Age | Commit message (Collapse) | Author |
|
Add ability to get timer value in micro- and milliseconds.
Change-Id: I864619c23fe8a2a01cef86795e39d1b0bfd2e3d3
Signed-off-by: Victor Axelrod <victora@marvell.com>
Signed-off-by: Ofir Fedida <ofedida@marvell.com>
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Reviewed-on: http://vgitil04.il.marvell.com:8080/37913
Reviewed-by: Haim Boot <hayim@marvell.com>
|
|
Currently the GICv3 driver mandates that platform populate
both G1S and G0 interrupts. However, it is possible that a
given platform is not interested in both the groups and
just needs to specify either one of them.
This patch modifies the `gicv3_rdistif_init()` & `gicv3_distif_init()`
functions to allow either G1S or G0 interrupts to be configured.
Fixes ARM-software/tf-issues#400
Change-Id: I43572b0e08ae30bed5af9334f25d35bf439b0d2b
|
|
Introduce AArch32 support for PSCI library
|
|
gicv3: disable Group1 NonSecure interrupts during core powerdown
|
|
emmc: support CMD23
|
|
Support CMD23. When CMD23 is used, CMD12 could be avoided.
Two scenarios:
1. CMD17 for single block, CMD18 + CMD12 for multiple blocks.
2. CMD23 + CMD18 for both single block and multiple blocks.
The emmc_init() should initialize whether CMD23 is supported
or not.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
|
|
As per the GICv3 specification, to power down a processor using GICv3
and allow automatic power-on if an interrupt must be sent to a processor,
software must set Enable to zero for all interrupt groups(by writing to
GICC_CTLR or ICC_IGRPEN{0,1}_EL1/3 as appropriate.
Also, NonSecure EL1 software may not be aware of the CPU power state
details and fail to choose right states that require quiescing the CPU
interface. So it's preferred that the PSCI implementation handles it as
it is fully aware of the CPU power states.
This patch adds disabling of Group1 NonSecure interrupts during processor
power down along with Group0 and Group1 Secure interrupts so that all the
interrupt groups are handled at once as per specification.
Change-Id: Ib564d773c9c4c41f2ca9471451c030e3de75e641
|
|
This patch adds console drivers including the pl011 driver
for the AArch32 mode.
Change-Id: Ifd22520d370fca3e73dbbf6f2d97d6aee65b67dd
|
|
This patch modifies GICv3 and TZC drivers to add AArch32 support.
No modifications are required for the GICv2 driver for AArch32 support.
The TZC driver assumes that the secure world is running in Little-Endian
mode to do 64 bit manipulations. Assertions are present to validate the
assumption.
Note: The legacy GICv3 driver is not supported for AArch32.
Change-Id: Id1bc75a9f5dafb9715c9500ca77b4606eb1e2458
|
|
This patch moves the various assembly console drivers
into `aarch64` architecture specific folder. Stub files,
which include files from new location, are retained at the
original location for platform compatibility reasons.
Change-Id: I0069b6c1c0489ca47f5204d4e26e3bc3def533a8
|
|
If buffer address parameter isn't aligned, it may cause
DMA issue in block device driver, as eMMC. Now check the buffer
address. If it's not aligned, use temporary buffer in io block
driver instead.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
|
|
This patch fixes the offset of GICD_IROUTER register defined in gicv3.h.
Although the GICv3 documention mentions that the offset for this register
is 0x6100-0x7FD8, the offset calculation for an interrupt id `n` is :
0x6000 + 8n, where n >= 32
This requires the offset for GICD_IROUTER to be defined as 0x6000.
Fixes ARM-software/tf-issues#410
Change-Id: If9e91e30d946afe7f1f60fea4f065c7567093fa8
|
|
This patch reworks type usage in generic code, drivers and ARM platform files
to make it more portable. The major changes done with respect to
type usage are as listed below:
* Use uintptr_t for storing address instead of uint64_t or unsigned long.
