Age | Commit message (Collapse) | Author |
|
|
|
* changes:
spm-mm: Rename aarch64 assembly files
spm-mm: Rename source files
spm-mm: Rename spm_shim_private.h
spm-mm: Rename spm_private.h
spm-mm: Rename component makefile
spm-mm: Remove mm_svc.h header
spm-mm: Refactor spm_svc.h and its contents
spm-mm: Refactor secure_partition.h and its contents
spm: Remove SPM Alpha 1 prototype and support files
Remove dependency between SPM_MM and ENABLE_SPM build flags
|
|
Change-Id: I2bab67f319758dd033aa689d985227cad796cdea
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
|
|
Change-Id: I851be04fc5de8a95ea11270996f8ca33f0fccadb
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
|
|
Change-Id: I575188885ebed8c5f0682ac6e0e7dd159155727f
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
|
|
Change-Id: Ie47009158032c2e8f35febd7bf5458156f334ead
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
|
|
Change-Id: Idcd2a35cd2b30d77a7ca031f7e0172814bdb8cab
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
|
|
The contents of this header have been merged into the spm_mm_svc.h
header file.
Change-Id: I01530b2e4ec1b4c091ce339758025e2216e740a4
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
|
|
Change-Id: I91c192924433226b54d33e57d56d146c1c6df81b
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
|
|
Before adding any new SPM-related components we should first do
some cleanup around the existing SPM-MM implementation. The aim
is to make sure that any SPM-MM components have names that clearly
indicate that they are MM-related. Otherwise, when adding new SPM
code, it could quickly become confusing as it would be unclear to
which component the code belongs.
The secure_partition.h header is a clear example of this, as the
name is generic so it could easily apply to any SPM-related code,
when it is in fact SPM-MM specific.
This patch renames the file and the two structures defined within
it, and then modifies any references in files that use the header.
Change-Id: I44bd95fab774c358178b3e81262a16da500fda26
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
|
|
The Secure Partition Manager (SPM) prototype implementation is
being removed. This is preparatory work for putting in place a
dispatcher component that, in turn, enables partition managers
at S-EL2 / S-EL1.
This patch removes:
- The core service files (std_svc/spm)
- The Resource Descriptor headers (include/services)
- SPRT protocol support and service definitions
- SPCI protocol support and service definitions
Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
|
|
There are two different implementations of Secure Partition
management in TF-A. One is based on the "Management Mode" (MM)
design, the other is based on the Secure Partition Client Interface
(SPCI) specification. Currently there is a dependency between their
build flags that shouldn't exist, making further development
harder than it should be. This patch removes that
dependency, making the two flags function independently.
Before: ENABLE_SPM=1 is required for using either implementation.
By default, the SPCI-based implementation is enabled and
this is overridden if SPM_MM=1.
After: ENABLE_SPM=1 enables the SPCI-based implementation.
SPM_MM=1 enables the MM-based implementation.
The two build flags are mutually exclusive.
Note that the name of the ENABLE_SPM flag remains a bit
ambiguous - this will be improved in a subsequent patch. For this
patch the intention was to leave the name as-is so that it is
easier to track the changes that were made.
Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
|
|
* changes:
pmf: Make the runtime instrumentation work on AArch32
SiP: Don't validate entrypoint if state switch is impossible
|
|
* changes:
Tegra: prepare boot parameters for Trusty
Tegra: per-CPU GIC CPU interface init
|
|
* changes:
intel: Fix SMC SIP service
intel: Introduce mailbox response length handling
intel: Fix mailbox config return status
intel: Mailbox driver logic fixes
plat: intel: Fix FPGA manager on reconfiguration
plat: intel: Fix mailbox send_cmd issue
intel: Modify mailbox's get_config_status
|
|
|
|
integration
|
|
This patch fixes the bug in BL2 dynamic configuration initialisation
which prevents loading NT_FW_CONFIG image (ref. GENFW-3471).
It also adds parentheses around 'if' statement conditions to fix
Coverity defect.
Change-Id: I353566c29b84341887e13bf8098a4fedfc4e00ff
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
|
|
|
|
|
|
Same enable method is used by all the four cores. So,
make it globally for all the cores instead of adding
it to individual level.
Change-Id: I9b5728b0e0545c9e27160ea586009d929eb78cad
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
|
|
This change is to add L2 cache node into a5ds device tree.
Change-Id: I64b4b3e839c3ee565abbcd1567d1aa358c32d947
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
|
|
integration
|
|
This patch saves the boot parameters provided by the previous bootloader
during cold boot and passes them to Trusty. Commit 06ff251ec introduced
the plat_trusty_set_boot_args() handler, but did not consider the boot
parameters passed by the previous bootloader. This patch fixes that
anomaly.
Change-Id: Ib40dcd02b67c94cea5cefce09edb0be4a998db37
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
|
|
into integration
|
|
* changes:
intel: stratix10: Modify BL31 parameter handling
intel: Modify BL31 address mapping
intel: stratix10: Enable uboot entrypoint support
|
|
integration
|
|
EA handlers for exceptions taken from lower ELs at the end invokes
el3_exit function. However there was a bug with sp maintenance which
resulted in el3_exit setting runtime stack to context. This in turn
caused memory corruption on consecutive EL3 entries.
