Age | Commit message (Collapse) | Author |
|
The code managing legacy boot (without FIP) that was under
STM32MP_USE_STM32IMAGE flag is remove.
Change-Id: I04452453ed84567b0de39e900594a81526562259
Signed-off-by: Yann Gautier <yann.gautier@st.com>
|
|
This driver manages the STM32 Random Number Generator
peripheral.
Change-Id: I4403ebb2dbdaa8df993a4413f1ef48eeba00427c
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
|
|
Add code to be able to use STMicroelectronics SAES IP. This driver
can manage many AES algorithms (CBC, ECB, CCM, GCM). It will be used
by the authenticated decryption framework (AES-GCM only).
Change-Id: Ibd4030719fb12877dcecd5d2c395d13b4b15c260
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
|
|
Add code to be able to use STMicroelectronics PKA peripheral
in the authentication framework.
Change-Id: Ifeafe84c68db483cd18674f2280576cc065f92ee
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
|
|
Introduce new flag to manage hardware version.
STM32MP15 currently uses the HASH_V2 and STM32MP13 uses the HASH_V4.
For STM32_HASH_V4: remove MD5 algorithm (no more supported) and
add SHA384 and SHA512.
For STM32_HASH_V2: no change.
Change-Id: I3a9ae9e38249a2421c657232cb0877004d04dae1
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
|
|
|
|
|
|
Reorganized a few Event Log functions into multiple functions so that
they can be used for the upcoming DRTM feature. This change mainly
implements below new functions -
1. event_log_buf_init - called by 'event_log_init' to initialise Event
Log buffer
2. event_log_write_specid_event - called by 'event_log_fixed_header' to
write specification id event to Event Log buffer
3. event_log_measure and event_log_record - called by
'event_log_measure_and_record' to measure and record the measurement
to the Event Log buffer
Change-Id: I1aabb57f79bead726fcf36d59839702cd6a3521d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
|
|
Added PCR entries for the measurement performed by the
DCE and D-CRTM in DRTM implementation
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: Ib9bfafe7fa2efa1cc36d7ff138468d648235dcf1
|
|
Updated CRYPTO_SUPPORT flag to numeric to provide below
supports -
1. CRYPTO_SUPPORT = 1 -> Authentication verification only
2. CRYPTO_SUPPORT = 2 -> Hash calculation only
3. CRYPTO_SUPPORT = 3 -> Authentication verification and
hash calculation
Change-Id: Ib34f31457a6c87d2356d736ad2d048dc787da56f
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
|
|
Updated crypto module to include crypto calls necessary for a
DRTM supported build.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I4f945997824393f46864b7fb7fd380308a025452
|
|
The Arm(R) Ethos(TM)-N NPU driver now supports configuring the SMMU
streams that the NPU shall use and will therefore no longer delegate
access to these registers to the non-secure world. In order for the
driver to support this, the device tree parsing has been updated to
support parsing the allocators used by the NPU and what SMMU stream that
is associated with each allocator.
To keep track of what NPU device each allocator is associated with, the
resulting config from the device tree parsing will now group the NPU
cores and allocators into their respective NPU device.
The SMC API has been changed to allow the caller to specify what
allocator the NPU shall be configured to use and the API version has
been bumped to indicate this change.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I6ac43819133138614e3f55a014e93466fe3d5277
|
|
* changes:
feat(stm32mp1): add early console in SP_min
feat(st): properly manage early console
feat(st-uart): manage STM32MP_RECONFIGURE_CONSOLE
docs(st): introduce STM32MP_RECONFIGURE_CONSOLE
feat(st): add trace for early console
fix(stm32mp1): enable crash console in FIQ handler
feat(st-uart): add initialization with the device tree
refactor(stm32mp1): move DT_UART_COMPAT in include file
feat(stm32mp1): configure the serial boot load address
fix(stm32mp1): update the FIP load address for serial boot
refactor(st): configure baudrate for UART programmer
refactor(st-uart): compute the over sampling dynamically
|
|
Unit Attention Condition (UAC) gets set on a warm reset. Sending any
command (other than INQUIRY and REPORT LUNs) clears UAC, so its good to
add some retries when UAC is encountered
Signed-off-by: Anand Saminathan <anans@google.com>
Change-Id: Ia03b916d68565d0f3d25086b7f6d8c51d557b64f
|
|
The current comms protocol (where arguments and return data is embedded
into the MHU message) is now protocol v0. Protocol v1 embeds pointers
into the message, and has the RSS retrieve the data via DMA.
