Merge pull request #1839 from loumay-arm/lm/a7x_errata
Cortex-A73/75/76 errata workaround
diff --git a/Makefile b/Makefile
index 34f6890..7b0ef5b 100644
--- a/Makefile
+++ b/Makefile
@@ -184,6 +184,14 @@
ASFLAGS_aarch32 = $(march32-directive)
ASFLAGS_aarch64 = -march=armv8-a
+# Set the compiler to ARMv8.3 mode so that it uses all the ARMv8.3-PAuth
+# instructions. Keeping it in 8.0 would make the compiler emit
+# backwards-compatible hint instructions, which needs more space.
+ifeq (${ENABLE_PAUTH},1)
+TF_CFLAGS_aarch64 += -march=armv8.3-a
+ASFLAGS_aarch64 += -march=armv8.3-a
+endif
+
WARNING1 := -Wextra
WARNING1 += -Wunused -Wno-unused-parameter
WARNING1 += -Wmissing-declarations
@@ -459,6 +467,15 @@
endif
endif
+# If pointer authentication is used in the firmware, make sure that all the
+# registers associated to it are also saved and restored. Not doing it would
+# leak the value of the key used by EL3 to EL1 and S-EL1.
+ifeq ($(ENABLE_PAUTH),1)
+ ifeq ($(CTX_INCLUDE_PAUTH_REGS),0)
+ $(error ENABLE_PAUTH=1 requires CTX_INCLUDE_PAUTH_REGS=1)
+ endif
+endif
+
################################################################################
# Process platform overrideable behaviour
################################################################################
@@ -580,12 +597,14 @@
$(eval $(call assert_boolean,CREATE_KEYS))
$(eval $(call assert_boolean,CTX_INCLUDE_AARCH32_REGS))
$(eval $(call assert_boolean,CTX_INCLUDE_FPREGS))
+$(eval $(call assert_boolean,CTX_INCLUDE_PAUTH_REGS))
$(eval $(call assert_boolean,DEBUG))
$(eval $(call assert_boolean,DYN_DISABLE_AUTH))
$(eval $(call assert_boolean,EL3_EXCEPTION_HANDLING))
$(eval $(call assert_boolean,ENABLE_AMU))
$(eval $(call assert_boolean,ENABLE_ASSERTIONS))
$(eval $(call assert_boolean,ENABLE_MPAM_FOR_LOWER_ELS))
+$(eval $(call assert_boolean,ENABLE_PAUTH))
$(eval $(call assert_boolean,ENABLE_PIE))
$(eval $(call assert_boolean,ENABLE_PMF))
$(eval $(call assert_boolean,ENABLE_PSCI_STAT))
@@ -633,10 +652,12 @@
$(eval $(call add_define,COLD_BOOT_SINGLE_CPU))
$(eval $(call add_define,CTX_INCLUDE_AARCH32_REGS))
$(eval $(call add_define,CTX_INCLUDE_FPREGS))
+$(eval $(call add_define,CTX_INCLUDE_PAUTH_REGS))
$(eval $(call add_define,EL3_EXCEPTION_HANDLING))
$(eval $(call add_define,ENABLE_AMU))
$(eval $(call add_define,ENABLE_ASSERTIONS))
$(eval $(call add_define,ENABLE_MPAM_FOR_LOWER_ELS))
+$(eval $(call add_define,ENABLE_PAUTH))
$(eval $(call add_define,ENABLE_PIE))
$(eval $(call add_define,ENABLE_PMF))
$(eval $(call add_define,ENABLE_PSCI_STAT))
diff --git a/bl1/aarch32/bl1_entrypoint.S b/bl1/aarch32/bl1_entrypoint.S
index 3f0cbaf..6a15566 100644
--- a/bl1/aarch32/bl1_entrypoint.S
+++ b/bl1/aarch32/bl1_entrypoint.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -52,12 +52,10 @@
_exception_vectors=bl1_vector_table
/* -----------------------------------------------------
- * Perform early platform setup & platform
- * specific early arch. setup e.g. mmu setup
+ * Perform BL1 setup
* -----------------------------------------------------
*/
- bl bl1_early_platform_setup
- bl bl1_plat_arch_setup
+ bl bl1_setup
/* -----------------------------------------------------
* Jump to main function.
diff --git a/bl1/aarch64/bl1_entrypoint.S b/bl1/aarch64/bl1_entrypoint.S
index f7e02e9..0f8d5aa 100644
--- a/bl1/aarch64/bl1_entrypoint.S
+++ b/bl1/aarch64/bl1_entrypoint.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -32,24 +32,42 @@
_init_c_runtime=1 \
_exception_vectors=bl1_exceptions
- /* ---------------------------------------------
- * Architectural init. can be generic e.g.
- * enabling stack alignment and platform spec-
- * ific e.g. MMU & page table setup as per the
- * platform memory map. Perform the latter here
- * and the former in bl1_main.
- * ---------------------------------------------
+ /* --------------------------------------------------------------------
+ * Perform BL1 setup
+ * --------------------------------------------------------------------
*/
- bl bl1_early_platform_setup
- bl bl1_plat_arch_setup
+ bl bl1_setup
- /* --------------------------------------------------
+ /* --------------------------------------------------------------------
+ * Enable pointer authentication
+ * --------------------------------------------------------------------
+ */
+#if ENABLE_PAUTH
+ mrs x0, sctlr_el3
+ orr x0, x0, #SCTLR_EnIA_BIT
+ msr sctlr_el3, x0
+ isb
+#endif /* ENABLE_PAUTH */
+
+ /* --------------------------------------------------------------------
* Initialize platform and jump to our c-entry point
* for this type of reset.
- * --------------------------------------------------
+ * --------------------------------------------------------------------
*/
bl bl1_main
+ /* --------------------------------------------------------------------
+ * Disable pointer authentication before jumping to BL31 or that will
+ * cause an authentication failure during the early platform init.
+ * --------------------------------------------------------------------
+ */
+#if ENABLE_PAUTH
+ mrs x0, sctlr_el3
+ bic x0, x0, #SCTLR_EnIA_BIT
+ msr sctlr_el3, x0
+ isb
+#endif /* ENABLE_PAUTH */
+
/* --------------------------------------------------
* Do the transition to next boot image.
* --------------------------------------------------
diff --git a/bl1/bl1.mk b/bl1/bl1.mk
index ec7d728..7f1a823 100644
--- a/bl1/bl1.mk
+++ b/bl1/bl1.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -21,6 +21,10 @@
lib/el3_runtime/aarch64/context.S
endif
+ifeq (${ENABLE_PAUTH},1)
+BL1_CFLAGS += -msign-return-address=non-leaf
+endif
+
ifeq (${TRUSTED_BOARD_BOOT},1)
BL1_SOURCES += bl1/bl1_fwu.c
endif
diff --git a/bl1/bl1_main.c b/bl1/bl1_main.c
index d2c2b41..fce14f5 100644
--- a/bl1/bl1_main.c
+++ b/bl1/bl1_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -52,6 +52,28 @@
}
/*******************************************************************************
+ * Setup function for BL1.
+ ******************************************************************************/
+void bl1_setup(void)
+{
+ /* Perform early platform-specific setup */
+ bl1_early_platform_setup();
+
+#ifdef AARCH64
+ /*
+ * Update pointer authentication key before the MMU is enabled. It is
+ * saved in the rodata section, that can be writen before enabling the
+ * MMU. This function must be called after the console is initialized
+ * in the early platform setup.
+ */
+ bl_handle_pauth();
+#endif /* AARCH64 */
+
+ /* Perform late platform-specific setup */
+ bl1_plat_arch_setup();
+}
+
+/*******************************************************************************
* Function to perform late architectural and platform specific initialization.
* It also queries the platform to load and run next BL image. Only called
* by the primary cpu after a cold boot.
diff --git a/bl2/aarch32/bl2_el3_entrypoint.S b/bl2/aarch32/bl2_el3_entrypoint.S
index cc846dd..35da133 100644
--- a/bl2/aarch32/bl2_el3_entrypoint.S
+++ b/bl2/aarch32/bl2_el3_entrypoint.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -36,8 +36,11 @@
mov r2, r11
mov r3, r12
- bl bl2_el3_early_platform_setup
- bl bl2_el3_plat_arch_setup
+ /* ---------------------------------------------
+ * Perform BL2 setup
+ * ---------------------------------------------
+ */
+ bl bl2_el3_setup
/* ---------------------------------------------
* Jump to main function.
diff --git a/bl2/aarch32/bl2_entrypoint.S b/bl2/aarch32/bl2_entrypoint.S
index e7b98af..23d1513 100644
--- a/bl2/aarch32/bl2_entrypoint.S
+++ b/bl2/aarch32/bl2_entrypoint.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -108,16 +108,15 @@
#endif
/* ---------------------------------------------
- * Perform early platform setup & platform
- * specific early arch. setup e.g. mmu setup
+ * Perform BL2 setup
* ---------------------------------------------
*/
mov r0, r9
mov r1, r10
mov r2, r11
mov r3, r12
- bl bl2_early_platform_setup2
- bl bl2_plat_arch_setup
+
+ bl bl2_setup
/* ---------------------------------------------
* Jump to main function.
diff --git a/bl2/aarch64/bl2_el3_entrypoint.S b/bl2/aarch64/bl2_el3_entrypoint.S
index 16b7c0d..d1e4247 100644
--- a/bl2/aarch64/bl2_el3_entrypoint.S
+++ b/bl2/aarch64/bl2_el3_entrypoint.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -29,16 +29,31 @@
_init_c_runtime=1 \
_exception_vectors=bl2_el3_exceptions
- /*
+ /* ---------------------------------------------
* Restore parameters of boot rom
+ * ---------------------------------------------
*/
mov x0, x20
mov x1, x21
mov x2, x22
mov x3, x23
- bl bl2_el3_early_platform_setup
- bl bl2_el3_plat_arch_setup
+ /* ---------------------------------------------
+ * Perform BL2 setup
+ * ---------------------------------------------
+ */
+ bl bl2_el3_setup
+
+ /* ---------------------------------------------
+ * Enable pointer authentication
+ * ---------------------------------------------
+ */
+#if ENABLE_PAUTH
+ mrs x0, sctlr_el3
+ orr x0, x0, #SCTLR_EnIA_BIT
+ msr sctlr_el3, x0
+ isb
+#endif /* ENABLE_PAUTH */
/* ---------------------------------------------
* Jump to main function.
