ -771,6 +775,14 @@
CPU. This needs to be enabled only for revisions r0p0, r1p0, r1p1 and r1p2 of
the CPU and is still open.
+- ``ERRATA_X3_2266875``: This applies errata 2266875 workaround to the Cortex-X3
+ CPU. This needs to be enabled only for revisions r0p0 and r1p0 of the CPU, it
+ is fixed in r1p1.
+
+- ``ERRATA_X3_2302506``: This applies errata 2302506 workaround to the Cortex-X3
+ CPU. This needs to be enabled only for revisions r0p0, r1p0 and r1p1, it is
+ fixed in r1p2.
+
- ``ERRATA_X3_2313909``: This applies errata 2313909 workaround to
Cortex-X3 CPU. This needs to be enabled only for revisions r0p0 and r1p0
of the CPU, it is fixed in r1p1.
@@ -779,6 +791,10 @@
CPU. This needs to be enabled only for revisions r0p0, r1p0 and r1p1 of the
CPU, it is still open.
+- ``ERRATA_X3_2641945``: This applies errata 2641945 workaround to Cortex-X3
+ CPU. This needs to be enabled only for revisions r0p0 and r1p0 of the CPU.
+ It is fixed in r1p1.
+
- ``ERRATA_X3_2742421``: This applies errata 2742421 workaround to
Cortex-X3 CPU. This needs to be enabled only for revisions r0p0, r1p0 and
r1p1. It is fixed in r1p2.
@@ -856,6 +872,10 @@
For Cortex-A715, the following errata build flags are defined :
+- ``ERRATA_A715_2561034``: This applies errata 2561034 workaround to
+ Cortex-A715 CPU. This needs to be enabled only for revision r1p0.
+ It is fixed in r1p1.
+
- ``ERRATA_A715_2701951``: This applies erratum 2701951 workaround to Cortex-A715
CPU and affects system configurations that do not use an ARM interconnect
IP. This needs to be applied to revisions r0p0, r1p0 and r1p1. It is fixed
@@ -946,7 +966,7 @@
--------------
-*Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2014-2024, Arm Limited and Contributors. All rights reserved.*
.. _CVE-2017-5715: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
.. _CVE-2018-3639: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
diff --git a/docs/design/firmware-design.rst b/docs/design/firmware-design.rst
index 3fce393..ba97264 100644
--- a/docs/design/firmware-design.rst
+++ b/docs/design/firmware-design.rst
@@ -2767,13 +2767,9 @@
- Branch Target Identification feature is selected by ``BRANCH_PROTECTION``
option set to 1. This option defaults to 0.
-- Memory Tagging Extension feature is unconditionally enabled for both worlds
- (at EL0 and S-EL0) if it is only supported at EL0. If instead it is
- implemented at all ELs, it is unconditionally enabled for only the normal
- world. To enable it for the secure world as well, the build option
- ``CTX_INCLUDE_MTE_REGS`` is required. If the hardware does not implement
- MTE support at all, it is always disabled, no matter what build options
- are used.
+- Memory Tagging Extension feature is unconditionally enabled for both worlds.
+ To enable MTE at EL0 use ``ENABLE_FEAT_MTE`` is required and to enable MTE at
+ ELX ``ENABLE_FEAT_MTE2`` is required.
Armv7-A
~~~~~~~
@@ -2860,13 +2856,13 @@
--------------
-*Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.*
.. _SMCCC: https://developer.arm.com/docs/den0028/latest
.. _PSCI: https://developer.arm.com/documentation/den0022/latest/
.. _Arm ARM: https://developer.arm.com/docs/ddi0487/latest
.. _SMC Calling Convention: https://developer.arm.com/docs/den0028/latest
-.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT) Armv8-A (ARM DEN0006D): https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
+.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT) Armv8-A (ARM DEN0006D): https://developer.arm.com/docs/den0006/latest
.. _Arm Confidential Compute Architecture (Arm CCA): https://www.arm.com/why-arm/architecture/security-features/arm-confidential-compute-architecture
.. _AArch64 exception vector table: https://developer.arm.com/documentation/100933/0100/AArch64-exception-vector-table
diff --git a/docs/design/trusted-board-boot.rst b/docs/design/trusted-board-boot.rst
index fed202a..10fb7fb 100644
--- a/docs/design/trusted-board-boot.rst
+++ b/docs/design/trusted-board-boot.rst
@@ -1,24 +1,45 @@
Trusted Board Boot
==================
-The Trusted Board Boot (TBB) feature prevents malicious firmware from running on
-the platform by authenticating all firmware images up to and including the
-normal world bootloader. It does this by establishing a Chain of Trust using
+The `Trusted Board Boot` (TBB) feature prevents malicious firmware from running
+on the platform by authenticating all firmware images up to and including the
+normal world bootloader. It does this by establishing a `Chain of Trust` using
Public-Key-Cryptography Standards (PKCS).
This document describes the design of Trusted Firmware-A (TF-A) TBB, which is an
implementation of the `Trusted Board Boot Requirements (TBBR)`_ specification,
-Arm DEN0006D. It should be used in conjunction with the
-:ref:`Firmware Update (FWU)` design document, which implements a specific aspect
-of the TBBR.
+Arm DEN0006D. It should be used in conjunction with the :ref:`Firmware Update
+(FWU)` design document, which implements a specific aspect of the TBBR.
Chain of Trust
--------------
-A Chain of Trust (CoT) starts with a set of implicitly trusted components. On
-the Arm development platforms, these components are:
+A Chain of Trust (CoT) starts with a set of implicitly trusted components, which
+are used to establish trust in the next layer of components, and so on, in a
+`chained` manner.
-- A SHA-256 hash of the Root of Trust Public Key (ROTPK). It is stored in the
+The chain of trust depends on several factors, including:
+
+- The set of firmware images in use on this platform.
+ Typically, most platforms share a common set of firmware images (BL1, BL2,
+ BL31, BL33) but extra platform-specific images might be required.
+
+- The key provisioning scheme: which keys need to programmed into the device
+ and at which stage during the platform's manufacturing lifecycle.
+
+- The key ownership model: who owns which key.
+
+As these vary across platforms, chains of trust also vary across
+platforms. Although each platform is free to define its own CoT based on its
+needs, TF-A provides a set of "default" CoTs fitting some typical trust models,
+which platforms may reuse. The rest of this section presents general concepts
+which apply to all these default CoTs.
+
+The implicitly trusted components forming the trust anchor are:
+
+- A Root of Trust Public Key (ROTPK), or a hash of it.
+
+ On Arm development platforms, a SHA-256 hash of the ROTPK is stored in the
trusted root-key storage registers. Alternatively, a development ROTPK might
be used and its hash embedded into the BL1 and BL2 images (only for
development purposes).
@@ -31,11 +52,11 @@
enables adding custom extensions to the certificates, which are used to store
essential information to establish the CoT.
-In the TBB CoT all certificates are self-signed. There is no need for a
-Certificate Authority (CA) because the CoT is not established by verifying the
-validity of a certificate's issuer but by the content of the certificate
-extensions. To sign the certificates, different signature schemes are available,
-please refer to the :ref:`Build Options` for more details.
+All certificates are self-signed. There is no need for a Certificate Authority
+(CA) because the CoT is not established by verifying the validity of a
+certificate's issuer but by the content of the certificate extensions. To sign
+the certificates, different signature schemes are available, please refer to the
+:ref:`Build Options` for more details.
The certificates are categorised as "Key" and "Content" certificates. Key
certificates are used to verify public keys which have been used to sign content
@@ -43,10 +64,23 @@
image. An image can be authenticated by calculating its hash and matching it
with the hash extracted from the content certificate. Various hash algorithms
are supported to calculate all hashes, please refer to the :ref:`Build Options`
-for more details.. The public keys and hashes are included as non-standard
+for more details. The public keys and hashes are included as non-standard
extension fields in the `X.509 v3`_ certificates.
+The next sections now present specificities of each default CoT provided in
+TF-A.
+
+Default CoT #1: TBBR
+~~~~~~~~~~~~~~~~~~~~
+
+The `TBBR` CoT is named after the specification it follows to the letter.
+
-The keys used to establish the CoT are:
+In the TBBR CoT, all firmware binaries and certificates are (directly or
+indirectly) linked to the Root of Trust Public Key (ROTPK). Typically, the same
+vendor owns the ROTPK, the Trusted key and the Non-Trusted Key. Thus, this vendor
+is involved in signing every BL3x Key Certificate.
+
+The keys used to establish this CoT are:
- **Root of trust key**
@@ -133,6 +167,40 @@
The SCP_BL2 and BL32 certificates are optional, but they must be present if the
corresponding SCP_BL2 or BL32 images are present.
+The following diagram summarizes the part of the TBBR CoT enforced by BL2. Some
+images (SCP, debug certificates, secure partitions, configuration files) are not
+shown here for conciseness:
+
+.. image:: ../resources/diagrams/cot-tbbr.jpg
+
+Default CoT #2: Dualroot
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+The `dualroot` CoT is targeted at systems where the Normal World firmware is
+owned by a different entity than the Secure World Firmware, and those 2 entities
+do not wish to share any keys or have any dependency between each other when it
+comes to signing their respective images. It establishes 2 separate signing
+domains, each with its own Root of Trust key. In that sense, this CoT has 2
+roots of trust, hence the `dualroot` name.
+
+Although the dualroot CoT reuses some of the TBBR CoT components and concepts,
+it differs on the BL33 image's chain of trust, which is rooted into a new key,
+called `Platform ROTPK`, or `PROTPK` for short.
+
+The following diagram summarizes the part of the dualroot CoT enforced by
+BL2. Some images (SCP, debug certificates, secure partitions, configuration
+files) are not shown here for conciseness:
+
+.. image:: ../resources/diagrams/cot-dualroot.jpg
+
+Default CoT #3: CCA
+~~~~~~~~~~~~~~~~~~~
+
+This CoT is targeted at Arm CCA systems. The Arm CCA security model recommends
+making supply chains for the Arm CCA firmware, the secure world firmware and the
+platform owner firmware, independent. Hence, this CoT has 3 roots of trust, one
+for each supply chain.
+
Trusted Board Boot Sequence
---------------------------
@@ -261,4 +329,4 @@
*Copyright (c) 2015-2020, Arm Limited and Contributors. All rights reserved.*
.. _X.509 v3: https://tools.ietf.org/rfc/rfc5280.txt
-.. _Trusted Board Boot Requirements (TBBR): https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
+.. _Trusted Board Boot Requirements (TBBR): https://developer.arm.com/docs/den0006/latest
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 5b03967..16522bd 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -185,21 +185,15 @@
registers to be included when saving and restoring the CPU context.
Default is '0'.
-- ``CTX_INCLUDE_MTE_REGS``: Numeric value to include Memory Tagging Extension
- registers in cpu context. This must be enabled, if the platform wants to use
- this feature in the Secure world and MTE is enabled at ELX. This flag can
- take values 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism.
- Default value is 0.
-
- ``CTX_INCLUDE_NEVE_REGS``: Numeric value, when set will cause the Armv8.4-NV
registers to be saved/restored when entering/exiting an EL2 execution
context. This flag can take values 0 to 2, to align with the
- ``FEATURE_DETECTION`` mechanism. Default value is 0.
+ ``ENABLE_FEAT`` mechanism. Default value is 0.
- ``CTX_INCLUDE_PAUTH_REGS``: Numeric value to enable the Pointer
Authentication for Secure world. This will cause the ARMv8.3-PAuth registers
to be included when saving and restoring the CPU context as part of world
- switch. This flag can take values 0 to 2, to align with ``FEATURE_DETECTION``
+ switch. This flag can take values 0 to 2, to align with ``ENABLE_FEAT``
mechanism. Default value is 0.
Note that Pointer Authentication is enabled for Non-secure world irrespective
@@ -220,7 +214,7 @@
- ``DISABLE_MTPMU``: Numeric option to disable ``FEAT_MTPMU`` (Multi Threaded
PMU). ``FEAT_MTPMU`` is an optional feature available on Armv8.6 onwards.
- This flag can take values 0 to 2, to align with the ``FEATURE_DETECTION``
+ This flag can take values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default is ``0``.
- ``DYN_DISABLE_AUTH``: Provides the capability to dynamically disable Trusted
@@ -267,9 +261,35 @@
builds, but this behaviour can be overridden in each platform's Makefile or
in the build command line.
+- ``ENABLE_FEAT``
+ The Arm architecture defines several architecture extension features,
+ named FEAT_xxx in the architecure manual. Some of those features require
+ setup code in higher exception levels, other features might be used by TF-A
+ code itself.
+ Most of the feature flags defined in the TF-A build system permit to take
+ the values 0, 1 or 2, with the following meaning:
+
+ ::
+
+ ENABLE_FEAT_* = 0: Feature is disabled statically at compile time.
+ ENABLE_FEAT_* = 1: Feature is enabled unconditionally at compile time.
+ ENABLE_FEAT_* = 2: Feature is enabled, but checked at runtime.
+
+ When setting the flag to 0, the feature is disabled during compilation,
+ and the compiler's optimisation stage and the linker will try to remove
+ as much of this code as possible.
+ If it is defined to 1, the code will use the feature unconditionally, so the
+ CPU is expected to support that feature. The FEATURE_DETECTION debug
+ feature, if enabled, will verify this.
+ If the feature flag is set to 2, support for the feature will be compiled
+ in, but its existence will be checked at runtime, so it works on CPUs with
+ or without the feature. This is mostly useful for platforms which either
+ support multiple different CPUs, or where the CPU is configured at runtime,
+ like in emulators.
+
- ``ENABLE_FEAT_AMU``: Numeric value to enable Activity Monitor Unit
extensions. This flag can take the values 0 to 2, to align with the
- ``FEATURE_DETECTION`` mechanism. This is an optional architectural feature
+ ``ENABLE_FEAT`` mechanism. This is an optional architectural feature
available on v8.4 onwards. Some v8.2 implementations also implement an AMU
and this option can be used to enable this feature on those systems as well.
This flag can take the values 0 to 2, the default is 0.
@@ -277,47 +297,64 @@
- ``ENABLE_FEAT_AMUv1p1``: Numeric value to enable the ``FEAT_AMUv1p1``
extension. ``FEAT_AMUv1p1`` is an optional feature available on Arm v8.6
onwards. This flag can take the values 0 to 2, to align with the
- ``FEATURE_DETECTION`` mechanism. Default value is ``0``.
+ ``ENABLE_FEAT`` mechanism. Default value is ``0``.
- ``ENABLE_FEAT_CSV2_2``: Numeric value to enable the ``FEAT_CSV2_2``
extension. It allows access to the SCXTNUM_EL2 (Software Context Number)
register during EL2 context save/restore operations. ``FEAT_CSV2_2`` is an
optional feature available on Arm v8.0 onwards. This flag can take values
- 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism.
+ 0 to 2, to align with the ``ENABLE_FEAT`` mechanism.
Default value is ``0``.
+- ``ENABLE_FEAT_CSV2_3``: Numeric value to enable support for ``FEAT_CSV2_3``
+ extension. This feature is supported in AArch64 state only and is an optional
+ feature available in Arm v8.0 implementations.
+ ``FEAT_CSV2_3`` implies the implementation of ``FEAT_CSV2_2``.
+ The flag can take values 0 to 2, to align with the ``ENABLE_FEAT``
+ mechanism. Default value is ``0``.
+
- ``ENABLE_FEAT_DIT``: Numeric value to enable ``FEAT_DIT`` (Data Independent
Timing) extension. It allows setting the ``DIT`` bit of PSTATE in EL3.
``FEAT_DIT`` is a mandatory architectural feature and is enabled from v8.4
and upwards. This flag can take the values 0 to 2, to align with the
- ``FEATURE_DETECTION`` mechanism. Default value is ``0``.
+ ``ENABLE_FEAT`` mechanism. Default value is ``0``.
- ``ENABLE_FEAT_ECV``: Numeric value to enable support for the Enhanced Counter
Virtualization feature, allowing for access to the CNTPOFF_EL2 (Counter-timer
Physical Offset register) during EL2 to EL3 context save/restore operations.
Its a mandatory architectural feature and is enabled from v8.6 and upwards.
- This flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ This flag can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default value is ``0``.
- ``ENABLE_FEAT_FGT``: Numeric value to enable support for FGT (Fine Grain Traps)
feature allowing for access to the HDFGRTR_EL2 (Hypervisor Debug Fine-Grained
Read Trap Register) during EL2 to EL3 context save/restore operations.
Its a mandatory architectural feature and is enabled from v8.6 and upwards.
- This flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ This flag can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default value is ``0``.
- ``ENABLE_FEAT_HCX``: Numeric value to set the bit SCR_EL3.HXEn in EL3 to
allow access to HCRX_EL2 (extended hypervisor control register) from EL2 as
well as adding HCRX_EL2 to the EL2 context save/restore operations. Its a
mandatory architectural feature and is enabled from v8.7 and upwards. This
- flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ flag can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default value is ``0``.
+- ``ENABLE_FEAT_MTE``: Numeric value to enable Memory Tagging Extension
+ if the platform wants to use this feature at EL0 ``ENABLE_FEAT_MTE`` is
+ required. This flag can take values 0 to 2, to align with the ``ENABLE_FEAT``
+ feature detection mechanism. Default value is ``0``.
+
+- ``ENABLE_FEAT_MTE2``: Numeric value to enable Memory Tagging Extension2
+ if the platform wants to use this feature and MTE2 is enabled at ELX.
+ This flag can take values 0 to 2, to align with the ``ENABLE_FEAT``
+ mechanism. Default value is ``0``.
+
- ``ENABLE_FEAT_MTE_PERM``: Numeric value to enable support for
``FEAT_MTE_PERM``, which introduces Allocation tag access permission to
memory region attributes. ``FEAT_MTE_PERM`` is a optional architectural
feature available from v8.9 and upwards. This flag can take the values 0 to
- 2, to align with the ``FEATURE_DETECTION`` mechanism. Default value is
+ 2, to align with the ``ENABLE_FEAT`` mechanism. Default value is
``0``.
- ``ENABLE_FEAT_PAN``: Numeric value to enable the ``FEAT_PAN`` (Privileged
@@ -325,17 +362,17 @@
permission fault for any privileged data access from EL1/EL2 to virtual
memory address, accessible at EL0, provided (HCR_EL2.E2H=1). It is a
mandatory architectural feature and is enabled from v8.1 and upwards. This
- flag can take values 0 to 2, to align with the ``FEATURE_DETECTION``
+ flag can take values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default value is ``0``.
- ``ENABLE_FEAT_RNG``: Numeric value to enable the ``FEAT_RNG`` extension.
``FEAT_RNG`` is an optional feature available on Arm v8.5 onwards. This
- flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ flag can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default value is ``0``.
- ``ENABLE_FEAT_RNG_TRAP``: Numeric value to enable the ``FEAT_RNG_TRAP``
extension. This feature is only supported in AArch64 state. This flag can
- take values 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism.
+ take values 0 to 2, to align with the ``ENABLE_FEAT`` mechanism.
Default value is ``0``. ``FEAT_RNG_TRAP`` is an optional feature from
Armv8.5 onwards.
@@ -347,13 +384,13 @@
- ``ENABLE_FEAT_SEL2``: Numeric value to enable the ``FEAT_SEL2`` (Secure EL2)
extension. ``FEAT_SEL2`` is a mandatory feature available on Arm v8.4.
- This flag can take values 0 to 2, to align with the ``FEATURE_DETECTION``
+ This flag can take values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default is ``0``.
- ``ENABLE_FEAT_TWED``: Numeric value to enable the ``FEAT_TWED`` (Delayed
trapping of WFE Instruction) extension. ``FEAT_TWED`` is a optional feature
available on Arm v8.6. This flag can take values 0 to 2, to align with the
- ``FEATURE_DETECTION`` mechanism. Default is ``0``.
+ ``ENABLE_FEAT`` mechanism. Default is ``0``.
When ``ENABLE_FEAT_TWED`` is set to ``1``, WFE instruction trapping gets
delayed by the amount of value in ``TWED_DELAY``.
@@ -362,40 +399,40 @@
Host Extensions) extension. It allows access to CONTEXTIDR_EL2 register
during EL2 context save/restore operations.``FEAT_VHE`` is a mandatory
architectural feature and is enabled from v8.1 and upwards. It can take
- values 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism.
+ values 0 to 2, to align with the ``ENABLE_FEAT`` mechanism.
Default value is ``0``.
- ``ENABLE_FEAT_TCR2``: Numeric value to set the bit SCR_EL3.ENTCR2 in EL3 to
allow access to TCR2_EL2 (extended translation control) from EL2 as
well as adding TCR2_EL2 to the EL2 context save/restore operations. Its a
mandatory architectural feature and is enabled from v8.9 and upwards. This
- flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ flag can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default value is ``0``.
- ``ENABLE_FEAT_S2PIE``: Numeric value to enable support for FEAT_S2PIE
at EL2 and below, and context switch relevant registers. This flag
- can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default value is ``0``.
- ``ENABLE_FEAT_S1PIE``: Numeric value to enable support for FEAT_S1PIE
at EL2 and below, and context switch relevant registers. This flag
- can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default value is ``0``.
- ``ENABLE_FEAT_S2POE``: Numeric value to enable support for FEAT_S2POE
at EL2 and below, and context switch relevant registers. This flag
- can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default value is ``0``.
- ``ENABLE_FEAT_S1POE``: Numeric value to enable support for FEAT_S1POE
at EL2 and below, and context switch relevant registers. This flag
- can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default value is ``0``.
- ``ENABLE_FEAT_GCS``: Numeric value to set the bit SCR_EL3.GCSEn in EL3 to
allow use of Guarded Control Stack from EL2 as well as adding the GCS
registers to the EL2 context save/restore operations. This flag can take
- the values 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism.
+ the values 0 to 2, to align with the ``ENABLE_FEAT`` mechanism.
Default value is ``0``.
- ``ENABLE_LTO``: Boolean option to enable Link Time Optimization (LTO)
@@ -408,7 +445,7 @@
various ELs can assign themselves to desired partition to control their
performance aspects.
- This flag can take values 0 to 2, to align with the ``FEATURE_DETECTION``
+ This flag can take values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. When this option is set to ``1`` or ``2``, EL3 allows lower ELs to
access their own MPAM registers without trapping into EL3. This option
doesn't make use of partitioning in EL3, however. Platform initialisation
@@ -449,7 +486,7 @@
- ``ENABLE_SPE_FOR_NS`` : Numeric value to enable Statistical Profiling
extensions. This is an optional architectural feature for AArch64.
- This flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ This flag can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. The default is 2 but is automatically disabled when the target
architecture is AArch32.
@@ -463,7 +500,7 @@
compatible with the ``CTX_INCLUDE_FPREGS`` build option, and will raise an
assert on platforms where SVE is implemented and ``ENABLE_SVE_FOR_NS``
enabled. This flag can take the values 0 to 2, to align with the
- ``FEATURE_DETECTION`` mechanism. At this time, this build option cannot be
+ ``ENABLE_FEAT`` mechanism. At this time, this build option cannot be
used on systems that have SPM_MM enabled. The default is 1.
- ``ENABLE_SVE_FOR_SWD``: Boolean option to enable SVE for the Secure world.
@@ -1079,26 +1116,26 @@
- ``ENABLE_BRBE_FOR_NS``: Numeric value to enable access to the branch record
buffer registers from NS ELs when FEAT_BRBE is implemented. BRBE is an
optional architectural feature for AArch64. This flag can take the values
- 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism. The default is 0
+ 0 to 2, to align with the ``ENABLE_FEAT`` mechanism. The default is 0
and it is automatically disabled when the target architecture is AArch32.
- ``ENABLE_TRBE_FOR_NS``: Numeric value to enable access of trace buffer
control registers from NS ELs, NS-EL2 or NS-EL1(when NS-EL2 is implemented
but unused) when FEAT_TRBE is implemented. TRBE is an optional architectural
feature for AArch64. This flag can take the values 0 to 2, to align with the
- ``FEATURE_DETECTION`` mechanism. The default is 0 and it is automatically
+ ``ENABLE_FEAT`` mechanism. The default is 0 and it is automatically
disabled when the target architecture is AArch32.
- ``ENABLE_SYS_REG_TRACE_FOR_NS``: Numeric value to enable trace system
registers access from NS ELs, NS-EL2 or NS-EL1 (when NS-EL2 is implemented
but unused). This feature is available if trace unit such as ETMv4.x, and
ETE(extending ETM feature) is implemented. This flag can take the values
- 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism. The default is 0.
+ 0 to 2, to align with the ``ENABLE_FEAT`` mechanism. The default is 0.
- ``ENABLE_TRF_FOR_NS``: Numeric value to enable trace filter control registers
access from NS ELs, NS-EL2 or NS-EL1 (when NS-EL2 is implemented but unused),
if FEAT_TRF is implemented. This flag can take the values 0 to 2, to align
- with the ``FEATURE_DETECTION`` mechanism. This flag is disabled by default.
+ with the ``ENABLE_FEAT`` mechanism. This flag is disabled by default.
- ``CONDITIONAL_CMO``: Boolean option to enable call to platform-defined routine
``plat_can_cmo`` which will return zero if cache management operations should
@@ -1226,7 +1263,7 @@
- ``ENABLE_RME``: Numeric value to enable support for the ARMv9 Realm
Management Extension. This flag can take the values 0 to 2, to align with
- the ``FEATURE_DETECTION`` mechanism. Default value is 0.
+ the ``ENABLE_FEAT`` mechanism. Default value is 0.
- ``ENABLE_SME_FOR_NS``: Numeric value to enable Scalable Matrix Extension
(SME), SVE, and FPU/SIMD for the non-secure world only. These features share
@@ -1236,7 +1273,7 @@
superset of SVE. SME is an optional architectural feature for AArch64.
At this time, this build option cannot be used on systems that have
SPD=spmd/SPM_MM and atempting to build with this option will fail.
- This flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ This flag can take the values 0 to 2, to align with the ``ENABLE_FEAT``
mechanism. Default is 0.
- ``ENABLE_SME2_FOR_NS``: Numeric value to enable Scalable Matrix Extension
@@ -1244,7 +1281,7 @@
architectural feature for AArch64.
This should be set along with ENABLE_SME_FOR_NS=1, if not, the default SME
accesses will still be trapped. This flag can take the values 0 to 2, to
- align with the ``FEATURE_DETECTION`` mechanism. Default is 0.
+ align with the ``ENABLE_FEAT`` mechanism. Default is 0.
- ``ENABLE_SME_FOR_SWD``: Boolean option to enable the Scalable Matrix
Extension for secure world. Used along with SVE and FPU/SIMD.
@@ -1258,41 +1295,16 @@
must not be used if ``SPMC_AT_EL3`` is enabled.
- ``FEATURE_DETECTION``: Boolean option to enable the architectural features
- detection mechanism. It detects whether the Architectural features enabled
- through feature specific build flags are supported by the PE or not by
- validating them either at boot phase or at runtime based on the value
- possessed by the feature flag (0 to 2) and report error messages at an early
- stage. This flag will also enable errata ordering checking for ``DEBUG``
- builds.
-
- This prevents and benefits us from EL3 runtime exceptions during context save
- and restore routines guarded by these build flags. Henceforth validating them
- before their usage provides more control on the actions taken under them.
-
- The mechanism permits the build flags to take values 0, 1 or 2 and
- evaluates them accordingly.
-
- Lets consider ``ENABLE_FEAT_HCX``, build flag for ``FEAT_HCX`` as an example:
-
- ::
-
- ENABLE_FEAT_HCX = 0: Feature disabled statically at compile time.
- ENABLE_FEAT_HCX = 1: Feature Enabled and the flag is validated at boottime.
- ENABLE_FEAT_HCX = 2: Feature Enabled and the flag is validated at runtime.
-
- In the above example, if the feature build flag, ``ENABLE_FEAT_HCX`` set to
- 0, feature is disabled statically during compilation. If it is defined as 1,
- feature is validated, wherein FEAT_HCX is detected at boot time. In case not
- implemented by the PE, a hard panic is generated. Finally, if the flag is set
- to 2, feature is validated at runtime.
-
- Note that the entire implementation is divided into two phases, wherein as
- as part of phase-1 we are supporting the values 0,1. Value 2 is currently not
- supported and is planned to be handled explicilty in phase-2 implementation.
+ verification mechanism. This is a debug feature that compares the
+ architectural features enabled through the feature specific build flags
+ (ENABLE_FEAT_xxx) with the features actually available on the CPU running,
+ and reports any discrepancies.
+ This flag will also enable errata ordering checking for ``DEBUG`` builds.
- ``FEATURE_DETECTION`` macro is disabled by default. Platforms can explicitly
- make use of this by mechanism, by enabling it to validate whether they have
- set their build flags properly at an early phase.
+ It is expected that this feature is only used for flexible platforms like
+ software emulators, or for hardware platforms at bringup time, to verify
+ that the configured feature set matches the CPU.
+ The ``FEATURE_DETECTION`` macro is disabled by default.
- ``PSA_CRYPTO``: Boolean option for enabling MbedTLS PSA crypto APIs support.
The platform will use PSA compliant Crypto APIs during authentication and
@@ -1334,7 +1346,7 @@
--------------
-*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
+*Copyright (c) 2019-2024, Arm Limited. All rights reserved.*
.. _DEN0115: https://developer.arm.com/docs/den0115/latest
.. _PSA FW update specification: https://developer.arm.com/documentation/den0118/a/
diff --git a/docs/index.rst b/docs/index.rst
index a7a5993..cdb237a 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -91,7 +91,7 @@
.. _Armv7-A and Armv8-A: https://developer.arm.com/products/architecture/a-profile
.. _Secure Monitor: http://www.arm.com/products/processors/technologies/trustzone/tee-smc.php
.. _Power State Coordination Interface (PSCI): https://developer.arm.com/documentation/den0022/latest/
-.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT): https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
+.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT): https://developer.arm.com/docs/den0006/latest
.. _System Control and Management Interface (SCMI): http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
.. _Software Delegated Exception Interface (SDEI): http://infocenter.arm.com/help/topic/com.arm.doc.den0054a/ARM_DEN0054A_Software_Delegated_Exception_Interface.pdf
.. _SMC Calling Convention: https://developer.arm.com/docs/den0028/latest
diff --git a/docs/plat/arm/fvp/index.rst b/docs/plat/arm/fvp/index.rst
index 700020f..55cefe1 100644
--- a/docs/plat/arm/fvp/index.rst
+++ b/docs/plat/arm/fvp/index.rst
@@ -14,7 +14,6 @@
.. note::
The FVP models used are Version 11.22 Build 14, unless otherwise stated.
-- ``Foundation_Platform``
- ``FVP_Base_AEMv8A-AEMv8A-AEMv8A-AEMv8A-CCN502`` (Version 11.17/21)
- ``FVP_Base_AEMv8A-GIC600AE`` (Version 11.17/21)
- ``FVP_Base_AEMvA``
@@ -52,7 +51,7 @@
- ``FVP_Morello`` (Version 0.11/33)
- ``FVP_RD_V1``
- ``FVP_TC1``
-- ``FVP_TC2`` (Version 11.20/24)
+- ``FVP_TC2`` (Version 11.23/17)
The latest version of the AArch32 build of TF-A has been tested on the
following Arm FVPs without shifted affinities, and that do not support threaded
@@ -630,7 +629,7 @@
--------------
-*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
+*Copyright (c) 2019-2024, Arm Limited. All rights reserved.*
.. _FW_CONFIG for FVP: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/plat/arm/board/fvp/fdts/fvp_fw_config.dts
.. _Arm's website: `FVP models`_
diff --git a/docs/plat/rockchip.rst b/docs/plat/rockchip.rst
index b7c43fb..01cf176 100644
--- a/docs/plat/rockchip.rst
+++ b/docs/plat/rockchip.rst
@@ -35,7 +35,7 @@
For AARCH64 architectures the build command looks like
- make CROSS_COMPILE=aarch64-linux-gnu- PLAT=rk3399 bl32
+ make CROSS_COMPILE=aarch64-linux-gnu- PLAT=rk3399 bl31
while AARCH32 needs a slightly different command
diff --git a/docs/plat/xilinx-versal-net.rst b/docs/plat/xilinx-versal-net.rst
index 1db7695..3f31d40 100644
--- a/docs/plat/xilinx-versal-net.rst
+++ b/docs/plat/xilinx-versal-net.rst
@@ -40,3 +40,16 @@
* `TFA_NO_PM` : Platform Management support.
- 0 : Enable Platform Management (Default)
- 1 : Disable Platform Management
+
+* `CPU_PWRDWN_SGI`: Select the SGI for triggering CPU power down request to
+ secondary cores on receiving power down callback from
+ firmware. Options:
+
+ - `0` : SGI 0
+ - `1` : SGI 1
+ - `2` : SGI 2
+ - `3` : SGI 3
+ - `4` : SGI 4
+ - `5` : SGI 5
+ - `6` : SGI 6 (Default)
+ - `7` : SGI 7
diff --git a/docs/plat/xilinx-versal.rst b/docs/plat/xilinx-versal.rst
index e76b955..aa094f7 100644
--- a/docs/plat/xilinx-versal.rst
+++ b/docs/plat/xilinx-versal.rst
@@ -56,6 +56,19 @@
- `spp_itr6` : SPP ITR6
- `emu_itr6` : EMU ITR6
+* `CPU_PWRDWN_SGI`: Select the SGI for triggering CPU power down request to
+ secondary cores on receiving power down callback from
+ firmware. Options:
+
+ - `0` : SGI 0
+ - `1` : SGI 1
+ - `2` : SGI 2
+ - `3` : SGI 3
+ - `4` : SGI 4
+ - `5` : SGI 5
+ - `6` : SGI 6 (Default)
+ - `7` : SGI 7
+
# PLM->TF-A Parameter Passing
------------------------------
The PLM populates a data structure with image information for the TF-A. The TF-A
diff --git a/docs/process/coding-guidelines.rst b/docs/process/coding-guidelines.rst
index 9730390..0f207a6 100644
--- a/docs/process/coding-guidelines.rst
+++ b/docs/process/coding-guidelines.rst
@@ -520,5 +520,3 @@
.. _`Procedure Call Standard for the Arm 64-bit Architecture`: https://github.com/ARM-software/abi-aa/blob/main/aapcs64/aapcs64.rst
.. _`EditorConfig`: http://editorconfig.org/
.. _`Why the “volatile” type class should not be used`: https://www.kernel.org/doc/html/latest/process/volatile-considered-harmful.html
-.. _`MISRA C:2012 Guidelines`: https://www.misra.org.uk/Activities/MISRAC/tabid/160/Default.aspx
-.. _`a spreadsheet`: https://developer.trustedfirmware.org/file/download/lamajxif3w7c4mpjeoo5/PHID-FILE-fp7c7acszn6vliqomyhn/MISRA-and-TF-Analysis-v1.3.ods
diff --git a/docs/process/coding-style.rst b/docs/process/coding-style.rst
index 483780b..4f1976f 100644
--- a/docs/process/coding-style.rst
+++ b/docs/process/coding-style.rst
@@ -47,13 +47,13 @@
MISRA Compliance
----------------
-TF-A attempts to comply with the `MISRA C:2012 Guidelines`_. Coverity
-Static Analysis is used to regularly generate a report of current MISRA defects
-and to prevent the addition of new ones.
+TF-A attempts to comply with the `MISRA C:2012 Guidelines`_. `ECLAIR` static
+analysis is used to regularly generate a report of current MISRA defects and to
+prevent the addition of new ones.
-It is not possible for the project to follow all MISRA guidelines. We maintain
-`a spreadsheet`_ that lists all rules and directives and whether we aim to
-comply with them or not. A rationale is given for each deviation.
+It is not possible for the project to follow all MISRA guidelines. Table 1
+below lists all rules and directives and whether we aim to comply with them or
+not. A rationale is given for each deviation.
.. note::
Enforcing a rule does not mean that the codebase is free of defects
@@ -63,6 +63,9 @@
Third-party libraries are not considered in our MISRA analysis and we do not
intend to modify them to make them MISRA compliant.
+.. csv-table:: Table 1: MISRA compliance in TF-A code base
+ :file: misra-compliance.csv
+
Indentation
-----------
@@ -487,5 +490,4 @@
*Copyright (c) 2020-2023, Arm Limited. All rights reserved.*
.. _`Linux kernel coding style`: https://www.kernel.org/doc/html/latest/process/coding-style.html
-.. _`MISRA C:2012 Guidelines`: https://www.misra.org.uk/Activities/MISRAC/tabid/160/Default.aspx
-.. _`a spreadsheet`: https://developer.trustedfirmware.org/file/download/lamajxif3w7c4mpjeoo5/PHID-FILE-fp7c7acszn6vliqomyhn/MISRA-and-TF-Analysis-v1.3.ods
+.. _`MISRA C:2012 Guidelines`: https://en.wikipedia.org/wiki/MISRA_C#MISRA_C:2012
diff --git a/docs/process/commit-style.rst b/docs/process/commit-style.rst
index d7e937b..c287599 100644
--- a/docs/process/commit-style.rst
+++ b/docs/process/commit-style.rst
@@ -149,5 +149,5 @@
.. _Conventional Commits: https://www.conventionalcommits.org/en/v1.0.0
.. _Gerrit Change-Ids documentation: https://review.trustedfirmware.org/Documentation/user-changeid.html
.. _Gerrit Signed-off-by Lines guidelines: https://review.trustedfirmware.org/Documentation/user-signedoffby.html
-.. _issue: https://developer.trustedfirmware.org/project/board/1/
+.. _issue: https://github.com/TrustedFirmware-A/trusted-firmware-a/issues
.. _quick summary: https://www.conventionalcommits.org/en/v1.0.0/#summary
diff --git a/docs/process/contributing.rst b/docs/process/contributing.rst
index ef9ebd3..33b3533 100644
--- a/docs/process/contributing.rst
+++ b/docs/process/contributing.rst
@@ -7,8 +7,12 @@
- Make sure you have a Github account and you are logged on both
`developer.trustedfirmware.org`_ and `review.trustedfirmware.org`_.
+ Also make sure that you have registered your full name and email address in
+ your `review.trustedfirmware.org`_ profile. Otherwise, the Gerrit server
+ might reject patches you attempt to post for review.
+
- If you plan to contribute a major piece of work, it is usually a good idea to
- start a discussion around it on the mailing list. This gives everyone
+ start a discussion around it on the `TF-A mailing list`_. This gives everyone
visibility of what is coming up, you might learn that somebody else is
already working on something similar or the community might be able to
provide some early input to help shaping the design of the feature.
@@ -17,16 +21,16 @@
it explicitly in the email thread and ensure that the changes that include
Third Party IP are made in a separate patch (or patch series).
-- Clone `Trusted Firmware-A`_ on your own machine as described in
+- Clone the Trusted Firmware-A source code on your own machine as described in
:ref:`prerequisites_get_source`.
-- Create a local topic branch based on the `Trusted Firmware-A`_ ``master``
+- Create a local topic branch based on the Trusted Firmware-A ``master``
branch.
Making Changes
==============
-- Ensure commits adhere to the the project's :ref:`Commit Style`.
+- Ensure commits adhere to the project's :ref:`Commit Style`.
- Make commits of logical units. See these general `Git guidelines`_ for
contributing to a project.
@@ -93,13 +97,21 @@
Submitting Changes
==================
+.. note::
+ Please follow the `How to Contribute Code`_ section of the OpenCI
+ documentation for general instructions on setting up Gerrit and posting
+ patches there. The rest of this section provides details about patch
+ submission rules specifically for the TF-A project.
+
-- Submit your changes for review at https://review.trustedfirmware.org
- targeting the ``integration`` branch.
+- Submit your changes for review using the ``git review`` command.
-- Add reviewers for your patch:
+ This will automatically rebase them onto the upstream ``integration`` branch,
+ as required by TF-A's patch submission process.
- - At least one code owner for each module modified by the patch. See the list
- of modules and their :ref:`code owners`.
+- From the Gerrit web UI, add reviewers for your patch:
+
+ - At least one code owner for each module modified by the patch. See the
+ list of modules and their :ref:`code owners`.
- At least one maintainer. See the list of :ref:`maintainers`.
@@ -167,26 +179,54 @@
Add CI Configurations
=====================
-- TF-A uses Jenkins tool for Continuous Integration and testing activities.
- Various CI Jobs are deployed which run tests on every patch before being
- merged. So each of your patches go through a series of checks before they
- get merged on to the master branch. Kindly ensure, that everytime you add
- new files under your platform, they are covered under the following two sections:
+TF-A uses Jenkins for Continuous Integration and testing activities. Various CI
+jobs are deployed to run tests on every patch before being merged. Each of your
+patches go through a series of checks before they get merged on to the master
+branch. Kindly ensure that every time you add new files under your platform,
+they are covered by the following two sections.
Coverity Scan
-------------
+The TF-A project makes use of `Coverity Scan` for static analysis, a service
+offered by Synopsys for open-source projects. This tool is able to find defects
+and vulnerabilities in a code base, such as dereferences of NULL pointers, use
+of uninitialized data, control flow issues and many other things.
+
-- ``Coverity Scan analysis`` is one of the tests we perform on our source code
- at regular intervals. We maintain a build script ``tf-cov-make`` which contains the
- build configurations of various platforms in order to cover the entire source
- code being analysed by Coverity.
+The TF-A source code is submitted daily to this service for analysis. Results of
+the latest and previous scans, as well as the complete list of defects it
+detected, are accessible online from
+https://scan.coverity.com/projects/arm-software-arm-trusted-firmware.
-- When you submit your patches for review containing new source files, please
- ensure to include them for the ``Coverity Scan analysis`` by adding the
- respective build configurations in the ``tf-cov-make`` build script.
+The `tf-a-ci-scripts repository`_ contains scripts to run the Coverity Scan
+tools on the integration branch of the TF-A code base and make them available on
+https://scan.coverity.com. These scripts get executed daily by the
+`tf-a-coverity Jenkins job`_.
-- In this section you find the details on how to append your new build
- configurations for Coverity scan analysis illustrated with examples:
+In order to maintain a high level of coverage, including on newly introduced
+code, it is important to maintain the appropriate TF-A CI scripts. Details of
+when to update these scripts and how to do so follow.
+
+We maintain a build script - ``tf-cov-make`` - which contains the build
+configurations of various platforms in order to cover the entire source code
+being analysed by Coverity.
+
+When you submit your patches for review, and if they contain new source files,
+`TF-A CI static checks job`_ might report that these files are not covered. In
+this case, the job's console output will show the following error message::
+
+ ****** Newly added files detection check for Coverity Scan analysis on patch(es) ******
+
+ Result : FAILURE
+
+ New source files have been identified in your patch..
+ some/dir/file.c
+
+ please ensure to include them for the ``Coverity Scan analysis`` by adding
+ the respective build configurations in the ``tf-cov-make`` build script.
+
+In this section you find the details on how to append your new build
+configurations for Coverity scan analysis illustrated with examples:
#. We maintain a separate repository named `tf-a-ci-scripts repository`_
for placing all the test scripts which will be executed by the CI Jobs.
@@ -194,9 +234,9 @@
#. In this repository, ``tf-cov-make`` script is located at
``tf-a-ci-scripts/script/tf-coverity/tf-cov-make``
-#. Edit `tf-cov-make`_ script by appending all the possible build configurations with
- the specific ``build-flags`` relevant to your platform, so that newly added
- source files get built and analysed by Coverity.
+#. Edit the `tf-cov-make`_ script by appending all the possible build
+ configurations with the specific build flags relevant to your platform, so
+ that newly added source files get built and analysed by Coverity.
#. For better understanding follow the below specified examples listed in the
``tf-cov-make`` script.
@@ -220,45 +260,44 @@
make PLAT=hikey960 $(common_flags) ${TBB_OPTIONS} all
make PLAT=poplar $(common_flags) all
-- In this case for ``Hikey`` boards additional ``build-flags`` has been included
- along with the ``commom_flags`` to cover most of the files relevant to it.
+- In this case for ``Hikey`` boards additional build flags have been included
+ along with the ``common_flags`` to cover most of the files relevant to it.
- Similar to this you can still find many other different build configurations
of various other platforms listed in the ``tf-cov-make`` script. Kindly refer
them and append your build configurations respectively.
-Test Build Configuration (``tf-l1-build-plat``)
------------------------------------------------
+Test Build Configurations
+-------------------------
-- Coverity Scan analysis, runs on a daily basis and will not be triggered for
- every individual trusted-firmware patch.
+We have CI jobs which run a set of test configurations on every TF-A patch
+before they get merged upstream.
-- Considering this, we have other distinguished CI jobs which run a set of test
- configurations on every patch, before they are being passed to ``Coverity scan analysis``.
+At the bare minimum, TF-A code should build without any errors for every
+supported platform - and every feature of this platform. To make sure this is
+the case, we maintain a set of build tests. ``tf-l1-build-plat`` is the test
+group which holds all build tests for all platforms. So be kind enough to
+verify that your newly added files are covered by such a build test.
-- ``tf-l1-build-plat`` is the test group, which holds the test configurations
- to build all the platforms. So be kind enough to verify that your newly added
- files are built as part of one of the existing platform configurations present
- in ``tf-l1-build-plat`` test group.
+If this is not the case, please follow the instructions below to add the
+appropriate files. We will illustrate this with an example for the ``Hikey``
+platform.
-- In this section you find the details on how to add the appropriate files,
- needed to build your newly introduced platform as part of ``tf-l1-build-plat``
- test group, illustrated with an example:
-
-- Lets consider ``Hikey`` platform:
- In the `tf-a-ci-scripts repository`_ we need to add a build configuration file ``hikey-default``
- under tf_config folder, ``tf_config/hikey-default`` listing all the build parameters
- relevant to it.
+- In the `tf-a-ci-scripts repository`_ we need to add a build configuration file
+ ``hikey-default`` under ``tf_config/`` folder. ``tf_config/hikey-default``
+ must list all the build parameters relevant to it.
.. code:: shell
- #Hikey Build Parameters
+ # Hikey Build Parameters
CROSS_COMPILE=aarch64-none-elf-
PLAT=hikey
-- Further a test-configuration file ``hikey-default:nil`` need to be added under the
- test group, ``tf-l1-build-plat`` located at ``tf-a-ci-scripts/group/tf-l1-build-plat``,
- to allow the platform to be built as part of this group.
+- Further another file, ``hikey-default:nil``, needs to be added under
+ ``group/tf-l1-build-plat/`` folder to allow the platform to be built as part
+ of this test group. ``group/tf-l1-build-plat/hikey-default:nil`` file just
+ needs to exist but does not contain anything meaningful, apart from a
+ mandatory copyright notice:
.. code:: shell
@@ -268,7 +307,11 @@
# SPDX-License-Identifier: BSD-3-Clause
#
-- As illustrated above, you need to add the similar files supporting your platform.
+- As illustrated above, you need to add similar files supporting your platform.
+
+For a more elaborate explanation of the TF-A CI scripts internals, including how
+to add more complex tests beyond a simple build test, please refer to the `TF-A
+CI scripts overview`_ section of the OpenCI documentation.
Binary Components
=================
@@ -289,11 +332,10 @@
--------------
-*Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.*
.. _developer.trustedfirmware.org: https://developer.trustedfirmware.org
.. _review.trustedfirmware.org: https://review.trustedfirmware.org
-.. _Trusted Firmware-A: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git
.. _Git guidelines: http://git-scm.com/book/ch5-2.html
.. _Gerrit Uploading Changes documentation: https://review.trustedfirmware.org/Documentation/user-upload.html
.. _TF-A Tests: https://trustedfirmware-a-tests.readthedocs.io
@@ -302,3 +344,7 @@
.. _TF-A mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/
.. _tf-a-ci-scripts repository: https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git/
.. _tf-cov-make: https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git/tree/script/tf-coverity/tf-cov-make
+.. _How to Contribute Code: https://tf-ci-users-guide.readthedocs.io/en/latest/#how-to-contribute-code
+.. _TF-A CI scripts overview: https://tf-ci-users-guide.readthedocs.io/en/latest/#tf-a-ci-scripts-overview
+.. _tf-a-coverity Jenkins job: https://ci.trustedfirmware.org/job/tf-a-coverity/
+.. _TF-A CI static checks job: https://ci.trustedfirmware.org/job/tf-a-static-checks/
diff --git a/docs/process/misra-compliance.csv b/docs/process/misra-compliance.csv
new file mode 100644
index 0000000..7b02930
--- /dev/null
+++ b/docs/process/misra-compliance.csv
@@ -0,0 +1,174 @@
+Seq,Dir / Rule,Number,Source,Category,Checker Enabled,Enforced,Comments
+1,D,1.1,MISRA C 2012,Required,N/A,Yes,
+2,D,2.1,MISRA C 2012,Required,N/A,Yes,
+3,D,3.1,MISRA C 2012,Required,N/A,No,It can’t be done retroactively.
+4,D,4.1,MISRA C 2012,Required,N/A,Yes,
+5,D,4.2,MISRA C 2012,Advisory,N/A,Yes,
+6,D,4.3,MISRA C 2012,Required,Yes,Yes,
+7,D,4.4,MISRA C 2012,Advisory,Yes,Yes,
+8,D,4.5,MISRA C 2012,Advisory,Yes,Yes,
+9,D,4.6,MISRA C 2012,Advisory,No,No,We use a mix of both. It would be too disruptive for the project to change.
+10,D,4.7,MISRA C 2012,Required,Yes,Yes,
+11,D,4.8,MISRA C 2012,Advisory,No,No,Fixing all instances would involve invasive changes to the codebase for no good reason.
+12,D,4.9,MISRA C 2012,Advisory,No,No,"We mustn’t introduce new macros unless strictly needed, but this affects assert(), INFO(), etc. It creates too much noise in the report for little gain."
+13,D,4.10,MISRA C 2012,Required,Yes,Yes,
+14,D,4.11,MISRA C 2012,Required,Yes,Yes,
+15,D,4.12,MISRA C 2012,Required,Yes,Yes,
+16,D,4.13,MISRA C 2012,Advisory,Yes,Yes,
+17,D,4.14,MISRA C 2012 AMD-1,Required,Yes,Yes,
+18,R,1.1,MISRA C 2012,Required,Yes,Yes,
+19,R,1.2,MISRA C 2012,Advisory,Yes,Optional,It bans __attribute__(()) and similar helpers.
+20,R,1.3,MISRA C 2012,Required,N/A,Yes,
+21,R,2.1,MISRA C 2012,Required,Yes,Yes,
+22,R,2.2,MISRA C 2012,Required,Yes,Yes,
+23,R,2.3,MISRA C 2012,Advisory,Yes,Optional,It prevents the usage of CASSERT().
+24,R,2.4,MISRA C 2012,Advisory,No,No,Header files may use enumerations instead of defines to group sets of values.
+25,R,2.5,MISRA C 2012,Advisory,No,No,We define many headers with macros that are unused in the project but may be used by non-upstream code or may be desirable for completeness.
+26,R,2.6,MISRA C 2012,Advisory,Yes,Yes,
+27,R,2.7,MISRA C 2012,Advisory,No,No,Doesn't allow for simple implementations of porting functions that don't require all parameters.
+28,R,3.1,MISRA C 2012,Required,Yes,Yes,
+29,R,3.2,MISRA C 2012,Required,Yes,Yes,
+30,R,4.1,MISRA C 2012,Required,Yes,Yes,
+31,R,4.2,MISRA C 2012,Advisory,Yes,Yes,
+32,R,5.1,MISRA C 2012,Required,No,No,We use weak symbols that prevent us from complying with this rule.
+33,R,5.2,MISRA C 2012,Required,Yes,Yes,
+34,R,5.3,MISRA C 2012,Required,Yes,Yes,
+35,R,5.4,MISRA C 2012,Required,Yes,Yes,
+36,R,5.5,MISRA C 2012,Required,Yes,Yes,
+37,R,5.6,MISRA C 2012,Required,Yes,Yes,
+38,R,5.7,MISRA C 2012,Required,Yes,Optional,Fixing all existing defects is problematic because of compatibility issues.
+39,R,5.8,MISRA C 2012,Required,No,No,We use weak symbols that prevent us from complying with this rule.
+40,R,5.9,MISRA C 2012,Advisory,Yes,Yes,
+41,R,6.1,MISRA C 2012,Required,Yes,Yes,
+42,R,6.2,MISRA C 2012,Required,Yes,Yes,
+43,R,7.1,MISRA C 2012,Required,Yes,Yes,
+44,R,7.2,MISRA C 2012,Required,Yes,Yes,
+45,R,7.3,MISRA C 2012,Required,Yes,Yes,
+46,R,7.4,MISRA C 2012,Required,Yes,Yes,
+47,R,8.1,MISRA C 2012,Required,Yes,Yes,
+48,R,8.2,MISRA C 2012,Required,Yes,Yes,
+49,R,8.3,MISRA C 2012,Required,Yes,Yes,
+50,R,8.4,MISRA C 2012,Required,Yes,Yes,
+51,R,8.5,MISRA C 2012,Required,Yes,Yes,
+52,R,8.6,MISRA C 2012,Required,No,No,We use weak symbols that prevent us from complying with this rule.
+53,R,8.7,MISRA C 2012,Advisory,No,No,"Bans pattern of declaring funcs in private header that are used/defined in separate translation units, which seems over the top."
+54,R,8.8,MISRA C 2012,Required,Yes,Yes,
+55,R,8.9,MISRA C 2012,Advisory,Yes,Yes,
+56,R,8.10,MISRA C 2012,Required,Yes,Yes,
+57,R,8.11,MISRA C 2012,Advisory,Yes,Optional,This may not be possible in some interfaces.
+58,R,8.12,MISRA C 2012,Required,Yes,Yes,
+59,R,8.13,MISRA C 2012,Advisory,Yes,Optional,The benefits of fixing existing code aren’t worth the effort.
+60,R,8.14,MISRA C 2012,Required,Yes,Yes,
+61,R,9.1,MISRA C 2012,Mandatory,Yes,Yes,
+62,R,9.2,MISRA C 2012,Required,Yes,Yes,
+63,R,9.3,MISRA C 2012,Required,Yes,Yes,
+64,R,9.4,MISRA C 2012,Required,Yes,Yes,
+65,R,9.5,MISRA C 2012,Required,Yes,Yes,
+66,R,10.1,MISRA C 2012,Required,Yes,Optional,Fixing existing code may be counter-productive and introduce bugs.
+67,R,10.2,MISRA C 2012,Required,Yes,Yes,
+68,R,10.3,MISRA C 2012,Required,Yes,Optional,Fixing existing code may be counter-productive and introduce bugs.
+69,R,10.4,MISRA C 2012,Required,Yes,Optional,Fixing existing code may be counter-productive and introduce bugs.
+70,R,10.5,MISRA C 2012,Advisory,Yes,Yes,
+71,R,10.6,MISRA C 2012,Required,Yes,Yes,
+72,R,10.7,MISRA C 2012,Required,Yes,Yes,
+73,R,10.8,MISRA C 2012,Required,Yes,Yes,
+74,R,11.1,MISRA C 2012,Required,Yes,Yes,
+75,R,11.2,MISRA C 2012,Required,Yes,Yes,
+76,R,11.3,MISRA C 2012,Required,Yes,Yes,
+77,R,11.4,MISRA C 2012,Advisory,No,No,This would be invasive for TF (e.g. in exported linker script macros). Also bans conversion from uintptr_t.
+78,R,11.5,MISRA C 2012,Advisory,No,No,"This seems to preclude the pattern of using void * in interfaces to hide the real object, which we use extensively."
+79,R,11.6,MISRA C 2012,Required,Yes,Optional,This is needed in several cases.
+80,R,11.7,MISRA C 2012,Required,Yes,Yes,
+81,R,11.8,MISRA C 2012,Required,Yes,Yes,
+82,R,11.9,MISRA C 2012,Required,Yes,Yes,
+83,R,12.1,MISRA C 2012,Advisory,Yes,Yes,
+84,R,12.2,MISRA C 2012,Required,Yes,Yes,"This rule is fine, but there are lots of false positives in Coverity."
+85,R,12.3,MISRA C 2012,Advisory,Yes,Yes,
+86,R,12.4,MISRA C 2012,Advisory,Yes,Yes,
+87,R,12.5,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
+88,R,13.1,MISRA C 2012,Required,Yes,Yes,
+89,R,13.2,MISRA C 2012,Required,Yes,Yes,
+90,R,13.3,MISRA C 2012,Advisory,Yes,Yes,
+91,R,13.4,MISRA C 2012,Advisory,Yes,Yes,
+92,R,13.5,MISRA C 2012,Required,Yes,Yes,
+93,R,13.6,MISRA C 2012,Mandatory,Yes,Yes,
+94,R,14.1,MISRA C 2012,Required,Yes,Yes,
+95,R,14.2,MISRA C 2012,Required,Yes,Yes,
+96,R,14.3,MISRA C 2012,Required,Yes,Yes,
+97,R,14.4,MISRA C 2012,Required,Yes,Yes,
+98,R,15.1,MISRA C 2012,Advisory,No,No,In some cases goto may be useful for readability.
+99,R,15.2,MISRA C 2012,Required,Yes,Yes,
+100,R,15.3,MISRA C 2012,Required,Yes,Yes,
+101,R,15.4,MISRA C 2012,Advisory,Yes,Yes,
+102,R,15.5,MISRA C 2012,Advisory,No,No,This has no real value. It may make code less understandable than before.
+103,R,15.6,MISRA C 2012,Required,No,No,This directly contradicts the Linux style guidelines and would require many changes. We would have to remove that rule from checkpatch.
+104,R,15.7,MISRA C 2012,Required,Yes,Yes,
+105,R,16.1,MISRA C 2012,Required,No,No,Cannot comply with this unless we comply with 16.3
+106,R,16.2,MISRA C 2012,Required,Yes,Yes,
+107,R,16.3,MISRA C 2012,Required,No,No,Returns within switch statements and fall-throughs can improve readability.
+108,R,16.4,MISRA C 2012,Required,Yes,Yes,
+109,R,16.5,MISRA C 2012,Required,Yes,Yes,
+110,R,16.6,MISRA C 2012,Required,Yes,Yes,
+111,R,16.7,MISRA C 2012,Required,Yes,Yes,
+112,R,17.1,MISRA C 2012,Required,No,No,This is needed for printf.
+113,R,17.2,MISRA C 2012,Required,Yes,Yes,Bans recursion. We consider it acceptable if the max depth is known.
+114,R,17.3,MISRA C 2012,Mandatory,Yes,Yes,
+115,R,17.4,MISRA C 2012,Mandatory,Yes,Yes,
+116,R,17.5,MISRA C 2012,Advisory,Yes,Yes,
+117,R,17.6,MISRA C 2012,Mandatory,Yes,Yes,
+118,R,17.7,MISRA C 2012,Required,Yes,Optional,In some cases it doesn’t add any value to the code (like with memset() or printf()).
+119,R,17.8,MISRA C 2012,Advisory,Yes,Optional,It would make some one-line functions grow in size for no reason.
+120,R,18.1,MISRA C 2012,Required,Yes,Yes,
+121,R,18.2,MISRA C 2012,Required,Yes,Yes,
+122,R,18.3,MISRA C 2012,Required,Yes,Yes,
+123,R,18.4,MISRA C 2012,Advisory,Yes,Yes,
+124,R,18.5,MISRA C 2012,Advisory,Yes,Yes,
+125,R,18.6,MISRA C 2012,Required,Yes,Yes,
+126,R,18.7,MISRA C 2012,Required,Yes,Yes,
+127,R,18.8,MISRA C 2012,Required,Yes,Yes,
+128,R,19.1,MISRA C 2012,Mandatory,Yes,Yes,
+129,R,19.2,MISRA C 2012,Advisory,Yes,Optional,"Unions can be useful. We almost don’t use them, so it’s ok."
+130,R,20.1,MISRA C 2012,Advisory,Yes,Optional,In some files we have assembly-compatible includes followed by assembly-compatible definitions followed by C includes and C declarations. This is done to not have #ifdef in the include list.
+131,R,20.2,MISRA C 2012,Required,Yes,Yes,
+132,R,20.3,MISRA C 2012,Required,Yes,Yes,
+133,R,20.4,MISRA C 2012,Required,Yes,Yes,
+134,R,20.5,MISRA C 2012,Advisory,Yes,Yes,
+135,R,20.6,MISRA C 2012,Required,Yes,Yes,
+136,R,20.7,MISRA C 2012,Required,Yes,Yes,
+137,R,20.8,MISRA C 2012,Required,Yes,Optional,We need a new configuration system to fix all defects.
+138,R,20.9,MISRA C 2012,Required,Yes,Optional,"We use a mix of #if and #ifdef for boolean macros, which may raise some failures here. We should consistently use one or the other"
+139,R,20.10,MISRA C 2012,Advisory,Yes,Optional,"It’s good to avoid them, but they are sometimes needed."
+140,R,20.11,MISRA C 2012,Required,Yes,Yes,
+141,R,20.12,MISRA C 2012,Required,Yes,Yes,
+142,R,20.13,MISRA C 2012,Required,Yes,Yes,
+143,R,20.14,MISRA C 2012,Required,Yes,Yes,
+144,R,21.1,MISRA C 2012,Required,Yes,Yes,
+145,R,21.2,MISRA C 2012,Required,Yes,Yes,
+146,R,21.3,MISRA C 2012,Required,Yes,Yes,
+147,R,21.4,MISRA C 2012,Required,Yes,Yes,
+148,R,21.5,MISRA C 2012,Required,Yes,Yes,
+149,R,21.6,MISRA C 2012,Required,No,No,This bans printf.
+150,R,21.7,MISRA C 2012,Required,Yes,Yes,
+151,R,21.8,MISRA C 2012,Required,Yes,Yes,
+152,R,21.9,MISRA C 2012,Required,Yes,Yes,
+153,R,21.10,MISRA C 2012,Required,Yes,Yes,
+154,R,21.11,MISRA C 2012,Required,Yes,Yes,
+155,R,21.12,MISRA C 2012,Advisory,Yes,Yes,
+156,R,21.13,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
+157,R,21.14,MISRA C 2012 AMD-1,Required,Yes,Yes,
+158,R,21.15,MISRA C 2012 AMD-1,Required,Yes,Yes,
+159,R,21.16,MISRA C 2012 AMD-1,Required,Yes,Yes,
+160,R,21.17,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
+161,R,21.18,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
+162,R,21.19,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
+163,R,21.20,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
+164,R,22.1,MISRA C 2012,Required,Yes,Yes,
+165,R,22.2,MISRA C 2012,Mandatory,Yes,Yes,
+166,R,22.3,MISRA C 2012,Required,Yes,Yes,
+167,R,22.4,MISRA C 2012,Mandatory,Yes,Yes,
+168,R,22.5,MISRA C 2012,Mandatory,Yes,Yes,
+169,R,22.6,MISRA C 2012,Mandatory,Yes,Yes,
+170,R,22.7,MISRA C 2012 AMD-1,Required,Yes,Yes,
+171,R,22.8,MISRA C 2012 AMD-1,Required,Yes,Yes,
+172,R,22.9,MISRA C 2012 AMD-1,Required,Yes,Yes,
+173,R,22.10,MISRA C 2012 AMD-1,Required,Yes,Yes,
diff --git a/docs/process/security.rst b/docs/process/security.rst
index bbc939a..1e7ac2e 100644
--- a/docs/process/security.rst
+++ b/docs/process/security.rst
@@ -73,8 +73,10 @@
| |TFV-10| | Incorrect validation of X.509 certificate extensions can result |
| | in an out-of-bounds read |
+-----------+------------------------------------------------------------------+
+| |TFV-11| | A Malformed SDEI SMC can cause out of bound memory read |
++-----------+------------------------------------------------------------------+
-.. _issue tracker: https://developer.trustedfirmware.org/project/board/1/
+.. _issue tracker: https://github.com/TrustedFirmware-A/trusted-firmware-a/issues
.. _mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/
.. |TFV-1| replace:: :ref:`Advisory TFV-1 (CVE-2016-10319)`
@@ -87,6 +89,7 @@
.. |TFV-8| replace:: :ref:`Advisory TFV-8 (CVE-2018-19440)`
.. |TFV-9| replace:: :ref:`Advisory TFV-9 (CVE-2022-23960)`
.. |TFV-10| replace:: :ref:`Advisory TFV-10 (CVE-2022-47630)`
+.. |TFV-11| replace:: :ref:`Advisory TFV-11 (CVE-2023-49100)`
.. _TrustedFirmware.org security incident process: https://trusted-firmware-docs.readthedocs.io/en/latest/security_center/
diff --git a/docs/resources/diagrams/cot-dualroot.jpg b/docs/resources/diagrams/cot-dualroot.jpg
new file mode 100644
index 0000000..c56392e
--- /dev/null
+++ b/docs/resources/diagrams/cot-dualroot.jpg
Binary files differ
diff --git a/docs/resources/diagrams/cot-tbbr.jpg b/docs/resources/diagrams/cot-tbbr.jpg
new file mode 100644
index 0000000..7ecd69d
--- /dev/null
+++ b/docs/resources/diagrams/cot-tbbr.jpg
Binary files differ
diff --git a/docs/resources/diagrams/tf-a_attack_tree.png b/docs/resources/diagrams/tf-a_attack_tree.png
new file mode 100755
index 0000000..0ade8e8
--- /dev/null
+++ b/docs/resources/diagrams/tf-a_attack_tree.png
Binary files differ
diff --git a/docs/resources/diagrams/tf-a_data_flow_diagram.png b/docs/resources/diagrams/tf-a_data_flow_diagram.png
new file mode 100755
index 0000000..f65da01
--- /dev/null
+++ b/docs/resources/diagrams/tf-a_data_flow_diagram.png
Binary files differ
diff --git a/docs/resources/diagrams/tf-a_system_diagram.png b/docs/resources/diagrams/tf-a_system_diagram.png
new file mode 100755
index 0000000..f9bb9e9
--- /dev/null
+++ b/docs/resources/diagrams/tf-a_system_diagram.png
Binary files differ
diff --git a/docs/security_advisories/index.rst b/docs/security_advisories/index.rst
index c9b0f78..ad55546 100644
--- a/docs/security_advisories/index.rst
+++ b/docs/security_advisories/index.rst
@@ -15,3 +15,4 @@
security-advisory-tfv-8.rst
security-advisory-tfv-9.rst
security-advisory-tfv-10.rst
+ security-advisory-tfv-11.rst
diff --git a/docs/security_advisories/security-advisory-tfv-10.rst b/docs/security_advisories/security-advisory-tfv-10.rst
index 91dba07..f53bae1 100644
--- a/docs/security_advisories/security-advisory-tfv-10.rst
+++ b/docs/security_advisories/security-advisory-tfv-10.rst
@@ -98,7 +98,7 @@
``drivers/auth/``) require that the certificate's signature has already been
validated prior to calling ``get_ext()``, or any function that calls ``get_ext()``.
Platforms taking their chain of trust from a dynamic configuration file (such as
-``fdts/cot_descriptors.dtsi``) are also safe, as signature verification will
+``fdts/tbbr_cot_descriptors.dtsi``) are also safe, as signature verification will
always be done prior to any calls to ``get_ext()`` or ``auth_nvctr()`` in this
case, no matter the order of the properties in the file. Therefore, it is not
possible to exploit this vulnerability pre-authentication in upstream TF-A.
diff --git a/docs/security_advisories/security-advisory-tfv-11.rst b/docs/security_advisories/security-advisory-tfv-11.rst
new file mode 100644
index 0000000..b5063f0
--- /dev/null
+++ b/docs/security_advisories/security-advisory-tfv-11.rst
@@ -0,0 +1,86 @@
+Advisory TFV-11 (CVE-2023-49100)
+================================
+
++----------------+-------------------------------------------------------------+
+| Title | A Malformed SDEI SMC can cause out of bound memory read. |
++================+=============================================================+
+| CVE ID | `CVE-2023-49100`_ |
++----------------+-------------------------------------------------------------+
+| Date | Reported on 12 Oct 2023 |
++----------------+-------------------------------------------------------------+
+| Versions | TF-A releases v1.5 to v2.9 |
+| Affected | LTS releases lts-v2.8.0 to lts-v2.8.11 |
++----------------+-------------------------------------------------------------+
+| Configurations | Platforms with SDEI support |
+| Affected | |
++----------------+-------------------------------------------------------------+
+| Impact | Denial of Service (secure world panic) |
++----------------+-------------------------------------------------------------+
+| Fix Version | `a7eff3477`_ "fix(sdei): ensure that interrupt ID is valid" |
++----------------+-------------------------------------------------------------+
+| Credit | Christian Lindenmeier `@_chli_`_ |
+| | Marcel Busch `@0ddc0de`_ |
+| | `IT Security Infrastructures Lab`_ |
++----------------+-------------------------------------------------------------+
+
+This security advisory describes a vulnerability in the SDEI services, where a
+rogue Non-secure caller invoking a SDEI_INTERRUPT_BIND SMC call with an invalid
+interrupt ID causes out of bound memory read.
+
+SDEI_INTERRUPT_BIND is used to bind any physical interrupt into a normal
+priority SDEI event. The interrupt can be a private peripheral interrupt
+(PPI) or a shared peripheral interrupt (SPI).
+Refer to SDEI_INTERRUPT_BIND in the `SDEI Specification`_ for further details.
+
+The vulnerability exists when the SDEI client passes an interrupt ID which
+is not implemented by the GIC. This will result in a data abort exception
+or a EL3 panic depending on the GIC version used in the system.
+
+- **GICv2 systems:**
+
+.. code:: c
+
+ Call stack:
+ sdei_interrupt_bind(interrupt ID)
+ -> plat_ic_get_interrupt_type(interrupt ID)
+ -> gicv2_get_interrupt_group(interrupt ID)
+ -> gicd_get_igroupr(distributor base, interrupt ID)
+ -> gicd_read_igroupr(distributor base, interrupt ID).
+
+ gicd_read_igroupr() will eventually do a MMIO read to an unimplemented IGROUPR
+ register. Which may cause a data abort or an access to a random EL3 memory region.
+
+- **GICv3 systems:**
+
+.. code:: c
+
+ Call stack:
+ sdei_interrupt_bind(interrupt ID)
+ -> plat_ic_get_interrupt_type(interrupt ID)
+ -> gicv3_get_interrupt_group(interrupt ID, core ID)
+ -> is_sgi_ppi(interrupt ID)
+
+ is_sgi_ppi() will end up in an EL3 panic on encountering an invalid interrupt ID.
+
+The vulnerability is fixed by ensuring that the Interrupt ID provided by the
+SDEI client is a valid PPI or SPI, otherwise return an error code indicating
+that the parameter is invalid.
+
+.. code:: c
+
+ /* Bind an SDEI event to an interrupt */
+ static int sdei_interrupt_bind(unsigned int intr_num)
+ {
+ sdei_ev_map_t *map;
+ bool retry = true, shared_mapping;
+
+ /* Interrupt must be either PPI or SPI */
+ if (!(plat_ic_is_ppi(intr_num) || plat_ic_is_spi(intr_num)))
+ return SDEI_EINVAL;
+
+.. _CVE-2023-49100: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49100
+.. _a7eff3477: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=a7eff3477dcf3624c74f5217419b1a27b7ebd2aa
+.. _IT Security Infrastructures Lab: https://www.cs1.tf.fau.de/
+.. _SDEI Specification: https://developer.arm.com/documentation/den0054/latest/
+.. _@_chli_: https://twitter.com/_chli_
+.. _@0ddc0de: https://twitter.com/0ddc0de
diff --git a/docs/threat_model/firmware_threat_model/index.rst b/docs/threat_model/firmware_threat_model/index.rst
new file mode 100644
index 0000000..05b6710
--- /dev/null
+++ b/docs/threat_model/firmware_threat_model/index.rst
@@ -0,0 +1,41 @@
+TF-A Firmware Threat Model
+==========================
+
+As the TF-A codebase is highly configurable to allow tailoring it best for each
+platform's needs, providing a holistic threat model covering all of its features
+is not necessarily the best approach. Instead, we provide a collection of
+documents which, together, form the project's threat model. These are
+articulated around a core document, called the :ref:`Generic Threat Model`,
+which focuses on the most common configuration we expect to see. The other
+documents typically focus on specific features not covered in the core document.
+
+As the TF-A codebase evolves and new features get added, these threat model
+documents will be updated and extended in parallel to reflect at best the
+current status of the code from a security standpoint.
+
+ .. note::
+
+ Although our aim is eventually to provide threat model material for all
+ features within the project, we have not reached that point yet. We expect
+ to gradually fill these gaps over time.
+
+Each of these documents give a description of the target of evaluation using a
+data flow diagram, as well as a list of threats we have identified using the
+`STRIDE threat modeling technique`_ and corresponding mitigations.
+
+.. toctree::
+ :maxdepth: 1
+ :caption: Contents
+
+ threat_model
+ threat_model_el3_spm
+ threat_model_fvp_r
+ threat_model_rss_interface
+ threat_model_arm_cca
+ threat_model_fw_update_and_recovery
+
+--------------
+
+*Copyright (c) 2021-2024, Arm Limited and Contributors. All rights reserved.*
+
+.. _STRIDE threat modeling technique: https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats#stride-model
diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/firmware_threat_model/threat_model.rst
similarity index 98%
rename from docs/threat_model/threat_model.rst
rename to docs/threat_model/firmware_threat_model/threat_model.rst
index 242f818..63bdc8a 100644
--- a/docs/threat_model/threat_model.rst
+++ b/docs/threat_model/firmware_threat_model/threat_model.rst
@@ -55,7 +55,7 @@
trust boundaries. Components outside of the broken lines
are considered untrusted by TF-A.
