Age | Commit message (Collapse) | Author |
|
integration
* changes:
feat(rpi): add Raspberry Pi 5 support
fix(rpi): consider MT when calculating core index from MPIDR
refactor(rpi): move register definitions out of rpi_hw.h
refactor(rpi): add platform macro for the crash UART base address
refactor(rpi): split out console registration logic
refactor(rpi): move more platform-specific code into common
|
|
If RSS Comms is used but PLAT_MHU_VERSION was undefined then it should
default to MHUv2 to avoid breaking existing configurations which did not
need to specify PLAT_MHU_VERSION as on MHUv2 was available.
Change-Id: I8353b49b9f61414a664c2802f90ba3b2bc526887
Signed-off-by: Joel Goddard <joel.goddard@arm.com>
|
|
* changes:
refactor(stm32mp1): move the MCU security to BL32
feat(st-clock): add function to control MCU subsystem
|
|
* changes:
feat(mhu): use compile flag to choose mhu version
feat(mhu): add MHUv3 wrapper APIs for RSS comm driver
feat(mhu): add MHUv3 doorbell driver
|
|
Change-Id: I3fc95e8e53ef487fd5a559cda739aaea33d765a9
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
|
|
Add a new function to control the MCU subsystem
security state.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I070eec06fc93a1214227f25a6a4f1c40c66c86b0
|
|
integration
|
|
Change list.entry_count to unsigned int to align with header.list_num,
removing the need for casting.
Change-Id: Id4259d9e841c8d34fe23fb74a7c627f2a643cbf2
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
|
|
Deprecation notice was sent to the community and no objection was
raised, so removing mbedtls 2.x support.
Change-Id: Id3eb98b55692df98aabe6a7c5a5ec910222c8abd
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
|
|
Change-Id: I2bd48441359468efb9e94fd2fffb079683f7a7fd
Signed-off-by: Mario Bălănică <mariobalanica02@gmail.com>
|
|
* changes:
feat(tc): group components into certificates
feat(dice): add cert_id argument to dpe_derive_context()
refactor(sds): modify log level for region validity
feat(tc): add dummy TRNG support to be able to boot pVMs
feat(tc): get the parent component provided DPE context_handle
feat(tc): share DPE context handle with child component
feat(tc): add DPE context handle node to device tree
feat(tc): add DPE backend to the measured boot framework
feat(auth): add explicit entries for key OIDs
feat(dice): add DPE driver to measured boot
feat(dice): add client API for DICE Protection Environment
feat(dice): add QCBOR library as a dependency of DPE
feat(dice): add typedefs from the Open DICE repo
docs(changelog): add 'dice' scope
refactor(tc): align image identifier string macros
refactor(fvp): align image identifier string macros
refactor(imx8m): align image identifier string macros
refactor(qemu): align image identifier string macros
fix(measured-boot): add missing image identifier string
refactor(measured-boot): move metadata size macros to a common header
refactor(measured-boot): move image identifier strings to a common header
|
|
|
|
MHUv3 and MHUv2 drivers can now be selected at build time by using
PLAT_MHU_VERSION.
Signed-off-by: Joel Goddard <joel.goddard@arm.com>
Change-Id: I24f9e05f7969ed3be8f3261fdfed881a4ad18ba4
|
|
RSS comm driver interfaces with MHUv3 driver through specific
API calls. Add APIs to support the interface.
Signed-off-by: Aziz IDOMAR <aziz.idomar@arm.com>
Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
Signed-off-by: Shriram K <shriram.k@arm.com>
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Signed-off-by: Joel Goddard <joel.goddard@arm.com>
Change-Id: I815d43ca548d3640fceb4c91fe3bbeec31687210
|
|
MHUv3 reworks parts of MHUv2 and introduces MHU extensions. There are
currently 3 extensions:
* Doorbell extension: which works like MHUv2
* FIFO extension: which uses a buffer for faster inband data transfer
* Fastchannel extension: for fast data transfer
Add MHUv3 driver with support for Doorbell extension for both postbox
sender MHUs and mailbox receiver MHUs.