@@ -55,16 +70,29 @@
func bl2_run_next_image
mov x20,x0
- /*
- * MMU needs to be disabled because both BL2 and BL31 execute
- * in EL3, and therefore share the same address space.
- * BL31 will initialize the address space according to its
- * own requirement.
- */
+ /* ---------------------------------------------
+ * MMU needs to be disabled because both BL2 and BL31 execute
+ * in EL3, and therefore share the same address space.
+ * BL31 will initialize the address space according to its
+ * own requirement.
+ * ---------------------------------------------
+ */
bl disable_mmu_icache_el3
tlbi alle3
bl bl2_el3_plat_prepare_exit
+ /* ---------------------------------------------
+ * Disable pointer authentication before jumping to BL31 or that will
+ * cause an authentication failure during the early platform init.
+ * ---------------------------------------------
+ */
+#if ENABLE_PAUTH
+ mrs x0, sctlr_el3
+ bic x0, x0, #SCTLR_EnIA_BIT
+ msr sctlr_el3, x0
+ isb
+#endif /* ENABLE_PAUTH */
+
ldp x0, x1, [x20, #ENTRY_POINT_INFO_PC_OFFSET]
msr elr_el3, x0
msr spsr_el3, x1
diff --git a/bl2/aarch64/bl2_entrypoint.S b/bl2/aarch64/bl2_entrypoint.S
index d938947..611b807 100644
--- a/bl2/aarch64/bl2_entrypoint.S
+++ b/bl2/aarch64/bl2_entrypoint.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -106,17 +106,25 @@
#endif
/* ---------------------------------------------
- * Perform early platform setup & platform
- * specific early arch. setup e.g. mmu setup
+ * Perform BL2 setup
* ---------------------------------------------
*/
mov x0, x20
mov x1, x21
mov x2, x22
mov x3, x23
- bl bl2_early_platform_setup2
+ bl bl2_setup
- bl bl2_plat_arch_setup
+ /* ---------------------------------------------
+ * Enable pointer authentication
+ * ---------------------------------------------
+ */
+#if ENABLE_PAUTH
+ mrs x0, sctlr_el1
+ orr x0, x0, #SCTLR_EnIA_BIT
+ msr sctlr_el1, x0
+ isb
+#endif /* ENABLE_PAUTH */
/* ---------------------------------------------
* Jump to main function.
diff --git a/bl2/bl2.mk b/bl2/bl2.mk
index f905bc2..9523918 100644
--- a/bl2/bl2.mk
+++ b/bl2/bl2.mk
@@ -1,10 +1,11 @@
#
-# Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
-BL2_SOURCES += bl2/bl2_main.c \
+BL2_SOURCES += bl2/bl2_image_load_v2.c \
+ bl2/bl2_main.c \
bl2/${ARCH}/bl2_arch_setup.c \
lib/locks/exclusive/${ARCH}/spinlock.S \
plat/common/${ARCH}/platform_up_stack.S \
@@ -14,7 +15,9 @@
BL2_SOURCES += common/aarch64/early_exceptions.S
endif
-BL2_SOURCES += bl2/bl2_image_load_v2.c
+ifeq (${ENABLE_PAUTH},1)
+BL2_CFLAGS += -msign-return-address=non-leaf
+endif
ifeq (${BL2_AT_EL3},0)
BL2_SOURCES += bl2/${ARCH}/bl2_entrypoint.S
diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c
index 019088d..7d8d60c 100644
--- a/bl2/bl2_main.c
+++ b/bl2/bl2_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -21,6 +21,55 @@
#define NEXT_IMAGE "BL31"
#endif
+#if !BL2_AT_EL3
+/*******************************************************************************
+ * Setup function for BL2.
+ ******************************************************************************/
+void bl2_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
+ u_register_t arg3)
+{
+ /* Perform early platform-specific setup */
+ bl2_early_platform_setup2(arg0, arg1, arg2, arg3);
+
+#ifdef AARCH64
+ /*
+ * Update pointer authentication key before the MMU is enabled. It is
+ * saved in the rodata section, that can be writen before enabling the
+ * MMU. This function must be called after the console is initialized
+ * in the early platform setup.
+ */
+ bl_handle_pauth();
+#endif /* AARCH64 */
+
+ /* Perform late platform-specific setup */
+ bl2_plat_arch_setup();
+}
+
+#else /* if BL2_AT_EL3 */
+/*******************************************************************************
+ * Setup function for BL2 when BL2_AT_EL3=1.
+ ******************************************************************************/
+void bl2_el3_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
+ u_register_t arg3)
+{
+ /* Perform early platform-specific setup */
+ bl2_el3_early_platform_setup(arg0, arg1, arg2, arg3);
+
+#ifdef AARCH64
+ /*
+ * Update pointer authentication key before the MMU is enabled. It is
+ * saved in the rodata section, that can be writen before enabling the
+ * MMU. This function must be called after the console is initialized
+ * in the early platform setup.
+ */
+ bl_handle_pauth();
+#endif /* AARCH64 */
+
+ /* Perform late platform-specific setup */
+ bl2_el3_plat_arch_setup();
+}
+#endif /* BL2_AT_EL3 */
+
/*******************************************************************************
* The only thing to do in BL2 is to load further images and pass control to
* next BL. The memory occupied by BL2 will be reclaimed by BL3x stages. BL2
@@ -65,11 +114,11 @@
* be passed to next BL image as an argument.
*/
smc(BL1_SMC_RUN_IMAGE, (unsigned long)next_bl_ep_info, 0, 0, 0, 0, 0, 0);
-#else
+#else /* if BL2_AT_EL3 */
NOTICE("BL2: Booting " NEXT_IMAGE "\n");
print_entry_point_info(next_bl_ep_info);
console_flush();
bl2_run_next_image(next_bl_ep_info);
-#endif
+#endif /* BL2_AT_EL3 */
}
diff --git a/bl31/aarch64/bl31_entrypoint.S b/bl31/aarch64/bl31_entrypoint.S
index c41773b..8e9528b 100644
--- a/bl31/aarch64/bl31_entrypoint.S
+++ b/bl31/aarch64/bl31_entrypoint.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -87,29 +87,39 @@
bl fixup_gdt_reloc
#endif /* ENABLE_PIE */
- /* ---------------------------------------------
- * Perform platform specific early arch. setup
- * ---------------------------------------------
+ /* --------------------------------------------------------------------
+ * Perform BL31 setup
+ * --------------------------------------------------------------------
*/
mov x0, x20
mov x1, x21
mov x2, x22
mov x3, x23
- bl bl31_early_platform_setup2
- bl bl31_plat_arch_setup
+ bl bl31_setup
- /* ---------------------------------------------
+ /* --------------------------------------------------------------------
+ * Enable pointer authentication
+ * --------------------------------------------------------------------
+ */
+#if ENABLE_PAUTH
+ mrs x0, sctlr_el3
+ orr x0, x0, #SCTLR_EnIA_BIT
+ msr sctlr_el3, x0
+ isb
+#endif /* ENABLE_PAUTH */
+
+ /* --------------------------------------------------------------------
* Jump to main function.
- * ---------------------------------------------
+ * --------------------------------------------------------------------
*/
bl bl31_main
- /* -------------------------------------------------------------
+ /* --------------------------------------------------------------------
* Clean the .data & .bss sections to main memory. This ensures
* that any global data which was initialised by the primary CPU
* is visible to secondary CPUs before they enable their data
* caches and participate in coherency.
- * -------------------------------------------------------------
+ * --------------------------------------------------------------------
*/
adr x0, __DATA_START__
adr x1, __DATA_END__
diff --git a/bl31/aarch64/ea_delegate.S b/bl31/aarch64/ea_delegate.S
index 0c8cfa8..40c3191 100644
--- a/bl31/aarch64/ea_delegate.S
+++ b/bl31/aarch64/ea_delegate.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -68,6 +68,14 @@
/* Save GP registers */
bl save_gp_registers
+ /* Save ARMv8.3-PAuth registers and load firmware key */
+#if CTX_INCLUDE_PAUTH_REGS
+ bl pauth_context_save
+#endif
+#if ENABLE_PAUTH
+ bl pauth_load_bl_apiakey
+#endif
+
/* Setup exception class and syndrome arguments for platform handler */
mov x0, #ERROR_EA_SYNC
mrs x1, esr_el3
@@ -98,6 +106,14 @@
/* Save GP registers */
bl save_gp_registers
+ /* Save ARMv8.3-PAuth registers and load firmware key */
+#if CTX_INCLUDE_PAUTH_REGS
+ bl pauth_context_save
+#endif
+#if ENABLE_PAUTH
+ bl pauth_load_bl_apiakey
+#endif
+
/* Setup exception class and syndrome arguments for platform handler */
mov x0, #ERROR_EA_ASYNC
mrs x1, esr_el3
diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S
index 4f53b8e..aa9d007 100644
--- a/bl31/aarch64/runtime_exceptions.S
+++ b/bl31/aarch64/runtime_exceptions.S
@@ -120,7 +120,17 @@
* ---------------------------------------------------------------------
*/
.macro handle_interrupt_exception label
+
bl save_gp_registers
+
+ /* Save ARMv8.3-PAuth registers and load firmware key */
+#if CTX_INCLUDE_PAUTH_REGS
+ bl pauth_context_save
+#endif
+#if ENABLE_PAUTH
+ bl pauth_load_bl_apiakey
+#endif
+
/* Save the EL3 system registers needed to return from this exception */
mrs x0, spsr_el3
mrs x1, elr_el3
@@ -320,14 +330,25 @@
tbnz x0, #FUNCID_CC_SHIFT, smc_prohibited
smc_handler64:
+ /* NOTE: The code below must preserve x0-x4 */
+
+ /* Save general purpose registers */
+ bl save_gp_registers
+
+ /* Save ARMv8.3-PAuth registers and load firmware key */
+#if CTX_INCLUDE_PAUTH_REGS
+ bl pauth_context_save
+#endif
+#if ENABLE_PAUTH
+ bl pauth_load_bl_apiakey
+#endif
+
/*
* Populate the parameters for the SMC handler.
* We already have x0-x4 in place. x5 will point to a cookie (not used
* now). x6 will point to the context structure (SP_EL3) and x7 will
* contain flags we need to pass to the handler.