-.. uml:: ../resources/diagrams/plantuml/tfa_dfd.puml
+.. uml:: ../../resources/diagrams/plantuml/tfa_dfd.puml
:caption: Figure 1: TF-A Data Flow Diagram
.. table:: Table 1: TF-A Data Flow Diagram Description
@@ -163,6 +163,15 @@
ion beam (FIB) workstation or decapsulate the chip using chemicals) is
considered out-of-scope.
+ Certain non-invasive physical attacks that do not need modifications to the
+ chip, notably those like Power Analysis Attacks, are out-of-scope. Power
+ analysis side-channel attacks represent a category of security threats that
+ capitalize on information leakage through a device's power consumption during
+ its normal operation. These attacks leverage the correlation between a
+ device's power usage and its internal data processing activities. This
+ correlation provides attackers with the means to extract sensitive
+ information, including cryptographic keys.
+
Threat Types
============
@@ -1090,7 +1099,7 @@
--------------
-*Copyright (c) 2021-2023, Arm Limited. All rights reserved.*
+*Copyright (c) 2021-2024, Arm Limited. All rights reserved.*
.. _STRIDE threat analysis technique: https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats#stride-model
diff --git a/docs/threat_model/threat_model_arm_cca.rst b/docs/threat_model/firmware_threat_model/threat_model_arm_cca.rst
similarity index 98%
rename from docs/threat_model/threat_model_arm_cca.rst
rename to docs/threat_model/firmware_threat_model/threat_model_arm_cca.rst
index fbf3327..af38ea3 100644
--- a/docs/threat_model/threat_model_arm_cca.rst
+++ b/docs/threat_model/firmware_threat_model/threat_model_arm_cca.rst
@@ -86,7 +86,7 @@
diagram, the red broken lines indicate trust boundaries. Components outside of
the broken lines are considered untrusted by TF-A.
-.. uml:: ../resources/diagrams/plantuml/tfa_arm_cca_dfd.puml
+.. uml:: ../../resources/diagrams/plantuml/tfa_arm_cca_dfd.puml
:caption: Figure 1: Data Flow Diagram
.. table:: Table 1: Data Flow Diagram Description
@@ -220,6 +220,6 @@
| 14 | Yes | |
+----+-------------+-------------------------------------------------------+
-*Copyright (c) 2023, Arm Limited. All rights reserved.*
+*Copyright (c) 2023-2024, Arm Limited. All rights reserved.*
.. _Arm CCA Security Model: https://developer.arm.com/documentation/DEN0096/A_a
diff --git a/docs/threat_model/threat_model_el3_spm.rst b/docs/threat_model/firmware_threat_model/threat_model_el3_spm.rst
similarity index 99%
rename from docs/threat_model/threat_model_el3_spm.rst
rename to docs/threat_model/firmware_threat_model/threat_model_el3_spm.rst
index 8adf3df..a2d6798 100644
--- a/docs/threat_model/threat_model_el3_spm.rst
+++ b/docs/threat_model/firmware_threat_model/threat_model_el3_spm.rst
@@ -37,7 +37,7 @@
Components outside of the broken lines are considered untrusted.
-.. uml:: ../resources/diagrams/plantuml/el3_spm_dfd.puml
+.. uml:: ../../resources/diagrams/plantuml/el3_spm_dfd.puml
:caption: Figure 1: EL3 SPMC Data Flow Diagram
.. table:: Table 1: EL3 SPMC Data Flow Diagram Description
@@ -644,7 +644,7 @@
---------------
-*Copyright (c) 2022-2023, Arm Limited. All rights reserved.*
+*Copyright (c) 2022-2024, Arm Limited. All rights reserved.*
.. _Arm Firmware Framework for Arm A-profile: https://developer.arm.com/docs/den0077/latest
.. _FF-A ACS: https://github.com/ARM-software/ff-a-acs/releases
diff --git a/docs/threat_model/threat_model_fvp_r.rst b/docs/threat_model/firmware_threat_model/threat_model_fvp_r.rst
similarity index 98%
rename from docs/threat_model/threat_model_fvp_r.rst
rename to docs/threat_model/firmware_threat_model/threat_model_fvp_r.rst
index 725eeed..0b71bf0 100644
--- a/docs/threat_model/threat_model_fvp_r.rst
+++ b/docs/threat_model/firmware_threat_model/threat_model_fvp_r.rst
@@ -96,4 +96,4 @@
--------------
-*Copyright (c) 2021-2023, Arm Limited. All rights reserved.*
+*Copyright (c) 2021-2024, Arm Limited. All rights reserved.*
diff --git a/docs/threat_model/firmware_threat_model/threat_model_fw_update_and_recovery.rst b/docs/threat_model/firmware_threat_model/threat_model_fw_update_and_recovery.rst
new file mode 100644
index 0000000..7b55c74
--- /dev/null
+++ b/docs/threat_model/firmware_threat_model/threat_model_fw_update_and_recovery.rst
@@ -0,0 +1,103 @@
+Threat Model for TF-A with PSA FWU or TBBR FWU support
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Introduction
+************
+
+This document provides a threat model of TF-A firmware for platforms with
+the feature PSA firmware update or TBBR firmware update or both enabled.
+To understand the design of the firmware update refer
+:ref:`Firmware Update (FWU)`.
+
+Although it is a separate document, it references the :ref:`Generic Threat
+Model` in a number of places, as some of the contents are applicable to this
+threat model.
+
+Target of Evaluation
+********************
+
+In this threat model, the target of evaluation is the Trusted Firmware for
+A-class Processors (TF-A) when PSA FWU support is enabled or TBBR FWU mode
+is enabled. This includes the boot ROM (BL1), the trusted boot firmware (BL2).
+
+Threat Assessment
+*****************
+
+For this section, please reference the Threat Assessment under the
+:ref:`Generic Threat Model`. Here only the differences are highlighted.
+
+PSA FWU
+*******
+
+Threats to be Mitigated by the Boot Firmware
+--------------------------------------------
+
+The following table analyses the :ref:`Boot Firmware Threats` in the context
+of this threat model. Only additional details are pointed out.
+
++----+-------------+-------------------------------------------------------+
+| ID | Applicable? | Comments |
++====+=============+=======================================================+
+| 01 | Yes | | Attacker can use arbitrary images to update the |
+| | | system. |
++----+-------------+-------------------------------------------------------+
+| 02 | Yes | | Attacker tries to update the system with the |
+| | | vulnerable/older firmware. |
++----+-------------+-------------------------------------------------------+
+| 03 | Yes | |
++----+-------------+-------------------------------------------------------+
+| 04 | Yes | |
++----+-------------+-------------------------------------------------------+
+
+
+Threats to be mitigated by platform design
+------------------------------------------
+
+PSA FWU is driven by metadata stored in non-volatile storage. This metadata
+is not cryptographically signed. Also, depending on the hardware design,
+it may be stored in untrusted storage, which makes it possible for software
+outside of TF-A security boundary or for a physical attacker to modify it
+in order to change the behaviour of the FWU process.
+
+Below we provide some possible FWU metadata corruption scenarios:
+
+1. The FWU metadata includes the firmware bank for booting; the attacker
+ tries to modify it to prevent the execution of the updated firmware.
+2. The FWU metadata features a field indicating the firmware's status, either
+ in trial run or accepted run. The attacker tries to manipulate this field,
+ ensuring the updated firmware consistently runs in trial mode, with the
+ intention of preventing the anti-rollback update.
+
+By design, no software mitigations exist to prevent this. The safeguarding
+of FWU metadata relies on the platform's hardware design to mitigate potential
+attacks on it, if this is a concern in the platform's threat model.
+For example, FWU metadata may be stored in secure storage under exclusive
+access from secure software, protecting it from physical, unauthenticated
+accesses and from non-secure software accesses.
+
+TBBR FWU - Firmware Recovery
+****************************
+
+Threats to be Mitigated by the Boot Firmware
+--------------------------------------------
+
+The following table analyses the :ref:`Boot Firmware Threats` in the context
+of this threat model. Only additional details are pointed out.
+
++----+-------------+-------------------------------------------------------+
+| ID | Applicable? | Comments |
++====+=============+=======================================================+
+| 01 | Yes | | Attacker can use arbitrary images to recover the |
+| | | system. |
++----+-------------+-------------------------------------------------------+
+| 02 | Yes | | Attacker tries to recover the system with the |
+| | | vulnerable/older firmware. |
++----+-------------+-------------------------------------------------------+
+| 03 | Yes | |
++----+-------------+-------------------------------------------------------+
+| 04 | Yes | |
++----+-------------+-------------------------------------------------------+
+
+--------------
+
+*Copyright (c) 2024, Arm Limited. All rights reserved.*
diff --git a/docs/threat_model/threat_model_rss_interface.rst b/docs/threat_model/firmware_threat_model/threat_model_rss_interface.rst
similarity index 95%
rename from docs/threat_model/threat_model_rss_interface.rst
rename to docs/threat_model/firmware_threat_model/threat_model_rss_interface.rst
index 4bceb63..025d2d9 100644
--- a/docs/threat_model/threat_model_rss_interface.rst
+++ b/docs/threat_model/firmware_threat_model/threat_model_rss_interface.rst
@@ -24,7 +24,7 @@
cores. The interface description only focuses on the AP-RSS interface the rest
is the same as in the general TF-A threat-model document.
-.. uml:: ../resources/diagrams/plantuml/tfa_rss_dfd.puml
+.. uml:: ../../resources/diagrams/plantuml/tfa_rss_dfd.puml
:caption: Figure 1: TF-A Data Flow Diagram including RSS
.. table:: Table 1: TF-A - RSS data flow diagram
@@ -56,4 +56,4 @@
--------------
-*Copyright (c) 2022, Arm Limited. All rights reserved.*
\ No newline at end of file
+*Copyright (c) 2022-2024, Arm Limited. All rights reserved.*
diff --git a/docs/threat_model/index.rst b/docs/threat_model/index.rst
index e22378b..446e610 100644
--- a/docs/threat_model/index.rst
+++ b/docs/threat_model/index.rst
@@ -4,40 +4,14 @@
Threat modeling is an important part of Secure Development Lifecycle (SDL)
that helps us identify potential threats and mitigations affecting a system.
-As the TF-A codebase is highly configurable to allow tailoring it best for each
-platform's needs, providing a holistic threat model covering all of its features
-is not necessarily the best approach. Instead, we provide a collection of
-documents which, together, form the project's threat model. These are
-articulated around a core document, called the :ref:`Generic Threat Model`,
-which focuses on the most common configuration we expect to see. The other
-documents typically focus on specific features not covered in the core document.
-
-As the TF-A codebase evolves and new features get added, these threat model
-documents will be updated and extended in parallel to reflect at best the
-current status of the code from a security standpoint.
-
- .. note::
-
- Although our aim is eventually to provide threat model material for all
- features within the project, we have not reached that point yet. We expect
- to gradually fill these gaps over time.
-
-Each of these documents give a description of the target of evaluation using a
-data flow diagram, as well as a list of threats we have identified using the
-`STRIDE threat modeling technique`_ and corresponding mitigations.
.. toctree::
:maxdepth: 1
:caption: Contents
- threat_model
- threat_model_el3_spm
- threat_model_fvp_r
- threat_model_rss_interface
- threat_model_arm_cca
+ firmware_threat_model/index
+ supply_chain_threat_model
--------------
-*Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved.*
-
-.. _STRIDE threat modeling technique: https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats#stride-model
+*Copyright (c) 2021-2024, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/threat_model/supply_chain_threat_model.rst b/docs/threat_model/supply_chain_threat_model.rst
new file mode 100644
index 0000000..386a4b0
--- /dev/null
+++ b/docs/threat_model/supply_chain_threat_model.rst
@@ -0,0 +1,760 @@
+TF-A Supply Chain Threat Model
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Introduction
+************
+
+Software supply chain attacks aim to inject malicious code into a software
+product. There are several ways a malicious code can be injected into a
+software product (open-source project). These include:
+
+- Malicious code commits: This attack directly injects code into a project
+ repository. This can happen for example through developer/maintainer
+ credential hijacks, or malicious external contributors.
+
+- Malicious dependencies: In this case malicious code is introduced into a
+ project through other piece of code or packages the project depends on. This
+ can happen through for example typosquatting attack where an attacker creates
+ a malicious package with a very similar name to a popular package and hosts
+ it on popular package repositories.
+
+- Malicious toolchains: This involves malicious code introduced by compromised
+ resources used throughout the development and/or build process such as
+ compilers and IDEs.
+
+This document provides analysis of software supply chain attack threats for the
+TF-A project.
+
+TF-A Overview
+*************
+
+Figure 1 shows the different software components surrounding the TF-A project.
+A brief description of each component is provided below.
+
+TF-A Repository
+===============
+
+The TF-A repository contains generic and platform code contributed by TF-A
+contributors as well as libraries imported from other open-source projects,
+referred to as internal dependencies on Figure 1. These libraries include:
+
+- *libfdt*: libfdt is a utility library for reading and manipulating Device
+ Tree Binary (DTB) files. It is part of the Device Tree Compiler (DTC)
+ toolchain [1]_. DTC is used as part of the build process on the host machine
+ to build DTB files. libfdt is used to parse the DTB files at boot time.
+
+- *zlib*: zlib is a data compression library imported from [2]_.
+
+- *compiler-rt*: This is a collection of runtime libraries from the LLVM
+ compiler infrastructure project [3]_. We import the builtins library which
+ provides low-level, target-specific compiler builtins from compiler-rt.
+
+The TF-A repository also includes source code for host tools that supplement
+the TF-A build process. These tools include:
+
+- *fiptool*: This tool is used to create a Firmware Image Package (FIP) which
+ allows for packing bootloader images into a single archive that can be
+ loaded by TF-A from non-volatile platform storage.
+
+- *cert_create*: This tool is used to generate certificates for binary images.
+
+- *encrypt_fw*: This tool takes the plain firmware image as input and generates
+ the encrypted firmware image which can then be passed as input to the fiptool
+ utility for creating the FIP.
+
+- *sptool*: This tool is used to build the secure partition packages.
+
+|TF-A System Diagram|
+*Figure 1: TF-A System Diagram*
+
+External Dependencies
+=====================
+
+These are software components that are not part of the TF-A repository but are
+required to build TF-A binaries and host tools.
+
+- *Mbed TLS Library*: This is a cryptography library from trustedfirmware.org
+ (tf.org). It is required to build TF-A binaries where cryptography features
+ are needed, such as Trusted Board Boot (TBB).
+
+- *OpenSSL Library*: This is another cryptography library used by TF-A host
+ tools: fiptool, cert_create, and encrypt_fw.
+
+The following table lists TF-A dependencies including the sources of the
+dependencies.
+
+.. table:: Table 1: TF-A Dependencies
+
+ +-------------+------------------------+------------------------------------+
+ | Dependency | Location of Dependency | Original Source |
+ +=============+========================+====================================+
+ | libfdt | Local copy | [1]_ |
+ +-------------+------------------------+------------------------------------+
+ | zlib | Local copy | [2]_ |
+ +-------------+------------------------+------------------------------------+
+ | compiler-rt | Local copy | [3]_ |
+ +-------------+------------------------+------------------------------------+
+ | Mbed TLS | External | [4]_ |
+ +-------------+------------------------+------------------------------------+
+ | OpenSSL | External | [5]_ |
+ +-------------+------------------------+------------------------------------+
+
+Supplementary Binaries
+======================
+
+These are binaries used to test TF-A based systems. Below is a brief
+description of each component and where they are sourced from.
+
+- *SCP-firmware*: For our tests, we use SCP-firmware binaries supplied by the
+ Arm SCP team built from the source from the GitHub repository [6]_.
+
+- *OP-TEE*: Trusted Execution Environment (TEE) from tf.org that runs as
+ Secure EL1. We use OP-TEE built from source or binaries supplied with Arm
+ Reference Platforms depending on the test configuration.
+
+- *EDK2 UEFI*: Normal world bootloader from the EDK2 project [7]_. We use EDK2
+ UEFI binaries hosted on tf.org servers for testing [8]_.
+
+Other software components used to test TF-A include U-Boot, Linux kernel, RSS,
+MCP, and file systems, all sourced from the Arm Reference Platforms teams.
+
+TF-A Toolchain
+==============
+
+The TF-A project uses several tools to build, analyze and test the TF-A source
+code.
+
+Node.js Tools
+-------------
+
+These are optional quality assurance and developer utility tools that are
+installed through the use of the Node.js package manager. They are pinned to
+specific versions described by the package.json file in the root of the TF-A
+repository, and their dependencies are downloaded from the internet at the
+point of installation. These tools may be installed locally on the developer
+machine and are installed within a Docker container in certain CI jobs. At
+present, these are:
+
+- Commitlint
+
+- Commitizen
+
+- Husky
+
+Infrastructure
+==============
+
+TF-A uses trustedfirmware.org (tf.org) and Arm infrastructures to host the
+source code, review code and run tests. Appendix A provides a security analysis
+of tf.org infrastructure.
+
+TF-A Data Flow
+**************
+
+Figure 2 below shows the data flow diagram for TF-A. The broken red lines
+indicate trust boundaries.
+
+|TF-A Data Flow Diagram|
+*Figure 2: TF-A Data Flow Diagram*
+
+Attack Tree
+***********
+
+|TF-A Attack Tree|
+*Figure 3: TF-A Attack Tree*
+
+Threat Assessment and Mitigations
+*********************************
+
+Impact and Likelihood Ratings
+=============================
+
+ +--------+------------------------------+-----------------------------------+
+ | Rating | Impact | Likelihood |
+ +========+==============================+===================================+
+ | HIGH | Major impact to entire | Threat is relatively easy to |
+ | | organization or single line | exploit by an attacker with |
+ | | of business if exploited. | little effort and skill. |
+ +--------+------------------------------+-----------------------------------+
+ | MEDIUM | Noticeable impact to line of | An expert attacker could exploit |
+ | | business if exploited. | the threat without much |
+ | | | difficulty. |
+ +--------+------------------------------+-----------------------------------+
+ | LOW | Minor damage if exploited or | Exploiting the threat would |
+ | | could be used in conjunction | require considerable effort and |
+ | | with other vulnerabilities | resources. |
+ | | to perform a more serious | |
+ | | attack. | |
+ +--------+------------------------------+-----------------------------------+
+
+Threats and Mitigations
+=======================
+
+Threat naming convention key
+
+- SC – Supply Chain
+
+- SRC – Source
+
+- DEP – Dependency
+
+- TOOL – Toolchain
+
+- REPO – Repository
+
+- MAIN – Maintainer
+
+- CONT – Contributor
+
+ +---------------------------------------------------------------------------+
+ | Threat: TFA-SC-SRC-MAIN-01 |
+ +=============+=============================================================+
+ | Description | An attacker can submit and merge malicious code by posing |
+ | | as a maintainer after compromising maintainers’ |
+ | | credentials. |
+ +-------------+-------------------------------------------------------------+
+ | Impact | HIGH |
+ +-------------+-------------------------------------------------------------+
+ | Likelihood | MEDIUM |
+ +-------------+-------------------------------------------------------------+
+ | Threat and | | In the TF-A code review process all submitted changes |
+ | impact | undergo review by a code owner and a maintainer. If the |
+ | | change is accepted, it will be merged (integrated) into  |
+ | | an integration branch by a maintainer. A maintainer has |
+ | | the right to give a code owner review, a maintainer |
+ | | review and merge the submitted change.  |
+ | | |
+ | | | tf.org users (including maintainers) are authenticated |
+ | | through GitHub. The likelihood of a credential compromise |
+ | | depends on multiple factors. The authentication mechanism |
+ | | of GitHub is strong if the recommended best practices are |
+ | | followed [9]_ making credential compromise unlikely. |
+ | | GitHub (therefore tf.org) allows logins with two-factor |
+ | | authentication, requiring both a password and access to |
+ | | the user's authentication code. Depending on the strength |
+ | | of the password and factors such as whether the |
+ | | maintainer reuses passwords across services, the |
+ | | likelihood of a compromise can be higher. |
+ | | |
+ | | | If an attacker manages to compromise a maintainer’s |
+ | | credentials, posing as the maintainer, they can in theory |
+ | | submit a malicious change (as a maintainer or as a |
+ | | contributor), give all the necessary reviews and merge |
+ | | the change. |
+ +-------------+-------------------------------------------------------------+
+ | Mitigations | | - Enforce best practices recommended by GitHub [9]_ |
+ | | |
+ | | | - Not allowing a committer to both self-review and merge |
+ | | patches they have submitted. To achieve the commit the |
+ | | attacker would be required to compromise at least two |
+ | | credentials (reviewers and maintainer). |
+ +-------------+-------------------------------------------------------------+
+ | Mitigations | We have not disallowed self-review/merge of patches |
+ | implemented?| |
+ +-------------+-------------------------------------------------------------+
+
+ +---------------------------------------------------------------------------+
+ | Threat: TFA-SC-SRC-MAIN-02 |
+ +=============+=============================================================+
+ | Description | An attacker can submit and merge malicious code after |
+ | | becoming a maintainer through social engineering |
+ | | techniques. |
+ +-------------+-------------------------------------------------------------+
+ | Impact | HIGH |
+ +-------------+-------------------------------------------------------------+
+ | Likelihood | LOW |
+ +-------------+-------------------------------------------------------------+
+ | Threat and | | According to the TF project maintenance process [10]_, |
+ | impact | maintainers of TF-A are selected by their peers based on |
+ | | merit. Some of the criteria of becoming a maintainer |
+ | | include being an active member of the project for a |
+ | | minimum duration and contributing a substantial number of |
+ | | non-trivial and high-quality patches. However, there are |
+ | | some weaknesses in the process: |
+ | | |
+ | | | - There is no structured mechanism to establish trust |
+ | | with a maintainer other than the recommendations by |
+ | | peers |
+ | | | - There is no continuous monitoring of the status of a |
+ | | maintainer (e.g. maintainer can move from one |
+ | | organization to another) |
+ | | |
+ | | | To perform such an attack, in addition to becoming a |
+ | | maintainer, an attacker also must deal with all |
+ | | restrictions put on maintainers. |
+ +-------------+-------------------------------------------------------------+
+ | Mitigations | | - Structured mechanism to establish trust with |
+ | | maintainers |
+ | | |
+ | | | - Not allowing a committer to both self-review and merge |
+ | | patches they have submitted. To achieve the commit the |
+ | | attacker would be required to compromise at least two |
+ | | credentials (reviewers and maintainer). |
+ +-------------+-------------------------------------------------------------+
+ | Mitigations | There is a structured mechanism to establish trust with |
+ | implemented?| maintainers, but self-review/merge of patches is not |
+ | | disallowed |
+ +-------------+-------------------------------------------------------------+
+
+ +---------------------------------------------------------------------------+
+ | Threat: TFA-SC-SRC-CONT-01 |
+ +=============+=============================================================+
+ | Description | An attacker can submit malicious code patch as a |
+ | | contributor. |
+ +-------------+-------------------------------------------------------------+
+ | Impact | HIGH |
+ +-------------+-------------------------------------------------------------+
+ | Likelihood | LOW |
+ +-------------+-------------------------------------------------------------+
+ | Threat and | | TF-A accepts external contributions to both the generic |
+ | impact | and platform code. Unlike maintainers, contributors do |
+ | | not have maintainer review or merging privileges, |
+ | | therefore the likelihood of injecting malicious code as a |
+ | | contributor is lower. However, even though unlikely, it |
+ | | is still possible for a malicious commit to go unnoticed |
+ | | through the code review and verification processes. |
+ | | |
+ | | | If successful, the impact can range from low to high |
+ | | depending on the injected code. For example, an attacker |
+ | | can potentially deliberately insert a memory corruption |
+ | | vulnerability that is hard to notice on code review and |
+ | | will not be detected by the verification process. This |
+ | | vulnerability by itself may have a low impact but can |
+ | | have a major impact if used in combination with other |
+ | | vulnerabilities. |
+ +-------------+-------------------------------------------------------------+
+ | Proposed | - Code review and verification |
+ | Mitigations | - Static analysis to try to pick up issues that typically |
+ | | end in some form of attack vector |
+ +-------------+-------------------------------------------------------------+
+ | Mitigations | Yes, contributions go through the thorough review, |
+ | implemented?| verification, and static analysis process automated through |
+ | | CI |
+ +-------------+-------------------------------------------------------------+
+
+ +---------------------------------------------------------------------------+
+ | Threat: TFA-SC-DEP-01 |
+ +=============+=============================================================+
+ | Description | An attacker can inject malicious code into TF-A internal |
+ | | dependencies. |
+ +-------------+-------------------------------------------------------------+
+ | Impact | HIGH |
+ +-------------+-------------------------------------------------------------+
+ | Likelihood | LOW |
+ +-------------+-------------------------------------------------------------+
+ | Threat and | | TF-A has two types of dependencies: those that are copied |
+ | impact | into the TF-A repository and shipped as part of TF-A code |
+ | | (referred to as *internal dependencies* here) and those |
+ | | that are downloaded from external repositories and used |
+ | | when building TF-A (referred to as |
+ | | *external dependencies* here).  |
+ | | |
+ | | | Currently TF-A has three internal dependencies: *libfdt* |
+ | | [1]_, *zlib* [2]_ and *compiler-rt* [3]_ libraries. These |
+ | | libraries are periodically updated by copying them from |
+ | | their source repositories. Although unlikely, it is |
+ | | possible for a contributor to copy the libraries from the |
+ | | wrong (and potentially malicious) repositories. For |
+ | | example, there are already multiple forks of *libfdt* |
+ | | (DTC) on GitHub. In addition to this, the official |
+ | | repositories are not immune to threats described above |
+ | | (TFA-SC-SRC-MAIN-01, TFA-SC-SRC-MAIN-02 and |
+ | | TFA-SC-SRC-CONT-01). |
+ | | |
+ | | | The likelihood of an attack on TF-A through internal |
+ | | dependencies is lower than external dependencies for the |
+ | | following reasons:  |
+ | | |
+ | | | - Internal dependencies go through the normal code review |
+ | | process during upgrade |
+ | | | - Once upgraded internal dependencies stay unchanged |
+ | | until the next upgrade. The upgrade window is typically |
+ | | long (for example *libfdt* has only changed 4 times |
+ | | over the past 4 years). This reduces the window of |
+ | | opportunity for an attacker to inject malicious code |
+ | | into the dependencies |
+ +-------------+-------------------------------------------------------------+
+ | Proposed | - Explicitly document versions and official sources of |
+ | Mitigations | dependencies |
+ | | - Keep a copy of a pinned version of the source code inside |
+ | | the TF-A tree so that the risk of getting malicious code |
+ | | from dependencies only arises when we upgrade them |
+ | | - Monitor alerts for vulnerable dependencies from GitHub |
+ | | [11]_ |
+ +-------------+-------------------------------------------------------------+
+ | Mitigations | Yes, we explicitly document versions and official sources |
+ | implemented?| of dependencies, keep a copy of pinned versions of the |
+ | | source code, and monitor alerts for vulnerable dependencies |
+ | | for Python and Node.js, but we aren't able to do this for C |
+ | | dependencies |
+ +-------------+-------------------------------------------------------------+
+
+ +---------------------------------------------------------------------------+
+ | Threat: TFA-SC-DEP-02 |
+ +=============+=============================================================+
+ | Description | An attacker can inject malicious code into TF-A external |
+ | | dependencies. |
+ +-------------+-------------------------------------------------------------+
+ | Impact | HIGH |
+ +-------------+-------------------------------------------------------------+
+ | Likelihood | MEDIUM |
+ +-------------+-------------------------------------------------------------+
+ | Threat and | | Unlike internal dependencies, external dependencies are |
+ | impact | downloaded from external repositories by end-users. |
+ | | Although the TF-A documentation provides information |
+ | | about the versions of dependencies used for testing and |
+ | | links to repositories, it is up to the end-user to decide |
+ | | where to get the dependencies from. As such, the |
+ | | likelihood of an attack through an external dependency is |
+ | | higher compared to an internal dependency. |
+ | | |
+ | | | The impact of an attack ranges from low to critical |
+ | | depending on which dependency and what part of the |
+ | | dependency is affected. For example, a malicious code |
+ | | that affects the signature verification functions in |
+ | | MbedTLS is considered critical as it can be used to |
+ | | bypass the TBB process of TF-A. |
+ +-------------+-------------------------------------------------------------+
+ | Proposed | - Explicitly document versions and official sources of |
+ | Mitigations | dependencies |
+ | | - Provide scripts and build options to automatically fetch |
+ | | the latest stable release of external dependencies |
+ +-------------+-------------------------------------------------------------+
+ | Mitigations | We explicitly document versions and official sources of |
+ | implemented?| dependencies, but do not yet provide scripts and build |
+ | | options to automatically fetch the latest stable release of |
+ | | external dependencies |
+ +-------------+-------------------------------------------------------------+
+
+ +---------------------------------------------------------------------------+
+ | Threat: TFA-SC-REPO-01 |
+ +=============+=============================================================+
+ | Description | An attacker can upload malicious versions of TF-A by |
+ | | compromising credentials of administrator accounts on |
+ | | tf.org or GitHub. |
+ +-------------+-------------------------------------------------------------+
+ | Impact | HIGH |
+ +-------------+-------------------------------------------------------------+
+ | Likelihood | LOW |
+ +-------------+-------------------------------------------------------------+
+ | Threat and | | This attack is like TFA-SC-SRC-MAIN-01, but the |
+ | impact | likelihood and impact of the two attacks are different. |
+ | | |
+ | | | The likelihood of compromising administrator credentials |
+ | | is lower than that of a maintainer’s (assuming both use |
+ | | authentication methods of similar strength) as there are |
+ | | smaller number of administrators than maintainers. On the |
+ | | other hand, the impact is higher since an administrator |
+ | | has more privileges than a maintainer: |
+ | | |
+ | | | - An administrator can upload a malicious TF-A |
+ | | contribution unnoticed by other reviewers |
+ | | - An administrator can potentially rewrite the history of |
+ | | the repository to evade detection |
+ +-------------+-------------------------------------------------------------+
+ | Proposed | Strong authentication (Follow best practices recommended by |
+ | Mitigations | GitHub [9]_) |
+ +-------------+-------------------------------------------------------------+
+ | Mitigations | Yes, strong authentication is implemented through |
+ | implemented?| recommended best practices |
+ +-------------+-------------------------------------------------------------+
+
+ +---------------------------------------------------------------------------+
+ | Threat: TFA-SC-REPO-02 |
+ +=============+=============================================================+
+ | Description | An attacker can upload malicious versions of TF-A after |
+ | | getting write access to the repository by exploiting a |
+ | | vulnerability on tf.org or GitHub. |
+ +-------------+-------------------------------------------------------------+
+ | Impact | HIGH |
+ +-------------+-------------------------------------------------------------+
+ | Likelihood | LOW |
+ +-------------+-------------------------------------------------------------+
+ | Threat and | | There are no reports of someone exploiting a |
+ | impact | vulnerability on GitHub or tf.org to upload malicious |
+ | | contributions. However, there are examples of |
+ | | vulnerabilities that allowed arbitrary code execution on |
+ | | popular hosting services [12]_. Such vulnerabilities can |
+ | | potentially be used to upload malicious packages. In |
+ | | addition to being hard to exploit, vulnerabilities on |
+ | | popular hosting sites such as GitHub are typically |
+ | | detected quickly, making the window of opportunity for |
+ | | such attack small. |
+ +-------------+-------------------------------------------------------------+
+ | Proposed | - Monitor alerts of any vulnerabilities that might affect |
+ | Mitigations | TF-A repository |
+ | | - Ensure tf.org is up to date with latest security patches |
+ +-------------+-------------------------------------------------------------+
+ | Mitigations | Yes, alerts of vulnerabilities are monitored and tf.org is |
+ | implemented?| ensured to be up to date with the latest security patches |
+ +-------------+-------------------------------------------------------------+
+
+ +---------------------------------------------------------------------------+
+ | Threat: TFA-SC-REPO-03 |
+ +=============+=============================================================+
+ | Description | An attacker can host a malicious version of TF-A on an |
+ | | attacker-controlled repository, and trick end-users into |
+ | | downloading from that repository. |
+ +-------------+-------------------------------------------------------------+
+ | Impact | HIGH |
+ +-------------+-------------------------------------------------------------+
+ | Likelihood | MEDIUM |
+ +-------------+-------------------------------------------------------------+
+ | Threat and | | It is not difficult for an attacker to create a website |
+ | impact | with a similar domain name and look as tf.org (website |
+ | | spoofing) and host a malicious TF-A source repository. |
+ | | Similarly, an attacker can create a mirror of the TF-A |
+ | | repository on GitHub with malicious code in it. However, |
+ | | for this attack to succeed the attacker needs to trick |
+ | | the end-user into using the attacker-controlled |
+ | | repositories. |
+ +-------------+-------------------------------------------------------------+
+ | Proposed | - Users should carefully check the URL of the website |
+ | Mitigations | before visiting it and the URL of the repository before |
+ | | checking it out |
+ | | - Accept reports of spoofing attacks on tf.org and |
+ | | broadcast a warning to partners |
+ +-------------+-------------------------------------------------------------+
+ | Mitigations | We accept reports of spoofing attacks on tf.org and will |
+ | implemented?| broadcast a warning to partners |
+ +-------------+-------------------------------------------------------------+
+
+ +---------------------------------------------------------------------------+
+ | Threat: TFA-SC-TOOL-01 |
+ +=============+=============================================================+
+ | Description | Malicious code can be injected at build time through |
+ | | malicious tools. |
+ +-------------+-------------------------------------------------------------+
+ | Impact | HIGH |
+ +-------------+-------------------------------------------------------------+
+ | Likelihood | LOW |
+ +-------------+-------------------------------------------------------------+
+ | Threat and | | End-users of TF-A use make (or cmake), compilers and |
+ | impact | linkers (armgcc, armclang or LLVM) to build TF-A |
+ | | binaries. Although TF-A documentation specifies versions |
+ | | and official sources of tools used to build TF-A, users |
+ | | can potentially be tricked into using unofficial, |
+ | | malicious toolchains. Similar attacks have been used in |
+ | | the past to inject malicious code into final products |
+ | | [13]_. |
+ +-------------+-------------------------------------------------------------+
+ | Proposed | - Explicitly document versions and official sources of |
+ | Mitigations | toolchains |
+ | | - Provide scripts to automatically fetch the latest stable |
+ | | release of toolchains |
+ +-------------+-------------------------------------------------------------+
+ | Mitigations | We explicitly document versions and official sources of |
+ | implemented?| toolchains, but have not yet provided scripts to |
+ | | automatically fetch the latest stable release of toolchains |
+ +-------------+-------------------------------------------------------------+
+
+ +---------------------------------------------------------------------------+
+ | Threat: TFA-SC-TOOL-02 |
+ +=============+=============================================================+
+ | Description | Malicious code can be executed by developer’s tools at |
+ | | installation time through malicious Node.js dependencies. |
+ +-------------+-------------------------------------------------------------+
+ | Impact | HIGH |
+ +-------------+-------------------------------------------------------------+
+ | Likelihood | LOW |
+ +-------------+-------------------------------------------------------------+
+ | Threat and | | Users of the Node.js tools, including the CI, may be |
+ | impact | exposed to malicious dependencies that have been missed |
+ | | by the Node.js dependency auditor. Users of these tools |
+ | | could potentially be executing malicious code when using |
+ | | these tools, which could potentially allow a malicious |
+ | | actor to make silent modifications to the repository or |
+ | | enable retrieval of user credentials. |
+ | | |
+ | | | If successful, the impact can range from low to high |
+ | | depending on the user's credentials. If the user is an |
+ | | administrator, this could imply TFA-SC-REPO-01. |
+ +-------------+-------------------------------------------------------------+
+ | Proposed | - Limit Node.js tools to a minimal set of trusted packages |
+ | Mitigations | - Pin Node.js packages to known versions |
+ | | - Update dependencies for which Node.js’s auditor reports |
+ | | known CVEs |
+ | | - Execute Node.js tools in the CI only from within a |
+ | | trusted container |
+ +-------------+-------------------------------------------------------------+
+ | Mitigations | Yes, Node.js tools are limited to a minimal set of trusted |
+ | implemented?| packages, packages are pinned to known versions, |
+ | | dependencies are updated when there are known CVEs |
+ | | reported, and Node.js tools are only executed within a |
+ | | trusted container in CI |
+ +-------------+-------------------------------------------------------------+
+
+Appendix A
+**********
+
+Summary of trustedfirmware.org security:
+
+.. table:: Table 2: Security information of trustedfirmware.org
+
+ +------------+--------------------+--------------------+--------------------+
+ | Software/ | Source and | Credential and | Security incident |
+ | System | integrity | permission | response plan |
+ | | | management | |
+ +============+====================+====================+====================+
+ | Jenkins | - Jenkins is built | - Use oauth from | - Monitor CVE’s |
+ | (including | using Dockerfile | Github only | and update |
+ | plugins) | which is based | - The password | Jenkins LTS on a |
+ | | on the official | strength follows | monthly cycle |
+ | | Jenkins docker | Github policy | - Keep plugins up- |
+ | | image | - Do not enforce | to-date. But it |
+ | | - Jenkins plugins | using two-factor | is up to the |
+ | | are built using | authentication | plugin owner to |
+ | | the official | - Jenkins uses | maintain said |
+ | | install- | matrix auth | plugin |
+ | | plugins.sh | which allows | |
+ | | | users to manage | |
+ | | | "job" level ACL | |
+ | | | using Jenkins | |
+ | | | Job Builder | |
+ | | | - No API token | |
+ | | | enabled | |
+ | | | - Jenkins uses the | |
+ | | | inbuilt | |
+ | | | credential store | |
+ | | | where we store | |
+ | | | credentials for | |
+ | | | LAVA, Jenkins | |
+ | | | Job Builder, | |
+ | | | DockerHub, AWS | |
+ | | | and Gerrit | |
+ | | | tokens. The | |
+ | | | credentials are | |
+ | | | stored as a | |
+ | | | secret in | |
+ | | | Jenkins | |
+ | | | credential | |
+ | | | store. These | |
+ | | | credentials | |
+ | | | can be accessed | |
+ | | | via a Jenkins | |
+ | | | job, but someone | |
+ | | | would have to | |
+ | | | push a Jenkins | |
+ | | | Job through a | |
+ | | | Gerrit review to | |
+ | | | do this. Gerrit | |
+ | | | maintains the | |
+ | | | ACL for this and | |
+ | | | only admins and | |
+ | | | project approver | |
+ | | | can +2 a review. | |
+ +------------+--------------------+--------------------+--------------------+
+ | Gerrit | - Gerrit package | - Use oauth from | - Keep plugins up- |
+ | (including | is installed | Github only | to-date. But it |
+ | plugins) | from Linaro top | - The password | is up to the |
+ | | level role, | strength follows | plugin owner to |
+ | | which has a | Github policy | maintain said |
+ | | md5sum check | - Do not enforce | plugin |
+ | | - Gerrit Plugins | using two-factor | |
+ | | are installed | authentication | |
+ | | from Ansible | - Gerrit has ACL | |
+ | | playbook, from | setup within the | |
+ | | the official | UI per-project | |
+ | | Gerrit CI. The | level | |
+ | | plugins are | - No API token | |
+ | | downloaded from | enabled | |
+ | | https://gerrit- | - A ci-bot-user | |
+ | | ci.gerritforge. | created for | |
+ | | com/ | getting comments | |
+ | | - Do not check | from Jenkins | |
+ | | md5sum for every | | |
+ | | plugin | | |
+ +------------+--------------------+--------------------+--------------------+
+ | Git | - Package is from | - All credentials | - Monitor all |
+ | | Linaro OBS (Open | use GitHub. So | CVE's and apply |
+ | | Build Service) | password | them immediately |
+ | | with a couple of | strength etc are | and keep servers |
+ | | “Linaro | based on GitHub | up-to-date |
+ | | modifications”. | policy | monthly |
+ | | (reference: | | - The security |
+ | | Ansible playbook | | incident |
+ | | and cgit repo) | | response plan is |
+ | | - No special | | working in |
+ | | integrity check | | progress |
+ +------------+--------------------+--------------------+--------------------+
+ | Mailman | - Installed from | - It has | - Plan to monitor |
+ | | Ubuntu- | administrator | the CVE’s but no |
+ | | distributed | passwords for | timetable at the |
+ | | package | the various | moment |
+ | | - No special | mailing lists | |
+ | | integrity check | - The password | |
+ | | (reply on APT | strength is not | |
+ | | security) | specified | |
+ +------------+--------------------+--------------------+--------------------+
+ | Website | The website is | There are no | - The websites |
+ | | built on the IT | credentials | themselves are |
+ | | Services' CI/CD | associated with | static files |
+ | | server, | the website | hosted on AWS S3 |
+ | | bamboo.linaro.org, | itself. Any | and cached by |
+ | | from a Jekyll git | permissions | AWS CloudFront |
+ | | repository stored | required by bamboo | - The software |
+ | | on GitHub | to carry out its | used to build |
+ | | | tasks are provided | the website is |
+ | | | through AWS | all open source |
+ | | | instance role | and Linaro |
+ | | | permissions | occasionally |
+ | | | | gets reports |
+ | | | | from GitHub when |
+ | | | | an issue is |
+ | | | | detected. Apply |
+ | | | | a fix if it is |
+ | | | | available. This |
+ | | | | includes any |
+ | | | | Javascript |
+ | | | | frameworks that |
+ | | | | might be used |
+ | | | | within the web |
+ | | | | pages |
+ +------------+--------------------+--------------------+--------------------+
+ | ReadTheDocs| - One webhook ID | - One TF-A account | - Keep database |
+ | | per project is | with password | access list up |
+ | | used by TF CI | stored in | to date |
+ | | for building | engineering | - Monitor security |
+ | | documentation | password | advisories |
+ | | hosted by | database is used | |
+ | | ReadTheDocs | to manage | |
+ | | - Secret token | documentation | |
+ | | supplied as part | - Access request | |
+ | | of the webhook | is required | |
+ | | post build | for database | |
+ | | - Updated content | access | |
+ | | goes live | - Token for | |
+ | | automatically | Jenkins webhook | |
+ | | | for CI uses | |
+ | | | secret | |
+ | | | credential | |
+ | | | storage in | |
+ | | | internal Jenkins | |
+ | | | and viewable | |
+ | | | only through | |
+ | | | ReadTheDocs | |
+ | | | admin page | |
+ +------------+--------------------+--------------------+--------------------+
+
+References
+**********
+
+.. [1] https://git.kernel.org/pub/scm/utils/dtc/dtc.git
+.. [2] http://zlib.net/
+.. [3] https://compiler-rt.llvm.org/
+.. [4] https://tls.mbed.org/
+.. [5] https://www.openssl.org/
+.. [6] https://github.com/ARM-software/SCP-firmware
+.. [7] https://github.com/tianocore/edk2
+.. [8] https://downloads.trustedfirmware.org/tf-a/
+.. [9] https://docs.github.com/en/github/authenticating-to-github/creating-a-strong-password
+.. [10] https://trustedfirmware-a.readthedocs.io/en/latest/process/maintenance.html#how-to-become-a-maintainer
+.. [11] https://docs.github.com/en/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies
+.. [12] "Backstabber’s Knife Collection: A Review of Open Source Software Supply Chain Attacks"
+.. [13] https://www.wired.com/story/supply-chain-hackers-videogames-asus-ccleaner/
+
+*Copyright (c) 2024, Arm Limited. All rights reserved.*
+
+.. |TF-A System Diagram| image:: ../resources/diagrams/tf-a_system_diagram.png
+.. |TF-A Data Flow Diagram| image:: ../resources/diagrams/tf-a_data_flow_diagram.png
+.. |TF-A Attack Tree| image:: ../resources/diagrams/tf-a_attack_tree.png
diff --git a/drivers/arm/css/scmi/scmi_common.c b/drivers/arm/css/scmi/scmi_common.c
index ec749fb..ca855fe 100644
--- a/drivers/arm/css/scmi/scmi_common.c
+++ b/drivers/arm/css/scmi/scmi_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -9,6 +9,7 @@
#include <arch_helpers.h>
#include <common/debug.h>
#include <drivers/arm/css/scmi.h>
+#include <drivers/delay_timer.h>
#include "scmi_private.h"
@@ -60,8 +61,10 @@
dmbsy();
/* Wait for channel to be free */
- while (!SCMI_IS_CHANNEL_FREE(mbx_mem->status))
- ;
+ while (!SCMI_IS_CHANNEL_FREE(mbx_mem->status)) {
+ if (ch->info->delay != 0)
+ udelay(ch->info->delay);
+ }
/*
* Ensure that any read to the SCMI payload area is done after reading
diff --git a/drivers/arm/css/scp/css_sds.c b/drivers/arm/css/scp/css_sds.c
index e42ee10..d9965c6 100644
--- a/drivers/arm/css/scp/css_sds.c
+++ b/drivers/arm/css/scp/css_sds.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -20,7 +20,7 @@
int ret;
unsigned int image_offset, image_flags;
- ret = sds_init();
+ ret = sds_init(SDS_SCP_AP_REGION_ID);
if (ret != SDS_OK) {
ERROR("SCP SDS initialization failed\n");
panic();
@@ -28,13 +28,15 @@
VERBOSE("Writing SCP image metadata\n");
image_offset = (uintptr_t) image - ARM_TRUSTED_SRAM_BASE;
- ret = sds_struct_write(SDS_SCP_IMG_STRUCT_ID, SDS_SCP_IMG_ADDR_OFFSET,
+ ret = sds_struct_write(SDS_SCP_AP_REGION_ID,
+ SDS_SCP_IMG_STRUCT_ID, SDS_SCP_IMG_ADDR_OFFSET,
&image_offset, SDS_SCP_IMG_ADDR_SIZE,
SDS_ACCESS_MODE_NON_CACHED);
if (ret != SDS_OK)
goto sds_fail;
- ret = sds_struct_write(SDS_SCP_IMG_STRUCT_ID, SDS_SCP_IMG_SIZE_OFFSET,
+ ret = sds_struct_write(SDS_SCP_AP_REGION_ID,
+ SDS_SCP_IMG_STRUCT_ID, SDS_SCP_IMG_SIZE_OFFSET,
&image_size, SDS_SCP_IMG_SIZE_SIZE,
SDS_ACCESS_MODE_NON_CACHED);
if (ret != SDS_OK)
@@ -42,7 +44,8 @@
VERBOSE("Marking SCP image metadata as valid\n");
image_flags = SDS_SCP_IMG_VALID_FLAG_BIT;
- ret = sds_struct_write(SDS_SCP_IMG_STRUCT_ID, SDS_SCP_IMG_FLAG_OFFSET,
+ ret = sds_struct_write(SDS_SCP_AP_REGION_ID,
+ SDS_SCP_IMG_STRUCT_ID, SDS_SCP_IMG_FLAG_OFFSET,
&image_flags, SDS_SCP_IMG_FLAG_SIZE,
SDS_ACCESS_MODE_NON_CACHED);
if (ret != SDS_OK)
@@ -68,7 +71,8 @@
/* Wait for the SCP RAM Firmware to complete its initialization process */
while (retry > 0) {
- ret = sds_struct_read(SDS_FEATURE_AVAIL_STRUCT_ID, 0,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ SDS_FEATURE_AVAIL_STRUCT_ID, 0,
&scp_feature_availability_flags,
SDS_FEATURE_AVAIL_SIZE,
SDS_ACCESS_MODE_NON_CACHED);
diff --git a/drivers/arm/css/sds/sds.c b/drivers/arm/css/sds/sds.c
index 1fb196c..a5e6389 100644
--- a/drivers/arm/css/sds/sds.c
+++ b/drivers/arm/css/sds/sds.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -15,40 +15,39 @@
#include "sds_private.h"
-/*
- * Variables used to track and maintain the state of the memory region reserved
- * for usage by the SDS framework.
- */
+/* Array of SDS memory region descriptions */
+static sds_region_desc_t *sds_regions;
-/* Pointer to the base of the SDS memory region */
-static uintptr_t sds_mem_base;
-
-/* Size of the SDS memory region in bytes */
-static size_t sds_mem_size;
+/* Total count of SDS memory regions */
+static unsigned int sds_region_cnt;
/*
* Perform some non-exhaustive tests to determine whether any of the fields
* within a Structure Header contain obviously invalid data.
* Returns SDS_OK on success, SDS_ERR_FAIL on error.
*/
-static int sds_struct_is_valid(uintptr_t header)
+static int sds_struct_is_valid(unsigned int region_id, uintptr_t header)
{
size_t struct_size = GET_SDS_HEADER_STRUCT_SIZE(header);
/* Zero is not a valid identifier */
- if (GET_SDS_HEADER_ID(header) == 0)
+ if (GET_SDS_HEADER_ID(header) == 0) {
return SDS_ERR_FAIL;
+ }
/* Check SDS Schema version */
- if (GET_SDS_HEADER_VERSION(header) == SDS_REGION_SCH_VERSION)
+ if (GET_SDS_HEADER_VERSION(header) == SDS_REGION_SCH_VERSION) {
return SDS_ERR_FAIL;
+ }
/* The SDS Structure sizes have to be multiple of 8 */
- if ((struct_size == 0) || ((struct_size % 8) != 0))
+ if ((struct_size == 0) || ((struct_size % 8) != 0)) {
return SDS_ERR_FAIL;
+ }
- if (struct_size > sds_mem_size)
+ if (struct_size > sds_regions[region_id].size) {
return SDS_ERR_FAIL;
+ }
return SDS_OK;
}
@@ -57,10 +56,11 @@
* Validate the SDS structure headers.
* Returns SDS_OK on success, SDS_ERR_FAIL on error.
*/
-static int validate_sds_struct_headers(void)
+static int validate_sds_struct_headers(unsigned int region_id)
{
unsigned int i, structure_count;
uintptr_t header;
+ uintptr_t sds_mem_base = sds_regions[region_id].base;
structure_count = GET_SDS_REGION_STRUCTURE_COUNT(sds_mem_base);
@@ -71,7 +71,7 @@
/* Iterate over structure headers and validate each one */
for (i = 0; i < structure_count; i++) {
- if (sds_struct_is_valid(header) != SDS_OK) {
+ if (sds_struct_is_valid(region_id, header) != SDS_OK) {
WARN("SDS: Invalid structure header detected\n");
return SDS_ERR_FAIL;
}
@@ -84,10 +84,12 @@
* Get the structure header pointer corresponding to the structure ID.
* Returns SDS_OK on success, SDS_ERR_STRUCT_NOT_FOUND on error.
*/
-static int get_struct_header(uint32_t structure_id, struct_header_t **header)
+static int get_struct_header(unsigned int region_id, uint32_t structure_id,
+ struct_header_t **header)
{
unsigned int i, structure_count;
uintptr_t current_header;
+ uintptr_t sds_mem_base = sds_regions[region_id].base;
assert(header);
@@ -116,12 +118,14 @@
* Returns SDS_OK if structure header exists else SDS_ERR_STRUCT_NOT_FOUND
* if not found.
*/
-int sds_struct_exists(unsigned int structure_id)
+int sds_struct_exists(unsigned int region_id, unsigned int structure_id)
{
struct_header_t *header = NULL;
int ret;
- ret = get_struct_header(structure_id, &header);
+ assert(region_id < sds_region_cnt);
+
+ ret = get_struct_header(region_id, structure_id, &header);
if (ret == SDS_OK) {
assert(header);
}
@@ -136,18 +140,21 @@
* The `data` is the pointer to store the read data of size specified by `size`.
* Returns SDS_OK on success or corresponding error codes on failure.
*/
-int sds_struct_read(uint32_t structure_id, unsigned int fld_off,
- void *data, size_t size, sds_access_mode_t mode)
+int sds_struct_read(unsigned int region_id, uint32_t structure_id,
+ unsigned int fld_off, void *data, size_t size,
+ sds_access_mode_t mode)
{
int status;
uintptr_t field_base;
struct_header_t *header = NULL;
+ assert(region_id < sds_region_cnt);
+
if (!data)
return SDS_ERR_INVALID_PARAMS;
/* Check if a structure with this ID exists */
- status = get_struct_header(structure_id, &header);
+ status = get_struct_header(region_id, structure_id, &header);
if (status != SDS_OK)
return status;
@@ -182,18 +189,21 @@
* The `data` is the pointer to data of size specified by `size`.
* Returns SDS_OK on success or corresponding error codes on failure.
*/
-int sds_struct_write(uint32_t structure_id, unsigned int fld_off,
- void *data, size_t size, sds_access_mode_t mode)
+int sds_struct_write(unsigned int region_id, uint32_t structure_id,
+ unsigned int fld_off, void *data, size_t size,
+ sds_access_mode_t mode)
{
int status;
uintptr_t field_base;
struct_header_t *header = NULL;
+ assert(region_id < sds_region_cnt);
+
if (!data)
return SDS_ERR_INVALID_PARAMS;
/* Check if a structure with this ID exists */
- status = get_struct_header(structure_id, &header);
+ status = get_struct_header(region_id, structure_id, &header);
if (status != SDS_OK)
return status;
@@ -226,12 +236,18 @@
/*
* Initialize the SDS driver. Also verifies the SDS version and sanity of
- * the SDS structure headers.
+ * the SDS structure headers in the given SDS region.
* Returns SDS_OK on success, SDS_ERR_FAIL on error.
*/
-int sds_init(void)
+int sds_init(unsigned int region_id)
{
- sds_mem_base = (uintptr_t)PLAT_ARM_SDS_MEM_BASE;
+ if (sds_regions == NULL) {
+ sds_regions = plat_sds_get_regions(&sds_region_cnt);
+ }
+
+ assert(region_id < sds_region_cnt);
+
+ uintptr_t sds_mem_base = sds_regions[region_id].base;
if (!IS_SDS_REGION_VALID(sds_mem_base)) {
WARN("SDS: No valid SDS Memory Region found\n");
@@ -244,15 +260,16 @@
return SDS_ERR_FAIL;
}
- sds_mem_size = GET_SDS_REGION_SIZE(sds_mem_base);
- if (sds_mem_size > PLAT_ARM_SDS_MEM_SIZE_MAX) {
+ sds_regions[region_id].size = GET_SDS_REGION_SIZE(sds_mem_base);
+ if (sds_regions[region_id].size > PLAT_ARM_SDS_MEM_SIZE_MAX) {
WARN("SDS: SDS Memory Region exceeds size limit\n");
return SDS_ERR_FAIL;
}
- INFO("SDS: Detected SDS Memory Region (%zu bytes)\n", sds_mem_size);
+ INFO("SDS: Detected SDS Memory Region (%zu bytes)\n",
+ sds_regions[region_id].size);
- if (validate_sds_struct_headers() != SDS_OK)
+ if (validate_sds_struct_headers(region_id) != SDS_OK)
return SDS_ERR_FAIL;
return SDS_OK;
diff --git a/drivers/arm/gic/v3/gicv3_main.c b/drivers/arm/gic/v3/gicv3_main.c
index 3c99517..3190f66 100644
--- a/drivers/arm/gic/v3/gicv3_main.c
+++ b/drivers/arm/gic/v3/gicv3_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
* Copyright (c) 2023, NVIDIA Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -34,8 +34,8 @@
#pragma weak gicv3_rdistif_off
#pragma weak gicv3_rdistif_on
-/* Check interrupt ID for SGI/(E)PPI and (E)SPIs */
-static bool is_sgi_ppi(unsigned int id);
+/* Check for valid SGI/PPI or SPI interrupt ID */
+static bool is_valid_interrupt(unsigned int id);
/*
* Helper macros to save and restore GICR and GICD registers
@@ -447,8 +447,12 @@
return INTR_GROUP1NS;
}
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
+
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* SGIs: 0-15, PPIs: 16-31, EPPIs: 1056-1119 */
assert(gicv3_driver_data->rdistif_base_addrs != NULL);
gicr_base = gicv3_driver_data->rdistif_base_addrs[proc_num];
@@ -942,8 +946,11 @@
assert(proc_num < gicv3_driver_data->rdistif_num);
assert(gicv3_driver_data->rdistif_base_addrs != NULL);
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* For SGIs: 0-15, PPIs: 16-31 and EPPIs: 1056-1119 */
return gicr_get_isactiver(
gicv3_driver_data->rdistif_base_addrs[proc_num], id);
@@ -973,9 +980,11 @@
* interrupt trigger are observed before enabling interrupt.
*/
dsbishst();
-
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* For SGIs: 0-15, PPIs: 16-31 and EPPIs: 1056-1119 */
gicr_set_isenabler(
gicv3_driver_data->rdistif_base_addrs[proc_num], id);
@@ -1004,9 +1013,11 @@
* Disable interrupt, and ensure that any shared variable updates
* depending on out of band interrupt trigger are observed afterwards.
*/
-
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* For SGIs: 0-15, PPIs: 16-31 and EPPIs: 1056-1119 */
gicr_set_icenabler(
gicv3_driver_data->rdistif_base_addrs[proc_num], id);
@@ -1041,8 +1052,11 @@
assert(proc_num < gicv3_driver_data->rdistif_num);
assert(gicv3_driver_data->rdistif_base_addrs != NULL);
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* For SGIs: 0-15, PPIs: 16-31 and EPPIs: 1056-1119 */
gicr_base = gicv3_driver_data->rdistif_base_addrs[proc_num];
gicr_set_ipriorityr(gicr_base, id, priority);
@@ -1088,8 +1102,11 @@
break;
}
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* For SGIs: 0-15, PPIs: 16-31 and EPPIs: 1056-1119 */
gicr_base = gicv3_driver_data->rdistif_base_addrs[proc_num];
@@ -1228,12 +1245,14 @@
* Clear pending interrupt, and ensure that any shared variable updates
* depending on out of band interrupt trigger are observed afterwards.
*/
-
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* For SGIs: 0-15, PPIs: 16-31 and EPPIs: 1056-1119 */
gicr_set_icpendr(
- gicv3_driver_data->rdistif_base_addrs[proc_num], id);
+ gicv3_driver_data->rdistif_base_addrs[proc_num], id);
} else {
/* For SPIs: 32-1019 and ESPIs: 4096-5119 */
gicd_base = gicv3_get_multichip_base(id, gicv3_driver_data->gicd_base);
@@ -1263,8 +1282,12 @@
*/
dsbishst();
+ if (!is_valid_interrupt(id)) {
+ panic();
+ }
+
/* Check interrupt ID */
- if (is_sgi_ppi(id)) {
+ if (IS_SGI_PPI(id)) {
/* For SGIs: 0-15, PPIs: 16-31 and EPPIs: 1056-1119 */
gicr_set_ispendr(
gicv3_driver_data->rdistif_base_addrs[proc_num], id);
@@ -1371,21 +1394,19 @@
}
/******************************************************************************
- * This function checks the interrupt ID and returns true for SGIs and (E)PPIs
- * and false for (E)SPIs IDs.
+ * This function checks the interrupt ID and returns true for SGIs, (E)PPIs
+ * and (E)SPIs IDs. Any interrupt ID outside the range is invalid and returns
+ * false.
*****************************************************************************/
-static bool is_sgi_ppi(unsigned int id)
+static bool is_valid_interrupt(unsigned int id)
{
- /* SGIs: 0-15, PPIs: 16-31, EPPIs: 1056-1119 */
- if (IS_SGI_PPI(id)) {
+ /* Valid interrupts:
+ * SGIs: 0-15, PPIs: 16-31, EPPIs: 1056-1119
+ * SPIs: 32-1019, ESPIs: 4096-5119
+ */
+ if ((IS_SGI_PPI(id)) || (IS_SPI(id))) {
return true;
}
- /* SPIs: 32-1019, ESPIs: 4096-5119 */
- if (IS_SPI(id)) {
- return false;
- }
-
- assert(false);
- panic();
+ return false;
}
diff --git a/drivers/arm/mhu/mhu_wrapper_v2_x.c b/drivers/arm/mhu/mhu_wrapper_v2_x.c
index 60de1d3..54a5881 100644
--- a/drivers/arm/mhu/mhu_wrapper_v2_x.c
+++ b/drivers/arm/mhu/mhu_wrapper_v2_x.c
@@ -308,5 +308,10 @@
assert(num_channels != 0);
- return num_channels * sizeof(uint32_t);
+ /*
+ * Returns only usable size of memory. As one channel is specifically
+ * used to inform about the size of payload, discard it from avialable
+ * memory size.
+ */
+ return (num_channels - 1) * sizeof(uint32_t);
}
diff --git a/drivers/arm/rss/rss_comms.c b/drivers/arm/rss/rss_comms.c
index 4622af9..332105f 100644
--- a/drivers/arm/rss/rss_comms.c
+++ b/drivers/arm/rss/rss_comms.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -59,8 +59,10 @@
* messages due to ATU configuration costs to allow access to the
* pointers.
*/
- if ((comms_embed_msg_min_size + in_size_total > comms_mhu_msg_size - sizeof(uint32_t))
- || (comms_embed_reply_min_size + out_size_total > comms_mhu_msg_size) - sizeof(uint32_t)) {
+ if ((comms_embed_msg_min_size + in_size_total >
+ comms_mhu_msg_size - sizeof(uint32_t)) ||
+ (comms_embed_reply_min_size + out_size_total >
+ comms_mhu_msg_size - sizeof(uint32_t))) {
return RSS_COMMS_PROTOCOL_POINTER_ACCESS;
} else {
return RSS_COMMS_PROTOCOL_EMBED;
@@ -82,8 +84,8 @@
psa_status_t return_val;
size_t idx;
- if (type > INT16_MAX || type < INT16_MIN || in_len > PSA_MAX_IOVEC
- || out_len > PSA_MAX_IOVEC) {
+ if (type > PSA_CALL_TYPE_MAX || type < PSA_CALL_TYPE_MIN ||
+ in_len > PSA_MAX_IOVEC || out_len > PSA_MAX_IOVEC) {
return PSA_ERROR_INVALID_ARGUMENT;
}
diff --git a/drivers/arm/rss/rss_comms_protocol_common.h b/drivers/arm/rss/rss_comms_protocol_common.h
new file mode 100644
index 0000000..177d636
--- /dev/null
+++ b/drivers/arm/rss/rss_comms_protocol_common.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+/*
+ * Packing scheme of the control parameter
+ *
+ * 31 30-28 27 26-24 23-20 19 18-16 15-0
+ * +------------+-----+------+-------+-----+-------+-------+------+
+ * | | | | invec | | | outvec| type |
+ * | Res | Res | Res | number| Res | Res | number| |
+ * +------------+-----+------+-------+-----+-------+-------+------+
+ *
+ * Res: Reserved.
+ */
+
+#ifndef RSS_COMMS_PROTOCOL_COMMON
+#define RSS_COMMS_PROTOCOL_COMMON
+
+#define TYPE_OFFSET (0U)
+#define TYPE_MASK (0xFFFFUL << TYPE_OFFSET)
+#define IN_LEN_OFFSET (24U)
+#define IN_LEN_MASK (0x7UL << IN_LEN_OFFSET)
+#define OUT_LEN_OFFSET (16U)
+#define OUT_LEN_MASK (0x7UL << OUT_LEN_OFFSET)
+
+#define PARAM_PACK(type, in_len, out_len) \
+ (((((uint32_t)(type)) << TYPE_OFFSET) & TYPE_MASK) | \
+ ((((uint32_t)(in_len)) << IN_LEN_OFFSET) & IN_LEN_MASK) | \
+ ((((uint32_t)(out_len)) << OUT_LEN_OFFSET) & OUT_LEN_MASK))
+
+#endif /* RSS_COMMS_PROTOCOL_COMMON */
diff --git a/drivers/arm/rss/rss_comms_protocol_embed.c b/drivers/arm/rss/rss_comms_protocol_embed.c
index c453258..05628cc 100644
--- a/drivers/arm/rss/rss_comms_protocol_embed.c
+++ b/drivers/arm/rss/rss_comms_protocol_embed.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -9,20 +9,9 @@
#include <string.h>
#include <common/debug.h>
+#include "rss_comms_protocol_common.h"
#include "rss_comms_protocol_embed.h"
-#define TYPE_OFFSET (16U)
-#define TYPE_MASK (0xFFFFUL << TYPE_OFFSET)
-#define IN_LEN_OFFSET (8U)
-#define IN_LEN_MASK (0xFFUL << IN_LEN_OFFSET)
-#define OUT_LEN_OFFSET (0U)
-#define OUT_LEN_MASK (0xFFUL << OUT_LEN_OFFSET)
-
-#define PARAM_PACK(type, in_len, out_len) \
- (((((uint32_t)type) << TYPE_OFFSET) & TYPE_MASK) | \
- ((((uint32_t)in_len) << IN_LEN_OFFSET) & IN_LEN_MASK) | \
- ((((uint32_t)out_len) << OUT_LEN_OFFSET) & OUT_LEN_MASK))
-
psa_status_t rss_protocol_embed_serialize_msg(psa_handle_t handle,
int16_t type,
const psa_invec *in_vec,
diff --git a/drivers/arm/rss/rss_comms_protocol_pointer_access.c b/drivers/arm/rss/rss_comms_protocol_pointer_access.c
index 5007b9d..3a10a98 100644
--- a/drivers/arm/rss/rss_comms_protocol_pointer_access.c
+++ b/drivers/arm/rss/rss_comms_protocol_pointer_access.c
@@ -1,25 +1,14 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
*/
#include <assert.h>
+#include "rss_comms_protocol_common.h"
#include "rss_comms_protocol_pointer_access.h"
-#define TYPE_OFFSET (16U)
-#define TYPE_MASK (0xFFFFUL << TYPE_OFFSET)
-#define IN_LEN_OFFSET (8U)
-#define IN_LEN_MASK (0xFFUL << IN_LEN_OFFSET)
-#define OUT_LEN_OFFSET (0U)
-#define OUT_LEN_MASK (0xFFUL << OUT_LEN_OFFSET)
-
-#define PARAM_PACK(type, in_len, out_len) \
- (((((uint32_t)type) << TYPE_OFFSET) & TYPE_MASK) | \
- ((((uint32_t)in_len) << IN_LEN_OFFSET) & IN_LEN_MASK) | \
- ((((uint32_t)out_len) << OUT_LEN_OFFSET) & OUT_LEN_MASK))
-
psa_status_t rss_protocol_pointer_access_serialize_msg(psa_handle_t handle,
int16_t type,
const psa_invec *in_vec,
diff --git a/drivers/cadence/nand/cdns_nand.c b/drivers/cadence/nand/cdns_nand.c
index 5a66262..20147d0 100644
--- a/drivers/cadence/nand/cdns_nand.c
+++ b/drivers/cadence/nand/cdns_nand.c
@@ -20,8 +20,12 @@
/* NAND flash device information struct */
static cnf_dev_info_t dev_info;
-/* Scratch buffers for read and write operations */
-static uint8_t scratch_buff[PLATFORM_MTD_MAX_PAGE_SIZE];
+/*
+ * Scratch buffers for read and write operations
+ * DMA transfer of Cadence NAND expects data 8 bytes aligned
+ * to be written to register
+ */
+static uint8_t scratch_buff[PLATFORM_MTD_MAX_PAGE_SIZE] __aligned(8);
/* Wait for controller to be in idle state */
static inline void cdns_nand_wait_idle(void)
@@ -111,7 +115,8 @@
cdns_nand_wait_thread_ready(thread_id);
/* Select memory */
- mmio_write_32(CNF_CMDREG(CMD_REG4), (CNF_DEF_DEVICE << CNF_CMDREG4_MEM));
+ mmio_write_32(CNF_CMDREG(CMD_REG4),
+ (CNF_DEF_DEVICE << CNF_CMDREG4_MEM));
/* Issue reset command */
uint32_t reg = (CNF_WORK_MODE_PIO << CNF_CMDREG0_CT);
@@ -150,21 +155,19 @@
/* Async mode timing settings */
mmio_write_32(CNF_MINICTRL(ASYNC_TOGGLE_TIMINGS),
- (2 << CNF_ASYNC_TIMINGS_TRH) |
- (4 << CNF_ASYNC_TIMINGS_TRP) |
- (2 << CNF_ASYNC_TIMINGS_TWH) |
- (4 << CNF_ASYNC_TIMINGS_TWP));
+ (2 << CNF_ASYNC_TIMINGS_TRH) |
+ (4 << CNF_ASYNC_TIMINGS_TRP) |
+ (2 << CNF_ASYNC_TIMINGS_TWH) |
+ (4 << CNF_ASYNC_TIMINGS_TWP));
/* Set extended read and write mode */
reg |= (1 << CNF_DLL_PHY_EXT_RD_MODE);
reg |= (1 << CNF_DLL_PHY_EXT_WR_MODE);
/* Set operation work mode in common settings */
- uint32_t data = mmio_read_32(CNF_MINICTRL(CMN_SETTINGS));
-
- data |= (CNF_OPR_WORK_MODE_SDR << CNF_CMN_SETTINGS_OPR);
- mmio_write_32(CNF_MINICTRL(CMN_SETTINGS), data);
-
+ mmio_clrsetbits_32(CNF_MINICTRL(CMN_SETTINGS),
+ CNF_CMN_SETTINGS_OPR_MASK,
+ CNF_OPR_WORK_MODE_SDR);
} else if (opr_mode == CNF_OPR_WORK_MODE_NVDDR) {
; /* ToDo: add DDR mode settings also once available on SIMICS */
} else {
@@ -189,13 +192,13 @@
/* DMA burst select */
mmio_write_32(CNF_CTRLCFG(DMA_SETTINGS),
- (CNF_DMA_BURST_SIZE_MAX << CNF_DMA_SETTINGS_BURST) |
- (1 << CNF_DMA_SETTINGS_OTE));
+ (CNF_DMA_BURST_SIZE_MAX << CNF_DMA_SETTINGS_BURST) |
+ (1 << CNF_DMA_SETTINGS_OTE));
/* Enable pre-fetching for 1K */
mmio_write_32(CNF_CTRLCFG(FIFO_TLEVEL),
- (CNF_DMA_PREFETCH_SIZE << CNF_FIFO_TLEVEL_POS) |
- (CNF_DMA_PREFETCH_SIZE << CNF_FIFO_TLEVEL_DMA_SIZE));
+ (CNF_DMA_PREFETCH_SIZE << CNF_FIFO_TLEVEL_POS) |
+ (CNF_DMA_PREFETCH_SIZE << CNF_FIFO_TLEVEL_DMA_SIZE));
/* Select access type */
mmio_write_32(CNF_CTRLCFG(MULTIPLANE_CFG), 0);
@@ -235,12 +238,13 @@
/* Calculate block size and total device size */
dev_info.block_size = (dev_info.npages_per_block * dev_info.page_size);
- dev_info.total_size = (dev_info.block_size * dev_info.nblocks_per_lun *
- dev_info.nluns);
+ dev_info.total_size = ((unsigned long long)dev_info.block_size *
+ (unsigned long long)dev_info.nblocks_per_lun *
+ dev_info.nluns);
- VERBOSE("CNF params: page %d, spare %d, block %d, total %lld\n",
- dev_info.page_size, dev_info.spare_size,
- dev_info.block_size, dev_info.total_size);
+ VERBOSE("CNF params: page_size %d, spare_size %d, block_size %u, total_size %llu\n",
+ dev_info.page_size, dev_info.spare_size,
+ dev_info.block_size, dev_info.total_size);
return 0;
}
@@ -323,25 +327,44 @@
return 0;
}
+static uint32_t cdns_nand_get_row_address(uint32_t page, uint32_t block)
+{
+ uint32_t row_address = 0U;
+ uint32_t req_bits = 0U;
+
+ /* The device info is not populated yet. */
+ if (dev_info.npages_per_block == 0U)
+ return 0;
+
+ for (uint32_t i = 0U; i < sizeof(uint32_t) * 8; i++) {
+ if ((1U << i) & dev_info.npages_per_block)
+ req_bits = i;
+ }
+
+ row_address = ((page & GENMASK_32((req_bits - 1), 0)) |
+ (block << req_bits));
+
+ return row_address;
+}
+
/* NAND Flash page read */
static int cdns_nand_read_page(uint32_t block, uint32_t page, uintptr_t buffer)
{
+
/* Wait for thread to be ready */
cdns_nand_wait_thread_ready(CNF_DEF_TRD);
/* Select device */
mmio_write_32(CNF_CMDREG(CMD_REG4),
- (CNF_DEF_DEVICE << CNF_CMDREG4_MEM));
+ (CNF_DEF_DEVICE << CNF_CMDREG4_MEM));
/* Set host memory address for DMA transfers */
- mmio_write_32(CNF_CMDREG(CMD_REG2), (buffer & 0xFFFF));
- mmio_write_32(CNF_CMDREG(CMD_REG3), ((buffer >> 32) & 0xFFFF));
+ mmio_write_32(CNF_CMDREG(CMD_REG2), (buffer & UINT32_MAX));
+ mmio_write_32(CNF_CMDREG(CMD_REG3), ((buffer >> 32) & UINT32_MAX));
/* Set row address */
- uint32_t row_address = 0U;
-
- row_address |= ((page & 0x3F) | (block << 6));
- mmio_write_32(CNF_CMDREG(CMD_REG1), row_address);
+ mmio_write_32(CNF_CMDREG(CMD_REG1),
+ cdns_nand_get_row_address(page, block));
/* Page read command */
uint32_t reg = (CNF_WORK_MODE_PIO << CNF_CMDREG0_CT);
@@ -375,8 +398,8 @@
uint32_t page = 0U;
int result = 0;
- VERBOSE("CNF: block %u-%u, page_start %u, len %zu, offset %u\n",
- block, end_block, page_start, length, offset);
+ INFO("CNF: %s: block %u-%u, page_start %u, len %zu, offset %u\n",
+ __func__, block, end_block, page_start, length, offset);
if ((offset >= dev_info.total_size) ||
(offset + length-1 >= dev_info.total_size) ||
@@ -392,7 +415,7 @@
if ((start_offset != 0U) || (length < dev_info.page_size)) {
/* Partial page read */
result = cdns_nand_read_page(block, page,
- (uintptr_t)scratch_buff);
+ (uintptr_t)scratch_buff);
if (result != 0) {
return result;
}
diff --git a/drivers/st/bsec/bsec2.c b/drivers/st/bsec/bsec2.c
index 68d3a5b..a6e5220 100644
--- a/drivers/st/bsec/bsec2.c
+++ b/drivers/st/bsec/bsec2.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2022, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2017-2024, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -21,15 +21,26 @@
#define BSEC_IP_VERSION_2_0 U(0x20)
#define BSEC_IP_ID_2 U(0x100032)
+/*
+ * IP configuration
+ */
+#define BSEC_OTP_MASK GENMASK(4, 0)
+#define BSEC_OTP_BANK_SHIFT 5
+#define BSEC_TIMEOUT_VALUE U(0xFFFF)
+
#define OTP_ACCESS_SIZE (round_up(OTP_MAX_SIZE, __WORD_BIT) / __WORD_BIT)
-static uint32_t otp_nsec_access[OTP_ACCESS_SIZE] __unused;
+static uint32_t otp_nsec_access[OTP_ACCESS_SIZE] __maybe_unused;
+static uint32_t bsec_shadow_register(uint32_t otp);
static uint32_t bsec_power_safmem(bool power);
+static uint32_t bsec_get_version(void);
+static uint32_t bsec_get_id(void);
+static uint32_t bsec_get_status(void);
+static uint32_t bsec_read_permanent_lock(uint32_t otp, bool *value);
/* BSEC access protection */
static spinlock_t bsec_spinlock;
-static uintptr_t bsec_base;
static void bsec_lock(void)
{
@@ -47,7 +58,7 @@
static bool is_otp_invalid_mode(void)
{
- bool ret = ((bsec_get_status() & BSEC_MODE_INVALID) == BSEC_MODE_INVALID);
+ bool ret = ((bsec_get_status() & BSEC_OTP_STATUS_INVALID) == BSEC_OTP_STATUS_INVALID);
if (ret) {
ERROR("OTP mode is OTP-INVALID\n");
@@ -163,7 +174,7 @@
panic();
}
- assert(bsec_base == bsec_info.base);
+ assert(bsec_info.base == BSEC_BASE);
bsec_dt_otp_nsec_access(fdt, node);
}
@@ -177,6 +188,11 @@
sizeof(uint32_t);
}
+static uint32_t otp_bit_mask(uint32_t otp)
+{
+ return BIT(otp & BSEC_OTP_MASK);
+}
+
/*
* bsec_check_error: check BSEC error status.