Signed-off-by: Jan Dabros <jsd@semihalf.com>
Change-Id: I0424245c27c369c864506f4baa719968890ce659
|
|
This patch enables per-CPU GIC CPU interfaces during CPU
power on. The previous code initialized the distributor
for all CPUs, which was not required.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ifd957b2367da06405b4c3e2225411adbaec35bb8
|
|
* changes:
allwinner: h6: power: Switch to using the AXP driver
drivers: allwinner: axp: Add AXP805 support
|
|
|
|
integration
|
|
integration
|
|
Ported the pmf asm macros and the asm code in the bl31 entrypoint
necessary for the instrumentation to AArch32.
Since smc dispatch is handled by the bl32 payload on AArch32, we
provide this service only if AARCH32_SP=sp_min is set.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Change-Id: Id33b7e9762ae86a4f4b40d7f1b37a90e5130c8ac
|
|
Switching execution states is only possible if EL3 is AArch64.
As such there is no need to validate the entrypoint on AArch32 builds.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Change-Id: I3c1eb25b5df296a492870641d274bf65213c6608
|
|
Fix FPGA reconfiguration driver logic
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I0299c1a71f3456e9b441340314662494b8d3e4a0
|
|
Mailbox driver now handles variable response length
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ic96854fdaadaf48379c5de688392df974e1c99c3
|
|
Modify mailbox config return code to improve debugging.
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I0a223291f4c5296203b3295a679a5857a446c692
|
|
Fix mailbox driver urgent command handling, doorbell routine,
and logic optimization.
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: If536a383f449ca2a68d60274303ec24f92411505
|
|
Fixes the SiP Service driver that is responsible for FPGA
reconfiguration. Also change the base address of FPGA reconfiguration
to 0x400000.
Signed-off-by: Tien Hock, Loh <tien.hock.loh@intel.com>
Change-Id: I2b84c12c85cd5fc235247131fec4916ed2fb56c8
|
|
There are a few issues in mailbox that needs to be fixed.
- Send doorbell after an indirect cmd
- Do not ring doorbell when polling mailbox response as it should've been
sent by send_cmd
- remove unneeded cmd_free_offset check
- Fix mailbox initialization
- Fix get_config_status returning a wrong status when the status is busy
- Add command length in mailbox command header
Signed-off-by: Tien Hock, Loh <tien.hock.loh@intel.com>
Change-Id: If613e2ca889a540a616c62d69ad0086a7cd46536
|
|
The 9p interface provides abstraction layers allowing the software
that uses devices to be independent from the hardware.
This patch provides a file system abstraction to link drivers to their
devices and propose a common interface to expose driver operations to
higher layers. This file system can be used to access and configure a
device by doing read/write operations.
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ia9662393baf489855dc0c8f389fe4a0afbc9c255
|
|
* changes:
rockchip: make miniloader ddr_parameter handling optional
rockchip: px30: cleanup securing of ddr regions
rockchip: px30: move secure init to separate file
rockchip: really use base+size for secure ddr regions
rockchip: bring TZRAM_SIZE values in line
|
|
* changes:
allwinner: Convert AXP803 regulator setup code into a driver
allwinner: a64: power: Use fdt_for_each_subnode
allwinner: a64: power: Remove obsolete register check
allwinner: a64: power: Remove duplicate DT check
allwinner: Build PMIC bus drivers only in BL31
allwinner: a64: power: Make sunxi_turn_off_soc static
allwinner: Merge duplicate code in sunxi_power_down
allwinner: Clean up PMIC-related error handling
allwinner: Synchronize PMIC enumerations
allwinner: Enable clock before resetting I2C/RSB
|
|
Transfering the regions of ddr memory to additionally protect is very much
specific to some rockchip internal first stage bootloader and doesn't get
used in either mainline uboot or even Rockchip's published vendor uboot
sources.
This results in a big error
ERROR: over or zero region, nr=0, max=10
getting emitted on every boot for most users and such a message coming
from early firmware might actually confuse developers working with the
system.
As this mechanism seems to be only be used by Rockchip's internal miniloader
hide it behind a build conditional, so it doesn't confuse people too much.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Change-Id: I52c02decc60fd431ea78c7486cad5bac82bdbfbe
|
|
So far the px30-related ddr security was loading data for regions to secure
from a pre-specified memory location and also setting region0 to secure
the first megabyte of memory in hard-coded setting (top=0, end=0, meaning
1MB).
To make things more explicit and easier to read add a function doing
the settings for specified memory areas, like other socs have and also
add an assert to make sure any descriptor read from memory does not
overlap the TZRAM security in region0 and TEE security in region1.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Change-Id: I78441875112bf66a62fde5f1789f4e52a78ef95f
|
|
Similar to others like rk3399 and rk3288 move the secure init to a
separate file to unclutter the soc init a bit.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Change-Id: Iebb38e24f1c7fe5353f139c896fb8ca769bf9691
|
|
|
|
Sphinx was showing the following warning message:
docs/getting_started/build-options.rst:200: WARNING: Bullet list ends
without a blank line; unexpected unindent.
Change-Id: Iad5d49c1e0d25dd623ad15bce1af31babf860c03
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
|
|
|