Merge "fix(romlib): prevent race condition on the build directory" into integration
diff --git a/common/bl_common.c b/common/bl_common.c
index 2a9f32f..2c452aa 100644
--- a/common/bl_common.c
+++ b/common/bl_common.c
@@ -150,8 +150,7 @@
* of trust.
*/
static int load_auth_image_recursive(unsigned int image_id,
- image_info_t *image_data,
- int is_parent_image)
+ image_info_t *image_data)
{
int rc;
unsigned int parent_id;
@@ -159,7 +158,7 @@
/* Use recursion to authenticate parent images */
rc = auth_mod_get_parent_id(image_id, &parent_id);
if (rc == 0) {
- rc = load_auth_image_recursive(parent_id, image_data, 1);
+ rc = load_auth_image_recursive(parent_id, image_data);
if (rc != 0) {
return rc;
}
@@ -193,7 +192,7 @@
{
#if TRUSTED_BOARD_BOOT
if (dyn_is_auth_disabled() == 0) {
- return load_auth_image_recursive(image_id, image_data, 0);
+ return load_auth_image_recursive(image_id, image_data);
}
#endif
diff --git a/docs/Makefile b/docs/Makefile
index 9fd7d76..68c0958 100644
--- a/docs/Makefile
+++ b/docs/Makefile
@@ -24,4 +24,5 @@
# Catch-all target: route all unknown targets to Sphinx using the new
# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS).
.DEFAULT: Makefile
+ $(if $(host-poetry),$(q)poetry -q install --with=docs)
$(q)$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
diff --git a/docs/components/rmm-el3-comms-spec.rst b/docs/components/rmm-el3-comms-spec.rst
index 03703bc..79e1d2c 100644
--- a/docs/components/rmm-el3-comms-spec.rst
+++ b/docs/components/rmm-el3-comms-spec.rst
@@ -52,7 +52,7 @@
- ``RES0``: Bit 31 of the version number is reserved 0 as to maintain
consistency with the versioning schemes used in other parts of RMM.
-This document specifies the 0.3 version of Boot Interface ABI and RMM-EL3
+This document specifies the 0.4 version of Boot Interface ABI and RMM-EL3
services specification and the 0.3 version of the Boot Manifest.
.. _rmm_el3_boot_interface:
@@ -259,6 +259,8 @@
0xC40001B1,``RMM_GTSI_UNDELEGATE``
0xC40001B2,``RMM_ATTEST_GET_REALM_KEY``
0xC40001B3,``RMM_ATTEST_GET_PLAT_TOKEN``
+ 0xC40001B4,``RMM_EL3_FEATURES``
+ 0xC40001B5,``RMM_EL3_TOKEN_SIGN``
RMM_RMI_REQ_COMPLETE command
============================
@@ -505,6 +507,170 @@
``E_RMM_UNK``,An unknown error occurred whilst processing the command
``E_RMM_OK``,No errors detected
+RMM_EL3_FEATURES command
+========================
+
+This command provides a mechanism to discover features and ABIs supported by the
+RMM-EL3 interface, for a given version. This command is helpful when there are
+platform specific optional RMM-EL3 interfaces and features exposed by vendor
+specific EL3 firmware, and a generic RMM that can modify its behavior based on
+discovery of EL3 features.
+
+The features can be discovered by specifying the feature register index that
+has fields defined to indicate presence or absence of features and other
+relevant information. The feature register index is specified in the
+``feat_reg_idx`` parameter. Each feature register is a 64 bit register.
+
+This command is available from v0.4 of the RMM-EL3 interface.
+
+The following is the register definition for feature register index 0 for
+v0.4 of the interface:
+
+RMM-EL3 Feature Resister 0
+--------------------------
+
+.. code-block:: none
+
+ 63 32 31 16 15 8 7 1 0
+ +-------+-------+-------+-------+-------+-------+-------+-------+
+ | | | | | | | | |
+ | | | | | | | | |
+ +-------+-------+-------+-------+-------+-------+-------+-------+
+ ^
+ |
+ RMMD_EL3_TOKEN_SIGN
+
+**Bit Fields:**
+
+- **Bit 0**: `RMMD_EL3_TOKEN_SIGN`
+ - When set to 1, the `RMMD_EL3_TOKEN_SIGN` feature is enabled.
+ - When cleared (0), the feature is disabled.
+- **Bits [1:63]**: Reserved (must be zero)
+
+FID
+---
+
+``0xC40001B4``
+
+
+Input values
+------------
+
+.. csv-table:: Input values for RMM_EL3_FEATURES
+ :header: "Name", "Register", "Field", "Type", "Description"
+ :widths: 1 1 1 1 5
+
+ fid,x0,[63:0],UInt64,Command FID
+ feat_reg_idx,x1,[63:0],UInt64, "Feature register index. For v0.4, a value of 0 is the only
+ acceptable value"
+
+
+Output values
+-------------
+
+.. csv-table:: Output values for RMM_EL3_FEATURES
+ :header: "Name", "Register", "Field", "Type", "Description"
+ :widths: 1 1 1 1 5
+
+ Result,x0,[63:0],Error Code,Command return status
+ feat_reg,x1,[63:0],Value,Value of the register as defined above
+
+Failure conditions
+------------------
+
+The table below shows all the possible error codes returned in ``Result`` upon
+a failure. The errors are ordered by condition check.
+
+.. csv-table:: Failure conditions for RMM_EL3_FEATURES
+ :header: "ID", "Condition"
+ :widths: 1 5
+
+ ``E_RMM_INVAL``,``feat_reg_idx`` is out of valid range
+ ``E_RMM_UNK``,"if the SMC is not present, if interface version is <0.4"
+ ``E_RMM_OK``,No errors detected
+
+RMM_EL3_TOKEN_SIGN command
+==========================
+
+This command is an optional command that can be discovered using the RMM_EL3_FEATURES command.
+This command is used to send requests related to realm attestation token signing requests to EL3.
+The command supports 3 opcodes:
+
+ - RMM_EL3_TOKEN_SIGN_PUSH_REQ_OP
+ - RMM_EL3_TOKEN_SIGN_PULL_RESP_OP
+ - RMM_EL3_TOKEN_SIGN_GET_RAK_PUB_OP
+
+The above opcodes can be used to send realm attestation token signing requests to EL3 and get their
+response, so that the realm attestation token can be constructed.
+
+This command is useful when the RMM may not have access to the private portion of the realm
+attestation key and needs signing services from EL3 or CCA HES, or other platform specific
+mechanisms to perform signing.
+
+The RMM-EL3 interface for this command is modeled as two separate queues, one for signing requests
+and one for retrieving the signed responses. It is possible that the queue in EL3 is full or EL3 is busy and
+unable to service the RMM requests, in which case the RMM is expected to retry the push operation
+for requests and pop operation for responses.
+
+FID
+---
+
+``0xC40001B5``
+
+Input values
+------------
+
+.. csv-table:: Input values for RMM_EL3_TOKEN_SIGN
+ :header: "Name", "Register", "Field", "Type", "Description"
+ :widths: 1 1 1 1 5
+
+ fid,x0,[63:0],UInt64,Command FID
+ opcode,x1,[63:0],UInt64,"
+ Opcode that is one of:
+
+ - RMM_EL3_TOKEN_SIGN_PUSH_REQ_OP: 0x1 -
+ Opcode to push a token signing request to EL3 using struct el3_token_sign_request as described above
+ - RMM_EL3_TOKEN_SIGN_PULL_RESP_OP: 0x2 -
+ Opcode to pull a token signing response from EL3 using struct el3_token_sign_response as described above
+ - RMM_EL3_TOKEN_SIGN_GET_RAK_PUB_OP: 0x3 -
+ Opcode to get the realm attestation public key
+
+ "
+ buf_pa,x2,[63:0],Address,"PA where the request structure is stored for the opcode RMM_EL3_TOKEN_SIGN_PUSH_REQ_OP, the response structure needs to be populated for the opcode RMM_EL3_TOKEN_SIGN_PULL_RESP_OP, or where the public key must be populated for the opcode RMM_EL3_TOKEN_SIGN_GET_RAK_PUB_OP. The PA must belong to the RMM-EL3 shared buffer"
+ buf_size,x3,[63:0],Size,Size in bytes of the input buffer in ``buf_pa``. ``buf_pa + buf_size`` must lie within the shared buffer
+ ecc_curve,x4,[63:0],Enum,Type of the elliptic curve to which the requested attestation key belongs to. See :ref:`ecc_curves`. This parameter is valid on for the opcode RMM_EL3_TOKEN_SIGN_GET_RAK_PUB_OP
+
+Output values
+-------------
+
+.. csv-table:: Output values for RMM_EL3_TOKEN_SIGN
+ :header: "Name", "Register", "Field", "Type", "Description"
+ :widths: 1 1 1 1 5
+
+ Result,x0,[63:0],Error Code,Command return status. Valid for all opcodes listed in input values
+ retval1,x1,[63:0],Value, "If opcode is RMM_EL3_TOKEN_SIGN_GET_RAK_PUB_OP, then returns length of
+ public key returned. Otherwise, reserved"
+
+
+Failure conditions
+------------------
+
+The table below shows all the possible error codes returned in ``Result`` upon
+a failure. The errors are ordered by condition check.
+
+.. csv-table:: Failure conditions for RMM_EL3_TOKEN_SIGN
+ :header: "ID", "Condition"
+ :widths: 1 5
+
+ ``E_RMM_INVAL``,"if opcode is invalid or buffer address and length passed to the EL3 are not in valid range
+ corresponding to the RMM-EL3 shared buffer, or if the curve used for opcode
+ RMM_EL3_TOKEN_SIGN_GET_RAK_PUB_OP is not the ECC P384 curve"
+ ``E_RMM_UNK``,"if the SMC is not present, if interface version is <0.4"
+ ``E_RMM_AGAIN``,"For opcode RMM_EL3_TOKEN_SIGN_PUSH_REQ_OP, if the request is not queued since
+ the EL3 queue is full, or if the response is not ready yet, for other opcodes"
+ ``E_RMM_OK``,No errors detected
+
+
RMM-EL3 world switch register save restore convention
_____________________________________________________
@@ -654,3 +820,55 @@
| flags | 40 | uint64_t | Additional flags (RES0) |
+-----------+--------+---------------+----------------------------------------+
+.. _el3_token_sign_request_struct:
+
+EL3 Token Sign Request structure
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This structure represents a realm attestation toekn signing request.
+
++-------------+--------+---------------+-----------------------------------------+
+| Name | Offset | Type | Description |
++=============+========+===============+=========================================+
+| sig_alg_id | 0 | uint32_t | Algorithm idenfier for the sign request.|
+| | | | - 0x0: ECC SECP384R1 (ECDSA) |
+| | | | - Other values reserved |
++-------------+--------+---------------+-----------------------------------------+
+| rec_granule | 8 | uint64_t | Identifier used by RMM to associate |
+| | | | a signing request to a realm. Must not |
+| | | | be interpreted or modified. |
++-------------+--------+---------------+-----------------------------------------+
+| req_ticket | 16 | uint64_t | Value used by RMM to associate request |
+| | | | and responses. Must not be interpreted |
+| | | | or modified. |
++-------------+--------+---------------+-----------------------------------------+
+| hash_alg_id | 24 | uint32_t | Hash algorithm for data in `hash_buf` |
+| | | | - 0x1: SHA2-384 |
+| | | | - All other values reserved. |
++-------------+--------+---------------+-----------------------------------------+
+| hash_buf | 32 | uint8_t[] | TBS (to-be-signed) Hash of length |
+| | | | defined by hash algorithm `hash_alg_id` |
++-------------+--------+---------------+-----------------------------------------+
+
+.. _el3_token_sign_response_struct:
+
+EL3 Token Sign Response structure
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This structure represents a realm attestation token signing response.
+
++---------------+--------+---------------+-----------------------------------------+
+| Name | Offset | Type | Description |
++===============+========+===============+=========================================+
+| rec_granule | 0 | uint64_t | Identifier used by RMM to associate |
+| | | | a signing request to a realm. Must not |
+| | | | be interpreted or modified. |
++---------------+--------+---------------+-----------------------------------------+
+| req_ticket | 8 | uint64_t | Value used by RMM to associate request |
+| | | | and responses. Must not be interpreted |
+| | | | or modified. |
++---------------+--------+---------------+-----------------------------------------+
+| sig_len | 16 | uint16_t | Length of the `signature_buf` field |
++---------------+--------+---------------+-----------------------------------------+
+| signature_buf | 18 | uint8_t[] | Signature |
++---------------+--------+---------------+-----------------------------------------+
diff --git a/docs/design_documents/measured_boot.rst b/docs/design_documents/measured_boot.rst
index 9dfe494..005903e 100644
--- a/docs/design_documents/measured_boot.rst
+++ b/docs/design_documents/measured_boot.rst
@@ -91,10 +91,10 @@
and the variable length crypto agile structure called TCG_PCR_EVENT2. Event
Log driver implemented in TF-A covers later part.
-#. RSE
+#. |RSE|
- It is one of physical backend to extend the measurements. Please refer this
- document :ref:`Runtime Security Engine (RSE)` for more details.
+ It is one of the physical backends to extend the measurements. Please refer
+ this document :ref:`Runtime Security Engine (RSE)` for more details.
Platform Interface
------------------
@@ -121,7 +121,7 @@
void bl2_plat_mboot_init(void);
Initialise all Measured Boot backends supported by the platform
- (e.g. Event Log buffer, RSE). As these functions do not return any value,
+ (e.g. Event Log buffer, |RSE|). As these functions do not return any value,
the platform should deal with error management, such as logging the error
somewhere, or panicking the system if this is considered a fatal error.
@@ -147,8 +147,9 @@
- If it is Event Log backend, then record the measurement in TCG Event Log
format.
- - If it is a secure crypto-processor (like RSE), then extend the designated
- PCR (or slot) with the given measurement.
+ - If it is a secure crypto-processor (like |RSE|), then extend the
+ designated PCR (or store it in secure on-chip memory) with the given
+ measurement.
- This function must return 0 on success, a signed integer error code
otherwise.
- On the Arm FVP port, this function measures the given image and then
@@ -223,7 +224,7 @@
- This function must return 0 on success, a signed integer error code
otherwise.
- In TC2 platform, this function is used to calculate the hash of the given
- key and forward this hash to RSE alongside the measurement of the image
+ key and forward this hash to |RSE| alongside the measurement of the image
which the key signs.
--------------
diff --git a/docs/design_documents/rse.rst b/docs/design_documents/rse.rst
index 57467f3..dd110ca 100644
--- a/docs/design_documents/rse.rst
+++ b/docs/design_documents/rse.rst
@@ -138,6 +138,11 @@
process can be requested from RSE. Furthermore, AP can request RSE to
increase a non-volatile counter. Please refer to the
``RSE key management`` [5]_ document for more details.
+- ``DICE Protection Environment``: Securely store the firmware measurements
+ which were computed during the boot process and the associated metadata. It is
+ also capable of representing the boot measurements in the form of a
+ certificate chain, which is queriable. Please refer to the
+ ``DICE Protection Environment (DPE)`` [8]_ document for more details.
Runtime service API
^^^^^^^^^^^^^^^^^^^
@@ -355,9 +360,7 @@
Build time config options
^^^^^^^^^^^^^^^^^^^^^^^^^
-- ``MEASURED_BOOT``: Enable measured boot. It depends on the platform
- implementation whether RSE or TPM (or both) backend based measured boot is
- enabled.