*/
- bl save_gp_registers
-
mov x5, xzr
mov x6, sp
diff --git a/bl31/bl31.mk b/bl31/bl31.mk
index c9ba926..10feae1 100644
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@@ -75,6 +75,10 @@
BL31_SOURCES += lib/extensions/mpam/mpam.c
endif
+ifeq (${ENABLE_PAUTH},1)
+BL31_CFLAGS += -msign-return-address=non-leaf
+endif
+
ifeq (${WORKAROUND_CVE_2017_5715},1)
BL31_SOURCES += lib/cpus/aarch64/wa_cve_2017_5715_bpiall.S \
lib/cpus/aarch64/wa_cve_2017_5715_mmu.S
diff --git a/bl31/bl31_main.c b/bl31/bl31_main.c
index da35f75..aca16d6 100644
--- a/bl31/bl31_main.c
+++ b/bl31/bl31_main.c
@@ -64,6 +64,27 @@
}
/*******************************************************************************
+ * Setup function for BL31.
+ ******************************************************************************/
+void bl31_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
+ u_register_t arg3)
+{
+ /* Perform early platform-specific setup */
+ bl31_early_platform_setup2(arg0, arg1, arg2, arg3);
+
+ /*
+ * Update pointer authentication key before the MMU is enabled. It is
+ * saved in the rodata section, that can be writen before enabling the
+ * MMU. This function must be called after the console is initialized
+ * in the early platform setup.
+ */
+ bl_handle_pauth();
+
+ /* Perform late platform-specific setup */
+ bl31_plat_arch_setup();
+}
+
+/*******************************************************************************
* BL31 is responsible for setting up the runtime services for the primary cpu
* before passing control to the bootloader or an Operating System. This
* function calls runtime_svc_init() which initializes all registered runtime
diff --git a/bl32/tsp/aarch64/tsp_entrypoint.S b/bl32/tsp/aarch64/tsp_entrypoint.S
index 48f6981..710b458 100644
--- a/bl32/tsp/aarch64/tsp_entrypoint.S
+++ b/bl32/tsp/aarch64/tsp_entrypoint.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -122,12 +122,21 @@
#endif
/* ---------------------------------------------
- * Perform early platform setup & platform
- * specific early arch. setup e.g. mmu setup
+ * Perform TSP setup
* ---------------------------------------------
*/
- bl tsp_early_platform_setup
- bl tsp_plat_arch_setup
+ bl tsp_setup
+
+ /* ---------------------------------------------
+ * Enable pointer authentication
+ * ---------------------------------------------
+ */
+#if ENABLE_PAUTH
+ mrs x0, sctlr_el1
+ orr x0, x0, #SCTLR_EnIA_BIT
+ msr sctlr_el1, x0
+ isb
+#endif /* ENABLE_PAUTH */
/* ---------------------------------------------
* Jump to main function.
diff --git a/bl32/tsp/tsp.mk b/bl32/tsp/tsp.mk
index 4ea3dfb..b1fe7ff 100644
--- a/bl32/tsp/tsp.mk
+++ b/bl32/tsp/tsp.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2016, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -17,6 +17,11 @@
BL32_LINKERFILE := bl32/tsp/tsp.ld.S
+# This flag determines whether pointer authentication is used in the TSP or not
+ifeq ($(ENABLE_PAUTH),1)
+BL32_CFLAGS += -msign-return-address=non-leaf
+endif
+
# This flag determines if the TSPD initializes BL32 in tspd_init() (synchronous
# method) or configures BL31 to pass control to BL32 instead of BL33
# (asynchronous method).
diff --git a/bl32/tsp/tsp_main.c b/bl32/tsp/tsp_main.c
index 407ed47..30bf6ff 100644
--- a/bl32/tsp/tsp_main.c
+++ b/bl32/tsp/tsp_main.c
@@ -72,6 +72,26 @@
}
/*******************************************************************************
+ * Setup function for TSP.
+ ******************************************************************************/
+void tsp_setup(void)
+{
+ /* Perform early platform-specific setup */
+ tsp_early_platform_setup();
+
+ /*
+ * Update pointer authentication key before the MMU is enabled. It is
+ * saved in the rodata section, that can be writen before enabling the
+ * MMU. This function must be called after the console is initialized
+ * in the early platform setup.
+ */
+ bl_handle_pauth();
+
+ /* Perform late platform-specific setup */
+ tsp_plat_arch_setup();
+}
+
+/*******************************************************************************
* TSP main entry point where it gets the opportunity to initialize its secure
* state/applications. Once the state is initialized, it must return to the
* SPD with a pointer to the 'tsp_vector_table' jump table.
diff --git a/common/bl_common.c b/common/bl_common.c
index 84ff99c..4e76dd3 100644
--- a/common/bl_common.c
+++ b/common/bl_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -9,6 +9,7 @@
#include <string.h>
#include <arch.h>
+#include <arch_features.h>
#include <arch_helpers.h>
#include <common/bl_common.h>
#include <common/debug.h>
@@ -243,3 +244,53 @@
#endif
#undef PRINT_IMAGE_ARG
}
+
+#ifdef AARCH64
+/*******************************************************************************
+ * Handle all possible cases regarding ARMv8.3-PAuth.
+ ******************************************************************************/
+void bl_handle_pauth(void)
+{
+#if ENABLE_PAUTH
+ /*
+ * ENABLE_PAUTH = 1 && CTX_INCLUDE_PAUTH_REGS = 1
+ *
+ * Check that the system supports address authentication to avoid
+ * getting an access fault when accessing the registers. This is all
+ * that is needed to check. If any of the authentication mechanisms is
+ * supported, the system knows about ARMv8.3-PAuth, so all the registers
+ * are available and accessing them won't generate a fault.
+ *
+ * Obtain 128-bit instruction key A from the platform and save it to the
+ * system registers. Pointer authentication can't be enabled here or the
+ * authentication will fail when returning from this function.
+ */
+ assert(is_armv8_3_pauth_api_present());
+
+ uint64_t *apiakey = plat_init_apiakey();
+
+ write_apiakeylo_el1(apiakey[0]);
+ write_apiakeyhi_el1(apiakey[1]);
+#else /* if !ENABLE_PAUTH */
+
+# if CTX_INCLUDE_PAUTH_REGS
+ /*
+ * ENABLE_PAUTH = 0 && CTX_INCLUDE_PAUTH_REGS = 1
+ *
+ * Assert that the ARMv8.3-PAuth registers are present or an access
+ * fault will be triggered when they are being saved or restored.
+ */
+ assert(is_armv8_3_pauth_present());
+# else
+ /*
+ * ENABLE_PAUTH = 0 && CTX_INCLUDE_PAUTH_REGS = 0
+ *
+ * Pointer authentication is allowed in the Non-secure world, but
+ * prohibited in the Secure world. The Trusted Firmware doesn't save the
+ * registers during a world switch. No check needed.
+ */
+# endif /* CTX_INCLUDE_PAUTH_REGS */
+
+#endif /* ENABLE_PAUTH */
+}
+#endif /* AARCH64 */
diff --git a/docs/firmware-design.rst b/docs/firmware-design.rst
index 299654f..ead7297 100644
--- a/docs/firmware-design.rst
+++ b/docs/firmware-design.rst
@@ -2558,8 +2558,18 @@
Armv8.3-A
~~~~~~~~~
-- Pointer Authentication features of Armv8.3-A are unconditionally enabled so
- that lower ELs are allowed to use them without causing a trap to EL3.
+- Pointer authentication features of Armv8.3-A are unconditionally enabled in
+ the Non-secure world so that lower ELs are allowed to use them without
+ causing a trap to EL3.
+
+ In order to enable the Secure world to use it, ``CTX_INCLUDE_PAUTH_REGS``
+ must be set to 1. This will add all pointer authentication system registers
+ to the context that is saved when doing a world switch.
+
+ The Trusted Firmware itself has support for pointer authentication at runtime
+ that can be enabled by setting both options ``ENABLE_PAUTH`` and
+ ``CTX_INCLUDE_PAUTH_REGS`` to 1. This enables pointer authentication in BL1,
+ BL2, BL31, and the TSP if it is used.
Armv7-A
~~~~~~~
diff --git a/docs/plat/intel-stratix10.rst b/docs/plat/intel-stratix10.rst
new file mode 100644
index 0000000..9a3c892
--- /dev/null
+++ b/docs/plat/intel-stratix10.rst
@@ -0,0 +1,91 @@
+Description
+===========
+
+Stratix 10 SoCFPGA is a FPGA with integrated quad-core 64-bit Arm Cortex A53 processor.
+
+Upon boot, Boot ROM loads bl2 into OCRAM. Bl2 subsequently initializes
+the hardware, then loads bl31 and bl33 (UEFI) into DDR and boots to bl33.
+
+::
+
+ Boot ROM --> Trusted Firmware-A --> UEFI
+
+How to build
+============
+
+Code Locations
+--------------
+
+- Trusted Firmware-A:
+ `link <https://github.com/ARM-software/arm-trusted-firmware>`__
+
+- UEFI (to be updated with new upstreamed UEFI):
+ `link <https://github.com/altera-opensource/uefi-socfpga>`__
+
+Build Procedure
+---------------
+
+- Fetch all the above 2 repositories into local host.
+ Make all the repositories in the same ${BUILD\_PATH}.
+
+- Prepare the AARCH64 toolchain.
+
+- Build UEFI using Stratix 10 platform as configuration
+ This will be updated to use an updated UEFI using the latest EDK2 source
+
+.. code:: bash
+
+ make CROSS_COMPILE=aarch64-linux-gnu- device=s10
+
+- Build atf providing the previously generated UEFI as the BL33 image
+
+.. code:: bash
+
+ make CROSS_COMPILE=aarch64-linux-gnu- bl2 fip PLAT=stratix10
+ BL33=PEI.ROM
+
+Install Procedure
+-----------------
+
+- dd fip.bin to a A2 partition on the MMC drive to be booted in Stratix 10
+ board.
+
+- Generate a SOF containing bl2
+
+.. code:: bash
+ aarch64-linux-gnu-objcopy -I binary -O ihex --change-addresses 0xffe00000 bl2.bin bl2.hex
+ quartus_cpf --bootloader bl2.hex <quartus_generated_sof> <output_sof_with_bl2>
+
+- Configure SOF to board
+
+.. code:: bash
+ nios2-configure-sof <output_sof_with_bl2>
+
+Boot trace
+==========
+
+::
+ INFO: DDR: DRAM calibration success.
+ INFO: ECC is disabled.
+ INFO: Init HPS NOC's DDR Scheduler.