* otp: OTP number.
@@ -186,10 +202,10 @@
*/
static uint32_t bsec_check_error(uint32_t otp, bool check_disturbed)
{
- uint32_t bit = BIT(otp & BSEC_OTP_MASK);
+ uint32_t bit = otp_bit_mask(otp);
uint32_t bank = otp_bank_offset(otp);
- if ((mmio_read_32(bsec_base + BSEC_ERROR_OFF + bank) & bit) != 0U) {
+ if ((mmio_read_32(BSEC_BASE + BSEC_ERROR_OFF + bank) & bit) != 0U) {
return BSEC_ERROR;
}
@@ -197,7 +213,7 @@
return BSEC_OK;
}
- if ((mmio_read_32(bsec_base + BSEC_DISTURBED_OFF + bank) & bit) != 0U) {
+ if ((mmio_read_32(BSEC_BASE + BSEC_DISTURBED_OFF + bank) & bit) != 0U) {
return BSEC_DISTURBED;
}
@@ -210,14 +226,12 @@
*/
uint32_t bsec_probe(void)
{
- bsec_base = BSEC_BASE;
-
if (is_otp_invalid_mode()) {
return BSEC_ERROR;
}
- if ((((bsec_get_version() & BSEC_IPVR_MSK) != BSEC_IP_VERSION_1_1) &&
- ((bsec_get_version() & BSEC_IPVR_MSK) != BSEC_IP_VERSION_2_0)) ||
+ if (((bsec_get_version() != BSEC_IP_VERSION_1_1) &&
+ (bsec_get_version() != BSEC_IP_VERSION_2_0)) ||
(bsec_get_id() != BSEC_IP_ID_2)) {
panic();
}
@@ -229,102 +243,11 @@
}
/*
- * bsec_get_base: return BSEC base address.
- */
-uint32_t bsec_get_base(void)
-{
- return bsec_base;
-}
-
-/*
- * bsec_set_config: enable and configure BSEC.
- * cfg: pointer to param structure used to set register.
- * return value: BSEC_OK if no error.
- */
-uint32_t bsec_set_config(struct bsec_config *cfg)
-{
- uint32_t value;
- uint32_t result;
-
- if (is_otp_invalid_mode()) {
- return BSEC_ERROR;
- }
-
- value = ((((uint32_t)cfg->freq << BSEC_CONF_FRQ_SHIFT) &
- BSEC_CONF_FRQ_MASK) |
- (((uint32_t)cfg->pulse_width << BSEC_CONF_PRG_WIDTH_SHIFT) &
- BSEC_CONF_PRG_WIDTH_MASK) |
- (((uint32_t)cfg->tread << BSEC_CONF_TREAD_SHIFT) &
- BSEC_CONF_TREAD_MASK));
-
- bsec_lock();
-
- mmio_write_32(bsec_base + BSEC_OTP_CONF_OFF, value);
-
- bsec_unlock();
-
- result = bsec_power_safmem((bool)cfg->power &
- BSEC_CONF_POWER_UP_MASK);
- if (result != BSEC_OK) {
- return result;
- }
-
- value = ((((uint32_t)cfg->upper_otp_lock << UPPER_OTP_LOCK_SHIFT) &
- UPPER_OTP_LOCK_MASK) |
- (((uint32_t)cfg->den_lock << DENREG_LOCK_SHIFT) &
- DENREG_LOCK_MASK) |
- (((uint32_t)cfg->prog_lock << GPLOCK_LOCK_SHIFT) &
- GPLOCK_LOCK_MASK));
-
- bsec_lock();
-
- mmio_write_32(bsec_base + BSEC_OTP_LOCK_OFF, value);
-
- bsec_unlock();
-
- return BSEC_OK;
-}
-
-/*
- * bsec_get_config: return config parameters set in BSEC registers.
- * cfg: config param return.
- * return value: BSEC_OK if no error.
- */
-uint32_t bsec_get_config(struct bsec_config *cfg)
-{
- uint32_t value;
-
- if (cfg == NULL) {
- return BSEC_INVALID_PARAM;
- }
-
- value = mmio_read_32(bsec_base + BSEC_OTP_CONF_OFF);
- cfg->power = (uint8_t)((value & BSEC_CONF_POWER_UP_MASK) >>
- BSEC_CONF_POWER_UP_SHIFT);
- cfg->freq = (uint8_t)((value & BSEC_CONF_FRQ_MASK) >>
- BSEC_CONF_FRQ_SHIFT);
- cfg->pulse_width = (uint8_t)((value & BSEC_CONF_PRG_WIDTH_MASK) >>
- BSEC_CONF_PRG_WIDTH_SHIFT);
- cfg->tread = (uint8_t)((value & BSEC_CONF_TREAD_MASK) >>
- BSEC_CONF_TREAD_SHIFT);
-
- value = mmio_read_32(bsec_base + BSEC_OTP_LOCK_OFF);
- cfg->upper_otp_lock = (uint8_t)((value & UPPER_OTP_LOCK_MASK) >>
- UPPER_OTP_LOCK_SHIFT);
- cfg->den_lock = (uint8_t)((value & DENREG_LOCK_MASK) >>
- DENREG_LOCK_SHIFT);
- cfg->prog_lock = (uint8_t)((value & GPLOCK_LOCK_MASK) >>
- GPLOCK_LOCK_SHIFT);
-
- return BSEC_OK;
-}
-
-/*
* bsec_shadow_register: copy SAFMEM OTP to BSEC data.
* otp: OTP number.
* return value: BSEC_OK if no error.
*/
-uint32_t bsec_shadow_register(uint32_t otp)
+static uint32_t bsec_shadow_register(uint32_t otp)
{
uint32_t result;
bool value;
@@ -345,7 +268,7 @@
otp);
}
- if ((bsec_get_status() & BSEC_MODE_PWR_MASK) == 0U) {
+ if ((bsec_get_status() & BSEC_OTP_STATUS_PWRON) == 0U) {
result = bsec_power_safmem(true);
if (result != BSEC_OK) {
@@ -357,9 +280,9 @@
bsec_lock();
- mmio_write_32(bsec_base + BSEC_OTP_CTRL_OFF, otp | BSEC_READ);
+ mmio_write_32(BSEC_BASE + BSEC_OTP_CTRL_OFF, otp | BSEC_READ);
- while ((bsec_get_status() & BSEC_MODE_BUSY_MASK) != 0U) {
+ while ((bsec_get_status() & BSEC_OTP_STATUS_BUSY) != 0U) {
;
}
@@ -392,7 +315,7 @@
return BSEC_INVALID_PARAM;
}
- *val = mmio_read_32(bsec_base + BSEC_OTP_DATA_OFF +
+ *val = mmio_read_32(BSEC_BASE + BSEC_OTP_DATA_OFF +
(otp * sizeof(uint32_t)));
return BSEC_OK;
@@ -427,7 +350,7 @@
/* Ensure integrity of each register access sequence */
bsec_lock();
- mmio_write_32(bsec_base + BSEC_OTP_DATA_OFF +
+ mmio_write_32(BSEC_BASE + BSEC_OTP_DATA_OFF +
(otp * sizeof(uint32_t)), val);
bsec_unlock();
@@ -470,12 +393,11 @@
return BSEC_PROG_FAIL;
}
- if ((mmio_read_32(bsec_base + BSEC_OTP_LOCK_OFF) &
- BIT(BSEC_LOCK_PROGRAM)) != 0U) {
+ if ((mmio_read_32(BSEC_BASE + BSEC_OTP_LOCK_OFF) & GPLOCK_LOCK_MASK) != 0U) {
WARN("BSEC: GPLOCK activated, prog will be ignored\n");
}
- if ((bsec_get_status() & BSEC_MODE_PWR_MASK) == 0U) {
+ if ((bsec_get_status() & BSEC_OTP_STATUS_PWRON) == 0U) {
result = bsec_power_safmem(true);
if (result != BSEC_OK) {
@@ -487,15 +409,15 @@
bsec_lock();
- mmio_write_32(bsec_base + BSEC_OTP_WRDATA_OFF, val);
+ mmio_write_32(BSEC_BASE + BSEC_OTP_WRDATA_OFF, val);
- mmio_write_32(bsec_base + BSEC_OTP_CTRL_OFF, otp | BSEC_WRITE);
+ mmio_write_32(BSEC_BASE + BSEC_OTP_CTRL_OFF, otp | BSEC_WRITE);
- while ((bsec_get_status() & BSEC_MODE_BUSY_MASK) != 0U) {
+ while ((bsec_get_status() & BSEC_OTP_STATUS_BUSY) != 0U) {
;
}
- if ((bsec_get_status() & BSEC_MODE_PROGFAIL_MASK) != 0U) {
+ if ((bsec_get_status() & BSEC_OTP_STATUS_PROGFAIL) != 0U) {
result = BSEC_PROG_FAIL;
} else {
result = bsec_check_error(otp, true);
@@ -517,6 +439,7 @@
* otp: OTP number.
* return value: BSEC_OK if no error.
*/
+#if defined(IMAGE_BL32)
uint32_t bsec_permanent_lock_otp(uint32_t otp)
{
uint32_t result;
@@ -532,7 +455,7 @@
return BSEC_INVALID_PARAM;
}
- if ((bsec_get_status() & BSEC_MODE_PWR_MASK) == 0U) {
+ if ((bsec_get_status() & BSEC_OTP_STATUS_PWRON) == 0U) {
result = bsec_power_safmem(true);
if (result != BSEC_OK) {
@@ -554,16 +477,16 @@
bsec_lock();
- mmio_write_32(bsec_base + BSEC_OTP_WRDATA_OFF, data);
+ mmio_write_32(BSEC_BASE + BSEC_OTP_WRDATA_OFF, data);
- mmio_write_32(bsec_base + BSEC_OTP_CTRL_OFF,
+ mmio_write_32(BSEC_BASE + BSEC_OTP_CTRL_OFF,
addr | BSEC_WRITE | BSEC_LOCK);
- while ((bsec_get_status() & BSEC_MODE_BUSY_MASK) != 0U) {
+ while ((bsec_get_status() & BSEC_OTP_STATUS_BUSY) != 0U) {
;
}
- if ((bsec_get_status() & BSEC_MODE_PROGFAIL_MASK) != 0U) {
+ if ((bsec_get_status() & BSEC_OTP_STATUS_PROGFAIL) != 0U) {
result = BSEC_PROG_FAIL;
} else {
result = bsec_check_error(otp, false);
@@ -579,30 +502,14 @@
return result;
}
-
-/*
- * bsec_write_debug_conf: write value in debug feature.
- * to enable/disable debug service.
- * val: value to write.
- * return value: none.
- */
-void bsec_write_debug_conf(uint32_t val)
-{
- if (is_otp_invalid_mode()) {
- return;
- }
-
- bsec_lock();
- mmio_write_32(bsec_base + BSEC_DEN_OFF, val & BSEC_DEN_ALL_MSK);
- bsec_unlock();
-}
+#endif
/*
* bsec_read_debug_conf: return debug configuration register value.
*/
uint32_t bsec_read_debug_conf(void)
{
- return mmio_read_32(bsec_base + BSEC_DEN_OFF);
+ return mmio_read_32(BSEC_BASE + BSEC_DEN_OFF);
}
/*
@@ -618,7 +525,7 @@
}
bsec_lock();
- mmio_write_32(bsec_base + BSEC_SCRATCH_OFF, val);
+ mmio_write_32(BSEC_BASE + BSEC_SCRATCH_OFF, val);
bsec_unlock();
#else
mmio_write_32(BSEC_BASE + BSEC_SCRATCH_OFF, val);
@@ -626,54 +533,30 @@
}
/*
- * bsec_read_scratch: return scratch register value.
- */
-uint32_t bsec_read_scratch(void)
-{
- return mmio_read_32(bsec_base + BSEC_SCRATCH_OFF);
-}
-
-/*
* bsec_get_status: return status register value.
*/
-uint32_t bsec_get_status(void)
-{
- return mmio_read_32(bsec_base + BSEC_OTP_STATUS_OFF);
-}
-
-/*
- * bsec_get_hw_conf: return hardware configuration register value.
- */
-uint32_t bsec_get_hw_conf(void)
+static uint32_t bsec_get_status(void)
{
- return mmio_read_32(bsec_base + BSEC_IPHW_CFG_OFF);
+ return mmio_read_32(BSEC_BASE + BSEC_OTP_STATUS_OFF);
}
/*
* bsec_get_version: return BSEC version register value.
*/
-uint32_t bsec_get_version(void)
+static uint32_t bsec_get_version(void)
{
- return mmio_read_32(bsec_base + BSEC_IPVR_OFF);
+ return mmio_read_32(BSEC_BASE + BSEC_IPVR_OFF) & BSEC_IPVR_MSK;
}
/*
* bsec_get_id: return BSEC ID register value.
*/
-uint32_t bsec_get_id(void)
+static uint32_t bsec_get_id(void)
{
- return mmio_read_32(bsec_base + BSEC_IP_ID_OFF);
+ return mmio_read_32(BSEC_BASE + BSEC_IP_ID_OFF);
}
/*
- * bsec_get_magic_id: return BSEC magic number register value.
- */
-uint32_t bsec_get_magic_id(void)
-{
- return mmio_read_32(bsec_base + BSEC_IP_MAGIC_ID_OFF);
-}
-
-/*
* bsec_set_sr_lock: set shadow-read lock.
* otp: OTP number.
* return value: BSEC_OK if no error.
@@ -681,7 +564,7 @@
uint32_t bsec_set_sr_lock(uint32_t otp)
{
uint32_t bank = otp_bank_offset(otp);
- uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
+ uint32_t otp_mask = otp_bit_mask(otp);
if (is_otp_invalid_mode()) {
return BSEC_ERROR;
@@ -692,7 +575,7 @@
}
bsec_lock();
- mmio_write_32(bsec_base + BSEC_SRLOCK_OFF + bank, otp_mask);
+ mmio_write_32(BSEC_BASE + BSEC_SRLOCK_OFF + bank, otp_mask);
bsec_unlock();
return BSEC_OK;
@@ -707,14 +590,14 @@
uint32_t bsec_read_sr_lock(uint32_t otp, bool *value)
{
uint32_t bank = otp_bank_offset(otp);
- uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
+ uint32_t otp_mask = otp_bit_mask(otp);
uint32_t bank_value;
if (otp > STM32MP1_OTP_MAX_ID) {
return BSEC_INVALID_PARAM;
}
- bank_value = mmio_read_32(bsec_base + BSEC_SRLOCK_OFF + bank);
+ bank_value = mmio_read_32(BSEC_BASE + BSEC_SRLOCK_OFF + bank);
*value = ((bank_value & otp_mask) != 0U);
@@ -729,7 +612,7 @@
uint32_t bsec_set_sw_lock(uint32_t otp)
{
uint32_t bank = otp_bank_offset(otp);
- uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
+ uint32_t otp_mask = otp_bit_mask(otp);
if (is_otp_invalid_mode()) {
return BSEC_ERROR;
@@ -740,7 +623,7 @@
}
bsec_lock();
- mmio_write_32(bsec_base + BSEC_SWLOCK_OFF + bank, otp_mask);
+ mmio_write_32(BSEC_BASE + BSEC_SWLOCK_OFF + bank, otp_mask);
bsec_unlock();
return BSEC_OK;
@@ -762,7 +645,7 @@
return BSEC_INVALID_PARAM;
}
- bank_value = mmio_read_32(bsec_base + BSEC_SWLOCK_OFF + bank);
+ bank_value = mmio_read_32(BSEC_BASE + BSEC_SWLOCK_OFF + bank);
*value = ((bank_value & otp_mask) != 0U);
@@ -777,7 +660,7 @@
uint32_t bsec_set_sp_lock(uint32_t otp)
{
uint32_t bank = otp_bank_offset(otp);
- uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
+ uint32_t otp_mask = otp_bit_mask(otp);
if (is_otp_invalid_mode()) {
return BSEC_ERROR;
@@ -788,7 +671,7 @@
}
bsec_lock();
- mmio_write_32(bsec_base + BSEC_SPLOCK_OFF + bank, otp_mask);
+ mmio_write_32(BSEC_BASE + BSEC_SPLOCK_OFF + bank, otp_mask);
bsec_unlock();
return BSEC_OK;
@@ -810,7 +693,7 @@
return BSEC_INVALID_PARAM;
}
- bank_value = mmio_read_32(bsec_base + BSEC_SPLOCK_OFF + bank);
+ bank_value = mmio_read_32(BSEC_BASE + BSEC_SPLOCK_OFF + bank);
*value = ((bank_value & otp_mask) != 0U);
@@ -823,17 +706,17 @@
* value: read value (true or false).
* return value: BSEC_OK if no error.
*/
-uint32_t bsec_read_permanent_lock(uint32_t otp, bool *value)
+static uint32_t bsec_read_permanent_lock(uint32_t otp, bool *value)
{
uint32_t bank = otp_bank_offset(otp);
- uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
+ uint32_t otp_mask = otp_bit_mask(otp);
uint32_t bank_value;
if (otp > STM32MP1_OTP_MAX_ID) {
return BSEC_INVALID_PARAM;
}
- bank_value = mmio_read_32(bsec_base + BSEC_WRLOCK_OFF + bank);
+ bank_value = mmio_read_32(BSEC_BASE + BSEC_WRLOCK_OFF + bank);
*value = ((bank_value & otp_mask) != 0U);
@@ -841,36 +724,6 @@
}
/*
- * bsec_otp_lock: Lock Upper OTP or Global Programming or Debug Enable.
- * service: Service to lock, see header file.
- * return value: BSEC_OK if no error.
- */
-uint32_t bsec_otp_lock(uint32_t service)
-{
- uintptr_t reg = bsec_base + BSEC_OTP_LOCK_OFF;
-
- if (is_otp_invalid_mode()) {
- return BSEC_ERROR;
- }
-
- switch (service) {
- case BSEC_LOCK_UPPER_OTP:
- mmio_write_32(reg, BIT(BSEC_LOCK_UPPER_OTP));
- break;
- case BSEC_LOCK_DEBUG:
- mmio_write_32(reg, BIT(BSEC_LOCK_DEBUG));
- break;
- case BSEC_LOCK_PROGRAM:
- mmio_write_32(reg, BIT(BSEC_LOCK_PROGRAM));
- break;
- default:
- return BSEC_INVALID_PARAM;
- }
-
- return BSEC_OK;
-}
-
-/*
* bsec_power_safmem: Activate or deactivate SAFMEM power.
* power: true to power up, false to power down.
* return value: BSEC_OK if no error.
@@ -882,7 +735,7 @@
bsec_lock();
- register_val = mmio_read_32(bsec_base + BSEC_OTP_CONF_OFF);
+ register_val = mmio_read_32(BSEC_BASE + BSEC_OTP_CONF_OFF);
if (power) {
register_val |= BSEC_CONF_POWER_UP_MASK;
@@ -890,15 +743,15 @@
register_val &= ~BSEC_CONF_POWER_UP_MASK;
}
- mmio_write_32(bsec_base + BSEC_OTP_CONF_OFF, register_val);
+ mmio_write_32(BSEC_BASE + BSEC_OTP_CONF_OFF, register_val);
if (power) {
- while (((bsec_get_status() & BSEC_MODE_PWR_MASK) == 0U) &&
+ while (((bsec_get_status() & BSEC_OTP_STATUS_PWRON) == 0U) &&
(timeout != 0U)) {
timeout--;
}
} else {
- while (((bsec_get_status() & BSEC_MODE_PWR_MASK) != 0U) &&
+ while (((bsec_get_status() & BSEC_OTP_STATUS_PWRON) != 0U) &&
(timeout != 0U)) {
timeout--;
}
@@ -915,28 +768,29 @@
/*
* bsec_shadow_read_otp: Load OTP from SAFMEM and provide its value.
- * otp_value: read value.
- * word: OTP number.
+ * val: read value.
+ * otp: OTP number.
* return value: BSEC_OK if no error.
*/
-uint32_t bsec_shadow_read_otp(uint32_t *otp_value, uint32_t word)
+uint32_t bsec_shadow_read_otp(uint32_t *val, uint32_t otp)
{
uint32_t result;
- result = bsec_shadow_register(word);
+ result = bsec_shadow_register(otp);
if (result != BSEC_OK) {
- ERROR("BSEC: %u Shadowing Error %u\n", word, result);
+ ERROR("BSEC: %u Shadowing Error %u\n", otp, result);
return result;
}
- result = bsec_read_otp(otp_value, word);
+ result = bsec_read_otp(val, otp);
if (result != BSEC_OK) {
- ERROR("BSEC: %u Read Error %u\n", word, result);
+ ERROR("BSEC: %u Read Error %u\n", otp, result);
}
return result;
}
+#if defined(IMAGE_BL32)
/*
* bsec_check_nsec_access_rights: check non-secure access rights to target OTP.
* otp: OTP number.
@@ -944,7 +798,6 @@
*/
uint32_t bsec_check_nsec_access_rights(uint32_t otp)
{
-#if defined(IMAGE_BL32)
if (otp > STM32MP1_OTP_MAX_ID) {
return BSEC_INVALID_PARAM;
}
@@ -954,8 +807,33 @@
return BSEC_ERROR;
}
}
-#endif
return BSEC_OK;
}
+#endif
+
+uint32_t bsec_get_secure_state(void)
+{
+ uint32_t status = bsec_get_status();
+ uint32_t result = BSEC_STATE_INVALID;
+ uint32_t otp_enc_id __maybe_unused;
+ uint32_t otp_bit_len __maybe_unused;
+ int res __maybe_unused;
+ if ((status & BSEC_OTP_STATUS_INVALID) != 0U) {
+ result = BSEC_STATE_INVALID;
+ } else {
+ if ((status & BSEC_OTP_STATUS_SECURE) != 0U) {
+ if (stm32mp_check_closed_device() == STM32MP_CHIP_SEC_CLOSED) {
+ result = BSEC_STATE_SEC_CLOSED;
+ } else {
+ result = BSEC_STATE_SEC_OPEN;
+ }
+ } else {
+ /* OTP modes OPEN1 and OPEN2 are not supported */
+ result = BSEC_STATE_INVALID;
+ }
+ }
+
+ return result;
+}
diff --git a/drivers/st/bsec/bsec3.c b/drivers/st/bsec/bsec3.c
new file mode 100644
index 0000000..a803a3a
--- /dev/null
+++ b/drivers/st/bsec/bsec3.c
@@ -0,0 +1,533 @@
+/*
+ * Copyright (c) 2024, STMicroelectronics - All Rights Reserved
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <limits.h>
+
+#include <arch_helpers.h>
+#include <common/debug.h>
+#include <drivers/st/bsec.h>
+#include <drivers/st/bsec3_reg.h>
+#include <drivers/st/stm32mp_reset.h>
+#include <lib/mmio.h>
+#include <lib/spinlock.h>
+#include <libfdt.h>
+
+#include <platform_def.h>
+
+#define BSEC_IP_VERSION_1_0 U(0x10)
+#define BSEC_IP_ID_3 U(0x100033)
+
+#define MAX_NB_TRIES U(3)
+
+/*
+ * IP configuration
+ */
+#define BSEC_OTP_MASK GENMASK_32(4, 0)
+#define BSEC_OTP_BANK_SHIFT U(5)
+#define BSEC_TIMEOUT_VALUE U(0x800000) /* ~7sec @1.2GHz */
+
+/* Magic use to indicated valid SHADOW = 'B' 'S' 'E' 'C' */
+#define BSEC_MAGIC U(0x42534543)
+
+#define OTP_MAX_SIZE (STM32MP2_OTP_MAX_ID + U(1))
+
+struct bsec_shadow {
+ uint32_t magic;
+ uint32_t state;
+ uint32_t value[OTP_MAX_SIZE];
+ uint32_t status[OTP_MAX_SIZE];
+};
+
+static uint32_t otp_bank(uint32_t otp)
+{
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ return (otp & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT;
+}
+
+static uint32_t otp_bit_mask(uint32_t otp)
+{
+ return BIT(otp & BSEC_OTP_MASK);
+}
+
+/*
+ * bsec_get_status: return status register value.
+ */
+static uint32_t bsec_get_status(void)
+{
+ return mmio_read_32(BSEC_BASE + BSEC_OTPSR);
+}
+
+/*
+ * bsec_get_version: return BSEC version.
+ */
+static uint32_t bsec_get_version(void)
+{
+ return mmio_read_32(BSEC_BASE + BSEC_VERR) & BSEC_VERR_MASK;
+}
+
+/*
+ * bsec_get_id: return BSEC ID.
+ */
+static uint32_t bsec_get_id(void)
+{
+ return mmio_read_32(BSEC_BASE + BSEC_IPIDR);
+}
+
+static bool is_fuse_shadowed(uint32_t otp)
+{
+ uint32_t bank = otp_bank(otp);
+ uint32_t otp_mask = otp_bit_mask(otp);
+ uint32_t bank_value;
+
+ bank_value = mmio_read_32(BSEC_BASE + BSEC_SFSR(bank));
+
+ if ((bank_value & otp_mask) != 0U) {
+ return true;
+ }
+
+ return false;
+}
+
+static void poll_otp_status_busy(void)
+{
+ uint32_t timeout = BSEC_TIMEOUT_VALUE;
+
+ while (((bsec_get_status() & BSEC_OTPSR_BUSY) != 0U) && (timeout != 0U)) {
+ timeout--;
+ }
+
+ if ((bsec_get_status() & BSEC_OTPSR_BUSY) != 0U) {
+ ERROR("BSEC timeout\n");
+ panic();
+ }
+}
+
+static uint32_t check_read_error(uint32_t otp)
+{
+ uint32_t status = bsec_get_status();
+
+ if ((status & BSEC_OTPSR_SECF) != 0U) {
+ VERBOSE("BSEC read %u single error correction detected\n", otp);
+ }
+
+ if ((status & BSEC_OTPSR_PPLF) != 0U) {
+ VERBOSE("BSEC read %u permanent programming lock detected.\n", otp);
+ }
+
+ if ((status & BSEC_OTPSR_PPLMF) != 0U) {
+ ERROR("BSEC read %u error 0x%x\n", otp, status);
+ return BSEC_ERROR;
+ }
+
+ if ((status & (BSEC_OTPSR_DISTURBF | BSEC_OTPSR_DEDF | BSEC_OTPSR_AMEF)) != 0U) {
+ ERROR("BSEC read %u error 0x%x with invalid FVR\n", otp, status);
+ return BSEC_RETRY;
+ }
+
+ return BSEC_OK;
+}
+
+static uint32_t check_program_error(uint32_t otp)
+{
+ uint32_t status = bsec_get_status();
+
+ if ((status & BSEC_OTPSR_PROGFAIL) != 0U) {
+ ERROR("BSEC program %u error 0x%x\n", otp, status);
+ return BSEC_RETRY;
+ }
+
+ return BSEC_OK;
+}
+
+static void check_reset_error(void)
+{
+ uint32_t status = bsec_get_status();
+
+ /* check initial status reporting */
+ if ((status & BSEC_OTPSR_BUSY) != 0U) {
+ VERBOSE("BSEC reset and busy when OTPSR read\n");
+ }
+ if ((status & BSEC_OTPSR_HIDEUP) != 0U) {
+ VERBOSE("BSEC upper fuse are not accessible (HIDEUP)\n");
+ }
+ if ((status & BSEC_OTPSR_OTPSEC) != 0U) {
+ VERBOSE("BSEC reset single error correction detected\n");
+ }
+ if ((status & BSEC_OTPSR_OTPNVIR) == 0U) {
+ VERBOSE("BSEC reset first fuse word 0 is detected zero\n");
+ }
+ if ((status & BSEC_OTPSR_OTPERR) != 0U) {
+ ERROR("BSEC reset critical error 0x%x\n", status);
+ panic();
+ }
+ if ((status & BSEC_OTPSR_FUSEOK) != BSEC_OTPSR_FUSEOK) {
+ ERROR("BSEC reset critical error 0x%x\n", status);
+ panic();
+ }
+}
+
+static bool is_bsec_write_locked(void)
+{
+ return (mmio_read_32(BSEC_BASE + BSEC_LOCKR) & BSEC_LOCKR_GWLOCK_MASK) != 0U;
+}
+
+/*
+ * bsec_probe: initialize BSEC driver.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_probe(void)
+{
+ uint32_t version = bsec_get_version();
+ uint32_t id = bsec_get_id();
+
+ if ((version != BSEC_IP_VERSION_1_0) || (id != BSEC_IP_ID_3)) {
+ ERROR("%s: version = 0x%x, id = 0x%x\n", __func__, version, id);
+ panic();
+ }
+
+ check_reset_error();
+
+ return BSEC_OK;
+}
+
+/*
+ * bsec_shadow_register: copy SAFMEM OTP to BSEC data.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+static uint32_t bsec_shadow_register(uint32_t otp)
+{
+ uint32_t result;
+ uint32_t i;
+ bool value;
+
+ result = bsec_read_sr_lock(otp, &value);
+ if (result != BSEC_OK) {
+ WARN("BSEC: %u Sticky-read bit read Error %u\n", otp, result);
+ } else if (value) {
+ VERBOSE("BSEC: OTP %u is locked and will not be refreshed\n", otp);
+ }
+
+ for (i = 0U; i < MAX_NB_TRIES; i++) {
+ mmio_write_32(BSEC_BASE + BSEC_OTPCR, otp);
+
+ poll_otp_status_busy();
+
+ result = check_read_error(otp);
+ if (result != BSEC_RETRY) {
+ break;
+ }
+ }
+
+ return result;
+}
+
+/*
+ * bsec_write_otp: write a value in shadow OTP.
+ * val: value to program.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_write_otp(uint32_t val, uint32_t otp)
+{
+ bool state;
+ uint32_t result;
+
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ if (!is_fuse_shadowed(otp)) {
+ return BSEC_ERROR;
+ }
+
+ if (is_bsec_write_locked()) {
+ return BSEC_WRITE_LOCKED;
+ }
+
+ result = bsec_read_sw_lock(otp, &state);
+ if (result != BSEC_OK) {
+ WARN("Shadow register is SW locked\n");
+ return result;
+ }
+
+ mmio_write_32(BSEC_BASE + BSEC_FVR(otp), val);
+
+ return BSEC_OK;
+}
+
+/*
+ * bsec_program_otp: program a bit in SAFMEM after the prog.
+ * The OTP data is not refreshed.
+ * val: value to program.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_program_otp(uint32_t val, uint32_t otp)
+{
+ uint32_t result;
+ uint32_t i;
+ bool value;
+
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ if (is_bsec_write_locked() == true) {
+ return BSEC_WRITE_LOCKED;
+ }
+
+ result = bsec_read_sp_lock(otp, &value);
+ if (result != BSEC_OK) {
+ WARN("BSEC: %u Sticky-prog bit read Error %u\n", otp, result);
+ } else if (value) {
+ WARN("BSEC: OTP locked, prog will be ignored\n");
+ return BSEC_WRITE_LOCKED;
+ }
+
+ mmio_write_32(BSEC_BASE + BSEC_WDR, val);
+
+ for (i = 0U; i < MAX_NB_TRIES; i++) {
+ mmio_write_32(BSEC_BASE + BSEC_OTPCR, otp | BSEC_OTPCR_PROG);
+
+ poll_otp_status_busy();
+
+ result = check_program_error(otp);
+ if (result != BSEC_RETRY) {
+ break;
+ }
+ }
+
+ return result;
+}
+
+/*
+ * bsec_read_debug_conf: read debug configuration.
+ */
+uint32_t bsec_read_debug_conf(void)
+{
+ return mmio_read_32(BSEC_BASE + BSEC_DENR);
+}
+
+static uint32_t bsec_lock_register_set(uint32_t offset, uint32_t mask)
+{
+ uint32_t value = mmio_read_32(BSEC_BASE + offset);
+
+ /* The lock is already set */
+ if ((value & mask) != 0U) {
+ return BSEC_OK;
+ }
+
+ if (is_bsec_write_locked()) {
+ return BSEC_WRITE_LOCKED;
+ }
+
+ value |= mask;
+
+ mmio_write_32(BSEC_BASE + offset, value);
+
+ return BSEC_OK;
+}
+
+static bool bsec_lock_register_get(uint32_t offset, uint32_t mask)
+{
+ uint32_t value = mmio_read_32(BSEC_BASE + offset);
+
+ return (value & mask) != 0U;
+}
+
+/*
+ * bsec_set_sr_lock: set shadow-read lock.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_set_sr_lock(uint32_t otp)
+{
+ uint32_t bank = otp_bank(otp);
+ uint32_t otp_mask = otp_bit_mask(otp);
+
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ return bsec_lock_register_set(BSEC_SRLOCK(bank), otp_mask);
+}
+
+/*
+ * bsec_read_sr_lock: read shadow-read lock.
+ * otp: OTP number.
+ * value: read value (true or false).
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_read_sr_lock(uint32_t otp, bool *value)
+{
+ uint32_t bank = otp_bank(otp);
+ uint32_t otp_mask = otp_bit_mask(otp);
+
+ assert(value != NULL);
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ *value = bsec_lock_register_get(BSEC_SRLOCK(bank), otp_mask);
+
+ return BSEC_OK;
+}
+
+/*
+ * bsec_set_sw_lock: set shadow-write lock.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_set_sw_lock(uint32_t otp)
+{
+ uint32_t bank = otp_bank(otp);
+ uint32_t otp_mask = otp_bit_mask(otp);
+
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ return bsec_lock_register_set(BSEC_SWLOCK(bank), otp_mask);
+}
+
+/*
+ * bsec_read_sw_lock: read shadow-write lock.
+ * otp: OTP number.
+ * value: read value (true or false).
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_read_sw_lock(uint32_t otp, bool *value)
+{
+ uint32_t bank = otp_bank(otp);
+ uint32_t otp_mask = otp_bit_mask(otp);
+
+ assert(value != NULL);
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ *value = bsec_lock_register_get(BSEC_SWLOCK(bank), otp_mask);
+
+ return BSEC_OK;
+}
+
+/*
+ * bsec_set_sp_lock: set shadow-program lock.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_set_sp_lock(uint32_t otp)
+{
+ uint32_t bank = otp_bank(otp);
+ uint32_t otp_mask = otp_bit_mask(otp);
+
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ return bsec_lock_register_set(BSEC_SPLOCK(bank), otp_mask);
+}
+
+/*
+ * bsec_read_sp_lock: read shadow-program lock.
+ * otp: OTP number.
+ * value: read value (true or false).
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_read_sp_lock(uint32_t otp, bool *value)
+{
+ uint32_t bank = otp_bank(otp);
+ uint32_t otp_mask = otp_bit_mask(otp);
+
+ assert(value != NULL);
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ *value = bsec_lock_register_get(BSEC_SPLOCK(bank), otp_mask);
+
+ return BSEC_OK;
+}
+
+/*
+ * bsec_get_secure_state: read state in BSEC status register.
+ * return: secure state
+ */
+uint32_t bsec_get_secure_state(void)
+{
+ uint32_t state = BSEC_STATE_INVALID;
+ uint32_t status = bsec_get_status();
+ uint32_t bsec_sr = mmio_read_32(BSEC_BASE + BSEC_SR);
+
+ if ((status & BSEC_OTPSR_FUSEOK) == BSEC_OTPSR_FUSEOK) {
+ /* NVSTATE is only valid if FUSEOK */
+ uint32_t nvstates = (bsec_sr & BSEC_SR_NVSTATE_MASK) >> BSEC_SR_NVSTATE_SHIFT;
+
+ if (nvstates == BSEC_SR_NVSTATE_OPEN) {
+ state = BSEC_STATE_SEC_OPEN;
+ } else if (nvstates == BSEC_SR_NVSTATE_CLOSED) {
+ state = BSEC_STATE_SEC_CLOSED;
+ } else {
+ VERBOSE("%s nvstates = %u\n", __func__, nvstates);
+ }
+ }
+
+ return state;
+}
+
+/*
+ * bsec_shadow_read_otp: Load OTP from SAFMEM and provide its value
+ * val: read value.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_shadow_read_otp(uint32_t *val, uint32_t otp)
+{
+ assert(val != NULL);
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ *val = 0U;
+
+ if (is_bsec_write_locked()) {
+ return BSEC_WRITE_LOCKED;
+ }
+
+ if (!is_fuse_shadowed(otp)) {
+ uint32_t result = bsec_shadow_register(otp);
+
+ if (result != BSEC_OK) {
+ ERROR("BSEC: %u Shadowing Error %u\n", otp, result);
+ return result;
+ }
+ }
+
+ *val = mmio_read_32(BSEC_BASE + BSEC_FVR(otp));
+
+ return BSEC_OK;
+}
+
+/*
+ * bsec_read_otp: read an OTP data value.
+ * val: read value.
+ * otp: OTP number.
+ * return value: BSEC_OK if no error.
+ */
+uint32_t bsec_read_otp(uint32_t *val, uint32_t otp)
+{
+ assert(val != NULL);
+ if (otp > STM32MP2_OTP_MAX_ID) {
+ panic();
+ }
+
+ return bsec_shadow_read_otp(val, otp);
+}
diff --git a/drivers/ufs/ufs.c b/drivers/ufs/ufs.c
index 19f894f..33ceb26 100644
--- a/drivers/ufs/ufs.c
+++ b/drivers/ufs/ufs.c
@@ -966,8 +966,7 @@
{
uint8_t desc_buf[DESC_DEVICE_MAX_SIZE];
- ufs_query(QUERY_READ_DESC, DESC_TYPE_DEVICE, 0, 0,
- (uintptr_t)desc_buf, DESC_DEVICE_MAX_SIZE);
+ ufs_read_desc(DESC_TYPE_DEVICE, 0, (uintptr_t)desc_buf, DESC_DEVICE_MAX_SIZE);
/*
* getting vendor (manufacturerID) and Bank Index in big endian
diff --git a/fdts/cca_cot_descriptors.dtsi b/fdts/cca_cot_descriptors.dtsi
new file mode 100644
index 0000000..d52431b
--- /dev/null
+++ b/fdts/cca_cot_descriptors.dtsi
@@ -0,0 +1,287 @@
+/*
+ * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <tools_share/cca_oid.h>
+#include <common/tbbr/tbbr_img_def.h>
+#include <common/nv_cntr_ids.h>
+
+cot {
+ manifests {
+ compatible = "arm, cert-descs";
+
+ cca_content_cert: cca_content_cert {
+ root-certificate;
+ image-id =<CCA_CONTENT_CERT_ID>;
+ antirollback-counter = <&cca_nv_counter>;
+
+ tb_fw_hash: tb_fw_hash {
+ oid = TRUSTED_BOOT_FW_HASH_OID;
+ };
+ tb_fw_config_hash: tb_fw_config_hash {
+ oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID;
+ };
+ hw_config_hash: hw_config_hash {
+ oid = HW_CONFIG_HASH_OID;
+ };
+ fw_config_hash: fw_config_hash {
+ oid = FW_CONFIG_HASH_OID;
+ };
+ soc_fw_hash: soc_fw_hash {
+ oid = SOC_AP_FW_HASH_OID;
+ };
+ soc_fw_config_hash: soc_fw_config_hash {
+ oid = SOC_FW_CONFIG_HASH_OID;
+ };
+ rmm_hash: rmm_hash {
+ oid = RMM_HASH_OID;
+ };
+ };
+
+ core_swd_key_cert: core_swd_key_cert {
+ root-certificate;
+ image-id = <CORE_SWD_KEY_CERT_ID>;
+ signing-key = <&swd_rot_pk>;
+ antirollback-counter = <&trusted_nv_counter>;
+
+ core_swd_pk: core_swd_pk {
+ oid = CORE_SWD_PK_OID;
+ };
+ };
+
+ trusted_os_fw_content_cert: trusted_os_fw_content_cert {
+ image-id = <TRUSTED_OS_FW_CONTENT_CERT_ID>;
+ parent = <&core_swd_key_cert>;
+ signing-key = <&core_swd_pk>;
+ antirollback-counter = <&trusted_nv_counter>;
+
+ tos_fw_hash: tos_fw_hash {
+ oid = TRUSTED_OS_FW_HASH_OID;
+ };
+ tos_fw_config_hash: tos_fw_config_hash {
+ oid = TRUSTED_OS_FW_CONFIG_HASH_OID;
+ };
+ };
+
+ plat_key_cert: plat_key_cert {
+ root-certificate;
+ image-id = <PLAT_KEY_CERT_ID>;
+ signing-key = <&prot_pk>;
+ antirollback-counter = <&non_trusted_nv_counter>;
+
+ plat_pk: plat_pk {
+ oid = PLAT_PK_OID;
+ };
+ };
+
+ non_trusted_fw_content_cert: non_trusted_fw_content_cert {
+ image-id = <NON_TRUSTED_FW_CONTENT_CERT_ID>;
+ parent = <&plat_key_cert>;
+ signing-key = <&plat_pk>;
+ antirollback-counter = <&non_trusted_nv_counter>;
+
+ nt_world_bl_hash: nt_world_bl_hash {
+ oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID;
+ };
+ nt_fw_config_hash: nt_fw_config_hash {
+ oid = NON_TRUSTED_FW_CONFIG_HASH_OID;
+ };
+ };
+
+#if defined(SPD_spmd)
+ sip_sp_content_cert: sip_sp_content_cert {
+ image-id = <SIP_SP_CONTENT_CERT_ID>;
+ parent = <&core_swd_key_cert>;
+ signing-key = <&core_swd_pk>;
+ antirollback-counter = <&trusted_nv_counter>;
+
+ sp_pkg1_hash: sp_pkg1_hash {
+ oid = SP_PKG1_HASH_OID;
+ };
+ sp_pkg2_hash: sp_pkg2_hash {
+ oid = SP_PKG2_HASH_OID;
+ };
+ sp_pkg3_hash: sp_pkg3_hash {
+ oid = SP_PKG3_HASH_OID;
+ };
+ sp_pkg4_hash: sp_pkg4_hash {
+ oid = SP_PKG4_HASH_OID;
+ };
+ };
+
+ plat_sp_content_cert: plat_sp_content_cert {
+ image-id = <PLAT_SP_CONTENT_CERT_ID>;
+ parent = <&plat_key_cert>;
+ signing-key = <&plat_pk>;
+ antirollback-counter = <&non_trusted_nv_counter>;
+
+ sp_pkg5_hash: sp_pkg5_hash {
+ oid = SP_PKG5_HASH_OID;
+ };
+ sp_pkg6_hash: sp_pkg6_hash {
+ oid = SP_PKG6_HASH_OID;
+ };
+ sp_pkg7_hash: sp_pkg7_hash {
+ oid = SP_PKG7_HASH_OID;
+ };
+ sp_pkg8_hash: sp_pkg8_hash {
+ oid = SP_PKG8_HASH_OID;
+ };
+ };
+#endif
+ };
+
+ images {
+ compatible = "arm, img-descs";
+
+ fw_config {
+ image-id = <FW_CONFIG_ID>;
+ parent = <&cca_content_cert>;
+ hash = <&fw_config_hash>;
+ };
+
+ hw_config {
+ image-id = <HW_CONFIG_ID>;
+ parent = <&cca_content_cert>;
+ hash = <&hw_config_hash>;
+ };
+
+ tb_fw_hash {
+ image-id = <BL2_IMAGE_ID>;
+ parent = <&cca_content_cert>;
+ hash = <&tb_fw_hash>;
+ };
+
+ tb_fw_config {
+ image-id = <TB_FW_CONFIG_ID>;
+ parent = <&cca_content_cert>;
+ hash = <&tb_fw_config_hash>;
+ };
+
+ bl31_image {
+ image-id = <BL31_IMAGE_ID>;
+ parent = <&cca_content_cert>;
+ hash = <&soc_fw_hash>;
+ };
+
+ soc_fw_config {
+ image-id = <SOC_FW_CONFIG_ID>;
+ parent = <&cca_content_cert>;
+ hash = <&soc_fw_config_hash>;
+ };
+
+ rmm_image {
+ image-id = <RMM_IMAGE_ID>;
+ parent = <&cca_content_cert>;
+ hash = <&rmm_hash>;
+ };
+
+ bl32_image {
+ image-id = <BL32_IMAGE_ID>;
+ parent = <&trusted_os_fw_content_cert>;
+ hash = <&tos_fw_hash>;
+ };
+
+ tos_fw_config {
+ image-id = <TOS_FW_CONFIG_ID>;
+ parent = <&trusted_os_fw_content_cert>;
+ hash = <&tos_fw_config_hash>;
+ };
+
+ bl33_image {
+ image-id = <BL33_IMAGE_ID>;
+ parent = <&non_trusted_fw_content_cert>;
+ hash = <&nt_world_bl_hash>;
+ };
+
+ nt_fw_config {
+ image-id = <NT_FW_CONFIG_ID>;
+ parent = <&non_trusted_fw_content_cert>;
+ hash = <&nt_fw_config_hash>;
+ };
+
+#if defined(SPD_spmd)
+ sp_pkg1 {
+ image-id = <SP_PKG1_ID>;
+ parent = <&sip_sp_content_cert>;
+ hash = <&sp_pkg1_hash>;
+ };
+
+ sp_pkg2 {
+ image-id = <SP_PKG2_ID>;
+ parent = <&sip_sp_content_cert>;
+ hash = <&sp_pkg2_hash>;
+ };
+
+ sp_pkg3 {
+ image-id = <SP_PKG3_ID>;
+ parent = <&sip_sp_content_cert>;
+ hash = <&sp_pkg3_hash>;
+ };
+
+ sp_pkg4 {
+ image-id = <SP_PKG4_ID>;
+ parent = <&sip_sp_content_cert>;
+ hash = <&sp_pkg4_hash>;
+ };
+
+ sp_pkg5 {
+ image-id = <SP_PKG5_ID>;
+ parent = <&plat_sp_content_cert>;
+ hash = <&sp_pkg5_hash>;
+ };
+
+ sp_pkg6 {
+ image-id = <SP_PKG6_ID>;
+ parent = <&plat_sp_content_cert>;
+ hash = <&sp_pkg6_hash>;
+ };
+
+ sp_pkg7 {
+ image-id = <SP_PKG7_ID>;
+ parent = <&plat_sp_content_cert>;
+ hash = <&sp_pkg7_hash>;
+ };
+
+ sp_pkg8 {
+ image-id = <SP_PKG8_ID>;
+ parent = <&plat_sp_content_cert>;
+ hash = <&sp_pkg8_hash>;
+ };
+#endif
+ };
+};
+
+non_volatile_counters: non_volatile_counters {
+ compatible = "arm, non-volatile-counter";
+
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ cca_nv_counter: cca_nv_counter {
+ id = <TRUSTED_NV_CTR_ID>;
+ oid = CCA_FW_NVCOUNTER_OID;
+ };
+
+ trusted_nv_counter: trusted_nv_counter {
+ id = <TRUSTED_NV_CTR_ID>;
+ oid = TRUSTED_FW_NVCOUNTER_OID;
+ };
+
+ non_trusted_nv_counter: non_trusted_nv_counter {
+ id = <NON_TRUSTED_NV_CTR_ID>;
+ oid = NON_TRUSTED_FW_NVCOUNTER_OID;
+ };
+};
+
+rot_keys {
+ swd_rot_pk: swd_rot_pk {
+ oid = SWD_ROT_PK_OID;
+ };
+
+ prot_pk: prot_pk {
+ oid = PROT_PK_OID;
+ };
+};
diff --git a/fdts/stm32mp131.dtsi b/fdts/stm32mp131.dtsi
index 8bcf363..520d90b 100644
--- a/fdts/stm32mp131.dtsi
+++ b/fdts/stm32mp131.dtsi
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause)
/*
- * Copyright (C) 2022-2023, STMicroelectronics - All Rights Reserved
+ * Copyright (C) 2022-2024, STMicroelectronics - All Rights Reserved
* Author: Alexandre Torgue <alexandre.torgue@foss.st.com> for STMicroelectronics.
*/
#include <dt-bindings/clock/stm32mp13-clks.h>
@@ -420,25 +420,25 @@
#address-cells = <1>;
#size-cells = <1>;
- cfg0_otp: cfg0_otp@0 {
+ cfg0_otp: cfg0-otp@0 {
reg = <0x0 0x2>;
};
part_number_otp: part-number-otp@4 {
reg = <0x4 0x2>;
};
- monotonic_otp: monotonic_otp@10 {
+ monotonic_otp: monotonic-otp@10 {
reg = <0x10 0x4>;
};
- nand_otp: cfg9_otp@24 {
+ nand_otp: cfg9-otp@24 {
reg = <0x24 0x4>;
};
- nand2_otp: cfg10_otp@28 {
+ nand2_otp: cfg10-otp@28 {
reg = <0x28 0x4>;
};
- uid_otp: uid_otp@34 {
+ uid_otp: uid-otp@34 {
reg = <0x34 0xc>;
};
- hw2_otp: hw2_otp@48 {
+ hw2_otp: hw2-otp@48 {
reg = <0x48 0x4>;
};
ts_cal1: calib@5c {
@@ -447,14 +447,14 @@
ts_cal2: calib@5e {
reg = <0x5e 0x2>;
};
- pkh_otp: pkh_otp@60 {
+ pkh_otp: pkh-otp@60 {
reg = <0x60 0x20>;
};
- mac_addr: mac_addr@e4 {
+ mac_addr: mac@e4 {
reg = <0xe4 0xc>;
st,non-secure-otp;
};
- enckey_otp: enckey_otp@170 {
+ oem_enc_key: oem-enc-key@170 {
reg = <0x170 0x10>;
};
};
diff --git a/fdts/stm32mp135f-dk.dts b/fdts/stm32mp135f-dk.dts
index 1204692..7a7d461 100644
--- a/fdts/stm32mp135f-dk.dts
+++ b/fdts/stm32mp135f-dk.dts
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause)
/*
- * Copyright (C) STMicroelectronics 2022 - All Rights Reserved
+ * Copyright (C) 2022-2024, STMicroelectronics - All Rights Reserved
* Author: Alexandre Torgue <alexandre.torgue@foss.st.com> for STMicroelectronics.
*/
@@ -50,7 +50,7 @@
};
&bsec {
- board_id: board_id@f0 {
+ board_id: board-id@f0 {
reg = <0xf0 0x4>;
st,non-secure-otp;
};
diff --git a/fdts/stm32mp151.dtsi b/fdts/stm32mp151.dtsi
index 7a22a1c..449ddbb 100644
--- a/fdts/stm32mp151.dtsi
+++ b/fdts/stm32mp151.dtsi
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause)
/*
- * Copyright (c) 2017-2023, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2017-2024, STMicroelectronics - All Rights Reserved
* Author: Ludovic Barre <ludovic.barre@st.com> for STMicroelectronics.
*/
#include <dt-bindings/interrupt-controller/arm-gic.h>
@@ -458,25 +458,25 @@
#address-cells = <1>;
#size-cells = <1>;
- cfg0_otp: cfg0_otp@0 {
+ cfg0_otp: cfg0-otp@0 {
reg = <0x0 0x1>;
};
part_number_otp: part-number-otp@4 {
reg = <0x4 0x1>;
};
- monotonic_otp: monotonic_otp@10 {
+ monotonic_otp: monotonic-otp@10 {
reg = <0x10 0x4>;
};
- nand_otp: nand_otp@24 {
+ nand_otp: nand-otp@24 {
reg = <0x24 0x4>;
};
- uid_otp: uid_otp@34 {
+ uid_otp: uid-otp@34 {
reg = <0x34 0xc>;
};
- package_otp: package_otp@40 {
+ package_otp: package-otp@40 {
reg = <0x40 0x4>;
};
- hw2_otp: hw2_otp@48 {
+ hw2_otp: hw2-otp@48 {
reg = <0x48 0x4>;
};
ts_cal1: calib@5c {
@@ -485,10 +485,10 @@
ts_cal2: calib@5e {
reg = <0x5e 0x2>;
};
- pkh_otp: pkh_otp@60 {
+ pkh_otp: pkh-otp@60 {
reg = <0x60 0x20>;
};
- mac_addr: mac_addr@e4 {
+ ethernet_mac_address: mac@e4 {
reg = <0xe4 0x8>;
st,non-secure-otp;
};
diff --git a/fdts/stm32mp157c-ed1.dts b/fdts/stm32mp157c-ed1.dts
index 949c929..d7bcc84 100644
--- a/fdts/stm32mp157c-ed1.dts
+++ b/fdts/stm32mp157c-ed1.dts
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause)
/*
- * Copyright (c) 2017-2023, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2017-2024, STMicroelectronics - All Rights Reserved
* Author: Ludovic Barre <ludovic.barre@st.com> for STMicroelectronics.
*/
/dts-v1/;
@@ -31,7 +31,7 @@
};
&bsec {
- board_id: board_id@ec {
+ board_id: board-id@ec {
reg = <0xec 0x4>;
st,non-secure-otp;
};
diff --git a/fdts/stm32mp157c-odyssey-som.dtsi b/fdts/stm32mp157c-odyssey-som.dtsi
index 091e327..a0be718 100644
--- a/fdts/stm32mp157c-odyssey-som.dtsi
+++ b/fdts/stm32mp157c-odyssey-som.dtsi
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2019, STMicroelectronics. All Rights Reserved.
+ * Copyright (C) 2019-2024, STMicroelectronics. All Rights Reserved.
* Copyright (C) 2021, Grzegorz Szymaszek.
*
* SPDX-License-Identifier: (GPL-2.0-or-later OR BSD-3-Clause)
@@ -28,7 +28,7 @@
};
&bsec {
- board_id: board_id@ec {
+ board_id: board-id@ec {
reg = <0xec 0x4>;
st,non-secure-otp;
};
diff --git a/fdts/stm32mp15xx-dhcom-som.dtsi b/fdts/stm32mp15xx-dhcom-som.dtsi
index 7737a44..5138868 100644
--- a/fdts/stm32mp15xx-dhcom-som.dtsi
+++ b/fdts/stm32mp15xx-dhcom-som.dtsi
@@ -2,7 +2,7 @@
/*
* Copyright (C) 2019-2020 Marek Vasut <marex@denx.de>
* Copyright (C) 2022 DH electronics GmbH
- * Copyright (C) 2023, STMicroelectronics - All Rights Reserved
+ * Copyright (C) 2023-2024, STMicroelectronics - All Rights Reserved
*/
#include "stm32mp15-pinctrl.dtsi"
@@ -18,7 +18,7 @@
};
&bsec {
- board_id: board_id@ec {
+ board_id: board-id@ec {
reg = <0xec 0x4>;
st,non-secure-otp;
};
diff --git a/fdts/stm32mp15xx-dkx.dtsi b/fdts/stm32mp15xx-dkx.dtsi
index f8baa9d..d8b7c48 100644
--- a/fdts/stm32mp15xx-dkx.dtsi
+++ b/fdts/stm32mp15xx-dkx.dtsi
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause)
/*
- * Copyright (c) 2019-2022, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2019-2024, STMicroelectronics - All Rights Reserved
* Author: Alexandre Torgue <alexandre.torgue@st.com> for STMicroelectronics.
*/
@@ -29,7 +29,7 @@
};
&bsec {
- board_id: board_id@ec {
+ board_id: board-id@ec {
reg = <0xec 0x4>;
st,non-secure-otp;
};
diff --git a/fdts/stm32mp15xx-osd32.dtsi b/fdts/stm32mp15xx-osd32.dtsi
index 52a5d38..ef4c3c0 100644
--- a/fdts/stm32mp15xx-osd32.dtsi
+++ b/fdts/stm32mp15xx-osd32.dtsi
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: (GPL-2.0-or-later OR BSD-3-Clause) */
/*
- * Copyright (C) 2020 STMicroelectronics - All Rights Reserved
+ * Copyright (C) 2020-2024 STMicroelectronics - All Rights Reserved
* Copyright (C) 2020 Ahmad Fatoum, Pengutronix
*/
@@ -157,7 +157,7 @@
};
&bsec {
- board_id: board_id@ec {
+ board_id: board-id@ec {
reg = <0xec 0x4>;
st,non-secure-otp;
};
diff --git a/fdts/stm32mp251.dtsi b/fdts/stm32mp251.dtsi
index f55a3b9..6e262bb 100644
--- a/fdts/stm32mp251.dtsi
+++ b/fdts/stm32mp251.dtsi
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: (GPL-2.0-or-later OR BSD-3-Clause)
/*
- * Copyright (C) 2023, STMicroelectronics - All Rights Reserved
+ * Copyright (C) 2023-2024, STMicroelectronics - All Rights Reserved
* Author: Alexandre Torgue <alexandre.torgue@foss.st.com> for STMicroelectronics.
*/
@@ -99,6 +99,41 @@
};
};
+ bsec: efuse@44000000 {
+ compatible = "st,stm32mp25-bsec";
+ reg = <0x44000000 0x400>;
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ uid_otp: uid-otp@14 {
+ reg = <0x14 0xc>;
+ };
+ part_number_otp: part-number-otp@24 {
+ reg = <0x24 0x4>;
+ };
+ nand_otp: otp16@40 {
+ reg = <0x40 0x4>;
+ };
+ lifecycle2_otp: otp18@48 {
+ reg = <0x48 0x4>;
+ };
+ nand2_otp: otp20@50 {
+ reg = <0x50 0x4>;
+ };
+ package_otp: package-otp@1e8 {
+ reg = <0x1e8 0x1>;
+ };
+ hconf1_otp: otp124@1f0 {
+ reg = <0x1f0 0x4>;
+ };
+ pkh_otp: otp144@240 {
+ reg = <0x240 0x20>;
+ };
+ oem_fip_enc_key: otp260@410 {
+ reg = <0x410 0x20>;
+ };
+ };
+
rcc: rcc@44200000 {
compatible = "st,stm32mp25-rcc";
reg = <0x44200000 0x10000>;
diff --git a/fdts/stm32mp257f-ev1.dts b/fdts/stm32mp257f-ev1.dts
index b7e92e4..09e83d8 100644
--- a/fdts/stm32mp257f-ev1.dts
+++ b/fdts/stm32mp257f-ev1.dts
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: (GPL-2.0-or-later OR BSD-3-Clause)
/*
- * Copyright (C) 2023, STMicroelectronics - All Rights Reserved
+ * Copyright (C) 2023-2024, STMicroelectronics - All Rights Reserved
* Author: Alexandre Torgue <alexandre.torgue@foss.st.com> for STMicroelectronics.
*/
@@ -29,6 +29,12 @@
};
};
+&bsec {
+ board_id: board-id@3d8 {
+ reg = <0x3d8 0x4>;
+ };
+};
+
&usart2 {
pinctrl-names = "default";
pinctrl-0 = <&usart2_pins_a>;
diff --git a/fdts/cot_descriptors.dtsi b/fdts/tbbr_cot_descriptors.dtsi
similarity index 99%
rename from fdts/cot_descriptors.dtsi
rename to fdts/tbbr_cot_descriptors.dtsi
index 411bae6..ac39e4e 100644
--- a/fdts/cot_descriptors.dtsi
+++ b/fdts/tbbr_cot_descriptors.dtsi
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, ARM Limited. All rights reserved.
+ * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
diff --git a/fdts/tc.dts b/fdts/tc.dts
index 4f27589..b7acb8d 100644
--- a/fdts/tc.dts
+++ b/fdts/tc.dts
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,7 +13,7 @@
#size-cells = <2>;
aliases {
- serial0 = &soc_uart0;
+ serial0 = &ap_ns_uart;
};
chosen {
@@ -327,10 +327,10 @@
clock-output-names = "uartclk";
};
- soc_uart0: uart@7ff80000 {
+ ap_ns_uart: uart@2A400000 {
compatible = "arm,pl011", "arm,primecell";
- reg = <0x0 0x7ff80000 0x0 0x1000>;
- interrupts = <0x0 116 0x4>;
+ reg = <0x0 0x2A400000 0x0 0x1000>;
+ interrupts = <0x0 63 0x4>;
clocks = <&soc_uartclk>, <&soc_refclk100mhz>;
clock-names = "uartclk", "apb_pclk";
status = "okay";
diff --git a/include/arch/aarch32/arch_features.h b/include/arch/aarch32/arch_features.h
index f19c4c2..dd9b7ad 100644
--- a/include/arch/aarch32/arch_features.h
+++ b/include/arch/aarch32/arch_features.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -137,6 +137,7 @@
static inline bool is_feat_ecv_supported(void) { return false; }
static inline bool is_feat_ecv_v2_supported(void) { return false; }
static inline bool is_feat_csv2_2_supported(void) { return false; }
+static inline bool is_feat_csv2_3_supported(void) { return false; }
static inline bool is_feat_ras_supported(void) { return false; }
/* The following features are supported in AArch64 only. */
@@ -147,6 +148,8 @@
static inline bool is_feat_spe_supported(void) { return false; }
static inline bool is_feat_rng_supported(void) { return false; }
static inline bool is_feat_gcs_supported(void) { return false; }
+static inline bool is_feat_mte_supported(void) { return false; }
+static inline bool is_feat_mte2_supported(void) { return false; }
static inline bool is_feat_mpam_supported(void) { return false; }
static inline bool is_feat_hcx_supported(void) { return false; }
static inline bool is_feat_sve_supported(void) { return false; }
diff --git a/include/arch/aarch64/arch.h b/include/arch/aarch64/arch.h
index e9d22b6..b88d6c6 100644
--- a/include/arch/aarch64/arch.h
+++ b/include/arch/aarch64/arch.h
@@ -197,6 +197,7 @@
#define ID_AA64PFR0_CSV2_MASK ULL(0xf)
#define ID_AA64PFR0_CSV2_LENGTH U(4)
#define ID_AA64PFR0_CSV2_2_SUPPORTED ULL(0x2)
+#define ID_AA64PFR0_CSV2_3_SUPPORTED ULL(0x3)
#define ID_AA64PFR0_FEAT_RME_SHIFT U(52)
#define ID_AA64PFR0_FEAT_RME_MASK ULL(0xf)
diff --git a/include/arch/aarch64/arch_features.h b/include/arch/aarch64/arch_features.h
index cf8da5e..60fb522 100644
--- a/include/arch/aarch64/arch_features.h
+++ b/include/arch/aarch64/arch_features.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -89,12 +89,10 @@
ID_AA64PFR1_EL1_BT_MASK) == BTI_IMPLEMENTED;
}
-static inline unsigned int get_armv8_5_mte_support(void)
-{
- return ((read_id_aa64pfr1_el1() >> ID_AA64PFR1_EL1_MTE_SHIFT) &
- ID_AA64PFR1_EL1_MTE_MASK);
-}
-
+CREATE_FEATURE_FUNCS(feat_mte, id_aa64pfr1_el1, ID_AA64PFR1_EL1_MTE_SHIFT,
+ ENABLE_FEAT_MTE)
+CREATE_FEATURE_FUNCS_VER(feat_mte2, read_feat_mte_id_field, MTE_IMPLEMENTED_ELX,
+ ENABLE_FEAT_MTE2)
CREATE_FEATURE_FUNCS(feat_sel2, id_aa64pfr0_el1, ID_AA64PFR0_SEL2_SHIFT,
ENABLE_FEAT_SEL2)
CREATE_FEATURE_FUNCS(feat_twed, id_aa64mmfr1_el1, ID_AA64MMFR1_EL1_TWED_SHIFT,
@@ -191,10 +189,28 @@
return ISOLATE_FIELD(read_id_aa64isar1_el1(), ID_AA64ISAR1_SB_SHIFT);
}
+/*
+ * FEAT_CSV2: Cache Speculation Variant 2. This checks bit fields[56-59]
+ * of id_aa64pfr0_el1 register and can be used to check for below features:
+ * FEAT_CSV2_2: Cache Speculation Variant CSV2_2.
+ * FEAT_CSV2_3: Cache Speculation Variant CSV2_3.
+ * 0b0000 - Feature FEAT_CSV2 is not implemented.
+ * 0b0001 - Feature FEAT_CSV2 is implemented, but FEAT_CSV2_2 and FEAT_CSV2_3
+ * are not implemented.
+ * 0b0010 - Feature FEAT_CSV2_2 is implemented but FEAT_CSV2_3 is not
+ * implemented.
+ * 0b0011 - Feature FEAT_CSV2_3 is implemented.
+ */
+static inline unsigned int read_feat_csv2_id_field(void)
+{
+ return (unsigned int)(read_id_aa64pfr0_el1() >>
+ ID_AA64PFR0_CSV2_SHIFT) & ID_AA64PFR0_CSV2_MASK;
+}
+
-/* FEAT_CSV2_2: Cache Speculation Variant 2 */
-CREATE_FEATURE_FUNCS(feat_csv2, id_aa64pfr0_el1, ID_AA64PFR0_CSV2_SHIFT, 0)
CREATE_FEATURE_FUNCS_VER(feat_csv2_2, read_feat_csv2_id_field,
ID_AA64PFR0_CSV2_2_SUPPORTED, ENABLE_FEAT_CSV2_2)
+CREATE_FEATURE_FUNCS_VER(feat_csv2_3, read_feat_csv2_id_field,
+ ID_AA64PFR0_CSV2_3_SUPPORTED, ENABLE_FEAT_CSV2_3)
/* FEAT_SPE: Statistical Profiling Extension */
CREATE_FEATURE_FUNCS(feat_spe, id_aa64dfr0_el1, ID_AA64DFR0_PMS_SHIFT,
diff --git a/include/arch/aarch64/arch_helpers.h b/include/arch/aarch64/arch_helpers.h
index 6fdc7e8..2d97018 100644
--- a/include/arch/aarch64/arch_helpers.h
+++ b/include/arch/aarch64/arch_helpers.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -464,6 +464,9 @@
DEFINE_SYSREG_RW_FUNCS(cntp_cval_el0)
DEFINE_SYSREG_READ_FUNC(cntpct_el0)
DEFINE_SYSREG_RW_FUNCS(cnthctl_el2)
+DEFINE_SYSREG_RW_FUNCS(cntv_ctl_el0)
+DEFINE_SYSREG_RW_FUNCS(cntv_cval_el0)
+DEFINE_SYSREG_RW_FUNCS(cntkctl_el1)
DEFINE_SYSREG_RW_FUNCS(vtcr_el2)
@@ -480,6 +483,9 @@
#define clr_cntp_ctl_enable(x) ((x) &= ~(U(1) << CNTP_CTL_ENABLE_SHIFT))
#define clr_cntp_ctl_imask(x) ((x) &= ~(U(1) << CNTP_CTL_IMASK_SHIFT))
+DEFINE_SYSREG_RW_FUNCS(tpidr_el0)
+DEFINE_SYSREG_RW_FUNCS(tpidr_el1)
+DEFINE_SYSREG_RW_FUNCS(tpidr_el2)
DEFINE_SYSREG_RW_FUNCS(tpidr_el3)
DEFINE_SYSREG_RW_FUNCS(cntvoff_el2)
@@ -489,7 +495,7 @@
DEFINE_SYSREG_RW_FUNCS(hacr_el2)
DEFINE_SYSREG_RW_FUNCS(hpfar_el2)
-DEFINE_SYSREG_RW_FUNCS(tpidr_el2)
+
DEFINE_SYSREG_RW_FUNCS(dbgvcr32_el2)
DEFINE_RENAME_SYSREG_RW_FUNCS(ich_hcr_el2, ICH_HCR_EL2)
DEFINE_RENAME_SYSREG_RW_FUNCS(ich_vmcr_el2, ICH_VMCR_EL2)
@@ -501,6 +507,16 @@
DEFINE_SYSREG_RW_FUNCS(hstr_el2)
DEFINE_SYSREG_RW_FUNCS(pmcr_el0)
+DEFINE_SYSREG_RW_FUNCS(csselr_el1)
+DEFINE_SYSREG_RW_FUNCS(tpidrro_el0)
+DEFINE_SYSREG_RW_FUNCS(contextidr_el1)
+DEFINE_SYSREG_RW_FUNCS(spsr_abt)
+DEFINE_SYSREG_RW_FUNCS(spsr_und)
+DEFINE_SYSREG_RW_FUNCS(spsr_irq)
+DEFINE_SYSREG_RW_FUNCS(spsr_fiq)
+DEFINE_SYSREG_RW_FUNCS(dacr32_el2)
+DEFINE_SYSREG_RW_FUNCS(ifsr32_el2)
+
/* GICv3 System Registers */
DEFINE_RENAME_SYSREG_RW_FUNCS(icc_sre_el1, ICC_SRE_EL1)
diff --git a/include/arch/aarch64/el3_common_macros.S b/include/arch/aarch64/el3_common_macros.S
index a78837f..26c7578 100644
--- a/include/arch/aarch64/el3_common_macros.S
+++ b/include/arch/aarch64/el3_common_macros.S
@@ -64,9 +64,21 @@
*
* SCR_EL3.EA: Set to one to route External Aborts and SError Interrupts
* to EL3 when executing at any EL.
+ *
+ * SCR_EL3.EEL2: Set to one if S-EL2 is present and enabled.
+ *
+ * NOTE: Modifying EEL2 bit along with EA bit ensures that we mitigate
+ * against ERRATA_V2_3099206.
* ---------------------------------------------------------------------
*/
mov_imm x0, (SCR_RESET_VAL | SCR_EA_BIT | SCR_SIF_BIT)
+#if IMAGE_BL31 && defined(SPD_spmd) && SPMD_SPM_AT_SEL2
+ mrs x1, id_aa64pfr0_el1
+ and x1, x1, #(ID_AA64PFR0_SEL2_MASK << ID_AA64PFR0_SEL2_SHIFT)
+ cbz x1, 1f
+ orr x0, x0, #SCR_EEL2_BIT
+#endif
+1:
msr scr_el3, x0
/* ---------------------------------------------------------------------
diff --git a/include/bl31/interrupt_mgmt.h b/include/bl31/interrupt_mgmt.h
index 21af112..8b9dfb6 100644
--- a/include/bl31/interrupt_mgmt.h
+++ b/include/bl31/interrupt_mgmt.h
@@ -107,10 +107,10 @@
static inline int32_t validate_el3_interrupt_rm(uint32_t x)
{
-#if EL3_EXCEPTION_HANDLING && !(defined(SPD_spmd) && (SPMD_SPM_AT_SEL2 == 1))
+#if EL3_EXCEPTION_HANDLING && SPM_MM
/*
* With EL3 exception handling, EL3 interrupts are always routed to EL3
- * from both Secure and Non-secure, when the SPMC does not live in S-EL2.
+ * from Non-secure and from secure only if SPM_MM is present.
* Therefore INTR_EL3_VALID_RM1 is the only valid routing model.