Signed-off-by: Aziz IDOMAR <aziz.idomar@arm.com>
Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
Signed-off-by: Shriram K <shriram.k@arm.com>
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Signed-off-by: Joel Goddard <joel.goddard@arm.com>
Change-Id: Icf49df56f1159f4c9830e0ffcda5b3a4bea8d2fd
|
|
GIC600 erratum 2384374 is a Category B erratum. Part 1 is fixed
in this patch, and the Part 1 failure mode is described as
'If the packet to be sent is a SET packet, then a higher priority SET
may not be sent when it should be until an unblocking event occurs.'
This is handled by calling gicv3_apply_errata_wa_2384374() in the
ehf_deactivate_priority() path, so that when EHF restores the priority
to the original priority, the interrupt packet buffered
in the GIC can be sent.
gicv3_apply_errata_wa_2384374() is the workaround for
the Part 2 of erratum 2384374 which flush packets from the GIC buffer
and is being used in this patch.
SDEN can be found here:
https://developer.arm.com/documentation/sden892601/latest/
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I4bb6dcf86c94125cbc574e0dc5119abe43e84731
|
|
This custom argument is meant to simplify to group
components into certificates. Components with
the same cert_id contribute to the same certificate
regardless of the load order or the structure of the
derivation tree. This argument aims to flatten the tree
structure and make it easy to include branches or
subtrees in the main derivation line.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I83c4abc399616063a5eb04792d603899f7513627
|
|
Modify the log level from WARNING to VERBOSE for the SDS region
validity check. An invalid region causes the initialization step
to fail, but normally it's only a temporary condition as the
actual initialization of the region (such as adding a valid region
descriptor structure) can happen asynchronously in another system
component. The goal of this tiny modification is to avoid flooding
the log with this message when we're waiting in a loop for the
region initialization to happen.
Change-Id: I180e35e25df3f31bbc816e6421ded17ba6ae1d85
Signed-off-by: David Vincze <david.vincze@arm.com>
|
|
Each client who wants to communicate with the DPE service
must own a valid context handle issued by the DPE service.
A context handle can be used for a single time then it will
be invalidated by the DPE service. In case of calls from
the same component, the next valid context handle is
returned in the response to a DPE command. When a component
finishes their job then the next component in the boot flow
inherits its first context handle from its parent.
How the inheritance is done can be client or
platform-dependent. It can be shared through shared
memory or be part of a DTB object passed to the next
bootloader stage.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Change-Id: Ic82f074f1c5b15953e78f9fa5404ed7f48674cbb
|
|
To be allowed to communicate with DPE service all
components must own a valid context handle. The first
valid context handle is inherited from the parent
component via a DTB object.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Id357fab3586398b1933444e1d10d1ab6d8243ab9
|
|
Implement a DPE specific backend within the
generic measured boot framework.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ia3a0eac0ee6f7b4b337a93d08286613e7c8186b4
|
|
DPE commands are CBOR encoded. QCBOR library is used
in TF-A for CBOR encoding.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ifd01e1e6e1477cf991e765b97c446684fc6ef9b9
|
|
On STM32MP25, a new version of the SDMMC2 IP is embedded (v3.0).