+ NOTICE: BL2: v2.0(debug):v2.0-809-g7f8474a-dirty
+ NOTICE: BL2: Built : 17:38:19, Feb 18 2019
+ INFO: BL2: Doing platform setup
+ INFO: BL2: Loading image id 3
+ INFO: Loading image id=3 at address 0xffe1c000
+ INFO: Image id=3 loaded: 0xffe1c000 - 0xffe24034
+ INFO: BL2: Loading image id 5
+ INFO: Loading image id=5 at address 0x50000
+ INFO: Image id=5 loaded: 0x50000 - 0x550000
+ NOTICE: BL2: Booting BL31
+ INFO: Entry point address = 0xffe1c000
+ INFO: SPSR = 0x3cd
+ NOTICE: BL31: v2.0(debug):v2.0-810-g788c436-dirty
+ NOTICE: BL31: Built : 15:17:16, Feb 20 2019
+ INFO: ARM GICv2 driver initialized
+ INFO: BL31: Initializing runtime services
+ WARNING: BL31: cortex_a53: CPU workaround for 855873 was missing!
+ INFO: BL31: Preparing for EL3 exit to normal world
+ INFO: Entry point address = 0x50000
+ INFO: SPSR = 0x3c9
+ UEFI firmware (version 1.0 built at 11:26:18 on Nov 7 2018)
diff --git a/docs/porting-guide.rst b/docs/porting-guide.rst
index 7a3963b..c3df389 100644
--- a/docs/porting-guide.rst
+++ b/docs/porting-guide.rst
@@ -1792,6 +1792,22 @@
On DynamIQ systems, this function must not use stack while enabling MMU, which
is how the function in xlat table library version 2 is implemented.
+Function : plat_init_apiakey [optional]
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+ Argument : void
+ Return : uint64_t *
+
+This function populates the ``plat_apiakey`` array that contains the values used
+to set the ``APIAKey{Hi,Lo}_EL1`` registers. It returns a pointer to this array.
+
+The value should be obtained from a reliable source of randomness.
+
+This function is only needed if ARMv8.3 pointer authentication is used in the
+Trusted Firmware by building with ``ENABLE_PAUTH=1``.
+
Function : plat_get_syscnt_freq2() [mandatory]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/docs/user-guide.rst b/docs/user-guide.rst
index 4ff1c72..b420127 100644
--- a/docs/user-guide.rst
+++ b/docs/user-guide.rst
@@ -358,6 +358,12 @@
registers to be included when saving and restoring the CPU context. Default
is 0.
+- ``CTX_INCLUDE_PAUTH_REGS``: Boolean option that, when set to 1, will cause
+ the ARMv8.3-PAuth registers to be included when saving and restoring the CPU
+ context. Note that if the hardware supports this extension and this option is
+ set to 0 the value of the registers will be leaked between Secure and
+ Non-secure worlds if PAuth is used on both sides. The default is 0.
+
- ``DEBUG``: Chooses between a debug and release build. It can take either 0
(release) or 1 (debug) as values. 0 is the default.
@@ -405,6 +411,13 @@
partitioning in EL3, however. Platform initialisation code should configure
and use partitions in EL3 as required. This option defaults to ``0``.
+- ``ENABLE_PAUTH``: Boolean option to enable ARMv8.3 Pointer Authentication
+ (``ARMv8.3-PAuth``) support in the Trusted Firmware itself. Note that this
+ option doesn't affect the saving of the registers introduced with this
+ extension, they are always saved if they are detected regardless of the value
+ of this option. If enabled, it is needed to use a compiler that supports the
+ option ``-msign-return-address``. It defaults to 0.
+
- ``ENABLE_PIE``: Boolean option to enable Position Independent Executable(PIE)
support within generic code in TF-A. This option is currently only supported
in BL31. Default is 0.
diff --git a/drivers/rpi3/sdhost/rpi3_sdhost.c b/drivers/rpi3/sdhost/rpi3_sdhost.c
index efcd6db..c4b6fca 100644
--- a/drivers/rpi3/sdhost/rpi3_sdhost.c
+++ b/drivers/rpi3/sdhost/rpi3_sdhost.c
@@ -272,8 +272,6 @@
}
cmd_idx = cmd->cmd_idx & HC_CMD_COMMAND_MASK;
- if (cmd_idx == MMC_CMD(17))
- cmd_idx = MMC_CMD(18);
cmd_arg = cmd->cmd_arg;
if (cmd_idx == MMC_ACMD(51)) {
@@ -364,8 +362,12 @@
mmio_write_32(reg_base + HC_HOSTSTATUS,
HC_HSTST_MASK_ERROR_ALL);
+ /*
+ * If the command SEND_OP_COND returns with CRC7 error,
+ * it can be considered as having completed successfully.
+ */
if (!(sdhsts & HC_HSTST_ERROR_CRC7)
- || (cmd_idx != MMC_ACMD(51))) {
+ || (cmd_idx != MMC_CMD(1))) {
if (sdhsts & HC_HSTST_TIMEOUT_CMD) {
ERROR("rpi3_sdhost: timeout status 0x%x\n",
sdhsts);
@@ -533,21 +535,6 @@
if (rpi3_sdhost_params.current_cmd == MMC_CMD(18))
send_command_decorated(MMC_CMD(12), 0);
- if (err == -(EILSEQ)) {
- const int max_retries = 20;
- int r;
-
- rpi3_sdhost_params.crc_err_retries++;
- if (rpi3_sdhost_params.crc_err_retries < max_retries) {
- /* retries if there's an CRC error */
- r = rpi3_sdhost_prepare(lba, buf, size);
- send_command_decorated(MMC_CMD(18), lba);
- r = rpi3_sdhost_read(lba, buf, size);
- if (r == 0)
- err = 0;
- }
- }
-
return err;
}
@@ -617,16 +604,20 @@
}
/* setting pull resistors for 48 to 53.
- * GPIO 48 (SD_CLK) to GPIO_PULL_UP
- * GPIO 49 (SD_CMD) to GPIO_PULL_NONE
- * GPIO 50 (SD_D0) to GPIO_PULL_NONE
- * GPIO 51 (SD_D1) to GPIO_PULL_NONE
- * GPIO 52 (SD_D2) to GPIO_PULL_NONE
- * GPIO 53 (SD_D3) to GPIO_PULL_NONE
+ * It is debatable to set SD_CLK to UP or NONE. We massively
+ * tested different brands of SD Cards and found NONE works
+ * most stable.
+ *
+ * GPIO 48 (SD_CLK) to GPIO_PULL_NONE
+ * GPIO 49 (SD_CMD) to GPIO_PULL_UP
+ * GPIO 50 (SD_D0) to GPIO_PULL_UP
+ * GPIO 51 (SD_D1) to GPIO_PULL_UP
+ * GPIO 52 (SD_D2) to GPIO_PULL_UP
+ * GPIO 53 (SD_D3) to GPIO_PULL_UP
*/
- gpio_set_pull(48, GPIO_PULL_UP);
+ gpio_set_pull(48, GPIO_PULL_NONE);
for (int i = 49; i <= 53; i++)
- gpio_set_pull(i, GPIO_PULL_NONE);
+ gpio_set_pull(i, GPIO_PULL_UP);
/* Set pin 48-53 to alt-0. It means route SDHOST to card slot */
for (int i = 48; i <= 53; i++)
@@ -675,15 +666,14 @@
rpi3_sdhost_params.gpio48_pinselect[i-48]);
}
- /* Must reset the pull resistors for u-boot to work.
- * GPIO 48 (SD_CLK) to GPIO_PULL_NONE
+ /* Reset the pull resistors before entering BL33.
+ * GPIO 48 (SD_CLK) to GPIO_PULL_UP
* GPIO 49 (SD_CMD) to GPIO_PULL_UP
* GPIO 50 (SD_D0) to GPIO_PULL_UP
* GPIO 51 (SD_D1) to GPIO_PULL_UP
* GPIO 52 (SD_D2) to GPIO_PULL_UP
* GPIO 53 (SD_D3) to GPIO_PULL_UP
*/
- gpio_set_pull(48, GPIO_PULL_NONE);
- for (int i = 49; i <= 53; i++)
+ for (int i = 48; i <= 53; i++)
gpio_set_pull(i, GPIO_PULL_UP);
}
diff --git a/include/arch/aarch32/arch.h b/include/arch/aarch32/arch.h
index 3421e04..2aa6eff 100644
--- a/include/arch/aarch32/arch.h
+++ b/include/arch/aarch32/arch.h
@@ -153,6 +153,7 @@
#define SDCR_SPD_LEGACY U(0x0)
#define SDCR_SPD_DISABLE U(0x2)
#define SDCR_SPD_ENABLE U(0x3)
+#define SDCR_SCCD_BIT (U(1) << 23)
#define SDCR_RESET_VAL U(0x0)
/* HSCTLR definitions */
diff --git a/include/arch/aarch32/el3_common_macros.S b/include/arch/aarch32/el3_common_macros.S
index 4af7624..322aed5 100644
--- a/include/arch/aarch32/el3_common_macros.S
+++ b/include/arch/aarch32/el3_common_macros.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -105,10 +105,15 @@
* Initialise SDCR, setting all the fields rather than relying on hw.
*
* SDCR.SPD: Disable AArch32 privileged debug. Debug exceptions from
- * Secure EL1 are disabled.
+ * Secure EL1 are disabled.
+ *
+ * SDCR: Set to one so that cycle counting by PMCCNTR is prohibited in
+ * Secure state. This bit is RES0 in versions of the architecture
+ * earlier than ARMv8.5, setting it to 1 doesn't have any effect on
+ * them.