*/
if (x == INTR_EL3_VALID_RM1)
diff --git a/include/drivers/arm/css/scmi.h b/include/drivers/arm/css/scmi.h
index 356012b..96e1924 100644
--- a/include/drivers/arm/css/scmi.h
+++ b/include/drivers/arm/css/scmi.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -123,6 +123,8 @@
void (*ring_doorbell)(struct scmi_channel_plat_info *plat_info);
/* cookie is unused now. But added for future enhancements. */
void *cookie;
+ /* Delay in micro-seconds while polling the channel status. */
+ uint32_t delay;
} scmi_channel_plat_info_t;
diff --git a/include/drivers/arm/css/sds.h b/include/drivers/arm/css/sds.h
index db4cbaa..ab95775 100644
--- a/include/drivers/arm/css/sds.h
+++ b/include/drivers/arm/css/sds.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -79,12 +79,33 @@
SDS_ACCESS_MODE_CACHED,
} sds_access_mode_t;
-int sds_init(void);
-int sds_struct_exists(unsigned int structure_id);
-int sds_struct_read(uint32_t structure_id, unsigned int fld_off, void *data,
- size_t size, sds_access_mode_t mode);
-int sds_struct_write(uint32_t structure_id, unsigned int fld_off, void *data,
- size_t size, sds_access_mode_t mode);
+/*
+ * The following structure describes a SDS memory region. Its items are used
+ * to track and maintain the state of the memory region reserved for usage
+ * by the SDS framework.
+ *
+ * The base address of the SDS memory region is platform specific. The
+ * SDS description structure must already contain the address when it is
+ * returned by the plat_sds_get_regions() platform API during SDS region
+ * initialization.
+ * The size of the SDS memory region is dynamically discovered during the
+ * initialization of the region and written into the 'size' item of the
+ * SDS description structure.
+ */
+typedef struct {
+ uintptr_t base; /* Pointer to the base of the SDS memory region */
+ size_t size; /* Size of the SDS memory region in bytes */
+} sds_region_desc_t;
+
+/* API to get the platform specific SDS region description(s) */
+sds_region_desc_t *plat_sds_get_regions(unsigned int *region_count);
+
+int sds_init(unsigned int region_id);
+int sds_struct_exists(unsigned int region_id, unsigned int structure_id);
+int sds_struct_read(unsigned int region_id, uint32_t structure_id,
+ unsigned int fld_off, void *data, size_t size, sds_access_mode_t mode);
+int sds_struct_write(unsigned int region_id, uint32_t structure_id,
+ unsigned int fld_off, void *data, size_t size, sds_access_mode_t mode);
#endif /*__ASSEMBLER__ */
#endif /* SDS_H */
diff --git a/include/drivers/cadence/cdns_nand.h b/include/drivers/cadence/cdns_nand.h
index 64ba267..f20627b 100644
--- a/include/drivers/cadence/cdns_nand.h
+++ b/include/drivers/cadence/cdns_nand.h
@@ -198,6 +198,7 @@
#define CNF_OPR_WORK_MODE_RES 3
/* Mini controller common settings register field offsets */
+#define CNF_CMN_SETTINGS_OPR_MASK 0x00000003
#define CNF_CMN_SETTINGS_WR_WUP 20
#define CNF_CMN_SETTINGS_RD_WUP 16
#define CNF_CMN_SETTINGS_DEV16 8
diff --git a/include/drivers/st/bsec.h b/include/drivers/st/bsec.h
index 60dcf3c..4a1517a 100644
--- a/include/drivers/st/bsec.h
+++ b/include/drivers/st/bsec.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2022, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2017-2024, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,13 +13,6 @@
#include <lib/utils_def.h>
/*
- * IP configuration
- */
-#define BSEC_OTP_MASK GENMASK(4, 0)
-#define BSEC_OTP_BANK_SHIFT 5
-#define BSEC_TIMEOUT_VALUE 0xFFFF
-
-/*
* Return status
*/
#define BSEC_OK 0U
@@ -32,98 +25,49 @@
#define BSEC_RETRY 0xFFFFFFF8U
#define BSEC_NOT_SUPPORTED 0xFFFFFFF7U
#define BSEC_WRITE_LOCKED 0xFFFFFFF6U
-#define BSEC_ERROR_INVALID_FVR 0xFFFFFFF5U
-
-/*
- * OTP MODE
- */
-#define BSEC_MODE_OPEN1 0x00U
-#define BSEC_MODE_SECURED 0x01U
-#define BSEC_MODE_OPEN2 0x02U
-#define BSEC_MODE_INVALID 0x04U
-
-/*
- * OTP Lock services definition.
- * Value must corresponding to the bit number in the register.
- * Special case: (bit number << 1) for BSEC3.
- */
-#define BSEC_LOCK_UPPER_OTP 0x00
-#define BSEC_LOCK_GWLOCK 0x01
-#define BSEC_LOCK_DEBUG 0x02
-#define BSEC_LOCK_PROGRAM 0x03
-#define BSEC_LOCK_KVLOCK 0x04
/*
- * Values for struct bsec_config::freq
+ * get BSEC global state: result for bsec_get_secure_state()
+ * @state: global state
+ * [1:0] BSEC state
+ * 00b: Sec Open
+ * 01b: Sec Closed
+ * 11b: Invalid
+ * [8]: Hardware Key set = 1b
*/
-#define FREQ_10_20_MHZ 0x0
-#define FREQ_20_30_MHZ 0x1
-#define FREQ_30_45_MHZ 0x2
-#define FREQ_45_67_MHZ 0x3
-
-/*
- * Device info structure, providing device-specific functions and a means of
- * adding driver-specific state.
- */
-struct bsec_config {
- uint8_t den_lock; /*
- * Debug enable sticky lock
- * 1 debug enable is locked until next reset
- */
-
- /* BSEC2 only */
- uint8_t tread; /* SAFMEM Reading current level default 0 */
- uint8_t pulse_width; /* SAFMEM Programming pulse width default 1 */
- uint8_t freq; /*
- * SAFMEM CLOCK see freq value define
- * default FREQ_45_67_MHZ
- */
- uint8_t power; /* Power up SAFMEM. 1 power up, 0 power off */
- uint8_t prog_lock; /*
- * Programming Sticky lock
- * 1 programming is locked until next reset
- */
- uint8_t upper_otp_lock; /*
- * Shadowing of upper OTP sticky lock
- * 1 shadowing of upper OTP is locked
- * until next reset
- */
-};
+#define BSEC_STATE_SEC_OPEN U(0x0)
+#define BSEC_STATE_SEC_CLOSED U(0x1)
+#define BSEC_STATE_INVALID U(0x3)
+#define BSEC_STATE_MASK GENMASK_32(1, 0)
uint32_t bsec_probe(void);
-uint32_t bsec_get_base(void);
-uint32_t bsec_set_config(struct bsec_config *cfg);
-uint32_t bsec_get_config(struct bsec_config *cfg);
-
-uint32_t bsec_shadow_register(uint32_t otp);
uint32_t bsec_read_otp(uint32_t *val, uint32_t otp);
+uint32_t bsec_shadow_read_otp(uint32_t *val, uint32_t otp);
uint32_t bsec_write_otp(uint32_t val, uint32_t otp);
uint32_t bsec_program_otp(uint32_t val, uint32_t otp);
-uint32_t bsec_permanent_lock_otp(uint32_t otp);
-void bsec_write_debug_conf(uint32_t val);
uint32_t bsec_read_debug_conf(void);
void bsec_write_scratch(uint32_t val);
-uint32_t bsec_read_scratch(void);
-
-uint32_t bsec_get_status(void);
-uint32_t bsec_get_hw_conf(void);
-uint32_t bsec_get_version(void);
-uint32_t bsec_get_id(void);
-uint32_t bsec_get_magic_id(void);
+/* Sticky lock support */
uint32_t bsec_set_sr_lock(uint32_t otp);
uint32_t bsec_read_sr_lock(uint32_t otp, bool *value);
uint32_t bsec_set_sw_lock(uint32_t otp);
uint32_t bsec_read_sw_lock(uint32_t otp, bool *value);
uint32_t bsec_set_sp_lock(uint32_t otp);
uint32_t bsec_read_sp_lock(uint32_t otp, bool *value);
-uint32_t bsec_read_permanent_lock(uint32_t otp, bool *value);
-uint32_t bsec_otp_lock(uint32_t service);
-uint32_t bsec_shadow_read_otp(uint32_t *otp_value, uint32_t word);
+uint32_t bsec_get_secure_state(void);
+static inline bool bsec_mode_is_closed_device(void)
+{
+ return (bsec_get_secure_state() & BSEC_STATE_MASK) == BSEC_STATE_SEC_CLOSED;
+}
+
+#if defined(IMAGE_BL32)
+uint32_t bsec_permanent_lock_otp(uint32_t otp);
uint32_t bsec_check_nsec_access_rights(uint32_t otp);
+#endif
#endif /* BSEC_H */
diff --git a/include/drivers/st/bsec2_reg.h b/include/drivers/st/bsec2_reg.h
index f895020..fa44cf1 100644
--- a/include/drivers/st/bsec2_reg.h
+++ b/include/drivers/st/bsec2_reg.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2022-2024, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -80,22 +80,17 @@
#define GPLOCK_LOCK_SHIFT 4
/* BSEC_OTP_STATUS Register */
-#define BSEC_MODE_STATUS_MASK GENMASK(2, 0)
-#define BSEC_MODE_SECURE_MASK BIT(0)
-#define BSEC_MODE_FULLDBG_MASK BIT(1)
-#define BSEC_MODE_INVALID_MASK BIT(2)
-#define BSEC_MODE_BUSY_MASK BIT(3)
-#define BSEC_MODE_PROGFAIL_MASK BIT(4)
-#define BSEC_MODE_PWR_MASK BIT(5)
-#define BSEC_MODE_BIST1_LOCK_MASK BIT(6)
-#define BSEC_MODE_BIST2_LOCK_MASK BIT(7)
+#define BSEC_OTP_STATUS_SECURE BIT(0)
+#define BSEC_OTP_STATUS_INVALID BIT(2)
+#define BSEC_OTP_STATUS_BUSY BIT(3)
+#define BSEC_OTP_STATUS_PROGFAIL BIT(4)
+#define BSEC_OTP_STATUS_PWRON BIT(5)
/* BSEC_DENABLE Register */
#define BSEC_HDPEN BIT(4)
#define BSEC_SPIDEN BIT(5)
#define BSEC_SPINDEN BIT(6)
#define BSEC_DBGSWGEN BIT(10)
-#define BSEC_DEN_ALL_MSK GENMASK(10, 0)
/* BSEC_FENABLE Register */
#define BSEC_FEN_ALL_MSK GENMASK(14, 0)
diff --git a/include/drivers/st/bsec3_reg.h b/include/drivers/st/bsec3_reg.h
new file mode 100644
index 0000000..177e30b
--- /dev/null
+++ b/include/drivers/st/bsec3_reg.h
@@ -0,0 +1,103 @@
+/*
+ * Copyright (c) 2024, STMicroelectronics - All Rights Reserved
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef BSEC3_REG_H
+#define BSEC3_REG_H
+
+#include <lib/utils_def.h>
+
+/* BSEC REGISTER OFFSET (base relative) */
+#define BSEC_FVR(x) (U(0x000) + 4U * (x))
+#define BSEC_SPLOCK(x) (U(0x800) + 4U * (x))
+#define BSEC_SWLOCK(x) (U(0x840) + 4U * (x))
+#define BSEC_SRLOCK(x) (U(0x880) + 4U * (x))
+#define BSEC_OTPVLDR(x) (U(0x8C0) + 4U * (x))
+#define BSEC_SFSR(x) (U(0x940) + 4U * (x))
+#define BSEC_OTPCR U(0xC04)
+#define BSEC_WDR U(0xC08)
+#define BSEC_SCRATCHR0 U(0xE00)
+#define BSEC_SCRATCHR1 U(0xE04)
+#define BSEC_SCRATCHR2 U(0xE08)
+#define BSEC_SCRATCHR3 U(0xE0C)
+#define BSEC_LOCKR U(0xE10)
+#define BSEC_JTAGINR U(0xE14)
+#define BSEC_JTAGOUTR U(0xE18)
+#define BSEC_DENR U(0xE20)
+#define BSEC_UNMAPR U(0xE24)
+#define BSEC_SR U(0xE40)
+#define BSEC_OTPSR U(0xE44)
+#define BSEC_WRCR U(0xF00)
+#define BSEC_HWCFGR U(0xFF0)
+#define BSEC_VERR U(0xFF4)
+#define BSEC_IPIDR U(0xFF8)
+#define BSEC_SIDR U(0xFFC)
+
+/* BSEC_OTPCR register fields */
+#define BSEC_OTPCR_ADDR_MASK GENMASK_32(8, 0)
+#define BSEC_OTPCR_ADDR_SHIFT U(0)
+#define BSEC_OTPCR_PROG BIT_32(13)
+#define BSEC_OTPCR_PPLOCK BIT_32(14)
+#define BSEC_OTPCR_LASTCID_MASK GENMASK_32(21, 19)
+#define BSEC_OTPCR_LASTCID_SHIFT U(19)
+
+/* BSEC_LOCKR register fields */
+#define BSEC_LOCKR_GWLOCK_MASK BIT_32(0)
+#define BSEC_LOCKR_GWLOCK_SHIFT U(0)
+#define BSEC_LOCKR_DENLOCK_MASK BIT_32(1)
+#define BSEC_LOCKR_DENLOCK_SHIFT U(1)
+#define BSEC_LOCKR_HKLOCK_MASK BIT_32(2)
+#define BSEC_LOCKR_HKLOCK_SHIFT U(2)
+
+/* BSEC_DENR register fields */
+#define BSEC_DENR_LPDBGEN BIT_32(0)
+#define BSEC_DENR_DBGENA BIT_32(1)
+#define BSEC_DENR_NIDENA BIT_32(2)
+#define BSEC_DENR_DEVICEEN BIT_32(3)
+#define BSEC_DENR_HDPEN BIT_32(4)
+#define BSEC_DENR_SPIDENA BIT_32(5)
+#define BSEC_DENR_SPNIDENA BIT_32(6)
+#define BSEC_DENR_DBGSWEN BIT_32(7)
+#define BSEC_DENR_DBGENM BIT_32(8)
+#define BSEC_DENR_NIDENM BIT_32(9)
+#define BSEC_DENR_SPIDENM BIT_32(10)
+#define BSEC_DENR_SPNIDENM BIT_32(11)
+#define BSEC_DENR_CFGSDIS BIT_32(12)
+#define BSEC_DENR_CP15SDIS_MASK GENMASK_32(14, 13)
+#define BSEC_DENR_CP15SDIS_SHIFT U(13)
+#define BSEC_DENR_LPDBGDIS BIT_32(15)
+#define BSEC_DENR_ALL_MSK GENMASK_32(15, 0)
+
+/* BSEC_SR register fields */
+#define BSEC_SR_BUSY BIT_32(0)
+#define BSEC_SR_HVALID BIT_32(1)
+#define BSEC_SR_RNGERR BIT_32(2)
+#define BSEC_SR_HKWW_MASK GENMASK_32(15, 8)
+#define BSEC_SR_HKWW_SHIFT U(8)
+#define BSEC_SR_NVSTATE_MASK GENMASK_32(31, 26)
+#define BSEC_SR_NVSTATE_SHIFT U(26)
+#define BSEC_SR_NVSTATE_OPEN U(0x16)
+#define BSEC_SR_NVSTATE_CLOSED U(0x0D)
+#define BSEC_SR_NVSTATE_OTP_LOCKED U(0x23)
+
+/* BSEC_OTPSR register fields */
+#define BSEC_OTPSR_BUSY BIT_32(0)
+#define BSEC_OTPSR_FUSEOK BIT_32(1)
+#define BSEC_OTPSR_HIDEUP BIT_32(2)
+#define BSEC_OTPSR_OTPNVIR BIT_32(4)
+#define BSEC_OTPSR_OTPERR BIT_32(5)
+#define BSEC_OTPSR_OTPSEC BIT_32(6)
+#define BSEC_OTPSR_PROGFAIL BIT_32(16)
+#define BSEC_OTPSR_DISTURBF BIT_32(17)
+#define BSEC_OTPSR_DEDF BIT_32(18)
+#define BSEC_OTPSR_SECF BIT_32(19)
+#define BSEC_OTPSR_PPLF BIT_32(20)
+#define BSEC_OTPSR_PPLMF BIT_32(21)
+#define BSEC_OTPSR_AMEF BIT_32(22)
+
+/* BSEC_VERR register fields */
+#define BSEC_VERR_MASK GENMASK_32(7, 0)
+
+#endif /* BSEC3_REG_H */
diff --git a/include/drivers/usb_device.h b/include/drivers/usb_device.h
index 8fdb6ae..d4c491c 100644
--- a/include/drivers/usb_device.h
+++ b/include/drivers/usb_device.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2021-2024, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,6 +7,7 @@
#ifndef USB_DEVICE_H
#define USB_DEVICE_H
+#include <stdbool.h>
#include <stdint.h>
#include <lib/utils_def.h>
diff --git a/include/lib/cpus/aarch64/cortex_a35.h b/include/lib/cpus/aarch64/cortex_a35.h
index cef2960..c82b4eb 100644
--- a/include/lib/cpus/aarch64/cortex_a35.h
+++ b/include/lib/cpus/aarch64/cortex_a35.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -12,6 +12,9 @@
/* Cortex-A35 Main ID register for revision 0 */
#define CORTEX_A35_MIDR U(0x410FD040)
+/* L2 Extended Control Register */
+#define CORTEX_A35_L2ECTLR_EL1 S3_1_C11_C0_3
+
/*******************************************************************************
* CPU Extended Control register specific definitions.
* CPUECTLR_EL1 is an implementation-specific register.
diff --git a/include/lib/cpus/aarch64/cortex_a715.h b/include/lib/cpus/aarch64/cortex_a715.h
index 950d02f..366894d 100644
--- a/include/lib/cpus/aarch64/cortex_a715.h
+++ b/include/lib/cpus/aarch64/cortex_a715.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,6 +13,11 @@
#define CORTEX_A715_BHB_LOOP_COUNT U(38)
/*******************************************************************************
+ * CPU Auxiliary Control register 2 specific definitions.
+ ******************************************************************************/
+#define CORTEX_A715_CPUACTLR2_EL1 S3_0_C15_C1_1
+
+/*******************************************************************************
* CPU Extended Control register specific definitions
******************************************************************************/
#define CORTEX_A715_CPUECTLR_EL1 S3_0_C15_C1_4
diff --git a/include/lib/cpus/aarch64/cortex_x3.h b/include/lib/cpus/aarch64/cortex_x3.h
index 4a3ac77..c5f820c 100644
--- a/include/lib/cpus/aarch64/cortex_x3.h
+++ b/include/lib/cpus/aarch64/cortex_x3.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -26,6 +26,11 @@
#define CORTEX_X3_CPUPWRCTLR_EL1_WFE_RET_CTRL_BITS_SHIFT U(7)
/*******************************************************************************
+ * CPU Auxiliary Control register specific definitions.
+ ******************************************************************************/
+#define CORTEX_X3_CPUACTLR_EL1 S3_0_C15_C1_0
+
+/*******************************************************************************
* CPU Auxiliary Control register 2 specific definitions.
******************************************************************************/
#define CORTEX_X3_CPUACTLR2_EL1 S3_0_C15_C1_1
@@ -39,6 +44,11 @@
#define CORTEX_X3_CPUACTLR5_EL1_BIT_56 (ULL(1) << 56)
/*******************************************************************************
+ * CPU Auxiliary Control register 6 specific definitions.
+ ******************************************************************************/
+#define CORTEX_X3_CPUACTLR6_EL1 S3_0_C15_C8_1
+
+/*******************************************************************************
* CPU Extended Control register 2 specific definitions.
******************************************************************************/
#define CORTEX_X3_CPUECTLR2_EL1 S3_0_C15_C1_5
diff --git a/include/lib/el3_runtime/aarch64/context.h b/include/lib/el3_runtime/aarch64/context.h
index f637619..d5bd890 100644
--- a/include/lib/el3_runtime/aarch64/context.h
+++ b/include/lib/el3_runtime/aarch64/context.h
@@ -140,7 +140,7 @@
#define CTX_TIMER_SYSREGS_END CTX_AARCH32_END
#endif /* NS_TIMER_SWITCH */
-#if CTX_INCLUDE_MTE_REGS
+#if ENABLE_FEAT_MTE
#define CTX_TFSRE0_EL1 (CTX_TIMER_SYSREGS_END + U(0x0))
#define CTX_TFSR_EL1 (CTX_TIMER_SYSREGS_END + U(0x8))
#define CTX_RGSR_EL1 (CTX_TIMER_SYSREGS_END + U(0x10))
@@ -150,7 +150,7 @@
#define CTX_MTE_REGS_END (CTX_TIMER_SYSREGS_END + U(0x20))
#else
#define CTX_MTE_REGS_END CTX_TIMER_SYSREGS_END
-#endif /* CTX_INCLUDE_MTE_REGS */
+#endif /* ENABLE_FEAT_MTE */
/*
* End of system registers.
@@ -574,9 +574,6 @@
/*******************************************************************************
* Function prototypes
******************************************************************************/
-void el1_sysregs_context_save(el1_sysregs_t *regs);
-void el1_sysregs_context_restore(el1_sysregs_t *regs);
-
#if CTX_INCLUDE_FPREGS
void fpregs_context_save(fp_regs_t *regs);
void fpregs_context_restore(fp_regs_t *regs);
diff --git a/include/lib/psa/psa/client.h b/include/lib/psa/psa/client.h
index 56fe028..46fac4a 100644
--- a/include/lib/psa/psa/client.h
+++ b/include/lib/psa/psa/client.h
@@ -1,6 +1,5 @@
-
/*
- * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -17,41 +16,57 @@
#ifndef IOVEC_LEN
#define IOVEC_LEN(arr) ((uint32_t)(sizeof(arr)/sizeof(arr[0])))
#endif
+
/*********************** PSA Client Macros and Types *************************/
+
/**
* The version of the PSA Framework API that is being used to build the calling
* firmware. Only part of features of FF-M v1.1 have been implemented. FF-M v1.1
* is compatible with v1.0.
*/
#define PSA_FRAMEWORK_VERSION (0x0101u)
+
/**
* Return value from psa_version() if the requested RoT Service is not present
* in the system.
*/
#define PSA_VERSION_NONE (0u)
+
/**
* The zero-value null handle can be assigned to variables used in clients and
* RoT Services, indicating that there is no current connection or message.
*/
#define PSA_NULL_HANDLE ((psa_handle_t)0)
+
/**
* Tests whether a handle value returned by psa_connect() is valid.
*/
#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t)(handle) > 0)
+
/**
* Converts the handle value returned from a failed call psa_connect() into
* an error code.
*/
#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t)(handle))
+
/**
* Maximum number of input and output vectors for a request to psa_call().
*/
#define PSA_MAX_IOVEC (4u)
+
+/**
+ * The minimum and maximum value that can be passed
+ * as the type parameter in a call to psa_call().
+ */
+#define PSA_CALL_TYPE_MIN (0)
+#define PSA_CALL_TYPE_MAX (INT16_MAX)
+
/**
* An IPC message type that indicates a generic client request.
*/
#define PSA_IPC_CALL (0)
typedef int32_t psa_handle_t;
+
/**
* A read-only input memory region provided to an RoT Service.
*/
@@ -59,6 +74,7 @@
const void *base; /*!< the start address of the memory buffer */
size_t len; /*!< the size in bytes */
} psa_invec;
+
/**
* A writable output memory region provided to an RoT Service.
*/
diff --git a/include/lib/psa/rss_crypto_defs.h b/include/lib/psa/rss_crypto_defs.h
index b8c7426..40d217a 100644
--- a/include/lib/psa/rss_crypto_defs.h
+++ b/include/lib/psa/rss_crypto_defs.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -38,21 +38,28 @@
};
/*
- * Structure used to pack non-pointer types in a call
+ * Structure used to pack non-pointer types in a call to PSA Crypto APIs
*/
struct rss_crypto_pack_iovec {
- psa_key_id_t key_id; /* Key id */
- psa_algorithm_t alg; /* Algorithm */
- uint32_t op_handle; /* Frontend context handle associated
- to a multipart operation */
- uint32_t capacity; /* Key derivation capacity */
- uint32_t ad_length; /* Additional Data length for multipart AEAD */
- uint32_t plaintext_length; /* Plaintext length for multipart AEAD */
- struct rss_crypto_aead_pack_input aead_in; /* Packs AEAD-related inputs */
- uint16_t function_id; /* Used to identify the function in the API dispatcher
- to the service backend. See rss_crypto_func_sid for
- detail */
- uint16_t step; /* Key derivation step */
+ psa_key_id_t key_id; /*!< Key id */
+ psa_algorithm_t alg; /*!< Algorithm */
+ uint32_t op_handle; /*!< Frontend context handle associated to a
+ * multipart operation
+ */
+ uint32_t ad_length; /*!< Additional Data length for multipart AEAD */
+ uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */
+
+ struct rss_crypto_aead_pack_input aead_in; /*!< Packs AEAD-related inputs */
+
+ uint16_t function_id; /*!< Used to identify the function in the
+ * API dispatcher to the service backend
+ * See rss_crypto_func_sid for detail
+ */
+ uint16_t step; /*!< Key derivation step */
+ union {
+ size_t capacity; /*!< Key derivation capacity */
+ uint64_t value; /*!< Key derivation integer for update*/
+ };
};
#endif /* RSS_CRYPTO_DEFS_H */
diff --git a/include/lib/psci/psci_lib.h b/include/lib/psci/psci_lib.h
index 4b244ec..c50f8cb 100644
--- a/include/lib/psci/psci_lib.h
+++ b/include/lib/psci/psci_lib.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -94,6 +94,7 @@
bool psci_is_last_on_cpu_safe(void);
bool psci_are_all_cpus_on_safe(void);
void psci_pwrdown_cpu(unsigned int power_level);
+void psci_do_manage_extensions(void);
#endif /* __ASSEMBLER__ */
diff --git a/include/lib/smccc.h b/include/lib/smccc.h
index 8fd6093..c493105 100644
--- a/include/lib/smccc.h
+++ b/include/lib/smccc.h
@@ -111,6 +111,8 @@
#define SMC_OK ULL(0)
#define SMC_UNK -1
#define SMC_PREEMPTED -2 /* Not defined by the SMCCC */
+#define SMC_DENIED -3 /* Not defined by the SMCCC */
+#define SMC_INVALID_PARAM -4 /* Not defined by the SMCCC */
/* Return codes for Arm Architecture Service SMC calls */
#define SMC_ARCH_CALL_SUCCESS 0
diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h
index 54b184d..c3a88e7 100644
--- a/include/plat/arm/common/arm_def.h
+++ b/include/plat/arm/common/arm_def.h
@@ -150,10 +150,10 @@
#endif /* (SPD_tspd || SPD_opteed || SPD_spmd) && MEASURED_BOOT */
#if ENABLE_RME
-#define ARM_L1_GPT_ADDR_BASE (ARM_DRAM1_BASE + \
+#define ARM_L1_GPT_BASE (ARM_DRAM1_BASE + \
ARM_DRAM1_SIZE - \
ARM_L1_GPT_SIZE)
-#define ARM_L1_GPT_END (ARM_L1_GPT_ADDR_BASE + \
+#define ARM_L1_GPT_END (ARM_L1_GPT_BASE + \
ARM_L1_GPT_SIZE - 1U)
#define ARM_REALM_BASE (ARM_EL3_RMM_SHARED_BASE - \
@@ -343,7 +343,7 @@
#define ARM_MAP_GPT_L1_DRAM MAP_REGION_FLAT( \
- ARM_L1_GPT_ADDR_BASE, \
+ ARM_L1_GPT_BASE, \
ARM_L1_GPT_SIZE, \
MT_MEMORY | MT_RW | EL3_PAS)
@@ -422,7 +422,7 @@
* Map L0_GPT with read and write permissions
*/
#if ENABLE_RME
-#define ARM_MAP_L0_GPT_REGION MAP_REGION_FLAT(ARM_L0_GPT_ADDR_BASE, \
+#define ARM_MAP_L0_GPT_REGION MAP_REGION_FLAT(ARM_L0_GPT_BASE, \
ARM_L0_GPT_SIZE, \
MT_MEMORY | MT_RW | MT_ROOT)
#endif
@@ -533,8 +533,8 @@
* configuration memory, 4KB aligned.
*/
#define ARM_L0_GPT_SIZE (PAGE_SIZE)
-#define ARM_L0_GPT_ADDR_BASE (ARM_FW_CONFIGS_LIMIT)
-#define ARM_L0_GPT_LIMIT (ARM_L0_GPT_ADDR_BASE + ARM_L0_GPT_SIZE)
+#define ARM_L0_GPT_BASE (ARM_FW_CONFIGS_LIMIT)
+#define ARM_L0_GPT_LIMIT (ARM_L0_GPT_BASE + ARM_L0_GPT_SIZE)
#else
#define ARM_L0_GPT_SIZE U(0)
#endif
diff --git a/include/plat/arm/common/arm_sip_svc.h b/include/plat/arm/common/arm_sip_svc.h
index 266092e..a6fd42b 100644
--- a/include/plat/arm/common/arm_sip_svc.h
+++ b/include/plat/arm/common/arm_sip_svc.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2019,2021-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2019,2021-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -42,6 +42,16 @@
#define ARM_SIP_SET_INTERRUPT_PENDING U(0x82000100)
#endif
+/**
+ * Arm SiP Service Call for the SPM to leverage RME to protect a give memory range.
+ * Protected memory range is one whose PAS was made secure.
+ * Unprotect relates to reverting a protect operation.
+ */
+#if SPMD_SPM_AT_SEL2 && ENABLE_RME
+#define PLAT_PROTECT_MEM_SMC64 0xC2000101
+#define PLAT_UNPROTECT_MEM_SMC64 0xC2000102
+#endif
+
/* SiP handler specific to each Arm platform. */
uintptr_t plat_arm_sip_handler(uint32_t smc_fid,
u_register_t x1,
diff --git a/include/plat/arm/common/plat_arm.h b/include/plat/arm/common/plat_arm.h
index 0fb06a6..4c425a7 100644
--- a/include/plat/arm/common/plat_arm.h
+++ b/include/plat/arm/common/plat_arm.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,6 +13,7 @@
#include <lib/bakery_lock.h>
#include <lib/cassert.h>
#include <lib/el3_runtime/cpu_data.h>
+#include <lib/gpt_rme/gpt_rme.h>
#include <lib/spinlock.h>
#include <lib/utils_def.h>
#include <lib/xlat_tables/xlat_tables_compat.h>
@@ -31,6 +32,17 @@
unsigned int nsaid_permissions;
} arm_tzc_regions_info_t;
+typedef struct arm_gpt_info {
+ pas_region_t *pas_region_base;
+ unsigned int pas_region_count;
+ uintptr_t l0_base;
+ uintptr_t l1_base;
+ size_t l0_size;
+ size_t l1_size;
+ gpccr_pps_e pps;
+ gpccr_pgs_e pgs;
+} arm_gpt_info_t;
+
/*******************************************************************************
* Default mapping definition of the TrustZone Controller for ARM standard
* platforms.
@@ -362,6 +374,9 @@
unsigned int plat_arm_calc_core_pos(u_register_t mpidr);
const mmap_region_t *plat_arm_get_mmap(void);
+const arm_gpt_info_t *plat_arm_get_gpt_info(void);
+void arm_gpt_setup(void);
+
/* Allow platform to override psci_pm_ops during runtime */
const plat_psci_ops_t *plat_arm_psci_override_pm_ops(plat_psci_ops_t *ops);
diff --git a/include/plat/arm/css/common/css_def.h b/include/plat/arm/css/common/css_def.h
index f87f857..0aea548 100644
--- a/include/plat/arm/css/common/css_def.h
+++ b/include/plat/arm/css/common/css_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -75,6 +75,7 @@
* The SCMI Channel is placed right after the SDS region
*/
#define CSS_SCMI_PAYLOAD_BASE (PLAT_ARM_SDS_MEM_BASE + PLAT_ARM_SDS_MEM_SIZE_MAX)
+#define CSS_SCMI_PAYLOAD_SIZE_MAX 0x100 /* 2x128 bytes for bidirectional communication */
#define CSS_SCMI_MHU_DB_REG_OFF MHU_CPU_INTR_S_SET_OFFSET
/* Trusted mailbox base address common to all CSS */
diff --git a/include/services/ffa_svc.h b/include/services/ffa_svc.h
index c5f6000..01dbea9 100644
--- a/include/services/ffa_svc.h
+++ b/include/services/ffa_svc.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -24,7 +24,7 @@
/* The macros below are used to identify FFA calls from the SMC function ID */
#define FFA_FNUM_MIN_VALUE U(0x60)
-#define FFA_FNUM_MAX_VALUE U(0x8C)
+#define FFA_FNUM_MAX_VALUE U(0x8E)
#define is_ffa_fid(fid) __extension__ ({ \
__typeof__(fid) _fid = (fid); \
((GET_SMC_NUM(_fid) >= FFA_FNUM_MIN_VALUE) && \
@@ -123,6 +123,8 @@
/* FF-A v1.2 */
#define FFA_FNUM_PARTITION_INFO_GET_REGS U(0x8B)
#define FFA_FNUM_EL3_INTR_HANDLE U(0x8C)
+#define FFA_FNUM_MSG_SEND_DIRECT_REQ2 U(0x8D)
+#define FFA_FNUM_MSG_SEND_DIRECT_RESP2 U(0x8E)
#define FFA_FNUM_CONSOLE_LOG U(0x8A)
@@ -195,6 +197,10 @@
#define FFA_PARTITION_INFO_GET_REGS_SMC64 \
FFA_FID(SMC_64, FFA_FNUM_PARTITION_INFO_GET_REGS)
#define FFA_CONSOLE_LOG_SMC64 FFA_FID(SMC_64, FFA_FNUM_CONSOLE_LOG)
+#define FFA_MSG_SEND_DIRECT_REQ2_SMC64 \
+ FFA_FID(SMC_64, FFA_FNUM_MSG_SEND_DIRECT_REQ2)
+#define FFA_MSG_SEND_DIRECT_RESP2_SMC64 \
+ FFA_FID(SMC_64, FFA_FNUM_MSG_SEND_DIRECT_RESP2)
/*
* FF-A partition properties values.
diff --git a/include/services/oem/chromeos/widevine_smc_handlers.h b/include/services/oem/chromeos/widevine_smc_handlers.h
new file mode 100644
index 0000000..a5251d7
--- /dev/null
+++ b/include/services/oem/chromeos/widevine_smc_handlers.h
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2024, The ChromiumOS Authors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CROS_WIDEVINE_SMC_HANDLERS_H
+#define CROS_WIDEVINE_SMC_HANDLERS_H
+
+#include <lib/smccc.h>
+
+/*******************************************************************************
+ * Defines for CrOS OEM Service queries
+ ******************************************************************************/
+
+/* 0xC300C050 - 0xC300C05F are CrOS OEM service calls */
+#define CROS_OEM_SMC_ID 0xC050
+#define CROS_OEM_SMC_CALL_ID(func_num) \
+ ((SMC_TYPE_FAST << FUNCID_TYPE_SHIFT) | \
+ ((SMC_64) << FUNCID_CC_SHIFT) | (OEN_OEM_START << FUNCID_OEN_SHIFT) | \
+ (CROS_OEM_SMC_ID) | ((func_num) & FUNCID_NUM_MASK))
+
+enum cros_drm_set {
+ CROS_DRM_SET_TPM_AUTH_PUB = 0U,
+ CROS_DRM_SET_HARDWARE_UNIQUE_KEY = 1U,
+ CROS_DRM_SET_ROOT_OF_TRUST = 2U,
+};
+
+/*******************************************************************************
+ * Defines for runtime services func ids
+ ******************************************************************************/
+
+/* Sets the TPM auth public key. The maximum size is 128 bytes.
+ * |x1| is the length of the data, |x2| is the physical address of the data.
+ */
+#define CROS_OEM_SMC_DRM_SET_TPM_AUTH_PUB_FUNC_ID \
+ CROS_OEM_SMC_CALL_ID(CROS_DRM_SET_TPM_AUTH_PUB)
+
+/* Sets the hardware unique key. The maximum size is 32 bytes.
+ * |x1| is the length of the data, |x2| is the physical address of the data.
+ */
+#define CROS_OEM_SMC_DRM_SET_HARDWARE_UNIQUE_KEY_FUNC_ID \
+ CROS_OEM_SMC_CALL_ID(CROS_DRM_SET_HARDWARE_UNIQUE_KEY)
+
+/* Sets the widevine root of trust. The maximum size is 32 bytes.
+ * |x1| is the length of the data, |x2| is the physical address of the data.
+ */
+#define CROS_OEM_SMC_DRM_SET_ROOT_OF_TRUST_FUNC_ID \
+ CROS_OEM_SMC_CALL_ID(CROS_DRM_SET_ROOT_OF_TRUST)
+
+#define is_cros_oem_smc(_call_id) (((_call_id) & 0xFFF0U) == CROS_OEM_SMC_ID)
+
+struct cros_oem_data {
+ uint8_t *buffer;
+ const uint32_t max_length;
+ uint32_t length;
+};
+
+extern struct cros_oem_data cros_oem_tpm_auth_pk;
+
+extern struct cros_oem_data cros_oem_huk;
+
+extern struct cros_oem_data cros_oem_rot;
+
+#endif /* CROS_WIDEVINE_SMC_HANDLERS_H */
diff --git a/include/services/spmd_svc.h b/include/services/spmd_svc.h
index 29dfdad..95f0707 100644
--- a/include/services/spmd_svc.h
+++ b/include/services/spmd_svc.h
@@ -34,7 +34,8 @@
uint64_t x2,
uint64_t x3,
uint64_t x4,
- void *handle);
+ void *handle,
+ uint64_t flags);
#endif /* __ASSEMBLER__ */
#endif /* SPMD_SVC_H */
diff --git a/lib/cpus/aarch64/cortex_a715.S b/lib/cpus/aarch64/cortex_a715.S
index dd4c307..0faa276 100644
--- a/lib/cpus/aarch64/cortex_a715.S
+++ b/lib/cpus/aarch64/cortex_a715.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -26,6 +26,12 @@
wa_cve_2022_23960_bhb_vector_table CORTEX_A715_BHB_LOOP_COUNT, cortex_a715
#endif /* WORKAROUND_CVE_2022_23960 */
+workaround_runtime_start cortex_a715, ERRATUM(2561034), ERRATA_A715_2561034
+ sysreg_bit_set CORTEX_A715_CPUACTLR2_EL1, BIT(26)
+workaround_runtime_end cortex_a715, ERRATUM(2561034), NO_ISB
+
+check_erratum_range cortex_a715, ERRATUM(2561034), CPU_REV(1, 0), CPU_REV(1, 0)
+
workaround_reset_start cortex_a715, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
#if IMAGE_BL31
/*
diff --git a/lib/cpus/aarch64/cortex_a78c.S b/lib/cpus/aarch64/cortex_a78c.S
index 2e6e8b6..0dc34f7 100644
--- a/lib/cpus/aarch64/cortex_a78c.S
+++ b/lib/cpus/aarch64/cortex_a78c.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -72,6 +72,19 @@
check_erratum_range cortex_a78c, ERRATUM(2395411), CPU_REV(0, 1), CPU_REV(0, 2)
+workaround_reset_start cortex_a78c, ERRATUM(2683027), ERRATA_A78C_2683027
+ ldr x0, =0x3
+ msr CORTEX_A78C_IMP_CPUPSELR_EL3, x0
+ ldr x0, =0xEE010F10
+ msr CORTEX_A78C_IMP_CPUPOR_EL3, x0
+ ldr x0, =0xFF1F0FFE
+ msr CORTEX_A78C_IMP_CPUPMR_EL3, x0
+ ldr x0, =0x100000004003FF
+ msr CORTEX_A78C_IMP_CPUPCR_EL3, x0
+workaround_reset_end cortex_a78c, ERRATUM(2683027)
+
+check_erratum_range cortex_a78c, ERRATUM(2683027), CPU_REV(0, 1), CPU_REV(0, 2)
+
workaround_reset_start cortex_a78c, ERRATUM(2743232), ERRATA_A78C_2743232
/* Set CPUACTLR5_EL1[56:55] to 2'b01 */
sysreg_bit_set CORTEX_A78C_ACTLR5_EL1, BIT(55)
diff --git a/lib/cpus/aarch64/cortex_x3.S b/lib/cpus/aarch64/cortex_x3.S
index 7e9a7fc..e5a05fc 100644
--- a/lib/cpus/aarch64/cortex_x3.S
+++ b/lib/cpus/aarch64/cortex_x3.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -33,6 +33,18 @@
check_erratum_ls cortex_x3, ERRATUM(2070301), CPU_REV(1, 2)
+workaround_reset_start cortex_x3, ERRATUM(2266875), ERRATA_X3_2266875
+ sysreg_bit_set CORTEX_X3_CPUACTLR_EL1, BIT(22)
+workaround_reset_end cortex_x3, ERRATUM(2266875)
+
+check_erratum_ls cortex_x3, ERRATUM(2266875), CPU_REV(1, 0)
+
+workaround_runtime_start cortex_x3, ERRATUM(2302506), ERRATA_X3_2302506
+ sysreg_bit_set CORTEX_X3_CPUACTLR2_EL1, BIT(0)
+workaround_runtime_end cortex_x3, ERRATUM(2302506), NO_ISB
+
+check_erratum_ls cortex_x3, ERRATUM(2302506), CPU_REV(1, 1)
+
workaround_runtime_start cortex_x3, ERRATUM(2313909), ERRATA_X3_2313909
sysreg_bit_set CORTEX_X3_CPUACTLR2_EL1, CORTEX_X3_CPUACTLR2_EL1_BIT_36
workaround_runtime_end cortex_x3, ERRATUM(2313909), NO_ISB
@@ -49,6 +61,12 @@
check_erratum_ls cortex_x3, ERRATUM(2615812), CPU_REV(1, 1)
+workaround_runtime_start cortex_x3, ERRATUM(2641945), ERRATA_X3_2641945
+ sysreg_bit_set CORTEX_X3_CPUACTLR6_EL1, BIT(41)
+workaround_runtime_end cortex_x3, ERRATUM(2641945), NO_ISB
+
+check_erratum_ls cortex_x3, ERRATUM(2641945), CPU_REV(1, 0)
+
workaround_reset_start cortex_x3, ERRATUM(2742421), ERRATA_X3_2742421
/* Set CPUACTLR5_EL1[56:55] to 2'b01 */
sysreg_bit_set CORTEX_X3_CPUACTLR5_EL1, CORTEX_X3_CPUACTLR5_EL1_BIT_55
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index 0ad5e78..dcbeba1 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2014-2024, Arm Limited and Contributors. All rights reserved.
# Copyright (c) 2020-2022, NVIDIA Corporation. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
@@ -388,6 +388,10 @@
# to revisions r0p1 and r0p2 of the A78C cpu. It is still open.
CPU_FLAG_LIST += ERRATA_A78C_2395411
+# Flag to apply erratum 2683027 workaround during reset. This erratum applies
+# to revisions r0p1 and r0p2 of the A78C cpu. It is still open.
+CPU_FLAG_LIST += ERRATA_A78C_2683027
+
# Flag to apply erratum 2712575 workaround for non-arm interconnect ip. This
# erratum applies to revisions r0p1 and r0p2 of the A78C cpu.
# It is still open.
@@ -774,6 +778,14 @@
# still open.
CPU_FLAG_LIST += ERRATA_X3_2070301
+# Flag to apply erratum 2266875 workaround during reset. This erratum applies
+# to revisions r0p0 and r1p0 of the Cortex-X3 cpu, it is fixed in r1p1.
+CPU_FLAG_LIST += ERRATA_X3_2266875
+
+# Flag to apply erratum 2302506 workaround during reset. This erratum applies
+# to revisions r0p0, r1p0 and r1p1 of the Cortex-X3 cpu, it is fixed in r1p2.
+CPU_FLAG_LIST += ERRATA_X3_2302506
+
# Flag to apply erratum 2313909 workaround on powerdown. This erratum applies
# to revisions r0p0 and r1p0 of the Cortex-X3 cpu, it is fixed in r1p1.
CPU_FLAG_LIST += ERRATA_X3_2313909
@@ -782,6 +794,10 @@
# to revisions r0p0, r1p0, r1p1 of the Cortex-X3 cpu, it is still open.
CPU_FLAG_LIST += ERRATA_X3_2615812
+# Flag to apply erratum 2641945 workaround on reset. This erratum applies
+# to revisions r0p0 and r1p0 of the Cortex-X3 cpu, it is fixed in r1p1.
+CPU_FLAG_LIST += ERRATA_X3_2641945
+
# Flag to apply erratum 2742421 workaround on reset. This erratum applies
# to revisions r0p0, r1p0 and r1p1 of the Cortex-X3 cpu, it is fixed in r1p2.
CPU_FLAG_LIST += ERRATA_X3_2742421
@@ -887,6 +903,10 @@
# This erratum applies to revisions r0p0, r0p1. Fixed in r0p2.
CPU_FLAG_LIST += ERRATA_V2_2801372
+# Flag to apply erratum 2561034 workaround during reset. This erratum applies
+# only to revision r1p0. It is fixed in r1p1.
+CPU_FLAG_LIST += ERRATA_A715_2561034
+
# Flag to apply erratum 2701951 workaround for non-arm interconnect ip.
# This erratum applies to revisions r0p0, r1p0, and r1p1. Its is fixed in r1p2.
CPU_FLAG_LIST += ERRATA_A715_2701951
diff --git a/lib/el3_runtime/aarch64/context.S b/lib/el3_runtime/aarch64/context.S
index 389c086..76aebf9 100644
--- a/lib/el3_runtime/aarch64/context.S
+++ b/lib/el3_runtime/aarch64/context.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -10,8 +10,6 @@
#include <context.h>
#include <el3_common_macros.S>
- .global el1_sysregs_context_save
- .global el1_sysregs_context_restore
#if CTX_INCLUDE_FPREGS
.global fpregs_context_save
.global fpregs_context_restore
@@ -21,205 +19,6 @@
.global save_and_update_ptw_el1_sys_regs
.global el3_exit
-
-/* ------------------------------------------------------------------
- * The following function strictly follows the AArch64 PCS to use
- * x9-x17 (temporary caller-saved registers) to save EL1 system
- * register context. It assumes that 'x0' is pointing to a
- * 'el1_sys_regs' structure where the register context will be saved.
- * ------------------------------------------------------------------
- */
-func el1_sysregs_context_save
-
- mrs x9, spsr_el1
- mrs x10, elr_el1
- stp x9, x10, [x0, #CTX_SPSR_EL1]
-
-#if !ERRATA_SPECULATIVE_AT
- mrs x15, sctlr_el1
- mrs x16, tcr_el1
- stp x15, x16, [x0, #CTX_SCTLR_EL1]
-#endif /* ERRATA_SPECULATIVE_AT */
-
- mrs x17, cpacr_el1
- mrs x9, csselr_el1
- stp x17, x9, [x0, #CTX_CPACR_EL1]
-
- mrs x10, sp_el1
- mrs x11, esr_el1
- stp x10, x11, [x0, #CTX_SP_EL1]
-
- mrs x12, ttbr0_el1
- mrs x13, ttbr1_el1
- stp x12, x13, [x0, #CTX_TTBR0_EL1]
-
- mrs x14, mair_el1
- mrs x15, amair_el1
- stp x14, x15, [x0, #CTX_MAIR_EL1]
-
- mrs x16, actlr_el1
- mrs x17, tpidr_el1
- stp x16, x17, [x0, #CTX_ACTLR_EL1]
-
- mrs x9, tpidr_el0
- mrs x10, tpidrro_el0
- stp x9, x10, [x0, #CTX_TPIDR_EL0]
-
- mrs x13, par_el1
- mrs x14, far_el1
- stp x13, x14, [x0, #CTX_PAR_EL1]
-
- mrs x15, afsr0_el1
- mrs x16, afsr1_el1
- stp x15, x16, [x0, #CTX_AFSR0_EL1]
-
- mrs x17, contextidr_el1
- mrs x9, vbar_el1
- stp x17, x9, [x0, #CTX_CONTEXTIDR_EL1]
-
- /* Save AArch32 system registers if the build has instructed so */
-#if CTX_INCLUDE_AARCH32_REGS
- mrs x11, spsr_abt
- mrs x12, spsr_und
- stp x11, x12, [x0, #CTX_SPSR_ABT]
-
- mrs x13, spsr_irq
- mrs x14, spsr_fiq
- stp x13, x14, [x0, #CTX_SPSR_IRQ]
-
- mrs x15, dacr32_el2
- mrs x16, ifsr32_el2
- stp x15, x16, [x0, #CTX_DACR32_EL2]
-#endif /* CTX_INCLUDE_AARCH32_REGS */
-
- /* Save NS timer registers if the build has instructed so */
-#if NS_TIMER_SWITCH
- mrs x10, cntp_ctl_el0
- mrs x11, cntp_cval_el0
- stp x10, x11, [x0, #CTX_CNTP_CTL_EL0]
-
- mrs x12, cntv_ctl_el0
- mrs x13, cntv_cval_el0
- stp x12, x13, [x0, #CTX_CNTV_CTL_EL0]
-
- mrs x14, cntkctl_el1
- str x14, [x0, #CTX_CNTKCTL_EL1]
-#endif /* NS_TIMER_SWITCH */
-
- /* Save MTE system registers if the build has instructed so */
-#if CTX_INCLUDE_MTE_REGS
- mrs x15, TFSRE0_EL1
- mrs x16, TFSR_EL1
- stp x15, x16, [x0, #CTX_TFSRE0_EL1]
-
- mrs x9, RGSR_EL1
- mrs x10, GCR_EL1
- stp x9, x10, [x0, #CTX_RGSR_EL1]
-#endif /* CTX_INCLUDE_MTE_REGS */
-
- ret
-endfunc el1_sysregs_context_save
-
-/* ------------------------------------------------------------------
- * The following function strictly follows the AArch64 PCS to use
- * x9-x17 (temporary caller-saved registers) to restore EL1 system
- * register context. It assumes that 'x0' is pointing to a
- * 'el1_sys_regs' structure from where the register context will be
- * restored
- * ------------------------------------------------------------------
- */
-func el1_sysregs_context_restore
-
- ldp x9, x10, [x0, #CTX_SPSR_EL1]
- msr spsr_el1, x9
- msr elr_el1, x10
-
-#if !ERRATA_SPECULATIVE_AT
- ldp x15, x16, [x0, #CTX_SCTLR_EL1]
- msr sctlr_el1, x15
- msr tcr_el1, x16
-#endif /* ERRATA_SPECULATIVE_AT */
-
- ldp x17, x9, [x0, #CTX_CPACR_EL1]
- msr cpacr_el1, x17
- msr csselr_el1, x9
-
- ldp x10, x11, [x0, #CTX_SP_EL1]
- msr sp_el1, x10
- msr esr_el1, x11
-
- ldp x12, x13, [x0, #CTX_TTBR0_EL1]
- msr ttbr0_el1, x12
- msr ttbr1_el1, x13
-
- ldp x14, x15, [x0, #CTX_MAIR_EL1]
- msr mair_el1, x14
- msr amair_el1, x15
-
- ldp x16, x17, [x0, #CTX_ACTLR_EL1]
- msr actlr_el1, x16
- msr tpidr_el1, x17
-
- ldp x9, x10, [x0, #CTX_TPIDR_EL0]
- msr tpidr_el0, x9
- msr tpidrro_el0, x10
-
- ldp x13, x14, [x0, #CTX_PAR_EL1]
- msr par_el1, x13
- msr far_el1, x14
-
- ldp x15, x16, [x0, #CTX_AFSR0_EL1]
- msr afsr0_el1, x15
- msr afsr1_el1, x16
-
- ldp x17, x9, [x0, #CTX_CONTEXTIDR_EL1]
- msr contextidr_el1, x17
- msr vbar_el1, x9
-
- /* Restore AArch32 system registers if the build has instructed so */
-#if CTX_INCLUDE_AARCH32_REGS
- ldp x11, x12, [x0, #CTX_SPSR_ABT]
- msr spsr_abt, x11
- msr spsr_und, x12
-
- ldp x13, x14, [x0, #CTX_SPSR_IRQ]
- msr spsr_irq, x13
- msr spsr_fiq, x14
-
- ldp x15, x16, [x0, #CTX_DACR32_EL2]
- msr dacr32_el2, x15
- msr ifsr32_el2, x16
-#endif /* CTX_INCLUDE_AARCH32_REGS */
-
- /* Restore NS timer registers if the build has instructed so */
-#if NS_TIMER_SWITCH
- ldp x10, x11, [x0, #CTX_CNTP_CTL_EL0]
- msr cntp_ctl_el0, x10
- msr cntp_cval_el0, x11
-
- ldp x12, x13, [x0, #CTX_CNTV_CTL_EL0]
- msr cntv_ctl_el0, x12
- msr cntv_cval_el0, x13
-
- ldr x14, [x0, #CTX_CNTKCTL_EL1]
- msr cntkctl_el1, x14
-#endif /* NS_TIMER_SWITCH */
-
- /* Restore MTE system registers if the build has instructed so */
-#if CTX_INCLUDE_MTE_REGS
- ldp x11, x12, [x0, #CTX_TFSRE0_EL1]
- msr TFSRE0_EL1, x11
- msr TFSR_EL1, x12
-
- ldp x13, x14, [x0, #CTX_RGSR_EL1]
- msr RGSR_EL1, x13
- msr GCR_EL1, x14
-#endif /* CTX_INCLUDE_MTE_REGS */
-
- /* No explict ISB required here as ERET covers it */
- ret
-endfunc el1_sysregs_context_restore
-
/* ------------------------------------------------------------------
* The following function follows the aapcs_64 strictly to use
* x9-x17 (temporary caller-saved registers according to AArch64 PCS)
diff --git a/lib/el3_runtime/aarch64/context_mgmt.c b/lib/el3_runtime/aarch64/context_mgmt.c
index 9ba4d09..922b2cf 100644
--- a/lib/el3_runtime/aarch64/context_mgmt.c
+++ b/lib/el3_runtime/aarch64/context_mgmt.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
* Copyright (c) 2022, NVIDIA Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -123,22 +123,10 @@
scr_el3 |= get_scr_el3_from_routing_model(SECURE);
#endif
-#if !CTX_INCLUDE_MTE_REGS || ENABLE_ASSERTIONS
- /* Get Memory Tagging Extension support level */
- unsigned int mte = get_armv8_5_mte_support();
-#endif
- /*
- * Allow access to Allocation Tags when CTX_INCLUDE_MTE_REGS
- * is set, or when MTE is only implemented at EL0.
- */
-#if CTX_INCLUDE_MTE_REGS
- assert((mte == MTE_IMPLEMENTED_ELX) || (mte == MTE_IMPLEMENTED_ASY));
- scr_el3 |= SCR_ATA_BIT;
-#else
- if (mte == MTE_IMPLEMENTED_EL0) {
+ /* Allow access to Allocation Tags when mte is set*/
+ if (is_feat_mte_supported()) {
scr_el3 |= SCR_ATA_BIT;
}
-#endif /* CTX_INCLUDE_MTE_REGS */
write_ctx_reg(state, CTX_SCR_EL3, scr_el3);
@@ -180,6 +168,7 @@
scr_el3 |= SCR_NS_BIT | SCR_NSE_BIT;
+ /* CSV2 version 2 and above */
if (is_feat_csv2_2_supported()) {
/* Enable access to the SCXTNUM_ELx registers. */
scr_el3 |= SCR_EnSCXT_BIT;
@@ -248,6 +237,7 @@
scr_el3 |= SCR_TERR_BIT;
#endif
+ /* CSV2 version 2 and above */
if (is_feat_csv2_2_supported()) {
/* Enable access to the SCXTNUM_ELx registers. */
scr_el3 |= SCR_EnSCXT_BIT;
@@ -1144,13 +1134,58 @@
}
#endif /* CTX_INCLUDE_MPAM_REGS */
-/* -----------------------------------------------------
+/* ---------------------------------------------------------------------------
* The following registers are not added:
- * AMEVCNTVOFF0<n>_EL2
- * AMEVCNTVOFF1<n>_EL2
* ICH_AP0R<n>_EL2
* ICH_AP1R<n>_EL2
* ICH_LR<n>_EL2
+ *
+ * NOTE: For a system with S-EL2 present but not enabled, accessing
+ * ICC_SRE_EL2 is undefined from EL3. To workaround this change the
+ * SCR_EL3.NS = 1 before accessing this register.
+ * ---------------------------------------------------------------------------
+ */
+static void el2_sysregs_context_save_gic(el2_sysregs_t *ctx)
+{
+#if defined(SPD_spmd) && SPMD_SPM_AT_SEL2
+ write_ctx_reg(ctx, CTX_ICC_SRE_EL2, read_icc_sre_el2());
+#else
+ u_register_t scr_el3 = read_scr_el3();
+ write_scr_el3(scr_el3 | SCR_NS_BIT);
+ isb();
+
+ write_ctx_reg(ctx, CTX_ICC_SRE_EL2, read_icc_sre_el2());
+
+ write_scr_el3(scr_el3);
+ isb();
+
+#endif
+ write_ctx_reg(ctx, CTX_ICH_HCR_EL2, read_ich_hcr_el2());
+ write_ctx_reg(ctx, CTX_ICH_VMCR_EL2, read_ich_vmcr_el2());
+}
+
+static void el2_sysregs_context_restore_gic(el2_sysregs_t *ctx)
+{
+#if defined(SPD_spmd) && SPMD_SPM_AT_SEL2
+ write_icc_sre_el2(read_ctx_reg(ctx, CTX_ICC_SRE_EL2));
+#else
+ u_register_t scr_el3 = read_scr_el3();
+ write_scr_el3(scr_el3 | SCR_NS_BIT);
+ isb();
+
+ write_icc_sre_el2(read_ctx_reg(ctx, CTX_ICC_SRE_EL2));
+
+ write_scr_el3(scr_el3);
+ isb();
+#endif
+ write_ich_hcr_el2(read_ctx_reg(ctx, CTX_ICH_HCR_EL2));
+ write_ich_vmcr_el2(read_ctx_reg(ctx, CTX_ICH_VMCR_EL2));
+}
+
+/* -----------------------------------------------------
+ * The following registers are not added:
+ * AMEVCNTVOFF0<n>_EL2
+ * AMEVCNTVOFF1<n>_EL2
* -----------------------------------------------------
*/
static void el2_sysregs_context_save_common(el2_sysregs_t *ctx)
@@ -1172,22 +1207,6 @@
write_ctx_reg(ctx, CTX_HCR_EL2, read_hcr_el2());
write_ctx_reg(ctx, CTX_HPFAR_EL2, read_hpfar_el2());
write_ctx_reg(ctx, CTX_HSTR_EL2, read_hstr_el2());
-
- /*
- * Set the NS bit to be able to access the ICC_SRE_EL2 register
- * TODO: remove with root context
- */
- u_register_t scr_el3 = read_scr_el3();
-
- write_scr_el3(scr_el3 | SCR_NS_BIT);
- isb();
- write_ctx_reg(ctx, CTX_ICC_SRE_EL2, read_icc_sre_el2());
-
- write_scr_el3(scr_el3);
- isb();
-
- write_ctx_reg(ctx, CTX_ICH_HCR_EL2, read_ich_hcr_el2());
- write_ctx_reg(ctx, CTX_ICH_VMCR_EL2, read_ich_vmcr_el2());
write_ctx_reg(ctx, CTX_MAIR_EL2, read_mair_el2());
write_ctx_reg(ctx, CTX_MDCR_EL2, read_mdcr_el2());
write_ctx_reg(ctx, CTX_SCTLR_EL2, read_sctlr_el2());
@@ -1222,22 +1241,6 @@
write_hcr_el2(read_ctx_reg(ctx, CTX_HCR_EL2));
write_hpfar_el2(read_ctx_reg(ctx, CTX_HPFAR_EL2));
write_hstr_el2(read_ctx_reg(ctx, CTX_HSTR_EL2));
-
- /*
- * Set the NS bit to be able to access the ICC_SRE_EL2 register
- * TODO: remove with root context
- */
- u_register_t scr_el3 = read_scr_el3();
-
- write_scr_el3(scr_el3 | SCR_NS_BIT);
- isb();
- write_icc_sre_el2(read_ctx_reg(ctx, CTX_ICC_SRE_EL2));
-
- write_scr_el3(scr_el3);
- isb();
-
- write_ich_hcr_el2(read_ctx_reg(ctx, CTX_ICH_HCR_EL2));
- write_ich_vmcr_el2(read_ctx_reg(ctx, CTX_ICH_VMCR_EL2));
write_mair_el2(read_ctx_reg(ctx, CTX_MAIR_EL2));
write_mdcr_el2(read_ctx_reg(ctx, CTX_MDCR_EL2));
write_sctlr_el2(read_ctx_reg(ctx, CTX_SCTLR_EL2));
@@ -1267,9 +1270,11 @@
el2_sysregs_ctx = get_el2_sysregs_ctx(ctx);
el2_sysregs_context_save_common(el2_sysregs_ctx);
-#if CTX_INCLUDE_MTE_REGS
- write_ctx_reg(el2_sysregs_ctx, CTX_TFSR_EL2, read_tfsr_el2());
-#endif
+ el2_sysregs_context_save_gic(el2_sysregs_ctx);
+
+ if (is_feat_mte2_supported()) {
+ write_ctx_reg(el2_sysregs_ctx, CTX_TFSR_EL2, read_tfsr_el2());
+ }
#if CTX_INCLUDE_MPAM_REGS
if (is_feat_mpam_supported()) {
@@ -1304,6 +1309,7 @@
write_ctx_reg(el2_sysregs_ctx, CTX_TRFCR_EL2, read_trfcr_el2());
}
+ /* CSV2 version 2 and above */
if (is_feat_csv2_2_supported()) {
write_ctx_reg(el2_sysregs_ctx, CTX_SCXTNUM_EL2, read_scxtnum_el2());
}
@@ -1344,9 +1350,11 @@
el2_sysregs_ctx = get_el2_sysregs_ctx(ctx);
el2_sysregs_context_restore_common(el2_sysregs_ctx);
-#if CTX_INCLUDE_MTE_REGS
- write_tfsr_el2(read_ctx_reg(el2_sysregs_ctx, CTX_TFSR_EL2));
-#endif
+ el2_sysregs_context_restore_gic(el2_sysregs_ctx);
+
+ if (is_feat_mte2_supported()) {
+ write_tfsr_el2(read_ctx_reg(el2_sysregs_ctx, CTX_TFSR_EL2));
+ }
#if CTX_INCLUDE_MPAM_REGS
if (is_feat_mpam_supported()) {
@@ -1380,6 +1388,7 @@
write_trfcr_el2(read_ctx_reg(el2_sysregs_ctx, CTX_TRFCR_EL2));
}
+ /* CSV2 version 2 and above */
if (is_feat_csv2_2_supported()) {
write_scxtnum_el2(read_ctx_reg(el2_sysregs_ctx, CTX_SCXTNUM_EL2));
}
@@ -1435,6 +1444,116 @@
#endif /* CTX_INCLUDE_EL2_REGS */
}
+static void el1_sysregs_context_save(el1_sysregs_t *ctx)
+{
+ write_ctx_reg(ctx, CTX_SPSR_EL1, read_spsr_el1());
+ write_ctx_reg(ctx, CTX_ELR_EL1, read_elr_el1());
+
+#if !ERRATA_SPECULATIVE_AT
+ write_ctx_reg(ctx, CTX_SCTLR_EL1, read_sctlr_el1());
+ write_ctx_reg(ctx, CTX_TCR_EL1, read_tcr_el1());
+#endif /* (!ERRATA_SPECULATIVE_AT) */
+
+ write_ctx_reg(ctx, CTX_CPACR_EL1, read_cpacr_el1());
+ write_ctx_reg(ctx, CTX_CSSELR_EL1, read_csselr_el1());
+ write_ctx_reg(ctx, CTX_SP_EL1, read_sp_el1());
+ write_ctx_reg(ctx, CTX_ESR_EL1, read_esr_el1());
+ write_ctx_reg(ctx, CTX_TTBR0_EL1, read_ttbr0_el1());
+ write_ctx_reg(ctx, CTX_TTBR1_EL1, read_ttbr1_el1());
+ write_ctx_reg(ctx, CTX_MAIR_EL1, read_mair_el1());
+ write_ctx_reg(ctx, CTX_AMAIR_EL1, read_amair_el1());
+ write_ctx_reg(ctx, CTX_ACTLR_EL1, read_actlr_el1());
+ write_ctx_reg(ctx, CTX_TPIDR_EL1, read_tpidr_el1());
+ write_ctx_reg(ctx, CTX_TPIDR_EL0, read_tpidr_el0());
+ write_ctx_reg(ctx, CTX_TPIDRRO_EL0, read_tpidrro_el0());
+ write_ctx_reg(ctx, CTX_PAR_EL1, read_par_el1());
+ write_ctx_reg(ctx, CTX_FAR_EL1, read_far_el1());
+ write_ctx_reg(ctx, CTX_AFSR0_EL1, read_afsr0_el1());
+ write_ctx_reg(ctx, CTX_AFSR1_EL1, read_afsr1_el1());
+ write_ctx_reg(ctx, CTX_CONTEXTIDR_EL1, read_contextidr_el1());
+ write_ctx_reg(ctx, CTX_VBAR_EL1, read_vbar_el1());
+
+#if CTX_INCLUDE_AARCH32_REGS
+ write_ctx_reg(ctx, CTX_SPSR_ABT, read_spsr_abt());
+ write_ctx_reg(ctx, CTX_SPSR_UND, read_spsr_und());
+ write_ctx_reg(ctx, CTX_SPSR_IRQ, read_spsr_irq());
+ write_ctx_reg(ctx, CTX_SPSR_FIQ, read_spsr_fiq());
+ write_ctx_reg(ctx, CTX_DACR32_EL2, read_dacr32_el2());
+ write_ctx_reg(ctx, CTX_IFSR32_EL2, read_ifsr32_el2());
+#endif /* CTX_INCLUDE_AARCH32_REGS */
+
+#if NS_TIMER_SWITCH
+ write_ctx_reg(ctx, CTX_CNTP_CTL_EL0, read_cntp_ctl_el0());
+ write_ctx_reg(ctx, CTX_CNTP_CVAL_EL0, read_cntp_cval_el0());
+ write_ctx_reg(ctx, CTX_CNTV_CTL_EL0, read_cntv_ctl_el0());
+ write_ctx_reg(ctx, CTX_CNTV_CVAL_EL0, read_cntv_cval_el0());
+ write_ctx_reg(ctx, CTX_CNTKCTL_EL1, read_cntkctl_el1());
+#endif /* NS_TIMER_SWITCH */
+
+#if ENABLE_FEAT_MTE
+ write_ctx_reg(ctx, CTX_TFSRE0_EL1, read_tfsre0_el1());
+ write_ctx_reg(ctx, CTX_TFSR_EL1, read_tfsr_el1());
+ write_ctx_reg(ctx, CTX_RGSR_EL1, read_rgsr_el1());
+ write_ctx_reg(ctx, CTX_GCR_EL1, read_gcr_el1());
+#endif /* ENABLE_FEAT_MTE */
+
+}
+
+static void el1_sysregs_context_restore(el1_sysregs_t *ctx)
+{
+ write_spsr_el1(read_ctx_reg(ctx, CTX_SPSR_EL1));
+ write_elr_el1(read_ctx_reg(ctx, CTX_ELR_EL1));
+
+#if !ERRATA_SPECULATIVE_AT
+ write_sctlr_el1(read_ctx_reg(ctx, CTX_SCTLR_EL1));
+ write_tcr_el1(read_ctx_reg(ctx, CTX_TCR_EL1));
+#endif /* (!ERRATA_SPECULATIVE_AT) */
+
+ write_cpacr_el1(read_ctx_reg(ctx, CTX_CPACR_EL1));
+ write_csselr_el1(read_ctx_reg(ctx, CTX_CSSELR_EL1));
+ write_sp_el1(read_ctx_reg(ctx, CTX_SP_EL1));
+ write_esr_el1(read_ctx_reg(ctx, CTX_ESR_EL1));
+ write_ttbr0_el1(read_ctx_reg(ctx, CTX_TTBR0_EL1));
+ write_ttbr1_el1(read_ctx_reg(ctx, CTX_TTBR1_EL1));
+ write_mair_el1(read_ctx_reg(ctx, CTX_MAIR_EL1));
+ write_amair_el1(read_ctx_reg(ctx, CTX_AMAIR_EL1));
+ write_actlr_el1(read_ctx_reg(ctx, CTX_ACTLR_EL1));
+ write_tpidr_el1(read_ctx_reg(ctx, CTX_TPIDR_EL1));
+ write_tpidr_el0(read_ctx_reg(ctx, CTX_TPIDR_EL0));
+ write_tpidrro_el0(read_ctx_reg(ctx, CTX_TPIDRRO_EL0));
+ write_par_el1(read_ctx_reg(ctx, CTX_PAR_EL1));
+ write_far_el1(read_ctx_reg(ctx, CTX_FAR_EL1));
+ write_afsr0_el1(read_ctx_reg(ctx, CTX_AFSR0_EL1));
+ write_afsr1_el1(read_ctx_reg(ctx, CTX_AFSR1_EL1));
+ write_contextidr_el1(read_ctx_reg(ctx, CTX_CONTEXTIDR_EL1));
+ write_vbar_el1(read_ctx_reg(ctx, CTX_VBAR_EL1));
+
+#if CTX_INCLUDE_AARCH32_REGS
+ write_spsr_abt(read_ctx_reg(ctx, CTX_SPSR_ABT));
+ write_spsr_und(read_ctx_reg(ctx, CTX_SPSR_UND));
+ write_spsr_irq(read_ctx_reg(ctx, CTX_SPSR_IRQ));
+ write_spsr_fiq(read_ctx_reg(ctx, CTX_SPSR_FIQ));
+ write_dacr32_el2(read_ctx_reg(ctx, CTX_DACR32_EL2));
+ write_ifsr32_el2(read_ctx_reg(ctx, CTX_IFSR32_EL2));
+#endif /* CTX_INCLUDE_AARCH32_REGS */
+
+#if NS_TIMER_SWITCH
+ write_cntp_ctl_el0(read_ctx_reg(ctx, CTX_CNTP_CTL_EL0));
+ write_cntp_cval_el0(read_ctx_reg(ctx, CTX_CNTP_CVAL_EL0));
+ write_cntv_ctl_el0(read_ctx_reg(ctx, CTX_CNTV_CTL_EL0));
+ write_cntv_cval_el0(read_ctx_reg(ctx, CTX_CNTV_CVAL_EL0));
+ write_cntkctl_el1(read_ctx_reg(ctx, CTX_CNTKCTL_EL1));
+#endif /* NS_TIMER_SWITCH */
+
+#if ENABLE_FEAT_MTE
+ write_tfsre0_el1(read_ctx_reg(ctx, CTX_TFSRE0_EL1));
+ write_tfsr_el1(read_ctx_reg(ctx, CTX_TFSR_EL1));
+ write_rgsr_el1(read_ctx_reg(ctx, CTX_RGSR_EL1));
+ write_gcr_el1(read_ctx_reg(ctx, CTX_GCR_EL1));
+#endif /* ENABLE_FEAT_MTE */
+
+}
+
/*******************************************************************************
* The next four functions are used by runtime services to save and restore
* EL1 context on the 'cpu_context' structure for the specified security
diff --git a/lib/extensions/spe/spe.c b/lib/extensions/spe/spe.c
index 2c25a9d..d1fb182 100644
--- a/lib/extensions/spe/spe.c
+++ b/lib/extensions/spe/spe.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -12,6 +12,14 @@
#include <lib/el3_runtime/pubsub.h>
#include <lib/extensions/spe.h>
+#include <plat/common/platform.h>
+
+typedef struct spe_ctx {
+ u_register_t pmblimitr_el1;
+} spe_ctx_t;
+
+static struct spe_ctx spe_ctxs[PLATFORM_CORE_COUNT];
+
static inline void psb_csync(void)
{
/*
@@ -89,4 +97,35 @@
return (void *)0;
}
+static void *spe_context_save(const void *arg)
+{
+ unsigned int core_pos;
+ struct spe_ctx *ctx;
+
+ if (is_feat_spe_supported()) {
+ core_pos = plat_my_core_pos();
+ ctx = &spe_ctxs[core_pos];
+ ctx->pmblimitr_el1 = read_pmblimitr_el1();
+ }
+
+ return NULL;
+}
+
+static void *spe_context_restore(const void *arg)
+{
+ unsigned int core_pos;
+ struct spe_ctx *ctx;
+
+ if (is_feat_spe_supported()) {
+ core_pos = plat_my_core_pos();
+ ctx = &spe_ctxs[core_pos];
+ write_pmblimitr_el1(ctx->pmblimitr_el1);
+ }
+
+ return NULL;
+}
+
SUBSCRIBE_TO_EVENT(cm_entering_secure_world, spe_drain_buffers_hook);
+
+SUBSCRIBE_TO_EVENT(psci_suspend_pwrdown_start, spe_context_save);
+SUBSCRIBE_TO_EVENT(psci_suspend_pwrdown_finish, spe_context_restore);
diff --git a/lib/fconf/fconf_cot_getter.c b/lib/fconf/fconf_cot_getter.c
index 1033018..b9bc9de 100644
--- a/lib/fconf/fconf_cot_getter.c
+++ b/lib/fconf/fconf_cot_getter.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -237,13 +237,17 @@
* verified by signature and images are verified by hash.
*/
if (type == IMG_CERT) {
- if (root_certificate) {
- oid = NULL;
- } else {
- rc = get_oid(dtb, node, "signing-key", &oid);
- if (rc < 0) {
+ rc = get_oid(dtb, node, "signing-key", &oid);
+ if (rc < 0) {
+ /*
+ * The signing-key property is optional in root
+ * certificates, mandatory otherwise.