+- ``MEASURED_BOOT``: Enable measured boot.
- ``MBOOT_RSE_HASH_ALG``: Determine the hash algorithm to measure the images.
The default value is sha-256.
@@ -432,10 +435,6 @@
need to go through BL31. The RMM dispatcher module of the BL31 is responsible
for delivering the calls between the two parties.
-.. Note::
- Currently the connection between the RMM dispatcher and the PSA/RSE layer
- is not yet implemented. RMM dispatcher just returns hard coded data.
-
Delegated Attestation API
^^^^^^^^^^^^^^^^^^^^^^^^^
Defined here:
@@ -674,6 +673,63 @@
]
}
+RSE based DICE Protection Environment
+-------------------------------------
+
+The ``DICE Protection Environment (DPE)`` [8]_ service makes it possible to
+execute |DICE| commands within an isolated execution environment. It provides
+clients with an interface to send DICE commands, encoded as CBOR objects,
+that act on opaque context handles. The |DPE| service performs |DICE|
+derivations and certification on its internal contexts, without exposing the
+|DICE| secrets (private keys and CDIs) outside of the isolated execution
+environment.
+
+|DPE| API
+^^^^^^^^^
+
+Defined here:
+
+- ``include/lib/psa/dice_protection_environment.h``
+
+.. code-block:: c
+
+ dpe_error_t
+ dpe_derive_context(int context_handle,
+ uint32_t cert_id,
+ bool retain_parent_context,
+ bool allow_new_context_to_derive,
+ bool create_certificate,
+ const DiceInputValues *dice_inputs,
+ int32_t target_locality,
+ bool return_certificate,
+ bool allow_new_context_to_export,
+ bool export_cdi,
+ int *new_context_handle,
+ int *new_parent_context_handle,
+ uint8_t *new_certificate_buf,
+ size_t new_certificate_buf_size,
+ size_t *new_certificate_actual_size,
+ uint8_t *exported_cdi_buf,
+ size_t exported_cdi_buf_size,
+ size_t *exported_cdi_actual_size);
+
+Build time config options
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+- ``MEASURED_BOOT``: Enable measured boot.
+- ``DICE_PROTECTION_ENVIRONMENT``: Boolean flag to specify the measured boot
+ backend when |RSE| based ``MEASURED_BOOT`` is enabled. The default value is
+ ``0``. When set to ``1`` then measurements and additional metadata collected
+ during the measured boot process are sent to the |DPE| for storage and
+ processing.
+- ``DPE_ALG_ID``: Determine the hash algorithm to measure the images. The
+ default value is sha-256.
+
+Example certificate chain
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+``plat/arm/board/tc/tc_dpe.h``
+
RSE OTP Assets Management
-------------------------
@@ -728,13 +784,14 @@
References
----------
-.. [1] https://tf-m-user-guide.trustedfirmware.org/platform/arm/rse/readme.html
-.. [2] https://tf-m-user-guide.trustedfirmware.org/platform/arm/rse/rse_comms.html
-.. [3] https://git.trustedfirmware.org/TF-M/tf-m-extras.git/tree/partitions/measured_boot/measured_boot_integration_guide.rst
-.. [4] https://git.trustedfirmware.org/TF-M/tf-m-extras.git/tree/partitions/delegated_attestation/delegated_attest_integration_guide.rst
-.. [5] https://tf-m-user-guide.trustedfirmware.org/platform/arm/rse/rse_key_management.html
+.. [1] https://trustedfirmware-m.readthedocs.io/en/latest/platform/arm/rse/index.html
+.. [2] https://trustedfirmware-m.readthedocs.io/en/latest/platform/arm/rse/rse_comms.html
+.. [3] https://trustedfirmware-m.readthedocs.io/projects/tf-m-extras/en/latest/partitions/measured_boot_integration_guide.html
+.. [4] https://trustedfirmware-m.readthedocs.io/projects/tf-m-extras/en/latest/partitions/delegated_attestation/delegated_attest_integration_guide.html
+.. [5] https://trustedfirmware-m.readthedocs.io/en/latest/platform/arm/rse/rse_key_management.html
.. [6] https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Architect/DEN0063-PSA_Firmware_Framework-1.0.0-2.pdf?revision=2d1429fa-4b5b-461a-a60e-4ef3d8f7f4b4&hash=3BFD6F3E687F324672F18E5BE9F08EDC48087C93
.. [7] https://developer.arm.com/documentation/DEN0096/A_a/?lang=en
+.. [8] https://trustedfirmware-m.readthedocs.io/projects/tf-m-extras/en/latest/partitions/dice_protection_environment/dice_protection_environment.html
--------------
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 772447a..cd10cd6 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -1343,6 +1343,13 @@
Management Extension. This flag can take the values 0 to 2, to align with
the ``ENABLE_FEAT`` mechanism. Default value is 0.
+- ``RMMD_ENABLE_EL3_TOKEN_SIGN``: Numeric value to enable support for singing
+ realm attestation token signing requests in EL3. This flag can take the
+ values 0 and 1. The default value is ``0``. When set to ``1``, this option
+ enables additional RMMD SMCs to push and pop requests for signing to
+ EL3 along with platform hooks that must be implemented to service those
+ requests and responses.
+
- ``ENABLE_SME_FOR_NS``: Numeric value to enable Scalable Matrix Extension
(SME), SVE, and FPU/SIMD for the non-secure world only. These features share
registers so are enabled together. Using this option without
diff --git a/docs/getting_started/docs-build.rst b/docs/getting_started/docs-build.rst
index 50fff57..54e29dd 100644
--- a/docs/getting_started/docs-build.rst
+++ b/docs/getting_started/docs-build.rst
@@ -37,28 +37,11 @@
Building rendered documentation
-------------------------------
-To install Python dependencies using Poetry:
+The documentation can be compiled into HTML-formatted pages from the project
+root directory by running:
.. code:: shell
- poetry install
-
-Poetry will create a new virtual environment and install all dependencies listed
-in ``pyproject.toml``. You can get information about this environment, such as
-its location and the Python version, with the command:
-
-.. code:: shell
-
- poetry env info
-
-If you have already sourced a virtual environment, Poetry will respect this and
-install dependencies there.
-
-Once all dependencies are installed, the documentation can be compiled into
-HTML-formatted pages from the project root directory by running:
-
-.. code:: shell
-
poetry run make doc
Output from the build process will be placed in: ``docs/build/html``.
@@ -129,7 +112,7 @@
bash -c 'cd /tf-a &&
apt-get update && apt-get install -y curl plantuml &&
curl -sSL https://install.python-poetry.org | python3 - &&
- ~/.local/bin/poetry install && ~/.local/bin/poetry run make doc'
+ ~/.local/bin/poetry run make doc'
The above command fetches the ``sphinxdoc/sphinx`` container from `docker
hub`_, launches the container, installs documentation requirements and finally
@@ -138,7 +121,7 @@
--------------
-*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
+*Copyright (c) 2019-2024, Arm Limited. All rights reserved.*
.. _Sphinx: http://www.sphinx-doc.org/en/master/
.. _Poetry: https://python-poetry.org/docs/
diff --git a/docs/global_substitutions.txt b/docs/global_substitutions.txt
index 80012e7..23a91cd 100644
--- a/docs/global_substitutions.txt
+++ b/docs/global_substitutions.txt
@@ -8,6 +8,8 @@
.. |COT| replace:: :term:`COT`
.. |CSS| replace:: :term:`CSS`
.. |CVE| replace:: :term:`CVE`
+.. |DICE| replace:: :term:`DICE`
+.. |DPE| replace:: :term:`DPE`
.. |DTB| replace:: :term:`DTB`
.. |DS-5| replace:: :term:`DS-5`
.. |DSU| replace:: :term:`DSU`
@@ -21,6 +23,7 @@
.. |FVP| replace:: :term:`FVP`
.. |FWU| replace:: :term:`FWU`
.. |GIC| replace:: :term:`GIC`
+.. |HES| replace:: :term:`HES`
.. |ISA| replace:: :term:`ISA`
.. |Linaro| replace:: :term:`Linaro`
.. |MMU| replace:: :term:`MMU`
@@ -31,12 +34,14 @@
.. |OEN| replace:: :term:`OEN`
.. |OP-TEE| replace:: :term:`OP-TEE`
.. |OTE| replace:: :term:`OTE`
+.. |PCR| replace:: :term:`PCR`
.. |PDD| replace:: :term:`PDD`
.. |PAUTH| replace:: :term:`PAUTH`
.. |PMF| replace:: :term:`PMF`
.. |PSCI| replace:: :term:`PSCI`
.. |RAS| replace:: :term:`RAS`
.. |ROT| replace:: :term:`ROT`
+.. |RSE| replace:: :term:`RSE`
.. |SCMI| replace:: :term:`SCMI`
.. |SCP| replace:: :term:`SCP`
.. |SDEI| replace:: :term:`SDEI`
@@ -55,6 +60,7 @@
.. |SVE| replace:: :term:`SVE`
.. |TBB| replace:: :term:`TBB`
.. |TBBR| replace:: :term:`TBBR`
+.. |TCB| replace:: :term:`TCB`
.. |TCG| replace:: :term:`TCG`
.. |TEE| replace:: :term:`TEE`
.. |TF-A| replace:: :term:`TF-A`
diff --git a/docs/glossary.rst b/docs/glossary.rst
index c02e938..f19897c 100644
--- a/docs/glossary.rst
+++ b/docs/glossary.rst
@@ -100,6 +100,9 @@
GIC
Generic Interrupt Controller
+ HES
+ Arm CCA Hardware Enforced Security
+
ISA
Instruction Set Architecture
@@ -136,6 +139,9 @@
OTE
Open-source Trusted Execution Environment
+ PCR
+ Platform Configuration Register
+
PDD
Platform Design Document
@@ -162,6 +168,9 @@
ROT
Root of Trust
+ RSE
+ Runtime Security Engine
+
SCMI
System Control and Management Interface
diff --git a/docs/porting-guide.rst b/docs/porting-guide.rst
index e672ad7..5cb20fd 100644
--- a/docs/porting-guide.rst
+++ b/docs/porting-guide.rst
@@ -2329,6 +2329,98 @@
When ENABLE_RME is disabled, this function is not used.
+Function : plat_rmmd_el3_token_sign_push_req() [mandatory when RMMD_ENABLE_EL3_TOKEN_SIGN == 1]
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+ Arguments : const struct el3_token_sign_request *req
+ Return : int
+
+Queue realm attestation token signing request from the RMM in EL3. The interface between
+the RMM and EL3 is modeled as a queue but the underlying implementation may be different,
+so long as the semantics of queuing and the error codes are used as defined below.
+
+See :ref:`el3_token_sign_request_struct` for definition of the request structure.
+
+Optional interface from the RMM-EL3 interface v0.4 onwards.
+
+The parameters of the functions are:
+ arg0: Pointer to the token sign request to be pushed to EL3.
+ The structure must be located in the RMM-EL3 shared
+ memory buffer and must be locked before use.
+
+Return codes:
+ - E_RMM_OK On Success.
+ - E_RMM_INVAL If the arguments are invalid.
+ - E_RMM_AGAIN Indicates that the request was not queued since the
+ queue in EL3 is full. This may also be returned for any reason
+ or situation in the system, that prevents accepting the request
+ from the RMM.
+ - E_RMM_UNK If the SMC is not implemented or if interface
+ version is < 0.4.
+
+Function : plat_rmmd_el3_token_sign_pull_resp() [mandatory when RMMD_ENABLE_EL3_TOKEN_SIGN == 1]
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+ Arguments : struct el3_token_sign_response *resp
+ Return : int
+
+Populate the attestation signing response in the ``resp`` parameter. The interface between
+the RMM and EL3 is modeled as a queue for responses but the underlying implementation may
+be different, so long as the semantics of queuing and the error codes are used as defined
+below.
+
+See :ref:`el3_token_sign_response_struct` for definition of the response structure.
+
+Optional interface from the RMM-EL3 interface v0.4 onwards.
+
+The parameters of the functions are:
+ resp: Pointer to the token sign response to get from EL3.
+ The structure must be located in the RMM-EL3 shared
+ memory buffer and must be locked before use.
+
+Return:
+ - E_RMM_OK On Success.
+ - E_RMM_INVAL If the arguments are invalid.
+ - E_RMM_AGAIN Indicates that a response is not ready yet.
+ - E_RMM_UNK If the SMC is not implemented or if interface
+ version is < 0.4.
+
+Function : plat_rmmd_el3_token_sign_get_rak_pub() [mandatory when RMMD_ENABLE_EL3_TOKEN_SIGN == 1]
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+ Argument : uintptr_t, size_t *, unsigned int
+ Return : int
+
+This function returns the public portion of the realm attestation key which will be used to
+sign Realm attestation token. Typically, with delegated attestation, the private key is
+returned, however, there may be platforms where the private key bits are better protected
+in a platform specific manner such that the private key is not exposed. In such cases,
+the RMM will only cache the public key and forward any requests such as signing, that
+uses the private key to EL3. The API currently only supports P-384 ECC curve key.
+
+This is an optional interface from the RMM-EL3 interface v0.4 onwards.
+
+The parameters of the function are:
+
+ arg0 - A pointer to the buffer where the public key should be copied
+ by this function. The buffer must be big enough to hold the
+ attestation key.
+
+ arg1 - Contains the size (in bytes) of the buffer passed in arg0. The
+ function returns the attestation key length in this parameter.
+
+ arg2 - The type of the elliptic curve to which the requested attestation key
+ belongs.
+
+The function returns E_RMM_OK on success, RMM_E_INVAL if arguments are invalid and
+E_RMM_UNK if the SMC is not implemented or if interface version is < 0.4.
+
Function : bl31_plat_enable_mmu [optional]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/docs/threat_model/firmware_threat_model/threat_model.rst b/docs/threat_model/firmware_threat_model/threat_model.rst
index f8e4f7d..ae0219e 100644
--- a/docs/threat_model/firmware_threat_model/threat_model.rst
+++ b/docs/threat_model/firmware_threat_model/threat_model.rst
@@ -892,29 +892,66 @@
.. topic:: Measured Boot Threats (or lack of)
- In the current Measured Boot design, BL1, BL2, and BL31, as well as the
- secure world components, form the |SRTM|. Measurement data is currently
- considered an asset to be protected against attack, and this is achieved
- by storing them in the Secure Memory.
- Beyond the measurements stored inside the TCG-compliant Event Log buffer,
- there are no other assets to protect or threats to defend against that
- could compromise |TF-A| execution environment's security.
+ In the current Measured Boot design the following components form the |TCB|:
+
+ - BL1, BL2, BL31
+ - Secure world components
+ - RMM (if RME extension is implemented)
+ - The configuration data of the above components
+
+ Across various Measured Boot backends, the data recorded during the flow as
+ well as the criticality of this data can vary. In most cases, these attributes
+ are considered valuable assets and are protected against potential attacks:
+
+ - Image measurement: the digest value of a component produced by a hash
+ function.
+ - Signer-id: the digest value of the image verification publiy key. The
+ verification public key is part of the image metadata.
+
+ In addition to these, other metadata attributes (image version, hash algorithm
+ identifier, etc) could be recorded during the Measured Boot process. But these
+ are not critical data.