* ---------------------------------------------------------------------
*/
- ldr r0, =(SDCR_RESET_VAL | SDCR_SPD(SDCR_SPD_DISABLE))
+ ldr r0, =(SDCR_RESET_VAL | SDCR_SPD(SDCR_SPD_DISABLE) | SDCR_SCCD_BIT)
stcopr r0, SDCR
#endif
diff --git a/include/arch/aarch64/arch.h b/include/arch/aarch64/arch.h
index 45aa077..1032d9a 100644
--- a/include/arch/aarch64/arch.h
+++ b/include/arch/aarch64/arch.h
@@ -154,26 +154,22 @@
#define ID_AA64PFR0_GIC_SHIFT U(24)
#define ID_AA64PFR0_GIC_WIDTH U(4)
-#define ID_AA64PFR0_GIC_MASK ((ULL(1) << ID_AA64PFR0_GIC_WIDTH) - ULL(1))
+#define ID_AA64PFR0_GIC_MASK ULL(0xf)
/* ID_AA64ISAR1_EL1 definitions */
+#define ID_AA64ISAR1_EL1 S3_0_C0_C6_1
#define ID_AA64ISAR1_GPI_SHIFT U(28)
#define ID_AA64ISAR1_GPI_WIDTH U(4)
+#define ID_AA64ISAR1_GPI_MASK ULL(0xf)
#define ID_AA64ISAR1_GPA_SHIFT U(24)
#define ID_AA64ISAR1_GPA_WIDTH U(4)
+#define ID_AA64ISAR1_GPA_MASK ULL(0xf)
#define ID_AA64ISAR1_API_SHIFT U(8)
#define ID_AA64ISAR1_API_WIDTH U(4)
+#define ID_AA64ISAR1_API_MASK ULL(0xf)
#define ID_AA64ISAR1_APA_SHIFT U(4)
#define ID_AA64ISAR1_APA_WIDTH U(4)
-
-#define ID_AA64ISAR1_GPI_MASK \
- (((ULL(1) << ID_AA64ISAR1_GPI_WIDTH) - ULL(1)) << ID_AA64ISAR1_GPI_SHIFT)
-#define ID_AA64ISAR1_GPA_MASK \
- (((ULL(1) << ID_AA64ISAR1_GPA_WIDTH) - ULL(1)) << ID_AA64ISAR1_GPA_SHIFT)
-#define ID_AA64ISAR1_API_MASK \
- (((ULL(1) << ID_AA64ISAR1_API_WIDTH) - ULL(1)) << ID_AA64ISAR1_API_SHIFT)
-#define ID_AA64ISAR1_APA_MASK \
- (((ULL(1) << ID_AA64ISAR1_APA_WIDTH) - ULL(1)) << ID_AA64ISAR1_APA_SHIFT)
+#define ID_AA64ISAR1_APA_MASK ULL(0xf)
/* ID_AA64MMFR0_EL1 definitions */
#define ID_AA64MMFR0_EL1_PARANGE_SHIFT U(0)
@@ -259,9 +255,7 @@
#define SCTLR_E0E_BIT (ULL(1) << 24)
#define SCTLR_EE_BIT (ULL(1) << 25)
#define SCTLR_UCI_BIT (ULL(1) << 26)
-#define SCTLR_TRE_BIT (ULL(1) << 28)
-#define SCTLR_AFE_BIT (ULL(1) << 29)
-#define SCTLR_TE_BIT (ULL(1) << 30)
+#define SCTLR_EnIA_BIT (ULL(1) << 31)
#define SCTLR_DSSBS_BIT (ULL(1) << 44)
#define SCTLR_RESET_VAL SCTLR_EL3_RES1
@@ -292,16 +286,17 @@
/* MDCR_EL3 definitions */
#define MDCR_SPD32(x) ((x) << 14)
-#define MDCR_SPD32_LEGACY U(0x0)
-#define MDCR_SPD32_DISABLE U(0x2)
-#define MDCR_SPD32_ENABLE U(0x3)
-#define MDCR_SDD_BIT (U(1) << 16)
+#define MDCR_SPD32_LEGACY ULL(0x0)
+#define MDCR_SPD32_DISABLE ULL(0x2)
+#define MDCR_SPD32_ENABLE ULL(0x3)
+#define MDCR_SDD_BIT (ULL(1) << 16)
#define MDCR_NSPB(x) ((x) << 12)
-#define MDCR_NSPB_EL1 U(0x3)
-#define MDCR_TDOSA_BIT (U(1) << 10)
-#define MDCR_TDA_BIT (U(1) << 9)
-#define MDCR_TPM_BIT (U(1) << 6)
-#define MDCR_EL3_RESET_VAL U(0x0)
+#define MDCR_NSPB_EL1 ULL(0x3)
+#define MDCR_TDOSA_BIT (ULL(1) << 10)
+#define MDCR_TDA_BIT (ULL(1) << 9)
+#define MDCR_TPM_BIT (ULL(1) << 6)
+#define MDCR_SCCD_BIT (ULL(1) << 23)
+#define MDCR_EL3_RESET_VAL ULL(0x0)
/* MDCR_EL2 definitions */
#define MDCR_EL2_TPMS (U(1) << 14)
@@ -823,7 +818,16 @@
/*******************************************************************************
* Armv8.3 Pointer Authentication Registers
******************************************************************************/
+#define APIAKeyLo_EL1 S3_0_C2_C1_0
+#define APIAKeyHi_EL1 S3_0_C2_C1_1
+#define APIBKeyLo_EL1 S3_0_C2_C1_2
+#define APIBKeyHi_EL1 S3_0_C2_C1_3
+#define APDAKeyLo_EL1 S3_0_C2_C2_0
+#define APDAKeyHi_EL1 S3_0_C2_C2_1
+#define APDBKeyLo_EL1 S3_0_C2_C2_2
+#define APDBKeyHi_EL1 S3_0_C2_C2_3
#define APGAKeyLo_EL1 S3_0_C2_C3_0
+#define APGAKeyHi_EL1 S3_0_C2_C3_1
/*******************************************************************************
* Armv8.4 Data Independent Timing Registers
diff --git a/include/arch/aarch64/arch_features.h b/include/arch/aarch64/arch_features.h
index da8b6e4..495ecb3 100644
--- a/include/arch/aarch64/arch_features.h
+++ b/include/arch/aarch64/arch_features.h
@@ -23,6 +23,23 @@
ID_AA64MMFR2_EL1_CNP_MASK) != 0U;
}
+static inline bool is_armv8_3_pauth_present(void)
+{
+ uint64_t mask = (ID_AA64ISAR1_GPI_MASK << ID_AA64ISAR1_GPI_SHIFT) |
+ (ID_AA64ISAR1_GPA_MASK << ID_AA64ISAR1_GPA_SHIFT) |
+ (ID_AA64ISAR1_API_MASK << ID_AA64ISAR1_API_SHIFT) |
+ (ID_AA64ISAR1_APA_MASK << ID_AA64ISAR1_APA_SHIFT);
+
+ /* If any of the fields is not zero, PAuth is present */
+ return (read_id_aa64isar1_el1() & mask) != 0U;
+}
+
+static inline bool is_armv8_3_pauth_api_present(void)
+{
+ return ((read_id_aa64isar1_el1() >> ID_AA64ISAR1_API_SHIFT) &
+ ID_AA64ISAR1_API_MASK) != 0U;
+}
+
static inline bool is_armv8_4_ttst_present(void)
{
return ((read_id_aa64mmfr2_el1() >> ID_AA64MMFR2_EL1_ST_SHIFT) &
diff --git a/include/arch/aarch64/arch_helpers.h b/include/arch/aarch64/arch_helpers.h
index 4e459bb..e07db30 100644
--- a/include/arch/aarch64/arch_helpers.h
+++ b/include/arch/aarch64/arch_helpers.h
@@ -454,7 +454,8 @@
DEFINE_RENAME_SYSREG_READ_FUNC(id_aa64mmfr2_el1, ID_AA64MMFR2_EL1)
/* Armv8.3 Pointer Authentication Registers */
-DEFINE_RENAME_SYSREG_RW_FUNCS(apgakeylo_el1, APGAKeyLo_EL1)
+DEFINE_RENAME_SYSREG_RW_FUNCS(apiakeyhi_el1, APIAKeyHi_EL1)
+DEFINE_RENAME_SYSREG_RW_FUNCS(apiakeylo_el1, APIAKeyLo_EL1)
#define IS_IN_EL(x) \
(GET_EL(read_CurrentEl()) == MODE_EL##x)
diff --git a/include/arch/aarch64/el3_common_macros.S b/include/arch/aarch64/el3_common_macros.S
index 410aeab..22b32b4 100644
--- a/include/arch/aarch64/el3_common_macros.S
+++ b/include/arch/aarch64/el3_common_macros.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -76,9 +76,16 @@
* authentication instructions from lower ELs.
* ---------------------------------------------------------------------
*/
- mov_imm x0, ((SCR_RESET_VAL | SCR_EA_BIT | SCR_SIF_BIT | \
- SCR_API_BIT | SCR_APK_BIT) \
+ mov_imm x0, ((SCR_RESET_VAL | SCR_EA_BIT | SCR_SIF_BIT) \
& ~(SCR_TWE_BIT | SCR_TWI_BIT | SCR_SMD_BIT))
+#if CTX_INCLUDE_PAUTH_REGS
+ /*
+ * If the pointer authentication registers are saved during world
+ * switches, enable pointer authentication everywhere, as it is safe to
+ * do so.
+ */
+ orr x0, x0, #(SCR_API_BIT | SCR_APK_BIT)
+#endif
msr scr_el3, x0
/* ---------------------------------------------------------------------
@@ -101,10 +108,17 @@
*
* MDCR_EL3.TPM: Set to zero so that EL0, EL1, and EL2 System register
* accesses to all Performance Monitors registers do not trap to EL3.
+ *
+ * MDCR_EL3.SCCD: Set to one so that cycle counting by PMCCNTR_EL0 is
+ * prohibited in Secure state. This bit is RES0 in versions of the
+ * architecture earlier than ARMv8.5, setting it to 1 doesn't have any
+ * effect on them.