+ */
+ if (root_certificate) {
+ oid = NULL;
+ } else {
ERROR("FCONF: Can't read %s property\n",
- "signing-key");
+ "signing-key");
return rc;
}
}
diff --git a/lib/libc/libc.mk b/lib/libc/libc.mk
index 95da68c..03e1fb3 100644
--- a/lib/libc/libc.mk
+++ b/lib/libc/libc.mk
@@ -1,42 +1,11 @@
#
-# Copyright (c) 2016-2021, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2016-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
-
-LIBC_SRCS := $(addprefix lib/libc/, \
- abort.c \
- assert.c \
- exit.c \
- memchr.c \
- memcmp.c \
- memcpy.c \
- memcpy_s.c \
- memmove.c \
- memrchr.c \
- memset.c \
- printf.c \
- putchar.c \
- puts.c \
- snprintf.c \
- strchr.c \
- strcmp.c \
- strlcat.c \
- strlcpy.c \
- strlen.c \
- strncmp.c \
- strnlen.c \
- strrchr.c \
- strtok.c \
- strtoul.c \
- strtoll.c \
- strtoull.c \
- strtol.c)
+#
-ifeq (${ARCH},aarch64)
-LIBC_SRCS += $(addprefix lib/libc/aarch64/, \
- setjmp.S)
-endif
+include lib/libc/libc_common.mk
-INCLUDES += -Iinclude/lib/libc \
- -Iinclude/lib/libc/$(ARCH) \
+LIBC_SRCS += $(addprefix lib/libc/, \
+ memset.c)
diff --git a/lib/libc/libc_asm.mk b/lib/libc/libc_asm.mk
index 2f27265..6d9bb9d 100644
--- a/lib/libc/libc_asm.mk
+++ b/lib/libc/libc_asm.mk
@@ -1,44 +1,15 @@
#
-# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
+# Copyright (c) 2020-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
-LIBC_SRCS := $(addprefix lib/libc/, \
- abort.c \
- assert.c \
- exit.c \
- memchr.c \
- memcmp.c \
- memcpy.c \
- memmove.c \
- memrchr.c \
- printf.c \
- putchar.c \
- puts.c \
- snprintf.c \
- strchr.c \
- strcmp.c \
- strlcat.c \
- strlcpy.c \
- strlen.c \
- strncmp.c \
- strnlen.c \
- strrchr.c \
- strtok.c \
- strtoul.c \
- strtoll.c \
- strtoull.c \
- strtol.c)
+include lib/libc/libc_common.mk
ifeq (${ARCH},aarch64)
LIBC_SRCS += $(addprefix lib/libc/aarch64/, \
- memset.S \
- setjmp.S)
+ memset.S)
else
LIBC_SRCS += $(addprefix lib/libc/aarch32/, \
memset.S)
endif
-
-INCLUDES += -Iinclude/lib/libc \
- -Iinclude/lib/libc/$(ARCH) \
diff --git a/lib/libc/libc_common.mk b/lib/libc/libc_common.mk
new file mode 100644
index 0000000..4879818
--- /dev/null
+++ b/lib/libc/libc_common.mk
@@ -0,0 +1,42 @@
+#
+# Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+LIBC_SRCS := $(addprefix lib/libc/, \
+ abort.c \
+ assert.c \
+ exit.c \
+ memchr.c \
+ memcmp.c \
+ memcpy.c \
+ memcpy_s.c \
+ memmove.c \
+ memrchr.c \
+ printf.c \
+ putchar.c \
+ puts.c \
+ snprintf.c \
+ strchr.c \
+ strcmp.c \
+ strlcat.c \
+ strlcpy.c \
+ strlen.c \
+ strncmp.c \
+ strnlen.c \
+ strrchr.c \
+ strtok.c \
+ strtoul.c \
+ strtoll.c \
+ strtoull.c \
+ strtol.c)
+
+ifeq (${ARCH},aarch64)
+LIBC_SRCS += $(addprefix lib/libc/aarch64/, \
+ setjmp.S)
+endif
+
+INCLUDES += -Iinclude/lib/libc \
+ -Iinclude/lib/libc/$(ARCH) \
+
diff --git a/lib/psci/psci_common.c b/lib/psci/psci_common.c
index f9de432..41c7919 100644
--- a/lib/psci/psci_common.c
+++ b/lib/psci/psci_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -8,12 +8,14 @@
#include <string.h>
#include <arch.h>
+#include <arch_features.h>
#include <arch_helpers.h>
#include <common/bl_common.h>
#include <common/debug.h>
#include <context.h>
#include <drivers/delay_timer.h>
#include <lib/el3_runtime/context_mgmt.h>
+#include <lib/extensions/spe.h>
#include <lib/utils.h>
#include <plat/common/platform.h>
@@ -1164,6 +1166,8 @@
******************************************************************************/
void psci_pwrdown_cpu(unsigned int power_level)
{
+ psci_do_manage_extensions();
+
#if HW_ASSISTED_COHERENCY
/*
* With hardware-assisted coherency, the CPU drivers only initiate the
@@ -1283,3 +1287,20 @@
return true;
}
+
+/*******************************************************************************
+ * This function performs architectural feature specific management.
+ * It ensures the architectural features are disabled during cpu
+ * power off/suspend operations.
+ ******************************************************************************/
+void psci_do_manage_extensions(void)
+{
+ /*
+ * On power down we need to disable statistical profiling extensions
+ * before exiting coherency.
+ */
+ if (is_feat_spe_supported()) {
+ spe_disable();
+ }
+
+}
diff --git a/lib/romlib/Makefile b/lib/romlib/Makefile
index c3ddc5a..f11e577 100644
--- a/lib/romlib/Makefile
+++ b/lib/romlib/Makefile
@@ -1,14 +1,13 @@
#
-# Copyright (c) 2018-2019, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
-AS = $(CROSS_COMPILE)as
-AR = $(CROSS_COMPILE)ar
-LD = $(CROSS_COMPILE)ld
-OC = $(CROSS_COMPILE)objcopy
-CPP = $(CROSS_COMPILE)cpp
+toolchains := aarch64
+
+include ../../make_helpers/toolchain.mk
+
ROMLIB_GEN = ./romlib_generator.py
BUILD_DIR = $(BUILD_PLAT)/romlib
LIB_DIR = $(BUILD_PLAT)/lib
@@ -48,23 +47,23 @@
%.o: %.s
@echo " AS $@"
- $(Q)$(AS) $(ASFLAGS) -o $@ $<
+ $(Q)$(aarch64-as) -c $(ASFLAGS) -o $@ $<
$(BUILD_DIR)/%.o: %.s
@echo " AS $@"
- $(Q)$(AS) $(ASFLAGS) -o $@ $<
+ $(Q)$(aarch64-as) -c $(ASFLAGS) -o $@ $<
$(BUILD_DIR)/romlib.ld: romlib.ld.S
@echo " PP $@"
- $(Q)$(CPP) $(PPFLAGS) -o $@ romlib.ld.S
+ $(Q)$(aarch64-cpp) -E $(PPFLAGS) -o $@ romlib.ld.S
$(BUILD_DIR)/romlib.elf: $(OBJS) $(BUILD_DIR)/romlib.ld
@echo " LD $@"
- $(Q)$(LD) -T $(BUILD_DIR)/romlib.ld -L$(LIB_DIR) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
+ $(Q)$(aarch64-ld) -T $(BUILD_DIR)/romlib.ld -L$(LIB_DIR) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
$(BUILD_DIR)/romlib.bin: $(BUILD_DIR)/romlib.elf
@echo " BIN $@"
- $(Q)$(OC) -O binary $(BUILD_DIR)/romlib.elf $@
+ $(Q)$(aarch64-oc) -O binary $(BUILD_DIR)/romlib.elf $@
$(WRAPPER_DIR)/jmpvar.s: $(BUILD_DIR)/romlib.elf
@echo " VAR $@"
@@ -72,7 +71,7 @@
$(LIB_DIR)/libwrappers.a: $(WRAPPER_DIR)/jmpvar.o $(WRAPPER_OBJS)
@echo " AR $@"
- $(Q)$(AR) -rc $@ $(WRAPPER_DIR)/jmpvar.o $(WRAPPER_OBJS)
+ $(Q)$(aarch64-ar) -rc $@ $(WRAPPER_DIR)/jmpvar.o $(WRAPPER_OBJS)
$(BUILD_DIR)/jmptbl.i: ../../$(PLAT_DIR)/jmptbl.i
@echo " PRE $@"
diff --git a/make_helpers/arch_features.mk b/make_helpers/arch_features.mk
index a337e76..643d550 100644
--- a/make_helpers/arch_features.mk
+++ b/make_helpers/arch_features.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+# Copyright (c) 2022-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -8,65 +8,129 @@
# and enables them based on the configured architecture version.
# This file follows the following format:
-# - Enable mandatory feature if applicable to an Arch Version.
+# - Enable mandatory feature if not updated, as applicable to an Arch Version.
# - By default disable any mandatory features if they have not been defined yet.
# - Disable or enable any optional feature this would be enabled/disabled if needed by platform.
#
################################################################################
-# Enable Mandatory features based on Arch versions.
+# Enable Mandatory features if not updated yet, based on Arch versions.
################################################################################
#
# Enable the features which are mandatory from ARCH version 8.1 and upwards.
ifeq "8.1" "$(word 1, $(sort 8.1 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_PAN := 1
-ENABLE_FEAT_VHE := 1
+armv8-1-a-feats := ENABLE_FEAT_PAN ENABLE_FEAT_VHE
+
+FEAT_LIST := ${armv8-1-a-feats}
endif
# Enable the features which are mandatory from ARCH version 8.2 and upwards.
ifeq "8.2" "$(word 1, $(sort 8.2 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_RAS := 1
+armv8-2-a-feats := ENABLE_FEAT_RAS
+# 8.1 Compliant
+armv8-2-a-feats += ${armv8-1-a-feats}
+
+FEAT_LIST := ${armv8-2-a-feats}
+endif
+
+# Enable the features which are mandatory from ARCH version 8.3 and upwards.
+ifeq "8.3" "$(word 1, $(sort 8.3 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.2 Compliant
+armv8-3-a-feats += ${armv8-2-a-feats}
+
+FEAT_LIST := ${armv8-3-a-feats}
endif
# Enable the features which are mandatory from ARCH version 8.4 and upwards.
ifeq "8.4" "$(word 1, $(sort 8.4 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_SEL2 := 1
-ENABLE_TRF_FOR_NS := 1
-ENABLE_FEAT_DIT := 1
+armv8-4-a-feats := ENABLE_FEAT_SEL2 ENABLE_TRF_FOR_NS ENABLE_FEAT_DIT
+# 8.3 Compliant
+armv8-4-a-feats += ${armv8-3-a-feats}
+
+FEAT_LIST := ${armv8-4-a-feats}
endif
# Enable the features which are mandatory from ARCH version 8.5 and upwards.
ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_RNG := 1
-ENABLE_FEAT_SB := 1
+armv8-5-a-feats := ENABLE_FEAT_RNG ENABLE_FEAT_SB
+# 8.4 Compliant
+armv8-5-a-feats += ${armv8-4-a-feats}
+FEAT_LIST := ${armv8-5-a-feats}
# Enable Memory tagging, Branch Target Identification for aarch64 only.
ifeq ($(ARCH), aarch64)
- mem_tag_arch_support := yes
+ mem_tag_arch_support ?= yes
endif #(ARCH=aarch64)
endif
# Enable the features which are mandatory from ARCH version 8.6 and upwards.
ifeq "8.6" "$(word 1, $(sort 8.6 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_ECV := 1
-ENABLE_FEAT_FGT := 1
+armv8-6-a-feats := ENABLE_FEAT_ECV ENABLE_FEAT_FGT
+# 8.5 Compliant
+armv8-6-a-feats += ${armv8-5-a-feats}
+FEAT_LIST := ${armv8-6-a-feats}
endif
# Enable the features which are mandatory from ARCH version 8.7 and upwards.
ifeq "8.7" "$(word 1, $(sort 8.7 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_HCX := 1
+armv8-7-a-feats := ENABLE_FEAT_HCX
+# 8.6 Compliant
+armv8-7-a-feats += ${armv8-6-a-feats}
+FEAT_LIST := ${armv8-7-a-feats}
+endif
+
+# Enable the features which are mandatory from ARCH version 8.8 and upwards.
+ifeq "8.8" "$(word 1, $(sort 8.8 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.7 Compliant
+armv8-7-a-feats += ${armv8-7-a-feats}
+FEAT_LIST := ${armv8-8-a-feats}
endif
# Enable the features which are mandatory from ARCH version 8.9 and upwards.
ifeq "8.9" "$(word 1, $(sort 8.9 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-ENABLE_FEAT_TCR2 := 1
+armv8-9-a-feats := ENABLE_FEAT_TCR2
+# 8.8 Compliant
+armv8-9-a-feats += ${armv8-8-a-feats}
+FEAT_LIST := ${armv8-9-a-feats}
endif
+# Enable the features which are mandatory from ARCH version 9.0 and upwards.
+ifeq "9.0" "$(word 1, $(sort 9.0 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.5 Compliant
+armv9-0-a-feats += ${armv8-5-a-feats}
+FEAT_LIST := ${armv9-0-a-feats}
+endif
+
+# Enable the features which are mandatory from ARCH version 9.1 and upwards.
+ifeq "9.1" "$(word 1, $(sort 9.1 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.6 and 9.0 Compliant
+armv9-1-a-feats += ${armv8-6-a-feats} ${armv9-0-a-feats}
+FEAT_LIST := ${armv9-1-a-feats}
+endif
+
+# Enable the features which are mandatory from ARCH version 9.2 and upwards.
+ifeq "9.2" "$(word 1, $(sort 9.2 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.7 and 9.1 Compliant
+armv9-2-a-feats += ${armv8-7-a-feats} ${armv9-1-a-feats}
+FEAT_LIST := ${armv9-2-a-feats}
+endif
+
+# Enable the features which are mandatory from ARCH version 9.3 and upwards.
+ifeq "9.3" "$(word 1, $(sort 9.3 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+# 8.8 and 9.2 Compliant
+armv9-3-a-feats += ${armv8-8-a-feats} ${armv9-2-a-feats}
+FEAT_LIST := ${armv9-3-a-feats}
+endif
+
+# Set all FEAT_* in FEAT_LIST to '1' if they are not yet defined or set
+# from build commandline options or platform makefile.
+$(eval $(call default_ones, ${sort ${FEAT_LIST}}))
+
#
################################################################################
-# Set mandatory features by default to zero.
+# Set mandatory features by default to zero, if they are not already updated.
################################################################################
#
@@ -169,6 +233,10 @@
# Flag to enable CSV2_2 extension.
ENABLE_FEAT_CSV2_2 ?= 0
+# Flag to enable CSV2_3 extension. FEAT_CSV2_3 enables access to the
+# SCXTNUM_ELx register.
+ENABLE_FEAT_CSV2_3 ?= 0
+
# By default, disable access of trace system registers from NS lower
# ELs i.e. NS-EL2, or NS-EL1 if NS-EL2 implemented but unused if
# system register trace is implemented. This feature is available if
@@ -239,10 +307,27 @@
# registers, by setting SCR_EL3.TRNDR.
ENABLE_FEAT_RNG_TRAP ?= 0
+# Enable Memory Tagging Extension. This must be set to 1 if the platform wants
+# to use this feature in the Secure world and MTE is enabled at ELX.
+ifeq ($(CTX_INCLUDE_MTE_REGS),1)
+ $(warning CTX_INCLUDE_MTE_REGS option is deprecated use ENABLE_FEAT_MTE, Enabling ENABLE_FEAT_MTE)
+ ENABLE_FEAT_MTE ?= 1
+endif
+ifeq (${ARCH},aarch32)
+ ifneq ($(or $(ENABLE_FEAT_MTE),0),0)
+ $(error ENABLE_FEAT_MTE is not supported for AArch32)
+ endif
+endif
+ENABLE_FEAT_MTE ?= 0
+ENABLE_FEAT_MTE2 ?= 0
+
-# Include Memory Tagging Extension registers in cpu context. This must be set
-# to 1 if the platform wants to use this feature in the Secure world and MTE is
-# enabled at ELX.
-CTX_INCLUDE_MTE_REGS ?= 0
+
+# Add a error message to indicate incorrect MTE2 selection without MTE enabled.
+ifneq ($(ENABLE_FEAT_MTE2),0)
+ ifeq ($(ENABLE_FEAT_MTE),0)
+ $(error ENABLE_FEAT_MTE2 is not supported without enabling ENABLE_FEAT_MTE)
+ endif
+endif
#----
# 8.6
@@ -286,9 +371,6 @@
# 9.0
#----
-# Flag to enable Realm Management Extension (FEAT_RME).
-ENABLE_RME ?= 0
-
# Scalable Matrix Extension for non-secure world.
ENABLE_SME_FOR_NS ?= 0
@@ -314,6 +396,9 @@
# 9.2
#----
+# Flag to enable Realm Management Extension (FEAT_RME).
+ENABLE_RME ?= 0
+
# Scalable Matrix Extension version 2 for non-secure world.
ENABLE_SME2_FOR_NS ?= 0
diff --git a/make_helpers/build_env.mk b/make_helpers/build_env.mk
index 83093bd..a545cd0 100644
--- a/make_helpers/build_env.mk
+++ b/make_helpers/build_env.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2016, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2016-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -47,7 +47,7 @@
endif
endif
endif
- include ${MAKE_HELPERS_DIRECTORY}${ENV_FILE_TO_INCLUDE}
+ include $(dir $(lastword $(MAKEFILE_LIST)))${ENV_FILE_TO_INCLUDE}
ENV_FILE_TO_INCLUDE :=
ifndef SHELL_COPY
diff --git a/make_helpers/build_macros.mk b/make_helpers/build_macros.mk
index 08a6046..a99d516 100644
--- a/make_helpers/build_macros.mk
+++ b/make_helpers/build_macros.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -50,6 +50,18 @@
$(foreach var,$1,$(eval $(call default_zero,$(var))))
endef
+# Convenience function for setting a variable to 1 if not previously set
+# $(eval $(call default_one,FOO))
+define default_one
+ $(eval $(1) ?= 1)
+endef
+
+# Convenience function for setting a list of variables to 1 if not previously set
+# $(eval $(call default_ones,FOO BAR))
+define default_ones
+ $(foreach var,$1,$(eval $(call default_one,$(var))))
+endef
+
# Convenience function for adding build definitions
# $(eval $(call add_define,FOO)) will have:
# -DFOO if $(FOO) is empty; -DFOO=$(FOO) otherwise
@@ -101,14 +113,12 @@
# Convenience function to check for a given linker option. An call to
# $(call ld_option, --no-XYZ) will return --no-XYZ if supported by the linker
-define ld_option
- $(shell if $(LD) $(1) -v >/dev/null 2>&1; then echo $(1); fi )
-endef
+ld_option = $(shell $($(ARCH)-ld) $(1) -Wl,--version >/dev/null 2>&1 || $($(ARCH)-ld) $(1) -v >/dev/null 2>&1 && echo $(1))
# Convenience function to check for a given compiler option. A call to
# $(call cc_option, --no-XYZ) will return --no-XYZ if supported by the compiler
define cc_option
- $(shell if $(CC) $(1) -c -x c /dev/null -o /dev/null >/dev/null 2>&1; then echo $(1); fi )
+ $(shell if $($(ARCH)-cc) $(1) -c -x c /dev/null -o /dev/null >/dev/null 2>&1; then echo $(1); fi )
endef
# CREATE_SEQ is a recursive function to create sequence of numbers from 1 to
@@ -302,7 +312,7 @@
$(OBJ): $(2) $(filter-out %.d,$(MAKEFILE_LIST)) | lib$(3)_dirs
$$(ECHO) " CC $$<"
- $$(Q)$$(CC) $$($(LIB)_CFLAGS) $$(TF_CFLAGS) $$(CFLAGS) $(MAKE_DEP) -c $$< -o $$@
+ $$(Q)$($(ARCH)-cc) $$($(LIB)_CFLAGS) $$(TF_CFLAGS) $$(CFLAGS) $(MAKE_DEP) -c $$< -o $$@
-include $(DEP)
@@ -318,7 +328,7 @@
$(OBJ): $(2) $(filter-out %.d,$(MAKEFILE_LIST)) | lib$(3)_dirs
$$(ECHO) " AS $$<"
- $$(Q)$$(AS) $$(ASFLAGS) $(MAKE_DEP) -c $$< -o $$@
+ $$(Q)$($(ARCH)-as) -x assembler-with-cpp $$(TF_CFLAGS_$(ARCH)) $$(ASFLAGS) $(MAKE_DEP) -c $$< -o $$@
-include $(DEP)
@@ -341,7 +351,7 @@
$(OBJ): $(2) $(filter-out %.d,$(MAKEFILE_LIST)) | $(3)_dirs
$$(ECHO) " CC $$<"
- $$(Q)$$(CC) $$(LTO_CFLAGS) $$(TF_CFLAGS) $$(CFLAGS) $(BL_CPPFLAGS) $(BL_CFLAGS) $(MAKE_DEP) -c $$< -o $$@
+ $$(Q)$($(ARCH)-cc) $$(LTO_CFLAGS) $$(TF_CFLAGS) $$(CFLAGS) $(BL_CPPFLAGS) $(BL_CFLAGS) $(MAKE_DEP) -c $$< -o $$@
-include $(DEP)
@@ -364,7 +374,7 @@
$(OBJ): $(2) $(filter-out %.d,$(MAKEFILE_LIST)) | $(3)_dirs
$$(ECHO) " AS $$<"
- $$(Q)$$(AS) $$(ASFLAGS) $(BL_CPPFLAGS) $(BL_ASFLAGS) $(MAKE_DEP) -c $$< -o $$@
+ $$(Q)$($(ARCH)-as) -x assembler-with-cpp $$(TF_CFLAGS_$(ARCH)) $$(ASFLAGS) $(BL_CPPFLAGS) $(BL_ASFLAGS) $(MAKE_DEP) -c $$< -o $$@
-include $(DEP)
@@ -385,7 +395,7 @@
$(1): $(2) $(filter-out %.d,$(MAKEFILE_LIST)) | $(3)_dirs
$$(ECHO) " PP $$<"
- $$(Q)$$(CPP) $$(CPPFLAGS) $(BL_CPPFLAGS) $(TF_CFLAGS_$(ARCH)) -P -x assembler-with-cpp -D__LINKER__ $(MAKE_DEP) -o $$@ $$<
+ $$(Q)$($(ARCH)-cpp) -E $$(CPPFLAGS) $(BL_CPPFLAGS) $(TF_CFLAGS_$(ARCH)) -P -x assembler-with-cpp -D__LINKER__ $(MAKE_DEP) -o $$@ $$<
-include $(DEP)
@@ -467,7 +477,7 @@
.PHONY : lib${1}_dirs
lib${1}_dirs: | ${BUILD_DIR} ${LIB_DIR} ${ROMLIB_DIR} ${LIBWRAPPER_DIR}
libraries: ${LIB_DIR}/lib$(1).a
-ifneq ($(findstring armlink,$(notdir $(LD))),)
+ifeq ($($(ARCH)-ld-id),arm-link)
LDPATHS = --userlibpath=${LIB_DIR}
LDLIBS += --library=$(1)
else
@@ -483,7 +493,7 @@
${LIB_DIR}/lib$(1).a: $(OBJS)
$$(ECHO) " AR $$@"
- $$(Q)$$(AR) cr $$@ $$?
+ $$(Q)$($(ARCH)-ar) cr $$@ $$?
endef
# Generate the path to one or more preprocessed linker scripts given the paths
@@ -563,22 +573,22 @@
@echo 'const char build_message[] = "Built : "$(BUILD_MESSAGE_TIMESTAMP); \
const char version_string[] = "${VERSION_STRING}"; \
const char version[] = "${VERSION}";' | \
- $$(CC) $$(TF_CFLAGS) $$(CFLAGS) -xc -c - -o $(BUILD_DIR)/build_message.o
+ $($(ARCH)-cc) $$(TF_CFLAGS) $$(CFLAGS) -xc -c - -o $(BUILD_DIR)/build_message.o
endif
-ifneq ($(findstring armlink,$(notdir $(LD))),)
- $$(Q)$$(LD) -o $$@ $$(TF_LDFLAGS) $$(LDFLAGS) $(BL_LDFLAGS) --entry=${1}_entrypoint \
+ifeq ($($(ARCH)-ld-id),arm-link)
+ $$(Q)$($(ARCH)-ld) -o $$@ $$(TF_LDFLAGS) $$(LDFLAGS) $(BL_LDFLAGS) --entry=${1}_entrypoint \
--predefine="-D__LINKER__=$(__LINKER__)" \
--predefine="-DTF_CFLAGS=$(TF_CFLAGS)" \
--map --list="$(MAPFILE)" --scatter=${PLAT_DIR}/scat/${1}.scat \
$(LDPATHS) $(LIBWRAPPER) $(LDLIBS) $(BL_LIBS) \
$(BUILD_DIR)/build_message.o $(OBJS)
-else ifneq ($(findstring gcc,$(notdir $(LD))),)
- $$(Q)$$(LD) -o $$@ $$(TF_LDFLAGS) $$(LDFLAGS) $(BL_LDFLAGS) -Wl,-Map=$(MAPFILE) \
+else ifeq ($($(ARCH)-ld-id),gnu-gcc)
+ $$(Q)$($(ARCH)-ld) -o $$@ $$(TF_LDFLAGS) $$(LDFLAGS) $(BL_LDFLAGS) -Wl,-Map=$(MAPFILE) \
$(addprefix -Wl$(comma)--script$(comma),$(LINKER_SCRIPTS)) -Wl,--script,$(DEFAULT_LINKER_SCRIPT) \
$(BUILD_DIR)/build_message.o \
$(OBJS) $(LDPATHS) $(LIBWRAPPER) $(LDLIBS) $(BL_LIBS)
else
- $$(Q)$$(LD) -o $$@ $$(TF_LDFLAGS) $$(LDFLAGS) $(BL_LDFLAGS) -Map=$(MAPFILE) \
+ $$(Q)$($(ARCH)-ld) -o $$@ $$(TF_LDFLAGS) $$(LDFLAGS) $(BL_LDFLAGS) -Map=$(MAPFILE) \
$(addprefix -T ,$(LINKER_SCRIPTS)) --script $(DEFAULT_LINKER_SCRIPT) \
$(BUILD_DIR)/build_message.o \
$(OBJS) $(LDPATHS) $(LIBWRAPPER) $(LDLIBS) $(BL_LIBS)
@@ -591,11 +601,11 @@
$(DUMP): $(ELF)
$${ECHO} " OD $$@"
- $${Q}$${OD} -dx $$< > $$@
+ $${Q}$($(ARCH)-od) -dx $$< > $$@
$(BIN): $(ELF)
$${ECHO} " BIN $$@"
- $$(Q)$$(OC) -O binary $$< $$@
+ $$(Q)$($(ARCH)-oc) -O binary $$< $$@
@${ECHO_BLANK_LINE}
@echo "Built $$@ successfully"
@${ECHO_BLANK_LINE}
@@ -658,9 +668,9 @@
$(DOBJ): $(2) $(filter-out %.d,$(MAKEFILE_LIST)) | fdt_dirs
$${ECHO} " CPP $$<"
$(eval DTBS := $(addprefix $(1)/,$(call SOURCES_TO_DTBS,$(2))))
- $$(Q)$$(PP) $$(DTC_CPPFLAGS) -MT $(DTBS) -MMD -MF $(DTSDEP) -o $(DPRE) $$<
+ $$(Q)$($(ARCH)-cpp) -E $$(TF_CFLAGS_$(ARCH)) $$(DTC_CPPFLAGS) -MT $(DTBS) -MMD -MF $(DTSDEP) -o $(DPRE) $$<
$${ECHO} " DTC $$<"
- $$(Q)$$(DTC) $$(DTC_FLAGS) -d $(DTBDEP) -o $$@ $(DPRE)
+ $$(Q)$($(ARCH)-dtc) $$(DTC_FLAGS) -d $(DTBDEP) -o $$@ $(DPRE)
-include $(DTBDEP)
-include $(DTSDEP)
diff --git a/make_helpers/march.mk b/make_helpers/march.mk
index 2417709..25bb936 100644
--- a/make_helpers/march.mk
+++ b/make_helpers/march.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2023, Arm Limited. All rights reserved.
+# Copyright (c) 2023-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -21,7 +21,7 @@
# armv8.6-a armv8.7-a armv8.8-a armv8-r armv9-a
# [...]
#
-GCC_MARCH_OUTPUT := $(shell $(CC) -march=foo -Q --help=target -v 2>&1)
+GCC_MARCH_OUTPUT := $(shell $($(ARCH)-cc) -march=foo -Q --help=target -v 2>&1)
# This function is used to find the best march value supported by the given compiler.
# We try to use `GCC_MARCH_OUTPUT` which has verbose message with supported march values we filter that
@@ -54,7 +54,7 @@
provided-march = armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a
endif
-ifeq ($(findstring clang,$(notdir $(CC))),)
+ifeq ($(filter %-clang,$($(ARCH)-cc-id)),)
# We expect from Platform to provide a correct Major/Minor value but expecting something
# from compiler with unsupported march means we shouldn't fail without trying anything,
@@ -82,4 +82,13 @@
march-directive := -march=${provided-march}
+# Set the compiler's architecture feature modifiers
+ifneq ($(arch-features), none)
+ # Strip "none+" from arch-features
+ arch-features := $(subst none+,,$(arch-features))
+ march-directive := $(march-directive)+$(arch-features)
+# Print features
+ $(info Arm Architecture Features specified: $(subst +, ,$(arch-features)))
+endif #(arch-features)
+
endif # MARCH_DIRECTIVE
diff --git a/make_helpers/toolchain.mk b/make_helpers/toolchain.mk
new file mode 100644
index 0000000..7255509
--- /dev/null
+++ b/make_helpers/toolchain.mk
@@ -0,0 +1,343 @@
+#
+# Copyright (c) 2023-2024, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+#
+# TF-A uses three toolchains:
+#
+# - The host toolchain (`host`) for building native tools
+# - The AArch32 toolchain (`aarch32`) for building Arm AArch32 images
+# - The AArch64 toolchain (`aarch64`) for building Arm AArch64 images
+#
+# In the main Makefile only one of the two Arm toolchains is enabled in any
+# given build, but individual tools and libraries may need access to both.
+#
+
+toolchains ?= host $(ARCH)
+
+ifneq ($(filter host,$(toolchains)),)
+ host-cc := $(HOSTCC)
+ host-cpp := $(HOSTCPP)
+
+ host-as := $(HOSTAS)
+
+ host-ld := $(HOSTLD)
+ host-oc := $(HOSTOC)
+ host-od := $(HOSTOD)
+ host-ar := $(HOSTAR)
+
+ host-dtc := $(HOSTDTC)
+endif
+
+ifneq ($(filter aarch32,$(toolchains)),)
+ aarch32-cc := $(if $(filter-out default,$(origin CC)),$(CC))
+ aarch32-cpp := $(if $(filter-out default,$(origin CPP)),$(CPP))
+
+ aarch32-as := $(if $(filter-out default,$(origin AS)),$(AS))
+
+ aarch32-ld := $(if $(filter-out default,$(origin LD)),$(LD))
+ aarch32-oc := $(if $(filter-out default,$(origin OC)),$(OC))
+ aarch32-od := $(if $(filter-out default,$(origin OD)),$(OD))
+ aarch32-ar := $(if $(filter-out default,$(origin AR)),$(AR))
+
+ aarch32-dtc := $(if $(filter-out default,$(origin DTC)),$(DTC))
+endif
+
+ifneq ($(filter aarch64,$(toolchains)),)
+ aarch64-cc := $(if $(filter-out default,$(origin CC)),$(CC))
+ aarch64-cpp := $(if $(filter-out default,$(origin CPP)),$(CPP))
+
+ aarch64-as := $(if $(filter-out default,$(origin AS)),$(AS))
+
+ aarch64-ld := $(if $(filter-out default,$(origin LD)),$(LD))
+ aarch64-oc := $(if $(filter-out default,$(origin OC)),$(OC))
+ aarch64-od := $(if $(filter-out default,$(origin OD)),$(OD))
+ aarch64-ar := $(if $(filter-out default,$(origin AR)),$(AR))
+
+ aarch64-dtc := $(if $(filter-out default,$(origin DTC)),$(DTC))
+endif
+
+include $(dir $(lastword $(MAKEFILE_LIST)))build_env.mk
+include $(addprefix $(dir $(lastword $(MAKEFILE_LIST)))toolchains/, \
+ $(addsuffix .mk,$(toolchains)))
+
+#
+# Configure tool classes that we recognize.
+#
+# In the context of this build system, a tool class identifies a specific role
+# or type of tool in the toolchain.
+#
+
+# C-related tools
+tool-classes := cc # C compilers
+tool-classes += cpp # C preprocessors
+
+# Assembly-related tools
+tool-classes += as # Assemblers
+
+# Linking and object-handling tools
+tool-classes += ld # Linkers
+tool-classes += oc # Object copiers
+tool-classes += od # Object dumpers
+tool-classes += ar # Archivers
+
+# Other tools
+tool-classes += dtc # Device tree compilers
+
+#
+# Configure tools that we recognize.
+#
+# Here we declare the list of specific toolchain tools that we know how to
+# interact with. We don't organize these into tool classes yet - that happens
+# further down.
+#
+
+# Arm Compiler for Embedded
+tools := arm-clang # armclang
+tools += arm-link # armlink
+tools += arm-ar # armar
+tools += arm-fromelf # fromelf
+
+# LLVM Project
+tools += llvm-clang # clang
+tools += llvm-lld # lld
+tools += llvm-objcopy # llvm-objcopy
+tools += llvm-objdump # llvm-objdump
+tools += llvm-ar # llvm-ar
+
+# GNU Compiler Collection & GNU Binary Utilities
+tools += gnu-gcc # gcc
+tools += gnu-ld # ld
+tools += gnu-objcopy # objcopy
+tools += gnu-objdump # objdump
+tools += gnu-ar # gcc-ar
+
+# Other tools
+tools += dtc # Device Tree Compiler
+
+#
+# Assign tools to tool classes.
+#
+# Multifunctional tools, i.e. tools which can perform multiple roles in a
+# toolchain, may be specified in multiple tool class lists. For example, a C
+# compiler which can also perform the role of a linker may be placed in both
+# `tools-cc` and `tools-ld`.
+#
+
+# C-related tools
+tools-cc := arm-clang llvm-clang gnu-gcc # C compilers
+tools-cpp := arm-clang llvm-clang gnu-gcc # C preprocessors
+
+# Assembly-related tools
+tools-as := arm-clang llvm-clang gnu-gcc # Assemblers
+
+# Linking and object-handling tools
+tools-ld := arm-clang arm-link llvm-clang llvm-lld gnu-gcc gnu-ld # Linkers
+tools-oc := arm-fromelf llvm-objcopy gnu-objcopy # Object copiers
+tools-od := arm-fromelf llvm-objdump gnu-objdump # Object dumpers
+tools-ar := arm-ar llvm-ar gnu-ar # Archivers
+
+# Other tools
+tools-dtc := dtc # Device tree compilers
+
+define check-tool-class-tools
+ $(eval tool-class := $(1))
+
+ ifndef tools-$(tool-class)
+ $$(error no tools registered to handle tool class `$(tool-class)`)
+ endif
+endef
+
+$(foreach tool-class,$(tool-classes), \
+ $(eval $(call check-tool-class-tools,$(tool-class))))
+
+#
+# Default tools for each toolchain.
+#
+# Toolchains can specify a default path to any given tool with a tool class.
+# These values are used in the absence of user-specified values, and are
+# configured by the makefile for each toolchain using variables of the form:
+#
+# - $(toolchain)-$(tool-class)-default
+#
+# For example, the default C compiler for the AArch32 and AArch64 toolchains
+# could be configured with:
+#
+# - aarch32-cc-default
+# - aarch64-cc-default
+#
+
+define check-toolchain-tool-class-default
+ $(eval toolchain := $(1))
+ $(eval tool-class := $(2))
+
+ ifndef $(toolchain)-$(tool-class)-default
+ $$(error no default value specified for tool class `$(tool-class)` of toolchain `$(toolchain)`)
+ endif
+endef
+
+define check-toolchain-tool-class-defaults
+ $(eval toolchain := $(1))
+
+ $(foreach tool-class,$(tool-classes), \
+ $(eval $(call check-toolchain-tool-class-default,$(toolchain),$(tool-class))))
+endef
+
+$(foreach toolchain,$(toolchains), \
+ $(eval $(call check-toolchain-tool-class-defaults,$(toolchain))))
+
+#
+# Helper functions to identify toolchain tools.
+#
+# The functions defined in this section return a tool identifier when given a
+# path to a binary. We generally check a help or version string to more reliably
+# identify tools than by looking at the path alone (e.g. `gcc` on macOS is
+# actually Apple Clang).
+#
+# Each tool-guessing function (`guess-tool-$(tool)`) takes a single argument
+# giving the path to the tool to guess, and returns a non-empty value if the
+# tool corresponds to the tool identifier `$(tool)`:
+#
+# $(call guess-tool-llvm-clang,aarch64-none-elf-gcc) # <empty>
+# $(call guess-tool-gnu-gcc,aarch64-none-elf-gcc) # <non-empty>
+#
+# The `guess-tool` function tries to find the corresponding tool identifier
+# for a tool given its path. It takes two arguments:
+#
+# - $(1): a list of candidate tool identifiers to check
+# - $(2): the path to the tool to identify
+#
+# If any of the guess functions corresponding to candidate tool identifiers
+# return a non-empty value then the tool identifier of the first function to do
+# so is returned:
+#
+# $(call guess-tool,gnu-gcc llvm-clang,armclang) # <empty>
+# $(call guess-tool,gnu-gcc llvm-clang,clang-14) # llvm-clang
+# $(call guess-tool,gnu-gcc llvm-clang,aarch64-none-elf-gcc-12) # gnu-gcc
+#
+# Tools are checked in the order that they appear in `tools-$(tool-class)`, and
+# the first match is returned.
+#
+
+# Arm Compiler for Embedded
+guess-tool-arm-clang = $(shell $(1) --version 2>&1 | grep -o "Tool: armclang")
+guess-tool-arm-link = $(shell $(1) --help 2>&1 | grep -o "Tool: armlink")
+guess-tool-arm-fromelf = $(shell $(1) --help 2>&1 | grep -o "Tool: fromelf")
+guess-tool-arm-ar = $(shell $(1) --version 2>&1 | grep -o "Tool: armar")
+
+# LLVM Project
+guess-tool-llvm-clang = $(shell $(1) -v 2>&1 | grep -o "clang version")
+guess-tool-llvm-lld = $(shell $(1) --help 2>&1 | grep -o "OVERVIEW: lld")
+guess-tool-llvm-objcopy = $(shell $(1) --help 2>&1 | grep -o "llvm-objcopy tool")
+guess-tool-llvm-objdump = $(shell $(1) --help 2>&1 | grep -o "llvm object file dumper")
+guess-tool-llvm-ar = $(shell $(1) --help 2>&1 | grep -o "LLVM Archiver")
+
+# GNU Compiler Collection & GNU Binary Utilities
+guess-tool-gnu-gcc = $(shell $(1) -v 2>&1 | grep -o "gcc version")
+guess-tool-gnu-ld = $(shell $(1) -v 2>&1 | grep -o "GNU ld")
+guess-tool-gnu-objcopy = $(shell $(1) --version 2>&1 | grep -o "GNU objcopy")
+guess-tool-gnu-objdump = $(shell $(1) --version 2>&1 | grep -o "GNU objdump")
+guess-tool-gnu-ar = $(shell $(1) --version 2>&1 | grep -o "GNU ar")
+
+# Other tools
+guess-tool-dtc = $(shell $(1) --version 2>&1 | grep -o "Version: DTC")
+
+guess-tool = $(firstword $(foreach candidate,$(1), \
+ $(if $(call guess-tool-$(candidate),$(2)),$(candidate))))
+
+#
+# Locate and identify tools belonging to each toolchain.
+#
+# Each tool class in each toolchain receives a variable of the form
+# `$(toolchain)-$(tool)` giving the associated path to the program. For example:
+#
+# - `aarch64-ld` gives the linker for the AArch64 toolchain,
+# - `aarch32-oc` gives the object copier for the AArch32 toolchain, and
+# - `host-cc` gives the C compiler for the host toolchain.
+#
+# For each of these variables, if no program path is explicitly provided by the
+# parent Makefile then the C compiler is queried (if supported) for its
+# location. This is done via the `guess-$(tool)-$(tool-class)` set of functions.
+# For example:
+#
+# - `guess-arm-clang-ld` guesses the linker via Arm Clang,
+# - `guess-llvm-clang-as` guesses the assembler via LLVM Clang, and
+# - `guess-gnu-gcc-od` guesses the object dumper via GNU GCC.
+#
+# If the C compiler cannot provide the location (or the tool class is the C
+# compiler), then it is assigned the value of the `$(toolchain)-$(tool)-default`
+# variable.
+#
+
+guess-arm-clang-cpp = $(1) # Use the C compiler
+guess-arm-clang-as = $(1) # Use the C compiler
+guess-arm-clang-ld = # Fall back to `$(toolchain)-ld-default`
+guess-arm-clang-oc = # Fall back to `$(toolchain)-oc-default`
+guess-arm-clang-od = # Fall back to `$(toolchain)-od-default`
+guess-arm-clang-ar = # Fall back to `$(toolchain)-ar-default`
+
+guess-llvm-clang-cpp = $(1) # Use the C compiler
+guess-llvm-clang-as = $(1) # Use the C compiler
+guess-llvm-clang-ld = $(shell $(1) --print-prog-name ld.lld 2>$(nul))
+guess-llvm-clang-oc = $(shell $(1) --print-prog-name llvm-objcopy 2>$(nul))
+guess-llvm-clang-od = $(shell $(1) --print-prog-name llvm-objdump 2>$(nul))
+guess-llvm-clang-ar = $(shell $(1) --print-prog-name llvm-ar 2>$(nul))
+
+guess-gnu-gcc-cpp = $(1) # Use the C compiler
+guess-gnu-gcc-as = $(1) # Use the C compiler
+guess-gnu-gcc-ld = $(if $(filter 1,$(ENABLE_LTO)),$(1),$(shell $(1) --print-prog-name ld.bfd 2>$(nul)))
+guess-gnu-gcc-oc = $(shell $(1) --print-prog-name objcopy 2>$(nul))
+guess-gnu-gcc-od = $(shell $(1) --print-prog-name objdump 2>$(nul))
+guess-gnu-gcc-ar = $(patsubst %$(notdir $(1)),%$(subst gcc,gcc-ar,$(notdir $(1))),$(1))
+
+define locate-toolchain-tool-cc
+ $(eval toolchain := $(1))
+
+ $(toolchain)-cc := $$(strip \
+ $$(or $$($(toolchain)-cc),$$($(toolchain)-cc-default)))
+ $(toolchain)-cc-id := $$(strip \
+ $$(call guess-tool,$$(tools-cc),$$($(toolchain)-cc)))
+endef
+
+define locate-toolchain-tool
+ $(eval toolchain := $(1))
+ $(eval tool-class := $(2))
+
+ ifndef $(toolchain)-$(tool-class)
+ $(toolchain)-$(tool-class) := $$(strip \
+ $$(call guess-$$($(toolchain)-cc-id)-$(tool-class),$$($(toolchain)-cc)))
+
+ ifeq ($$($(toolchain)-$(tool-class)),)
+ $(toolchain)-$(tool-class) := $$(strip \
+ $$($(toolchain)-$(tool-class)-default))
+ endif
+ endif
+
+ $(toolchain)-$(tool-class)-id := $$(strip \
+ $$(call guess-tool,$$(tools-$(tool-class)),$$($$(toolchain)-$(tool-class))))
+endef
+
+define canonicalize-toolchain-tool-path
+ $(eval toolchain := $(1))
+ $(eval tool-class := $(2))
+
+ $(toolchain)-$(tool-class) := $$(strip $$(or \
+ $$(call which,$$($(toolchain)-$(tool-class))), \
+ $$($(toolchain)-$(tool-class))))
+endef
+
+define locate-toolchain
+ $(eval toolchain := $(1))
+
+ $$(eval $$(call locate-toolchain-tool-cc,$(toolchain)))
+ $$(eval $$(call canonicalize-toolchain-tool-path,$(toolchain),cc))
+
+ $$(foreach tool-class,$$(filter-out cc,$$(tool-classes)), \
+ $$(eval $$(call locate-toolchain-tool,$(toolchain),$$(tool-class))) \
+ $$(eval $$(call canonicalize-toolchain-tool-path,$(toolchain),$$(tool-class))))
+endef
+
+$(foreach toolchain,$(toolchains), \
+ $(eval $(call locate-toolchain,$(toolchain))))
diff --git a/make_helpers/toolchains/aarch32.mk b/make_helpers/toolchains/aarch32.mk
new file mode 100644
index 0000000..226bc75
--- /dev/null
+++ b/make_helpers/toolchains/aarch32.mk
@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2023-2024, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+aarch32-cc-default := $(or $(CROSS_COMPILE),arm-none-eabi-)gcc
+aarch32-cpp-default := $(or $(CROSS_COMPILE),arm-none-eabi-)gcc
+aarch32-as-default := $(or $(CROSS_COMPILE),arm-none-eabi-)gcc
+aarch32-ld-default := $(or $(CROSS_COMPILE),arm-none-eabi-)ld.bfd
+aarch32-oc-default := $(or $(CROSS_COMPILE),arm-none-eabi-)objcopy
+aarch32-od-default := $(or $(CROSS_COMPILE),arm-none-eabi-)objdump
+aarch32-ar-default := $(or $(CROSS_COMPILE),arm-none-eabi-)gcc-ar
+aarch32-dtc-default := dtc
diff --git a/make_helpers/toolchains/aarch64.mk b/make_helpers/toolchains/aarch64.mk
new file mode 100644
index 0000000..15c5757
--- /dev/null
+++ b/make_helpers/toolchains/aarch64.mk
@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2023-2024, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+aarch64-cc-default := $(or $(CROSS_COMPILE),aarch64-none-elf-)gcc
+aarch64-cpp-default := $(or $(CROSS_COMPILE),aarch64-none-elf-)gcc
+aarch64-as-default := $(or $(CROSS_COMPILE),aarch64-none-elf-)gcc
+aarch64-ld-default := $(or $(CROSS_COMPILE),aarch64-none-elf-)ld.bfd
+aarch64-oc-default := $(or $(CROSS_COMPILE),aarch64-none-elf-)objcopy
+aarch64-od-default := $(or $(CROSS_COMPILE),aarch64-none-elf-)objdump
+aarch64-ar-default := $(or $(CROSS_COMPILE),aarch64-none-elf-)gcc-ar
+aarch64-dtc-default := dtc
diff --git a/make_helpers/toolchains/host.mk b/make_helpers/toolchains/host.mk
new file mode 100644
index 0000000..fe3fc1c
--- /dev/null
+++ b/make_helpers/toolchains/host.mk
@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2023, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+host-cc-default := gcc
+host-cpp-default := gcc
+host-as-default := gcc
+host-ld-default := gcc
+host-oc-default := objcopy
+host-od-default := objdump
+host-ar-default := gcc-ar
+host-dtc-default := dtc
diff --git a/make_helpers/toolchains/rk3399-m0.mk b/make_helpers/toolchains/rk3399-m0.mk
new file mode 100644
index 0000000..c61b6e8
--- /dev/null
+++ b/make_helpers/toolchains/rk3399-m0.mk
@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+rk3399-m0-cc-default := $(or $(M0_CROSS_COMPILE),arm-none-eabi-)gcc
+rk3399-m0-cpp-default := $(or $(M0_CROSS_COMPILE),arm-none-eabi-)gcc
+rk3399-m0-as-default := $(or $(M0_CROSS_COMPILE),arm-none-eabi-)gcc
+rk3399-m0-ld-default := $(or $(M0_CROSS_COMPILE),arm-none-eabi-)ld.bfd
+rk3399-m0-oc-default := $(or $(M0_CROSS_COMPILE),arm-none-eabi-)objcopy
+rk3399-m0-od-default := $(or $(M0_CROSS_COMPILE),arm-none-eabi-)objdump
+rk3399-m0-ar-default := $(or $(M0_CROSS_COMPILE),arm-none-eabi-)gcc-ar
+rk3399-m0-dtc-default := dtc
diff --git a/make_helpers/unix.mk b/make_helpers/unix.mk
index 545ddfd..d285799 100644
--- a/make_helpers/unix.mk
+++ b/make_helpers/unix.mk
@@ -57,4 +57,7 @@
-${Q}rm -rf "${1}"
endef
+ nul := /dev/null
+
+ which = $(shell which $(1) 2>$(nul))
endif
diff --git a/make_helpers/windows.mk b/make_helpers/windows.mk
index ac0f940..7ed8e84 100644
--- a/make_helpers/windows.mk
+++ b/make_helpers/windows.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2016-2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2016-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -68,6 +68,9 @@
-@if exist "$(tmp_dir)" rd /Q /S "$(tmp_dir)"
endef
+ nul := nul
+
+ which = $(shell where $(1) 2>$(nul))
endif
# Because git is not available from CMD.EXE, we need to avoid
@@ -85,8 +88,7 @@
define MAKE_BUILD_STRINGS
$$(file >$1.in,$$(TF_CFLAGS) $$(CFLAGS))
@echo $$(BUILT_TIME_DATE_STRING) $$(VERSION_STRING_MESSAGE) $$(VERSION_MESSAGE) | \
- $$(CC) @$1.in -x c -c - -o $1
+ $($(ARCH)-cc) @$1.in -x c -c - -o $1
endef
MSVC_NMAKE := nmake.exe
-
diff --git a/plat/amlogic/axg/platform.mk b/plat/amlogic/axg/platform.mk
index 3560b0c..64b35d6 100644
--- a/plat/amlogic/axg/platform.mk
+++ b/plat/amlogic/axg/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2020, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2020-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -41,9 +41,9 @@
${GIC_SOURCES}
# Tune compiler for Cortex-A53
-ifeq ($(notdir $(CC)),armclang)
+ifeq ($($(ARCH)-cc-id),arm-clang)
TF_CFLAGS_aarch64 += -mcpu=cortex-a53
-else ifneq ($(findstring clang,$(notdir $(CC))),)
+else ifneq ($(filter %-clang,$($(ARCH)-cc-id)),)
TF_CFLAGS_aarch64 += -mcpu=cortex-a53
else
TF_CFLAGS_aarch64 += -mtune=cortex-a53
@@ -92,4 +92,3 @@
${BUILD_PLAT}/bl31.img: ${BUILD_PLAT}/bl31.bin ${DOIMAGETOOL}
${DOIMAGETOOL} ${BUILD_PLAT}/bl31.bin ${BUILD_PLAT}/bl31.img
-
diff --git a/plat/amlogic/g12a/platform.mk b/plat/amlogic/g12a/platform.mk
index b0c91b0..799e106 100644
--- a/plat/amlogic/g12a/platform.mk
+++ b/plat/amlogic/g12a/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2019, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2019-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -41,9 +41,9 @@
${GIC_SOURCES}
# Tune compiler for Cortex-A53
-ifeq ($(notdir $(CC)),armclang)
+ifeq ($($(ARCH)-cc-id),arm-clang)
TF_CFLAGS_aarch64 += -mcpu=cortex-a53
-else ifneq ($(findstring clang,$(notdir $(CC))),)
+else ifneq ($(filter %-clang,$($(ARCH)-cc-id)),)
TF_CFLAGS_aarch64 += -mcpu=cortex-a53
else
TF_CFLAGS_aarch64 += -mtune=cortex-a53
@@ -88,4 +88,3 @@
${BUILD_PLAT}/bl31.img: ${BUILD_PLAT}/bl31.bin ${DOIMAGETOOL}
${DOIMAGETOOL} ${BUILD_PLAT}/bl31.bin ${BUILD_PLAT}/bl31.img
-
diff --git a/plat/amlogic/gxbb/platform.mk b/plat/amlogic/gxbb/platform.mk
index 62384d2..fbebd3e 100644
--- a/plat/amlogic/gxbb/platform.mk
+++ b/plat/amlogic/gxbb/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -37,9 +37,9 @@
${GIC_SOURCES}
# Tune compiler for Cortex-A53
-ifeq ($(notdir $(CC)),armclang)
+ifeq ($($(ARCH)-cc-id),arm-clang)
TF_CFLAGS_aarch64 += -mcpu=cortex-a53
-else ifneq ($(findstring clang,$(notdir $(CC))),)
+else ifneq ($(filter %-clang,$($(ARCH)-cc-id)),)
TF_CFLAGS_aarch64 += -mcpu=cortex-a53
else
TF_CFLAGS_aarch64 += -mtune=cortex-a53
diff --git a/plat/amlogic/gxl/platform.mk b/plat/amlogic/gxl/platform.mk
index 641d177..0a88482 100644
--- a/plat/amlogic/gxl/platform.mk
+++ b/plat/amlogic/gxl/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -41,9 +41,9 @@
${GIC_SOURCES}
# Tune compiler for Cortex-A53
-ifeq ($(notdir $(CC)),armclang)
+ifeq ($($(ARCH)-cc-id),arm-clang)
TF_CFLAGS_aarch64 += -mcpu=cortex-a53
-else ifneq ($(findstring clang,$(notdir $(CC))),)
+else ifneq ($(filter %-clang,$($(ARCH)-cc-id)),)
TF_CFLAGS_aarch64 += -mcpu=cortex-a53
else
TF_CFLAGS_aarch64 += -mtune=cortex-a53
@@ -88,4 +88,3 @@
${BUILD_PLAT}/bl31.img: ${BUILD_PLAT}/bl31.bin ${DOIMAGETOOL}
${DOIMAGETOOL} ${BUILD_PLAT}/bl31.bin ${BUILD_PLAT}/bl31.img
-
diff --git a/plat/arm/board/arm_fpga/fpga_def.h b/plat/arm/board/arm_fpga/fpga_def.h
index 2884ea6..5e3a0a9 100644
--- a/plat/arm/board/arm_fpga/fpga_def.h
+++ b/plat/arm/board/arm_fpga/fpga_def.h
@@ -21,7 +21,7 @@
#define FPGA_MAX_CLUSTER_COUNT 4
#define FPGA_MAX_CPUS_PER_CLUSTER 8
-#define FPGA_MAX_PE_PER_CPU 4
+#define FPGA_MAX_PE_PER_CPU 2
#define FPGA_PRIMARY_CPU 0x0
/*******************************************************************************
diff --git a/plat/arm/board/arm_fpga/platform.mk b/plat/arm/board/arm_fpga/platform.mk
index f44b37d..c9c248f 100644
--- a/plat/arm/board/arm_fpga/platform.mk
+++ b/plat/arm/board/arm_fpga/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+# Copyright (c) 2021-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -129,6 +129,6 @@
bl31.axf: bl31 dtbs ${BUILD_PLAT}/rom_trampoline.o ${BUILD_PLAT}/kernel_trampoline.o ${BUILD_PLAT}/build_axf.ld
$(ECHO) " LD $@"
- $(Q)$(LD) -T ${BUILD_PLAT}/build_axf.ld -L ${BUILD_PLAT} --strip-debug -s -n -o ${BUILD_PLAT}/bl31.axf
+ $(Q)$($(ARCH)-ld) -T ${BUILD_PLAT}/build_axf.ld -L ${BUILD_PLAT} --strip-debug -s -n -o ${BUILD_PLAT}/bl31.axf
all: bl31.axf
diff --git a/plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c b/plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c
index fe521a9..457d181 100644
--- a/plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c
+++ b/plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c
@@ -34,9 +34,14 @@
.image_info.image_base = BL31_BASE,
.image_info.image_max_size = BL31_LIMIT - BL31_BASE,
+#ifdef CORSTONE1000_WITH_BL32
.next_handoff_image_id = BL32_IMAGE_ID,
+#else
+ .next_handoff_image_id = BL33_IMAGE_ID,
+#endif
},
+#ifdef CORSTONE1000_WITH_BL32
/* Fill BL32 related information */
{
.image_id = BL32_IMAGE_ID,
@@ -65,7 +70,7 @@
VERSION_2, image_info_t, 0),
.next_handoff_image_id = INVALID_IMAGE_ID,
},
-
+#endif
/* Fill BL33 related information */
{
.image_id = BL33_IMAGE_ID,
diff --git a/plat/arm/board/corstone1000/platform.mk b/plat/arm/board/corstone1000/platform.mk
index dcd0df8..fd08803 100644
--- a/plat/arm/board/corstone1000/platform.mk
+++ b/plat/arm/board/corstone1000/platform.mk
@@ -28,9 +28,14 @@
override NEED_BL2U := no
override NEED_BL31 := yes
-NEED_BL32 := yes
+NEED_BL32 ?= yes
override NEED_BL33 := yes
+# Add CORSTONE1000_WITH_BL32 as a preprocessor define (-D option)
+ifeq (${NEED_BL32},yes)
+$(eval $(call add_define,CORSTONE1000_WITH_BL32))
+endif
+
# Include GICv2 driver files
include drivers/arm/gic/v2/gicv2.mk
diff --git a/plat/arm/board/fvp/aarch64/fvp_lsp_ras_sp.c b/plat/arm/board/fvp/aarch64/fvp_lsp_ras_sp.c
new file mode 100644
index 0000000..5324fec
--- /dev/null
+++ b/plat/arm/board/fvp/aarch64/fvp_lsp_ras_sp.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <inttypes.h>
+#include <stdint.h>
+
+#include <lib/el3_runtime/context_mgmt.h>
+#include <lib/extensions/ras.h>
+
+#include <plat/common/platform.h>
+#include <services/el3_spmd_logical_sp.h>
+#include <services/ffa_svc.h>
+#include <services/sdei.h>
+
+
+#define CACTUS_SP_RAS_DELEGATE_CMD 0x72617365
+#define EVENT_NOTIFY_OS_RAS_ERROR U(5000)
+
+/*
+ * Note: Typical RAS error handling flow with Firmware First Handling
+ *
+ * Step 1: Exception resulting from a RAS error in the normal world is routed to
+ * EL3.
+ * Step 2: This exception is typically signaled as either a synchronous external
+ * abort or SError or interrupt. TF-A (EL3 firmware) delegates the
+ * control to platform specific handler built on top of the RAS helper
+ * utilities.
+ * Step 3: With the help of a Logical Secure Partition, TF-A sends a direct
+ * message to dedicated S-EL0 (or S-EL1) RAS Partition managed by SPMC.
+ * TF-A also populates a shared buffer with a data structure containing
+ * enough information (such as system registers) to identify and triage
+ * the RAS error.
+ * Step 4: RAS SP generates the Common Platform Error Record (CPER) and shares
+ * it with normal world firmware and/or OS kernel through a reserved
+ * buffer memory.
+ * Step 5: RAS SP responds to the direct message with information necessary for
+ * TF-A to notify the OS kernel.
+ * Step 6: Consequently, TF-A dispatches an SDEI event to notify the OS kernel
+ * about the CPER records for further logging.
+ */
+
+static int injected_fault_handler(const struct err_record_info *info,
+ int probe_data, const struct err_handler_data *const data)
+{
+ /*
+ * At the moment, an FF-A compatible SP that supports RAS firmware is
+ * not available. Hence the sequence below does not exactly follow the
+ * steps outlined above. Therefore, some steps are essentially spoofed.
+ * The handling of RAS error is completely done in EL3 firmware.
+ */
+ uint64_t status, cactus_cmd_ret;
+ int ret, event_num;
+ cpu_context_t *ns_cpu_context;
+
+ /* Get a reference to the non-secure context */
+ ns_cpu_context = cm_get_context(NON_SECURE);
+ assert(ns_cpu_context != NULL);
+
+ /*
+ * The faulting error record is already selected by the SER probe
+ * function.
+ */
+ status = read_erxstatus_el1();
+
+ ERROR("Fault reported by system error record %d on 0x%lx: status=0x%" PRIx64 "\n",
+ probe_data, read_mpidr_el1(), status);
+ ERROR(" exception reason=%u syndrome=0x%" PRIx64 "\n", data->ea_reason,
+ data->flags);
+
+ /* Clear error */
+ write_erxstatus_el1(status);
+
+ /*
+ * Initiate an EL3 direct message from LSP to Cactus RAS Secure
+ * Partition (ID 8001). Currently, the payload is being spoofed.
+ * The direct message response contains the SDEI event ID for the
+ * associated RAS error.
+ */
+ (void)plat_spmd_logical_sp_smc_handler(0, 0, 0, CACTUS_SP_RAS_DELEGATE_CMD,
+ EVENT_NOTIFY_OS_RAS_ERROR,
+ NULL, ns_cpu_context, 0);
+
+ cactus_cmd_ret = read_ctx_reg(get_gpregs_ctx(ns_cpu_context), CTX_GPREG_X3);
+ event_num = (int)read_ctx_reg(get_gpregs_ctx(ns_cpu_context), CTX_GPREG_X4);
+
+ if (cactus_cmd_ret != 0) {
+ ERROR("RAS error could not be handled by SP: %lx\n", cactus_cmd_ret);
+ panic();
+ }
+
+ if (event_num != EVENT_NOTIFY_OS_RAS_ERROR) {
+ ERROR("Unexpected event id sent by RAS SP: %d\n", event_num);
+ panic();
+ }
+
+ /* Dispatch the event to the SDEI client */
+ ret = sdei_dispatch_event(event_num);
+ if (ret < 0) {
+ ERROR("Can't dispatch event to SDEI\n");
+ panic();
+ } else {
+ INFO("SDEI event dispatched\n");
+ }
+
+ return 0;
+}
+
+struct ras_interrupt fvp_ras_interrupts[] = {
+};
+
+struct err_record_info fvp_err_records[] = {
+ /* Record for injected fault */
+ ERR_RECORD_SYSREG_V1(0, 2, ras_err_ser_probe_sysreg,
+ injected_fault_handler, NULL),
+};
+
+REGISTER_ERR_RECORD_INFO(fvp_err_records);
+REGISTER_RAS_INTERRUPTS(fvp_ras_interrupts);
diff --git a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts
index 6ba76db..9eb2177 100644
--- a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts
+++ b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2023, ARM Limited. All rights reserved.
+ * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -104,7 +104,11 @@
};
#if COT_DESC_IN_DTB
- #include "cot_descriptors.dtsi"
+ #if defined(ARM_COT_cca)
+ #include "cca_cot_descriptors.dtsi"
+ #elif defined(ARM_COT_tbbr)
+ #include "tbbr_cot_descriptors.dtsi"
+ #endif
#endif
#if MEASURED_BOOT
@@ -117,6 +121,13 @@
#include "../fvp_def.h"
+#if defined(ARM_COT_cca)
+/* FVP does not support the CCA NV Counter so use the Trusted one. */
+&cca_nv_counter {
+ reg = <TFW_NVCTR_BASE>;
+};
+#endif
+
&trusted_nv_counter {
reg = <TFW_NVCTR_BASE>;
};
diff --git a/plat/arm/board/fvp/fvp_bl1_measured_boot.c b/plat/arm/board/fvp/fvp_bl1_measured_boot.c
index dc95ba1..477ae27 100644
--- a/plat/arm/board/fvp/fvp_bl1_measured_boot.c
+++ b/plat/arm/board/fvp/fvp_bl1_measured_boot.c
@@ -7,7 +7,6 @@
#include <stdint.h>
#include <drivers/measured_boot/event_log/event_log.h>
-#include <drivers/measured_boot/rss/rss_measured_boot.h>
#include <plat/arm/common/plat_arm.h>
#include <tools_share/zero_oid.h>
@@ -23,42 +22,10 @@
{ EVLOG_INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */
};
-/* FVP table with platform specific image IDs and metadata. Intentionally not a
- * const struct, some members might set by bootloaders during trusted boot.
- */
-struct rss_mboot_metadata fvp_rss_mboot_metadata[] = {
- {
- .id = FW_CONFIG_ID,
- .slot = U(6),
- .signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_FW_CONFIG_STRING,
- .pk_oid = ZERO_OID,
- .lock_measurement = true },
- {
- .id = TB_FW_CONFIG_ID,
- .slot = U(7),
- .signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_TB_FW_CONFIG_STRING,
- .pk_oid = ZERO_OID,
- .lock_measurement = true },
- {
- .id = BL2_IMAGE_ID,
- .slot = U(8),
- .signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_BL2_STRING,
- .pk_oid = ZERO_OID,
- .lock_measurement = true },
-
- {
- .id = RSS_MBOOT_INVALID_ID }
-};
-
void bl1_plat_mboot_init(void)
{
event_log_init(event_log, event_log + sizeof(event_log));
event_log_write_header();
-
- rss_measured_boot_init(fvp_rss_mboot_metadata);
}
void bl1_plat_mboot_finish(void)
diff --git a/plat/arm/board/fvp/fvp_bl2_measured_boot.c b/plat/arm/board/fvp/fvp_bl2_measured_boot.c
index 349e064..369bcb4 100644
--- a/plat/arm/board/fvp/fvp_bl2_measured_boot.c
+++ b/plat/arm/board/fvp/fvp_bl2_measured_boot.c
@@ -8,7 +8,6 @@
#include <common/tbbr/tbbr_img_def.h>
#include <drivers/measured_boot/event_log/event_log.h>
-#include <drivers/measured_boot/rss/rss_measured_boot.h>
#if defined(ARM_COT_cca)
#include <tools_share/cca_oid.h>
#else
@@ -57,44 +56,6 @@
{ EVLOG_INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */
};
-/* FVP table with platform specific image IDs and metadata. Intentionally not a
- * const struct, some members might set by bootloaders during trusted boot.
- */
-struct rss_mboot_metadata fvp_rss_mboot_metadata[] = {
- {
- .id = BL31_IMAGE_ID,
- .slot = U(9),
- .signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_BL31_STRING,
- .pk_oid = BL31_IMAGE_KEY_OID,
- .lock_measurement = true },
- {
- .id = HW_CONFIG_ID,
- .slot = U(10),
- .signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_HW_CONFIG_STRING,
- .pk_oid = HW_CONFIG_KEY_OID,
- .lock_measurement = true },
- {
- .id = SOC_FW_CONFIG_ID,
- .slot = U(11),
- .signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_SOC_FW_CONFIG_STRING,
- .pk_oid = SOC_FW_CONFIG_KEY_OID,
- .lock_measurement = true },
-#if ENABLE_RME
- {
- .id = RMM_IMAGE_ID,
- .slot = U(12),
- .signer_id_size = SIGNER_ID_MIN_SIZE,
- .sw_type = RSS_MBOOT_RMM_STRING,
- .pk_oid = RMM_IMAGE_KEY_OID,
- .lock_measurement = true },
-#endif /* ENABLE_RME */
- {
- .id = RSS_MBOOT_INVALID_ID }
-};
-
void bl2_plat_mboot_init(void)
{
uint8_t *event_log_start;
@@ -126,8 +87,6 @@
event_log_max_size);
event_log_init((uint8_t *)event_log_start, event_log_finish);
-
- rss_measured_boot_init(fvp_rss_mboot_metadata);
}
int plat_mboot_measure_critical_data(unsigned int critical_data_id,
diff --git a/plat/arm/board/fvp/fvp_bl2_setup.c b/plat/arm/board/fvp/fvp_bl2_setup.c
index ebd5266..97d000e 100644
--- a/plat/arm/board/fvp/fvp_bl2_setup.c
+++ b/plat/arm/board/fvp/fvp_bl2_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -9,6 +9,7 @@
#include <common/debug.h>
#include <common/desc_image_load.h>
#include <drivers/arm/sp804_delay_timer.h>
+#include <fvp_pas_def.h>
#include <lib/fconf/fconf.h>
#include <lib/fconf/fconf_dyn_cfg_getter.h>
#include <lib/transfer_list.h>
@@ -21,6 +22,32 @@
static struct transfer_list_header *ns_tl __unused;
+#if ENABLE_RME
+/*
+ * The GPT library might modify the gpt regions structure to optimize
+ * the layout, so the array cannot be constant.
+ */
+static pas_region_t pas_regions[] = {
+ ARM_PAS_KERNEL,
+ ARM_PAS_SECURE,
+ ARM_PAS_REALM,
+ ARM_PAS_EL3_DRAM,
+ ARM_PAS_GPTS,
+ ARM_PAS_KERNEL_1
+};
+
+static const arm_gpt_info_t arm_gpt_info = {
+ .pas_region_base = pas_regions,
+ .pas_region_count = (unsigned int)ARRAY_SIZE(pas_regions),
+ .l0_base = (uintptr_t)ARM_L0_GPT_BASE,
+ .l1_base = (uintptr_t)ARM_L1_GPT_BASE,
+ .l0_size = (size_t)ARM_L0_GPT_SIZE,
+ .l1_size = (size_t)ARM_L1_GPT_SIZE,
+ .pps = GPCCR_PPS_64GB,
+ .pgs = GPCCR_PGS_4K
+};
+#endif
+
void bl2_early_platform_setup2(u_register_t arg0, u_register_t arg1, u_register_t arg2, u_register_t arg3)
{
arm_bl2_early_platform_setup((uintptr_t)arg0, (meminfo_t *)arg1);
@@ -41,6 +68,13 @@
fvp_timer_init();
}
+#if ENABLE_RME
+const arm_gpt_info_t *plat_arm_get_gpt_info(void)
+{
+ return &arm_gpt_info;
+}
+#endif /* ENABLE_RME */
+
/*******************************************************************************
* This function returns the list of executable images
******************************************************************************/
diff --git a/plat/arm/board/fvp/fvp_common.c b/plat/arm/board/fvp/fvp_common.c
index c40a3ce..beae242 100644
--- a/plat/arm/board/fvp/fvp_common.c
+++ b/plat/arm/board/fvp/fvp_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -24,7 +24,6 @@
#endif
#include <plat/arm/common/arm_config.h>
-#include <plat/arm/common/arm_pas_def.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
diff --git a/plat/arm/board/fvp/fvp_pm.c b/plat/arm/board/fvp/fvp_pm.c
index 51dda9e..b3d503e 100644
--- a/plat/arm/board/fvp/fvp_pm.c
+++ b/plat/arm/board/fvp/fvp_pm.c
@@ -1,17 +1,15 @@
/*
- * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
-#include <arch_features.h>
#include <arch_helpers.h>
#include <common/debug.h>
#include <drivers/arm/gicv3.h>
#include <drivers/arm/fvp/fvp_pwrc.h>
-#include <lib/extensions/spe.h>
#include <lib/mmio.h>
#include <lib/psci/psci.h>
#include <plat/arm/common/arm_config.h>
@@ -54,14 +52,6 @@
{
uint64_t mpidr = read_mpidr_el1();
- /*
- * On power down we need to disable statistical profiling extensions
- * before exiting coherency.
- */
- if (is_feat_spe_supported()) {
- spe_disable();
- }
-
/* Disable coherency if this cluster is to be turned off */
fvp_interconnect_disable();
diff --git a/include/plat/arm/common/arm_pas_def.h b/plat/arm/board/fvp/include/fvp_pas_def.h
similarity index 94%
rename from include/plat/arm/common/arm_pas_def.h
rename to plat/arm/board/fvp/include/fvp_pas_def.h
index fba8d2c..4684387 100644
--- a/include/plat/arm/common/arm_pas_def.h
+++ b/plat/arm/board/fvp/include/fvp_pas_def.h
@@ -1,13 +1,13 @@
/*
- * Copyright (c) 2021-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021-2024, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
-#ifndef ARM_PAS_DEF_H
-#define ARM_PAS_DEF_H
+#ifndef FVP_PAS_DEF_H
+#define FVP_PAS_DEF_H
#include <lib/gpt_rme/gpt_rme.h>
-#include <plat/arm/common/arm_def.h>
+#include <platform_def.h>
/*****************************************************************************
* PAS regions used to initialize the Granule Protection Table (GPT)
@@ -107,11 +107,11 @@
ARM_EL3_TZC_DRAM1_SIZE, \
GPT_GPI_ROOT)
-#define ARM_PAS_GPTS GPT_MAP_REGION_GRANULE(ARM_L1_GPT_ADDR_BASE, \
+#define ARM_PAS_GPTS GPT_MAP_REGION_GRANULE(ARM_L1_GPT_BASE, \
ARM_L1_GPT_SIZE, \
GPT_GPI_ROOT)
/* GPT Configuration options */
#define PLATFORM_L0GPTSZ GPCCR_L0GPTSZ_30BITS
-#endif /* ARM_PAS_DEF_H */
+#endif /* FVP_PAS_DEF_H */
diff --git a/plat/arm/board/fvp/include/platform_def.h b/plat/arm/board/fvp/include/platform_def.h
index aad0417..4b69d66 100644
--- a/plat/arm/board/fvp/include/platform_def.h
+++ b/plat/arm/board/fvp/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -234,7 +234,13 @@
/* When ARM_BL31_IN_DRAM is set, BL2 can use almost all of Trusted SRAM. */
# define PLAT_ARM_MAX_BL2_SIZE (UL(0x1F000) - FVP_BL2_ROMLIB_OPTIMIZATION)
#else
-# define PLAT_ARM_MAX_BL2_SIZE (UL(0x13000) - FVP_BL2_ROMLIB_OPTIMIZATION)
+/**
+ * Default to just under half of SRAM to ensure there's enough room for really
+ * large BL31 build configurations when using the default SRAM size (256 Kb).