* Review usage of unsigned long as it can no longer be assumed to be 64 bit.
* Use u_register_t for register values whose width varies depending on
whether AArch64 or AArch32.
* Use generic C types where-ever possible.
In addition to the above changes, this patch also modifies format specifiers
in print invocations so that they are AArch64/AArch32 agnostic. Only files
related to upcoming feature development have been reworked.
Change-Id: I9f8c78347c5a52ba7027ff389791f1dad63ee5f8
|
|
The legacy GIC driver assumes that the SGIs and PPIs are Group0 during
initialization. This is true if the driver is the first one to initialize
the GIC hardware after reset. But in some cases, earlier BL stages could
have already initialized the GIC hardware which means that SGI and PPI
configuration are not the expected reset values causing assertion failure
in `gicd_set_ipriorityr()`. This patch explicitly resets the SGI and PPI
to Group0 prior to their initialization in the driver. The same patch is
not done in the GICv2-only driver because unlike in the legacy driver,
`gicd_set_ipriorityr()` of GICv2 driver doesn't enforce this policy and
the appropriate group is set irrespective of the initial value.
Fixes ARM-software/tf-issues#396
Change-Id: I521d35caa37470ce542c796c2ba99716e4763105
|
|
Bring IO storage dummy driver
|
|
A production ROM with TBB enabled must have the ability to boot test software
before a real ROTPK is deployed (e.g. manufacturing mode). Previously the
function plat_get_rotpk_info() must return a valid ROTPK for TBB to succeed.
This patch adds an additional bit `ROTPK_NOT_DEPLOYED` in the output `flags`
parameter from plat_get_rotpk_info(). If this bit is set, then the ROTPK
in certificate is used without verifying against the platform value.
Fixes ARM-software/tf-issues#381
Change-Id: Icbbffab6bff8ed76b72431ee21337f550d8fdbbb
|
|
rockchip/rk3399: Support the gpio driver and configure
|
|
On some platform gpio can set/get pull status when input, add these
function so we can set/get gpio pull status when need it. And they are
optional function.
|
|
This patch adds the API `ccn_get_part0_id` to query the PART0 ID from the
PERIPHERAL_ID 0 register in the CCN driver. This ID allows to distinguish
the variant of CCN present on the system and possibly enable dynamic
configuration of the IP based on the variant. Also added an assert in
`ccn_master_to_rn_id_map()` to ensure that the master map bitfield provided
by the platform is within the expected interface id.
Change-Id: I92d2db7bd93a9be8a7fbe72a522cbcba0aba2d0e
|
|
Add delay timer implementation based on the system generic counter.
This either uses the platform's implementation of
`plat_get_syscnt_freq()` or explicit clock multiplier/divider values
provided by the platform.
The current implementation of udelay has been modified to avoid
unnecessary calculations while waiting on the loop and to make it
easier to check for overflows.
Change-Id: I9062e1d506dc2f68367fd9289250b93444721732
|
|
Allow to handle cases where some images are pre-loaded (by debugger for
instance) without introducing many switches in files calling load_* functions.
Fixes: arm-software/tf-issues#398
Signed-off-by: Gerald Lejeune <gerald.lejeune@st.com>
|
|
In a lot of embedded platforms, eMMC device is the only one storage
device. So loading content from eMMC device is required in ATF.
Create the emmc stack that could co-work with IO block driver.
Support to read/write/erase eMMC blocks on both rpmb and normal
user area. Support to change the IO speed and bus width.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
|
|
FIP is accessed as memory-mapped type. eMMC is block device type.
In order to support FIP based on eMMC, add the new io_block layer.
io_block always access eMMC device as block size. And it'll only
copy the required data into buffer in io_block driver. So preparing
an temporary buffer is required.