* ---------------------------------------------------------------------
*/
- mov_imm x0, ((MDCR_EL3_RESET_VAL | MDCR_SDD_BIT | MDCR_SPD32(MDCR_SPD32_DISABLE)) \
- & ~(MDCR_TDOSA_BIT | MDCR_TDA_BIT | MDCR_TPM_BIT))
+ mov_imm x0, ((MDCR_EL3_RESET_VAL | MDCR_SDD_BIT | \
+ MDCR_SPD32(MDCR_SPD32_DISABLE) | MDCR_SCCD_BIT) \
+ & ~(MDCR_TDOSA_BIT | MDCR_TDA_BIT | MDCR_TPM_BIT))
+
msr mdcr_el3, x0
/* ---------------------------------------------------------------------
diff --git a/include/bl1/bl1.h b/include/bl1/bl1.h
index 7b5d875..937b8c7 100644
--- a/include/bl1/bl1.h
+++ b/include/bl1/bl1.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -83,6 +83,7 @@
void bl1_print_next_bl_ep_info(const struct entry_point_info *bl_ep_info);
+void bl1_setup(void);
void bl1_main(void);
void bl1_plat_prepare_exit(entry_point_info_t *ep_info);
diff --git a/include/bl2/bl2.h b/include/bl2/bl2.h
index 8ec080c..73f5ac7 100644
--- a/include/bl2/bl2.h
+++ b/include/bl2/bl2.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,6 +7,12 @@
#ifndef BL2_H
#define BL2_H
+#include <stdint.h>
+
+void bl2_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
+ u_register_t arg3);
+void bl2_el3_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
+ u_register_t arg3);
void bl2_main(void);
#endif /* BL2_H */
diff --git a/include/bl31/bl31.h b/include/bl31/bl31.h
index 08c555d..3deb0a5 100644
--- a/include/bl31/bl31.h
+++ b/include/bl31/bl31.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -12,6 +12,8 @@
/*******************************************************************************
* Function prototypes
******************************************************************************/
+void bl31_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
+ u_register_t arg3);
void bl31_next_el_arch_setup(uint32_t security_state);
void bl31_set_next_image_type(uint32_t security_state);
uint32_t bl31_get_next_image_type(void);
diff --git a/include/bl32/tsp/tsp.h b/include/bl32/tsp/tsp.h
index ed4792e..18d3079 100644
--- a/include/bl32/tsp/tsp.h
+++ b/include/bl32/tsp/tsp.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -104,6 +104,7 @@
tsp_vector_isn_t abort_yield_smc_entry;
} tsp_vectors_t;
+void tsp_setup(void);
#endif /* __ASSEMBLY__ */
diff --git a/include/common/bl_common.h b/include/common/bl_common.h
index fd7656eb..9817ec7 100644
--- a/include/common/bl_common.h
+++ b/include/common/bl_common.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -207,6 +207,8 @@
void setup_page_tables(const struct mmap_region *bl_regions,
const struct mmap_region *plat_regions);
+void bl_handle_pauth(void);
+
#endif /*__ASSEMBLY__*/
#endif /* BL_COMMON_H */
diff --git a/include/drivers/rpi3/sdhost/rpi3_sdhost.h b/include/drivers/rpi3/sdhost/rpi3_sdhost.h
index bc906e3..1653240 100644
--- a/include/drivers/rpi3/sdhost/rpi3_sdhost.h
+++ b/include/drivers/rpi3/sdhost/rpi3_sdhost.h
@@ -21,7 +21,6 @@
uint8_t cmdbusy;
uint8_t mmc_app_cmd;
uint32_t ns_per_fifo_word;
- uint32_t crc_err_retries;
uint32_t sdcard_rca;
uint32_t gpio48_pinselect[6];
diff --git a/include/lib/el3_runtime/aarch64/context.h b/include/lib/el3_runtime/aarch64/context.h
index 70c50aa..5bd0de4 100644
--- a/include/lib/el3_runtime/aarch64/context.h
+++ b/include/lib/el3_runtime/aarch64/context.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -104,25 +104,30 @@
#define CTX_SPSR_FIQ U(0xd8)
#define CTX_DACR32_EL2 U(0xe0)
#define CTX_IFSR32_EL2 U(0xe8)
-#define CTX_TIMER_SYSREGS_OFF U(0xf0) /* Align to the next 16 byte boundary */
+#define CTX_AARCH32_END U(0xf0) /* Align to the next 16 byte boundary */
#else
-#define CTX_TIMER_SYSREGS_OFF U(0xc0) /* Align to the next 16 byte boundary */
-#endif /* __CTX_INCLUDE_AARCH32_REGS__ */
+#define CTX_AARCH32_END U(0xc0) /* Align to the next 16 byte boundary */
+#endif /* CTX_INCLUDE_AARCH32_REGS */
/*
* If the timer registers aren't saved and restored, we don't have to reserve
* space for them in the context
*/
#if NS_TIMER_SWITCH
-#define CTX_CNTP_CTL_EL0 (CTX_TIMER_SYSREGS_OFF + U(0x0))
-#define CTX_CNTP_CVAL_EL0 (CTX_TIMER_SYSREGS_OFF + U(0x8))
-#define CTX_CNTV_CTL_EL0 (CTX_TIMER_SYSREGS_OFF + U(0x10))
-#define CTX_CNTV_CVAL_EL0 (CTX_TIMER_SYSREGS_OFF + U(0x18))
-#define CTX_CNTKCTL_EL1 (CTX_TIMER_SYSREGS_OFF + U(0x20))
-#define CTX_SYSREGS_END (CTX_TIMER_SYSREGS_OFF + U(0x30)) /* Align to the next 16 byte boundary */
+#define CTX_CNTP_CTL_EL0 (CTX_AARCH32_END + U(0x0))
+#define CTX_CNTP_CVAL_EL0 (CTX_AARCH32_END + U(0x8))
+#define CTX_CNTV_CTL_EL0 (CTX_AARCH32_END + U(0x10))
+#define CTX_CNTV_CVAL_EL0 (CTX_AARCH32_END + U(0x18))
+#define CTX_CNTKCTL_EL1 (CTX_AARCH32_END + U(0x20))
+#define CTX_TIMER_SYSREGS_END (CTX_AARCH32_END + U(0x30)) /* Align to the next 16 byte boundary */
#else
-#define CTX_SYSREGS_END CTX_TIMER_SYSREGS_OFF
-#endif /* __NS_TIMER_SWITCH__ */
+#define CTX_TIMER_SYSREGS_END CTX_AARCH32_END
+#endif /* NS_TIMER_SWITCH */
+
+/*
+ * End of system registers.
+ */
+#define CTX_SYSREGS_END CTX_TIMER_SYSREGS_END
/*******************************************************************************
* Constants that allow assembler code to access members of and the 'fp_regs'
@@ -174,16 +179,38 @@
#define CTX_FPREGS_END U(0)
#endif
+/*******************************************************************************
+ * Registers related to CVE-2018-3639
+ ******************************************************************************/
#define CTX_CVE_2018_3639_OFFSET (CTX_FPREGS_OFFSET + CTX_FPREGS_END)
#define CTX_CVE_2018_3639_DISABLE U(0)
#define CTX_CVE_2018_3639_END U(0x10) /* Align to the next 16 byte boundary */
+/*******************************************************************************
+ * Registers related to ARMv8.3-PAuth.
+ ******************************************************************************/
+#define CTX_PAUTH_REGS_OFFSET (CTX_CVE_2018_3639_OFFSET + CTX_CVE_2018_3639_END)
+#if CTX_INCLUDE_PAUTH_REGS
+#define CTX_PACIAKEY_LO U(0x0)
+#define CTX_PACIAKEY_HI U(0x8)
+#define CTX_PACIBKEY_LO U(0x10)
+#define CTX_PACIBKEY_HI U(0x18)
+#define CTX_PACDAKEY_LO U(0x20)
+#define CTX_PACDAKEY_HI U(0x28)
+#define CTX_PACDBKEY_LO U(0x30)
+#define CTX_PACDBKEY_HI U(0x38)
+#define CTX_PACGAKEY_LO U(0x40)
+#define CTX_PACGAKEY_HI U(0x48)
+#define CTX_PACGAKEY_END U(0x50)
+#define CTX_PAUTH_REGS_END U(0x60) /* Align to the next 16 byte boundary */
+#else
+#define CTX_PAUTH_REGS_END U(0)
+#endif /* CTX_INCLUDE_PAUTH_REGS */
+
#ifndef __ASSEMBLY__
#include <stdint.h>
-#include <platform_def.h> /* for CACHE_WRITEBACK_GRANULE */
-
#include <lib/cassert.h>
/*
@@ -200,10 +227,13 @@
#define CTX_GPREG_ALL (CTX_GPREGS_END >> DWORD_SHIFT)
#define CTX_SYSREG_ALL (CTX_SYSREGS_END >> DWORD_SHIFT)
#if CTX_INCLUDE_FPREGS
-#define CTX_FPREG_ALL (CTX_FPREGS_END >> DWORD_SHIFT)
+# define CTX_FPREG_ALL (CTX_FPREGS_END >> DWORD_SHIFT)
#endif
#define CTX_EL3STATE_ALL (CTX_EL3STATE_END >> DWORD_SHIFT)
#define CTX_CVE_2018_3639_ALL (CTX_CVE_2018_3639_END >> DWORD_SHIFT)
+#if CTX_INCLUDE_PAUTH_REGS
+# define CTX_PAUTH_REGS_ALL (CTX_PAUTH_REGS_END >> DWORD_SHIFT)
+#endif
/*
* AArch64 general purpose register context structure. Usually x0-x18,
@@ -239,6 +269,11 @@
/* Function pointer used by CVE-2018-3639 dynamic mitigation */
DEFINE_REG_STRUCT(cve_2018_3639, CTX_CVE_2018_3639_ALL);
+/* Registers associated to ARMv8.3-PAuth */
+#if CTX_INCLUDE_PAUTH_REGS
+DEFINE_REG_STRUCT(pauth, CTX_PAUTH_REGS_ALL);
+#endif
+
/*
* Macros to access members of any of the above structures using their
* offsets
@@ -264,16 +299,22 @@
fp_regs_t fpregs_ctx;
#endif
cve_2018_3639_t cve_2018_3639_ctx;
+#if CTX_INCLUDE_PAUTH_REGS
+ pauth_t pauth_ctx;
+#endif
} cpu_context_t;
/* Macros to access members of the 'cpu_context_t' structure */
#define get_el3state_ctx(h) (&((cpu_context_t *) h)->el3state_ctx)
#if CTX_INCLUDE_FPREGS
-#define get_fpregs_ctx(h) (&((cpu_context_t *) h)->fpregs_ctx)
+# define get_fpregs_ctx(h) (&((cpu_context_t *) h)->fpregs_ctx)
#endif
#define get_sysregs_ctx(h) (&((cpu_context_t *) h)->sysregs_ctx)
#define get_gpregs_ctx(h) (&((cpu_context_t *) h)->gpregs_ctx)
#define get_cve_2018_3639_ctx(h) (&((cpu_context_t *) h)->cve_2018_3639_ctx)
+#if CTX_INCLUDE_PAUTH_REGS
+# define get_pauth_ctx(h) (&((cpu_context_t *) h)->pauth_ctx)
+#endif
/*
* Compile time assertions related to the 'cpu_context' structure to
@@ -292,6 +333,10 @@
assert_core_context_el3state_offset_mismatch);
CASSERT(CTX_CVE_2018_3639_OFFSET == __builtin_offsetof(cpu_context_t, cve_2018_3639_ctx), \
assert_core_context_cve_2018_3639_offset_mismatch);
+#if CTX_INCLUDE_PAUTH_REGS
+CASSERT(CTX_PAUTH_REGS_OFFSET == __builtin_offsetof(cpu_context_t, pauth_ctx), \
+ assert_core_context_pauth_offset_mismatch);
+#endif
/*
* Helper macro to set the general purpose registers that correspond to
@@ -339,14 +384,6 @@
void fpregs_context_restore(fp_regs_t *regs);
#endif
-
-#undef CTX_SYSREG_ALL
-#if CTX_INCLUDE_FPREGS
-#undef CTX_FPREG_ALL
-#endif
-#undef CTX_GPREG_ALL
-#undef CTX_EL3STATE_ALL
-
#endif /* __ASSEMBLY__ */
#endif /* CONTEXT_H */
diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h
index 13767ff..4832e49 100644
--- a/include/plat/common/platform.h
+++ b/include/plat/common/platform.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -104,6 +104,7 @@
void bl2_plat_preload_setup(void);
int plat_try_next_boot_source(void);
int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size);
+uint64_t *plat_init_apiakey(void);
/*******************************************************************************
* Mandatory BL1 functions
diff --git a/lib/el3_runtime/aarch64/context.S b/lib/el3_runtime/aarch64/context.S
index 707e6db..4489e90 100644
--- a/lib/el3_runtime/aarch64/context.S
+++ b/lib/el3_runtime/aarch64/context.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -14,6 +14,13 @@
.global fpregs_context_save
.global fpregs_context_restore
#endif
+#if CTX_INCLUDE_PAUTH_REGS
+ .global pauth_context_restore
+ .global pauth_context_save
+#endif
+#if ENABLE_PAUTH
+ .global pauth_load_bl_apiakey
+#endif
.global save_gp_registers
.global restore_gp_registers
.global restore_gp_registers_eret
@@ -299,6 +306,96 @@
endfunc fpregs_context_restore
#endif /* CTX_INCLUDE_FPREGS */
+#if CTX_INCLUDE_PAUTH_REGS
+/* -----------------------------------------------------
+ * The following function strictly follows the AArch64
+ * PCS to use x9-x17 (temporary caller-saved registers)
+ * to save the ARMv8.3-PAuth register context. It assumes
+ * that 'sp' is pointing to a 'cpu_context_t' structure
+ * to where the register context will be saved.