+ */
+#define PLAT_ARM_MAX_BL2_SIZE \
+ (((PLAT_ARM_TRUSTED_SRAM_SIZE / 3) & ~PAGE_SIZE_MASK) - PAGE_SIZE - \
+ FVP_BL2_ROMLIB_OPTIMIZATION)
#endif
#if RESET_TO_BL31
@@ -416,7 +422,7 @@
#define PLAT_SDEI_DP_EVENT_MAX_CNT ARM_SDEI_DP_EVENT_MAX_CNT
#define PLAT_SDEI_DS_EVENT_MAX_CNT ARM_SDEI_DS_EVENT_MAX_CNT
#else
- #if PLATFORM_TEST_RAS_FFH
+ #if PLATFORM_TEST_RAS_FFH || PLATFORM_TEST_FFH_LSP_RAS_SP
#define PLAT_ARM_PRIVATE_SDEI_EVENTS \
ARM_SDEI_PRIVATE_EVENTS, \
SDEI_EXPLICIT_EVENT(5000, SDEI_MAPF_NORMAL), \
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index df26dd7..35086e4 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -57,7 +57,6 @@
ENABLE_FEAT_TWED := 2
ENABLE_FEAT_GCS := 2
ifeq (${ARCH}, aarch64)
-ifneq (${SPD}, spmd)
ifeq (${SPM_MM}, 0)
ifeq (${CTX_INCLUDE_FPREGS}, 0)
ENABLE_SME_FOR_NS := 2
@@ -66,7 +65,6 @@
endif
endif
endif
-endif
# enable unconditionally for all builds
ifeq (${ARCH}, aarch64)
@@ -75,6 +73,7 @@
endif
ENABLE_SYS_REG_TRACE_FOR_NS := 2
ENABLE_FEAT_CSV2_2 := 2
+ENABLE_FEAT_CSV2_3 := 2
ENABLE_FEAT_DIT := 2
ENABLE_FEAT_PAN := 2
ENABLE_FEAT_MTE_PERM := 2
@@ -398,11 +397,15 @@
endif
ifeq (${HANDLE_EA_EL3_FIRST_NS},1)
-ifeq (${ENABLE_FEAT_RAS},1)
-BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_ras.c
-else
-BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_ea.c
-endif
+ ifeq (${ENABLE_FEAT_RAS},1)
+ ifeq (${PLATFORM_TEST_FFH_LSP_RAS_SP},1)
+ BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_lsp_ras_sp.c
+ else
+ BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_ras.c
+ endif
+ else
+ BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_ea.c
+ endif
endif
ifneq (${ENABLE_STACK_PROTECTOR},0)
@@ -440,22 +443,6 @@
override BL1_SOURCES =
endif
-# Include Measured Boot makefile before any Crypto library makefile.
-# Crypto library makefile may need default definitions of Measured Boot build
-# flags present in Measured Boot makefile.
-ifeq (${MEASURED_BOOT},1)
- RSS_MEASURED_BOOT_MK := drivers/measured_boot/rss/rss_measured_boot.mk
- $(info Including ${RSS_MEASURED_BOOT_MK})
- include ${RSS_MEASURED_BOOT_MK}
-
- ifneq (${MBOOT_RSS_HASH_ALG}, sha256)
- $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA512))
- endif
-
- BL1_SOURCES += ${MEASURED_BOOT_SOURCES}
- BL2_SOURCES += ${MEASURED_BOOT_SOURCES}
-endif
-
include plat/arm/board/common/board_common.mk
include plat/arm/common/arm_common.mk
@@ -517,6 +504,22 @@
endif
endif
+$(eval $(call add_define,PLATFORM_TEST_FFH_LSP_RAS_SP))
+ifeq (${PLATFORM_TEST_FFH_LSP_RAS_SP}, 1)
+ ifeq (${PLATFORM_TEST_RAS_FFH}, 1)
+ $(error "PLATFORM_TEST_RAS_FFH is incompatible with PLATFORM_TEST_FFH_LSP_RAS_SP")
+ endif
+ ifeq (${ENABLE_SPMD_LP}, 0)
+ $(error "PLATFORM_TEST_FFH_LSP_RAS_SP expects ENABLE_SPMD_LP to be 1")
+ endif
+ ifeq (${ENABLE_FEAT_RAS}, 0)
+ $(error "PLATFORM_TEST_FFH_LSP_RAS_SP expects ENABLE_FEAT_RAS to be 1")
+ endif
+ ifeq (${HANDLE_EA_EL3_FIRST_NS}, 0)
+ $(error "PLATFORM_TEST_FFH_LSP_RAS_SP expects HANDLE_EA_EL3_FIRST_NS to be 1")
+ endif
+endif
+
ifeq (${ERRATA_ABI_SUPPORT}, 1)
include plat/arm/board/fvp/fvp_cpu_errata.mk
endif
diff --git a/plat/arm/board/juno/include/platform_def.h b/plat/arm/board/juno/include/platform_def.h
index 5c9a7a3..b276f7b 100644
--- a/plat/arm/board/juno/include/platform_def.h
+++ b/plat/arm/board/juno/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2023, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -246,12 +246,14 @@
/* MHU related constants */
#define PLAT_CSS_MHU_BASE UL(0x2b1f0000)
+#if CSS_USE_SCMI_SDS_DRIVER
+/* Index of SDS region used in the communication between AP and SCP */
+#define SDS_SCP_AP_REGION_ID U(0)
+#else
/*
* Base address of the first memory region used for communication between AP
* and SCP. Used by the BOM and SCPI protocols.
- */
-#if !CSS_USE_SCMI_SDS_DRIVER
-/*
+ *
* Note that this is located at the same address as SCP_BOOT_CFG_ADDR, which
* means the SCP/AP configuration data gets overwritten when the AP initiates
* communication with the SCP. The configuration data is expected to be a
@@ -261,7 +263,7 @@
#define PLAT_CSS_SCP_COM_SHARED_MEM_BASE (ARM_TRUSTED_SRAM_BASE + UL(0x80))
#define PLAT_CSS_PRIMARY_CPU_SHIFT 8
#define PLAT_CSS_PRIMARY_CPU_BIT_WIDTH 4
-#endif
+#endif /* CSS_USE_SCMI_SDS_DRIVER */
/*
* SCP_BL2 uses up whatever remaining space is available as it is loaded before
diff --git a/plat/arm/board/juno/juno_bl1_setup.c b/plat/arm/board/juno/juno_bl1_setup.c
index a9d5cc3..2bc948d 100644
--- a/plat/arm/board/juno/juno_bl1_setup.c
+++ b/plat/arm/board/juno/juno_bl1_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -32,13 +32,14 @@
int ret;
uint32_t scp_reset_synd_flags;
- ret = sds_init();
+ ret = sds_init(SDS_SCP_AP_REGION_ID);
if (ret != SDS_OK) {
ERROR("SCP SDS initialization failed\n");
panic();
}
- ret = sds_struct_read(SDS_RESET_SYNDROME_STRUCT_ID,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ SDS_RESET_SYNDROME_STRUCT_ID,
SDS_RESET_SYNDROME_OFFSET,
&scp_reset_synd_flags,
SDS_RESET_SYNDROME_SIZE,
diff --git a/plat/arm/board/juno/juno_common.c b/plat/arm/board/juno/juno_common.c
index 02614da..2cd01e4 100644
--- a/plat/arm/board/juno/juno_common.c
+++ b/plat/arm/board/juno/juno_common.c
@@ -1,14 +1,16 @@
/*
- * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
+#include <drivers/arm/css/sds.h>
#include <lib/smccc.h>
-#include <platform_def.h>
+#include <lib/utils_def.h>
#include <services/arm_arch_svc.h>
#include <plat/arm/common/plat_arm.h>
+#include <platform_def.h>
/*
* Table of memory regions for different BL stages to map using the MMU.
@@ -138,3 +140,16 @@
return (int32_t)(((sys_id >> V2M_SYS_ID_REV_SHIFT) &
V2M_SYS_ID_REV_MASK) & SOC_ID_REV_MASK);
}
+
+#if CSS_USE_SCMI_SDS_DRIVER
+static sds_region_desc_t juno_sds_regions[] = {
+ { .base = PLAT_ARM_SDS_MEM_BASE },
+};
+
+sds_region_desc_t *plat_sds_get_regions(unsigned int *region_count)
+{
+ *region_count = ARRAY_SIZE(juno_sds_regions);
+
+ return juno_sds_regions;
+}
+#endif /* CSS_USE_SCMI_SDS_DRIVER */
diff --git a/plat/arm/board/morello/include/platform_def.h b/plat/arm/board/morello/include/platform_def.h
index 993aa46..3cf723e 100644
--- a/plat/arm/board/morello/include/platform_def.h
+++ b/plat/arm/board/morello/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -59,6 +59,10 @@
#if CSS_USE_SCMI_SDS_DRIVER
#define MORELLO_SCMI_PAYLOAD_BASE ULL(0x45400000)
+/*
+ * Index of SDS region used in the communication with SCP
+ */
+#define SDS_SCP_AP_REGION_ID U(0)
#else
#define PLAT_CSS_SCP_COM_SHARED_MEM_BASE ULL(0x45400000)
#endif
diff --git a/plat/arm/board/morello/morello_bl2_setup.c b/plat/arm/board/morello/morello_bl2_setup.c
index 39020e2..38e2e6a 100644
--- a/plat/arm/board/morello/morello_bl2_setup.c
+++ b/plat/arm/board/morello/morello_bl2_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -155,13 +155,14 @@
int ret;
struct morello_plat_info plat_info;
- ret = sds_init();
+ ret = sds_init(SDS_SCP_AP_REGION_ID);
if (ret != SDS_OK) {
ERROR("SDS initialization failed. ret:%d\n", ret);
panic();
}
- ret = sds_struct_read(MORELLO_SDS_PLATFORM_INFO_STRUCT_ID,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ MORELLO_SDS_PLATFORM_INFO_STRUCT_ID,
MORELLO_SDS_PLATFORM_INFO_OFFSET,
&plat_info,
MORELLO_SDS_PLATFORM_INFO_SIZE,
diff --git a/plat/arm/board/morello/morello_bl31_setup.c b/plat/arm/board/morello/morello_bl31_setup.c
index 8469cd1..6373825 100644
--- a/plat/arm/board/morello/morello_bl31_setup.c
+++ b/plat/arm/board/morello/morello_bl31_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -43,13 +43,14 @@
#ifdef TARGET_PLATFORM_SOC
int ret;
- ret = sds_init();
+ ret = sds_init(SDS_SCP_AP_REGION_ID);
if (ret != SDS_OK) {
ERROR("SDS initialization failed. ret:%d\n", ret);
panic();
}
- ret = sds_struct_read(MORELLO_SDS_PLATFORM_INFO_STRUCT_ID,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ MORELLO_SDS_PLATFORM_INFO_STRUCT_ID,
MORELLO_SDS_PLATFORM_INFO_OFFSET,
&plat_info,
MORELLO_SDS_PLATFORM_INFO_SIZE,
diff --git a/plat/arm/board/morello/morello_image_load.c b/plat/arm/board/morello/morello_image_load.c
index 4ea2bb3..cfe8bee 100644
--- a/plat/arm/board/morello/morello_image_load.c
+++ b/plat/arm/board/morello/morello_image_load.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,6 +13,7 @@
#include "morello_def.h"
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
+#include <platform_def.h>
/* In client mode, a part of the DDR memory is reserved for Tag bits.
* Calculate the usable memory size after subtracting the Tag memory.
@@ -167,13 +168,14 @@
struct morello_plat_info plat_info;
struct morello_firmware_version fw_version;
- ret = sds_init();
+ ret = sds_init(SDS_SCP_AP_REGION_ID);
if (ret != SDS_OK) {
ERROR("SDS initialization failed. ret:%d\n", ret);
panic();
}
- ret = sds_struct_read(MORELLO_SDS_PLATFORM_INFO_STRUCT_ID,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ MORELLO_SDS_PLATFORM_INFO_STRUCT_ID,
MORELLO_SDS_PLATFORM_INFO_OFFSET,
&plat_info,
MORELLO_SDS_PLATFORM_INFO_SIZE,
@@ -183,7 +185,8 @@
panic();
}
- ret = sds_struct_read(MORELLO_SDS_FIRMWARE_VERSION_STRUCT_ID,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ MORELLO_SDS_FIRMWARE_VERSION_STRUCT_ID,
MORELLO_SDS_FIRMWARE_VERSION_OFFSET,
&fw_version,
MORELLO_SDS_FIRMWARE_VERSION_SIZE,
diff --git a/plat/arm/board/morello/morello_plat.c b/plat/arm/board/morello/morello_plat.c
index 2ca3d08..61fed64 100644
--- a/plat/arm/board/morello/morello_plat.c
+++ b/plat/arm/board/morello/morello_plat.c
@@ -1,12 +1,14 @@
/*
- * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
+#include <drivers/arm/css/sds.h>
#include <drivers/arm/sbsa.h>
+#include <lib/utils_def.h>
#include <plat/arm/common/plat_arm.h>
#include "morello_def.h"
@@ -68,3 +70,16 @@
{
sbsa_wdog_stop(SBSA_SECURE_WDOG_BASE);
}
+
+#if CSS_USE_SCMI_SDS_DRIVER
+static sds_region_desc_t morello_sds_regions[] = {
+ { .base = PLAT_ARM_SDS_MEM_BASE },
+};
+
+sds_region_desc_t *plat_sds_get_regions(unsigned int *region_count)
+{
+ *region_count = ARRAY_SIZE(morello_sds_regions);
+
+ return morello_sds_regions;
+}
+#endif /* CSS_USE_SCMI_SDS_DRIVER */
diff --git a/plat/arm/board/n1sdp/include/platform_def.h b/plat/arm/board/n1sdp/include/platform_def.h
index 74d0c91..82f1e7f 100644
--- a/plat/arm/board/n1sdp/include/platform_def.h
+++ b/plat/arm/board/n1sdp/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -77,6 +77,10 @@
#if CSS_USE_SCMI_SDS_DRIVER
#define N1SDP_SCMI_PAYLOAD_BASE 0x45400000
+/*
+ * Index of SDS region used in the communication with SCP
+ */
+#define SDS_SCP_AP_REGION_ID U(0)
#else
#define PLAT_CSS_SCP_COM_SHARED_MEM_BASE 0x45400000
#endif
diff --git a/plat/arm/board/n1sdp/n1sdp_bl2_setup.c b/plat/arm/board/n1sdp/n1sdp_bl2_setup.c
index 5f8af9f..5a5b9a5 100644
--- a/plat/arm/board/n1sdp/n1sdp_bl2_setup.c
+++ b/plat/arm/board/n1sdp/n1sdp_bl2_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -11,6 +11,7 @@
#include "n1sdp_def.h"
#include <plat/arm/common/plat_arm.h>
+#include <platform_def.h>
struct n1sdp_plat_info {
bool multichip_mode;
@@ -60,13 +61,14 @@
int ret;
struct n1sdp_plat_info plat_info;
- ret = sds_init();
+ ret = sds_init(SDS_SCP_AP_REGION_ID);
if (ret != SDS_OK) {
ERROR("SDS initialization failed\n");
panic();
}
- ret = sds_struct_read(N1SDP_SDS_PLATFORM_INFO_STRUCT_ID,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ N1SDP_SDS_PLATFORM_INFO_STRUCT_ID,
N1SDP_SDS_PLATFORM_INFO_OFFSET,
&plat_info,
N1SDP_SDS_PLATFORM_INFO_SIZE,
diff --git a/plat/arm/board/n1sdp/n1sdp_bl31_setup.c b/plat/arm/board/n1sdp/n1sdp_bl31_setup.c
index 430aab6..27ea7f7 100644
--- a/plat/arm/board/n1sdp/n1sdp_bl31_setup.c
+++ b/plat/arm/board/n1sdp/n1sdp_bl31_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -127,13 +127,14 @@
int ret;
struct n1sdp_plat_info plat_info;
- ret = sds_init();
+ ret = sds_init(SDS_SCP_AP_REGION_ID);
if (ret != SDS_OK) {
ERROR("SDS initialization failed\n");
panic();
}
- ret = sds_struct_read(N1SDP_SDS_PLATFORM_INFO_STRUCT_ID,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ N1SDP_SDS_PLATFORM_INFO_STRUCT_ID,
N1SDP_SDS_PLATFORM_INFO_OFFSET,
&plat_info,
N1SDP_SDS_PLATFORM_INFO_SIZE,
diff --git a/plat/arm/board/n1sdp/n1sdp_image_load.c b/plat/arm/board/n1sdp/n1sdp_image_load.c
index 6c3528c..6ae2b26 100644
--- a/plat/arm/board/n1sdp/n1sdp_image_load.c
+++ b/plat/arm/board/n1sdp/n1sdp_image_load.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,6 +13,7 @@
#include "n1sdp_def.h"
#include <plat/arm/common/plat_arm.h>
+#include <platform_def.h>
/*
* Platform information structure stored in SDS.
@@ -108,13 +109,14 @@
int ret;
struct n1sdp_plat_info plat_info;
- ret = sds_init();
+ ret = sds_init(SDS_SCP_AP_REGION_ID);
if (ret != SDS_OK) {
ERROR("SDS initialization failed. ret:%d\n", ret);
panic();
}
- ret = sds_struct_read(N1SDP_SDS_PLATFORM_INFO_STRUCT_ID,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ N1SDP_SDS_PLATFORM_INFO_STRUCT_ID,
N1SDP_SDS_PLATFORM_INFO_OFFSET,
&plat_info,
N1SDP_SDS_PLATFORM_INFO_SIZE,
diff --git a/plat/arm/board/n1sdp/n1sdp_plat.c b/plat/arm/board/n1sdp/n1sdp_plat.c
index 747ff06..42efdee 100644
--- a/plat/arm/board/n1sdp/n1sdp_plat.c
+++ b/plat/arm/board/n1sdp/n1sdp_plat.c
@@ -1,12 +1,14 @@
/*
- * Copyright (c) 2018-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
+#include <drivers/arm/css/sds.h>
#include <drivers/arm/sbsa.h>
+#include <lib/utils_def.h>
#include <plat/arm/common/plat_arm.h>
#include "n1sdp_def.h"
@@ -71,3 +73,16 @@
{
sbsa_wdog_stop(SBSA_SECURE_WDOG_BASE);
}
+
+#if CSS_USE_SCMI_SDS_DRIVER
+static sds_region_desc_t n1sdp_sds_regions[] = {
+ { .base = PLAT_ARM_SDS_MEM_BASE },
+};
+
+sds_region_desc_t *plat_sds_get_regions(unsigned int *region_count)
+{
+ *region_count = ARRAY_SIZE(n1sdp_sds_regions);
+
+ return n1sdp_sds_regions;
+}
+#endif /* CSS_USE_SCMI_SDS_DRIVER */
diff --git a/plat/arm/board/tc/include/platform_def.h b/plat/arm/board/tc/include/platform_def.h
index 59fff6e..e8f97e1 100644
--- a/plat/arm/board/tc/include/platform_def.h
+++ b/plat/arm/board/tc/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -137,7 +137,7 @@
* little space for growth. Current size is considering that TRUSTED_BOARD_BOOT
* and MEASURED_BOOT is enabled.
*/
-# define PLAT_ARM_MAX_BL2_SIZE 0x26000
+# define PLAT_ARM_MAX_BL2_SIZE 0x29000
/*
@@ -240,6 +240,17 @@
#define PLAT_ARM_SCMI_CHANNEL_COUNT 1
+/* Index of SDS region used in the communication with SCP */
+#define SDS_SCP_AP_REGION_ID U(0)
+/* Index of SDS region used in the communication with RSS */
+#define SDS_RSS_AP_REGION_ID U(1)
+/*
+ * Memory region for RSS's shared data storage (SDS)
+ * It is placed right after the SCMI payload area.
+ */
+#define PLAT_ARM_RSS_AP_SDS_MEM_BASE (CSS_SCMI_PAYLOAD_BASE + \
+ CSS_SCMI_PAYLOAD_SIZE_MAX)
+
#define PLAT_ARM_CLUSTER_COUNT U(1)
#define PLAT_MAX_CPUS_PER_CLUSTER U(8)
#define PLAT_MAX_PE_PER_CPU U(1)
@@ -322,4 +333,18 @@
#define PLAT_ARM_FIP_OFFSET_IN_GPT 0x6000
#endif /* ARM_GPT_SUPPORT */
+/* UART related constants */
+
+#undef PLAT_ARM_BOOT_UART_BASE
+#define PLAT_ARM_BOOT_UART_BASE 0x2A410000
+
+#undef PLAT_ARM_RUN_UART_BASE
+#define PLAT_ARM_RUN_UART_BASE 0x2A400000
+
+#undef PLAT_ARM_SP_MIN_RUN_UART_BASE
+#define PLAT_ARM_SP_MIN_RUN_UART_BASE PLAT_ARM_RUN_UART_BASE
+
+#undef PLAT_ARM_CRASH_UART_BASE
+#define PLAT_ARM_CRASH_UART_BASE PLAT_ARM_RUN_UART_BASE
+
#endif /* PLATFORM_DEF_H */
diff --git a/plat/arm/board/tc/plat_tc_mbedtls_config.h b/plat/arm/board/tc/plat_tc_mbedtls_config.h
index 773629c..de7b1aa 100644
--- a/plat/arm/board/tc/plat_tc_mbedtls_config.h
+++ b/plat/arm/board/tc/plat_tc_mbedtls_config.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2023, Arm Ltd. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Ltd. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -19,11 +19,12 @@
#undef TF_MBEDTLS_HEAP_SIZE
#define TF_MBEDTLS_HEAP_SIZE PLATFORM_TEST_MIN_MBEDTLS_HEAP_SIZE
#endif
-#endif
+#endif /* TF_MBEDTLS_HEAP_SIZE */
#define MBEDTLS_PSA_CRYPTO_C
#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
#define MBEDTLS_ECP_C
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_ECP_NO_INTERNAL_RNG
#endif /* PLAT_TC_MBEDTLS_CONFIG_H */
diff --git a/plat/arm/board/tc/platform_test.mk b/plat/arm/board/tc/platform_test.mk
index 2fd5ea0..4e81b2c 100644
--- a/plat/arm/board/tc/platform_test.mk
+++ b/plat/arm/board/tc/platform_test.mk
@@ -1,4 +1,4 @@
-# Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+# Copyright (c) 2022-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -13,7 +13,6 @@
# Code under testing.
BL31_SOURCES += lib/psa/rss_platform.c \
- drivers/arm/rss/rss_comms.c \
${RSS_COMMS_SOURCES}
PLAT_INCLUDES += -Iinclude/lib/psa
@@ -27,13 +26,13 @@
# Code under testing.
BL31_SOURCES += lib/psa/rss_platform.c \
- drivers/arm/rss/rss_comms.c \
${RSS_COMMS_SOURCES}
PLAT_INCLUDES += -Iinclude/lib/psa
$(eval $(call add_define,PLATFORM_TEST_ROTPK))
else ifeq (${PLATFORM_TEST},tfm-testsuite)
+ include drivers/arm/rss/rss_comms.mk
# The variables need to be set to compile the platform test:
ifeq (${TF_M_TESTS_PATH},)
@@ -56,7 +55,7 @@
MBEDTLS_CONFIG_FILE = "<plat_tc_mbedtls_config.h>"
- LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \
+ LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \
entropy.c \
entropy_poll.c \
hmac_drbg.c \
@@ -69,30 +68,31 @@
psa_crypto_slot_management.c \
)
- BL31_SOURCES += ${RSS_COMMS_SOURCES} \
- plat/arm/common/arm_dyn_cfg.c \
- ${TC_BASE}/rss_ap_tests.c \
- ${TC_BASE}/rss_ap_testsuites.c \
+ BL31_SOURCES += ${RSS_COMMS_SOURCES} \
+ plat/arm/common/arm_dyn_cfg.c \
+ ${TC_BASE}/rss_ap_tests.c \
+ ${TC_BASE}/rss_ap_testsuites.c \
${TC_BASE}/rss_ap_test_stubs.c \
- $(TF_M_TESTS_PATH)/test/framework/test_framework.c \
+ $(TF_M_TESTS_PATH)/tests_reg/test/framework/test_framework.c \
$(MEASURED_BOOT_TESTS_PATH)/measured_boot_common.c \
$(MEASURED_BOOT_TESTS_PATH)/measured_boot_tests_common.c \
$(DELEGATED_ATTEST_TESTS_PATH)/delegated_attest_test.c \
- drivers/auth/mbedtls/mbedtls_common.c \
- lib/psa/measured_boot.c \
+ drivers/auth/mbedtls/mbedtls_common.c \
+ lib/psa/measured_boot.c \
lib/psa/delegated_attestation.c
PLAT_INCLUDES += -I$(TF_M_EXTRAS_PATH)/partitions/measured_boot/interface/include \
-I$(TF_M_EXTRAS_PATH)/partitions/delegated_attestation/interface/include \
- -I$(TF_M_TESTS_PATH)/test/framework \
- -I$(TF_M_TESTS_PATH)/log \
- -I$(TF_M_TESTS_PATH)/test/secure_fw/suites/extra \
- -I$(MEASURED_BOOT_TESTS_PATH)/non_secure \
- -I$(DELEGATED_ATTEST_TESTS_PATH) \
- -I$(DELEGATED_ATTEST_TESTS_PATH)/non_secure \
- -Iplat/arm/board/tc \
- -Iinclude/drivers/auth/mbedtls \
- -Iinclude/drivers/arm
+ -I$(TF_M_TESTS_PATH)/tests_reg/test/framework \
+ -I$(TF_M_TESTS_PATH)/tests_reg/test/secure_fw/suites/extra \
+ -I$(TF_M_TESTS_PATH)/lib/log \
+ -I$(MEASURED_BOOT_TESTS_PATH)/non_secure \
+ -I$(DELEGATED_ATTEST_TESTS_PATH) \
+ -I$(DELEGATED_ATTEST_TESTS_PATH)/non_secure \
+ -Iplat/arm/board/tc \
+ -Iinclude/drivers/auth/mbedtls \
+ -Iinclude/drivers/arm \
+ -Iinclude/lib/psa
# Some of the PSA functions are declared in multiple header files, that
# triggers this warning.
diff --git a/plat/arm/board/tc/tc_plat.c b/plat/arm/board/tc/tc_plat.c
index 766bfb5..27d4b11 100644
--- a/plat/arm/board/tc/tc_plat.c
+++ b/plat/arm/board/tc/tc_plat.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -12,6 +12,8 @@
#include <common/bl_common.h>
#include <common/debug.h>
#include <drivers/arm/ccn.h>
+#include <drivers/arm/css/sds.h>
+#include <lib/utils_def.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
#include <drivers/arm/sbsa.h>
@@ -159,3 +161,15 @@
{
sbsa_wdog_refresh(SBSA_SECURE_WDOG_REFRESH_BASE);
}
+
+static sds_region_desc_t tc_sds_regions[] = {
+ { .base = PLAT_ARM_SDS_MEM_BASE },
+ { .base = PLAT_ARM_RSS_AP_SDS_MEM_BASE },
+};
+
+sds_region_desc_t *plat_sds_get_regions(unsigned int *region_count)
+{
+ *region_count = ARRAY_SIZE(tc_sds_regions);
+
+ return tc_sds_regions;
+}
diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c
index 3e8109e..30d0647 100644
--- a/plat/arm/common/arm_bl2_setup.c
+++ b/plat/arm/common/arm_bl2_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -23,9 +23,6 @@
#include <lib/optee_utils.h>
#endif
#include <lib/utils.h>
-#if ENABLE_RME
-#include <plat/arm/common/arm_pas_def.h>
-#endif
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
@@ -134,48 +131,6 @@
arm_bl2_platform_setup();
}
-#if ENABLE_RME
-static void arm_bl2_plat_gpt_setup(void)
-{
- /*
- * The GPT library might modify the gpt regions structure to optimize
- * the layout, so the array cannot be constant.
- */
- pas_region_t pas_regions[] = {
- ARM_PAS_KERNEL,
- ARM_PAS_SECURE,
- ARM_PAS_REALM,
- ARM_PAS_EL3_DRAM,
- ARM_PAS_GPTS,
- ARM_PAS_KERNEL_1
- };
-
- /* Initialize entire protected space to GPT_GPI_ANY. */
- if (gpt_init_l0_tables(GPCCR_PPS_64GB, ARM_L0_GPT_ADDR_BASE,
- ARM_L0_GPT_SIZE) < 0) {
- ERROR("gpt_init_l0_tables() failed!\n");
- panic();
- }
-
- /* Carve out defined PAS ranges. */
- if (gpt_init_pas_l1_tables(GPCCR_PGS_4K,
- ARM_L1_GPT_ADDR_BASE,
- ARM_L1_GPT_SIZE,
- pas_regions,
- (unsigned int)(sizeof(pas_regions) /
- sizeof(pas_region_t))) < 0) {
- ERROR("gpt_init_pas_l1_tables() failed!\n");
- panic();
- }
-
- INFO("Enabling Granule Protection Checks\n");
- if (gpt_enable() < 0) {
- ERROR("gpt_enable() failed!\n");
- panic();
- }
-}
-#endif /* ENABLE_RME */
-
/*******************************************************************************
* Perform the very early platform specific architectural setup here.
* When RME is enabled the secure environment is initialised before
@@ -216,7 +171,7 @@
enable_mmu_el3(0);
/* Initialise and enable granule protection after MMU. */
- arm_bl2_plat_gpt_setup();
+ arm_gpt_setup();
#else
enable_mmu_el1(0);
#endif
diff --git a/plat/arm/common/arm_common.c b/plat/arm/common/arm_common.c
index fc68114..21cc39c 100644
--- a/plat/arm/common/arm_common.c
+++ b/plat/arm/common/arm_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -241,3 +241,43 @@
{
return plat_arm_mmap;
}
+
+#if ENABLE_RME
+void arm_gpt_setup(void)
+{
+ /*
+ * It is to be noted that any Arm platform that reuses arm_gpt_setup
+ * must implement plat_arm_get_gpt_info within its platform code
+ */
+ const arm_gpt_info_t *arm_gpt_info =
+ plat_arm_get_gpt_info();
+
+ if (arm_gpt_info == NULL) {
+ ERROR("arm_gpt_info not initialized!!\n");
+ panic();
+ }
+
+ /* Initialize entire protected space to GPT_GPI_ANY. */
+ if (gpt_init_l0_tables(arm_gpt_info->pps, arm_gpt_info->l0_base,
+ arm_gpt_info->l0_size) < 0) {
+ ERROR("gpt_init_l0_tables() failed!\n");
+ panic();
+ }
+
+ /* Carve out defined PAS ranges. */
+ if (gpt_init_pas_l1_tables(arm_gpt_info->pgs,
+ arm_gpt_info->l1_base,
+ arm_gpt_info->l1_size,
+ arm_gpt_info->pas_region_base,
+ arm_gpt_info->pas_region_count) < 0) {
+ ERROR("gpt_init_pas_l1_tables() failed!\n");
+ panic();
+ }
+
+ INFO("Enabling Granule Protection Checks\n");
+ if (gpt_enable() < 0) {
+ ERROR("gpt_enable() failed!\n");
+ panic();
+ }
+}
+#endif /* ENABLE_RME */
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index ae0d85d..5084ea9 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -383,7 +383,12 @@
else ifeq (${COT},dualroot)
AUTH_SOURCES += drivers/auth/dualroot/cot.c
else ifeq (${COT},cca)
- AUTH_SOURCES += drivers/auth/cca/cot.c
+ BL1_SOURCES += drivers/auth/cca/cot.c
+ ifneq (${COT_DESC_IN_DTB},0)
+ BL2_SOURCES += lib/fconf/fconf_cot_getter.c
+ else
+ BL2_SOURCES += drivers/auth/cca/cot.c
+ endif
else
$(error Unknown chain of trust ${COT})
endif
diff --git a/plat/arm/common/fconf/arm_fconf_sp.c b/plat/arm/common/fconf/arm_fconf_sp.c
index 18c83c7..8655156 100644
--- a/plat/arm/common/fconf/arm_fconf_sp.c
+++ b/plat/arm/common/fconf/arm_fconf_sp.c
@@ -1,10 +1,11 @@
/*
- * Copyright (c) 2020-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2024, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
+#include <string.h>
#include <common/debug.h>
#include <common/desc_image_load.h>
@@ -27,7 +28,7 @@
int fconf_populate_arm_sp(uintptr_t config)
{
int sp_node, node, err;
- union uuid_helper_t uuid_helper;
+ struct uuid uuid;
unsigned int index = 0;
uint32_t val32;
const unsigned int sip_start = SP_PKG1_ID;
@@ -68,13 +69,14 @@
/* Read UUID */
err = fdtw_read_uuid(dtb, sp_node, "uuid", 16,
- (uint8_t *)&uuid_helper);
+ (uint8_t *)&uuid);
if (err < 0) {
ERROR("FCONF: cannot read SP uuid\n");
return -1;
}
- arm_sp.uuids[index] = uuid_helper;
+ memcpy_s(&arm_sp.uuids[index].uuid_struct, sizeof(struct uuid),
+ &uuid, sizeof(struct uuid));
/* Read Load address */
err = fdt_read_uint32(dtb, sp_node, "load-address", &val32);
@@ -88,16 +90,16 @@
" %02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x"
" load_addr=%lx\n",
__func__,
- uuid_helper.uuid_struct.time_low[0], uuid_helper.uuid_struct.time_low[1],
- uuid_helper.uuid_struct.time_low[2], uuid_helper.uuid_struct.time_low[3],
- uuid_helper.uuid_struct.time_mid[0], uuid_helper.uuid_struct.time_mid[1],
- uuid_helper.uuid_struct.time_hi_and_version[0],
- uuid_helper.uuid_struct.time_hi_and_version[1],
- uuid_helper.uuid_struct.clock_seq_hi_and_reserved,
- uuid_helper.uuid_struct.clock_seq_low,
- uuid_helper.uuid_struct.node[0], uuid_helper.uuid_struct.node[1],
- uuid_helper.uuid_struct.node[2], uuid_helper.uuid_struct.node[3],
- uuid_helper.uuid_struct.node[4], uuid_helper.uuid_struct.node[5],
+ uuid.time_low[0], uuid.time_low[1],
+ uuid.time_low[2], uuid.time_low[3],
+ uuid.time_mid[0], uuid.time_mid[1],
+ uuid.time_hi_and_version[0],
+ uuid.time_hi_and_version[1],
+ uuid.clock_seq_hi_and_reserved,
+ uuid.clock_seq_low,
+ uuid.node[0], uuid.node[1],
+ uuid.node[2], uuid.node[3],
+ uuid.node[4], uuid.node[5],
arm_sp.load_addr[index]);
/* Read owner field only for dualroot CoT */
diff --git a/plat/arm/common/plat_arm_sip_svc.c b/plat/arm/common/plat_arm_sip_svc.c
index b1dab16..d496d2e 100644
--- a/plat/arm/common/plat_arm_sip_svc.c
+++ b/plat/arm/common/plat_arm_sip_svc.c
@@ -1,10 +1,11 @@
/*
- * Copyright (c) 2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <stdint.h>
+#include <errno.h>
#include <common/debug.h>
#include <common/runtime_svc.h>
@@ -12,10 +13,73 @@
#include <plat/arm/common/arm_sip_svc.h>
#include <plat/common/platform.h>
+#if ENABLE_RME && SPMD_SPM_AT_SEL2
+#include <lib/gpt_rme/gpt_rme.h>
+#endif
+
#if ENABLE_SPMD_LP
#include <services/el3_spmd_logical_sp.h>
#endif
+#if (ENABLE_RME == 1) && (defined(SPD_spmd) && SPMD_SPM_AT_SEL2 == 1)
+static uint64_t plat_protect_memory(bool protect,
+ bool secure_origin,
+ const uint64_t base,
+ const size_t size,
+ void *handle)
+{
+ uint64_t ret = SMC_INVALID_PARAM;
+ uint64_t last_updated = 0;
+
+ if (!secure_origin) {
+ SMC_RET1(handle, SMC_UNK);
+ /* Shall not be reached. */
+ }
+
+ if ((base % PAGE_SIZE_4KB) != 0U &&
+ (size % PAGE_SIZE_4KB) != 0U) {
+ VERBOSE("Base address must be aligned to 4k.\n");
+ SMC_RET1(handle, SMC_INVALID_PARAM);
+ /* Shall not be reached. */
+ }
+
+ if ((ULONG_MAX - base) < size) {
+ VERBOSE("Base + Size results in overflow.\n");
+ SMC_RET1(handle, SMC_INVALID_PARAM);
+ /* Shall not be reached. */
+ }
+
+ for (uint64_t it = base; it < (base + size); it += PAGE_SIZE_4KB) {
+ /*
+ * If protect is true, add memory to secure PAS.
+ * Else unprotect it, making part of non-secure PAS.
+ */
+ ret = protect
+ ? gpt_delegate_pas(it, PAGE_SIZE_4KB,
+ SMC_FROM_SECURE)
+ : gpt_undelegate_pas(it, PAGE_SIZE_4KB,
+ SMC_FROM_SECURE);
+
+ switch (ret) {
+ case 0:
+ last_updated = it;
+ break;
+ case -EINVAL:
+ SMC_RET2(handle, SMC_INVALID_PARAM, last_updated);
+ break; /* Shall not be reached. */
+ case -EPERM:
+ SMC_RET2(handle, SMC_DENIED, last_updated);
+ break; /* Shall not be reached. */
+ default:
+ ERROR("Unexpected return\n");
+ panic();
+ }
+ }
+
+ SMC_RET1(handle, SMC_OK);
+}
+#endif /* ENABLE_RME && SPMD_SPM_AT_SEL2 */
+
uintptr_t plat_arm_sip_handler(uint32_t smc_fid,
u_register_t x1,
u_register_t x2,
@@ -25,13 +89,14 @@
void *handle,
u_register_t flags)
{
-#if PLAT_TEST_SPM
bool secure_origin;
/* Determine which security state this SMC originated from */
secure_origin = is_caller_secure(flags);
+ (void) secure_origin;
switch (smc_fid) {
+#if PLAT_TEST_SPM
case ARM_SIP_SET_INTERRUPT_PENDING:
if (!secure_origin) {
SMC_RET1(handle, SMC_UNK);
@@ -42,10 +107,19 @@
SMC_RET1(handle, SMC_OK);
break; /* Not reached */
- default:
+#endif
+
+#if (ENABLE_RME == 1) && (defined(SPD_spmd) && SPMD_SPM_AT_SEL2 == 1)
+ case PLAT_PROTECT_MEM_SMC64:
+ INFO("Sip Call - Protect memory\n");
+ return plat_protect_memory(true, secure_origin, x1, x2, handle);
break;
- }
+ case PLAT_UNPROTECT_MEM_SMC64:
+ INFO("Sip Call - Unprotect memory\n");
+ return plat_protect_memory(false, secure_origin, x1, x2, handle);
+ break;
#endif
+ }
#if ENABLE_SPMD_LP
return plat_spmd_logical_sp_smc_handler(smc_fid, x1, x2, x3, x4,
diff --git a/plat/arm/css/sgi/include/sgi_base_platform_def.h b/plat/arm/css/sgi/include/sgi_base_platform_def.h
index dab5f8b..2126a86 100644
--- a/plat/arm/css/sgi/include/sgi_base_platform_def.h
+++ b/plat/arm/css/sgi/include/sgi_base_platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -298,6 +298,8 @@
#endif
+/* Index of SDS region used in the communication with SCP */
+#define SDS_SCP_AP_REGION_ID U(0)
/* SDS ID for unusable CPU MPID list structure */
#define SDS_ISOLATED_CPU_LIST_ID U(128)
diff --git a/plat/arm/css/sgi/sgi-common.mk b/plat/arm/css/sgi/sgi-common.mk
index 2cd7034..efa3cc6 100644
--- a/plat/arm/css/sgi/sgi-common.mk
+++ b/plat/arm/css/sgi/sgi-common.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2018-2022, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -50,7 +50,8 @@
BL31_SOURCES += ${INTERCONNECT_SOURCES} \
${ENT_GIC_SOURCES} \
${CSS_ENT_BASE}/sgi_bl31_setup.c \
- ${CSS_ENT_BASE}/sgi_topology.c
+ ${CSS_ENT_BASE}/sgi_topology.c \
+ drivers/delay_timer/generic_delay_timer.c
ifneq (${RESET_TO_BL31},0)
$(error "Using BL31 as the reset vector is not supported on ${PLAT} platform. \
diff --git a/plat/arm/css/sgi/sgi_bl31_setup.c b/plat/arm/css/sgi/sgi_bl31_setup.c
index 7aa7b34..ac1ea48 100644
--- a/plat/arm/css/sgi/sgi_bl31_setup.c
+++ b/plat/arm/css/sgi/sgi_bl31_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -12,6 +12,7 @@
#include <common/debug.h>
#include <drivers/arm/css/css_mhu_doorbell.h>
#include <drivers/arm/css/scmi.h>
+#include <drivers/generic_delay_timer.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
@@ -104,6 +105,8 @@
void sgi_bl31_common_platform_setup(void)
{
+ generic_delay_timer_init();
+
arm_bl31_platform_setup();
/* Configure the warm reboot SGI for primary core */
diff --git a/plat/arm/css/sgi/sgi_image_load.c b/plat/arm/css/sgi/sgi_image_load.c
index ac4bfd2..0a9bba9 100644
--- a/plat/arm/css/sgi/sgi_image_load.c
+++ b/plat/arm/css/sgi/sgi_image_load.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -30,13 +30,14 @@
{
int ret;
- ret = sds_init();
+ ret = sds_init(SDS_SCP_AP_REGION_ID);
if (ret != SDS_OK) {
ERROR("SDS initialization failed, error: %d\n", ret);
panic();
}
- ret = sds_struct_read(SDS_ISOLATED_CPU_LIST_ID, 0, &list->num_entries,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ SDS_ISOLATED_CPU_LIST_ID, 0, &list->num_entries,
sizeof(list->num_entries), SDS_ACCESS_MODE_CACHED);
if (ret != SDS_OK) {
INFO("SDS CPU num elements read failed, error: %d\n", ret);
@@ -54,7 +55,8 @@
return;
}
- ret = sds_struct_read(SDS_ISOLATED_CPU_LIST_ID,
+ ret = sds_struct_read(SDS_SCP_AP_REGION_ID,
+ SDS_ISOLATED_CPU_LIST_ID,
sizeof(list->num_entries),
&list->mpid_list,
sizeof(list->mpid_list[0]) * list->num_entries,
@@ -152,4 +154,3 @@
return arm_get_next_bl_params();
}
-
diff --git a/plat/arm/css/sgi/sgi_plat.c b/plat/arm/css/sgi/sgi_plat.c
index 01b426e..fe64d34 100644
--- a/plat/arm/css/sgi/sgi_plat.c
+++ b/plat/arm/css/sgi/sgi_plat.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -11,6 +11,8 @@
#include <common/bl_common.h>
#include <common/debug.h>
#include <drivers/arm/ccn.h>
+#include <drivers/arm/css/sds.h>
+#include <lib/utils_def.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
#include <drivers/arm/sbsa.h>
@@ -174,3 +176,14 @@
{
sbsa_wdog_stop(SBSA_SECURE_WDOG_BASE);
}
+
+static sds_region_desc_t sgi_sds_regions[] = {
+ { .base = PLAT_ARM_SDS_MEM_BASE },
+};
+
+sds_region_desc_t *plat_sds_get_regions(unsigned int *region_count)
+{
+ *region_count = ARRAY_SIZE(sgi_sds_regions);
+
+ return sgi_sds_regions;
+}
diff --git a/plat/arm/css/sgi/sgi_plat_v2.c b/plat/arm/css/sgi/sgi_plat_v2.c
index 624fed3..d241f70 100644
--- a/plat/arm/css/sgi/sgi_plat_v2.c
+++ b/plat/arm/css/sgi/sgi_plat_v2.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -8,9 +8,11 @@
#include <platform_def.h>
+#include <lib/utils_def.h>
+#include <drivers/arm/css/sds.h>
+#include <drivers/arm/sbsa.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
-#include <drivers/arm/sbsa.h>
#if SPM_MM
#include <services/spm_mm_partition.h>
@@ -176,3 +178,14 @@
{
sbsa_wdog_stop(SBSA_SECURE_WDOG_BASE);
}
+
+static sds_region_desc_t sgi_sds_regions[] = {
+ { .base = PLAT_ARM_SDS_MEM_BASE },
+};
+
+sds_region_desc_t *plat_sds_get_regions(unsigned int *region_count)
+{
+ *region_count = ARRAY_SIZE(sgi_sds_regions);
+
+ return sgi_sds_regions;
+}
diff --git a/plat/imx/common/imx_sip_handler.c b/plat/imx/common/imx_sip_handler.c
index ec8631a..f830b64 100644
--- a/plat/imx/common/imx_sip_handler.c
+++ b/plat/imx/common/imx_sip_handler.c
@@ -17,6 +17,15 @@
#include <lib/mmio.h>
#include <sci/sci.h>
+#if defined(PLAT_imx8mn) || defined(PLAT_imx8mp)
+/*
+ * Defined in
+ * table 11. ROM event log buffer address location
+ * AN12853 "i.MX ROMs Log Events"
+ */
+#define ROM_LOG_BUFFER_ADDR 0x9E0
+#endif
+
#if defined(PLAT_imx8qm) || defined(PLAT_imx8qx)
#ifdef PLAT_imx8qm
@@ -177,6 +186,76 @@
}
#endif /* defined(PLAT_imx8mm) || defined(PLAT_imx8mq) */
+#if defined(PLAT_imx8mn) || defined(PLAT_imx8mp)
+static bool is_secondary_boot(void)
+{
+ uint32_t *rom_log_addr = (uint32_t *)ROM_LOG_BUFFER_ADDR;
+ bool is_secondary = false;
+ uint32_t *rom_log;
+ uint8_t event_id;
+
+ /* If the ROM event log pointer is not valid. */
+ if (*rom_log_addr < 0x900000 || *rom_log_addr >= 0xB00000 ||
+ *rom_log_addr & 0x3) {
+ return false;
+ }
+
+ /* Parse the ROM event ID version 2 log */
+ rom_log = (uint32_t *)(uintptr_t)(*rom_log_addr);
+ for (size_t i = 0; i < 128; i++) {
+ event_id = rom_log[i] >> 24;
+ switch (event_id) {
+ case 0x00: /* End of list */
+ return is_secondary;
+ /* Log entries with 1 parameter, skip 1 */
+ case 0x80: /* Perform the device initialization */
+ case 0x81: /* The boot device initialization completes */
+ case 0x82: /* Execute boot device driver pre-config */
+ case 0x8F: /* The boot device initialization fails */
+ case 0x90: /* Start to read data from boot device */
+ case 0x91: /* Reading data from boot device completes */
+ case 0x9F: /* Reading data from boot device fails */
+ i += 1;
+ continue;
+ /* Log entries with 2 parameters, skip 2 */
+ case 0xA0: /* Image authentication result */
+ case 0xC0: /* Jump to the boot image soon */
+ i += 2;
+ continue;
+ /* Booted the primary boot image */
+ case 0x50:
+ is_secondary = false;
+ continue;
+ /* Booted the secondary boot image */
+ case 0x51:
+ is_secondary = true;
+ continue;
+ }
+ }
+
+ return is_secondary;
+}
+
+int imx_src_handler(uint32_t smc_fid,
+ u_register_t x1,
+ u_register_t x2,
+ u_register_t x3,
+ void *handle)
+{
+ switch (x1) {
+ case IMX_SIP_SRC_SET_SECONDARY_BOOT:
+ /* we do support that on these SoCs */
+ break;
+ case IMX_SIP_SRC_IS_SECONDARY_BOOT:
+ return is_secondary_boot();
+ default:
+ return SMC_UNK;
+ };
+
+ return 0;
+}
+#endif /* defined(PLAT_imx8mn) || defined(PLAT_imx8mp) */
+
static uint64_t imx_get_commit_hash(u_register_t x2,
u_register_t x3,
u_register_t x4)
diff --git a/plat/imx/common/imx_sip_svc.c b/plat/imx/common/imx_sip_svc.c
index 6d6633c..69d4f05 100644
--- a/plat/imx/common/imx_sip_svc.c
+++ b/plat/imx/common/imx_sip_svc.c
@@ -60,7 +60,8 @@
case IMX_SIP_MISC_SET_TEMP:
SMC_RET1(handle, imx_misc_set_temp_handler(smc_fid, x1, x2, x3, x4));
#endif
-#if defined(PLAT_imx8mm) || defined(PLAT_imx8mq)
+#if defined(PLAT_imx8mm) || defined(PLAT_imx8mq) || defined(PLAT_imx8mn) || \
+ defined(PLAT_imx8mp)
case IMX_SIP_SRC:
SMC_RET1(handle, imx_src_handler(smc_fid, x1, x2, x3, handle));
break;
diff --git a/plat/imx/common/include/imx_sip_svc.h b/plat/imx/common/include/imx_sip_svc.h
index 0e91c71..35a9f47 100644
--- a/plat/imx/common/include/imx_sip_svc.h
+++ b/plat/imx/common/include/imx_sip_svc.h
@@ -68,7 +68,9 @@
u_register_t x2, u_register_t x3);
#endif
-#if defined(PLAT_imx8mm) || defined(PLAT_imx8mq)
+#if defined(PLAT_imx8mm) || defined(PLAT_imx8mq) || defined(PLAT_imx8mn) || \
+ defined(PLAT_imx8mp)
+
int imx_src_handler(uint32_t smc_fid, u_register_t x1,
u_register_t x2, u_register_t x3, void *handle);
#endif
diff --git a/plat/imx/imx8m/imx8mp/gpc.c b/plat/imx/imx8m/imx8mp/gpc.c
index 956b508..a95eb36 100644
--- a/plat/imx/imx8m/imx8mp/gpc.c
+++ b/plat/imx/imx8m/imx8mp/gpc.c
@@ -374,12 +374,20 @@
mmio_clrbits_32(IMX_SRC_BASE + SRC_OTG1PHY_SCR, 0x1);
mmio_clrbits_32(IMX_SRC_BASE + SRC_OTG2PHY_SCR, 0x1);
- /* enable all the power domain by default */
+ /* enable all clocks by default */
for (i = 0; i < 101; i++) {
mmio_write_32(IMX_CCM_BASE + CCGR(i), 0x3);
}
- for (i = 0; i < 20; i++) {
- imx_gpc_pm_domain_enable(i, true);
- }
+ /* Depending on SKU, we may be lacking e.g. a VPU and shouldn't
+ * access that domain here, because that would lockup the SoC.
+ * Other i.MX8M variants don't initialize any power domains, but
+ * for 8MP we have been enabling the USB power domains since the
+ * beginning and stopping to do this now may render systems
+ * unrecoverable. So we'll keep initializing just the USB power
+ * domains instead of all of them like before.
+ */
+ imx_gpc_pm_domain_enable(HSIOMIX, true);
+ imx_gpc_pm_domain_enable(USB1_PHY, true);
+ imx_gpc_pm_domain_enable(USB2_PHY, true);
}
diff --git a/plat/intel/soc/agilex/bl2_plat_setup.c b/plat/intel/soc/agilex/bl2_plat_setup.c
index 211a7b7..61c0ef2 100644
--- a/plat/intel/soc/agilex/bl2_plat_setup.c
+++ b/plat/intel/soc/agilex/bl2_plat_setup.c
@@ -28,6 +28,7 @@
#include "socfpga_mailbox.h"
#include "socfpga_private.h"
#include "socfpga_reset_manager.h"
+#include "socfpga_ros.h"
#include "socfpga_system_manager.h"
#include "wdt/watchdog.h"
@@ -92,6 +93,7 @@
void bl2_el3_plat_arch_setup(void)
{
+ unsigned long offset = 0;
const mmap_region_t bl_regions[] = {
MAP_REGION_FLAT(BL2_BASE, BL2_END - BL2_BASE,
MT_MEMORY | MT_RW | MT_SECURE),
@@ -123,14 +125,17 @@
switch (boot_source) {
case BOOT_SOURCE_SDMMC:
dw_mmc_init(¶ms, &mmc_info);
- socfpga_io_setup(boot_source);
+ socfpga_io_setup(boot_source, PLAT_SDMMC_DATA_BASE);
break;
case BOOT_SOURCE_QSPI:
cad_qspi_init(0, QSPI_CONFIG_CPHA, QSPI_CONFIG_CPOL,
QSPI_CONFIG_CSDA, QSPI_CONFIG_CSDADS,
QSPI_CONFIG_CSEOT, QSPI_CONFIG_CSSOT, 0);
- socfpga_io_setup(boot_source);
+ if (ros_qspi_get_ssbl_offset(&offset) != ROS_RET_OK) {
+ offset = PLAT_QSPI_DATA_BASE;
+ }
+ socfpga_io_setup(boot_source, offset);
break;
default:
diff --git a/plat/intel/soc/agilex/platform.mk b/plat/intel/soc/agilex/platform.mk
index f81480d..6780845 100644
--- a/plat/intel/soc/agilex/platform.mk
+++ b/plat/intel/soc/agilex/platform.mk
@@ -47,6 +47,7 @@
plat/intel/soc/agilex/soc/agilex_pinmux.c \
plat/intel/soc/common/bl2_plat_mem_params_desc.c \
plat/intel/soc/common/socfpga_image_load.c \
+ plat/intel/soc/common/socfpga_ros.c \
plat/intel/soc/common/socfpga_storage.c \
plat/intel/soc/common/soc/socfpga_emac.c \
plat/intel/soc/common/soc/socfpga_firewall.c \
@@ -77,6 +78,8 @@
plat/intel/soc/common/soc/socfpga_mailbox.c \
plat/intel/soc/common/soc/socfpga_reset_manager.c
+$(eval $(call add_define,ARM_PRELOADED_DTB_BASE))
+
PROGRAMMABLE_RESET_ADDRESS := 0
RESET_TO_BL2 := 1
BL2_INV_DCACHE := 0
diff --git a/plat/intel/soc/agilex5/bl2_plat_setup.c b/plat/intel/soc/agilex5/bl2_plat_setup.c
index 5c15148..c74d799 100644
--- a/plat/intel/soc/agilex5/bl2_plat_setup.c
+++ b/plat/intel/soc/agilex5/bl2_plat_setup.c
@@ -34,6 +34,7 @@
#include "socfpga_mailbox.h"
#include "socfpga_private.h"
#include "socfpga_reset_manager.h"
+#include "socfpga_ros.h"
#include "wdt/watchdog.h"
@@ -96,6 +97,7 @@
void bl2_el3_plat_arch_setup(void)
{
handoff reverse_handoff_ptr;
+ unsigned long offset = 0;
struct cdns_sdmmc_params params = EMMC_INIT_PARAMS((uintptr_t) &cdns_desc, get_mmc_clk());
@@ -109,7 +111,7 @@
case BOOT_SOURCE_SDMMC:
NOTICE("SDMMC boot\n");
sdmmc_init(&reverse_handoff_ptr, ¶ms, &mmc_info);
- socfpga_io_setup(boot_source);
+ socfpga_io_setup(boot_source, PLAT_SDMMC_DATA_BASE);
break;
case BOOT_SOURCE_QSPI:
@@ -117,13 +119,16 @@
cad_qspi_init(0, QSPI_CONFIG_CPHA, QSPI_CONFIG_CPOL,
QSPI_CONFIG_CSDA, QSPI_CONFIG_CSDADS,
QSPI_CONFIG_CSEOT, QSPI_CONFIG_CSSOT, 0);
- socfpga_io_setup(boot_source);
+ if (ros_qspi_get_ssbl_offset(&offset) != ROS_RET_OK) {
+ offset = PLAT_QSPI_DATA_BASE;
+ }
+ socfpga_io_setup(boot_source, offset);
break;
case BOOT_SOURCE_NAND:
NOTICE("NAND boot\n");
nand_init(&reverse_handoff_ptr);
- socfpga_io_setup(boot_source);
+ socfpga_io_setup(boot_source, PLAT_NAND_DATA_BASE);
break;
default:
diff --git a/plat/intel/soc/agilex5/include/socfpga_plat_def.h b/plat/intel/soc/agilex5/include/socfpga_plat_def.h
index 1ce1cff..acdbe17 100644
--- a/plat/intel/soc/agilex5/include/socfpga_plat_def.h
+++ b/plat/intel/soc/agilex5/include/socfpga_plat_def.h
@@ -56,7 +56,7 @@
#define SOCFPGA_LWSOC2FPGA_SCR_REG_BASE 0x10d21300
/* Define maximum page size for NAND flash devices */
-#define PLATFORM_MTD_MAX_PAGE_SIZE U(0x1000)
+#define PLATFORM_MTD_MAX_PAGE_SIZE U(0x2000)
/*******************************************************************************
* Platform memory map related constants
diff --git a/plat/intel/soc/agilex5/platform.mk b/plat/intel/soc/agilex5/platform.mk
index b42253b..7302164 100644
--- a/plat/intel/soc/agilex5/platform.mk
+++ b/plat/intel/soc/agilex5/platform.mk
@@ -60,6 +60,7 @@
plat/intel/soc/agilex5/soc/agilex5_power_manager.c \
plat/intel/soc/common/bl2_plat_mem_params_desc.c \
plat/intel/soc/common/socfpga_image_load.c \
+ plat/intel/soc/common/socfpga_ros.c \
plat/intel/soc/common/socfpga_storage.c \
plat/intel/soc/common/socfpga_vab.c \
plat/intel/soc/common/soc/socfpga_emac.c \
@@ -100,6 +101,10 @@
CTX_INCLUDE_AARCH32_REGS := 0
ERRATA_A55_1530923 := 1
+# Don't have the Linux kernel as a BL33 image by default
+ARM_LINUX_KERNEL_AS_BL33 := 0
+$(eval $(call assert_boolean,ARM_LINUX_KERNEL_AS_BL33))
+$(eval $(call add_define,ARM_LINUX_KERNEL_AS_BL33))
$(eval $(call add_define,ARM_PRELOADED_DTB_BASE))
PROGRAMMABLE_RESET_ADDRESS := 0
diff --git a/plat/intel/soc/common/bl2_plat_mem_params_desc.c b/plat/intel/soc/common/bl2_plat_mem_params_desc.c
index 187c53a..a09fb70 100644
--- a/plat/intel/soc/common/bl2_plat_mem_params_desc.c
+++ b/plat/intel/soc/common/bl2_plat_mem_params_desc.c
@@ -88,9 +88,27 @@
.image_info.image_base = PLAT_NS_IMAGE_OFFSET,
.image_info.image_max_size =
0x0 + 0x40000000 - PLAT_NS_IMAGE_OFFSET,
+# if ARM_LINUX_KERNEL_AS_BL33 != 0
+ .next_handoff_image_id = NT_FW_CONFIG_ID,
+ },
+
+ {
+ .image_id = NT_FW_CONFIG_ID,
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_IMAGE_BINARY,
+ VERSION_2, entry_point_info_t,
+ NON_SECURE | NON_EXECUTABLE),
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_IMAGE_BINARY,
+ VERSION_2, image_info_t, 0),
+ .image_info.image_base = ARM_PRELOADED_DTB_BASE,
+ .image_info.image_max_size =
+ 0x0 + 0x40000000 - ARM_PRELOADED_DTB_BASE,
.next_handoff_image_id = INVALID_IMAGE_ID,
},
+#else
+ .next_handoff_image_id = INVALID_IMAGE_ID,
+ },
+# endif
};
REGISTER_BL_IMAGE_DESCS(bl2_mem_params_descs)
diff --git a/plat/intel/soc/common/drivers/nand/nand.c b/plat/intel/soc/common/drivers/nand/nand.c
index c6acbe3..7fd955a 100644
--- a/plat/intel/soc/common/drivers/nand/nand.c
+++ b/plat/intel/soc/common/drivers/nand/nand.c
@@ -38,18 +38,12 @@
mmio_write_32(SOCFPGA_PINMUX(PIN12SEL), SOCFPGA_PINMUX_SEL_NAND);
mmio_write_32(SOCFPGA_PINMUX(PIN13SEL), SOCFPGA_PINMUX_SEL_NAND);
mmio_write_32(SOCFPGA_PINMUX(PIN14SEL), SOCFPGA_PINMUX_SEL_NAND);
- mmio_write_32(SOCFPGA_PINMUX(PIN16SEL), SOCFPGA_PINMUX_SEL_NAND);
- mmio_write_32(SOCFPGA_PINMUX(PIN17SEL), SOCFPGA_PINMUX_SEL_NAND);
- mmio_write_32(SOCFPGA_PINMUX(PIN18SEL), SOCFPGA_PINMUX_SEL_NAND);
- mmio_write_32(SOCFPGA_PINMUX(PIN19SEL), SOCFPGA_PINMUX_SEL_NAND);
- mmio_write_32(SOCFPGA_PINMUX(PIN20SEL), SOCFPGA_PINMUX_SEL_NAND);
- mmio_write_32(SOCFPGA_PINMUX(PIN21SEL), SOCFPGA_PINMUX_SEL_NAND);
- mmio_write_32(SOCFPGA_PINMUX(PIN22SEL), SOCFPGA_PINMUX_SEL_NAND);
- mmio_write_32(SOCFPGA_PINMUX(PIN23SEL), SOCFPGA_PINMUX_SEL_NAND);
}
int nand_init(handoff *hoff_ptr)
{
+ (void)(hoff_ptr);
+
/* NAND pin mux configuration */
nand_pinmux_config();
diff --git a/plat/intel/soc/common/include/platform_def.h b/plat/intel/soc/common/include/platform_def.h
index 49fc567..1946898 100644
--- a/plat/intel/soc/common/include/platform_def.h
+++ b/plat/intel/soc/common/include/platform_def.h
@@ -44,6 +44,10 @@
#define PLAT_HANDOFF_OFFSET 0xFFE3F000
#endif
+#define PLAT_QSPI_DATA_BASE (0x3C00000)
+#define PLAT_NAND_DATA_BASE (0x0200000)
+#define PLAT_SDMMC_DATA_BASE (0x0)
+
/*******************************************************************************
* Platform binary types for linking
******************************************************************************/
diff --git a/plat/intel/soc/common/include/socfpga_private.h b/plat/intel/soc/common/include/socfpga_private.h
index 242dd73..041c282 100644
--- a/plat/intel/soc/common/include/socfpga_private.h
+++ b/plat/intel/soc/common/include/socfpga_private.h
@@ -33,7 +33,7 @@
void enable_nonsecure_access(void);
-void socfpga_io_setup(int boot_source);
+void socfpga_io_setup(int boot_source, unsigned long offset);
void socfgpa_configure_mmu_el3(unsigned long total_base,
unsigned long total_size,
diff --git a/plat/intel/soc/common/include/socfpga_ros.h b/plat/intel/soc/common/include/socfpga_ros.h
new file mode 100644
index 0000000..10cabd3
--- /dev/null
+++ b/plat/intel/soc/common/include/socfpga_ros.h
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2024, Intel Corporation. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef SOCFPGA_ROS_H
+#define SOCFPGA_ROS_H
+
+#include <arch_helpers.h>
+#include <lib/utils_def.h>
+
+/** status response*/
+#define ROS_RET_OK (0x00U)
+#define ROS_RET_INVALID (0x01U)
+#define ROS_RET_NOT_RSU_MODE (0x02U)
+#define ROS_QSPI_READ_ERROR (0x03U)
+#define ROS_SPT_BAD_MAGIC_NUM (0x04U)
+#define ROS_SPT_CRC_ERROR (0x05U)
+#define ROS_IMAGE_INDEX_ERR (0x06U)
+#define ROS_IMAGE_PARTNUM_OVFL (0x07U)
+
+#define ADDR_64(h, l) (((((unsigned long)(h)) & 0xffffffff) << 32) | \
+ (((unsigned long)(l)) & 0xffffffff))
+
+#define RSU_GET_SPT_RESP_SIZE (4U)
+
+#define RSU_STATUS_RES_SIZE (9U)
+
+#define SPT_MAGIC_NUMBER (0x57713427U)
+#define SPT_VERSION (0U)
+#define SPT_FLAG_RESERVED (1U)
+#define SPT_FLAG_READONLY (2U)
+
+#define SPT_MAX_PARTITIONS (127U)
+#define SPT_PARTITION_NAME_LENGTH (16U)
+#define SPT_RSVD_LENGTH (4U)
+#define SPT_SIZE (4096U)
+/*BOOT_INFO + FACTORY_IMAGE + SPT0 + SPT1 + CPB0 + CPB1 + FACTORY_IM.SSBL+ *APP* + *APP*.SSBL*/
+#define SPT_MIN_PARTITIONS (9U)
+
+#define FACTORY_IMAGE "FACTORY_IMAGE"
+#define FACTORY_SSBL "FACTORY_IM.SSBL"
+#define SSBL_SUFFIX ".SSBL"
+
+typedef struct {
+ const uint32_t magic_number;
+ const uint32_t version;
+ const uint32_t partitions;
+ uint32_t checksum;
+ const uint32_t __RSVD[SPT_RSVD_LENGTH];
+ struct {
+ const char name[SPT_PARTITION_NAME_LENGTH];
+ const uint64_t offset;
+ const uint32_t length;
+ const uint32_t flags;
+ } partition[SPT_MAX_PARTITIONS];
+} __packed spt_table_t;
+
+uint32_t ros_qspi_get_ssbl_offset(unsigned long *offset);
+
+#endif /* SOCFPGA_ROS_H */
diff --git a/plat/intel/soc/common/socfpga_ros.c b/plat/intel/soc/common/socfpga_ros.c
new file mode 100644
index 0000000..ea37384
--- /dev/null
+++ b/plat/intel/soc/common/socfpga_ros.c
@@ -0,0 +1,188 @@
+/*
+ * Copyright (c) 2024, Intel Corporation. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/* system header files*/
+#include <assert.h>
+#include <endian.h>
+#include <string.h>
+
+/* CRC function header */
+#include <common/tf_crc32.h>
+
+/* Cadense qspi driver*/
+#include <qspi/cadence_qspi.h>
+
+/* Mailbox driver*/
+#include <socfpga_mailbox.h>
+
+#include <socfpga_ros.h>
+
+static void swap_bits(char *const data, uint32_t len)
+{
+ uint32_t x, y;
+ char tmp;
+
+ for (x = 0U; x < len; x++) {
+ tmp = 0U;
+ for (y = 0U; y < 8; y++) {
+ tmp <<= 1;
+ if (data[x] & 1) {
+ tmp |= 1;
+ }
+ data[x] >>= 1;
+ }
+ data[x] = tmp;
+ }
+}
+
+static uint32_t get_current_image_index(spt_table_t *spt_buf, uint32_t *const img_index)
+{
+ if (spt_buf == NULL || img_index == NULL) {
+ return ROS_RET_INVALID;
+ }
+
+ uint32_t ret;
+ unsigned long current_image;
+ uint32_t rsu_status[RSU_STATUS_RES_SIZE];
+
+ if (spt_buf->partitions < SPT_MIN_PARTITIONS || spt_buf->partitions > SPT_MAX_PARTITIONS) {
+ return ROS_IMAGE_PARTNUM_OVFL;
+ }
+
+ ret = mailbox_rsu_status(rsu_status, RSU_STATUS_RES_SIZE);
+ if (ret != MBOX_RET_OK) {
+ return ROS_RET_NOT_RSU_MODE;
+ }
+
+ current_image = ADDR_64(rsu_status[1], rsu_status[0]);
+ NOTICE("ROS: Current image is at 0x%08lx\n", current_image);
+
+ *img_index = 0U;
+ for (uint32_t index = 0U ; index < spt_buf->partitions; index++) {
+ if (spt_buf->partition[index].offset == current_image) {
+ *img_index = index;
+ break;
+ }
+ }
+
+ if (*img_index == 0U) {
+ return ROS_IMAGE_INDEX_ERR;
+ }
+
+ return ROS_RET_OK;
+}
+
+static uint32_t load_and_check_spt(spt_table_t *spt_ptr, size_t offset)
+{
+
+ if (spt_ptr == NULL || offset == 0U) {
+ return ROS_RET_INVALID;
+ }
+
+ int ret;
+ uint32_t calc_crc;
+ static spt_table_t spt_data;
+
+ ret = cad_qspi_read(spt_ptr, offset, SPT_SIZE);
+ if (ret != 0U) {
+ return ROS_QSPI_READ_ERROR;
+ }
+
+ if (spt_ptr->magic_number != SPT_MAGIC_NUMBER) {
+ return ROS_SPT_BAD_MAGIC_NUM;
+ }
+
+ if (spt_ptr->partitions < SPT_MIN_PARTITIONS || spt_ptr->partitions > SPT_MAX_PARTITIONS) {
+ return ROS_IMAGE_PARTNUM_OVFL;
+ }
+
+ memcpy_s(&spt_data, SPT_SIZE, spt_ptr, SPT_SIZE);
+ spt_data.checksum = 0U;
+ swap_bits((char *)&spt_data, SPT_SIZE);
+
+ calc_crc = tf_crc32(0, (uint8_t *)&spt_data, SPT_SIZE);
+ if (bswap32(spt_ptr->checksum) != calc_crc) {
+ return ROS_SPT_CRC_ERROR;
+ }
+
+ NOTICE("ROS: SPT table at 0x%08lx is verified\n", offset);
+ return ROS_RET_OK;
+}
+
+static uint32_t get_spt(spt_table_t *spt_buf)
+{
+ if (spt_buf == NULL) {
+ return ROS_RET_INVALID;
+ }
+
+ uint32_t ret;
+ uint32_t spt_offset[RSU_GET_SPT_RESP_SIZE];
+
+ /* Get SPT offset from SDM via mailbox commands */
+ ret = mailbox_rsu_get_spt_offset(spt_offset, RSU_GET_SPT_RESP_SIZE);
+ if (ret != MBOX_RET_OK) {
+ WARN("ROS: Not booted in RSU mode\n");
+ return ROS_RET_NOT_RSU_MODE;
+ }
+
+ /* Print the SPT table addresses */
+ VERBOSE("ROS: SPT0 0x%08lx\n", ADDR_64(spt_offset[0], spt_offset[1]));
+ VERBOSE("ROS: SPT1 0x%08lx\n", ADDR_64(spt_offset[2], spt_offset[3]));
+
+ /* Load and validate SPT1*/
+ ret = load_and_check_spt(spt_buf, ADDR_64(spt_offset[2], spt_offset[3]));
+ if (ret != ROS_RET_OK) {
+ /* Load and validate SPT0*/
+ ret = load_and_check_spt(spt_buf, ADDR_64(spt_offset[0], spt_offset[1]));
+ if (ret != ROS_RET_OK) {
+ WARN("Both SPT tables are unusable\n");
+ return ret;
+ }
+ }
+
+ return ROS_RET_OK;
+}
+
+uint32_t ros_qspi_get_ssbl_offset(unsigned long *offset)
+{
+ if (offset == NULL) {
+ return ROS_RET_INVALID;
+ }
+
+ uint32_t ret, img_index;
+ char ssbl_name[SPT_PARTITION_NAME_LENGTH];
+ static spt_table_t spt;
+
+ ret = get_spt(&spt);
+ if (ret != ROS_RET_OK) {
+ return ret;
+ }
+
+ ret = get_current_image_index(&spt, &img_index);
+ if (ret != ROS_RET_OK) {
+ return ret;
+ }
+
+ if (strncmp(spt.partition[img_index].name, FACTORY_IMAGE,
+ SPT_PARTITION_NAME_LENGTH) == 0U) {
+ strlcpy(ssbl_name, FACTORY_SSBL, SPT_PARTITION_NAME_LENGTH);
+ } else {
+ strlcpy(ssbl_name, spt.partition[img_index].name,
+ SPT_PARTITION_NAME_LENGTH);
+ strlcat(ssbl_name, SSBL_SUFFIX, SPT_PARTITION_NAME_LENGTH);
+ }
+
+ for (uint32_t index = 0U; index < spt.partitions; index++) {
+ if (strncmp(spt.partition[index].name, ssbl_name,
+ SPT_PARTITION_NAME_LENGTH) == 0U) {
+ *offset = spt.partition[index].offset;
+ NOTICE("ROS: Corresponding SSBL is at 0x%08lx\n", *offset);
+ return ROS_RET_OK;
+ }
+ }
+
+ return ROS_IMAGE_INDEX_ERR;
+}
diff --git a/plat/intel/soc/common/socfpga_storage.c b/plat/intel/soc/common/socfpga_storage.c
index e80f074..d250d9e 100644
--- a/plat/intel/soc/common/socfpga_storage.c
+++ b/plat/intel/soc/common/socfpga_storage.c
@@ -24,16 +24,13 @@
#include "drivers/sdmmc/sdmmc.h"
#include "socfpga_private.h"
+#include "socfpga_ros.h"
#define PLAT_FIP_BASE (0)
#define PLAT_FIP_MAX_SIZE (0x1000000)
#define PLAT_MMC_DATA_BASE (0xffe3c000)
#define PLAT_MMC_DATA_SIZE (0x2000)
-#define PLAT_QSPI_DATA_BASE (0x3C00000)
-#define PLAT_QSPI_DATA_SIZE (0x1000000)
-#define PLAT_NAND_DATA_BASE (0x0200000)
-#define PLAT_NAND_DATA_SIZE (0x1000000)
static const io_dev_connector_t *fip_dev_con;
static const io_dev_connector_t *boot_dev_con;
@@ -55,6 +52,12 @@
.uuid = UUID_NON_TRUSTED_FIRMWARE_BL33,
};
+# if ARM_LINUX_KERNEL_AS_BL33 != 0
+static const io_uuid_spec_t nt_fw_config_uuid_spec = {
+ .uuid = UUID_NT_FW_CONFIG,
+};
+# endif
+
uintptr_t a2_lba_offset;
const char a2[] = {0xa2, 0x0};
@@ -101,6 +104,13 @@
(uintptr_t) &bl33_uuid_spec,
check_fip
},
+# if ARM_LINUX_KERNEL_AS_BL33 != 0
+ [NT_FW_CONFIG_ID] = {
+ &fip_dev_handle,
+ (uintptr_t)&nt_fw_config_uuid_spec,
+ check_fip
+ },
+# endif
[GPT_IMAGE_ID] = {
&boot_dev_handle,
(uintptr_t) &gpt_block_spec,
@@ -136,9 +146,10 @@
return result;
}
-void socfpga_io_setup(int boot_source)
+void socfpga_io_setup(int boot_source, unsigned long offset)
{
int result;
+ fip_spec.offset = offset;
switch (boot_source) {
case BOOT_SOURCE_SDMMC:
@@ -152,7 +163,6 @@
case BOOT_SOURCE_QSPI:
register_io_dev = ®ister_io_dev_memmap;
- fip_spec.offset = PLAT_QSPI_DATA_BASE;
break;
#if PLATFORM_MODEL == PLAT_SOCFPGA_AGILEX5
@@ -161,7 +171,6 @@
nand_dev_spec.ops.init = cdns_nand_init_mtd;
nand_dev_spec.ops.read = cdns_nand_read;
nand_dev_spec.ops.write = NULL;
- fip_spec.offset = PLAT_NAND_DATA_BASE;
break;
#endif
diff --git a/plat/intel/soc/n5x/platform.mk b/plat/intel/soc/n5x/platform.mk
index 95f076f..29fd0eb 100644
--- a/plat/intel/soc/n5x/platform.mk
+++ b/plat/intel/soc/n5x/platform.mk
@@ -46,6 +46,8 @@
plat/intel/soc/common/soc/socfpga_mailbox.c \
plat/intel/soc/common/soc/socfpga_reset_manager.c
+$(eval $(call add_define,ARM_PRELOADED_DTB_BASE))
+
PROGRAMMABLE_RESET_ADDRESS := 0
RESET_TO_BL2 := 1
BL2_INV_DCACHE := 0
diff --git a/plat/intel/soc/stratix10/bl2_plat_setup.c b/plat/intel/soc/stratix10/bl2_plat_setup.c
index 73e3216..d140394 100644
--- a/plat/intel/soc/stratix10/bl2_plat_setup.c
+++ b/plat/intel/soc/stratix10/bl2_plat_setup.c
@@ -122,14 +122,14 @@
switch (boot_source) {
case BOOT_SOURCE_SDMMC:
dw_mmc_init(¶ms, &mmc_info);
- socfpga_io_setup(boot_source);
+ socfpga_io_setup(boot_source, PLAT_SDMMC_DATA_BASE);
break;
case BOOT_SOURCE_QSPI:
cad_qspi_init(0, QSPI_CONFIG_CPHA, QSPI_CONFIG_CPOL,
QSPI_CONFIG_CSDA, QSPI_CONFIG_CSDADS,
QSPI_CONFIG_CSEOT, QSPI_CONFIG_CSSOT, 0);
- socfpga_io_setup(boot_source);
+ socfpga_io_setup(boot_source, PLAT_QSPI_DATA_BASE);
break;
default:
diff --git a/plat/intel/soc/stratix10/platform.mk b/plat/intel/soc/stratix10/platform.mk
index 9567c45..afcf514 100644
--- a/plat/intel/soc/stratix10/platform.mk
+++ b/plat/intel/soc/stratix10/platform.mk
@@ -76,6 +76,8 @@
plat/intel/soc/common/soc/socfpga_mailbox.c \
plat/intel/soc/common/soc/socfpga_reset_manager.c
+$(eval $(call add_define,ARM_PRELOADED_DTB_BASE))
+
PROGRAMMABLE_RESET_ADDRESS := 0
RESET_TO_BL2 := 1
USE_COHERENT_MEM := 1
diff --git a/plat/nvidia/tegra/platform.mk b/plat/nvidia/tegra/platform.mk
index 2365564..6ca90a0 100644
--- a/plat/nvidia/tegra/platform.mk
+++ b/plat/nvidia/tegra/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
# Copyright (c) 2020, NVIDIA Corporation. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
@@ -82,7 +82,7 @@
INCLUDES += -Iinclude/lib/libc \
-Iinclude/lib/libc/$(ARCH) \
-ifneq ($(findstring armlink,$(notdir $(LD))),)
+ifeq ($($(ARCH)-ld-id),arm-link)
# o suppress warnings for section mismatches, undefined symbols
# o use only those libraries that are specified in the input file
# list to resolve references
diff --git a/plat/qemu/common/common.mk b/plat/qemu/common/common.mk
index 36d9f5b..16187ef 100644
--- a/plat/qemu/common/common.mk
+++ b/plat/qemu/common/common.mk
@@ -109,7 +109,9 @@
# 8.5
ENABLE_FEAT_RNG := 2
-ENABLE_FEAT_SB := 2
+# TF-A currently does not do dynamic detection of FEAT_SB.