Change-Id: I08d7f09c4eaea673769fde9eee194447a99f1b78
Signed-off-by: Raef Coles <raef.coles@arm.com>
|
|
The parameter over_sampling of stm32_uart_init_s is not required
as it can be computed dynamically from clock rate of the serial
device and the requested baudrate.
Oversampling by 8 is allowed only for higher speed
(up to clock_rate / 8) to reduce the maximum receiver tolerance
to clock deviation.
This patch update the driver, the serial init struct and the
only user, the stm32cubeprogrammer over uart support.
Change-Id: I422731089730a288defeb7fa49886db65d0902b2
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
|
|
* changes:
feat(zynqmp): add support for ProvenCore
feat(services): add a SPD for ProvenCore
feat(gic): add APIs to raise NS and S-EL1 SGIs
|
|
The GIC ICC_SGI0R_EL1 register's affinity fields are 8bit wide for GIC
v3 and v4. Fix the SGIR_AFF_MASK variable accordingly.
Change-Id: I09f3fdd006708b40162776620f82abcfc6c3f782
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
|
|
This patch adds two helper functions:
- plat_ic_raise_ns_sgi to raise a NS SGI
- plat_ic_raise_s_el1_sgi to raise a S-EL1 SGI
Signed-off-by: Florian Lugou <florian.lugou@provenrun.com>
Change-Id: I6f262dd1da1d77fec3f850eb74189e726b8e24da
|
|
The boot partition size of an eMMC is given in ext_csd register, at
offset 226 (BOOT_SIZE_MULT), which has to be multiplied by 128kB.
Add a helper function mmc_boot_part_size() to get this eMMC boot
partition size.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I0e8e0fc9632f147fa1b1b3374accb78439025403
|
|
The scratch buffer could be large. The new function allows
platform to defined its own external buffer or use the default
one.
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Change-Id: Ib7ab8ff19fa0a9cb06e364f058b91af58c3c471a
|
|
On SD-cards, Switch Function Command (CMD6) is used to switch
functions, like setting High Speed mode. It is useful for high capacity
cards to double frequency (from 25MHz by default to 50MHz).
If the SD-card is High Capacity, a CMD6 is issued after filling the
device information. If High Speed mode is supported and the switch is
OK, then the max_bus_freq can be set to 50MHz. The driver set_ios()
function should then be called to update peripheral configuration,
especially clock prescaler.
Change-Id: I2d6807aa7f9440d2b2f907a747cd3b47a2ba1545
Signed-off-by: Yann Gautier <yann.gautier@st.com>
|
|
* changes:
feat(stm32mp1): retrieve FIP partition by type UUID
feat(guid-partition): allow to find partition by type UUID
refactor(stm32mp1): update PLAT_PARTITION_MAX_ENTRIES
|
|
This change replaces the polling loop with fixed number of retries,
returns error values and handles them in ufs_enum.
Signed-off-by: Rohit Ner <rohitner@google.com>
Change-Id: Ia769ef26703c7525091e55ff46aaae4637db933c
|
|
Add function to return the partition by type.
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Change-Id: I87729dc5e68fbc45a523c894b67595b0079dd8fb
|
|
integration
* changes:
feat(spm): add tpm event log node to spmc manifest
fix(measured-boot): add SP entries to event_log_metadata
|
|
|
|
* changes:
refactor(imx): update config of mbedtls support
refactor(qemu): update configuring mbedtls support
refactor(measured-boot): mb algorithm selection
|
|
Define the MBEDTLS_CHECK_RETURN_WARNING macro in mbedTLS configuration
file to get compile-time warnings for mbedTLS functions we call and do
not check the return value of. Right now, this does not flag anything
but it could help catching bugs in the future.