When use io_block device, MAX_IO_BLOCK_DEVICES should be declared
in platform_def.h. It's used to support multiple block devices.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
|
|
Currently the `tzc400_configure_region` and `tzc_dmc500_configure_region`
functions uses uintptr_t as the data type for `region_top` and `region_base`
variables, which will be converted to 32/64 bits for AArch32/AArch64
respectively. But the expectation is to keep these addresses at least 64 bit.
This patch modifies the data types to make it at least 64 bit by using
unsigned long long instead of uintptr_t for the `region_top` and
`region_base` variables. It also modifies the associated macros
`_tzc##fn_name##_write_region_xxx` accordingly.
Change-Id: I4e3c6a8a39ad04205cf0f3bda336c3970b15a28b
|
|
Support for Xilinx Zynq UltraScale+ MPSoC
|
|
Refactor the TZC driver and add DMC-500 driver
|
|
Add a driver for the Cadence UART which is found in Xilinx Zynq SOCs.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
|
|
The ARM CoreLink DMC-500 Dynamic Memory Controller provides the
programmable address region control of a TrustZone Address Space
Controller. The access permissions can be defined for eight
separate address regions plus a background or default region.
This patch adds a DMC-500 driver to define address regions and
program their access permissions as per ARM 100131_0000_02_en
(r0p0) document.
Change-Id: I9d33120f9480d742bcf7937e4b876f9d40c727e6
|
|
TrustZone protection can be programmed by both memory and TrustZone
address space controllers like DMC-500 and TZC-400. These peripherals
share a similar programmer's view.
Furthermore, it is possible to have multiple instances of each type of
peripheral in a system resulting in multiple programmer's views.
For example, on the TZC-400 each of the 4 filter units can be enabled
or disabled for each region. There is a single set of registers to
program the region attributes. On the DMC-500, each filter unit has its
own programmer's view resulting in multiple sets of registers to program
the region attributes. The layout of the registers is almost the same
across all these variations.
Hence the existing driver in `tzc400\tzc400.c` is refactored into the
new driver in `tzc\tzc400.c`. The previous driver file is still maintained
for compatibility and it is now deprecated.
Change-Id: Ieabd0528e244582875bc7e65029a00517671216d
|
|
This patch adds support for non-volatile counter authentication to
the Authentication Module. This method consists of matching the
counter values provided in the certificates with the ones stored
in the platform. If the value from the certificate is lower than
the platform, the boot process is aborted. This mechanism protects
the system against rollback.
The TBBR CoT has been updated to include this method as part of the
authentication process. Two counters are used: one for the trusted
world images and another for the non trusted world images.
** NEW PLATFORM APIs (mandatory when TBB is enabled) **
int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr);
This API returns the non-volatile counter value stored
in the platform. The cookie in the first argument may be
used to select the counter in case the platform provides
more than one (i.e. TBSA compliant platforms must provide
trusted and non-trusted counters). This cookie is specified
in the CoT.
int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr);
This API sets a new counter value. The cookie may be
used to select the counter to be updated.
An implementation of these new APIs for ARM platforms is also
provided. The values are obtained from the Trusted Non-Volatile
Counters peripheral. The cookie is used to pass the extension OID.
This OID may be interpreted by the platform to know which counter
must return. On Juno, The trusted and non-trusted counter values
have been tied to 31 and 223, respectively, and cannot be modified.
** IMPORTANT **
THIS PATCH BREAKS THE BUILD WHEN TRUSTED_BOARD_BOOT IS ENABLED. THE
NEW PLATFORM APIs INTRODUCED IN THIS PATCH MUST BE IMPLEMENTED IN
ORDER TO SUCCESSFULLY BUILD TF.
Change-Id: Ic943b76b25f2a37f490eaaab6d87b4a8b3cbc89a
|
|
Hence memmap device can be used to load an image without being wrapped in a
FIP.
Fixes arm-software/tf-issues#371
Signed-off-by: Gerald Lejeune <gerald.lejeune@st.com>
|
|
Fix potential deadlock in PL011 init function
|
|
The PL011 initialization function disables the UART, flushes the FIFO
and waits for the current character to be transmitted before applying
the configuration and enabling the UART. This waiting might result in
a deadlock if the FIFO is disabled while another CPU is printing a
message since the flush of FIFO will never finish.