+# Compiler puts SB instruction when it is enabled.
+ENABLE_FEAT_SB := 0
# 8.6
ENABLE_FEAT_FGT := 2
diff --git a/plat/qemu/qemu_sbsa/include/platform_def.h b/plat/qemu/qemu_sbsa/include/platform_def.h
index 14030e3..e8f0344 100644
--- a/plat/qemu/qemu_sbsa/include/platform_def.h
+++ b/plat/qemu/qemu_sbsa/include/platform_def.h
@@ -62,6 +62,11 @@
#define CACHE_WRITEBACK_GRANULE (1 << CACHE_WRITEBACK_SHIFT)
/*
+ * Define the max number of memory nodes.
+ */
+#define PLAT_MAX_MEM_NODES 128
+
+/*
* Partition memory into secure ROM, non-secure DRAM, secure "SRAM",
* and secure DRAM.
*/
diff --git a/plat/qemu/qemu_sbsa/sbsa_sip_svc.c b/plat/qemu/qemu_sbsa/sbsa_sip_svc.c
index ed49e91..535f0eb 100644
--- a/plat/qemu/qemu_sbsa/sbsa_sip_svc.c
+++ b/plat/qemu/qemu_sbsa/sbsa_sip_svc.c
@@ -30,6 +30,8 @@
#define SIP_SVC_GET_GIC_ITS SIP_FUNCTION_ID(101)
#define SIP_SVC_GET_CPU_COUNT SIP_FUNCTION_ID(200)
#define SIP_SVC_GET_CPU_NODE SIP_FUNCTION_ID(201)
+#define SIP_SVC_GET_MEMORY_NODE_COUNT SIP_FUNCTION_ID(300)
+#define SIP_SVC_GET_MEMORY_NODE SIP_FUNCTION_ID(301)
static uint64_t gic_its_addr;
@@ -38,9 +40,17 @@
uint32_t mpidr;
} cpu_data;
+typedef struct{
+ uint32_t nodeid;
+ uint64_t addr_base;
+ uint64_t addr_size;
+} memory_data;
+
static struct {
uint32_t num_cpus;
+ uint32_t num_memnodes;
cpu_data cpu[PLATFORM_CORE_COUNT];
+ memory_data memory[PLAT_MAX_MEM_NODES];
} dynamic_platform_info;
void sbsa_set_gic_bases(const uintptr_t gicd_base, const uintptr_t gicr_base);
@@ -127,6 +137,79 @@
INFO("Found %d cpus\n", dynamic_platform_info.num_cpus);
}
+void read_meminfo_from_dt(void *dtb)
+{
+ const fdt32_t *prop;
+ const char *type;
+ int prev, node;
+ int len;
+ uint32_t nodeid = 0;
+ uint32_t memnode = 0;
+ uint32_t higher_value, lower_value;
+ uint64_t cur_base, cur_size;
+
+ /*
+ * QEMU gives us this DeviceTree node:
+ *
+ * memory@100c0000000 {
+ * numa-node-id = <0x01>;
+ * reg = <0x100 0xc0000000 0x00 0x40000000>;
+ * device_type = "memory";
+ * };
+ *
+ * memory@10000000000 {
+ * numa-node-id = <0x00>;
+ * reg = <0x100 0x00 0x00 0xc0000000>;
+ * device_type = "memory";
+ * }
+ */
+
+ for (prev = 0;; prev = node) {
+ node = fdt_next_node(dtb, prev, NULL);
+ if (node < 0) {
+ break;
+ }
+
+ type = fdt_getprop(dtb, node, "device_type", &len);
+ if (type && strncmp(type, "memory", len) == 0) {
+ if (fdt_getprop(dtb, node, "numa-node-id", NULL)) {
+ fdt_read_uint32(dtb, node, "numa-node-id", &nodeid);
+ }
+
+ dynamic_platform_info.memory[memnode].nodeid = nodeid;
+
+ /*
+ * Get the 'reg' property of this node and
+ * assume two 8 bytes for base and size.
+ */
+ prop = fdt_getprop(dtb, node, "reg", &len);
+ if (prop != 0 && len == (2 * sizeof(int64_t))) {
+ higher_value = fdt32_to_cpu(*prop);
+ lower_value = fdt32_to_cpu(*(prop + 1));
+ cur_base = (uint64_t)(lower_value | ((uint64_t)higher_value) << 32);
+
+ higher_value = fdt32_to_cpu(*(prop + 2));
+ lower_value = fdt32_to_cpu(*(prop + 3));
+ cur_size = (uint64_t)(lower_value | ((uint64_t)higher_value) << 32);
+
+ dynamic_platform_info.memory[memnode].addr_base = cur_base;
+ dynamic_platform_info.memory[memnode].addr_size = cur_size;
+
+ INFO("RAM %d: node-id: %d, address: 0x%lx - 0x%lx\n",
+ memnode,
+ dynamic_platform_info.memory[memnode].nodeid,
+ dynamic_platform_info.memory[memnode].addr_base,
+ dynamic_platform_info.memory[memnode].addr_base +
+ dynamic_platform_info.memory[memnode].addr_size - 1);
+ }
+
+ memnode++;
+ }
+ }
+
+ dynamic_platform_info.num_memnodes = memnode;
+}
+
void read_platform_config_from_dt(void *dtb)
{
int node;
@@ -222,6 +305,7 @@
read_platform_config_from_dt(dtb);
read_cpuinfo_from_dt(dtb);
+ read_meminfo_from_dt(dtb);
}
/*
@@ -270,6 +354,20 @@
SMC_RET1(handle, SMC_ARCH_CALL_INVAL_PARAM);
}
+ case SIP_SVC_GET_MEMORY_NODE_COUNT:
+ SMC_RET2(handle, NULL, dynamic_platform_info.num_memnodes);
+
+ case SIP_SVC_GET_MEMORY_NODE:
+ index = x1;
+ if (index < PLAT_MAX_MEM_NODES) {
+ SMC_RET4(handle, NULL,
+ dynamic_platform_info.memory[index].nodeid,
+ dynamic_platform_info.memory[index].addr_base,
+ dynamic_platform_info.memory[index].addr_size);
+ } else {
+ SMC_RET1(handle, SMC_ARCH_CALL_INVAL_PARAM);
+ }
+
default:
ERROR("%s: unhandled SMC (0x%x) (function id: %d)\n", __func__, smc_fid,
smc_fid - SIP_FUNCTION);
diff --git a/plat/renesas/common/aarch64/plat_helpers.S b/plat/renesas/common/aarch64/plat_helpers.S
index a7fdfa0..572620d 100644
--- a/plat/renesas/common/aarch64/plat_helpers.S
+++ b/plat/renesas/common/aarch64/plat_helpers.S
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
- * Copyright (c) 2015-2021, Renesas Electronics Corporation. All rights reserved.
+ * Copyright (c) 2015-2023, Renesas Electronics Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -172,15 +172,16 @@
* BL31 will initialize the address space according to its
* own requirement.
*/
-#if RCAR_BL2_DCACHE == 1
/* Disable mmu and data cache */
bl disable_mmu_el3
+#if RCAR_BL2_DCACHE == 1
/* Data cache clean and invalidate */
mov x0, #DCCISW
bl dcsw_op_all
+#endif /* RCAR_BL2_DCACHE == 1 */
/* TLB invalidate all, EL3 */
tlbi alle3
-#endif /* RCAR_BL2_DCACHE == 1 */
+
bl disable_mmu_icache_el3
/* Invalidate instruction cache */
ic iallu
diff --git a/plat/renesas/common/aarch64/platform_common.c b/plat/renesas/common/aarch64/platform_common.c
index 17ccb28..9e7d526 100644
--- a/plat/renesas/common/aarch64/platform_common.c
+++ b/plat/renesas/common/aarch64/platform_common.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved.
- * Copyright (c) 2015-2017, Renesas Electronics Corporation. All rights reserved.
+ * Copyright (c) 2015-2023, Renesas Electronics Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -30,13 +30,19 @@
const uint8_t version_of_renesas[VERSION_OF_RENESAS_MAXLEN]
__attribute__ ((__section__(".ro"))) = VERSION_OF_RENESAS;
+#if (IMAGE_BL2) && (RCAR_BL2_DCACHE != 1)
+#define RCAR_DCACHE MT_NON_CACHEABLE
+#else
+#define RCAR_DCACHE MT_MEMORY
+#endif
+
#define MAP_SHARED_RAM MAP_REGION_FLAT(RCAR_SHARED_MEM_BASE, \
RCAR_SHARED_MEM_SIZE, \
MT_MEMORY | MT_RW | MT_SECURE)
#define MAP_FLASH0 MAP_REGION_FLAT(FLASH0_BASE, \
FLASH0_SIZE, \
- MT_MEMORY | MT_RO | MT_SECURE)
+ RCAR_DCACHE | MT_RO | MT_SECURE)
#define MAP_DRAM1_NS MAP_REGION_FLAT(DRAM1_NS_BASE, \
DRAM1_NS_SIZE, \
@@ -68,7 +74,7 @@
#if IMAGE_BL2
#define MAP_DRAM0 MAP_REGION_FLAT(DRAM1_BASE, \
DRAM1_SIZE, \
- MT_MEMORY | MT_RW | MT_SECURE)
+ RCAR_DCACHE | MT_RW | MT_SECURE)
#define MAP_REG0 MAP_REGION_FLAT(DEVICE_RCAR_BASE, \
DEVICE_RCAR_SIZE, \
@@ -76,7 +82,7 @@
#define MAP_RAM0 MAP_REGION_FLAT(RCAR_SYSRAM_BASE, \
RCAR_SYSRAM_SIZE, \
- MT_MEMORY | MT_RW | MT_SECURE)
+ RCAR_DCACHE | MT_RW | MT_SECURE)
#define MAP_REG1 MAP_REGION_FLAT(REG1_BASE, \
REG1_SIZE, \
@@ -84,7 +90,7 @@
#define MAP_ROM MAP_REGION_FLAT(ROM0_BASE, \
ROM0_SIZE, \
- MT_MEMORY | MT_RO | MT_SECURE)
+ RCAR_DCACHE | MT_RO | MT_SECURE)
#define MAP_REG2 MAP_REGION_FLAT(REG2_BASE, \
REG2_SIZE, \
@@ -92,7 +98,7 @@
#define MAP_DRAM1 MAP_REGION_FLAT(DRAM_40BIT_BASE, \
DRAM_40BIT_SIZE, \
- MT_MEMORY | MT_RW | MT_SECURE)
+ RCAR_DCACHE | MT_RW | MT_SECURE)
#endif
#ifdef BL32_BASE
@@ -152,9 +158,9 @@
unsigned long coh_limit)
{
mmap_add_region(total_base, total_base, total_size,
- MT_MEMORY | MT_RW | MT_SECURE);
+ RCAR_DCACHE | MT_RW | MT_SECURE);
mmap_add_region(ro_start, ro_start, ro_limit - ro_start,
- MT_MEMORY | MT_RO | MT_SECURE);
+ RCAR_DCACHE | MT_RO | MT_SECURE);
mmap_add_region(coh_start, coh_start, coh_limit - coh_start,
MT_DEVICE | MT_RW | MT_SECURE);
mmap_add(rcar_mmap);
@@ -169,9 +175,9 @@
unsigned long ro_limit)
{
mmap_add_region(total_base, total_base, total_size,
- MT_MEMORY | MT_RW | MT_SECURE);
+ RCAR_DCACHE | MT_RW | MT_SECURE);
mmap_add_region(ro_start, ro_start, ro_limit - ro_start,
- MT_MEMORY | MT_RO | MT_SECURE);
+ RCAR_DCACHE | MT_RO | MT_SECURE);
mmap_add(rcar_mmap);
init_xlat_tables();
diff --git a/plat/renesas/common/include/rcar_version.h b/plat/renesas/common/include/rcar_version.h
index 5a0ca31..777ec6a 100644
--- a/plat/renesas/common/include/rcar_version.h
+++ b/plat/renesas/common/include/rcar_version.h
@@ -9,7 +9,7 @@
#include <arch_helpers.h>
-#define VERSION_OF_RENESAS "3.0.3"
+#define VERSION_OF_RENESAS "4.0.0"
#define VERSION_OF_RENESAS_MAXLEN 128
extern const uint8_t version_of_renesas[VERSION_OF_RENESAS_MAXLEN];
diff --git a/plat/renesas/rcar/bl2_plat_setup.c b/plat/renesas/rcar/bl2_plat_setup.c
index cf77da2..41031d6 100644
--- a/plat/renesas/rcar/bl2_plat_setup.c
+++ b/plat/renesas/rcar/bl2_plat_setup.c
@@ -48,10 +48,8 @@
#include "rcar_version.h"
#include "rom_api.h"
-#if RCAR_BL2_DCACHE == 1
/*
- * Following symbols are only used during plat_arch_setup() only
- * when RCAR_BL2_DCACHE is enabled.
+ * Following symbols are only used during plat_arch_setup()
*/
static const uint64_t BL2_RO_BASE = BL_CODE_BASE;
static const uint64_t BL2_RO_LIMIT = BL_CODE_END;
@@ -61,8 +59,6 @@
static const uint64_t BL2_COHERENT_RAM_LIMIT = BL_COHERENT_RAM_END;
#endif
-#endif
-
extern void plat_rcar_gic_driver_init(void);
extern void plat_rcar_gic_init(void);
extern void bl2_enter_bl31(const struct entry_point_info *bl_ep_info);
@@ -372,10 +368,16 @@
rcar_swdt_release();
bl2_system_cpg_init();
-#if RCAR_BL2_DCACHE == 1
/* Disable data cache (clean and invalidate) */
disable_mmu_el3();
+#if RCAR_BL2_DCACHE == 1
+ dcsw_op_all(DCCISW);
#endif
+ tlbialle3();
+ disable_mmu_icache_el3();
+ plat_invalidate_icache();
+ dsbsy();
+ isb();
}
static uint32_t is_ddr_backup_mode(void)
@@ -1274,8 +1276,6 @@
void bl2_el3_plat_arch_setup(void)
{
-#if RCAR_BL2_DCACHE == 1
- NOTICE("BL2: D-Cache enable\n");
rcar_configure_mmu_el3(BL2_BASE,
BL2_END - BL2_BASE,
BL2_RO_BASE, BL2_RO_LIMIT
@@ -1283,7 +1283,6 @@
, BL2_COHERENT_RAM_BASE, BL2_COHERENT_RAM_LIMIT
#endif
);
-#endif
}
void bl2_el3_plat_prepare_exit(void)
diff --git a/plat/renesas/rcar/platform.mk b/plat/renesas/rcar/platform.mk
index 670d499..5718478 100644
--- a/plat/renesas/rcar/platform.mk
+++ b/plat/renesas/rcar/platform.mk
@@ -6,6 +6,8 @@
include plat/renesas/common/common.mk
+ENABLE_STACK_PROTECTOR := strong
+
ifndef LSI
$(error "Error: Unknown LSI. Please use LSI=<LSI name> to specify the LSI")
else
@@ -333,6 +335,10 @@
$(ZLIB_SOURCES)
endif
+ifneq (${ENABLE_STACK_PROTECTOR},0)
+BL_COMMON_SOURCES += plat/renesas/rcar/rcar_stack_protector.c
+endif
+
ifeq (${RCAR_GEN3_ULCB},1)
BL31_SOURCES += drivers/renesas/rcar/cpld/ulcb_cpld.c
endif
@@ -365,7 +371,6 @@
.PHONY: rcar_srecord
rcar_srecord: $(BL2_ELF_SRC) $(BL31_ELF_SRC)
@echo "generating srec: ${SREC_PATH}/bl2.srec"
- $(Q)$(OC) -O srec --srec-forceS3 ${BL2_ELF_SRC} ${SREC_PATH}/bl2.srec
+ $(Q)$($(ARCH)-oc) -O srec --srec-forceS3 ${BL2_ELF_SRC} ${SREC_PATH}/bl2.srec
@echo "generating srec: ${SREC_PATH}/bl31.srec"
- $(Q)$(OC) -O srec --srec-forceS3 ${BL31_ELF_SRC} ${SREC_PATH}/bl31.srec
-
+ $(Q)$($(ARCH)-oc) -O srec --srec-forceS3 ${BL31_ELF_SRC} ${SREC_PATH}/bl31.srec
diff --git a/plat/renesas/rcar/rcar_stack_protector.c b/plat/renesas/rcar/rcar_stack_protector.c
new file mode 100644
index 0000000..ecceef4
--- /dev/null
+++ b/plat/renesas/rcar/rcar_stack_protector.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2021-2023, Renesas Electronics Corporation. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stdint.h>
+
+#include <arch_helpers.h>
+#include <common/debug.h>
+
+#define RANDOM_CANARY_VALUE ((u_register_t)0xDFF5FC8A720E205EULL)
+
+u_register_t plat_get_stack_protector_canary(void)
+{
+ u_register_t cnt;
+ u_register_t seed;
+ u_register_t mul;
+ u_register_t ret;
+ uintptr_t val1 = (uintptr_t)__builtin_return_address(0U);
+ uintptr_t val2 = (uintptr_t)__builtin_frame_address(0U);
+
+ cnt = read_cntpct_el0();
+ seed = (cnt ^ RANDOM_CANARY_VALUE) & ULONG_MAX;
+ ret = seed;
+
+ if ((ULONG_MAX/val1) > seed) {
+ mul = (u_register_t)(val1 * seed);
+ if ((mul < ULONG_MAX) &&
+ ((ULONG_MAX - (u_register_t)mul) > val2)) {
+ ret = mul + val2;
+ }
+ }
+
+ return ret;
+}
diff --git a/plat/renesas/rzg/platform.mk b/plat/renesas/rzg/platform.mk
index f37d7d0..89ca227 100644
--- a/plat/renesas/rzg/platform.mk
+++ b/plat/renesas/rzg/platform.mk
@@ -269,6 +269,6 @@
.PHONY: rzg_srecord
rzg_srecord: $(BL2_ELF_SRC) $(BL31_ELF_SRC)
@echo "generating srec: ${SREC_PATH}/bl2.srec"
- $(Q)$(OC) -O srec --srec-forceS3 ${BL2_ELF_SRC} ${SREC_PATH}/bl2.srec
+ $(Q)$($(ARCH)-oc) -O srec --srec-forceS3 ${BL2_ELF_SRC} ${SREC_PATH}/bl2.srec
@echo "generating srec: ${SREC_PATH}/bl31.srec"
- $(Q)$(OC) -O srec --srec-forceS3 ${BL31_ELF_SRC} ${SREC_PATH}/bl31.srec
+ $(Q)$($(ARCH)-oc) -O srec --srec-forceS3 ${BL31_ELF_SRC} ${SREC_PATH}/bl31.srec
diff --git a/plat/rockchip/rk3399/drivers/m0/Makefile b/plat/rockchip/rk3399/drivers/m0/Makefile
index 79e09f0..2abcc18 100644
--- a/plat/rockchip/rk3399/drivers/m0/Makefile
+++ b/plat/rockchip/rk3399/drivers/m0/Makefile
@@ -1,9 +1,13 @@
#
-# Copyright (c) 2016, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2016-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
+toolchains := rk3399-m0
+
+include ../../../../../make_helpers/toolchain.mk
+
# Cross Compile
M0_CROSS_COMPILE ?= arm-none-eabi-
@@ -38,14 +42,6 @@
ASFLAGS := -Wa,--gdwarf-2
LDFLAGS := -Wl,--gc-sections -Wl,--build-id=none
-# Cross tool
-CC := ${M0_CROSS_COMPILE}gcc
-CPP := ${M0_CROSS_COMPILE}cpp
-AR := ${M0_CROSS_COMPILE}ar
-OC := ${M0_CROSS_COMPILE}objcopy
-OD := ${M0_CROSS_COMPILE}objdump
-NM := ${M0_CROSS_COMPILE}nm
-
# NOTE: The line continuation '\' is required in the next define otherwise we
# end up with a line-feed characer at the end of the last c filename.
# Also bare this issue in mind if extending the list of supported filetypes.
@@ -76,7 +72,7 @@
$(OBJ) : $(2)
@echo " CC $$<"
- $$(Q)$$(CC) $$(COMMON_FLAGS) $$(CFLAGS) $$(INCLUDES) -MMD -MT $$@ -c $$< -o $$@
+ $$(Q)$(rk3399-m0-cc) $$(COMMON_FLAGS) $$(CFLAGS) $$(INCLUDES) -MMD -MT $$@ -c $$< -o $$@
endef
define MAKE_S
@@ -84,7 +80,7 @@
$(OBJ) : $(2)
@echo " AS $$<"
- $$(Q)$$(CC) -x assembler-with-cpp $$(COMMON_FLAGS) $$(ASFLAGS) -c $$< -o $$@
+ $$(Q)$(rk3399-m0-cc) -x assembler-with-cpp $$(COMMON_FLAGS) $$(ASFLAGS) -c $$< -o $$@
endef
define MAKE_OBJS
@@ -105,20 +101,20 @@
.DEFAULT_GOAL := all
$(LINKERFILE): $(LINKERFILE_SRC)
- $(CC) $(COMMON_FLAGS) $(INCLUDES) -P -E -D__LINKER__ -MMD -MF $@.d -MT $@ -o $@ $<
+ $(rk3399-m0-cc) $(COMMON_FLAGS) $(INCLUDES) -P -E -D__LINKER__ -MMD -MF $@.d -MT $@ -o $@ $<
-include $(LINKERFILE).d
$(ELF) : $(OBJS) $(OBJS_COMMON) $(LINKERFILE)
@echo " LD $@"
- $(Q)$(CC) -o $@ $(COMMON_FLAGS) $(LDFLAGS) -Wl,-Map=$(MAPFILE) -Wl,-T$(LINKERFILE) $(OBJS) $(OBJS_COMMON)
+ $(Q)$(rk3399-m0-cc) -o $@ $(COMMON_FLAGS) $(LDFLAGS) -Wl,-Map=$(MAPFILE) -Wl,-T$(LINKERFILE) $(OBJS) $(OBJS_COMMON)
%.bin : %.elf
@echo " BIN $@"
- $(Q)$(OC) -O binary $< $@
+ $(Q)$(rk3399-m0-oc) -O binary $< $@
$(ELF_PMU) : $(OBJS_COMMON) $(OBJS_PMU) $(LINKERFILE)
@echo " LD $@"
- $(Q)$(CC) -o $@ $(COMMON_FLAGS) $(LDFLAGS) -Wl,-Map=$(MAPFILE_PMU) -Wl,-T$(LINKERFILE) $(OBJS_PMU) $(OBJS_COMMON)
+ $(Q)$(rk3399-m0-cc) -o $@ $(COMMON_FLAGS) $(LDFLAGS) -Wl,-Map=$(MAPFILE_PMU) -Wl,-T$(LINKERFILE) $(OBJS_PMU) $(OBJS_COMMON)
$(eval $(call MAKE_OBJS,$(BUILD),$(SOURCES_COMMON),$(1)))
$(eval $(call MAKE_OBJS,$(BUILD),$(SOURCES),$(1)))
diff --git a/plat/rpi/rpi3/platform.mk b/plat/rpi/rpi3/platform.mk
index 06393e4..26a3268 100644
--- a/plat/rpi/rpi3/platform.mk
+++ b/plat/rpi/rpi3/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -52,9 +52,9 @@
${LIBFDT_SRCS}
# Tune compiler for Cortex-A53
-ifeq ($(notdir $(CC)),armclang)
+ifeq ($($(ARCH)-cc-id),arm-clang)
TF_CFLAGS_aarch64 += -mcpu=cortex-a53
-else ifneq ($(findstring clang,$(notdir $(CC))),)
+else ifneq ($(filter %-clang,$($(ARCH)-cc-id)),)
TF_CFLAGS_aarch64 += -mcpu=cortex-a53
else
TF_CFLAGS_aarch64 += -mtune=cortex-a53
diff --git a/plat/rpi/rpi4/platform.mk b/plat/rpi/rpi4/platform.mk
index 528eb1d..42a5416 100644
--- a/plat/rpi/rpi4/platform.mk
+++ b/plat/rpi/rpi4/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -39,9 +39,9 @@
COLD_BOOT_SINGLE_CPU := 0
# Tune compiler for Cortex-A72
-ifeq ($(notdir $(CC)),armclang)
+ifeq ($($(ARCH)-cc-id),arm-clang)
TF_CFLAGS_aarch64 += -mcpu=cortex-a72
-else ifneq ($(findstring clang,$(notdir $(CC))),)
+else ifneq ($(filter %-clang,$($(ARCH)-cc-id)),)
TF_CFLAGS_aarch64 += -mcpu=cortex-a72
else
TF_CFLAGS_aarch64 += -mtune=cortex-a72
@@ -113,4 +113,3 @@
ifeq ($(SMC_PCI_SUPPORT), 1)
BL31_SOURCES += plat/rpi/rpi4/rpi4_pci_svc.c
endif
-
diff --git a/plat/st/common/common.mk b/plat/st/common/common.mk
index 7f93961..f49112d 100644
--- a/plat/st/common/common.mk
+++ b/plat/st/common/common.mk
@@ -43,7 +43,7 @@
STM32MP_UART_PROGRAMMER ?= 0
STM32MP_USB_PROGRAMMER ?= 0
-$(eval DTC_V = $(shell $(DTC) -v | awk '{print $$NF}'))
+$(eval DTC_V = $(shell $($(ARCH)-dtc) -v | awk '{print $$NF}'))
$(eval DTC_VERSION = $(shell printf "%d" $(shell echo ${DTC_V} | cut -d- -f1 | sed "s/\./0/g" | grep -o "[0-9]*")))
DTC_CPPFLAGS += ${INCLUDES}
DTC_FLAGS += -Wno-unit_address_vs_reg
diff --git a/plat/st/common/common_rules.mk b/plat/st/common/common_rules.mk
index f39caab..212a67d 100644
--- a/plat/st/common/common_rules.mk
+++ b/plat/st/common/common_rules.mk
@@ -49,7 +49,7 @@
${BUILD_PLAT}/$(PLAT)-%.o: ${BUILD_PLAT}/fdts/%-bl2.dtb $(STM32_BINARY_MAPPING) bl2
@echo " AS $${PLAT}.S"
- ${Q}${AS} ${ASFLAGS} ${TF_CFLAGS} \
+ ${Q}$($(ARCH)-as) -x assembler-with-cpp $(TF_CFLAGS_$(ARCH)) ${ASFLAGS} ${TF_CFLAGS} \
-DDTB_BIN_PATH=\"$<\" \
-c $(word 2,$^) -o $@
@@ -57,14 +57,14 @@
tf-a-%.elf: $(PLAT)-%.o ${STM32_TF_LINKERFILE}
@echo " LDS $<"
-ifneq ($(findstring gcc,$(notdir $(LD))),)
- ${Q}${LD} -o $@ $(subst --,-Wl$(comma)--,${STM32_TF_ELF_LDFLAGS}) -nostartfiles -Wl,-Map=$(@:.elf=.map) -Wl,-dT ${STM32_TF_LINKERFILE} $<
+ifeq ($($(ARCH)-ld-id),gnu-gcc)
+ ${Q}$($(ARCH)-ld) -o $@ $(subst --,-Wl$(comma)--,${STM32_TF_ELF_LDFLAGS}) -nostartfiles -Wl,-Map=$(@:.elf=.map) -Wl,-dT ${STM32_TF_LINKERFILE} $<
else
- ${Q}${LD} -o $@ ${STM32_TF_ELF_LDFLAGS} -Map=$(@:.elf=.map) --script ${STM32_TF_LINKERFILE} $<
+ ${Q}$($(ARCH)-ld) -o $@ ${STM32_TF_ELF_LDFLAGS} -Map=$(@:.elf=.map) --script ${STM32_TF_LINKERFILE} $<
endif
tf-a-%.bin: tf-a-%.elf
- ${Q}${OC} -O binary $< $@
+ ${Q}$($(ARCH)-oc) -O binary $< $@
@echo
@echo "Built $@ successfully"
@echo
diff --git a/plat/st/common/include/stm32mp_common.h b/plat/st/common/include/stm32mp_common.h
index e334f22..0ff6092 100644
--- a/plat/st/common/include/stm32mp_common.h
+++ b/plat/st/common/include/stm32mp_common.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2018-2023, STMicroelectronics - All Rights Reserved
+ * Copyright (C) 2018-2024, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -14,17 +14,26 @@
#define JEDEC_ST_BKID U(0x0)
#define JEDEC_ST_MFID U(0x20)
+#define STM32MP_CHIP_SEC_CLOSED U(0x34D9CCC5)
+#define STM32MP_CHIP_SEC_OPEN U(0xA764D182)
+
/* FWU configuration (max supported value is 15) */
#define FWU_MAX_TRIAL_REBOOT U(3)
+/* Define maximum page size for NAND devices */
+#define PLATFORM_MTD_MAX_PAGE_SIZE U(0x1000)
+
+/* Needed by STM32CubeProgrammer support */
+#define DWL_BUFFER_SIZE U(0x01000000)
+
/* Functions to save and get boot context address given by ROM code */
void stm32mp_save_boot_ctx_address(uintptr_t address);
uintptr_t stm32mp_get_boot_ctx_address(void);
uint16_t stm32mp_get_boot_itf_selected(void);
bool stm32mp_is_single_core(void);
-bool stm32mp_is_closed_device(void);
bool stm32mp_is_auth_supported(void);
+uint32_t stm32mp_check_closed_device(void);
/* Return the base address of the DDR controller */
uintptr_t stm32mp_ddrctrl_base(void);
diff --git a/plat/st/common/stm32mp_common.c b/plat/st/common/stm32mp_common.c
index 2163aaf..a1d1c49 100644
--- a/plat/st/common/stm32mp_common.c
+++ b/plat/st/common/stm32mp_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -168,9 +168,9 @@
assert(otp_val != NULL);
#if defined(IMAGE_BL2)
- ret = bsec_shadow_read_otp(otp_val, otp_idx);
-#elif defined(IMAGE_BL32)
- ret = bsec_read_otp(otp_val, otp_idx);
+ ret = stm32_otp_shadow_read(otp_val, otp_idx);
+#elif defined(IMAGE_BL31) || defined(IMAGE_BL32)
+ ret = stm32_otp_read(otp_val, otp_idx);
#else
#error "Not supported"
#endif
diff --git a/plat/st/common/stm32mp_crypto_lib.c b/plat/st/common/stm32mp_crypto_lib.c
index e282115..7223022 100644
--- a/plat/st/common/stm32mp_crypto_lib.c
+++ b/plat/st/common/stm32mp_crypto_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2023, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2022-2024, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -11,7 +11,6 @@
#include <common/debug.h>
#include <drivers/auth/crypto_mod.h>
#include <drivers/io/io_storage.h>
-#include <drivers/st/bsec.h>
#include <drivers/st/stm32_hash.h>
#include <drivers/st/stm32_pka.h>
#include <drivers/st/stm32_rng.h>
@@ -58,7 +57,8 @@
panic();
}
- if (stm32mp_is_closed_device() || stm32mp_is_auth_supported()) {
+ if ((stm32mp_check_closed_device() == STM32MP_CHIP_SEC_CLOSED) ||
+ stm32mp_is_auth_supported()) {
#if STM32MP_CRYPTO_ROM_LIB
boot_context = (boot_api_context_t *)stm32mp_get_boot_ctx_address();
auth_ops.verify_signature = boot_context->bootrom_ecdsa_verify_signature;
@@ -322,7 +322,8 @@
size_t bignum_len = sizeof(sig) / 2U;
unsigned int seq_num = 0U;
- if (!stm32mp_is_closed_device() && !stm32mp_is_auth_supported()) {
+ if ((stm32mp_check_closed_device() == STM32MP_CHIP_SEC_OPEN) &&
+ !stm32mp_is_auth_supported()) {
return CRYPTO_SUCCESS;
}
diff --git a/plat/st/common/stm32mp_trusted_boot.c b/plat/st/common/stm32mp_trusted_boot.c
index 6d89290..d40fc55 100644
--- a/plat/st/common/stm32mp_trusted_boot.c
+++ b/plat/st/common/stm32mp_trusted_boot.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2022-2024, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -67,14 +67,14 @@
* Check if key hash values in OTP are 0 or 0xFFFFFFFFF
* programmed : Invalid Key
*/
- if (!stm32mp_is_closed_device() && !valid) {
+ if ((stm32mp_check_closed_device() == STM32MP_CHIP_SEC_OPEN) && !valid) {
if ((tmp != 0U) && (tmp != 0xFFFFFFFFU) && (tmp != first)) {
valid = true;
}
}
}
- if (!stm32mp_is_closed_device() && !valid) {
+ if ((stm32mp_check_closed_device() == STM32MP_CHIP_SEC_OPEN) && !valid) {
return 0;
}
@@ -163,7 +163,7 @@
*key_ptr = &root_pk_hash;
*flags = ROTPK_IS_HASH;
- if ((res == 0) && !stm32mp_is_closed_device()) {
+ if ((res == 0) && (stm32mp_check_closed_device() == STM32MP_CHIP_SEC_OPEN)) {
*flags |= ROTPK_NOT_DEPLOYED;
}
diff --git a/plat/st/stm32mp1/bl2_plat_setup.c b/plat/st/stm32mp1/bl2_plat_setup.c
index eeabd09..fd86020 100644
--- a/plat/st/stm32mp1/bl2_plat_setup.c
+++ b/plat/st/stm32mp1/bl2_plat_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -318,7 +318,7 @@
skip_console_init:
#if !TRUSTED_BOARD_BOOT
- if (stm32mp_is_closed_device()) {
+ if (stm32mp_check_closed_device() == STM32MP_CHIP_SEC_CLOSED) {
/* Closed chip mandates authentication */
ERROR("Secure chip: TRUSTED_BOARD_BOOT must be enabled\n");
panic();
@@ -347,7 +347,7 @@
stm32_iwdg_refresh();
if (bsec_read_debug_conf() != 0U) {
- if (stm32mp_is_closed_device()) {
+ if (stm32mp_check_closed_device() == STM32MP_CHIP_SEC_CLOSED) {
#if DEBUG
WARN("\n%s", debug_msg);
#else
@@ -367,7 +367,9 @@
print_reset_reason();
#if STM32MP15
- update_monotonic_counter();
+ if (stm32mp_check_closed_device() == STM32MP_CHIP_SEC_CLOSED) {
+ update_monotonic_counter();
+ }
#endif
stm32mp1_syscfg_enable_io_compensation_finish();
diff --git a/plat/st/stm32mp1/cert_create_tbbr.mk b/plat/st/stm32mp1/cert_create_tbbr.mk
index 5b1a3ed..e747e39 100644
--- a/plat/st/stm32mp1/cert_create_tbbr.mk
+++ b/plat/st/stm32mp1/cert_create_tbbr.mk
@@ -11,9 +11,8 @@
PLAT_INCLUDE += -I${PLAT_DIR}include
src/stm32mp1_tbb_cert.o: ${PLAT_DIR}stm32mp1_tbb_cert.c
- ${Q}${HOSTCC} -c ${HOSTCCFLAGS} ${INC_DIR} $< -o $@
+ ${Q}$(host-cc) -c ${HOSTCCFLAGS} ${INC_DIR} $< -o $@
PLAT_OBJECTS = src/stm32mp1_tbb_cert.o
OBJECTS += $(PLAT_OBJECTS)
-
diff --git a/plat/st/stm32mp1/include/platform_def.h b/plat/st/stm32mp1/include/platform_def.h
index 75c8219..7e6d91f 100644
--- a/plat/st/stm32mp1/include/platform_def.h
+++ b/plat/st/stm32mp1/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -77,20 +77,6 @@
******************************************************************************/
#define BL33_BASE STM32MP_BL33_BASE
-/*
- * Load address of BL33 for this platform port
- */
-#define PLAT_STM32MP_NS_IMAGE_OFFSET BL33_BASE
-
-/* Needed by STM32CubeProgrammer support */
-#define DWL_BUFFER_SIZE U(0x01000000)
-
-/*
- * SSBL offset in case it's stored in eMMC boot partition.
- * We can fix it to 256K because TF-A size can't be bigger than SRAM
- */
-#define PLAT_EMMC_BOOT_SSBL_OFFSET U(0x40000)
-
/*******************************************************************************
* DTB specific defines.
******************************************************************************/
diff --git a/plat/st/stm32mp1/include/stm32mp1_private.h b/plat/st/stm32mp1/include/stm32mp1_private.h
index 4a52255..f6e5a8f 100644
--- a/plat/st/stm32mp1/include/stm32mp1_private.h
+++ b/plat/st/stm32mp1/include/stm32mp1_private.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -32,4 +32,31 @@
void stm32mp1_deconfigure_uart_pins(void);
void stm32mp1_init_scmi_server(void);
+
+/* Wrappers for OTP / BSEC functions */
+static inline uint32_t stm32_otp_read(uint32_t *val, uint32_t otp)
+{
+ return bsec_read_otp(val, otp);
+}
+
+static inline uint32_t stm32_otp_shadow_read(uint32_t *val, uint32_t otp)
+{
+ return bsec_shadow_read_otp(val, otp);
+}
+
+static inline uint32_t stm32_otp_write(uint32_t val, uint32_t otp)
+{
+ return bsec_write_otp(val, otp);
+}
+
+static inline uint32_t stm32_otp_set_sr_lock(uint32_t otp)
+{
+ return bsec_set_sr_lock(otp);
+}
+
+static inline uint32_t stm32_otp_read_sw_lock(uint32_t otp, bool *value)
+{
+ return bsec_read_sw_lock(otp, value);
+}
+
#endif /* STM32MP1_PRIVATE_H */
diff --git a/plat/st/stm32mp1/services/bsec_svc.c b/plat/st/stm32mp1/services/bsec_svc.c
index 1fb44b4..7cc0013 100644
--- a/plat/st/stm32mp1/services/bsec_svc.c
+++ b/plat/st/stm32mp1/services/bsec_svc.c
@@ -1,15 +1,15 @@
/*
- * Copyright (c) 2016-2022, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2016-2024, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*/
-#include <platform_def.h>
#include <common/debug.h>
#include <drivers/st/bsec.h>
#include <drivers/st/bsec2_reg.h>
+#include <platform_def.h>
#include <stm32mp1_smc.h>
#include "bsec_svc.h"
@@ -39,12 +39,7 @@
break;
}
- result = bsec_shadow_register(x2);
- if (result != BSEC_OK) {
- break;
- }
-
- result = bsec_read_otp(ret_otp_value, x2);
+ result = bsec_shadow_read_otp(ret_otp_value, x2);
if (result != BSEC_OK) {
break;
}
diff --git a/plat/st/stm32mp1/stm32mp1_def.h b/plat/st/stm32mp1/stm32mp1_def.h
index 6530957..0d401f9 100644
--- a/plat/st/stm32mp1/stm32mp1_def.h
+++ b/plat/st/stm32mp1/stm32mp1_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -186,9 +186,6 @@
#endif
#define STM32MP_BL33_MAX_SIZE U(0x400000)
-/* Define maximum page size for NAND devices */
-#define PLATFORM_MTD_MAX_PAGE_SIZE U(0x1000)
-
/* Define location for the MTD scratch buffer */
#if STM32MP13
#define STM32MP_MTD_BUFFER (SRAM1_BASE + \
@@ -426,24 +423,24 @@
#define OTP_MAX_SIZE (STM32MP1_OTP_MAX_ID + 1U)
/* OTP labels */
-#define CFG0_OTP "cfg0_otp"
+#define CFG0_OTP "cfg0-otp"
#define PART_NUMBER_OTP "part-number-otp"
#if STM32MP15
-#define PACKAGE_OTP "package_otp"
+#define PACKAGE_OTP "package-otp"
#endif
-#define HW2_OTP "hw2_otp"
+#define HW2_OTP "hw2-otp"
#if STM32MP13
-#define NAND_OTP "cfg9_otp"
-#define NAND2_OTP "cfg10_otp"
+#define NAND_OTP "cfg9-otp"
+#define NAND2_OTP "cfg10-otp"
#endif
#if STM32MP15
-#define NAND_OTP "nand_otp"
+#define NAND_OTP "nand-otp"
#endif
-#define MONOTONIC_OTP "monotonic_otp"
-#define UID_OTP "uid_otp"
-#define PKH_OTP "pkh_otp"
-#define ENCKEY_OTP "enckey_otp"
-#define BOARD_ID_OTP "board_id"
+#define MONOTONIC_OTP "monotonic-otp"
+#define UID_OTP "uid-otp"
+#define PKH_OTP "pkh-otp"
+#define ENCKEY_OTP "oem-enc-key"
+#define BOARD_ID_OTP "board-id"
/* OTP mask */
/* CFG0 */
diff --git a/plat/st/stm32mp1/stm32mp1_private.c b/plat/st/stm32mp1/stm32mp1_private.c
index ea35055..0e69513 100644
--- a/plat/st/stm32mp1/stm32mp1_private.c
+++ b/plat/st/stm32mp1/stm32mp1_private.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -531,12 +531,12 @@
}
/* Return true when device is in closed state */
-bool stm32mp_is_closed_device(void)
+uint32_t stm32mp_check_closed_device(void)
{
uint32_t value;
if (stm32_get_otp_value(CFG0_OTP, &value) != 0) {
- return true;
+ return STM32MP_CHIP_SEC_CLOSED;
}
#if STM32MP13
@@ -544,17 +544,22 @@
switch (value) {
case CFG0_OPEN_DEVICE:
- return false;
+ return STM32MP_CHIP_SEC_OPEN;
case CFG0_CLOSED_DEVICE:
case CFG0_CLOSED_DEVICE_NO_BOUNDARY_SCAN:
case CFG0_CLOSED_DEVICE_NO_JTAG:
- return true;
+ return STM32MP_CHIP_SEC_CLOSED;
default:
panic();
}
#endif
#if STM32MP15
- return (value & CFG0_CLOSED_DEVICE) == CFG0_CLOSED_DEVICE;
+ if ((value & CFG0_CLOSED_DEVICE) == CFG0_CLOSED_DEVICE) {
+ return STM32MP_CHIP_SEC_CLOSED;
+ } else {
+ return STM32MP_CHIP_SEC_OPEN;
+ }
+
#endif
}
diff --git a/plat/st/stm32mp2/bl2_plat_setup.c b/plat/st/stm32mp2/bl2_plat_setup.c
index 0805756..a7cce62 100644
--- a/plat/st/stm32mp2/bl2_plat_setup.c
+++ b/plat/st/stm32mp2/bl2_plat_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2023, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2023-2024, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,6 +7,10 @@
#include <cdefs.h>
#include <stdint.h>
+#include <common/debug.h>
+#include <plat/common/platform.h>
+
+#include <platform_def.h>
#include <stm32mp_common.h>
void bl2_el3_early_platform_setup(u_register_t arg0 __unused,
@@ -23,4 +27,8 @@
void bl2_el3_plat_arch_setup(void)
{
+ if (stm32_otp_probe() != 0U) {
+ ERROR("OTP probe failed\n");
+ panic();
+ }
}
diff --git a/plat/st/stm32mp2/include/stm32mp2_private.h b/plat/st/stm32mp2/include/stm32mp2_private.h
new file mode 100644
index 0000000..e1403d2
--- /dev/null
+++ b/plat/st/stm32mp2/include/stm32mp2_private.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2024, STMicroelectronics - All Rights Reserved
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef STM32MP2_PRIVATE_H
+#define STM32MP2_PRIVATE_H
+
+/* Wrappers for OTP / BSEC functions */
+static inline uint32_t stm32_otp_probe(void)
+{
+ return bsec_probe();
+}
+
+static inline uint32_t stm32_otp_read(uint32_t *val, uint32_t otp)
+{
+ return bsec_read_otp(val, otp);
+}
+
+static inline uint32_t stm32_otp_shadow_read(uint32_t *val, uint32_t otp)
+{
+ return bsec_shadow_read_otp(val, otp);
+}
+
+static inline uint32_t stm32_otp_write(uint32_t val, uint32_t otp)
+{
+ return bsec_write_otp(val, otp);
+}
+
+static inline uint32_t stm32_otp_set_sr_lock(uint32_t otp)
+{
+ return bsec_set_sr_lock(otp);
+}
+
+static inline uint32_t stm32_otp_read_sw_lock(uint32_t otp, bool *value)
+{
+ return bsec_read_sw_lock(otp, value);
+}
+
+static inline bool stm32_otp_is_closed_device(void)
+{
+ return bsec_mode_is_closed_device();
+}
+
+#endif /* STM32MP2_PRIVATE_H */
diff --git a/plat/st/stm32mp2/platform.mk b/plat/st/stm32mp2/platform.mk
index 6ea4638..bf2952d 100644
--- a/plat/st/stm32mp2/platform.mk
+++ b/plat/st/stm32mp2/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2023, STMicroelectronics - All Rights Reserved
+# Copyright (c) 2023-2024, STMicroelectronics - All Rights Reserved
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -26,6 +26,9 @@
# such as metadata (2) and fsbl-m (2) to find all the FIP partitions (default is 2).
PLAT_PARTITION_MAX_ENTRIES := $(shell echo $$(($(STM32_TF_A_COPIES) + 6)))
+# Set load address for serial boot devices
+DWL_BUFFER_BASE ?= 0x87000000
+
# Device tree
BL2_DTSI := stm32mp25-bl2.dtsi
FDT_SOURCES := $(addprefix ${BUILD_PLAT}/fdts/, $(patsubst %.dtb,%-bl2.dts,$(DTB_FILE_NAME)))
@@ -35,6 +38,11 @@
STM32_LD_FILE := plat/st/stm32mp2/${ARCH}/stm32mp2.ld.S
STM32_BINARY_MAPPING := plat/st/stm32mp2/${ARCH}/stm32mp2.S
+$(eval $(call add_defines,\
+ $(sort \
+ DWL_BUFFER_BASE \
+)))
+
# STM32MP2x is based on Cortex-A35, which is Armv8.0, and does not support BTI
# Disable mbranch-protection to avoid adding useless code
TF_CFLAGS += -mbranch-protection=none
@@ -46,7 +54,13 @@
PLAT_BL_COMMON_SOURCES += drivers/st/uart/${ARCH}/stm32_console.S
PLAT_BL_COMMON_SOURCES += plat/st/stm32mp2/${ARCH}/stm32mp2_helper.S
+PLAT_BL_COMMON_SOURCES += drivers/st/bsec/bsec3.c
+
BL2_SOURCES += plat/st/stm32mp2/plat_bl2_mem_params_desc.c
BL2_SOURCES += plat/st/stm32mp2/bl2_plat_setup.c
+ifeq (${STM32MP_USB_PROGRAMMER},1)
+BL2_SOURCES += plat/st/stm32mp2/stm32mp2_usb_dfu.c
+endif
+
include plat/st/common/common_rules.mk
diff --git a/plat/st/stm32mp2/stm32mp2_def.h b/plat/st/stm32mp2/stm32mp2_def.h
index 66514fc..56c62e1 100644
--- a/plat/st/stm32mp2/stm32mp2_def.h
+++ b/plat/st/stm32mp2/stm32mp2_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2023, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2023-2024, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -18,6 +18,7 @@
#ifndef __ASSEMBLER__
#include <boot_api.h>
+#include <stm32mp2_private.h>
#include <stm32mp_common.h>
#include <stm32mp_dt.h>
#include <stm32mp_shared_resources.h>
@@ -157,6 +158,96 @@
#define STM32MP_SDMMC3_BASE U(0x48240000)
/*******************************************************************************
+ * STM32MP2 BSEC / OTP
+ ******************************************************************************/
+/*
+ * 367 available OTPs, the other are masked
+ * - ECIES key: 368 to 375 (only readable by bootrom)
+ * - HWKEY: 376 to 383 (never reloadable or readable)
+ */
+#define STM32MP2_OTP_MAX_ID U(0x16F)
+#define STM32MP2_MID_OTP_START U(0x80)
+#define STM32MP2_UPPER_OTP_START U(0x100)
+
+/* OTP labels */
+#define PART_NUMBER_OTP "part-number-otp"
+#define PACKAGE_OTP "package-otp"
+#define HCONF1_OTP "otp124"
+#define NAND_OTP "otp16"
+#define NAND2_OTP "otp20"
+#define BOARD_ID_OTP "board-id"
+#define UID_OTP "uid-otp"
+#define LIFECYCLE2_OTP "otp18"
+#define PKH_OTP "otp144"
+#define ENCKEY_OTP "otp260"
+
+/* OTP mask */
+/* PACKAGE */
+#define PACKAGE_OTP_PKG_MASK GENMASK_32(2, 0)
+#define PACKAGE_OTP_PKG_SHIFT U(0)
+
+/* IWDG OTP */
+#define HCONF1_OTP_IWDG_HW_POS U(0)
+#define HCONF1_OTP_IWDG_FZ_STOP_POS U(1)
+#define HCONF1_OTP_IWDG_FZ_STANDBY_POS U(2)
+
+/* NAND OTP */
+/* NAND parameter storage flag */
+#define NAND_PARAM_STORED_IN_OTP BIT_32(31)
+
+/* NAND page size in bytes */
+#define NAND_PAGE_SIZE_MASK GENMASK_32(30, 29)
+#define NAND_PAGE_SIZE_SHIFT U(29)
+#define NAND_PAGE_SIZE_2K U(0)
+#define NAND_PAGE_SIZE_4K U(1)
+#define NAND_PAGE_SIZE_8K U(2)
+
+/* NAND block size in pages */
+#define NAND_BLOCK_SIZE_MASK GENMASK_32(28, 27)
+#define NAND_BLOCK_SIZE_SHIFT U(27)
+#define NAND_BLOCK_SIZE_64_PAGES U(0)
+#define NAND_BLOCK_SIZE_128_PAGES U(1)
+#define NAND_BLOCK_SIZE_256_PAGES U(2)
+
+/* NAND number of block (in unit of 256 blocks) */
+#define NAND_BLOCK_NB_MASK GENMASK_32(26, 19)
+#define NAND_BLOCK_NB_SHIFT U(19)
+#define NAND_BLOCK_NB_UNIT U(256)
+
+/* NAND bus width in bits */
+#define NAND_WIDTH_MASK BIT_32(18)
+#define NAND_WIDTH_SHIFT U(18)
+
+/* NAND number of ECC bits per 512 bytes */
+#define NAND_ECC_BIT_NB_MASK GENMASK_32(17, 15)
+#define NAND_ECC_BIT_NB_SHIFT U(15)
+#define NAND_ECC_BIT_NB_UNSET U(0)
+#define NAND_ECC_BIT_NB_1_BITS U(1)
+#define NAND_ECC_BIT_NB_4_BITS U(2)
+#define NAND_ECC_BIT_NB_8_BITS U(3)
+#define NAND_ECC_ON_DIE U(4)
+
+/* NAND number of planes */
+#define NAND_PLANE_BIT_NB_MASK BIT_32(14)
+
+/* NAND2 OTP */
+#define NAND2_PAGE_SIZE_SHIFT U(16)
+
+/* NAND2 config distribution */
+#define NAND2_CONFIG_DISTRIB BIT_32(0)
+#define NAND2_PNAND_NAND2_SNAND_NAND1 U(0)
+#define NAND2_PNAND_NAND1_SNAND_NAND2 U(1)
+
+/* MONOTONIC OTP */
+#define MAX_MONOTONIC_VALUE U(32)
+
+/* UID OTP */
+#define UID_WORD_NB U(3)
+
+/* Lifecycle OTP */
+#define SECURE_BOOT_CLOSED_SECURE GENMASK_32(3, 0)
+
+/*******************************************************************************
* STM32MP2 TAMP
******************************************************************************/
#define PLAT_MAX_TAMP_INT U(5)
diff --git a/plat/st/stm32mp2/stm32mp2_usb_dfu.c b/plat/st/stm32mp2/stm32mp2_usb_dfu.c
new file mode 100644
index 0000000..e967964
--- /dev/null
+++ b/plat/st/stm32mp2/stm32mp2_usb_dfu.c
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2024, STMicroelectronics - All Rights Reserved
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stddef.h>
+
+#include <drivers/usb_device.h>
+
+#include <usb_dfu.h>
+
+struct usb_handle *usb_dfu_plat_init(void)
+{
+ return NULL;
+}
+
+uint8_t usb_dfu_get_phase(uint8_t alt)
+{
+ return 0;
+}
diff --git a/plat/ti/k3/common/drivers/sec_proxy/sec_proxy.c b/plat/ti/k3/common/drivers/sec_proxy/sec_proxy.c
index 1bed229..fb27336 100644
--- a/plat/ti/k3/common/drivers/sec_proxy/sec_proxy.c
+++ b/plat/ti/k3/common/drivers/sec_proxy/sec_proxy.c
@@ -320,7 +320,7 @@
i = msg->len - trail_bytes;
while (trail_bytes--) {
- msg->buf[i] = data_trail & 0xff;
+ msg->buf[i++] = data_trail & 0xff;
data_trail >>= 8;
}
}
diff --git a/plat/ti/k3/common/drivers/ti_sci/ti_sci.c b/plat/ti/k3/common/drivers/ti_sci/ti_sci.c
index d04d805..8b77050 100644
--- a/plat/ti/k3/common/drivers/ti_sci/ti_sci.c
+++ b/plat/ti/k3/common/drivers/ti_sci/ti_sci.c
@@ -2,7 +2,7 @@
* Texas Instruments System Control Interface Driver
* Based on Linux and U-Boot implementation
*
- * Copyright (C) 2018-2022 Texas Instruments Incorporated - https://www.ti.com/
+ * Copyright (C) 2018-2024 Texas Instruments Incorporated - https://www.ti.com/
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -185,17 +185,20 @@
*
* Updates the SCI information in the internal data structure.
*
+ * @version: Structure containing the version info
+ *
* Return: 0 if all goes well, else appropriate error message
*/
-int ti_sci_get_revision(struct ti_sci_msg_resp_version *rev_info)
+int ti_sci_get_revision(struct ti_sci_msg_version *version)
{
+ struct ti_sci_msg_resp_version rev_info;
struct ti_sci_msg_hdr hdr;
struct ti_sci_xfer xfer;
int ret;
ret = ti_sci_setup_one_xfer(TI_SCI_MSG_VERSION, 0x0,
&hdr, sizeof(hdr),
- rev_info, sizeof(*rev_info),
+ &rev_info, sizeof(rev_info),
&xfer);
if (ret) {
ERROR("Message alloc failed (%d)\n", ret);
@@ -208,6 +211,14 @@
return ret;
}
+ memcpy(version->firmware_description, rev_info.firmware_description,
+ sizeof(rev_info.firmware_description));
+ version->abi_major = rev_info.abi_major;
+ version->abi_minor = rev_info.abi_minor;
+ version->firmware_revision = rev_info.firmware_revision;
+ version->sub_version = rev_info.sub_version;
+ version->patch_version = rev_info.patch_version;
+
return 0;
}
@@ -1729,27 +1740,3 @@
return 0;
}
-
-/**
- * ti_sci_init() - Basic initialization
- *
- * Return: 0 if all goes well, else appropriate error message
- */
-int ti_sci_init(void)
-{
- struct ti_sci_msg_resp_version rev_info;
- int ret;
-
- ret = ti_sci_get_revision(&rev_info);
- if (ret) {
- ERROR("Unable to communicate with control firmware (%d)\n", ret);
- return ret;
- }
-
- INFO("SYSFW ABI: %d.%d (firmware rev 0x%04x '%s')\n",
- rev_info.abi_major, rev_info.abi_minor,
- rev_info.firmware_revision,
- rev_info.firmware_description);
-
- return 0;
-}
diff --git a/plat/ti/k3/common/drivers/ti_sci/ti_sci.h b/plat/ti/k3/common/drivers/ti_sci/ti_sci.h
index c702a71..acaca4d 100644
--- a/plat/ti/k3/common/drivers/ti_sci/ti_sci.h
+++ b/plat/ti/k3/common/drivers/ti_sci/ti_sci.h
@@ -2,7 +2,7 @@
* Texas Instruments System Control Interface API
* Based on Linux and U-Boot implementation
*
- * Copyright (C) 2018-2022 Texas Instruments Incorporated - https://www.ti.com/
+ * Copyright (C) 2018-2024 Texas Instruments Incorporated - https://www.ti.com/
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -14,6 +14,41 @@
#include <stdbool.h>
/**
+ * User exported structures.
+ *
+ * The structures in ti_sci_protocol.h are used by the internal drivers.
+ * These are the structures that are exported for outside use and populated
+ * by the internal drivers.
+ *
+ * struct ti_sci_msg_version - Structure containing version info
+ *
+ * @firmware_description: String describing the firmware
+ * @firmware_revision: Firmware revision
+ * @abi_major: Major version of the ABI that firmware supports
+ * @abi_minor: Minor version of the ABI that firmware supports
+ * @sub_version: Sub-version number of the firmware
+ * @patch_version: Patch-version number of the firmware.
+ */
+struct ti_sci_msg_version {
+#define FIRMWARE_DESCRIPTION_LENGTH 32
+ char firmware_description[FIRMWARE_DESCRIPTION_LENGTH];
+ uint16_t firmware_revision;
+ uint8_t abi_major;
+ uint8_t abi_minor;
+ uint8_t sub_version;
+ uint8_t patch_version;
+};
+
+/**
+ * General Message
+ *
+ * ti_sci_get_revision - Get the revision of the SCI entity
+ * @version: Structure containing the version info
+ *
+ **/
+int ti_sci_get_revision(struct ti_sci_msg_version *version);
+
+/**
* Device control operations
*
* - ti_sci_device_get - command to request for device managed by TISCI
@@ -225,11 +260,4 @@
uint8_t mode,
uint64_t core_resume_addr);
-/**
- * ti_sci_init() - Basic initialization
- *
- * Return: 0 if all goes good, else appropriate error message.
- */
-int ti_sci_init(void);
-
#endif /* TI_SCI_H */
diff --git a/plat/ti/k3/common/k3_bl31_setup.c b/plat/ti/k3/common/k3_bl31_setup.c
index c5f60fe..63fe020 100644
--- a/plat/ti/k3/common/k3_bl31_setup.c
+++ b/plat/ti/k3/common/k3_bl31_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -119,10 +119,44 @@
void bl31_platform_setup(void)
{
+ struct ti_sci_msg_version version;
+ int ret;
+
k3_gic_driver_init(K3_GIC_BASE);
k3_gic_init();
+ ret = ti_sci_get_revision(&version);
+ if (ret) {
+ ERROR("Unable to communicate with the control firmware (%d)\n", ret);
+ return;
+ }
+
- ti_sci_init();
+ INFO("SYSFW ABI: %d.%d (firmware rev 0x%04x '%s')\n",
+ version.abi_major, version.abi_minor,
+ version.firmware_revision,
+ version.firmware_description);
+
+ /*
+ * Older firmware have a timing issue with DM that crashes few TF-A
+ * lite devices while trying to make calls to DM. Since there is no way
+ * to detect what current DM version we are running - we rely on the
+ * corresponding TIFS versioning to handle this check and ensure that
+ * the platform boots up
+ *
+ * Upgrading to TIFS version 9.1.7 along with the corresponding DM from
+ * ti-linux-firmware will enable this functionality.
+ */
+ if (version.firmware_revision > 9 ||
+ (version.firmware_revision == 9 && version.sub_version > 1) ||
+ (version.firmware_revision == 9 && version.sub_version == 1 &&
+ version.patch_version >= 7)
+ ) {
+ if (ti_sci_device_get(PLAT_BOARD_DEVICE_ID)) {
+ WARN("Unable to take system power reference\n");
+ }
+ } else {
+ NOTICE("Upgrade Firmwares for Power off functionality\n");
+ }
}
void platform_mem_init(void)
diff --git a/plat/xilinx/common/include/plat_common.h b/plat/xilinx/common/include/plat_common.h
index 676baa2..2958868 100644
--- a/plat/xilinx/common/include/plat_common.h
+++ b/plat/xilinx/common/include/plat_common.h
@@ -14,4 +14,16 @@
(typeof(_mask))(((_reg) & (_mask)) >> __bf_shf(_mask)); \
})
+/*******************************************************************************
+ * interrupt handling related constants
+ ******************************************************************************/
+#define ARM_IRQ_SEC_SGI_0 8U
+#define ARM_IRQ_SEC_SGI_1 9U
+#define ARM_IRQ_SEC_SGI_2 10U
+#define ARM_IRQ_SEC_SGI_3 11U
+#define ARM_IRQ_SEC_SGI_4 12U
+#define ARM_IRQ_SEC_SGI_5 13U
+#define ARM_IRQ_SEC_SGI_6 14U
+#define ARM_IRQ_SEC_SGI_7 15U
+
#endif /* PLAT_COMMON_H */
diff --git a/plat/xilinx/common/include/pm_defs.h b/plat/xilinx/common/include/pm_defs.h
index 9cdb0ba..c1872d0 100644
--- a/plat/xilinx/common/include/pm_defs.h
+++ b/plat/xilinx/common/include/pm_defs.h
@@ -18,6 +18,7 @@
/* State arguments of the self suspend */
#define PM_STATE_CPU_IDLE 0x0U
+#define PM_STATE_CPU_OFF 0x1U
#define PM_STATE_SUSPEND_TO_RAM 0xFU
#define MAX_LATENCY (~0U)
diff --git a/plat/xilinx/common/include/pm_svc_main.h b/plat/xilinx/common/include/pm_svc_main.h
index 4cf7727..67fbeae 100644
--- a/plat/xilinx/common/include/pm_svc_main.h
+++ b/plat/xilinx/common/include/pm_svc_main.h
@@ -10,6 +10,8 @@
#include <pm_common.h>
+extern bool pwrdwn_req_received;
+
/******************************************************************************/
/**
* SECURE_REDUNDANT_CALL() - Adds redundancy to the function call. This is to
@@ -30,6 +32,7 @@
status_tmp = function(__VA_ARGS__); \
}
+void request_cpu_pwrdwn(void);
int32_t pm_setup(void);
uint64_t pm_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, uint64_t x3,
uint64_t x4, const void *cookie, void *handle,
diff --git a/plat/xilinx/common/pm_service/pm_api_sys.c b/plat/xilinx/common/pm_service/pm_api_sys.c
index ffc39bb..36ea8ed 100644
--- a/plat/xilinx/common/pm_service/pm_api_sys.c
+++ b/plat/xilinx/common/pm_service/pm_api_sys.c
@@ -50,7 +50,7 @@
{
uint32_t reg_num, device_id;
uint8_t pm_wakeup_nodes_set[XPM_NODEIDX_DEV_MAX] = {0U};
- uint32_t isenabler1 = PLAT_GICD_BASE_VALUE + GICD_ISENABLER + 4U;
+ uint32_t isenabler1 = PLAT_ARM_GICD_BASE + GICD_ISENABLER + 4U;
zeromem(&pm_wakeup_nodes_set, (u_register_t)sizeof(pm_wakeup_nodes_set));
diff --git a/plat/xilinx/common/pm_service/pm_svc_main.c b/plat/xilinx/common/pm_service/pm_svc_main.c
index 1e5808c..f9917a0 100644
--- a/plat/xilinx/common/pm_service/pm_svc_main.c
+++ b/plat/xilinx/common/pm_service/pm_svc_main.c
@@ -17,6 +17,8 @@
#include <common/runtime_svc.h>
#include <drivers/arm/gicv3.h>
+#include <lib/psci/psci.h>
+#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
#include <plat_private.h>
@@ -31,23 +33,65 @@
#define INVALID_SGI 0xFFU
#define PM_INIT_SUSPEND_CB (30U)
#define PM_NOTIFY_CB (32U)
+#define EVENT_CPU_PWRDWN (4U)
+/* 1 sec of wait timeout for secondary core down */
+#define PWRDWN_WAIT_TIMEOUT (1000U)
DEFINE_RENAME_SYSREG_RW_FUNCS(icc_asgi1r_el1, S3_0_C12_C11_6)
/* pm_up = true - UP, pm_up = false - DOWN */
static bool pm_up;
static uint32_t sgi = (uint32_t)INVALID_SGI;
+bool pwrdwn_req_received;
static void notify_os(void)
{
- int32_t cpu;
- uint32_t reg;
+ plat_ic_raise_ns_sgi(sgi, read_mpidr_el1());
+}
+
+static uint64_t cpu_pwrdwn_req_handler(uint32_t id, uint32_t flags,
+ void *handle, void *cookie)
+{
+ uint32_t cpu_id = plat_my_core_pos();
+
+ VERBOSE("Powering down CPU %d\n", cpu_id);
- cpu = plat_my_core_pos() + 1U;
+ /* Deactivate CPU power down SGI */
+ plat_ic_end_of_interrupt(CPU_PWR_DOWN_REQ_INTR);
- reg = (cpu | (sgi << XSCUGIC_SGIR_EL1_INITID_SHIFT));
- write_icc_asgi1r_el1(reg);
+ return psci_cpu_off();
}
+/**
+ * raise_pwr_down_interrupt() - Callback function to raise SGI.
+ * @mpidr: MPIDR for the target CPU.
+ *
+ * Raise SGI interrupt to trigger the CPU power down sequence on all the
+ * online secondary cores.
+ */
+static void raise_pwr_down_interrupt(u_register_t mpidr)
+{
+ plat_ic_raise_el3_sgi(CPU_PWR_DOWN_REQ_INTR, mpidr);
+}
+
+void request_cpu_pwrdwn(void)
+{
+ enum pm_ret_status ret;
+
+ VERBOSE("CPU power down request received\n");
+
+ /* Send powerdown request to online secondary core(s) */
+ ret = psci_stop_other_cores(PWRDWN_WAIT_TIMEOUT, raise_pwr_down_interrupt);
+ if (ret != PSCI_E_SUCCESS) {
+ ERROR("Failed to powerdown secondary core(s)\n");
+ }
+
+ /* Clear IPI IRQ */
+ pm_ipi_irq_clear(primary_proc);
+
+ /* Deactivate IPI IRQ */
+ plat_ic_end_of_interrupt(PLAT_VERSAL_IPI_IRQ);
+}
+
static uint64_t ipi_fiq_handler(uint32_t id, uint32_t flags, void *handle,
void *cookie)
{
@@ -56,6 +100,7 @@
VERBOSE("Received IPI FIQ from firmware\n");
+ console_flush();
(void)plat_ic_acknowledge_interrupt();
ret = pm_get_callbackdata(payload, ARRAY_SIZE(payload), 0, 0);
@@ -65,8 +110,22 @@
switch (payload[0]) {
case PM_INIT_SUSPEND_CB:
+ if (sgi != INVALID_SGI) {
+ notify_os();
+ }
+ break;
case PM_NOTIFY_CB:
if (sgi != INVALID_SGI) {
+ if (payload[2] == EVENT_CPU_PWRDWN) {
+ if (pwrdwn_req_received) {
+ pwrdwn_req_received = false;
+ request_cpu_pwrdwn();
+ (void)psci_cpu_off();
+ break;
+ } else {
+ pwrdwn_req_received = true;
+ }
+ }
notify_os();
}
break;
@@ -139,6 +198,12 @@
pm_ipi_init(primary_proc);
pm_up = true;
+ /* register SGI handler for CPU power down request */
+ ret = request_intr_type_el3(CPU_PWR_DOWN_REQ_INTR, cpu_pwrdwn_req_handler);
+ if (ret != 0) {
+ WARN("BL31: registering SGI interrupt failed\n");
+ }
+
/*
* Enable IPI IRQ
* assume the rich OS is OK to handle callback IRQs now.
diff --git a/plat/xilinx/versal/include/plat_macros.S b/plat/xilinx/versal/include/plat_macros.S
index 41193a5..38f47f6 100644
--- a/plat/xilinx/versal/include/plat_macros.S
+++ b/plat/xilinx/versal/include/plat_macros.S
@@ -103,8 +103,8 @@
* ---------------------------------------------
*/
.macro plat_crash_print_regs
- mov_imm x17, PLAT_GICD_BASE_VALUE
- mov_imm x16, PLAT_GICR_BASE_VALUE
+ mov_imm x17, PLAT_ARM_GICD_BASE
+ mov_imm x16, PLAT_ARM_GICR_BASE
versal_print_gic_regs
.endm
diff --git a/plat/xilinx/versal/include/platform_def.h b/plat/xilinx/versal/include/platform_def.h
index 286a706..8cf8de0 100644
--- a/plat/xilinx/versal/include/platform_def.h
+++ b/plat/xilinx/versal/include/platform_def.h
@@ -9,6 +9,7 @@
#define PLATFORM_DEF_H
#include <arch.h>
+#include <plat_common.h>
#include "versal_def.h"
/*******************************************************************************
@@ -74,8 +75,17 @@
/*******************************************************************************
* Platform specific page table and MMU setup constants
******************************************************************************/
-#define PLAT_PHY_ADDR_SPACE_SIZE (1ull << 32)
-#define PLAT_VIRT_ADDR_SPACE_SIZE (1ull << 32)
+
+#if (BL31_BASE >= (1ULL << 32U))
+/* Address range in High DDR and HBM memory range */
+#define PLAT_ADDR_SPACE_SHIFT U(42)
+#else
+/* Address range in OCM and Low DDR memory range */
+#define PLAT_ADDR_SPACE_SHIFT U(32)
+#endif
+
+#define PLAT_PHY_ADDR_SPACE_SIZE (1ull << PLAT_ADDR_SPACE_SHIFT)
+#define PLAT_VIRT_ADDR_SPACE_SIZE (1ull << PLAT_ADDR_SPACE_SHIFT)
#define XILINX_OF_BOARD_DTB_MAX_SIZE U(0x200000)
@@ -103,8 +113,8 @@
#define CACHE_WRITEBACK_SHIFT 6
#define CACHE_WRITEBACK_GRANULE (1 << CACHE_WRITEBACK_SHIFT)
-#define PLAT_GICD_BASE_VALUE U(0xF9000000)
-#define PLAT_GICR_BASE_VALUE U(0xF9080000)
+#define PLAT_ARM_GICD_BASE U(0xF9000000)
+#define PLAT_ARM_GICR_BASE U(0xF9080000)
/*
* Define a list of Group 1 Secure and Group 0 interrupts as per GICv3
@@ -122,6 +132,8 @@
#define PLAT_VERSAL_G0_IRQ_PROPS(grp) \
INTR_PROP_DESC(PLAT_VERSAL_IPI_IRQ, GIC_HIGHEST_SEC_PRIORITY, grp, \
GIC_INTR_CFG_EDGE), \
+ INTR_PROP_DESC(CPU_PWR_DOWN_REQ_INTR, GIC_HIGHEST_SEC_PRIORITY, grp, \
+ GIC_INTR_CFG_EDGE)
#define IRQ_MAX 142U
diff --git a/plat/xilinx/versal/plat_psci.c b/plat/xilinx/versal/plat_psci.c
index 56d98f7..45b1f1c 100644
--- a/plat/xilinx/versal/plat_psci.c
+++ b/plat/xilinx/versal/plat_psci.c
@@ -14,10 +14,13 @@
#include <plat/common/platform.h>
#include <plat_arm.h>
+#include "drivers/delay_timer.h"
#include <plat_private.h>
#include "pm_api_sys.h"
#include "pm_client.h"
#include <pm_common.h>
+#include "pm_ipi.h"
+#include "pm_svc_main.h"
static uintptr_t versal_sec_entry;
@@ -145,9 +148,31 @@
*/
static void __dead2 versal_system_reset(void)
{
- /* Send the system reset request to the PMC */
- (void)pm_system_shutdown(XPM_SHUTDOWN_TYPE_RESET,
- pm_get_shutdown_scope(), SECURE_FLAG);
+ uint32_t ret, timeout = 10000U;
+
+ request_cpu_pwrdwn();
+
+ /*
+ * Send the system reset request to the firmware if power down request
+ * is not received from firmware.