The size of the FIFO is 1024 in this new IP version.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ie6b1fb215fc77b24b7c342d4cd69248a96039a4d
|
|
* changes:
style(fwu): change the metadata fields to align with specification
style(partition): use GUID values for GPT partition fields
feat(st): add logic to boot the platform from an alternate bank
feat(st): add a function to clear the FWU trial state counter
feat(fwu): add a function to obtain an alternate FWU bank to boot
feat(fwu): add some sanity checks for the FWU metadata
feat(fwu): modify the check for getting the FWU bank's state
feat(st): get the state of the active bank directly
feat(fwu): add a config flag for including image info in the FWU metadata
feat(fwu): migrate FWU metadata structure to version 2
feat(fwu): document the config flag for including image info in the FWU metadata
feat(fwu): update the URL links for the FWU specification
|
|
* changes:
feat(smmu): separate out smmuv3_security_init from smmuv3_init
feat(smmu): fix to perform INV_ALL before enabling GPC
|
|
* changes:
docs(maintainers): add the maintainers for imx8ulp
docs(imx8ulp): add imx8ulp platform
fix(imx8ulp): increase the mmap region num
feat(imx8ulp): adjust the dram mapped region
feat(imx8ulp): ddrc switch auto low power and software interface
feat(imx8ulp): add some delay before cmc1 access
feat(imx8ulp): add a flag check for the ddr status
fix(imx8ulp): add sw workaround for csi/hotplug test hang
feat(imx8ulp): adjust the voltage when sys dvfs enabled
feat(imx8ulp): enable the DDR frequency scaling support
fix(imx8ulp): fix suspend/resume issue when DBD owner is s400 only
feat(imx8ulp): update XRDC for ELE to access DDR with CA35 DID
feat(imx8ulp): add memory region policy
feat(imx8ulp): protect TEE region for secure access only
feat(imx8ulp): add trusty support
feat(imx8ulp): add OPTEE support
feat(imx8ulp): update the upower config for power optimization
feat(imx8ulp): allow RTD to reset APD through MU
feat(imx8ulp): not power off LPAV PD when LPAV owner is RTD
feat(imx8ulp): add system power off support
feat(imx8ulp): add APD power down mode(PD) support in system suspend
feat(imx8ulp): add the basic support for idle & system suspned
feat(imx8ulp): enable 512KB cache after resume on imx8ulp
feat(imx8ulp): add the initial XRDC support
feat(imx8ulp): allocated caam did for the non secure world
feat(imx8ulp): add i.MX8ULP basic support
build(changelog): add new scopes for nxp imx8ulp platform
feat(scmi): add scmi sensor support
|
|
The GPT partition uses GUID values for identification of partition
types and partitions. Change the relevant functions to use GUID values
instead of UUID's.
Change-Id: I30df66a8a02fb502e04b0285f34131b65977988e
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
|
Add a function fwu_get_alternate_boot_bank() to return a valid bank to
boot from. This function can be called by a platform to get an
alternate bank to try to boot the platform in the unlikely scenario of
the active bank being in an invalid state, or if the number of times
the platform boots in trial state exceeds a pre-set count.
Change-Id: I4bcd88e68e334c452882255bf028e01b090369d1
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
|
Add some sanity checks on the values read from the FWU metadata
structure. This ensures that values in the metadata structure are
inline with certain config symbol values.
Change-Id: Ic4415da9048ac3980f8f811ed7852beb90683f7d
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
|
The version 2 of the FWU metadata structure has a field bank_state in
the top level of the structure which can be used to check if a given
bank is in the either of Trial State, Accepted State, or in an Invalid
State. This is different from the binary states of Valid/Accepted
States that the bank could be in, as defined in the earlier version of
the specification.
Replace the fwu_is_trial_run_state() API with
fwu_get_active_bank_state() to get the state the current active bank
is in. The value returned by this API is then used by the caller to
take appropriate action.
Change-Id: I764f486840a3713bfe5f8e03d0634bfe09b23590
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
|
While loading partition entries, calculate CRC using tf_crc32() for each
entry to find the full CRC value of the partition entry array.
The start of the GPT partition entry array is located at the LBA
indicated by the partition entry array LBA field in the GPT header. The
size of the partition entry array is indicated by the size of partition
entry multiplied by the number of partition entries.
Compare the calculated CRC with the partition entry array CRC in the GPT
header, error out if the values do not match.
Change-Id: I4bfed8cf903125c1ef3fac2f0f4c0fb87d63aa78
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
|
|
Alter the function parameter to pass the full GPT header to be filled
instead of the starting LBA of the array of partion entries to
load_partition_gpt()
Change-Id: Ib3dde62d5b9996e74157714634bea748bd3b55aa
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
|
|
LF-4715-1 drivers: scmi-msg: add sensor support
Add scmi sensor support
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I810e270b138bf5486b32df121056bfa5103c129f
|
|
|
|
Split the smmuv3_init() to separate smmuv3_security_init() from it in
order to allow skipping the default deny policy on reset for certain
SMMUv3 implementations.