This was a new feature introduced in mbed TLS 2.28.0 release.
Change-Id: If26f3c83b6ccc8bc60e75c3e582ab20817d047aa
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
|
|
* changes:
refactor(arm): update BL2 base address
refactor(nxp): use DPG0 mask from Arm GICv3 header
fix(gic600): implement workaround to forward highest priority interrupt
|
|
With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algorithms, so now there can be more than one hash algorithm in a build.
Therefore the logic for selecting the measured boot hash algorithm needs
to be updated and the coordination of algorithm selection added. This is
done by:
- Adding MBOOT_EL_HASH_ALG for Event Log to define the hash algorithm
to replace TPM_HASH_ALG, removing reference to TPM.
- Adding MBOOT_RSS_HASH_ALG for RSS to define the hash algorithm to
replace TPM_HASH_ALG.
- Coordinating MBOOT_EL_HASH_ALG and MBOOT_RSS_HASH_ALG to define the
Measured Boot configuration macros through defining
TF_MBEDTLS_MBOOT_USE_SHA512 to pull in SHA-512 support if either
backend requires a stronger algorithm than SHA-256.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I4ddf06ebdc3835beb4d1b6c7bab5a257ffc5c71a
|
|
Removed GICR_CTLR_DPG0_MASK definition from platform GIC header file
as Arm GICv3 header file added its definition.
Change-Id: Ieec43aeef96b9b6c8a7f955a8d145be6e4b183c5
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
|
|
If the interrupt being targeted is released from the CPU before the
CLEAR command is sent to the CPU then a subsequent SET command may not
be delivered in a finite time. To workaround this, issue an unblocking
event by toggling GICR_CTLR.DPG* bits after clearing the cpu group
enable (EnableGrp* bits of GIC CPU interface register)
This fix is implemented as per the errata 2384374-part 2 workaround
mentioned here:
https://developer.arm.com/documentation/sden892601/latest/
Change-Id: I13926ceeb7740fa4c05cc5b43170e7ce49598f70
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
|
|
Replay-protected memory block access is enabled by writing 0x3
to PARTITION_ACCESS (bit[2:0]). Instead the driver is using the
first boot partition, which does not provide any playback protection.
Additionally, it unconditionally activates the first boot partition,
potentially breaking boot for SoCs that consult boot partitions,
require boot ack or downgrading to an old bootloader if the first
partition happens to be the inactive one.
Also, neither enabling or disabling the RPMB observes the
PARTITION_SWITCH_TIME. As there are no in-tree users for these
functions, drop them for now until a properly functional implementation
is added. That one will likely share most code with the existing boot
partition switch, which doesn't suffer from the described issues.
Change-Id: Ia4a3f738f60a0dbcc33782f868cfbb1e1c5b664a
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
|
|
Disabling access to the boot partition reverts the MMC to read from the
user area. Add a macro to make this clearer.
Suggested-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Change-Id: I34a5a987980bb4690d08d255f465b11a4697ed5a
|
|
At the moment, mmc_boot_part_read_blocks() takes care to switch
to the boot partition before transfer and back afterwards.
This can introduce large overhead when reading small chunks.
Give consumers of the API more control by exporting
mmc_part_switch_current_boot() and mmc_part_switch_user().