This patch fixes the problem by removing the flush operation and the
loop for last character completion from the initialization function.
The UART is disabled, configured and enabled again.
Change-Id: I1ca0b6bd9f352c12856f10f174a9f6eaca3ab4ea
|
|
Pl061 gpio v5
|
|
This patch adds support for the `%p` format specifier in tf_printf()
following the example of the printf implementation of the stdlib used
in the trusted firmware.
Fixes ARM-software/tf-issues#292
Change-Id: I0b3230c783f735d3e039be25a9405f00023420da
|
|
Add PL061 GPIO driver that is depend on gpio framework.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
|
|
Define the gpio ops in gpio driver.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
|
|
Fix IPRIORITY and ITARGET accessors in GIC drivers
|
|
This patch moves the private GIC common accessors from `gic_common.h` to
a new private header file `gic_common_private.h`. This patch also adds
additional comments to GIC register accessors to highlight the fact
that some of them access register values that correspond to multiple
interrupt IDs. The convention used is that the `set`, `get` and `clr`
accessors access and modify the values corresponding to a single interrupt
ID whereas the `read` and `write` GIC register accessors access the raw
GIC registers and it could correspond to multiple interrupt IDs depending
on the register accessed.
Change-Id: I2643ecb2533f01e3d3219fcedfb5f80c120622f9
|
|
The code to set the interrupt priority for secure interrupts in the
new GICv2 and GICv3 drivers is incorrect. The setup code to configure
interrupt priorities of secure interrupts, one interrupt at a time, used
gicd_write_ipriorityr()/gicr_write_ipriority() function affecting
4 interrupts at a time. This bug did not manifest itself because all the
secure interrupts were configured to the highest secure priority(0) during
cold boot and the adjacent non secure interrupt priority would be configured
later by the normal world. This patch introduces new accessors,
gicd_set_ipriorityr() and gicr_set_ipriorityr(), for configuring priority
one interrupt at a time and fixes the the setup code to use the new
accessors.
Fixes ARM-software/tf-issues#344
Change-Id: I470fd74d2b7fce7058b55d83f604be05a27e1341
|
|
GICD_IPRIORITYR and GICD_ITARGETSR specifically support byte addressing
so that individual interrupt priorities can be atomically updated by
issuing a single byte write. The previous implementation of
gicd_set_ipriority() and gicd_set_itargetsr() used 32-bit register
accesses, modifying values for 4 interrupts at a time, using a
read-modify-write approach. This potentially may cause concurrent changes
by other CPUs to the adjacent interrupts to be corrupted. This patch fixes
the issue by modifying these accessors to use byte addressing.
Fixes ARM-software/tf-issues#343
Change-Id: Iec28b5f5074045b00dfb8d5f5339b685f9425915
|
|
Currently, `ccn_snoop_dvm_domain_common()` is responsible for providing
a bitmap of HN-F and HN-I nodes in the interconnect. There is a request
node (RN) corresponding to the master interface (e.g. cluster) that needs
to be added or removed from the snoop/DVM domain. This request node is
removed from or added to each HN-F or HN-I node present in the bitmap
depending upon the type of domain.
The above logic is incorrect when participation of a master interface in
the DVM domain has to be managed. The request node should be removed
from or added to the single Miscellaneous Node (MN) in the system
instead of each HN-I node.
This patch fixes this by removing the intermediate
`ccn_snoop_dvm_domain_common()` and instead reads the MN registers to
get the needed node Id bitmap for snoop(HN-F bitmap) and DVM(MN bitmap)
domains.
Additionally, it renames `MN_DDC_SET_OFF` to `MN_DDC_SET_OFFSET` to
be inline with other macros.