+ * -----------------------------------------------------
+ */
+func pauth_context_save
+ add x11, sp, #CTX_PAUTH_REGS_OFFSET
+
+ mrs x9, APIAKeyLo_EL1
+ mrs x10, APIAKeyHi_EL1
+ stp x9, x10, [x11, #CTX_PACIAKEY_LO]
+
+ mrs x9, APIBKeyLo_EL1
+ mrs x10, APIBKeyHi_EL1
+ stp x9, x10, [x11, #CTX_PACIBKEY_LO]
+
+ mrs x9, APDAKeyLo_EL1
+ mrs x10, APDAKeyHi_EL1
+ stp x9, x10, [x11, #CTX_PACDAKEY_LO]
+
+ mrs x9, APDBKeyLo_EL1
+ mrs x10, APDBKeyHi_EL1
+ stp x9, x10, [x11, #CTX_PACDBKEY_LO]
+
+ mrs x9, APGAKeyLo_EL1
+ mrs x10, APGAKeyHi_EL1
+ stp x9, x10, [x11, #CTX_PACGAKEY_LO]
+
+ ret
+endfunc pauth_context_save
+
+/* -----------------------------------------------------
+ * The following function strictly follows the AArch64
+ * PCS to use x9-x17 (temporary caller-saved registers)
+ * to restore the ARMv8.3-PAuth register context. It assumes
+ * that 'sp' is pointing to a 'cpu_context_t' structure
+ * from where the register context will be restored.
+ * -----------------------------------------------------
+ */
+func pauth_context_restore
+ add x11, sp, #CTX_PAUTH_REGS_OFFSET
+
+ ldp x9, x10, [x11, #CTX_PACIAKEY_LO]
+ msr APIAKeyLo_EL1, x9
+ msr APIAKeyHi_EL1, x10
+
+ ldp x9, x10, [x11, #CTX_PACIAKEY_LO]
+ msr APIBKeyLo_EL1, x9
+ msr APIBKeyHi_EL1, x10
+
+ ldp x9, x10, [x11, #CTX_PACDAKEY_LO]
+ msr APDAKeyLo_EL1, x9
+ msr APDAKeyHi_EL1, x10
+
+ ldp x9, x10, [x11, #CTX_PACDBKEY_LO]
+ msr APDBKeyLo_EL1, x9
+ msr APDBKeyHi_EL1, x10
+
+ ldp x9, x10, [x11, #CTX_PACGAKEY_LO]
+ msr APGAKeyLo_EL1, x9
+ msr APGAKeyHi_EL1, x10
+
+ ret
+endfunc pauth_context_restore
+#endif /* CTX_INCLUDE_PAUTH_REGS */
+
+/* -----------------------------------------------------
+ * The following function strictly follows the AArch64
+ * PCS to use x9-x17 (temporary caller-saved registers)
+ * to load the APIA key used by the firmware.
+ * -----------------------------------------------------
+ */
+#if ENABLE_PAUTH
+func pauth_load_bl_apiakey
+ /* Load instruction key A used by the Trusted Firmware. */
+ adrp x11, plat_apiakey
+ add x11, x11, :lo12:plat_apiakey
+ ldp x9, x10, [x11, #0]
+
+ msr APIAKeyLo_EL1, x9
+ msr APIAKeyHi_EL1, x10
+
+ ret
+endfunc pauth_load_bl_apiakey
+#endif /* ENABLE_PAUTH */
+
/* -----------------------------------------------------
* The following functions are used to save and restore
* all the general purpose registers. Ideally we would
@@ -332,9 +429,10 @@
ret
endfunc save_gp_registers
-/*
+/* -----------------------------------------------------
* This function restores all general purpose registers except x30 from the
* CPU context. x30 register must be explicitly restored by the caller.
+ * -----------------------------------------------------
*/
func restore_gp_registers
ldp x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
@@ -357,9 +455,10 @@
ret
endfunc restore_gp_registers
-/*
+/* -----------------------------------------------------
* Restore general purpose registers (including x30), and exit EL3 via. ERET to
* a lower exception level.
+ * -----------------------------------------------------
*/
func restore_gp_registers_eret
bl restore_gp_registers
@@ -377,12 +476,12 @@
eret
endfunc restore_gp_registers_eret
- /* -----------------------------------------------------
- * This routine assumes that the SP_EL3 is pointing to
- * a valid context structure from where the gp regs and
- * other special registers can be retrieved.
- * -----------------------------------------------------
- */
+/* -----------------------------------------------------
+ * This routine assumes that the SP_EL3 is pointing to
+ * a valid context structure from where the gp regs and
+ * other special registers can be retrieved.
+ * -----------------------------------------------------
+ */
func el3_exit
/* -----------------------------------------------------
* Save the current SP_EL0 i.e. the EL3 runtime stack
@@ -410,9 +509,14 @@
cmp x17, xzr
beq 1f
blr x17
+1:
#endif
-1:
+#if CTX_INCLUDE_PAUTH_REGS
+ /* Restore ARMv8.3-PAuth registers */
+ bl pauth_context_restore
+#endif
+
/* Restore saved general purpose registers and return */
b restore_gp_registers_eret
endfunc el3_exit
diff --git a/lib/el3_runtime/aarch64/context_mgmt.c b/lib/el3_runtime/aarch64/context_mgmt.c
index 0a72aeb..89d7ed6 100644
--- a/lib/el3_runtime/aarch64/context_mgmt.c
+++ b/lib/el3_runtime/aarch64/context_mgmt.c
@@ -122,6 +122,20 @@
scr_el3 |= SCR_FIEN_BIT;
#endif
+#if !CTX_INCLUDE_PAUTH_REGS
+ /*
+ * If the pointer authentication registers aren't saved during world
+ * switches the value of the registers can be leaked from the Secure to
+ * the Non-secure world. To prevent this, rather than enabling pointer
+ * authentication everywhere, we only enable it in the Non-secure world.
+ *
+ * If the Secure world wants to use pointer authentication,
+ * CTX_INCLUDE_PAUTH_REGS must be set to 1.
+ */
+ if (security_state == NON_SECURE)
+ scr_el3 |= SCR_API_BIT | SCR_APK_BIT;
+#endif /* !CTX_INCLUDE_PAUTH_REGS */
+
#ifdef IMAGE_BL31
/*
* SCR_EL3.IRQ, SCR_EL3.FIQ: Enable the physical FIQ and IRQ routing as
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index 76a9fd4..819abcd 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -51,6 +51,11 @@
# Include FP registers in cpu context
CTX_INCLUDE_FPREGS := 0
+# Include pointer authentication (ARMv8.3-PAuth) registers in cpu context. This
+# must be set to 1 if the platform wants to use this feature in the Secure
+# world. It is not needed to use it in the Non-secure world.