+
+ In this context, an attack means modifying the measurement data (image or
+ public key hash) or recording arbitrary data as valid measurements.
+
+ The current Measured Boot design consists of two main parts. A frontend, which
+ is responsible for taking the measurements, and a backend which is responsible
+ for storing them. |TF-A| makes it possible to integrate various backends. Some
+ of these are implemented by the |TF-A| projects, while others are part of
+ different projects, and |TF-A| provides an integration layer.
+
+ - TCG-compliant Event Log: Implemented by |TF-A|. Measurements are stored in
+ the Event Log which is located on the secure on-chip memory of the AP. The
+ address of the Event Log buffer is handed off between boot stages and new
+ measurements are appended to the Event Log. A limitation of the current
+ Measured Boot implementation in |TF-A| is that it does not extend the
+ measurements into a |PCR| of a Discrete |TPM|, where measurements would
+ be securely stored and protected against tampering.
+ - `CCA Measured Boot`_: Implemented by |TF-M|. Measurements are stored in
+ |HES| secure on-chip memory. |HES| implements protection against tampering
+ its on-chip memory. |HES| interface is available for BL1 and BL2.
+ - `DICE Protection Environment`_ (DPE): Implemented by |TF-M|. Measurements
+ are stored in |RSE| secure on-chip memory. |RSE| implements protection
+ against tampering its on-chip memory. DPE provides additional protection
+ against unauthorized access by malicious actors through the use of one-time
+ context handles and the identification of the client's target locality
+ (location of the client).
+
+ Beyond the measurements (image digest and signer-id) there are no other assets
+ to protect or threats to defend against that could compromise |TF-A| execution
+ environment's security.
There are general security assets and threats associated with remote/delegated
attestation. However, these are outside the |TF-A| security boundary and
should be dealt with by the appropriate agent in the platform/system.
Since current Measured Boot design does not use local attestation, there would
- be no further assets to protect(like unsealed keys).
+ be no further assets to protect (like unsealed keys).
- A limitation of the current Measured Boot design is that it is dependent upon
- Secure Boot as implementation of Measured Boot does not extend measurements
- into a discrete |TPM|, where they would be securely stored and protected
- against tampering. This implies that if Secure-Boot is compromised, Measured
- Boot may also be compromised.
+ System integrators must carefully evaluate the security requirement and
+ capabilities of their platform and choose an appropriate Measured Boot
+ solution.
- Platforms must carefully evaluate the security of the default implementation
- since the |SRTM| includes all secure world components.
-
.. _Runtime Firmware Threats:
@@ -1169,3 +1206,5 @@
.. _Trusted Firmware-A Tests: https://git.trustedfirmware.org/TF-A/tf-a-tests.git/about/
.. _OP-TEE Dispatcher: https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/components/spd/optee-dispatcher.rst
.. _PSR Specification: https://developer.arm.com/documentation/den0106/0100
+.. _CCA Measured Boot: https://trustedfirmware-m.readthedocs.io/projects/tf-m-extras/en/latest/partitions/measured_boot_integration_guide.html
+.. _DICE Protection Environment: https://trustedfirmware-m.readthedocs.io/projects/tf-m-extras/en/latest/partitions/dice_protection_environment/dice_protection_environment.html
diff --git a/drivers/st/ddr/phy/phyinit/src/ddrphy_phyinit_c_initphyconfig.c b/drivers/st/ddr/phy/phyinit/src/ddrphy_phyinit_c_initphyconfig.c
index a0712b5..e5c8258 100644
--- a/drivers/st/ddr/phy/phyinit/src/ddrphy_phyinit_c_initphyconfig.c
+++ b/drivers/st/ddr/phy/phyinit/src/ddrphy_phyinit_c_initphyconfig.c
@@ -761,17 +761,9 @@
{
uint16_t loopvector;
uint16_t pllbypass_dat = 0U;
- uint16_t skipddc_dat = 0U; /*
- * Set to vector offset based on frequency to disable dram
- * drift compensation.
- */
pllbypass_dat |= (uint16_t)config->uib.pllbypass;
- if (config->uib.frequency < 333U) {
- skipddc_dat |= 0x5U;
- }
-
for (loopvector = 0U; loopvector < 8U; loopvector++) {
uint16_t dfifreqxlat_dat;
uintptr_t reg = (uintptr_t)(DDRPHYC_BASE + (4U * (C0 | TMASTER |
@@ -799,6 +791,15 @@
}
#else /* STM32MP_LPDDR4_TYPE */
if (loopvector == 0U) {
+ uint16_t skipddc_dat = 0U; /*
+ * Set to vector offset based on frequency
+ * to disable dram drift compensation.
+ */
+
+ if (config->uib.frequency < 333U) {
+ skipddc_dat |= 0x5U;
+ }
+
/*
* Retrain & Relock DfiFreq = 00,01,02,03) Use StartVec 0 (pll_enabled) or
* StartVec 1 (pll_bypassed).
diff --git a/lib/el3_runtime/aarch64/context_mgmt.c b/lib/el3_runtime/aarch64/context_mgmt.c
index d2222fa..8aa2ccc 100644
--- a/lib/el3_runtime/aarch64/context_mgmt.c
+++ b/lib/el3_runtime/aarch64/context_mgmt.c
@@ -183,6 +183,13 @@
scr_el3 |= SCR_EnSCXT_BIT;
}
+ if (is_feat_sctlr2_supported()) {
+ /* Set the SCTLR2En bit in SCR_EL3 to enable access to
+ * SCTLR2_ELx registers.
+ */
+ scr_el3 |= SCR_SCTLR2En_BIT;
+ }
+
write_ctx_reg(state, CTX_SCR_EL3, scr_el3);
}
#endif /* ENABLE_RME */
diff --git a/lib/romlib/Makefile b/lib/romlib/Makefile
index 523e324..367487a 100644
--- a/lib/romlib/Makefile
+++ b/lib/romlib/Makefile
@@ -73,7 +73,7 @@
$(s)echo " PRE $@"
$(q)$(ROMLIB_GEN) pre --output $@ --deps $(BUILD_DIR)/jmptbl.d $<
-$(WRAPPER_SOURCES) &: $(BUILD_DIR)/jmptbl.i | $$(@D)/
+$(WRAPPER_SOURCES) $&: $(BUILD_DIR)/jmptbl.i | $$(@D)/
$(s)echo " WRP $<"
$(q)$(ROMLIB_GEN) genwrappers --bti=$(ENABLE_BTI) -b $(WRAPPER_DIR) $<
diff --git a/make_helpers/utilities.mk b/make_helpers/utilities.mk
index efa0ab9..fcccd24 100644
--- a/make_helpers/utilities.mk
+++ b/make_helpers/utilities.mk
@@ -22,6 +22,13 @@
escape-shell = '$(subst ','\'',$(1))'
#
+# The grouped-target symbol. Grouped targets are not supported on versions of
+# GNU Make <= 4.2, which was most recently packaged with Ubuntu 20.04.
+#
+
+& := $(if $(filter grouped-target,$(.FEATURES)),&)
+
+#
# Upper-case a string value.
#
# Parameters:
diff --git a/plat/amd/versal2/aarch64/common.c b/plat/amd/versal2/aarch64/common.c
index 5fce01e..0e46edc 100644
--- a/plat/amd/versal2/aarch64/common.c
+++ b/plat/amd/versal2/aarch64/common.c
@@ -72,11 +72,11 @@
void board_detection(void)
{
- uint32_t version;
+ uint32_t version_type;
- version = mmio_read_32(PMC_TAP_VERSION);
- platform_id = FIELD_GET(PLATFORM_MASK, version);
- platform_version = FIELD_GET(PLATFORM_VERSION_MASK, version);
+ version_type = mmio_read_32(PMC_TAP_VERSION);
+ platform_id = FIELD_GET(PLATFORM_MASK, version_type);
+ platform_version = FIELD_GET(PLATFORM_VERSION_MASK, version_type);
if (platform_id == QEMU_COSIM) {
platform_id = QEMU;
diff --git a/plat/amd/versal2/bl31_setup.c b/plat/amd/versal2/bl31_setup.c
index 64c356a..47d4c2c 100644
--- a/plat/amd/versal2/bl31_setup.c
+++ b/plat/amd/versal2/bl31_setup.c
@@ -172,7 +172,7 @@
uint32_t i;
/* Validate 'handler' and 'id' parameters */
- if (handler == NULL || index >= MAX_INTR_EL3) {
+ if ((handler == NULL) || (index >= MAX_INTR_EL3)) {
return -EINVAL;
}
diff --git a/plat/amd/versal2/include/scmi.h b/plat/amd/versal2/include/scmi.h
index 0ab8b34..761535b 100644
--- a/plat/amd/versal2/include/scmi.h
+++ b/plat/amd/versal2/include/scmi.h
@@ -14,6 +14,14 @@
void init_scmi_server(void);
+size_t plat_scmi_pd_count(unsigned int agent_id);
+const char *plat_scmi_pd_get_name(unsigned int agent_id, unsigned int pd_id);
+unsigned int plat_scmi_pd_statistics(unsigned int agent_id, unsigned long *pd_id);
+unsigned int plat_scmi_pd_get_attributes(unsigned int agent_id, unsigned int pd_id);
+unsigned int plat_scmi_pd_get_state(unsigned int agent_id, unsigned int pd_id);
+int32_t plat_scmi_pd_set_state(unsigned int agent_id, unsigned int flags, unsigned int pd_id,
+ unsigned int state);
+
#define SCMI_VENDOR "AMD"
#define SCMI_PRODUCT "Versal Gen 2"
diff --git a/plat/amd/versal2/plat_psci.c b/plat/amd/versal2/plat_psci.c
index a55042d..eab032d 100644
--- a/plat/amd/versal2/plat_psci.c
+++ b/plat/amd/versal2/plat_psci.c
@@ -21,6 +21,7 @@
#define PM_RET_ERROR_NOFEATURE U(19)
#define ALWAYSTRUE true
+#define LINEAR_MODE BIT(1)
static uintptr_t _sec_entry;
@@ -166,7 +167,12 @@
switch (ioctl_id) {
case IOCTL_OSPI_MUX_SELECT:
- mmio_write_32(SLCR_OSPI_QSPI_IOU_AXI_MUX_SEL, arg1);
+ if ((arg1 == 0) || (arg1 == 1)) {
+ mmio_clrsetbits_32(SLCR_OSPI_QSPI_IOU_AXI_MUX_SEL, LINEAR_MODE,
+ (arg1 ? LINEAR_MODE : 0));
+ } else {
+ ret = PM_RET_ERROR_ARGS;
+ }
break;
case IOCTL_UFS_TXRX_CFGRDY_GET:
ret = (int32_t) mmio_read_32(PMXC_IOU_SLCR_TX_RX_CONFIG_RDY);
@@ -216,11 +222,11 @@
}
case PM_GET_CHIPID:
{
- uint32_t idcode, version;
+ uint32_t idcode, version_type;
idcode = mmio_read_32(PMC_TAP);
- version = mmio_read_32(PMC_TAP_VERSION);
- SMC_RET2(handle, ((uint64_t)idcode << 32), version);
+ version_type = mmio_read_32(PMC_TAP_VERSION);
+ SMC_RET2(handle, ((uint64_t)idcode << 32), version_type);
}
default:
WARN("Unimplemented PM Service Call: 0x%x\n", smc_fid);
diff --git a/plat/amd/versal2/scmi.c b/plat/amd/versal2/scmi.c
index 59aff08..6375df3 100644
--- a/plat/amd/versal2/scmi.c
+++ b/plat/amd/versal2/scmi.c
@@ -269,7 +269,7 @@
const char *plat_scmi_clock_get_name(unsigned int agent_id, unsigned int scmi_id)
{
- struct scmi_clk *clock = clk_find(agent_id, scmi_id);
+ const struct scmi_clk *clock = clk_find(agent_id, scmi_id);
const char *ret;
if (clock == NULL) {
@@ -287,7 +287,7 @@
unsigned long *array, size_t *nb_elts,
uint32_t start_idx)
{
- struct scmi_clk *clock = clk_find(agent_id, scmi_id);
+ const struct scmi_clk *clock = clk_find(agent_id, scmi_id);
if (clock == NULL) {
return SCMI_NOT_FOUND;
@@ -312,7 +312,7 @@
unsigned long plat_scmi_clock_get_rate(unsigned int agent_id, unsigned int scmi_id)
{
- struct scmi_clk *clock = clk_find(agent_id, scmi_id);
+ const struct scmi_clk *clock = clk_find(agent_id, scmi_id);
unsigned long ret;
if ((clock == NULL)) {
@@ -341,7 +341,7 @@
int32_t plat_scmi_clock_get_state(unsigned int agent_id, unsigned int scmi_id)
{
- struct scmi_clk *clock = clk_find(agent_id, scmi_id);
+ const struct scmi_clk *clock = clk_find(agent_id, scmi_id);
int32_t ret;
if ((clock == NULL)) {
@@ -647,7 +647,7 @@
for (i = 0U; i < ARRAY_SIZE(scmi0_clock); i++) {
/* Keep i2c on 100MHz to calculate rates properly */
- if (i >= CLK_I2C0_0 && i <= CLK_I2C7_0)
+ if ((i >= CLK_I2C0_0) && (i <= CLK_I2C7_0))
continue;
/* Keep UFS clocks to default values to get the expected rates */
diff --git a/plat/arm/board/fvp/fvp_pm.c b/plat/arm/board/fvp/fvp_pm.c
index b3d503e..80dfd2a 100644
--- a/plat/arm/board/fvp/fvp_pm.c
+++ b/plat/arm/board/fvp/fvp_pm.c
@@ -323,13 +323,13 @@
unsigned int power_level)
{
unsigned int psysr;
- int ret;
+ int ret = 0;
/*
* The format of 'power_level' is implementation-defined, but 0 must
* mean a CPU. We also allow 1 to denote the cluster
*/
- if ((power_level != ARM_PWR_LVL0) && (power_level != ARM_PWR_LVL1))
+ if ((power_level < ARM_PWR_LVL0) || (power_level > ARM_PWR_LVL1))
return PSCI_E_INVALID_PARAMS;
/*
@@ -343,9 +343,14 @@
if (power_level == ARM_PWR_LVL0) {
ret = ((psysr & PSYSR_AFF_L0) != 0U) ? HW_ON : HW_OFF;
- } else {
- /* power_level == ARM_PWR_LVL1 */
- ret = ((psysr & PSYSR_AFF_L1) != 0U) ? HW_ON : HW_OFF;
+ } else if (power_level == ARM_PWR_LVL1) {
+ /*
+ * Use L1 affinity if MPIDR_EL1.MT bit is not set else use L2 affinity.
+ */
+ if ((read_mpidr_el1() & MPIDR_MT_MASK) == 0U)
+ ret = ((psysr & PSYSR_AFF_L1) != 0U) ? HW_ON : HW_OFF;
+ else
+ ret = ((psysr & PSYSR_AFF_L2) != 0U) ? HW_ON : HW_OFF;
}
return ret;
diff --git a/plat/arm/board/tc/platform.mk b/plat/arm/board/tc/platform.mk
index 3ef25de..9cd3011 100644
--- a/plat/arm/board/tc/platform.mk
+++ b/plat/arm/board/tc/platform.mk
@@ -61,6 +61,10 @@
endif
ifneq ($(shell expr $(TARGET_PLATFORM) \<= 1), 0)
+ $(error Platform ${PLAT}$(TARGET_PLATFORM) is no longer available.)