Change-Id: Id896046dd0ccc5092419e74f8ac85e31b104f7a4
|
|
Disable PL011 UART before configuring it
|
|
The PL011 TRM (ARM DDI 0183G) specifies that the UART must be
disabled before any of the control registers are programmed. The
PL011 driver included in TF does not disable the UART, so the
initialization in BL2 and BL31 is violating this requirement
(and potentially in BL1 if the UART is enabled after reset).
This patch modifies the initialization function in the PL011
console driver to disable the UART before programming the
control registers.
Register clobber list and documentation updated.
Fixes ARM-software/tf-issues#300
Change-Id: I839b2d681d48b03f821ac53663a6a78e8b30a1a1
|
|
Migrate all direct usage of __attribute__ to usage of their
corresponding macros from cdefs.h.
e.g.:
- __attribute__((unused)) -> __unused
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
|
|
Always build with '-pedantic'
|
|
By default ARM TF is built with the '-pedantic' compiler flag, which
helps detecting violations of the C standard. However, the mbed TLS
library and its associated authentication module in TF used to fail
building with this compiler flag. As a workaround, the mbed TLS
authentication module makefile used to set the 'DISABLE_PEDANTIC'
TF build flag.
The compiler errors flagged by '-pedantic' in the mbed TLS library
have been fixed between versions 1.3.9 and 2.2.0 and the library now
properly builds with this compiler flag.
This patch fixes the remaining compiler errors in the mbed TLS
authentication module in TF and unsets the 'DISABLE_PEDANTIC' TF
build flag. This means that TF is now always built with '-pedantic'.
In particular, this patch:
* Removes the final semi-colon in REGISTER_COT() macro.
This semi-colon was causing the following error message:
drivers/auth/tbbr/tbbr_cot.c:544:23: error: ISO C does not allow
extra ';' outside of a function [-Werror=pedantic]
This has been fixed both in the mbed TLS authentication module
as well as in the certificate generation tool. Note that the latter
code didn't need fixing since it is not built with '-pedantic' but
the change has been propagated for consistency.
Also fixed the REGISTER_KEYS() and REGISTER_EXTENSIONS() macros,
which were suffering from the same issue.
* Fixes a pointer type.
It was causing the following error message:
drivers/auth/mbedtls/mbedtls_crypto.c: In function 'verify_hash':
drivers/auth/mbedtls/mbedtls_crypto.c:177:42: error: pointer of
type 'void *' used in arithmetic [-Werror=pointer-arith]
Change-Id: I7b7a04ef711efd65e17b5be26990d1a0d940257d
|
|
The 'ret' was missing in console_uninit() implementation, so the
program doesn't return from console_uninit(). Instead, it keeps
executing the following instructions which is not expected.
Change-Id: I810684f37f61c41c6f95a3bb36914d0765da8571
Signed-off-by: Jimmy Huang <jimmy.huang@mediatek.com>
|
|
This patch replaces all references to the SCP Firmware (BL0, BL30,
BL3-0, bl30) with the image terminology detailed in the TF wiki
(https://github.com/ARM-software/arm-trusted-firmware/wiki):
BL0 --> SCP_BL1
BL30, BL3-0 --> SCP_BL2
bl30 --> scp_bl2
This change affects code, documentation, build system, tools and
platform ports that load SCP firmware. ARM plaforms have been
updated to the new porting API.