+ */
+ if (!pwrdwn_req_received) {
+ (void)pm_system_shutdown(XPM_SHUTDOWN_TYPE_RESET,
+ pm_get_shutdown_scope(), SECURE_FLAG);
+
+ /*
+ * Wait for system shutdown request completed and idle callback
+ * not received.
+ */
+ do {
+ ret = ipi_mb_enquire_status(primary_proc->ipi->local_ipi_id,
+ primary_proc->ipi->remote_ipi_id);
+ udelay(100);
+ timeout--;
+ } while ((ret != IPI_MB_STATUS_RECV_PENDING) && (timeout > 0U));
+ }
+
+ (void)psci_cpu_off();
while (1) {
wfi();
@@ -161,6 +186,7 @@
*/
static void versal_pwr_domain_off(const psci_power_state_t *target_state)
{
+ uint32_t ret, fw_api_version, version[PAYLOAD_ARG_CNT] = {0U};
uint32_t cpu_id = plat_my_core_pos();
const struct pm_proc *proc = pm_get_proc(cpu_id);
@@ -180,8 +206,17 @@
* invoking CPU_on function, during which resume address will
* be set.
*/
- (void)pm_self_suspend(proc->node_id, MAX_LATENCY, PM_STATE_CPU_IDLE, 0,
- SECURE_FLAG);
+ ret = pm_feature_check((uint32_t)PM_SELF_SUSPEND, &version[0], SECURE_FLAG);
+ if (ret == PM_RET_SUCCESS) {
+ fw_api_version = version[0] & 0xFFFFU;
+ if (fw_api_version >= 3U) {
+ (void)pm_self_suspend(proc->node_id, MAX_LATENCY, PM_STATE_CPU_OFF, 0,
+ SECURE_FLAG);
+ } else {
+ (void)pm_self_suspend(proc->node_id, MAX_LATENCY, PM_STATE_CPU_IDLE, 0,
+ SECURE_FLAG);
+ }
+ }
}
/**
diff --git a/plat/xilinx/versal/platform.mk b/plat/xilinx/versal/platform.mk
index 35d6bc7..2f07996 100644
--- a/plat/xilinx/versal/platform.mk
+++ b/plat/xilinx/versal/platform.mk
@@ -11,6 +11,8 @@
PL011_GENERIC_UART := 1
IPI_CRC_CHECK := 0
HARDEN_SLS_ALL := 0
+CPU_PWRDWN_SGI ?= 6
+$(eval $(call add_define_val,CPU_PWR_DOWN_REQ_INTR,ARM_IRQ_SEC_SGI_${CPU_PWRDWN_SGI}))
# A72 Erratum for SoC
ERRATA_A72_859971 := 1
diff --git a/plat/xilinx/versal/sip_svc_setup.c b/plat/xilinx/versal/sip_svc_setup.c
index b30254d..4441d3e 100644
--- a/plat/xilinx/versal/sip_svc_setup.c
+++ b/plat/xilinx/versal/sip_svc_setup.c
@@ -17,7 +17,6 @@
#include "pm_svc_main.h"
/* SMC function IDs for SiP Service queries */
-#define VERSAL_SIP_SVC_CALL_COUNT U(0x8200ff00)
#define VERSAL_SIP_SVC_UID U(0x8200ff01)
#define VERSAL_SIP_SVC_VERSION U(0x8200ff03)
@@ -100,10 +99,6 @@
/* Let PM SMC handler deal with PM-related requests */
switch (smc_fid) {
- case VERSAL_SIP_SVC_CALL_COUNT:
- /* PM functions + default functions */
- SMC_RET1(handle, 2);
-
case VERSAL_SIP_SVC_UID:
SMC_UUID_RET(handle, versal_sip_uuid);
diff --git a/plat/xilinx/versal/versal_gicv3.c b/plat/xilinx/versal/versal_gicv3.c
index 197d047..1750d35 100644
--- a/plat/xilinx/versal/versal_gicv3.c
+++ b/plat/xilinx/versal/versal_gicv3.c
@@ -62,8 +62,8 @@
}
static const gicv3_driver_data_t versal_gic_data __unused = {
- .gicd_base = PLAT_GICD_BASE_VALUE,
- .gicr_base = PLAT_GICR_BASE_VALUE,
+ .gicd_base = PLAT_ARM_GICD_BASE,
+ .gicr_base = PLAT_ARM_GICR_BASE,
.interrupt_props = versal_interrupt_props,
.interrupt_props_num = ARRAY_SIZE(versal_interrupt_props),
.rdistif_num = PLATFORM_CORE_COUNT,
diff --git a/plat/xilinx/versal_net/aarch64/versal_net_helpers.S b/plat/xilinx/versal_net/aarch64/versal_net_helpers.S
index dab8717..1ae879f 100644
--- a/plat/xilinx/versal_net/aarch64/versal_net_helpers.S
+++ b/plat/xilinx/versal_net/aarch64/versal_net_helpers.S
@@ -12,6 +12,7 @@
#include <platform_def.h>
+ .globl plat_arm_calc_core_pos
.globl plat_secondary_cold_boot_setup
.globl plat_is_my_cpu_primary
.globl platform_mem_init
@@ -58,6 +59,16 @@
b plat_core_pos_by_mpidr
endfunc plat_my_core_pos
+ /* -----------------------------------------------------
+ * unsigned int plat_arm_calc_core_pos(u_register_t mpidr)
+ * This function uses the plat_core_pos_by_mpidr()
+ * definition to get the index of the calling CPU.
+ * -----------------------------------------------------
+ */
+func plat_arm_calc_core_pos
+ b plat_core_pos_by_mpidr
+endfunc plat_arm_calc_core_pos
+
/* ---------------------------------------------------------------------
* We don't need to carry out any memory initialization on Versal NET
* platform. The Secure RAM is accessible straight away.
diff --git a/plat/xilinx/versal_net/bl31_versal_net_setup.c b/plat/xilinx/versal_net/bl31_versal_net_setup.c
index 283fee3..614d6d2 100644
--- a/plat/xilinx/versal_net/bl31_versal_net_setup.c
+++ b/plat/xilinx/versal_net/bl31_versal_net_setup.c
@@ -216,8 +216,8 @@
prepare_dtb();
/* Initialize the gic cpu and distributor interfaces */
- plat_versal_net_gic_driver_init();
- plat_versal_net_gic_init();
+ plat_arm_gic_driver_init();
+ plat_arm_gic_init();
}
void bl31_plat_runtime_setup(void)
diff --git a/plat/xilinx/versal_net/include/plat_macros.S b/plat/xilinx/versal_net/include/plat_macros.S
index db7e42b..57f8336 100644
--- a/plat/xilinx/versal_net/include/plat_macros.S
+++ b/plat/xilinx/versal_net/include/plat_macros.S
@@ -109,8 +109,8 @@
* Uncomment it when versions are stable
*/
/*
- mov_imm x17, PLAT_GICD_BASE_VALUE
- mov_imm x16, PLAT_GICR_BASE_VALUE
+ mov_imm x17, PLAT_ARM_GICD_BASE
+ mov_imm x16, PLAT_ARM_GICR_BASE
versal_net_print_gic_regs
*/
.endm
diff --git a/plat/xilinx/versal_net/include/platform_def.h b/plat/xilinx/versal_net/include/platform_def.h
index 872b6ee..8cb7deb 100644
--- a/plat/xilinx/versal_net/include/platform_def.h
+++ b/plat/xilinx/versal_net/include/platform_def.h
@@ -10,6 +10,7 @@
#define PLATFORM_DEF_H
#include <arch.h>
+#include <plat_common.h>
#include "versal_net_def.h"
/*******************************************************************************
@@ -107,8 +108,8 @@
#define CACHE_WRITEBACK_SHIFT U(6)
#define CACHE_WRITEBACK_GRANULE (1 << CACHE_WRITEBACK_SHIFT)
-#define PLAT_GICD_BASE_VALUE U(0xE2000000)
-#define PLAT_GICR_BASE_VALUE U(0xE2060000)
+#define PLAT_ARM_GICD_BASE U(0xE2000000)
+#define PLAT_ARM_GICR_BASE U(0xE2060000)
/*
* Define a list of Group 1 Secure and Group 0 interrupts as per GICv3
@@ -118,13 +119,15 @@
#define PLAT_VERSAL_NET_IPI_IRQ 89
#define PLAT_VERSAL_IPI_IRQ PLAT_VERSAL_NET_IPI_IRQ
-#define PLAT_VERSAL_NET_G1S_IRQ_PROPS(grp) \
+#define PLAT_ARM_G1S_IRQ_PROPS(grp) \
INTR_PROP_DESC(VERSAL_NET_IRQ_SEC_PHY_TIMER, GIC_HIGHEST_SEC_PRIORITY, grp, \
GIC_INTR_CFG_LEVEL)
-#define PLAT_VERSAL_NET_G0_IRQ_PROPS(grp) \
+#define PLAT_ARM_G0_IRQ_PROPS(grp) \
INTR_PROP_DESC(PLAT_VERSAL_IPI_IRQ, GIC_HIGHEST_SEC_PRIORITY, grp, \
GIC_INTR_CFG_EDGE), \
+ INTR_PROP_DESC(CPU_PWR_DOWN_REQ_INTR, GIC_HIGHEST_SEC_PRIORITY, grp, \
+ GIC_INTR_CFG_EDGE)
#define IRQ_MAX 200U
diff --git a/plat/xilinx/versal_net/plat_psci.c b/plat/xilinx/versal_net/plat_psci.c
index 6e556cd..fcb32b9 100644
--- a/plat/xilinx/versal_net/plat_psci.c
+++ b/plat/xilinx/versal_net/plat_psci.c
@@ -108,8 +108,8 @@
static void zynqmp_pwr_domain_on_finish(const psci_power_state_t *target_state)
{
- plat_versal_net_gic_pcpu_init();
- plat_versal_net_gic_cpuif_enable();
+ plat_arm_gic_pcpu_init();
+ plat_arm_gic_cpuif_enable();
}
static void zynqmp_pwr_domain_suspend_finish(const psci_power_state_t *target_state)
diff --git a/plat/xilinx/versal_net/plat_psci_pm.c b/plat/xilinx/versal_net/plat_psci_pm.c
index 87e25bc..94cb7f5 100644
--- a/plat/xilinx/versal_net/plat_psci_pm.c
+++ b/plat/xilinx/versal_net/plat_psci_pm.c
@@ -14,10 +14,12 @@
#include <plat/common/platform.h>
#include <plat_arm.h>
+#include <drivers/delay_timer.h>
#include <plat_private.h>
#include "pm_api_sys.h"
#include "pm_client.h"
#include <pm_common.h>
+#include "pm_ipi.h"
#include "pm_svc_main.h"
#include "versal_net_def.h"
@@ -57,6 +59,7 @@
*/
static void versal_net_pwr_domain_off(const psci_power_state_t *target_state)
{
+ uint32_t ret, fw_api_version, version[PAYLOAD_ARG_CNT] = {0U};
uint32_t cpu_id = plat_my_core_pos();
const struct pm_proc *proc = pm_get_proc(cpu_id);
@@ -66,7 +69,7 @@
}
/* Prevent interrupts from spuriously waking up this cpu */
- plat_versal_net_gic_cpuif_disable();
+ plat_arm_gic_cpuif_disable();
/*
* Send request to PMC to power down the appropriate APU CPU
@@ -76,8 +79,17 @@
* invoking CPU_on function, during which resume address will
* be set.
*/
- pm_self_suspend(proc->node_id, MAX_LATENCY, PM_STATE_CPU_IDLE, 0,
- SECURE_FLAG);
+ ret = pm_feature_check((uint32_t)PM_SELF_SUSPEND, &version[0], SECURE_FLAG);
+ if (ret == PM_RET_SUCCESS) {
+ fw_api_version = version[0] & 0xFFFFU;
+ if (fw_api_version >= 3U) {
+ (void)pm_self_suspend(proc->node_id, MAX_LATENCY, PM_STATE_CPU_OFF, 0,
+ SECURE_FLAG);
+ } else {
+ (void)pm_self_suspend(proc->node_id, MAX_LATENCY, PM_STATE_CPU_IDLE, 0,
+ SECURE_FLAG);
+ }
+ }
}
/**
@@ -88,9 +100,31 @@
*/
static void __dead2 versal_net_system_reset(void)
{
- /* Send the system reset request to the PMC */
- pm_system_shutdown(XPM_SHUTDOWN_TYPE_RESET,
- pm_get_shutdown_scope(), SECURE_FLAG);
+ uint32_t ret, timeout = 10000U;
+
+ request_cpu_pwrdwn();
+
+ /*
+ * Send the system reset request to the firmware if power down request
+ * is not received from firmware.
+ */
+ if (!pwrdwn_req_received) {
+ (void)pm_system_shutdown(XPM_SHUTDOWN_TYPE_RESET,
+ pm_get_shutdown_scope(), SECURE_FLAG);
+
+ /*
+ * Wait for system shutdown request completed and idle callback
+ * not received.
+ */
+ do {
+ ret = ipi_mb_enquire_status(primary_proc->ipi->local_ipi_id,
+ primary_proc->ipi->remote_ipi_id);
+ udelay(100);
+ timeout--;
+ } while ((ret != IPI_MB_STATUS_RECV_PENDING) && (timeout > 0U));
+ }
+
+ (void)psci_cpu_off();
while (1) {
wfi();
@@ -114,10 +148,10 @@
__func__, i, target_state->pwr_domain_state[i]);
}
- plat_versal_net_gic_cpuif_disable();
+ plat_arm_gic_cpuif_disable();
if (target_state->pwr_domain_state[1] > PLAT_MAX_RET_STATE) {
- plat_versal_net_gic_save();
+ plat_arm_gic_save();
}
state = target_state->pwr_domain_state[1] > PLAT_MAX_RET_STATE ?
@@ -135,10 +169,10 @@
(void)target_state;
/* Enable the gic cpu interface */
- plat_versal_net_gic_pcpu_init();
+ plat_arm_gic_pcpu_init();
/* Program the gic per-cpu distributor or re-distributor interface */
- plat_versal_net_gic_cpuif_enable();
+ plat_arm_gic_cpuif_enable();
}
/**
@@ -163,10 +197,10 @@
/* APU was turned off, so restore GIC context */
if (target_state->pwr_domain_state[1] > PLAT_MAX_RET_STATE) {
- plat_versal_net_gic_resume();
+ plat_arm_gic_resume();
}
- plat_versal_net_gic_cpuif_enable();
+ plat_arm_gic_cpuif_enable();
}
/**
diff --git a/plat/xilinx/versal_net/platform.mk b/plat/xilinx/versal_net/platform.mk
index ad1ee2b..da91abc 100644
--- a/plat/xilinx/versal_net/platform.mk
+++ b/plat/xilinx/versal_net/platform.mk
@@ -21,6 +21,8 @@
GIC_ENABLE_V4_EXTN := 0
GICV3_SUPPORT_GIC600 := 1
TFA_NO_PM := 0
+CPU_PWRDWN_SGI ?= 6
+$(eval $(call add_define_val,CPU_PWR_DOWN_REQ_INTR,ARM_IRQ_SEC_SGI_${CPU_PWRDWN_SGI}))
override CTX_INCLUDE_AARCH32_REGS := 0
@@ -121,6 +123,7 @@
${PLAT_PATH}/bl31_versal_net_setup.c \
common/fdt_fixup.c \
common/fdt_wrappers.c \
+ plat/arm/common/arm_gicv3.c \
${LIBFDT_SRCS} \
${PLAT_PATH}/sip_svc_setup.c \
- ${PLAT_PATH}/versal_net_gicv3.c
+ ${XLAT_TABLES_LIB_SRCS}
diff --git a/plat/xilinx/versal_net/sip_svc_setup.c b/plat/xilinx/versal_net/sip_svc_setup.c
index 0c27dec..80d5a53 100644
--- a/plat/xilinx/versal_net/sip_svc_setup.c
+++ b/plat/xilinx/versal_net/sip_svc_setup.c
@@ -20,7 +20,6 @@
#include "pm_svc_main.h"
/* SMC function IDs for SiP Service queries */
-#define VERSAL_NET_SIP_SVC_CALL_COUNT (0x8200ff00U)
#define VERSAL_NET_SIP_SVC_UID (0x8200ff01U)
#define VERSAL_NET_SIP_SVC_VERSION (0x8200ff03U)
@@ -88,10 +87,6 @@
/* Let PM SMC handler deal with PM-related requests */
switch (smc_fid) {
- case VERSAL_NET_SIP_SVC_CALL_COUNT:
- /* PM functions + default functions */
- SMC_RET1(handle, 2);
-
case VERSAL_NET_SIP_SVC_UID:
SMC_UUID_RET(handle, versal_net_sip_uuid);
diff --git a/plat/xilinx/versal_net/versal_net_gicv3.c b/plat/xilinx/versal_net/versal_net_gicv3.c
deleted file mode 100644
index 2fdef12..0000000
--- a/plat/xilinx/versal_net/versal_net_gicv3.c
+++ /dev/null
@@ -1,189 +0,0 @@
-/*
- * Copyright (c) 2018-2019, Arm Limited and Contributors. All rights reserved.
- * Copyright (c) 2018-2022, Xilinx, Inc. All rights reserved.
- * Copyright (c) 2022-2023, Advanced Micro Devices, Inc. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <common/debug.h>
-#include <common/interrupt_props.h>
-#include <drivers/arm/gicv3.h>
-#include <lib/utils.h>
-#include <plat/common/platform.h>
-
-#include <plat_private.h>
-#include <platform_def.h>
-
-/******************************************************************************
- * The following functions are defined as weak to allow a platform to override
- * the way the GICv3 driver is initialised and used.
- *****************************************************************************/
-#pragma weak plat_versal_net_gic_driver_init
-#pragma weak plat_versal_net_gic_init
-#pragma weak plat_versal_net_gic_cpuif_enable
-#pragma weak plat_versal_net_gic_cpuif_disable
-#pragma weak plat_versal_net_gic_pcpu_init
-#pragma weak plat_versal_net_gic_redistif_on
-#pragma weak plat_versal_net_gic_redistif_off
-
-/* The GICv3 driver only needs to be initialized in EL3 */
-static uintptr_t rdistif_base_addrs[PLATFORM_CORE_COUNT];
-
-static const interrupt_prop_t versal_net_interrupt_props[] = {
- PLAT_VERSAL_NET_G1S_IRQ_PROPS(INTR_GROUP1S),
- PLAT_VERSAL_NET_G0_IRQ_PROPS(INTR_GROUP0)
-};
-
-/*
- * We save and restore the GICv3 context on system suspend. Allocate the
- * data in the designated EL3 Secure carve-out memory.
- */
-static gicv3_redist_ctx_t rdist_ctx __section(".versal_net_el3_tzc_dram");
-static gicv3_dist_ctx_t dist_ctx __section(".versal_net_el3_tzc_dram");
-
-/*
- * MPIDR hashing function for translating MPIDRs read from GICR_TYPER register
- * to core position.
- *
- * Calculating core position is dependent on MPIDR_EL1.MT bit. However, affinity
- * values read from GICR_TYPER don't have an MT field. To reuse the same
- * translation used for CPUs, we insert MT bit read from the PE's MPIDR into
- * that read from GICR_TYPER.
- *
- * Assumptions:
- *
- * - All CPUs implemented in the system have MPIDR_EL1.MT bit set;
- * - No CPUs implemented in the system use affinity level 3.
- */
-static uint32_t versal_net_gicv3_mpidr_hash(u_register_t mpidr)
-{
- mpidr |= (read_mpidr_el1() & MPIDR_MT_MASK);
- return plat_core_pos_by_mpidr(mpidr);
-}
-
-static const gicv3_driver_data_t versal_net_gic_data __unused = {
- .gicd_base = PLAT_GICD_BASE_VALUE,
- .gicr_base = PLAT_GICR_BASE_VALUE,
- .interrupt_props = versal_net_interrupt_props,
- .interrupt_props_num = ARRAY_SIZE(versal_net_interrupt_props),
- .rdistif_num = PLATFORM_CORE_COUNT,
- .rdistif_base_addrs = rdistif_base_addrs,
- .mpidr_to_core_pos = versal_net_gicv3_mpidr_hash
-};
-
-void __init plat_versal_net_gic_driver_init(void)
-{
- /*
- * The GICv3 driver is initialized in EL3 and does not need
- * to be initialized again in SEL1. This is because the S-EL1
- * can use GIC system registers to manage interrupts and does
- * not need GIC interface base addresses to be configured.
- */
-#if IMAGE_BL31
- gicv3_driver_init(&versal_net_gic_data);
-#endif
-}
-
-/******************************************************************************
- * Versal NET common helper to initialize the GIC. Only invoked by BL31
- *****************************************************************************/
-void __init plat_versal_net_gic_init(void)
-{
- gicv3_distif_init();
- gicv3_rdistif_init(plat_my_core_pos());
- gicv3_cpuif_enable(plat_my_core_pos());
-}
-
-/******************************************************************************
- * Versal NET common helper to enable the GIC CPU interface
- *****************************************************************************/
-void plat_versal_net_gic_cpuif_enable(void)
-{
- gicv3_cpuif_enable(plat_my_core_pos());
-}
-
-/******************************************************************************
- * Versal NET common helper to disable the GIC CPU interface
- *****************************************************************************/
-void plat_versal_net_gic_cpuif_disable(void)
-{
- gicv3_cpuif_disable(plat_my_core_pos());
-}
-
-/******************************************************************************
- * Versal NET common helper to initialize the per-cpu redistributor interface in
- * GICv3
- *****************************************************************************/
-void plat_versal_net_gic_pcpu_init(void)
-{
- gicv3_rdistif_init(plat_my_core_pos());
-}
-
-/******************************************************************************
- * Versal NET common helpers to power GIC redistributor interface
- *****************************************************************************/
-void plat_versal_net_gic_redistif_on(void)
-{
- gicv3_rdistif_on(plat_my_core_pos());
-}
-
-void plat_versal_net_gic_redistif_off(void)
-{
- gicv3_rdistif_off(plat_my_core_pos());
-}
-
-/******************************************************************************
- * Versal NET common helper to save & restore the GICv3 on resume from system
- * suspend
- *****************************************************************************/
-void plat_versal_net_gic_save(void)
-{
- /*
- * If an ITS is available, save its context before
- * the Redistributor using:
- * gicv3_its_save_disable(gits_base, &its_ctx[i])
- * Additionnaly, an implementation-defined sequence may
- * be required to save the whole ITS state.
- */
-
- /*
- * Save the GIC Redistributors and ITS contexts before the
- * Distributor context. As we only handle SYSTEM SUSPEND API,
- * we only need to save the context of the CPU that is issuing
- * the SYSTEM SUSPEND call, i.e. the current CPU.
- */
- gicv3_rdistif_save(plat_my_core_pos(), &rdist_ctx);
-
- /* Save the GIC Distributor context */
- gicv3_distif_save(&dist_ctx);
-
- /*
- * From here, all the components of the GIC can be safely powered down
- * as long as there is an alternate way to handle wakeup interrupt
- * sources.
- */
-}
-
-void plat_versal_net_gic_resume(void)
-{
- /* Restore the GIC Distributor context */
- gicv3_distif_init_restore(&dist_ctx);
-
- /*
- * Restore the GIC Redistributor and ITS contexts after the
- * Distributor context. As we only handle SYSTEM SUSPEND API,
- * we only need to restore the context of the CPU that issued
- * the SYSTEM SUSPEND call.
- */
- gicv3_rdistif_init_restore(plat_my_core_pos(), &rdist_ctx);
-
- /*
- * If an ITS is available, restore its context after
- * the Redistributor using:
- * gicv3_its_restore(gits_base, &its_ctx[i])
- * An implementation-defined sequence may be required to
- * restore the whole ITS state. The ITS must also be
- * re-enabled after this sequence has been executed.
- */
-}
diff --git a/plat/xilinx/zynqmp/sip_svc_setup.c b/plat/xilinx/zynqmp/sip_svc_setup.c
index 6a8555e..f5990ca 100644
--- a/plat/xilinx/zynqmp/sip_svc_setup.c
+++ b/plat/xilinx/zynqmp/sip_svc_setup.c
@@ -18,7 +18,6 @@
#include "zynqmp_pm_svc_main.h"
/* SMC function IDs for SiP Service queries */
-#define ZYNQMP_SIP_SVC_CALL_COUNT U(0x8200ff00)
#define ZYNQMP_SIP_SVC_UID U(0x8200ff01)
#define ZYNQMP_SIP_SVC_VERSION U(0x8200ff03)
@@ -100,10 +99,6 @@
}
switch (smc_fid) {
- case ZYNQMP_SIP_SVC_CALL_COUNT:
- /* PM functions + default functions */
- SMC_RET1(handle, PM_API_MAX + 2);
-
case ZYNQMP_SIP_SVC_UID:
SMC_UUID_RET(handle, zynqmp_sip_uuid);
diff --git a/readme.rst b/readme.rst
index 148d477..171b32b 100644
--- a/readme.rst
+++ b/readme.rst
@@ -39,7 +39,7 @@
.. _Secure Monitor: http://www.arm.com/products/processors/technologies/trustzone/tee-smc.php
.. _Power State Coordination Interface (PSCI): PSCI_
.. _PSCI: http://infocenter.arm.com/help/topic/com.arm.doc.den0022d/Power_State_Coordination_Interface_PDD_v1_1_DEN0022D.pdf
-.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT): https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
+.. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT): https://developer.arm.com/docs/den0006/latest
.. _SMC Calling Convention: http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf
.. _System Control and Management Interface (SCMI): SCMI_
.. _SCMI: http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
diff --git a/services/oem/chromeos/widevine_smc_handlers.c b/services/oem/chromeos/widevine_smc_handlers.c
new file mode 100644
index 0000000..83c6ccc
--- /dev/null
+++ b/services/oem/chromeos/widevine_smc_handlers.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2024, The ChromiumOS Authors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <stdint.h>
+#include <string.h>
+
+#include <common/debug.h>
+#include <common/runtime_svc.h>
+#include <lib/psci/psci.h>
+#include <lib/xlat_tables/xlat_tables_v2.h>
+#include <services/oem/chromeos/widevine_smc_handlers.h>
+#include <tools_share/uuid.h>
+
+#define CROS_OEM_TPM_AUTH_PK_MAX_LEN 128
+#define CROS_OEM_HUK_LEN 32
+#define CROS_OEM_ROT_LEN 32
+
+static uint8_t cros_oem_tpm_auth_pk_buffer[CROS_OEM_TPM_AUTH_PK_MAX_LEN];
+static uint8_t cros_oem_huk_buffer[CROS_OEM_HUK_LEN];
+static uint8_t cros_oem_rot_len_buffer[CROS_OEM_ROT_LEN];
+
+struct cros_oem_data cros_oem_tpm_auth_pk = {
+ .buffer = cros_oem_tpm_auth_pk_buffer,
+ .max_length = sizeof(cros_oem_tpm_auth_pk_buffer),
+};
+
+struct cros_oem_data cros_oem_huk = {
+ .buffer = cros_oem_huk_buffer,
+ .max_length = sizeof(cros_oem_huk_buffer),
+};
+
+struct cros_oem_data cros_oem_rot = {
+ .buffer = cros_oem_rot_len_buffer,
+ .max_length = sizeof(cros_oem_rot_len_buffer),
+};
+
+static uintptr_t cros_write_data(struct cros_oem_data *data,
+ u_register_t length, u_register_t address,
+ void *handle)
+{
+ uintptr_t aligned_address;
+ uintptr_t aligned_size;
+ int32_t rc;
+
+ if (data->length) {
+ SMC_RET1(handle, PSCI_E_ALREADY_ON);
+ }
+
+ if (length > data->max_length) {
+ SMC_RET1(handle, PSCI_E_INVALID_PARAMS);
+ }
+
+ aligned_address = page_align(address, DOWN);
+ aligned_size = page_align(length + (address - aligned_address), UP);
+
+ /*
+ * We do not validate the passed in address because we are trusting the
+ * non-secure world at this point still.
+ */
+ rc = mmap_add_dynamic_region(aligned_address, aligned_address,
+ aligned_size, MT_MEMORY | MT_RO | MT_NS);
+ if (rc != 0) {
+ SMC_RET1(handle, PSCI_E_INVALID_ADDRESS);
+ }
+
+ memcpy(data->buffer, (void *)address, length);
+ data->length = length;
+
+ mmap_remove_dynamic_region(aligned_address, aligned_size);
+ SMC_RET1(handle, SMC_OK);
+}
+
+/* Handler for servicing specific SMC calls. */
+static uintptr_t cros_oem_svc_smc_handler(uint32_t smc_fid, u_register_t x1,
+ u_register_t x2, u_register_t x3,
+ u_register_t x4, void *cookie,
+ void *handle, u_register_t flags)
+{
+ switch (smc_fid) {
+ case CROS_OEM_SMC_DRM_SET_TPM_AUTH_PUB_FUNC_ID:
+ return cros_write_data(&cros_oem_tpm_auth_pk, x1, x2, handle);
+ case CROS_OEM_SMC_DRM_SET_HARDWARE_UNIQUE_KEY_FUNC_ID:
+ return cros_write_data(&cros_oem_huk, x1, x2, handle);
+ case CROS_OEM_SMC_DRM_SET_ROOT_OF_TRUST_FUNC_ID:
+ return cros_write_data(&cros_oem_rot, x1, x2, handle);
+ default:
+ WARN("Unimplemented OEM Call: 0x%x\n", smc_fid);
+ SMC_RET1(handle, SMC_UNK);
+ }
+}
+
+/* Register OEM Service Calls as runtime service */
+DECLARE_RT_SVC(cros_oem_svc_smc_handler, OEN_OEM_START, OEN_OEM_END,
+ SMC_TYPE_FAST, NULL, cros_oem_svc_smc_handler);
diff --git a/services/spd/opteed/opteed.mk b/services/spd/opteed/opteed.mk
index f394744..289b3e7 100644
--- a/services/spd/opteed/opteed.mk
+++ b/services/spd/opteed/opteed.mk
@@ -33,3 +33,11 @@
$(eval $(call add_define,OPTEE_ALLOW_SMC_LOAD))
include lib/libfdt/libfdt.mk
endif
+
+CROS_WIDEVINE_SMC := 0
+ifeq ($(CROS_WIDEVINE_SMC),1)
+ifeq ($(OPTEE_ALLOW_SMC_LOAD),0)
+$(error When CROS_WIDEVINE_SMC=1, OPTEE_ALLOW_SMC_LOAD must also be 1)
+endif
+$(eval $(call add_define,CROS_WIDEVINE_SMC))
+endif
diff --git a/services/spd/opteed/opteed_main.c b/services/spd/opteed/opteed_main.c
index ab9896e..83b001a 100644
--- a/services/spd/opteed/opteed_main.c
+++ b/services/spd/opteed/opteed_main.c
@@ -33,6 +33,7 @@
#include <libfdt.h>
#endif /* OPTEE_ALLOW_SMC_LOAD */
#include <plat/common/platform.h>
+#include <services/oem/chromeos/widevine_smc_handlers.h>
#include <tools_share/uuid.h>
#include "opteed_private.h"
@@ -61,7 +62,7 @@
0xb1eafba3, 0x5d31, 0x4612, 0xb9, 0x06,
0xc4, 0xc7, 0xa4, 0xbe, 0x3c, 0xc0);
-#define OPTEED_FDT_SIZE 256
+#define OPTEED_FDT_SIZE 1024
static uint8_t fdt_buf[OPTEED_FDT_SIZE] __aligned(CACHE_WRITEBACK_GRANULE);
#else
@@ -299,6 +300,62 @@
}
#endif /* COREBOOT */
+#if CROS_WIDEVINE_SMC
+/*
+ * Adds a options/widevine node with the widevine table information to a device
+ * tree. Returns zero on success or if there is no widevine table information;
+ * failure code otherwise.
+ */
+static int add_options_widevine_node(void *fdt)
+{
+ int ret;
+
+ ret = fdt_begin_node(fdt, "options");
+ if (ret)
+ return ret;
+
+ ret = fdt_begin_node(fdt, "op-tee");
+ if (ret)
+ return ret;
+
+ ret = fdt_begin_node(fdt, "widevine");
+ if (ret)
+ return ret;
+
+ if (cros_oem_tpm_auth_pk.length) {
+ ret = fdt_property(fdt, "tcg,tpm-auth-public-key",
+ cros_oem_tpm_auth_pk.buffer,
+ cros_oem_tpm_auth_pk.length);
+ if (ret)
+ return ret;
+ }
+
+ if (cros_oem_huk.length) {
+ ret = fdt_property(fdt, "op-tee,hardware-unique-key",
+ cros_oem_huk.buffer, cros_oem_huk.length);
+ if (ret)
+ return ret;
+ }
+
+ if (cros_oem_rot.length) {
+ ret = fdt_property(fdt, "google,widevine-root-of-trust-ecc-p256",
+ cros_oem_rot.buffer, cros_oem_rot.length);
+ if (ret)
+ return ret;
+ }
+
+ ret = fdt_end_node(fdt);
+ if (ret)
+ return ret;
+
+ ret = fdt_end_node(fdt);
+ if (ret)
+ return ret;
+
+ return fdt_end_node(fdt);
+}
+#endif /* CROS_WIDEVINE_SMC */
+
/*
* Creates a device tree for passing into OP-TEE. Currently is populated with
* the coreboot table address.
@@ -326,6 +383,12 @@
return ret;
#endif /* COREBOOT */
+#if CROS_WIDEVINE_SMC
+ ret = add_options_widevine_node(fdt_buf);
+ if (ret)
+ return ret;
+#endif /* CROS_WIDEVINE_SMC */
+
ret = fdt_end_node(fdt_buf);
if (ret)
return ret;
diff --git a/services/std_svc/errata_abi/errata_abi_main.c b/services/std_svc/errata_abi/errata_abi_main.c
index 537cb5c..811adcb 100644
--- a/services/std_svc/errata_abi/errata_abi_main.c
+++ b/services/std_svc/errata_abi/errata_abi_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2023-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -237,12 +237,13 @@
[3] = {2242638, 0x01, 0x02, ERRATA_A78C_2242638},
[4] = {2376749, 0x01, 0x02, ERRATA_A78C_2376749},
[5] = {2395411, 0x01, 0x02, ERRATA_A78C_2395411},
- [6] = {2712575, 0x01, 0x02, ERRATA_A78C_2712575, \
+ [6] = {2683027, 0x01, 0x02, ERRATA_A78C_2683027},
+ [7] = {2712575, 0x01, 0x02, ERRATA_A78C_2712575, \
ERRATA_NON_ARM_INTERCONNECT},
- [7] = {2743232, 0x01, 0x02, ERRATA_A78C_2743232},
- [8] = {2772121, 0x00, 0x02, ERRATA_A78C_2772121},
- [9] = {2779484, 0x01, 0x02, ERRATA_A78C_2779484},
- [10 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [8] = {2743232, 0x01, 0x02, ERRATA_A78C_2743232},
+ [9] = {2772121, 0x00, 0x02, ERRATA_A78C_2772121},
+ [10] = {2779484, 0x01, 0x02, ERRATA_A78C_2779484},
+ [11 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_A78C_H_INC */
@@ -434,9 +435,10 @@
{
.cpu_partnumber = CORTEX_A715_MIDR,
.cpu_errata_list = {
- [0] = {2701951, 0x00, 0x11, ERRATA_A715_2701951, \
+ [0] = {2561034, 0x10, 0x10, ERRATA_A715_2561034},
+ [1] = {2701951, 0x00, 0x11, ERRATA_A715_2701951, \
ERRATA_NON_ARM_INTERCONNECT},
- [1 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [2 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_A715_H_INC */
@@ -446,12 +448,15 @@
.cpu_partnumber = CORTEX_X3_MIDR,
.cpu_errata_list = {
[0] = {2070301, 0x00, 0x12, ERRATA_X3_2070301},
- [1] = {2313909, 0x00, 0x10, ERRATA_X3_2313909},
- [2] = {2615812, 0x00, 0x11, ERRATA_X3_2615812},
- [3] = {2742421, 0x00, 0x11, ERRATA_X3_2742421},
- [4] = {2743088, 0x00, 0x11, ERRATA_X3_2743088},
- [5] = {2779509, 0x00, 0x11, ERRATA_X3_2779509},
- [6 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [1] = {2266875, 0x00, 0x10, ERRATA_X3_2266875},
+ [2] = {2302506, 0x00, 0x11, ERRATA_X3_2302506},
+ [3] = {2313909, 0x00, 0x10, ERRATA_X3_2313909},
+ [4] = {2615812, 0x00, 0x11, ERRATA_X3_2615812},
+ [5] = {2641945, 0x00, 0x10, ERRATA_X3_2641945},
+ [6] = {2742421, 0x00, 0x11, ERRATA_X3_2742421},
+ [7] = {2743088, 0x00, 0x11, ERRATA_X3_2743088},
+ [8] = {2779509, 0x00, 0x11, ERRATA_X3_2779509},
+ [9 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_X3_H_INC */
diff --git a/services/std_svc/rmmd/rmmd_main.c b/services/std_svc/rmmd/rmmd_main.c
index 4ea074f..fb096bc 100644
--- a/services/std_svc/rmmd/rmmd_main.c
+++ b/services/std_svc/rmmd/rmmd_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -70,7 +70,6 @@
cm_set_context(&(rmm_ctx->cpu_ctx), REALM);
/* Restore the realm context assigned above */
- cm_el1_sysregs_context_restore(REALM);
cm_el2_sysregs_context_restore(REALM);
cm_set_next_eret_context(REALM);
@@ -78,12 +77,10 @@
rc = rmmd_rmm_enter(&rmm_ctx->c_rt_ctx);
/*
- * Save realm context. EL1 and EL2 Non-secure
- * contexts will be restored before exiting to
- * Non-secure world, therefore there is no need
- * to clear EL1 and EL2 context registers.
+ * Save realm context. EL2 Non-secure context will be restored
+ * before exiting Non-secure world, therefore there is no need
+ * to clear EL2 context registers.
*/
- cm_el1_sysregs_context_save(REALM);
cm_el2_sysregs_context_save(REALM);
return rc;
@@ -279,11 +276,9 @@
cpu_context_t *ctx = cm_get_context(dst_sec_state);
/* Save incoming security state */
- cm_el1_sysregs_context_save(src_sec_state);
cm_el2_sysregs_context_save(src_sec_state);
/* Restore outgoing security state */
- cm_el1_sysregs_context_restore(dst_sec_state);
cm_el2_sysregs_context_restore(dst_sec_state);
cm_set_next_eret_context(dst_sec_state);
diff --git a/services/std_svc/rmmd/trp/trp.mk b/services/std_svc/rmmd/trp/trp.mk
index b7bd317..bb96343 100644
--- a/services/std_svc/rmmd/trp/trp.mk
+++ b/services/std_svc/rmmd/trp/trp.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2021-2023 Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2021-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -10,9 +10,9 @@
RMM_DEFAULT_LINKER_SCRIPT_SOURCE := services/std_svc/rmmd/trp/linker.ld.S
-ifneq ($(findstring gcc,$(notdir $(LD))),)
+ifeq ($($(ARCH)-ld-id),gnu-gcc)
RMM_LDFLAGS += -Wl,--sort-section=alignment
-else ifneq ($(findstring ld,$(notdir $(LD))),)
+else ifneq ($(filter llvm-lld gnu-ld,$($(ARCH)-ld-id)),)
RMM_LDFLAGS += --sort-section=alignment
endif
diff --git a/services/std_svc/sdei/sdei_intr_mgmt.c b/services/std_svc/sdei/sdei_intr_mgmt.c
index 3bdf4a2..72bc33f 100644
--- a/services/std_svc/sdei/sdei_intr_mgmt.c
+++ b/services/std_svc/sdei/sdei_intr_mgmt.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -295,7 +295,7 @@
}
/* If MTE is implemented in the client el set the TCO bit */
- if (get_armv8_5_mte_support() >= MTE_IMPLEMENTED_ELX) {
+ if (is_feat_mte_supported()) {
sdei_spsr |= SPSR_TCO_BIT_AARCH64;
}
diff --git a/services/std_svc/spm/el3_spmc/spmc_main.c b/services/std_svc/spm/el3_spmc/spmc_main.c
index 9cfcd87..c6ec30c 100644
--- a/services/std_svc/spm/el3_spmc/spmc_main.c
+++ b/services/std_svc/spm/el3_spmc/spmc_main.c
@@ -234,7 +234,7 @@
/* If we originated in the normal world then switch contexts. */
else if (!secure_origin && ffa_is_secure_world_id(dst_id)) {
return spmd_smc_switch_state(smc_fid, secure_origin, x1, x2,
- x3, x4, handle);
+ x3, x4, handle, flags);
} else {
/* Unknown State. */
panic();
@@ -1489,7 +1489,8 @@
void *handle,
uint64_t flags)
{
- char *chars;
+ /* Maximum number of characters is 48: 6 registers of 8 bytes each. */
+ char chars[48] = {0};
size_t chars_max;
size_t chars_count = x1;
@@ -1500,27 +1501,23 @@
assert(smc_fid == FFA_CONSOLE_LOG_SMC32 || smc_fid == FFA_CONSOLE_LOG_SMC64);
if (smc_fid == FFA_CONSOLE_LOG_SMC32) {
- uint32_t registers[] = {
- (uint32_t)x2,
- (uint32_t)x3,
- (uint32_t)x4,
- (uint32_t)SMC_GET_GP(handle, CTX_GPREG_X5),
- (uint32_t)SMC_GET_GP(handle, CTX_GPREG_X6),
- (uint32_t)SMC_GET_GP(handle, CTX_GPREG_X7),
- };
- chars_max = ARRAY_SIZE(registers) * sizeof(uint32_t);
- chars = (char *)registers;
+ uint32_t *registers = (uint32_t *)chars;
+ registers[0] = (uint32_t)x2;
+ registers[1] = (uint32_t)x3;
+ registers[2] = (uint32_t)x4;
+ registers[3] = (uint32_t)SMC_GET_GP(handle, CTX_GPREG_X5);
+ registers[4] = (uint32_t)SMC_GET_GP(handle, CTX_GPREG_X6);
+ registers[5] = (uint32_t)SMC_GET_GP(handle, CTX_GPREG_X7);
+ chars_max = 6 * sizeof(uint32_t);
} else {
- uint64_t registers[] = {
- x2,
- x3,
- x4,
- SMC_GET_GP(handle, CTX_GPREG_X5),
- SMC_GET_GP(handle, CTX_GPREG_X6),
- SMC_GET_GP(handle, CTX_GPREG_X7),
- };
- chars_max = ARRAY_SIZE(registers) * sizeof(uint64_t);
- chars = (char *)registers;
+ uint64_t *registers = (uint64_t *)chars;
+ registers[0] = x2;
+ registers[1] = x3;
+ registers[2] = x4;
+ registers[3] = SMC_GET_GP(handle, CTX_GPREG_X5);
+ registers[4] = SMC_GET_GP(handle, CTX_GPREG_X6);
+ registers[5] = SMC_GET_GP(handle, CTX_GPREG_X7);
+ chars_max = 6 * sizeof(uint64_t);
}
if ((chars_count == 0) || (chars_count > chars_max)) {
@@ -2490,9 +2487,11 @@
/*
* Forward the interrupt to the S-EL1 SP. The interrupt ID is not
* populated as the SP can determine this by itself.
+ * The flags field is forced to 0 mainly to pass the SVE hint bit
+ * cleared for consumption by the lower EL.
*/
return spmd_smc_switch_state(FFA_INTERRUPT, false,
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
- handle);
+ handle, 0ULL);
}
diff --git a/services/std_svc/spmd/spmd_main.c b/services/std_svc/spmd/spmd_main.c
index 1d0bd00..7572adf 100644
--- a/services/std_svc/spmd/spmd_main.c
+++ b/services/std_svc/spmd/spmd_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -667,11 +667,22 @@
uint64_t x2,
uint64_t x3,
uint64_t x4,
- void *handle)
+ void *handle,
+ uint64_t flags)
{
unsigned int secure_state_in = (secure_origin) ? SECURE : NON_SECURE;
unsigned int secure_state_out = (!secure_origin) ? SECURE : NON_SECURE;
+#if SPMD_SPM_AT_SEL2
+ if ((secure_state_out == SECURE) && (is_sve_hint_set(flags) == true)) {
+ /*
+ * Set the SVE hint bit in x0 and pass to the lower secure EL,
+ * if it was set by the caller.
+ */
+ smc_fid |= (FUNCID_SVE_HINT_MASK << FUNCID_SVE_HINT_SHIFT);
+ }
+#endif
+
/* Save incoming security state */
#if SPMD_SPM_AT_SEL2
if (secure_state_in == NON_SECURE) {
@@ -746,8 +757,9 @@
return spmc_smc_handler(smc_fid, secure_origin, x1, x2, x3, x4,
cookie, handle, flags);
}
+
return spmd_smc_switch_state(smc_fid, secure_origin, x1, x2, x3, x4,
- handle);
+ handle, flags);
}
@@ -844,7 +856,7 @@
unsigned int linear_id = plat_my_core_pos();
spmd_spm_core_context_t *ctx = spmd_get_context();
bool secure_origin;
- int32_t ret;
+ int ret;
uint32_t input_version;
/* Determine which security state this SMC originated from */
@@ -1151,6 +1163,25 @@
}
break; /* Not reached */
+ case FFA_MSG_SEND_DIRECT_REQ2_SMC64:
+ if (!secure_origin) {
+ /* Validate source endpoint is non-secure for non-secure caller. */
+ if (ffa_is_secure_world_id(ffa_endpoint_source(x1))) {
+ return spmd_ffa_error_return(handle,
+ FFA_ERROR_INVALID_PARAMETER);
+ }
+ }
+ /* FFA_MSG_SEND_DIRECT_REQ2 not used for framework messages. */
+ if (secure_origin && spmd_is_spmc_message(x1)) {
+ return spmd_ffa_error_return(handle, FFA_ERROR_INVALID_PARAMETER);
+ } else {
+ /* Forward direct message to the other world */
+ return spmd_smc_forward(smc_fid, secure_origin,
+ x1, x2, x3, x4, cookie,
+ handle, flags);
+ }
+ break; /* Not reached */
+
case FFA_MSG_SEND_DIRECT_RESP_SMC32:
case FFA_MSG_SEND_DIRECT_RESP_SMC64:
if (secure_origin && (spmd_is_spmc_message(x1) ||
@@ -1163,7 +1194,12 @@
handle, flags);
}
break; /* Not reached */
-
+ case FFA_MSG_SEND_DIRECT_RESP2_SMC64:
+ /* Forward direct message to the other world */
+ return spmd_smc_forward(smc_fid, secure_origin,
+ x1, x2, x3, x4, cookie,
+ handle, flags);
+ break; /* Not reached */
case FFA_RX_RELEASE:
case FFA_RXTX_MAP_SMC32:
case FFA_RXTX_MAP_SMC64:
diff --git a/tools/amlogic/Makefile b/tools/amlogic/Makefile
index 1a1d1f8..5ff26e5 100644
--- a/tools/amlogic/Makefile
+++ b/tools/amlogic/Makefile
@@ -4,9 +4,13 @@
# SPDX-License-Identifier: BSD-3-Clause
# https://spdx.org/licenses
#
+
+toolchains := host
+
MAKE_HELPERS_DIRECTORY := ../../make_helpers/
include ${MAKE_HELPERS_DIRECTORY}build_macros.mk
include ${MAKE_HELPERS_DIRECTORY}build_env.mk
+include ${MAKE_HELPERS_DIRECTORY}toolchain.mk
PROJECT := doimage${BIN_EXT}
OBJECTS := doimage.o
@@ -26,22 +30,20 @@
Q :=
endif
-HOSTCC := gcc
-
.PHONY: all clean distclean
all: ${PROJECT}
${PROJECT}: ${OBJECTS} Makefile
@echo " HOSTLD $@"
- ${Q}${HOSTCC} ${OBJECTS} -o $@
+ ${Q}$(host-cc) ${OBJECTS} -o $@
@${ECHO_BLANK_LINE}
@echo "Built $@ successfully"
@${ECHO_BLANK_LINE}
%.o: %.c Makefile
@echo " HOSTCC $<"
- ${Q}${HOSTCC} -c ${HOSTCCFLAGS} $< -o $@
+ ${Q}$(host-cc) -c ${HOSTCCFLAGS} $< -o $@
clean:
$(call SHELL_DELETE_ALL, ${PROJECT} ${OBJECTS})
diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile
index b911d19..21523f6 100644
--- a/tools/cert_create/Makefile
+++ b/tools/cert_create/Makefile
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -11,10 +11,13 @@
BINARY := $(notdir ${CRTTOOL})
COT := tbbr
+toolchains := host
+
MAKE_HELPERS_DIRECTORY := ../../make_helpers/
include ${MAKE_HELPERS_DIRECTORY}build_macros.mk
include ${MAKE_HELPERS_DIRECTORY}build_env.mk
include ${MAKE_HELPERS_DIRECTORY}defaults.mk
+include ${MAKE_HELPERS_DIRECTORY}toolchain.mk
ifneq (${PLAT},none)
TF_PLATFORM_ROOT := ../../plat/
@@ -81,8 +84,6 @@
LIB_DIR := -L ${OPENSSL_DIR}/lib -L ${OPENSSL_DIR}
LIB := -lssl -lcrypto
-HOSTCC ?= gcc
-
.PHONY: all clean realclean --openssl
all: --openssl ${BINARY}
@@ -91,12 +92,12 @@
@echo " HOSTLD $@"
@echo 'const char build_msg[] = "Built : "__TIME__", "__DATE__; \
const char platform_msg[] = "${PLAT_MSG}";' | \
- ${HOSTCC} -c ${HOSTCCFLAGS} -xc - -o src/build_msg.o
- ${Q}${HOSTCC} src/build_msg.o ${OBJECTS} ${LIB_DIR} ${LIB} -o $@
+ $(host-cc) -c ${HOSTCCFLAGS} -xc - -o src/build_msg.o
+ ${Q}$(host-cc) src/build_msg.o ${OBJECTS} ${LIB_DIR} ${LIB} -o $@
%.o: %.c
@echo " HOSTCC $<"
- ${Q}${HOSTCC} -c ${HOSTCCFLAGS} ${INC_DIR} $< -o $@
+ ${Q}$(host-cc) -c ${HOSTCCFLAGS} ${INC_DIR} $< -o $@
--openssl:
ifeq ($(DEBUG),1)
@@ -108,4 +109,3 @@
realclean: clean
$(call SHELL_DELETE,${BINARY})
-
diff --git a/tools/encrypt_fw/Makefile b/tools/encrypt_fw/Makefile
index 924e5fe..83f2f57 100644
--- a/tools/encrypt_fw/Makefile
+++ b/tools/encrypt_fw/Makefile
@@ -11,11 +11,13 @@
BINARY := $(notdir ${ENCTOOL})
OPENSSL_DIR := /usr
+toolchains := host
MAKE_HELPERS_DIRECTORY := ../../make_helpers/
include ${MAKE_HELPERS_DIRECTORY}build_macros.mk
include ${MAKE_HELPERS_DIRECTORY}build_env.mk
include ${MAKE_HELPERS_DIRECTORY}defaults.mk
+include ${MAKE_HELPERS_DIRECTORY}toolchain.mk
OBJECTS := src/encrypt.o \
src/cmd_opt.o \
@@ -61,8 +63,6 @@
LIB_DIR := -L ${OPENSSL_DIR}/lib -L ${OPENSSL_DIR}
LIB := -lssl -lcrypto
-HOSTCC ?= gcc
-
.PHONY: all clean realclean --openssl
all: --openssl ${BINARY}
@@ -70,12 +70,12 @@
${BINARY}: ${OBJECTS} Makefile
@echo " HOSTLD $@"
@echo 'const char build_msg[] = "Built : "__TIME__", "__DATE__;' | \
- ${HOSTCC} -c ${HOSTCCFLAGS} -xc - -o src/build_msg.o
- ${Q}${HOSTCC} src/build_msg.o ${OBJECTS} ${LIB_DIR} ${LIB} -o $@
+ $(host-cc) -c ${HOSTCCFLAGS} -xc - -o src/build_msg.o
+ ${Q}$(host-cc) src/build_msg.o ${OBJECTS} ${LIB_DIR} ${LIB} -o $@
%.o: %.c
@echo " HOSTCC $<"
- ${Q}${HOSTCC} -c ${HOSTCCFLAGS} ${INC_DIR} $< -o $@
+ ${Q}$(host-cc) -c ${HOSTCCFLAGS} ${INC_DIR} $< -o $@
--openssl:
ifeq ($(DEBUG),1)
diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile
index fda7c77..865ff4c 100644
--- a/tools/fiptool/Makefile
+++ b/tools/fiptool/Makefile
@@ -1,13 +1,16 @@
#
-# Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2014-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
+toolchains := host
+
MAKE_HELPERS_DIRECTORY := ../../make_helpers/
include ${MAKE_HELPERS_DIRECTORY}build_macros.mk
include ${MAKE_HELPERS_DIRECTORY}build_env.mk
include ${MAKE_HELPERS_DIRECTORY}defaults.mk
+include ${MAKE_HELPERS_DIRECTORY}toolchain.mk
FIPTOOL ?= fiptool${BIN_EXT}
PROJECT := $(notdir ${FIPTOOL})
@@ -58,8 +61,6 @@
Q :=
endif
-HOSTCC ?= gcc
-
ifneq (${PLAT},)
TF_PLATFORM_ROOT := ../../plat/
include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk
@@ -81,14 +82,14 @@
${PROJECT}: ${OBJECTS} Makefile
@echo " HOSTLD $@"
- ${Q}${HOSTCC} ${OBJECTS} -o $@ $(LDOPTS)
+ ${Q}$(host-cc) ${OBJECTS} -o $@ $(LDOPTS)
@${ECHO_BLANK_LINE}
@echo "Built $@ successfully"
@${ECHO_BLANK_LINE}
%.o: %.c Makefile
@echo " HOSTCC $<"
- ${Q}${HOSTCC} -c ${CPPFLAGS} ${HOSTCCFLAGS} ${INCLUDE_PATHS} -MD -MP $< -o $@
+ ${Q}$(host-cc) -c ${CPPFLAGS} ${HOSTCCFLAGS} ${INCLUDE_PATHS} -MD -MP $< -o $@
-include $(DEPS)
diff --git a/tools/fiptool/plat_fiptool/st/stm32mp1/plat_fiptool.mk b/tools/fiptool/plat_fiptool/st/stm32mp1/plat_fiptool.mk
index 1ba47c1..0d69dbd 100644
--- a/tools/fiptool/plat_fiptool/st/stm32mp1/plat_fiptool.mk
+++ b/tools/fiptool/plat_fiptool/st/stm32mp1/plat_fiptool.mk
@@ -17,7 +17,7 @@
HOSTCCFLAGS += -DPLAT_DEF_FIP_UUID
${PLAT_DEF_UUID_FILE_NAME}.o: plat_fiptool/st/stm32mp1/${PLAT_DEF_UUID_FILE_NAME}.c
- ${HOSTCC} -c ${CPPFLAGS} ${HOSTCCFLAGS} ${INCLUDE_PATHS} $< -o $@
+ $(host-cc) -c ${CPPFLAGS} ${HOSTCCFLAGS} ${INCLUDE_PATHS} $< -o $@
PLAT_OBJECTS += ${PLAT_DEF_UUID_FILE_NAME}.o
endif
diff --git a/tools/marvell/doimage/Makefile b/tools/marvell/doimage/Makefile
index 9f0d89d..6e59aa2 100644
--- a/tools/marvell/doimage/Makefile
+++ b/tools/marvell/doimage/Makefile
@@ -4,6 +4,10 @@
# SPDX-License-Identifier: BSD-3-Clause
# https://spdx.org/licenses
+toolchains := host
+
+include ../../../make_helpers/toolchain.mk
+
PROJECT = doimage
OBJECTS = doimage.o
@@ -25,7 +29,6 @@
# could get pulled in from firmware tree.
INCLUDE_PATHS = -I.
-HOSTCC ?= gcc
RM := rm -rf
.PHONY: all clean
@@ -34,14 +37,14 @@
${PROJECT}: ${OBJECTS} Makefile
@echo " HOSTLD $@"
- ${Q}${HOSTCC} ${OBJECTS} ${DOIMAGE_LD_FLAGS} -o $@
+ ${Q}$(host-cc) ${OBJECTS} ${DOIMAGE_LD_FLAGS} -o $@
@echo
@echo "Built $@ successfully"
@echo
%.o: %.c Makefile
@echo " HOSTCC $<"
- ${Q}${HOSTCC} -c ${HOSTCCFLAGS} ${INCLUDE_PATHS} $< -o $@
+ ${Q}$(host-cc) -c ${HOSTCCFLAGS} ${INCLUDE_PATHS} $< -o $@
clean:
${Q}${RM} ${PROJECT}
diff --git a/tools/marvell/doimage/doimage.c b/tools/marvell/doimage/doimage.c
index 513f33f..1f0985c 100644
--- a/tools/marvell/doimage/doimage.c
+++ b/tools/marvell/doimage/doimage.c
@@ -18,6 +18,7 @@
#include <libconfig.h> /* for parsing config file */
/* mbedTLS stuff */
+#include <mbedtls/version.h>
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_SHA256_C) && \
defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO) && \
@@ -28,7 +29,6 @@
#include <mbedtls/md.h>
#include <mbedtls/pk.h>
#include <mbedtls/sha256.h>
-#include <mbedtls/version.h>
#include <mbedtls/x509.h>
#else
#error "Bad mbedTLS configuration!"
diff --git a/tools/nxp/create_pbl/Makefile b/tools/nxp/create_pbl/Makefile
index f971a74..b6b3b04 100644
--- a/tools/nxp/create_pbl/Makefile
+++ b/tools/nxp/create_pbl/Makefile
@@ -4,9 +4,12 @@
# SPDX-License-Identifier: BSD-3-Clause
#
+toolchains := host
+
MAKE_HELPERS_DIRECTORY := ../../../make_helpers/
include ${MAKE_HELPERS_DIRECTORY}build_macros.mk
include ${MAKE_HELPERS_DIRECTORY}build_env.mk
+include ${MAKE_HELPERS_DIRECTORY}toolchain.mk
PROJECT_1 := create_pbl${BIN_EXT}
OBJECTS_1 := create_pbl.o
@@ -31,30 +34,27 @@
INCLUDE_PATHS :=
-HOSTCC ?= gcc
-CC = gcc
-
.PHONY: all clean distclean
all: create_pbl byte_swap
${PROJECT_1}: ${OBJECTS_1} Makefile
@echo " LD $@"
- ${Q}${HOSTCC} ${OBJECTS_1} -o $@ ${LDLIBS}
+ ${Q}$(host-cc) ${OBJECTS_1} -o $@ ${LDLIBS}
@${ECHO_BLANK_LINE}
@echo "Built $@ successfully"
@${ECHO_BLANK_LINE}
${PROJECT_2}: ${OBJECTS_2} Makefile
@echo " LD $@"
- ${Q}${HOSTCC} ${OBJECTS_2} -o $@ ${LDLIBS}
+ ${Q}$(host-cc) ${OBJECTS_2} -o $@ ${LDLIBS}
@${ECHO_BLANK_LINE}
@echo "Built $@ successfully"
@${ECHO_BLANK_LINE}
%.o: %.c %.h Makefile
@echo " CC $<"
- ${Q}${HOSTCC} -c ${CPPFLAGS} ${CFLAGS} ${INCLUDE_PATHS} $< -o $@
+ ${Q}$(host-cc) -c ${CPPFLAGS} ${CFLAGS} ${INCLUDE_PATHS} $< -o $@
clean:
$(call SHELL_DELETE_ALL, ${PROJECT_1} ${OBJECTS_1})
diff --git a/tools/renesas/rcar_layout_create/makefile b/tools/renesas/rcar_layout_create/makefile
index d585754..baa6e7e 100644
--- a/tools/renesas/rcar_layout_create/makefile
+++ b/tools/renesas/rcar_layout_create/makefile
@@ -4,6 +4,10 @@
# SPDX-License-Identifier: BSD-3-Clause
#
+toolchains := aarch64
+
+include ../../../make_helpers/toolchain.mk
+
###################################################
# makefile
###################################################
@@ -67,16 +71,9 @@
###################################################
#c compiler
-CC = $(CROSS_COMPILE)gcc
CFLAGS += ${DEFINES}
CFLAGS += -I../../include/lib/stdlib
-#Linker
-LD = $(CROSS_COMPILE)ld
-
-#objcopy
-objcopy = $(CROSS_COMPILE)objcopy
-
#clean
CL = rm -f
@@ -92,29 +89,29 @@
# Linker
###################################################
$(OUTPUT_FILE_SA0) : $(MEMORY_DEF_SA0) $(OBJ_FILE_SA0)
- $(LD) $(OBJ_FILE_SA0) \
+ $(aarch64-ld) $(OBJ_FILE_SA0) \
-T $(MEMORY_DEF_SA0) \
-o $(OUTPUT_FILE_SA0) \
-Map $(FILE_NAME_SA0).map \
- $(objcopy) -O srec --adjust-vma=$(RCAR_VMA_ADJUST_ADDR) --srec-forceS3 $(OUTPUT_FILE_SA0) $(FILE_NAME_SA0).srec
- $(objcopy) -O binary --adjust-vma=$(RCAR_VMA_ADJUST_ADDR) --srec-forceS3 $(OUTPUT_FILE_SA0) $(FILE_NAME_SA0).bin
+ $(aarch64-oc) -O srec --adjust-vma=$(RCAR_VMA_ADJUST_ADDR) --srec-forceS3 $(OUTPUT_FILE_SA0) $(FILE_NAME_SA0).srec
+ $(aarch64-oc) -O binary --adjust-vma=$(RCAR_VMA_ADJUST_ADDR) --srec-forceS3 $(OUTPUT_FILE_SA0) $(FILE_NAME_SA0).bin
$(OUTPUT_FILE_SA6) : $(MEMORY_DEF_SA6) $(OBJ_FILE_SA6)
- $(LD) $(OBJ_FILE_SA6) \
+ $(aarch64-ld) $(OBJ_FILE_SA6) \
-T $(MEMORY_DEF_SA6) \
-o $(OUTPUT_FILE_SA6) \
-Map $(FILE_NAME_SA6).map \
- $(objcopy) -O srec --adjust-vma=$(RCAR_VMA_ADJUST_ADDR) --srec-forceS3 $(OUTPUT_FILE_SA6) $(FILE_NAME_SA6).srec
- $(objcopy) -O binary --adjust-vma=$(RCAR_VMA_ADJUST_ADDR) --srec-forceS3 $(OUTPUT_FILE_SA6) $(FILE_NAME_SA6).bin
+ $(aarch64-oc) -O srec --adjust-vma=$(RCAR_VMA_ADJUST_ADDR) --srec-forceS3 $(OUTPUT_FILE_SA6) $(FILE_NAME_SA6).srec
+ $(aarch64-oc) -O binary --adjust-vma=$(RCAR_VMA_ADJUST_ADDR) --srec-forceS3 $(OUTPUT_FILE_SA6) $(FILE_NAME_SA6).bin
###################################################
# Compile
###################################################
-%.o:../%.c
- $(CC) -c -I $< -o $@
+%.o: %.c
+ $(aarch64-cc) $(CPPFLAGS) $(CFLAGS) -c -o $@ $<
.PHONY: clean
clean:
diff --git a/tools/renesas/rzg_layout_create/makefile b/tools/renesas/rzg_layout_create/makefile
index 2d438b9..4cab5fb 100644
--- a/tools/renesas/rzg_layout_create/makefile
+++ b/tools/renesas/rzg_layout_create/makefile
@@ -4,6 +4,10 @@
# SPDX-License-Identifier: BSD-3-Clause
#
+toolchains := aarch64
+
+include ../../../make_helpers/toolchain.mk
+
###################################################
# makefile
###################################################
@@ -62,18 +66,11 @@
###################################################
#c compiler
-CC = $(CROSS_COMPILE)gcc
CFLAGS += ${DEFINES}
CFLAGS += -nostdinc \
-I../../../include/lib/libc \
-I../../../include/lib/libc/aarch64
-#Linker
-LD = $(CROSS_COMPILE)ld
-
-#objcopy
-objcopy = $(CROSS_COMPILE)objcopy
-
#clean
CL = rm -f
@@ -89,29 +86,29 @@
# Linker
###################################################
$(OUTPUT_FILE_SA0) : $(MEMORY_DEF_SA0) $(OBJ_FILE_SA0)
- $(LD) $(OBJ_FILE_SA0) \
+ $(aarch64-ld) $(OBJ_FILE_SA0) \
-T $(MEMORY_DEF_SA0) \
-o $(OUTPUT_FILE_SA0) \
-Map $(FILE_NAME_SA0).map \
- $(objcopy) -O srec --adjust-vma=$(RCAR_VMA_ADJUST_ADDR) --srec-forceS3 $(OUTPUT_FILE_SA0) $(FILE_NAME_SA0).srec
- $(objcopy) -O binary --adjust-vma=$(RCAR_VMA_ADJUST_ADDR) --srec-forceS3 $(OUTPUT_FILE_SA0) $(FILE_NAME_SA0).bin
+ $(aarch64-oc) -O srec --adjust-vma=$(RCAR_VMA_ADJUST_ADDR) --srec-forceS3 $(OUTPUT_FILE_SA0) $(FILE_NAME_SA0).srec
+ $(aarch64-oc) -O binary --adjust-vma=$(RCAR_VMA_ADJUST_ADDR) --srec-forceS3 $(OUTPUT_FILE_SA0) $(FILE_NAME_SA0).bin
$(OUTPUT_FILE_SA6) : $(MEMORY_DEF_SA6) $(OBJ_FILE_SA6)
- $(LD) $(OBJ_FILE_SA6) \
+ $(aarch64-ld) $(OBJ_FILE_SA6) \
-T $(MEMORY_DEF_SA6) \
-o $(OUTPUT_FILE_SA6) \
-Map $(FILE_NAME_SA6).map \
- $(objcopy) -O srec --adjust-vma=$(RCAR_VMA_ADJUST_ADDR) --srec-forceS3 $(OUTPUT_FILE_SA6) $(FILE_NAME_SA6).srec
- $(objcopy) -O binary --adjust-vma=$(RCAR_VMA_ADJUST_ADDR) --srec-forceS3 $(OUTPUT_FILE_SA6) $(FILE_NAME_SA6).bin
+ $(aarch64-oc) -O srec --adjust-vma=$(RCAR_VMA_ADJUST_ADDR) --srec-forceS3 $(OUTPUT_FILE_SA6) $(FILE_NAME_SA6).srec
+ $(aarch64-oc) -O binary --adjust-vma=$(RCAR_VMA_ADJUST_ADDR) --srec-forceS3 $(OUTPUT_FILE_SA6) $(FILE_NAME_SA6).bin
###################################################
# Compile
###################################################
-%.o:../%.c
- $(CC) -c -I $< -o $@
+%.o: %.c
+ $(aarch64-cc) $(CPPFLAGS) $(CFLAGS) -c -o $@ $<
.PHONY: clean
clean:
diff --git a/tools/sptool/Makefile b/tools/sptool/Makefile
index 1fa85fb..a913ce5 100644
--- a/tools/sptool/Makefile
+++ b/tools/sptool/Makefile
@@ -1,12 +1,15 @@
#
-# Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+# Copyright (c) 2018-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
+toolchains := host
+
MAKE_HELPERS_DIRECTORY := ../../make_helpers/
include ${MAKE_HELPERS_DIRECTORY}build_macros.mk
include ${MAKE_HELPERS_DIRECTORY}build_env.mk
+include ${MAKE_HELPERS_DIRECTORY}toolchain.mk
SPTOOL ?= sptool${BIN_EXT}
PROJECT := $(notdir ${SPTOOL})
@@ -29,22 +32,20 @@
INCLUDE_PATHS := -I../../include/tools_share
-HOSTCC ?= gcc
-
.PHONY: all clean distclean
all: ${PROJECT}
${PROJECT}: ${OBJECTS} Makefile
@echo " HOSTLD $@"
- ${Q}${HOSTCC} ${OBJECTS} -o $@ ${LDLIBS}
+ ${Q}$(host-cc) ${OBJECTS} -o $@ ${LDLIBS}
@${ECHO_BLANK_LINE}
@echo "Built $@ successfully"
@${ECHO_BLANK_LINE}
%.o: %.c Makefile
@echo " HOSTCC $<"
- ${Q}${HOSTCC} -c ${CPPFLAGS} ${HOSTCCFLAGS} ${INCLUDE_PATHS} $< -o $@
+ ${Q}$(host-cc) -c ${CPPFLAGS} ${HOSTCCFLAGS} ${INCLUDE_PATHS} $< -o $@
clean:
$(call SHELL_DELETE_ALL, ${PROJECT} ${OBJECTS})
diff --git a/tools/sptool/sp_mk_generator.py b/tools/sptool/sp_mk_generator.py
index 06fa520..1edb77d 100644
--- a/tools/sptool/sp_mk_generator.py
+++ b/tools/sptool/sp_mk_generator.py
@@ -137,7 +137,7 @@
with open(get_sp_manifest_full_path(sp_layout[sp], args), "r") as pm_f:
load_address_lines = [l for l in pm_f if 'load-address' in l]
- if len(load_address_lines) is not 1:
+ if len(load_address_lines) != 1:
return None
load_address_parsed = re.search("(0x[0-9a-f]+)", load_address_lines[0])
diff --git a/tools/stm32image/Makefile b/tools/stm32image/Makefile
index 9c9b7b5..c75e941 100644
--- a/tools/stm32image/Makefile
+++ b/tools/stm32image/Makefile
@@ -1,12 +1,15 @@
#
-# Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
+toolchains := host
+
MAKE_HELPERS_DIRECTORY := ../../make_helpers/
include ${MAKE_HELPERS_DIRECTORY}build_macros.mk
include ${MAKE_HELPERS_DIRECTORY}build_env.mk
+include ${MAKE_HELPERS_DIRECTORY}toolchain.mk
PROJECT := stm32image${BIN_EXT}
OBJECTS := stm32image.o
@@ -26,22 +29,20 @@
Q :=
endif
-HOSTCC := gcc
-
.PHONY: all clean distclean
all: ${PROJECT}
${PROJECT}: ${OBJECTS} Makefile
@echo " HOSTLD $@"
- ${Q}${HOSTCC} ${OBJECTS} -o $@
+ ${Q}$(host-cc) ${OBJECTS} -o $@
@${ECHO_BLANK_LINE}
@echo "Built $@ successfully"
@${ECHO_BLANK_LINE}
%.o: %.c Makefile
@echo " HOSTCC $<"
- ${Q}${HOSTCC} -c ${HOSTCCFLAGS} $< -o $@
+ ${Q}$(host-cc) -c ${HOSTCCFLAGS} $< -o $@
clean:
$(call SHELL_DELETE_ALL, ${PROJECT} ${OBJECTS})