+endif
+
+ifneq ($(shell expr $(TARGET_PLATFORM) = 2), 0)
$(warning Platform ${PLAT}$(TARGET_PLATFORM) is deprecated. \
Some of the features might not work as expected)
endif
diff --git a/plat/mediatek/drivers/rng/mt8188/rng_plat.c b/plat/mediatek/drivers/rng/mt8188/rng_plat.c
new file mode 100644
index 0000000..361be22
--- /dev/null
+++ b/plat/mediatek/drivers/rng/mt8188/rng_plat.c
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2024, MediaTek Inc. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <stdbool.h>
+#include <stdint.h>
+
+#include <common/debug.h>
+#include <drivers/delay_timer.h>
+#include <lib/mmio.h>
+#include <lib/smccc.h>
+#include <plat/common/platform.h>
+#include <platform_def.h>
+#include <services/trng_svc.h>
+#include <smccc_helpers.h>
+
+#include "rng_plat.h"
+
+static void trng_external_swrst(void)
+{
+ /* External swrst to reset whole rng module */
+ mmio_setbits_32(TRNG_SWRST_SET_REG, RNG_SWRST_B);
+ mmio_setbits_32(TRNG_SWRST_CLR_REG, RNG_SWRST_B);
+
+ /* Disable irq */
+ mmio_clrbits_32(RNG_IRQ_CFG, IRQ_EN);
+ /* Set default cutoff value */
+ mmio_write_32(RNG_HTEST, RNG_DEFAULT_CUTOFF);
+ /* Enable rng */
+ mmio_setbits_32(RNG_EN, DRBG_EN | NRBG_EN);
+}
+
+static bool get_entropy_32(uint32_t *out)
+{
+ uint64_t time = timeout_init_us(MTK_TIMEOUT_POLL);
+ int retry_times = 0;
+
+ while (!(mmio_read_32(RNG_STATUS) & DRBG_VALID)) {
+ if (mmio_read_32(RNG_STATUS) & (RNG_ERROR | APB_ERROR)) {
+ mmio_clrbits_32(RNG_EN, DRBG_EN | NRBG_EN);
+
+ mmio_clrbits_32(RNG_SWRST, SWRST_B);
+ mmio_setbits_32(RNG_SWRST, SWRST_B);
+
+ mmio_setbits_32(RNG_EN, DRBG_EN | NRBG_EN);
+ }
+
+ if (timeout_elapsed(time)) {
+ trng_external_swrst();
+ time = timeout_init_us(MTK_TIMEOUT_POLL);
+ retry_times++;
+ }
+
+ if (retry_times > MTK_RETRY_CNT) {
+ ERROR("%s: trng NOT ready\n", __func__);
+ return false;
+ }
+ }
+
+ *out = mmio_read_32(RNG_OUT);
+
+ return true;
+}
+
+/* Get random number from HWRNG and return 8 bytes of entropy.
+ * Return 'true' when random value generated successfully, otherwise return
+ * 'false'.
+ */
+bool plat_get_entropy(uint64_t *out)
+{
+ uint32_t seed[2] = { 0 };
+ int i = 0;
+
+ assert(out);
+ assert(!check_uptr_overflow((uintptr_t)out, sizeof(*out)));
+
+ /* Disable interrupt mode */
+ mmio_clrbits_32(RNG_IRQ_CFG, IRQ_EN);
+ /* Set rng health test cutoff value */
+ mmio_write_32(RNG_HTEST, RNG_DEFAULT_CUTOFF);
+ /* Enable rng module */
+ mmio_setbits_32(RNG_EN, DRBG_EN | NRBG_EN);
+
+ for (i = 0; i < ARRAY_SIZE(seed); i++) {
+ if (!get_entropy_32(&seed[i]))
+ return false;
+ }
+
+ /* Output 8 bytes entropy by combining 2 32-bit random numbers. */
+ *out = ((uint64_t)seed[0] << 32) | seed[1];
+
+ return true;
+}
diff --git a/plat/mediatek/drivers/rng/mt8188/rng_plat.h b/plat/mediatek/drivers/rng/mt8188/rng_plat.h
new file mode 100644
index 0000000..37ef271
--- /dev/null
+++ b/plat/mediatek/drivers/rng/mt8188/rng_plat.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2024, MediaTek Inc. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef RNG_PLAT_H
+#define RNG_PLAT_H
+
+#include <lib/utils_def.h>
+
+#define MTK_TIMEOUT_POLL 1000
+
+#define MTK_RETRY_CNT 10
+
+#define RNG_DEFAULT_CUTOFF 0x04871C0B
+
+/*******************************************************************************
+ * TRNG related constants
+ ******************************************************************************/
+#define RNG_STATUS (TRNG_BASE + 0x0004)
+#define RNG_SWRST (TRNG_BASE + 0x0010)
+#define RNG_IRQ_CFG (TRNG_BASE + 0x0014)
+#define RNG_EN (TRNG_BASE + 0x0020)
+#define RNG_HTEST (TRNG_BASE + 0x0028)
+#define RNG_OUT (TRNG_BASE + 0x0030)
+#define RNG_RAW (TRNG_BASE + 0x0038)
+#define RNG_SRC (TRNG_BASE + 0x0050)
+
+#define RAW_VALID BIT(12)
+#define DRBG_VALID BIT(4)
+#define RAW_EN BIT(8)
+#define NRBG_EN BIT(4)
+#define DRBG_EN BIT(0)
+#define IRQ_EN BIT(0)
+#define SWRST_B BIT(0)
+/* Error conditions */
+#define RNG_ERROR GENMASK_32(28, 24)
+#define APB_ERROR BIT(16)
+
+/* External swrst */
+#define TRNG_SWRST_SET_REG (INFRACFG_AO_BASE + 0x150)
+#define TRNG_SWRST_CLR_REG (INFRACFG_AO_BASE + 0x154)
+#define RNG_SWRST_B BIT(13)
+
+#endif /* RNG_PLAT_H */
diff --git a/plat/mediatek/mt8188/include/plat_helpers.h b/plat/mediatek/include/plat_helpers.h
similarity index 71%
rename from plat/mediatek/mt8188/include/plat_helpers.h
rename to plat/mediatek/include/plat_helpers.h
index eb78623..b86ed23 100644
--- a/plat/mediatek/mt8188/include/plat_helpers.h
+++ b/plat/mediatek/include/plat_helpers.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2024, Mediatek Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
diff --git a/plat/mediatek/mt8186/include/plat_helpers.h b/plat/mediatek/mt8186/include/plat_helpers.h
deleted file mode 100644
index ebc9fa0..0000000
--- a/plat/mediatek/mt8186/include/plat_helpers.h
+++ /dev/null
@@ -1,12 +0,0 @@
-/*
- * Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef __PLAT_HELPERS_H__
-#define __PLAT_HELPERS_H__
-
-unsigned int plat_mediatek_calc_core_pos(u_register_t mpidr);
-
-#endif /* __PLAT_HELPERS_H__ */
diff --git a/plat/mediatek/mt8188/include/platform_def.h b/plat/mediatek/mt8188/include/platform_def.h
index 8e0f5f9..dccb052 100644
--- a/plat/mediatek/mt8188/include/platform_def.h
+++ b/plat/mediatek/mt8188/include/platform_def.h
@@ -190,6 +190,11 @@
#define SUB_EMI_MPU_BASE (IO_PHYS + 0x00225000)
/*******************************************************************************
+ * TRNG related constants
+ ******************************************************************************/
+#define TRNG_BASE (IO_PHYS + 0x0020F000)
+
+/*******************************************************************************
* System counter frequency related constants
******************************************************************************/
#define SYS_COUNTER_FREQ_IN_HZ (13000000)
diff --git a/plat/mediatek/mt8188/plat_config.mk b/plat/mediatek/mt8188/plat_config.mk
index 2e3392f..82ef7e8 100644
--- a/plat/mediatek/mt8188/plat_config.mk
+++ b/plat/mediatek/mt8188/plat_config.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2022-2023, MediaTek Inc. All rights reserved.
+# Copyright (c) 2022-2024, MediaTek Inc. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -46,5 +46,8 @@
CPU_PM_TINYSYS_SUPPORT := y
MTK_PUBEVENT_ENABLE := y
+# True Random Number Generator firmware Interface
+TRNG_SUPPORT := 1
+
MACH_MT8188 := 1
$(eval $(call add_define,MACH_MT8188))
diff --git a/plat/mediatek/mt8188/platform.mk b/plat/mediatek/mt8188/platform.mk
index 5096e15..b776447 100644
--- a/plat/mediatek/mt8188/platform.mk
+++ b/plat/mediatek/mt8188/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2022-2023, MediaTek Inc. All rights reserved.
+# Copyright (c) 2022-2024, MediaTek Inc. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -39,6 +39,9 @@
MODULES-y += $(MTK_PLAT)/drivers/pmic
MODULES-y += $(MTK_PLAT)/drivers/pmic_wrap
MODULES-y += $(MTK_PLAT)/drivers/ptp3
+ifeq (${TRNG_SUPPORT},1)
+MODULES-y += $(MTK_PLAT)/drivers/rng
+endif
MODULES-y += $(MTK_PLAT)/drivers/rtc
MODULES-y += $(MTK_PLAT)/drivers/spm
MODULES-y += $(MTK_PLAT)/drivers/timer
diff --git a/plat/mediatek/mt8192/include/plat_helpers.h b/plat/mediatek/mt8192/include/plat_helpers.h
deleted file mode 100644
index 9b550ee..0000000
--- a/plat/mediatek/mt8192/include/plat_helpers.h
+++ /dev/null
@@ -1,12 +0,0 @@
-/*
- * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef __PLAT_HELPERS_H__
-#define __PLAT_HELPERS_H__
-
-unsigned int plat_mediatek_calc_core_pos(u_register_t mpidr);
-
-#endif /* __PLAT_HELPERS_H__ */
diff --git a/plat/mediatek/mt8195/include/plat_helpers.h b/plat/mediatek/mt8195/include/plat_helpers.h
deleted file mode 100644
index ebc9fa0..0000000
--- a/plat/mediatek/mt8195/include/plat_helpers.h
+++ /dev/null
@@ -1,12 +0,0 @@
-/*
- * Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef __PLAT_HELPERS_H__
-#define __PLAT_HELPERS_H__
-
-unsigned int plat_mediatek_calc_core_pos(u_register_t mpidr);
-
-#endif /* __PLAT_HELPERS_H__ */
diff --git a/plat/st/common/common_rules.mk b/plat/st/common/common_rules.mk
index fba7783..9070a16 100644
--- a/plat/st/common/common_rules.mk
+++ b/plat/st/common/common_rules.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2023, STMicroelectronics - All Rights Reserved
+# Copyright (c) 2023-2024, STMicroelectronics - All Rights Reserved
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -58,9 +58,9 @@
tf-a-%.elf: $(PLAT)-%.o ${STM32_TF_LINKERFILE}
$(s)echo " LDS $<"
ifeq ($($(ARCH)-ld-id),gnu-gcc)
- $(q)$($(ARCH)-ld) -o $@ $(subst --,-Wl$(comma)--,${STM32_TF_ELF_LDFLAGS}) -nostartfiles -Wl,-Map=$(@:.elf=.map) -Wl,-dT ${STM32_TF_LINKERFILE} $<
+ $(q)$($(ARCH)-ld) -o $@ $(subst --,-Wl$(comma)--,${STM32_TF_ELF_LDFLAGS}) -nostartfiles -no-pie -Wl,-Map=$(@:.elf=.map) -Wl,-dT ${STM32_TF_LINKERFILE} $<
else
- $(q)$($(ARCH)-ld) -o $@ ${STM32_TF_ELF_LDFLAGS} -Map=$(@:.elf=.map) --script ${STM32_TF_LINKERFILE} $<
+ $(q)$($(ARCH)-ld) -o $@ ${STM32_TF_ELF_LDFLAGS} -no-pie -Map=$(@:.elf=.map) --script ${STM32_TF_LINKERFILE} $<
endif
tf-a-%.bin: tf-a-%.elf
diff --git a/plat/st/stm32mp2/include/platform_def.h b/plat/st/stm32mp2/include/platform_def.h
index b98b56d..e720c02 100644
--- a/plat/st/stm32mp2/include/platform_def.h
+++ b/plat/st/stm32mp2/include/platform_def.h
@@ -33,7 +33,7 @@
#define PLATFORM_CORE_COUNT U(2)
#define PLATFORM_MAX_CPUS_PER_CLUSTER U(2)
-#define PLAT_MAX_PWR_LVL U(3)
+#define PLAT_MAX_PWR_LVL U(1)
#define PLAT_MIN_SUSPEND_PWR_LVL U(2)
#define PLAT_NUM_PWR_DOMAINS U(6)
diff --git a/plat/st/stm32mp2/plat_bl2_mem_params_desc.c b/plat/st/stm32mp2/plat_bl2_mem_params_desc.c
index 2513180..8ca582e 100644
--- a/plat/st/stm32mp2/plat_bl2_mem_params_desc.c
+++ b/plat/st/stm32mp2/plat_bl2_mem_params_desc.c
@@ -10,6 +10,12 @@
#include <platform_def.h>
+#if STM32MP_BL33_EL1
+#define BL33_MODE MODE_EL1
+#else
+#define BL33_MODE MODE_EL2
+#endif
+
/*******************************************************************************
* Following descriptor provides BL image/ep information that gets used
* by BL2 to load the images and also subset of this information is
@@ -138,7 +144,7 @@
VERSION_2, entry_point_info_t,
NON_SECURE | EXECUTABLE),
- .ep_info.spsr = SPSR_64(MODE_EL1, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS),
+ .ep_info.spsr = SPSR_64(BL33_MODE, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS),
SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
VERSION_2, image_info_t,
diff --git a/plat/st/stm32mp2/platform.mk b/plat/st/stm32mp2/platform.mk
index df1cacd..2a9b6fd 100644
--- a/plat/st/stm32mp2/platform.mk
+++ b/plat/st/stm32mp2/platform.mk
@@ -15,6 +15,15 @@
PROGRAMMABLE_RESET_ADDRESS := 1
BL2_IN_XIP_MEM := 1
+STM32MP_BL33_EL1 ?= 1
+ifeq ($(STM32MP_BL33_EL1),1)
+INIT_UNUSED_NS_EL2 := 1
+endif
+
+# Disable features unsupported in ARMv8.0
+ENABLE_SPE_FOR_NS := 0
+ENABLE_SVE_FOR_NS := 0
+
# Default Device tree
DTB_FILE_NAME ?= stm32mp257f-ev1.dtb
@@ -83,6 +92,7 @@
STM32MP_DDR4_TYPE \
STM32MP_LPDDR4_TYPE \
STM32MP25 \
+ STM32MP_BL33_EL1 \
)))
$(eval $(call assert_numerics,\
@@ -105,6 +115,7 @@
STM32MP_DDR4_TYPE \
STM32MP_LPDDR4_TYPE \
STM32MP25 \
+ STM32MP_BL33_EL1 \
)))
# STM32MP2x is based on Cortex-A35, which is Armv8.0, and does not support BTI
diff --git a/plat/ti/k3/common/drivers/ti_sci/ti_sci.c b/plat/ti/k3/common/drivers/ti_sci/ti_sci.c
index 8b77050..5c6ba6b 100644
--- a/plat/ti/k3/common/drivers/ti_sci/ti_sci.c
+++ b/plat/ti/k3/common/drivers/ti_sci/ti_sci.c
@@ -1740,3 +1740,41 @@
return 0;
}
+
+/**
+ * ti_sci_lpm_get_next_sys_mode() - Get next LPM system mode
+ *
+ * @next_mode: pointer to a variable that will store the next mode
+ *
+ * Return: 0 if all goes well, else appropriate error message
+ */
+int ti_sci_lpm_get_next_sys_mode(uint8_t *next_mode)
+{
+ struct ti_sci_msg_req_lpm_get_next_sys_mode req;
+ struct ti_sci_msg_resp_lpm_get_next_sys_mode resp;
+ struct ti_sci_xfer xfer;
+ int ret;
+
+ if (next_mode == NULL) {
+ return -EINVAL;
+ }
+
+ ret = ti_sci_setup_one_xfer(TI_SCI_MSG_LPM_GET_NEXT_SYS_MODE, 0,
+ &req, sizeof(req),
+ &resp, sizeof(resp),
+ &xfer);
+ if (ret != 0) {
+ ERROR("Message alloc failed (%d)\n", ret);
+ return ret;
+ }
+
+ ret = ti_sci_do_xfer(&xfer);
+ if (ret != 0) {
+ ERROR("Transfer send failed (%d)\n", ret);
+ return ret;
+ }
+
+ *next_mode = resp.mode;
+
+ return 0;
+}
diff --git a/plat/ti/k3/common/drivers/ti_sci/ti_sci.h b/plat/ti/k3/common/drivers/ti_sci/ti_sci.h
index acaca4d..06d1f8d 100644
--- a/plat/ti/k3/common/drivers/ti_sci/ti_sci.h
+++ b/plat/ti/k3/common/drivers/ti_sci/ti_sci.h
@@ -252,6 +252,11 @@
* @mode: Low power mode to enter.