IMPORTANT: build option to specify the SCP FW image has changed:
BL30 --> SCP_BL2
IMPORTANT: This patch breaks compatibility for platforms that use BL2
to load SCP firmware. Affected platforms must be updated as follows:
BL30_IMAGE_ID --> SCP_BL2_IMAGE_ID
BL30_BASE --> SCP_BL2_BASE
bl2_plat_get_bl30_meminfo() --> bl2_plat_get_scp_bl2_meminfo()
bl2_plat_handle_bl30() --> bl2_plat_handle_scp_bl2()
Change-Id: I24c4c1a4f0e4b9f17c9e4929da815c4069549e58
|
|
This patch applies the TBBR naming convention to the certificates
and the corresponding extensions defined by the CoT:
* Certificate UUID names
* Certificate identifier names
* OID names
Changes apply to:
* Generic code (variables and defines)
* The default certificate identifiers provided in the generic
code
* Build system
* ARM platforms port
* cert_create tool internal definitions
* fip_create and cert_create tools command line options
* Documentation
IMPORTANT: this change breaks the compatibility with platforms
that use TBBR. The platform will need to adapt the identifiers
and OIDs to the TBBR naming convention introduced by this patch:
Certificate UUIDs:
UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT --> UUID_TRUSTED_BOOT_FW_CERT
UUID_SCP_FIRMWARE_BL30_KEY_CERT --> UUID_SCP_FW_KEY_CERT
UUID_SCP_FIRMWARE_BL30_CERT --> UUID_SCP_FW_CONTENT_CERT
UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT --> UUID_SOC_FW_KEY_CERT
UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT --> UUID_SOC_FW_CONTENT_CERT
UUID_SECURE_PAYLOAD_BL32_KEY_CERT --> UUID_TRUSTED_OS_FW_KEY_CERT
UUID_SECURE_PAYLOAD_BL32_CERT --> UUID_TRUSTED_OS_FW_CONTENT_CERT
UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT --> UUID_NON_TRUSTED_FW_KEY_CERT
UUID_NON_TRUSTED_FIRMWARE_BL33_CERT --> UUID_NON_TRUSTED_FW_CONTENT_CERT
Certificate identifiers:
BL2_CERT_ID --> TRUSTED_BOOT_FW_CERT_ID
BL30_KEY_CERT_ID --> SCP_FW_KEY_CERT_ID
BL30_CERT_ID --> SCP_FW_CONTENT_CERT_ID
BL31_KEY_CERT_ID --> SOC_FW_KEY_CERT_ID
BL31_CERT_ID --> SOC_FW_CONTENT_CERT_ID
BL32_KEY_CERT_ID --> TRUSTED_OS_FW_KEY_CERT_ID
BL32_CERT_ID --> TRUSTED_OS_FW_CONTENT_CERT_ID
BL33_KEY_CERT_ID --> NON_TRUSTED_FW_KEY_CERT_ID
BL33_CERT_ID --> NON_TRUSTED_FW_CONTENT_CERT_ID
OIDs:
TZ_FW_NVCOUNTER_OID --> TRUSTED_FW_NVCOUNTER_OID
NTZ_FW_NVCOUNTER_OID --> NON_TRUSTED_FW_NVCOUNTER_OID
BL2_HASH_OID --> TRUSTED_BOOT_FW_HASH_OID
TZ_WORLD_PK_OID --> TRUSTED_WORLD_PK_OID
NTZ_WORLD_PK_OID --> NON_TRUSTED_WORLD_PK_OID
BL30_CONTENT_CERT_PK_OID --> SCP_FW_CONTENT_CERT_PK_OID
BL30_HASH_OID --> SCP_FW_HASH_OID
BL31_CONTENT_CERT_PK_OID --> SOC_FW_CONTENT_CERT_PK_OID
BL31_HASH_OID --> SOC_AP_FW_HASH_OID
BL32_CONTENT_CERT_PK_OID --> TRUSTED_OS_FW_CONTENT_CERT_PK_OID
BL32_HASH_OID --> TRUSTED_OS_FW_HASH_OID
BL33_CONTENT_CERT_PK_OID --> NON_TRUSTED_FW_CONTENT_CERT_PK_OID
BL33_HASH_OID --> NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID
BL2U_HASH_OID --> AP_FWU_CFG_HASH_OID
SCP_BL2U_HASH_OID --> SCP_FWU_CFG_HASH_OID
NS_BL2U_HASH_OID --> FWU_HASH_OID
Change-Id: I1e047ae046299ca913911c39ac3a6e123bd41079
|