Additionally, fix a couple of MISRA warnings.
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: I2127943e709dd1ded34145bd022c930e351bbb4a
|
|
The SMMU_S_INIT register definition in the Arm SMMUv3 specification
says that if SMMUv3 has REALM_IMPL == 1 then it is root firmware’s
responsibility to write to INV_ALL before enabling granule protection
checks. So fix this flow during smmuv3 init.
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: Ied9325e1658950c04f06c62485eeab3f28ca1285
|
|
Use dedicated function to read device descriptor
Signed-off-by: Rohit Ner <rohitner@google.com>
Change-Id: Ifb90659db7789f33a2b7b01e6eab049395b7fc52
|
|
* changes:
docs: update FVP TC2 model version and build (11.23/17)
fix(tc): increase BL2 maximum size limit
refactor(tc): update platform tests
feat(rss): add defines for 'type' range and use them in psa_call()
feat(rss): adjust parameter packing to match TF-M changes
refactor(tc): remap console logs
|
|
Update the 'type' parameter checking according to changes
on RSS's (TF-M) side: 40b09ba1 [1]
[1]: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=40b09ba1e4a7a4f726f98700eab7e4e4d8e95dcf
Change-Id: I8487e8ab24aa2dd080b5bb8f2f5c7e8fc15cf211
Signed-off-by: David Vincze <david.vincze@arm.com>
|
|
Adjust the parameter packing scheme in RSS communication
to align with changes made in TF-M: 3be6c395 [1]
[1]: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=3be6c3954b94f000cdcf7575bd4c18f57b3492f8
Change-Id: Ief38f96ab991d1125b37adfced5ffafc39e754a0
Signed-off-by: David Vincze <david.vincze@arm.com>
|
|
Extend the SDS driver to be able to handle multiple
SDS regions:
- AP-SCP
- AP-RSS
Change-Id: Id303840b248c383b3f960227cbf6333d1cc75e65
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
|
|
utility" into integration
|
|
* changes:
fix(scmi): induce a delay in monitoring SCMI channel status
feat(css): initialise generic timer early in the boot
|
|
In gicv3_main.c the function is_sgi_ppi() returns true when its
sgi/ppi or false when the interrupt number matches an spi interrupt.
Introducing a new API is_valid_interrupt() which validates if
an interrupt number matches SGI/PPI or SPI as a valid interrupt,
any other interrupt number is considered invalid and panics.
Change-Id: Idce8f5432a94c8d300b9408cf5b2502c60e13318
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
|
|
Fix the wrong placement of the closing parenthesis in the second
condition check that resulted in the incorrect calculation of the MHU
message size. Also, format the code for readability.
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I0e012f3ff00bae2dfc12cdb1c2c636fc6c0a0b55
|
|
The function mhu_get_max_message_size() for MHUv2 should return only the
available memory for use after considering all the overheads for its own
use.
Signed-off-by: Sathyam Panda <sathyam.panda@arm.com>
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I14ad16e8f4b781e396bca6173077513db74157d5
|
|
Reading the SCMI mailbox status in polling mode causes a burst of bus
accesses. On certain platforms, this would not be ideal as the shared
bus on the CPU subsystem might cause contentions across all the CPUs.
So allow platforms to specify a delay to be introduced while polling.
Change-Id: Ib90ad7b5954854071cfd543f4a27a178dde3d5c6
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
|
|
* changes:
feat(stm32mp2): add BSEC and OTP support
feat(st-bsec): add driver for the new IP version BSEC3
|
|
|
|
This driver is used for the new version of the BSEC peripheral used
on STM32MP25.
Change-Id: I38ca0db22d06704769c994c6806ccd80b17dde6e
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
|