* @core_resume_addr: Address that core should be resumed from
* after low power transition.
+ * - ti_sci_lpm_get_next_sys_mode - Get next LPM system mode
+ *
+ * @next_mode: pointer to a variable that will store the next mode
+ *
+ * Return: 0 if all goes well, else appropriate error message
*
* NOTE: for all these functions, the following are generic in nature:
* Returns 0 for successful request, else returns corresponding error message.
@@ -259,5 +264,6 @@
int ti_sci_enter_sleep(uint8_t proc_id,
uint8_t mode,
uint64_t core_resume_addr);
+int ti_sci_lpm_get_next_sys_mode(uint8_t *next_mode);
#endif /* TI_SCI_H */
diff --git a/plat/ti/k3/common/drivers/ti_sci/ti_sci_protocol.h b/plat/ti/k3/common/drivers/ti_sci/ti_sci_protocol.h
index 7f1c368..cc71eac 100644
--- a/plat/ti/k3/common/drivers/ti_sci/ti_sci_protocol.h
+++ b/plat/ti/k3/common/drivers/ti_sci/ti_sci_protocol.h
@@ -31,6 +31,7 @@
/* Low Power Mode Requests */
#define TI_SCI_MSG_ENTER_SLEEP 0x0301
+#define TI_SCI_MSG_LPM_GET_NEXT_SYS_MODE 0x030d
/* Clock requests */
#define TI_SCI_MSG_SET_CLOCK_STATE 0x0100
@@ -133,6 +134,7 @@
* MSG_FLAG_CAPS_LPM_MCU_ONLY: MCU only LPM
* MSG_FLAG_CAPS_LPM_STANDBY: Standby LPM
* MSG_FLAG_CAPS_LPM_PARTIAL_IO: Partial IO in LPM
+ * MSG_FLAG_CAPS_LPM_DM_MANAGED: LPM can be managed by DM
*
* Response to a generic message with message type TI_SCI_MSG_QUERY_FW_CAPS
* providing currently available SOC/firmware capabilities. SoC that don't
@@ -145,6 +147,7 @@
#define MSG_FLAG_CAPS_LPM_MCU_ONLY TI_SCI_MSG_FLAG(2)
#define MSG_FLAG_CAPS_LPM_STANDBY TI_SCI_MSG_FLAG(3)
#define MSG_FLAG_CAPS_LPM_PARTIAL_IO TI_SCI_MSG_FLAG(4)
+#define MSG_FLAG_CAPS_LPM_DM_MANAGED TI_SCI_MSG_FLAG(5)
uint64_t fw_caps;
} __packed;
@@ -764,10 +767,35 @@
*/
struct ti_sci_msg_req_enter_sleep {
struct ti_sci_msg_hdr hdr;
+#define MSG_VALUE_SLEEP_MODE_DEEP_SLEEP 0x0
uint8_t mode;
uint8_t processor_id;
uint32_t core_resume_lo;
uint32_t core_resume_hi;
} __packed;
+/**
+ * struct ti_sci_msg_req_lpm_get_next_sys_mode - Request for TI_SCI_MSG_LPM_GET_NEXT_SYS_MODE.
+ *
+ * @hdr Generic Header
+ *
+ * This message is used to enquire DM for selected system wide low power mode.
+ */
+struct ti_sci_msg_req_lpm_get_next_sys_mode {
+ struct ti_sci_msg_hdr hdr;
+} __packed;
+
+/**
+ * struct ti_sci_msg_resp_lpm_get_next_sys_mode - Response for TI_SCI_MSG_LPM_GET_NEXT_SYS_MODE.
+ *
+ * @hdr Generic Header
+ * @mode The selected system wide low power mode.
+ *
+ * Note: If the mode selection is not yet locked, this API returns "not selected" mode.
+ */
+struct ti_sci_msg_resp_lpm_get_next_sys_mode {
+ struct ti_sci_msg_hdr hdr;
+ uint8_t mode;
+} __packed;
+
#endif /* TI_SCI_PROTOCOL_H */
diff --git a/plat/ti/k3/common/k3_psci.c b/plat/ti/k3/common/k3_psci.c
index e8d73db..df49f48 100644
--- a/plat/ti/k3/common/k3_psci.c
+++ b/plat/ti/k3/common/k3_psci.c
@@ -234,7 +234,7 @@
return PSCI_E_SUCCESS;
}
-static void k3_pwr_domain_suspend(const psci_power_state_t *target_state)
+static void k3_pwr_domain_suspend_to_mode(const psci_power_state_t *target_state, uint8_t mode)
{
unsigned int core, proc_id;
@@ -247,7 +247,25 @@
k3_pwr_domain_off(target_state);
+ ti_sci_enter_sleep(proc_id, mode, k3_sec_entrypoint);
+}
+
+static void k3_pwr_domain_suspend_dm_managed(const psci_power_state_t *target_state)
+{
+ uint8_t mode = MSG_VALUE_SLEEP_MODE_DEEP_SLEEP;
+ int ret;
+
- ti_sci_enter_sleep(proc_id, 0, k3_sec_entrypoint);
+ ret = ti_sci_lpm_get_next_sys_mode(&mode);
+ if (ret != 0) {
+ ERROR("Failed to fetch next system mode\n");
+ }
+
+ k3_pwr_domain_suspend_to_mode(target_state, mode);
+}
+
+static void k3_pwr_domain_suspend(const psci_power_state_t *target_state)
+{
+ k3_pwr_domain_suspend_to_mode(target_state, MSG_VALUE_SLEEP_MODE_DEEP_SLEEP);
}
static void k3_pwr_domain_suspend_finish(const psci_power_state_t *target_state)
@@ -301,6 +319,8 @@
k3_plat_psci_ops.pwr_domain_suspend = NULL;
k3_plat_psci_ops.pwr_domain_suspend_finish = NULL;
k3_plat_psci_ops.get_sys_suspend_power_state = NULL;
+ } else if (fw_caps & MSG_FLAG_CAPS_LPM_DM_MANAGED) {
+ k3_plat_psci_ops.pwr_domain_suspend = k3_pwr_domain_suspend_dm_managed;
}
*psci_ops = &k3_plat_psci_ops;
diff --git a/plat/xilinx/common/ipi.c b/plat/xilinx/common/ipi.c
index 399d283..d7c70f3 100644
--- a/plat/xilinx/common/ipi.c
+++ b/plat/xilinx/common/ipi.c
@@ -70,7 +70,7 @@
{
int ret = 1;
- if (remote >= ipi_total || local >= ipi_total) {
+ if ((remote >= ipi_total) || (local >= ipi_total)) {
ret = 0;
}
@@ -144,11 +144,11 @@
uint32_t status;
status = mmio_read_32(IPI_REG_BASE(local) + IPI_OBR_OFFSET);
- if (status & IPI_BIT_MASK(remote)) {
+ if ((status & IPI_BIT_MASK(remote)) != 0U) {
ret |= IPI_MB_STATUS_SEND_PENDING;
}
status = mmio_read_32(IPI_REG_BASE(local) + IPI_ISR_OFFSET);
- if (status & IPI_BIT_MASK(remote)) {
+ if ((status & IPI_BIT_MASK(remote)) != 0U) {
ret |= IPI_MB_STATUS_RECV_PENDING;
}
@@ -170,11 +170,11 @@
mmio_write_32(IPI_REG_BASE(local) + IPI_TRIG_OFFSET,
IPI_BIT_MASK(remote));
- if (is_blocking) {
+ if (is_blocking != 0U) {
do {
status = mmio_read_32(IPI_REG_BASE(local) +
IPI_OBR_OFFSET);
- } while (status & IPI_BIT_MASK(remote));
+ } while ((status & IPI_BIT_MASK(remote)) != 0U);
}
}
diff --git a/plat/xilinx/common/ipi_mailbox_service/ipi_mailbox_svc.c b/plat/xilinx/common/ipi_mailbox_service/ipi_mailbox_svc.c
index 0ea51f0..9a0149b 100644
--- a/plat/xilinx/common/ipi_mailbox_service/ipi_mailbox_svc.c
+++ b/plat/xilinx/common/ipi_mailbox_service/ipi_mailbox_svc.c
@@ -94,7 +94,7 @@
/* Validate IPI mailbox access */
ret = ipi_mb_validate(ipi_local_id, ipi_remote_id, is_secure);
- if (ret)
+ if (ret != 0)
SMC_RET1(handle, ret);
switch (GET_SMC_NUM(smc_fid)) {
@@ -128,7 +128,7 @@
enable_interrupt = (x3 & IPI_SMC_ACK_EIRQ_MASK) ? 1 : 0;
ipi_mb_ack(ipi_local_id, ipi_remote_id);
- if (enable_interrupt)
+ if (enable_interrupt != 0)
ipi_mb_enable_irq(ipi_local_id, ipi_remote_id);
SMC_RET1(handle, 0);
}
diff --git a/plat/xilinx/common/plat_clkfunc.c b/plat/xilinx/common/plat_clkfunc.c
index 8a8ea7e..f7910de 100644
--- a/plat/xilinx/common/plat_clkfunc.c
+++ b/plat/xilinx/common/plat_clkfunc.c
@@ -8,6 +8,7 @@
#include <plat/common/platform.h>
#include <platform_def.h>
+#include <plat_clkfunc.h>
#include <plat_private.h>
uint32_t plat_get_syscnt_freq2(void)
diff --git a/plat/xilinx/common/plat_startup.c b/plat/xilinx/common/plat_startup.c
index 5beb765..149ba2d 100644
--- a/plat/xilinx/common/plat_startup.c
+++ b/plat/xilinx/common/plat_startup.c
@@ -237,8 +237,8 @@
}
target_secure = get_xbl_ss(&HandoffParams->partition[i]);
- if (target_secure == XBL_FLAGS_SECURE &&
- target_el == XBL_FLAGS_EL2) {
+ if ((target_secure == XBL_FLAGS_SECURE) &&
+ (target_el == XBL_FLAGS_EL2)) {
WARN("BL31: invalid security state (%i) for exception level (%i)\n",
target_secure, target_el);
continue;
@@ -284,7 +284,7 @@
}
VERBOSE("Setting up %s entry point to:%" PRIx64 ", el:%x\n",
- target_secure == XBL_FLAGS_SECURE ? "BL32" : "BL33",
+ (target_secure == XBL_FLAGS_SECURE) ? "BL32" : "BL33",
HandoffParams->partition[i].entry_point,
target_el);
image->pc = HandoffParams->partition[i].entry_point;
diff --git a/plat/xilinx/common/pm_service/pm_ipi.c b/plat/xilinx/common/pm_service/pm_ipi.c
index 425fdcb..c3872fc 100644
--- a/plat/xilinx/common/pm_service/pm_ipi.c
+++ b/plat/xilinx/common/pm_service/pm_ipi.c
@@ -217,6 +217,7 @@
enum pm_ret_status pm_ipi_buff_read_callb(uint32_t *value, size_t count)
{
size_t i;
+ size_t local_count = count;
#if IPI_CRC_CHECK
uint32_t crc;
#endif
@@ -225,8 +226,8 @@
IPI_BUFFER_REQ_OFFSET;
enum pm_ret_status ret = PM_RET_SUCCESS;
- if (count > IPI_BUFFER_MAX_WORDS) {
- count = IPI_BUFFER_MAX_WORDS;
+ if (local_count > IPI_BUFFER_MAX_WORDS) {
+ local_count = IPI_BUFFER_MAX_WORDS;
}
for (i = 0; i < count; i++) {
@@ -240,7 +241,7 @@
/* Payload data is invalid as CRC validation failed
* Clear the payload to avoid leakage of data to upper layers
*/
- memset(value, 0, count);
+ memset(value, 0, local_count);
}
#endif
return ret;
diff --git a/plat/xilinx/common/pm_service/pm_svc_main.c b/plat/xilinx/common/pm_service/pm_svc_main.c
index 861c5b3..afb9a96 100644
--- a/plat/xilinx/common/pm_service/pm_svc_main.c
+++ b/plat/xilinx/common/pm_service/pm_svc_main.c
@@ -478,9 +478,9 @@
* than other eemi calls.