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Change-Id: Ib641f188071bb8e0196f4af495ec9ad4a292284f
|
|
Add SP entries to event_log_metadata if SPD_spmd is enabled. Otherwise
the platform cannot boot with measured boot enabled.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I525eb50e7bb60796b63a8c7f81962983017bbf87
|
|
* changes:
feat(partition): verify crc while loading gpt header
build(hikey): platform changes for verifying gpt header crc
build(agilex): platform changes for verifying gpt header crc
build(stratix10): platform changes for verifying gpt header crc
build(stm32mp1): platform changes for verifying gpt header crc
|
|
Created a function to abort all pending NS DMA transactions to
engage complete DMA protection. This call will be used by the
subsequent DRTM implementation changes.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Change-Id: I94992b54c570327d6746295073822a9c0ebdc85d
|
|
This change makes use of 32-bit crc for calculating gpt header crc
and compares it with the given value.
Signed-off-by: Rohit Ner <rohitner@google.com>
Change-Id: I49bca7aab2c3884881c4b7d90d31786a895290e6
|
|
Enable the RSS backend based measured boot feature.
In the absence of RSS the mocked version of PSA APIs
are used. They always return with success and hard-code data.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I7543e9033a7a21f1b836d911d8d9498c6e09b956
|
|
Runtime Security Subsystem (RSS) provides for the host:
- Runtime service to store measurments, which were
computed by the host during measured boot.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ia9e4e8a1fe8f01a28da1fd8c434b780f2a08f94e
|
|
This commit adds a driver to conduct the AP's communication
with the Runtime Security Subsystem (RSS).
RSS is Arm's reference implementation for the CCA HES [1].
It can be considered as a secure enclave to which, for example,
certain services can be offloaded such as initial attestation.
RSS comms driver:
- Relies on MHU v2.x communication IP, using a generic MHU API,
- Exposes the psa_call(..) API to the upper layers.
[1] https://developer.arm.com/documentation/DEN0096/latest
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Change-Id: Ib174ac7d1858834006bbaf8aad0eb31e3a3ad107
|
|
The Arm Message Handling Unit (MHU) is a mailbox controller used to
communicate with other processing element(s). Adding a driver to
enable the communication:
- Adding generic MHU driver interface,
- Adding MHU_v2_x driver.
Driver supports:
- Discovering available MHU channels,
- Sending / receiving words over MHU channels,
- Signaling happens over a dedicated channel.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Change-Id: I41a5b968f6b8319cdbdf7907d70bd8837839862e
|
|
* changes:
fix(ufs): read and write attribute based on spec
fix(ufs): disables controller if enabled
refactor(ufs): adds a function for fdeviceinit
|
|
This change performs a basic configuration of the SMMU root registers
interface on an RME enabled system. This permits enabling GPC checks
for transactions originated from a non-secure or secure device upstream
to an SMMU. It re-uses the boot time GPT base address and configuration
programmed on the PE.
The root register file offset is platform dependent and has to be
supplied on a model command line.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I4f889be6b7afc2afb4d1d147c5c1c3ea68f32e07
|
|
ufs controller needs to be disabled if already enabled, without
this we noticed a crash at linkstartup during reinit
Signed-off-by: anans <anans@google.com>
Change-Id: I523c5d57c1d34f6404a6368ee3f364fbffd2e542
|
|
time taken for device init varies based on different devices,
instead of waiting for 200ms - we can poll on fdevice init
until it gets cleared, similar to what linux does
Change-Id: I571649231732fde0cd6d5be89b6f14fe905fcaff
Signed-off-by: anans <anans@google.com>
|
|
The following SMIDs are disabled by default.
* GICD: MBIST REQ error and GICD FMU ClkGate override
* PPI: MBIST REQ error and PPI FMU ClkGate override
* ITS: MBIST REQ error and ITS FMU ClkGate override
This patch explicitly enables them during the FMU init sequence.
Change-Id: I573e64786e3318d4cbcd07d0a1caf25f8e6e9200
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
|
|
This patch updates the gic600_fmu_init function to disable all safety
mechanisms for a block ID that is not present on the platform. All
safety mechanisms for GIC-600AE are enabled by default and should be
disabled for blocks that are not present on the platform to avoid
false positive RAS errors.
Change-Id: I52dc3bee9a8b49fd2e51d7ed851fdc803a48e6e3
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
|