*/
if (api_id == (uint32_t)PM_QUERY_DATA) {
- if ((pm_arg[0] == XPM_QID_CLOCK_GET_NAME ||
- pm_arg[0] == XPM_QID_PINCTRL_GET_FUNCTION_NAME) &&
- ret == PM_RET_SUCCESS) {
+ if (((pm_arg[0] == XPM_QID_CLOCK_GET_NAME) ||
+ (pm_arg[0] == XPM_QID_PINCTRL_GET_FUNCTION_NAME)) &&
+ (ret == PM_RET_SUCCESS)) {
SMC_RET2(handle, (uint64_t)buf[0] | ((uint64_t)buf[1] << 32U),
(uint64_t)buf[2] | ((uint64_t)buf[3] << 32U));
}
@@ -559,7 +559,7 @@
uint32_t security_flag = NON_SECURE_FLAG;
uint32_t api_id;
bool status = false, status_tmp = false;
- uint64_t x[4] = {x1, x2, x3, x4};
+ const uint64_t x[4] = {x1, x2, x3, x4};
/* Handle case where PM wasn't initialized properly */
if (pm_up == false) {
diff --git a/plat/xilinx/common/versal.c b/plat/xilinx/common/versal.c
index 3ea022c..b37dc76 100644
--- a/plat/xilinx/common/versal.c
+++ b/plat/xilinx/common/versal.c
@@ -7,6 +7,7 @@
#include <common/debug.h>
#include <lib/mmio.h>
#include <lib/smccc.h>
+#include <plat/common/platform.h>
#include <services/arm_arch_svc.h>
#include <plat_private.h>
diff --git a/plat/xilinx/versal/bl31_versal_setup.c b/plat/xilinx/versal/bl31_versal_setup.c
index 58589ad..819a55b 100644
--- a/plat/xilinx/versal/bl31_versal_setup.c
+++ b/plat/xilinx/versal/bl31_versal_setup.c
@@ -76,7 +76,7 @@
uint64_t tfa_handoff_addr;
uint32_t payload[PAYLOAD_ARG_CNT], max_size = HANDOFF_PARAMS_MAX_SIZE;
enum pm_ret_status ret_status;
- uint64_t addr[HANDOFF_PARAMS_MAX_SIZE];
+ const uint64_t addr[HANDOFF_PARAMS_MAX_SIZE];
/*
* Do initial security configuration to allow DRAM/device access. On
@@ -131,7 +131,7 @@
enum xbl_handoff ret = xbl_handover(&bl32_image_ep_info,
&bl33_image_ep_info,
tfa_handoff_addr);
- if (ret == XBL_HANDOFF_NO_STRUCT || ret == XBL_HANDOFF_INVAL_STRUCT) {
+ if ((ret == XBL_HANDOFF_NO_STRUCT) || (ret == XBL_HANDOFF_INVAL_STRUCT)) {
bl31_set_default_config();
} else if (ret == XBL_HANDOFF_TOO_MANY_PARTS) {
ERROR("BL31: Error too many partitions %u\n", ret);
@@ -153,7 +153,7 @@
uint32_t i;
/* Validate 'handler' and 'id' parameters */
- if (handler == NULL || index >= MAX_INTR_EL3) {
+ if ((handler == NULL) || (index >= MAX_INTR_EL3)) {
return -EINVAL;
}
diff --git a/plat/xilinx/versal/include/plat_private.h b/plat/xilinx/versal/include/plat_private.h
index 4b2b6cf..658dc9e 100644
--- a/plat/xilinx/versal/include/plat_private.h
+++ b/plat/xilinx/versal/include/plat_private.h
@@ -34,6 +34,8 @@
void plat_versal_gic_pcpu_init(void);
void plat_versal_gic_save(void);
void plat_versal_gic_resume(void);
+void plat_versal_gic_redistif_on(void);
+void plat_versal_gic_redistif_off(void);
uint32_t versal_calc_core_pos(u_register_t mpidr);
/*
diff --git a/plat/xilinx/versal/plat_psci.c b/plat/xilinx/versal/plat_psci.c
index a299d14..3fc6dbd 100644
--- a/plat/xilinx/versal/plat_psci.c
+++ b/plat/xilinx/versal/plat_psci.c
@@ -77,7 +77,7 @@
plat_versal_gic_save();
}
- state = target_state->pwr_domain_state[1] > PLAT_MAX_RET_STATE ?
+ state = (target_state->pwr_domain_state[1] > PLAT_MAX_RET_STATE) ?
PM_STATE_SUSPEND_TO_RAM : PM_STATE_CPU_IDLE;
/* Send request to PMC to suspend this core */
@@ -126,7 +126,7 @@
plat_versal_gic_cpuif_enable();
}
-void versal_pwr_domain_on_finish(const psci_power_state_t *target_state)
+static void versal_pwr_domain_on_finish(const psci_power_state_t *target_state)
{
/* Enable the gic cpu interface */
plat_versal_gic_pcpu_init();
@@ -146,7 +146,7 @@
(void)pm_system_shutdown(XPM_SHUTDOWN_TYPE_SHUTDOWN,
pm_get_shutdown_scope(), SECURE_FLAG);
- while (1) {
+ while (true) {
wfi();
}
}
@@ -185,7 +185,7 @@
(void)psci_cpu_off();
- while (1) {
+ while (true) {
wfi();
}
}
@@ -197,7 +197,7 @@
*/
static void versal_pwr_domain_off(const psci_power_state_t *target_state)
{
- uint32_t ret, fw_api_version, version[RET_PAYLOAD_ARG_CNT] = {0U};
+ uint32_t ret, fw_api_version, version_type[RET_PAYLOAD_ARG_CNT] = {0U};
uint32_t cpu_id = plat_my_core_pos();
const struct pm_proc *proc = pm_get_proc(cpu_id);
@@ -221,9 +221,9 @@
* invoking CPU_on function, during which resume address will
* be set.
*/
- ret = pm_feature_check((uint32_t)PM_SELF_SUSPEND, &version[0], SECURE_FLAG);
+ ret = pm_feature_check((uint32_t)PM_SELF_SUSPEND, &version_type[0], SECURE_FLAG);
if (ret == PM_RET_SUCCESS) {
- fw_api_version = version[0] & 0xFFFFU;
+ fw_api_version = version_type[0] & 0xFFFFU;
if (fw_api_version >= 3U) {
(void)pm_self_suspend(proc->node_id, MAX_LATENCY, PM_STATE_CPU_OFF, 0,
SECURE_FLAG);
diff --git a/plat/xilinx/versal/sip_svc_setup.c b/plat/xilinx/versal/sip_svc_setup.c
index 3c0bd63..3027946 100644
--- a/plat/xilinx/versal/sip_svc_setup.c
+++ b/plat/xilinx/versal/sip_svc_setup.c
@@ -68,19 +68,19 @@
*
* Return: Unused.
*/
-uintptr_t sip_svc_smc_handler(uint32_t smc_fid,
- u_register_t x1,
- u_register_t x2,
- u_register_t x3,
- u_register_t x4,
- void *cookie,
- void *handle,
- u_register_t flags)
+static uintptr_t sip_svc_smc_handler(uint32_t smc_fid,
+ u_register_t x1,
+ u_register_t x2,
+ u_register_t x3,
+ u_register_t x4,
+ void *cookie,
+ void *handle,
+ u_register_t flags)
{
VERBOSE("SMCID: 0x%08x, x1: 0x%016" PRIx64 ", x2: 0x%016" PRIx64 ", x3: 0x%016" PRIx64 ", x4: 0x%016" PRIx64 "\n",
smc_fid, x1, x2, x3, x4);
- if (smc_fid & SIP_FID_MASK) {
+ if ((smc_fid & SIP_FID_MASK) != 0U) {
WARN("SMC out of SiP assinged range: 0x%x\n", smc_fid);
SMC_RET1(handle, SMC_UNK);
}
diff --git a/plat/xilinx/versal_net/aarch64/versal_net_common.c b/plat/xilinx/versal_net/aarch64/versal_net_common.c
index 55c4198..0dd0194 100644
--- a/plat/xilinx/versal_net/aarch64/versal_net_common.c
+++ b/plat/xilinx/versal_net/aarch64/versal_net_common.c
@@ -60,11 +60,11 @@
void board_detection(void)
{
- uint32_t version;
+ uint32_t version_type;
- version = mmio_read_32(PMC_TAP_VERSION);
- platform_id = FIELD_GET(PLATFORM_MASK, version);
- platform_version = FIELD_GET(PLATFORM_VERSION_MASK, version);
+ version_type = mmio_read_32(PMC_TAP_VERSION);
+ platform_id = FIELD_GET(PLATFORM_MASK, version_type);
+ platform_version = FIELD_GET(PLATFORM_VERSION_MASK, version_type);
if (platform_id == VERSAL_NET_QEMU_COSIM) {
platform_id = VERSAL_NET_QEMU;
diff --git a/plat/xilinx/versal_net/bl31_versal_net_setup.c b/plat/xilinx/versal_net/bl31_versal_net_setup.c
index ebde49f..cf2368a 100644
--- a/plat/xilinx/versal_net/bl31_versal_net_setup.c
+++ b/plat/xilinx/versal_net/bl31_versal_net_setup.c
@@ -179,7 +179,7 @@
uint32_t i;
/* Validate 'handler' and 'id' parameters */
- if (handler == NULL || index >= MAX_INTR_EL3) {
+ if ((handler == NULL) || (index >= MAX_INTR_EL3)) {
return -EINVAL;
}
@@ -214,7 +214,7 @@
}
if (handler != NULL) {
- handler(intr_id, flags, handle, cookie);
+ (void)handler(intr_id, flags, handle, cookie);
}
return 0;
diff --git a/plat/xilinx/versal_net/plat_psci_pm.c b/plat/xilinx/versal_net/plat_psci_pm.c
index 7a653d4..1c32879 100644
--- a/plat/xilinx/versal_net/plat_psci_pm.c
+++ b/plat/xilinx/versal_net/plat_psci_pm.c
@@ -42,7 +42,7 @@
return PSCI_E_INTERN_FAIL;
}
- pm_req_wakeup(proc->node_id, (versal_net_sec_entry & 0xFFFFFFFFU) | 0x1U,
+ (void)pm_req_wakeup(proc->node_id, (versal_net_sec_entry & 0xFFFFFFFFU) | 0x1U,
versal_net_sec_entry >> 32, 0, 0);
/* Clear power down request */
@@ -59,7 +59,7 @@
*/
static void versal_net_pwr_domain_off(const psci_power_state_t *target_state)
{
- uint32_t ret, fw_api_version, version[RET_PAYLOAD_ARG_CNT] = {0U};
+ uint32_t ret, fw_api_version, version_type[RET_PAYLOAD_ARG_CNT] = {0U};
uint32_t cpu_id = plat_my_core_pos();
const struct pm_proc *proc = pm_get_proc(cpu_id);
@@ -83,9 +83,9 @@
* invoking CPU_on function, during which resume address will
* be set.
*/
- ret = pm_feature_check((uint32_t)PM_SELF_SUSPEND, &version[0], SECURE_FLAG);
+ ret = pm_feature_check((uint32_t)PM_SELF_SUSPEND, &version_type[0], SECURE_FLAG);
if (ret == PM_RET_SUCCESS) {
- fw_api_version = version[0] & 0xFFFFU;
+ fw_api_version = version_type[0] & 0xFFFFU;
if (fw_api_version >= 3U) {
(void)pm_self_suspend(proc->node_id, MAX_LATENCY, PM_STATE_CPU_OFF, 0,
SECURE_FLAG);
@@ -130,7 +130,7 @@
(void)psci_cpu_off();
- while (1) {
+ while (true) {
wfi();
}
}
@@ -162,11 +162,11 @@
plat_arm_gic_save();
}
- state = target_state->pwr_domain_state[1] > PLAT_MAX_RET_STATE ?
+ state = (target_state->pwr_domain_state[1] > PLAT_MAX_RET_STATE) ?
PM_STATE_SUSPEND_TO_RAM : PM_STATE_CPU_IDLE;
/* Send request to PMC to suspend this core */
- pm_self_suspend(proc->node_id, MAX_LATENCY, state, versal_net_sec_entry,
+ (void)pm_self_suspend(proc->node_id, MAX_LATENCY, state, versal_net_sec_entry,
SECURE_FLAG);
/* TODO: disable coherency */
@@ -223,10 +223,10 @@
static void __dead2 versal_net_system_off(void)
{
/* Send the power down request to the PMC */
- pm_system_shutdown(XPM_SHUTDOWN_TYPE_SHUTDOWN,
+ (void)pm_system_shutdown(XPM_SHUTDOWN_TYPE_SHUTDOWN,
pm_get_shutdown_scope(), SECURE_FLAG);
- while (1) {
+ while (true) {
wfi();
}
}
@@ -257,7 +257,7 @@
}
/* We expect the 'state id' to be zero */
- if (psci_get_pstate_id(power_state)) {
+ if (psci_get_pstate_id(power_state) != 0U) {
return PSCI_E_INVALID_PARAMS;
}
diff --git a/plat/xilinx/versal_net/sip_svc_setup.c b/plat/xilinx/versal_net/sip_svc_setup.c
index c974810..bf06e2c 100644
--- a/plat/xilinx/versal_net/sip_svc_setup.c
+++ b/plat/xilinx/versal_net/sip_svc_setup.c
@@ -69,7 +69,7 @@
VERBOSE("SMCID: 0x%08x, x1: 0x%016" PRIx64 ", x2: 0x%016" PRIx64 ", x3: 0x%016" PRIx64 ", x4: 0x%016" PRIx64 "\n",
smc_fid, x1, x2, x3, x4);
- if (smc_fid & SIP_FID_MASK) {
+ if ((smc_fid & SIP_FID_MASK) != 0U) {
WARN("SMC out of SiP assinged range: 0x%x\n", smc_fid);
SMC_RET1(handle, SMC_UNK);
}
diff --git a/plat/xilinx/zynqmp/aarch64/zynqmp_common.c b/plat/xilinx/zynqmp/aarch64/zynqmp_common.c
index b0bd8a1..0e698f7 100644
--- a/plat/xilinx/zynqmp/aarch64/zynqmp_common.c
+++ b/plat/xilinx/zynqmp/aarch64/zynqmp_common.c
@@ -14,6 +14,7 @@
#include <lib/smccc.h>
#include <lib/xlat_tables/xlat_tables_v2.h>
#include <plat/common/platform.h>
+#include <plat_arm.h>
#include <services/arm_arch_svc.h>
#include <plat_ipi.h>
@@ -244,8 +245,8 @@
ver = chipid[1] >> ZYNQMP_EFUSE_IPDISABLE_SHIFT;
for (i = 0; i < ARRAY_SIZE(zynqmp_devices); i++) {
- if (zynqmp_devices[i].id == id &&
- zynqmp_devices[i].ver == (ver & ZYNQMP_CSU_VERSION_MASK)) {
+ if ((zynqmp_devices[i].id == id) &&
+ (zynqmp_devices[i].ver == (ver & ZYNQMP_CSU_VERSION_MASK))) {
break;
}
}
@@ -299,8 +300,8 @@
tmp = id;
tmp &= ZYNQMP_CSU_IDCODE_XILINX_ID_MASK |
ZYNQMP_CSU_IDCODE_FAMILY_MASK;
- maskid = ZYNQMP_CSU_IDCODE_XILINX_ID << ZYNQMP_CSU_IDCODE_XILINX_ID_SHIFT |
- ZYNQMP_CSU_IDCODE_FAMILY << ZYNQMP_CSU_IDCODE_FAMILY_SHIFT;
+ maskid = (ZYNQMP_CSU_IDCODE_XILINX_ID << ZYNQMP_CSU_IDCODE_XILINX_ID_SHIFT) |
+ (ZYNQMP_CSU_IDCODE_FAMILY << ZYNQMP_CSU_IDCODE_FAMILY_SHIFT);
if (tmp != maskid) {
ERROR("Incorrect IDCODE 0x%x, maskid 0x%x\n", id, maskid);
return "UNKN";
@@ -348,7 +349,7 @@
{
uint32_t ver = zynqmp_get_silicon_ver();
uint32_t rtl = zynqmp_get_rtl_ver();
- char *label = "Unknown";
+ const char *label = "Unknown";
switch (ver) {
case ZYNQMP_CSU_VERSION_QEMU:
diff --git a/plat/xilinx/zynqmp/custom_sip_svc.c b/plat/xilinx/zynqmp/custom_sip_svc.c
index c61c92c..c39e4be 100644
--- a/plat/xilinx/zynqmp/custom_sip_svc.c
+++ b/plat/xilinx/zynqmp/custom_sip_svc.c
@@ -8,6 +8,8 @@
#include <common/debug.h>
#include <smccc_helpers.h>
+#include <custom_svc.h>
+
uint64_t custom_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2,
uint64_t x3, uint64_t x4, void *cookie,
void *handle, uint64_t flags)
diff --git a/plat/xilinx/zynqmp/plat_psci.c b/plat/xilinx/zynqmp/plat_psci.c
index 1e7df05..58db2e4 100644
--- a/plat/xilinx/zynqmp/plat_psci.c
+++ b/plat/xilinx/zynqmp/plat_psci.c
@@ -58,7 +58,7 @@
pm_client_wakeup(proc);
/* Send request to PMU to wake up selected APU CPU core */
- pm_req_wakeup(proc->node_id, 1, zynqmp_sec_entry, REQ_ACK_BLOCKING);
+ (void)pm_req_wakeup(proc->node_id, 1, zynqmp_sec_entry, REQ_ACK_BLOCKING);
return PSCI_E_SUCCESS;
}
@@ -88,7 +88,7 @@
* invoking CPU_on function, during which resume address will
* be set.
*/
- pm_self_suspend(proc->node_id, MAX_LATENCY, PM_STATE_CPU_IDLE, 0);
+ (void)pm_self_suspend(proc->node_id, MAX_LATENCY, PM_STATE_CPU_IDLE, 0);
}
static void zynqmp_pwr_domain_suspend(const psci_power_state_t *target_state)
@@ -105,11 +105,11 @@
VERBOSE("%s: target_state->pwr_domain_state[%lu]=%x\n",
__func__, i, target_state->pwr_domain_state[i]);
- state = target_state->pwr_domain_state[1] > PLAT_MAX_RET_STATE ?
+ state = (target_state->pwr_domain_state[1] > PLAT_MAX_RET_STATE) ?
PM_STATE_SUSPEND_TO_RAM : PM_STATE_CPU_IDLE;
/* Send request to PMU to suspend this core */
- pm_self_suspend(proc->node_id, MAX_LATENCY, state, zynqmp_sec_entry);
+ (void)pm_self_suspend(proc->node_id, MAX_LATENCY, state, zynqmp_sec_entry);
/* APU is to be turned off */
if (target_state->pwr_domain_state[1] > PLAT_MAX_RET_STATE) {
@@ -166,10 +166,10 @@
plat_arm_interconnect_exit_coherency();
/* Send the power down request to the PMU */
- pm_system_shutdown(PMF_SHUTDOWN_TYPE_SHUTDOWN,
+ (void)pm_system_shutdown((uint32_t)PMF_SHUTDOWN_TYPE_SHUTDOWN,
pm_get_shutdown_scope());
- while (1) {
+ while (true) {
wfi();
}
}
@@ -180,10 +180,10 @@
plat_arm_interconnect_exit_coherency();
/* Send the system reset request to the PMU */
- pm_system_shutdown(PMF_SHUTDOWN_TYPE_RESET,
+ (void)pm_system_shutdown((uint32_t)PMF_SHUTDOWN_TYPE_RESET,
pm_get_shutdown_scope());
- while (1) {
+ while (true) {
wfi();
}
}
@@ -204,7 +204,7 @@
req_state->pwr_domain_state[MPIDR_AFFLVL0] = PLAT_MAX_OFF_STATE;
}
/* We expect the 'state id' to be zero */
- if (psci_get_pstate_id(power_state)) {
+ if (psci_get_pstate_id(power_state) != 0U) {
return PSCI_E_INVALID_PARAMS;
}
diff --git a/plat/xilinx/zynqmp/plat_topology.c b/plat/xilinx/zynqmp/plat_topology.c
index 2596650..3755513 100644
--- a/plat/xilinx/zynqmp/plat_topology.c
+++ b/plat/xilinx/zynqmp/plat_topology.c
@@ -5,6 +5,8 @@
*/
#include <stdint.h>
+#include <plat/common/platform.h>
+
static const uint8_t plat_power_domain_tree_desc[] = {1, 4};
const uint8_t *plat_get_power_domain_tree_desc(void)
diff --git a/plat/xilinx/zynqmp/plat_zynqmp.c b/plat/xilinx/zynqmp/plat_zynqmp.c
index e3a979e..65faa2f 100644
--- a/plat/xilinx/zynqmp/plat_zynqmp.c
+++ b/plat/xilinx/zynqmp/plat_zynqmp.c
@@ -10,7 +10,7 @@
int32_t plat_core_pos_by_mpidr(u_register_t mpidr)
{
- if (mpidr & MPIDR_CLUSTER_MASK) {
+ if ((mpidr & MPIDR_CLUSTER_MASK) != 0U) {
return -1;
}
diff --git a/plat/xilinx/zynqmp/pm_service/pm_api_clock.c b/plat/xilinx/zynqmp/pm_service/pm_api_clock.c
index 5a1e218..91adb07 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_api_clock.c
+++ b/plat/xilinx/zynqmp/pm_service/pm_api_clock.c
@@ -1226,7 +1226,7 @@
.control_reg = CRF_APB_ACPU_CTRL,
.status_reg = 0,
.parents = &((int32_t []) {
- CLK_ACPU | PARENT_CLK_NODE2 << CLK_PARENTS_ID_LEN,
+ (CLK_ACPU | (PARENT_CLK_NODE2 << CLK_PARENTS_ID_LEN)),
CLK_NA_PARENT
}),
.nodes = &acpu_full_nodes,
@@ -2117,7 +2117,7 @@
.control_reg = CRF_APB_ACPU_CTRL,
.status_reg = 0,
.parents = &((int32_t []) {
- CLK_ACPU | PARENT_CLK_NODE2 << CLK_PARENTS_ID_LEN,
+ (CLK_ACPU | (PARENT_CLK_NODE2 << CLK_PARENTS_ID_LEN)),
CLK_NA_PARENT
}),
.nodes = &acpu_half_nodes,
@@ -2140,7 +2140,7 @@
.control_reg = CRF_APB_GPU_REF_CTRL,
.status_reg = 0,
.parents = &((int32_t []) {
- CLK_GPU_REF | PARENT_CLK_NODE2 << CLK_PARENTS_ID_LEN,
+ (CLK_GPU_REF | (PARENT_CLK_NODE2 << CLK_PARENTS_ID_LEN)),
CLK_NA_PARENT
}),
.nodes = &gpu_pp0_nodes,
@@ -2151,7 +2151,7 @@
.control_reg = CRF_APB_GPU_REF_CTRL,
.status_reg = 0,
.parents = &((int32_t []) {
- CLK_GPU_REF | PARENT_CLK_NODE2 << CLK_PARENTS_ID_LEN,
+ (CLK_GPU_REF | (PARENT_CLK_NODE2 << CLK_PARENTS_ID_LEN)),
CLK_NA_PARENT
}),
.nodes = &gpu_pp1_nodes,
@@ -2176,7 +2176,7 @@
.control_reg = CRL_APB_CPU_R5_CTRL,
.status_reg = 0,
.parents = &((int32_t []) {
- CLK_CPU_R5 | PARENT_CLK_NODE2 << CLK_PARENTS_ID_LEN,
+ (CLK_CPU_R5 | (PARENT_CLK_NODE2 << CLK_PARENTS_ID_LEN)),
CLK_DUMMY_PARENT,
CLK_NA_PARENT
}),
@@ -2456,14 +2456,14 @@
void pm_api_clock_get_name(uint32_t clock_id, char *name)
{
if (clock_id == CLK_MAX) {
- memcpy(name, END_OF_CLK, sizeof(END_OF_CLK) > CLK_NAME_LEN ?
- CLK_NAME_LEN : sizeof(END_OF_CLK));
+ (void)memcpy(name, END_OF_CLK, ((sizeof(END_OF_CLK) > CLK_NAME_LEN) ?
+ CLK_NAME_LEN : sizeof(END_OF_CLK)));
} else if ((clock_id > CLK_MAX) || (!pm_clock_valid(clock_id))) {
- memset(name, 0, CLK_NAME_LEN);
+ (void)memset(name, 0, CLK_NAME_LEN);
} else if (clock_id < CLK_MAX_OUTPUT_CLK) {
- memcpy(name, clocks[clock_id].name, CLK_NAME_LEN);
+ (void)memcpy(name, clocks[clock_id].name, CLK_NAME_LEN);
} else {
- memcpy(name, ext_clocks[clock_id - CLK_MAX_OUTPUT_CLK].name,
+ (void)memcpy(name, ext_clocks[clock_id - CLK_MAX_OUTPUT_CLK].name,
CLK_NAME_LEN);
}
}
@@ -2486,7 +2486,7 @@
uint32_t index,
uint32_t *topology)
{
- struct pm_clock_node *clock_nodes;
+ const struct pm_clock_node *clock_nodes;
uint8_t num_nodes;
uint32_t i;
uint16_t typeflags;
@@ -2499,7 +2499,7 @@
return PM_RET_ERROR_NOTSUPPORTED;
}
- memset(topology, 0, CLK_TOPOLOGY_PAYLOAD_LEN);
+ (void)memset(topology, 0, CLK_TOPOLOGY_PAYLOAD_LEN);
clock_nodes = *clocks[clock_id].nodes;
num_nodes = clocks[clock_id].num_nodes;
@@ -2543,7 +2543,7 @@
uint32_t *mul,
uint32_t *div)
{
- struct pm_clock_node *clock_nodes;
+ const struct pm_clock_node *clock_nodes;
uint8_t num_nodes;
uint32_t type, i;
@@ -2598,7 +2598,7 @@
uint32_t *parents)
{
uint32_t i;
- int32_t *clk_parents;
+ const int32_t *clk_parents;
if (!pm_clock_valid(clock_id)) {
return PM_RET_ERROR_ARGS;
@@ -2613,7 +2613,7 @@
return PM_RET_ERROR_ARGS;
}
- memset(parents, 0, CLK_PARENTS_PAYLOAD_LEN);
+ (void)memset(parents, 0, CLK_PARENTS_PAYLOAD_LEN);
/* Skip parent till index */
for (i = 0; i < index; i++) {
@@ -2675,7 +2675,7 @@
uint32_t *max_div)
{
uint32_t i;
- struct pm_clock_node *nodes;
+ const struct pm_clock_node *nodes;
if (clock_id >= CLK_MAX_OUTPUT_CLK) {
return PM_RET_ERROR_ARGS;
@@ -2684,8 +2684,8 @@
nodes = *clocks[clock_id].nodes;
for (i = 0; i < clocks[clock_id].num_nodes; i++) {
if (nodes[i].type == div_type) {
- if (CLK_DIVIDER_POWER_OF_TWO &
- nodes[i].typeflags) {
+ if ((CLK_DIVIDER_POWER_OF_TWO &
+ nodes[i].typeflags) != 0U) {
*max_div = (1U << (BIT(nodes[i].width) - 1U));
} else {
*max_div = BIT(nodes[i].width) - 1U;
@@ -2789,7 +2789,7 @@
enum pm_ret_status pm_clock_get_pll_node_id(enum clock_id clock_id,
enum pm_node_id *node_id)
{
- struct pm_pll *pll = pm_clock_get_pll(clock_id);
+ const struct pm_pll *pll = pm_clock_get_pll(clock_id);
if (pll != NULL) {
*node_id = pll->nid;
@@ -2812,10 +2812,10 @@
uint32_t i;
for (i = 0; i < ARRAY_SIZE(pm_plls); i++) {
- if (pm_plls[i].pre_src == clock_id ||
- pm_plls[i].post_src == clock_id ||
- pm_plls[i].div2 == clock_id ||
- pm_plls[i].bypass == clock_id) {
+ if ((pm_plls[i].pre_src == clock_id) ||
+ (pm_plls[i].post_src == clock_id) ||
+ (pm_plls[i].div2 == clock_id) ||
+ (pm_plls[i].bypass == clock_id)) {
return &pm_plls[i];
}
}
@@ -2990,7 +2990,7 @@
{
struct pm_pll *pll = pm_clock_get_pll(clock_id);
- if ((pll == NULL) || (mode != PLL_FRAC_MODE && mode != PLL_INT_MODE)) {
+ if ((pll == NULL) || ((mode != PLL_FRAC_MODE) && (mode != PLL_INT_MODE))) {
return PM_RET_ERROR_ARGS;
}
pll->mode = mode;
@@ -3011,7 +3011,7 @@
enum pm_ret_status pm_clock_get_pll_mode(enum clock_id clock_id,
uint32_t *mode)
{
- struct pm_pll *pll = pm_clock_get_pll(clock_id);
+ const struct pm_pll *pll = pm_clock_get_pll(clock_id);
if ((pll == NULL) || (mode == NULL)) {
return PM_RET_ERROR_ARGS;
@@ -3052,7 +3052,7 @@
uint8_t pm_clock_has_div(uint32_t clock_id, enum pm_clock_div_id div_id)
{
uint32_t i;
- struct pm_clock_node *nodes;
+ const struct pm_clock_node *nodes;
if (clock_id >= CLK_MAX_OUTPUT_CLK) {
return 0;
diff --git a/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.c b/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.c
index dd21499..0dbfa57 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.c
+++ b/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.c
@@ -62,7 +62,7 @@
{
uint32_t val;
- if (mmio_read_32(CRL_APB_RST_LPD_TOP) & CRL_APB_RPU_AMBA_RESET) {
+ if ((mmio_read_32(CRL_APB_RST_LPD_TOP) & CRL_APB_RPU_AMBA_RESET) != 0U) {
return PM_RET_ERROR_ACCESS;
}
@@ -165,8 +165,8 @@
static enum pm_ret_status pm_ioctl_set_tapdelay_bypass(uint32_t type,
uint32_t value)
{
- if ((value != PM_TAPDELAY_BYPASS_ENABLE &&
- value != PM_TAPDELAY_BYPASS_DISABLE) || type >= PM_TAPDELAY_MAX) {
+ if ((((value != PM_TAPDELAY_BYPASS_ENABLE) &&
+ (value != PM_TAPDELAY_BYPASS_DISABLE)) || (type >= PM_TAPDELAY_MAX))) {
return PM_RET_ERROR_ARGS;
}
@@ -481,7 +481,7 @@
uint32_t value)
{
uint32_t mask;
- uint32_t regarr[] = {0xFD360000U,
+ const uint32_t regarr[] = {0xFD360000U,
0xFD360014U,
0xFD370000U,
0xFD370014U,
@@ -682,7 +682,7 @@
*/
enum pm_ret_status tfa_ioctl_bitmask(uint32_t *bit_mask)
{
- uint8_t supported_ids[] = {
+ const uint8_t supported_ids[] = {
IOCTL_GET_RPU_OPER_MODE,
IOCTL_SET_RPU_OPER_MODE,
IOCTL_RPU_BOOT_ADDR_CONFIG,
diff --git a/plat/xilinx/zynqmp/pm_service/pm_api_pinctrl.c b/plat/xilinx/zynqmp/pm_service/pm_api_pinctrl.c
index 2d8c23b..1477e25 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_api_pinctrl.c
+++ b/plat/xilinx/zynqmp/pm_service/pm_api_pinctrl.c
@@ -2012,9 +2012,9 @@
void pm_api_pinctrl_get_function_name(uint32_t fid, char *name)
{
if (fid >= MAX_FUNCTION) {
- memcpy(name, END_OF_FUNCTION, FUNCTION_NAME_LEN);
+ (void)memcpy(name, END_OF_FUNCTION, FUNCTION_NAME_LEN);
} else {
- memcpy(name, pinctrl_functions[fid].name, FUNCTION_NAME_LEN);
+ (void)memcpy(name, pinctrl_functions[fid].name, FUNCTION_NAME_LEN);
}
}
@@ -2049,7 +2049,7 @@
return PM_RET_ERROR_ARGS;
}
- memset(groups, END_OF_GROUPS, GROUPS_PAYLOAD_LEN);
+ (void)memset(groups, END_OF_GROUPS, GROUPS_PAYLOAD_LEN);
grps = pinctrl_functions[fid].group_base;
end_of_grp_offset = grps + pinctrl_functions[fid].group_size;
@@ -2088,13 +2088,13 @@
uint16_t *groups)
{
uint32_t i;
- uint16_t *grps;
+ const uint16_t *grps;
if (pin >= MAX_PIN) {
return PM_RET_ERROR_ARGS;
}
- memset(groups, END_OF_GROUPS, GROUPS_PAYLOAD_LEN);
+ (void)memset(groups, END_OF_GROUPS, GROUPS_PAYLOAD_LEN);
grps = *zynqmp_pin_groups[pin].groups;
if (grps == NULL) {
diff --git a/plat/xilinx/zynqmp/pm_service/pm_client.c b/plat/xilinx/zynqmp/pm_service/pm_client.c
index 9d0e2c4..a517257 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_client.c
+++ b/plat/xilinx/zynqmp/pm_service/pm_client.c
@@ -204,7 +204,7 @@
continue;
}
- while (reg) {
+ while (reg != 0U) {
enum pm_node_id node;
uint32_t idx, ret, irq, lowest_set = reg & (-reg);
@@ -218,7 +218,7 @@
node = irq_to_pm_node(irq);
reg &= ~lowest_set;
- if (node > NODE_UNKNOWN && node < NODE_MAX) {
+ if ((node > NODE_UNKNOWN) && (node < NODE_MAX)) {
if (pm_wakeup_nodes_set[node] == 0U) {
ret = pm_set_wakeup_source(NODE_APU, node, 1U);
pm_wakeup_nodes_set[node] = (ret == PM_RET_SUCCESS) ? 1U : 0U;
diff --git a/plat/xilinx/zynqmp/pm_service/zynqmp_pm_api_sys.c b/plat/xilinx/zynqmp/pm_service/zynqmp_pm_api_sys.c
index d7c9f24..719ab6f 100644
--- a/plat/xilinx/zynqmp/pm_service/zynqmp_pm_api_sys.c
+++ b/plat/xilinx/zynqmp/pm_service/zynqmp_pm_api_sys.c
@@ -769,7 +769,7 @@
enum pm_ret_status check_api_dependency(uint8_t id)
{
uint8_t i;
- uint32_t version;
+ uint32_t version_type;
int ret;
for (i = 0U; i < ARRAY_SIZE(api_dep_table); i++) {
@@ -779,13 +779,13 @@
}
ret = fw_api_version(api_dep_table[i].api_id,
- &version, 1);
+ &version_type, 1);
if (ret != PM_RET_SUCCESS) {
return ret;
}
/* Check if fw version matches TF-A expected version */
- if (version != tfa_expected_ver_id[api_dep_table[i].api_id]) {
+ if (version_type != tfa_expected_ver_id[api_dep_table[i].api_id]) {
return PM_RET_ERROR_NOTSUPPORTED;
}
}
@@ -1115,7 +1115,7 @@
return status;
}
- if (enable) {
+ if (enable != 0U) {
api_id = PM_CLOCK_ENABLE;
} else {
api_id = PM_CLOCK_DISABLE;
@@ -1297,7 +1297,7 @@
return status;
}
- if (pm_clock_has_div(clock_id, PM_CLOCK_DIV0_ID)) {
+ if ((pm_clock_has_div(clock_id, PM_CLOCK_DIV0_ID)) != 0U) {
/* Send request to the PMU to get div0 */
PM_PACK_PAYLOAD3(payload, PM_CLOCK_GETDIVIDER, clock_id,
PM_CLOCK_DIV0_ID);
@@ -1308,7 +1308,7 @@
*divider = val;
}
- if (pm_clock_has_div(clock_id, PM_CLOCK_DIV1_ID)) {
+ if ((pm_clock_has_div(clock_id, PM_CLOCK_DIV1_ID)) != 0U) {
/* Send request to the PMU to get div1 */
PM_PACK_PAYLOAD3(payload, PM_CLOCK_GETDIVIDER, clock_id,
PM_CLOCK_DIV1_ID);
@@ -1657,7 +1657,7 @@
uint32_t payload[PAYLOAD_ARG_CNT];
/* Check if given node ID is a PLL node */
- if (nid < NODE_APLL || nid > NODE_IOPLL) {
+ if ((nid < NODE_APLL) || (nid > NODE_IOPLL)) {
return PM_RET_ERROR_ARGS;
}
@@ -1688,7 +1688,7 @@
uint32_t payload[PAYLOAD_ARG_CNT];
/* Check if given node ID is a PLL node */
- if (nid < NODE_APLL || nid > NODE_IOPLL) {
+ if ((nid < NODE_APLL) || (nid > NODE_IOPLL)) {
return PM_RET_ERROR_ARGS;
}
@@ -1721,7 +1721,7 @@
uint32_t payload[PAYLOAD_ARG_CNT];
/* Check if given node ID is a PLL node */
- if (nid < NODE_APLL || nid > NODE_IOPLL) {
+ if ((nid < NODE_APLL) || (nid > NODE_IOPLL)) {
return PM_RET_ERROR_ARGS;
}
@@ -1749,7 +1749,7 @@
uint32_t payload[PAYLOAD_ARG_CNT];
/* Check if given node ID is a PLL node */
- if (nid < NODE_APLL || nid > NODE_IOPLL) {
+ if ((nid < NODE_APLL) || (nid > NODE_IOPLL)) {
return PM_RET_ERROR_ARGS;
}
diff --git a/plat/xilinx/zynqmp/pm_service/zynqmp_pm_svc_main.c b/plat/xilinx/zynqmp/pm_service/zynqmp_pm_svc_main.c
index 65b2426..738699e 100644
--- a/plat/xilinx/zynqmp/pm_service/zynqmp_pm_svc_main.c
+++ b/plat/xilinx/zynqmp/pm_service/zynqmp_pm_svc_main.c
@@ -22,6 +22,7 @@
#include <plat_private.h>
#include "pm_client.h"
#include "pm_ipi.h"
+#include "pm_svc_main.h"
#include "zynqmp_pm_api_sys.h"
#include "zynqmp_pm_defs.h"
@@ -374,7 +375,7 @@
uint32_t value = 0U;
ret = pm_fpga_get_status(&value);
- SMC_RET1(handle, (uint64_t)ret | ((uint64_t)value) << 32);
+ SMC_RET1(handle, ((uint64_t)ret | (((uint64_t)value) << 32)));
}
case PM_SECURE_RSA_AES:
@@ -389,15 +390,15 @@
}
SMC_RET2(handle,
- (uint64_t)result[0] | ((uint64_t)result[1] << 32),
- (uint64_t)result[2] | ((uint64_t)result[3] << 32));
+ ((uint64_t)result[0] | ((uint64_t)result[1] << 32)),
+ ((uint64_t)result[2] | ((uint64_t)result[3] << 32)));
case PM_IOCTL:
{
uint32_t value = 0U;
ret = pm_ioctl(pm_arg[0], pm_arg[1], pm_arg[2],
pm_arg[3], &value);
- SMC_RET1(handle, (uint64_t)ret | ((uint64_t)value) << 32);
+ SMC_RET1(handle, ((uint64_t)ret | (((uint64_t)value) << 32)));
}
case PM_QUERY_DATA:
@@ -406,8 +407,8 @@
pm_query_data(pm_arg[0], pm_arg[1], pm_arg[2],
pm_arg[3], data);
- SMC_RET2(handle, (uint64_t)data[0] | ((uint64_t)data[1] << 32),
- (uint64_t)data[2] | ((uint64_t)data[3] << 32));
+ SMC_RET2(handle, ((uint64_t)data[0] | ((uint64_t)data[1] << 32)),
+ ((uint64_t)data[2] | ((uint64_t)data[3] << 32)));
}
case PM_CLOCK_ENABLE:
@@ -423,7 +424,7 @@
uint32_t value = 0U;
ret = pm_clock_getstate(pm_arg[0], &value);
- SMC_RET1(handle, (uint64_t)ret | ((uint64_t)value) << 32);
+ SMC_RET1(handle, ((uint64_t)ret | (((uint64_t)value) << 32)));
}
case PM_CLOCK_SETDIVIDER:
@@ -435,7 +436,7 @@
uint32_t value = 0U;
ret = pm_clock_getdivider(pm_arg[0], &value);
- SMC_RET1(handle, (uint64_t)ret | ((uint64_t)value) << 32);
+ SMC_RET1(handle, ((uint64_t)ret | (((uint64_t)value) << 32)));
}
case PM_CLOCK_SETPARENT:
@@ -447,7 +448,7 @@
uint32_t value = 0U;
ret = pm_clock_getparent(pm_arg[0], &value);
- SMC_RET1(handle, (uint64_t)ret | ((uint64_t)value) << 32U);
+ SMC_RET1(handle, ((uint64_t)ret | (((uint64_t)value) << 32U)));
}
case PM_GET_TRUSTZONE_VERSION:
@@ -472,7 +473,7 @@
{
ret = pm_secure_image(pm_arg[0], pm_arg[1], pm_arg[2],
pm_arg[3], &result[0]);
- SMC_RET2(handle, (uint64_t)ret | ((uint64_t)result[0] << 32U),
+ SMC_RET2(handle, ((uint64_t)ret | ((uint64_t)result[0] << 32U)),
result[1]);
}
@@ -482,7 +483,7 @@
ret = pm_fpga_read(pm_arg[0], pm_arg[1], pm_arg[2], pm_arg[3],
&value);
- SMC_RET1(handle, (uint64_t)ret | ((uint64_t)value) << 32U);
+ SMC_RET1(handle, ((uint64_t)ret | (((uint64_t)value) << 32U)));
}
case PM_SECURE_AES:
@@ -490,7 +491,7 @@
uint32_t value = 0U;
ret = pm_aes_engine(pm_arg[0], pm_arg[1], &value);
- SMC_RET1(handle, (uint64_t)ret | ((uint64_t)value) << 32U);
+ SMC_RET1(handle, ((uint64_t)ret | (((uint64_t)value) << 32U)));
}
case PM_PLL_SET_PARAMETER:
@@ -502,7 +503,7 @@
uint32_t value = 0U;
ret = pm_pll_get_parameter(pm_arg[0], pm_arg[1], &value);
- SMC_RET1(handle, (uint64_t)ret | ((uint64_t)value << 32U));
+ SMC_RET1(handle, ((uint64_t)ret | ((uint64_t)value << 32U)));
}
case PM_PLL_SET_MODE:
@@ -514,7 +515,7 @@
uint32_t mode = 0U;
ret = pm_pll_get_mode(pm_arg[0], &mode);
- SMC_RET1(handle, (uint64_t)ret | ((uint64_t)mode << 32U));
+ SMC_RET1(handle, ((uint64_t)ret | ((uint64_t)mode << 32U)));
}
case PM_REGISTER_ACCESS:
@@ -523,7 +524,7 @@
ret = pm_register_access(pm_arg[0], pm_arg[1], pm_arg[2],
pm_arg[3], &value);
- SMC_RET1(handle, (uint64_t)ret | ((uint64_t)value) << 32U);
+ SMC_RET1(handle, ((uint64_t)ret | (((uint64_t)value) << 32U)));
}
case PM_EFUSE_ACCESS:
@@ -538,7 +539,7 @@
}
#endif
ret = pm_efuse_access(pm_arg[0], pm_arg[1], &value);
- SMC_RET1(handle, (uint64_t)ret | ((uint64_t)value) << 32U);
+ SMC_RET1(handle, (uint64_t)ret | (((uint64_t)value) << 32U));
}
case PM_FPGA_GET_VERSION:
@@ -549,19 +550,19 @@
PM_PACK_PAYLOAD5(payload, smc_fid & FUNCID_NUM_MASK,
pm_arg[0], pm_arg[1], pm_arg[2], pm_arg[3]);
ret = pm_ipi_send_sync(primary_proc, payload, ret_payload, 3U);
- SMC_RET2(handle, (uint64_t)ret | (uint64_t)ret_payload[0] << 32U,
- (uint64_t)ret_payload[1] | (uint64_t)ret_payload[2] << 32U);
+ SMC_RET2(handle, ((uint64_t)ret | ((uint64_t)ret_payload[0] << 32U)),
+ ((uint64_t)ret_payload[1] | ((uint64_t)ret_payload[2] << 32U)));
}
case PM_FEATURE_CHECK:
{
- uint32_t version = 0;
+ uint32_t version_type = 0;
uint32_t bit_mask[2] = {0};
- ret = pm_feature_check(pm_arg[0], &version, bit_mask,
+ ret = pm_feature_check(pm_arg[0], &version_type, bit_mask,
ARRAY_SIZE(bit_mask));
- SMC_RET2(handle, (uint64_t)ret | ((uint64_t)version << 32U),
- (uint64_t)bit_mask[0] | ((uint64_t)bit_mask[1] << 32U));
+ SMC_RET2(handle, ((uint64_t)ret | ((uint64_t)version_type << 32U)),
+ ((uint64_t)bit_mask[0] | ((uint64_t)bit_mask[1] << 32U)));
}
default:
@@ -570,7 +571,7 @@
pm_arg[2], pm_arg[3], pm_arg[4]);
ret = pm_ipi_send_sync(primary_proc, payload, result,
RET_PAYLOAD_ARG_CNT);
- SMC_RET2(handle, (uint64_t)ret | ((uint64_t)result[0] << 32U),
- (uint64_t)result[1] | ((uint64_t)result[2] << 32U));
+ SMC_RET2(handle, ((uint64_t)ret | ((uint64_t)result[0] << 32U)),
+ ((uint64_t)result[1] | ((uint64_t)result[2] << 32U)));
}
}
diff --git a/plat/xilinx/zynqmp/sip_svc_setup.c b/plat/xilinx/zynqmp/sip_svc_setup.c
index f5990ca..1baefb3 100644
--- a/plat/xilinx/zynqmp/sip_svc_setup.c
+++ b/plat/xilinx/zynqmp/sip_svc_setup.c
@@ -81,7 +81,7 @@
VERBOSE("SMCID: 0x%08x, x1: 0x%016" PRIx64 ", x2: 0x%016" PRIx64 ", x3: 0x%016" PRIx64 ", x4: 0x%016" PRIx64 "\n",
smc_fid, x1, x2, x3, x4);
- if (smc_fid & SIP_FID_MASK) {
+ if ((smc_fid & (uint32_t)SIP_FID_MASK) != 0U) {
WARN("SMC out of SiP assinged range: 0x%x\n", smc_fid);
SMC_RET1(handle, SMC_UNK);
}