+CTX_INCLUDE_PAUTH_REGS := 0
+
# Debug build
DEBUG := 0
@@ -82,6 +87,9 @@
# Flag to enable exception handling in EL3
EL3_EXCEPTION_HANDLING := 0
+# Flag to enable Pointer Authentication
+ENABLE_PAUTH := 0
+
# Build flag to treat usage of deprecated platform and framework APIs as error.
ERROR_DEPRECATED := 0
diff --git a/plat/allwinner/common/include/sunxi_private.h b/plat/allwinner/common/include/sunxi_private.h
index 1e1b0a4..1166879 100644
--- a/plat/allwinner/common/include/sunxi_private.h
+++ b/plat/allwinner/common/include/sunxi_private.h
@@ -9,9 +9,9 @@
void sunxi_configure_mmu_el3(int flags);
-void sunxi_cpu_on(unsigned int cluster, unsigned int core);
-void sunxi_cpu_off(unsigned int cluster, unsigned int core);
-void sunxi_disable_secondary_cpus(unsigned int primary_cpu);
+void sunxi_cpu_on(u_register_t mpidr);
+void sunxi_cpu_off(u_register_t mpidr);
+void sunxi_disable_secondary_cpus(u_register_t primary_mpidr);
void __dead2 sunxi_power_down(void);
int sunxi_pmic_setup(uint16_t socid, const void *fdt);
diff --git a/plat/allwinner/common/sunxi_bl31_setup.c b/plat/allwinner/common/sunxi_bl31_setup.c
index 7ffa658..a24527c 100644
--- a/plat/allwinner/common/sunxi_bl31_setup.c
+++ b/plat/allwinner/common/sunxi_bl31_setup.c
@@ -11,6 +11,7 @@
#include <platform_def.h>
#include <arch.h>
+#include <arch_helpers.h>
#include <common/debug.h>
#include <drivers/arm/gicv2.h>
#include <drivers/console.h>
@@ -101,7 +102,7 @@
SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE);
/* Turn off all secondary CPUs */
- sunxi_disable_secondary_cpus(plat_my_core_pos());
+ sunxi_disable_secondary_cpus(read_mpidr());
}
void bl31_plat_arch_setup(void)
diff --git a/plat/allwinner/common/sunxi_common.c b/plat/allwinner/common/sunxi_common.c
index 6bb8968..3b44aab 100644
--- a/plat/allwinner/common/sunxi_common.c
+++ b/plat/allwinner/common/sunxi_common.c
@@ -18,7 +18,7 @@
#include <sunxi_mmap.h>
#include <sunxi_private.h>
-static mmap_region_t sunxi_mmap[PLATFORM_MMAP_REGIONS + 1] = {
+static const mmap_region_t sunxi_mmap[PLATFORM_MMAP_REGIONS + 1] = {
MAP_REGION_FLAT(SUNXI_SRAM_BASE, SUNXI_SRAM_SIZE,
MT_MEMORY | MT_RW | MT_SECURE),
MAP_REGION_FLAT(SUNXI_DEV_BASE, SUNXI_DEV_SIZE,
diff --git a/plat/allwinner/common/sunxi_cpu_ops.c b/plat/allwinner/common/sunxi_cpu_ops.c
index 8c08603..b4c9fcc 100644
--- a/plat/allwinner/common/sunxi_cpu_ops.c
+++ b/plat/allwinner/common/sunxi_cpu_ops.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -45,9 +45,10 @@
mmio_write_32(SUNXI_CPU_POWER_CLAMP_REG(cluster, core), 0x00);
}
-void sunxi_cpu_off(unsigned int cluster, unsigned int core)
+void sunxi_cpu_off(u_register_t mpidr)
{
- int corenr = cluster * PLATFORM_MAX_CPUS_PER_CLUSTER + core;
+ unsigned int cluster = MPIDR_AFFLVL1_VAL(mpidr);
+ unsigned int core = MPIDR_AFFLVL0_VAL(mpidr);
VERBOSE("PSCI: Powering off cluster %d core %d\n", cluster, core);
@@ -55,9 +56,9 @@
mmio_clrbits_32(SUNXI_CPUCFG_DBG_REG0, BIT(core));
/* We can't turn ourself off like this, but it works for other cores. */
- if (plat_my_core_pos() != corenr) {
+ if (read_mpidr() != mpidr) {
/* Activate the core output clamps, but not for core 0. */
- if (corenr != 0)
+ if (core != 0)
mmio_setbits_32(SUNXI_POWEROFF_GATING_REG(cluster),
BIT(core));
/* Assert CPU power-on reset */
@@ -80,8 +81,11 @@
0, BIT_32(core));
}
-void sunxi_cpu_on(unsigned int cluster, unsigned int core)
+void sunxi_cpu_on(u_register_t mpidr)
{
+ unsigned int cluster = MPIDR_AFFLVL1_VAL(mpidr);
+ unsigned int core = MPIDR_AFFLVL0_VAL(mpidr);
+
VERBOSE("PSCI: Powering on cluster %d core %d\n", cluster, core);
/* Assert CPU core reset */
@@ -102,12 +106,18 @@
mmio_setbits_32(SUNXI_CPUCFG_DBG_REG0, BIT(core));
}
-void sunxi_disable_secondary_cpus(unsigned int primary_cpu)
+void sunxi_disable_secondary_cpus(u_register_t primary_mpidr)
{
- for (unsigned int cpu = 0; cpu < PLATFORM_CORE_COUNT; cpu += 1) {
- if (cpu == primary_cpu)
- continue;
- sunxi_cpu_off(cpu / PLATFORM_MAX_CPUS_PER_CLUSTER,
- cpu % PLATFORM_MAX_CPUS_PER_CLUSTER);
+ unsigned int cluster;
+ unsigned int core;
+
+ for (cluster = 0; cluster < PLATFORM_CLUSTER_COUNT; ++cluster) {
+ for (core = 0; core < PLATFORM_MAX_CPUS_PER_CLUSTER; ++core) {
+ u_register_t mpidr = (cluster << MPIDR_AFF1_SHIFT) |
+ (core << MPIDR_AFF0_SHIFT) |
+ BIT(31);
+ if (mpidr != primary_mpidr)
+ sunxi_cpu_off(mpidr);
+ }
}
}
diff --git a/plat/allwinner/common/sunxi_pm.c b/plat/allwinner/common/sunxi_pm.c
index 8cc715c..1d2dc93 100644
--- a/plat/allwinner/common/sunxi_pm.c
+++ b/plat/allwinner/common/sunxi_pm.c
@@ -35,7 +35,7 @@
if (mpidr_is_valid(mpidr) == 0)
return PSCI_E_INTERN_FAIL;
- sunxi_cpu_on(MPIDR_AFFLVL1_VAL(mpidr), MPIDR_AFFLVL0_VAL(mpidr));
+ sunxi_cpu_on(mpidr);
return PSCI_E_SUCCESS;
}
@@ -47,9 +47,7 @@
static void __dead2 sunxi_pwr_down_wfi(const psci_power_state_t *target_state)
{
- u_register_t mpidr = read_mpidr();
-
- sunxi_cpu_off(MPIDR_AFFLVL1_VAL(mpidr), MPIDR_AFFLVL0_VAL(mpidr));
+ sunxi_cpu_off(read_mpidr());
while (1)
wfi();
@@ -64,7 +62,7 @@
static void __dead2 sunxi_system_off(void)
{
/* Turn off all secondary CPUs */
- sunxi_disable_secondary_cpus(plat_my_core_pos());
+ sunxi_disable_secondary_cpus(read_mpidr());
sunxi_power_down();
}
diff --git a/plat/allwinner/common/sunxi_topology.c b/plat/allwinner/common/sunxi_topology.c
index 7acc77a..45be1e0 100644
--- a/plat/allwinner/common/sunxi_topology.c
+++ b/plat/allwinner/common/sunxi_topology.c
@@ -9,7 +9,7 @@
#include <arch.h>
#include <plat/common/platform.h>
-static unsigned char plat_power_domain_tree_desc[PLAT_MAX_PWR_LVL + 1] = {
+static const unsigned char plat_power_domain_tree_desc[PLAT_MAX_PWR_LVL + 1] = {
/* One root node for the SoC */
1,
/* One node for each cluster */
diff --git a/plat/allwinner/sun50i_a64/sunxi_power.c b/plat/allwinner/sun50i_a64/sunxi_power.c
index 706bfce..b4d16a0 100644
--- a/plat/allwinner/sun50i_a64/sunxi_power.c
+++ b/plat/allwinner/sun50i_a64/sunxi_power.c
@@ -175,7 +175,7 @@
#define NO_SPLIT 0xff
-struct axp_regulator {
+static const struct axp_regulator {
char *dt_name;
uint16_t min_volt;
uint16_t max_volt;
@@ -247,7 +247,7 @@
for (node = fdt_first_subnode(fdt, node);
node != -FDT_ERR_NOTFOUND;
node = fdt_next_subnode(fdt, node)) {
- struct axp_regulator *reg;
+ const struct axp_regulator *reg;
const char *name;
int length;
diff --git a/plat/arm/board/sgiclarkh/fdts/sgiclarkh_nt_fw_config.dts b/plat/arm/board/rde1edge/fdts/rde1edge_nt_fw_config.dts
similarity index 77%
rename from plat/arm/board/sgiclarkh/fdts/sgiclarkh_nt_fw_config.dts
rename to plat/arm/board/rde1edge/fdts/rde1edge_nt_fw_config.dts
index 3dedf1d..4176921 100644
--- a/plat/arm/board/sgiclarkh/fdts/sgiclarkh_nt_fw_config.dts
+++ b/plat/arm/board/rde1edge/fdts/rde1edge_nt_fw_config.dts
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,7 +7,7 @@
/dts-v1/;
/ {
/* compatible string */
- compatible = "arm,sgi-clark";
+ compatible = "arm,rd-e1edge";
/*
* Place holder for system-id node with default values. The
diff --git a/plat/arm/board/sgiclarkh/fdts/sgiclarkh_tb_fw_config.dts b/plat/arm/board/rde1edge/fdts/rde1edge_tb_fw_config.dts
similarity index 100%
rename from plat/arm/board/sgiclarkh/fdts/sgiclarkh_tb_fw_config.dts
rename to plat/arm/board/rde1edge/fdts/rde1edge_tb_fw_config.dts
diff --git a/plat/arm/board/sgiclarkh/include/platform_def.h b/plat/arm/board/rde1edge/include/platform_def.h
similarity index 75%
rename from plat/arm/board/sgiclarkh/include/platform_def.h
rename to plat/arm/board/rde1edge/include/platform_def.h
index fe8907b..954a1cd 100644
--- a/plat/arm/board/sgiclarkh/include/platform_def.h
+++ b/plat/arm/board/rde1edge/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -18,8 +18,8 @@
#define PLAT_CSS_MHU_BASE UL(0x45400000)
/* Base address of DMC-620 instances */
-#define SGICLARKH_DMC620_BASE0 UL(0x4e000000)
-#define SGICLARKH_DMC620_BASE1 UL(0x4e100000)
+#define RDE1EDGE_DMC620_BASE0 UL(0x4e000000)
+#define RDE1EDGE_DMC620_BASE1 UL(0x4e100000)
#define PLAT_MAX_PWR_LVL ARM_PWR_LVL2
diff --git a/plat/arm/board/sgiclarkh/platform.mk b/plat/arm/board/rde1edge/platform.mk
similarity index 73%
rename from plat/arm/board/sgiclarkh/platform.mk
rename to plat/arm/board/rde1edge/platform.mk
index 1e93d93..833bb82 100644
--- a/plat/arm/board/sgiclarkh/platform.mk
+++ b/plat/arm/board/rde1edge/platform.mk
@@ -6,34 +6,34 @@
include plat/arm/css/sgi/sgi-common.mk
-SGICLARKH_BASE = plat/arm/board/sgiclarkh
+RDE1EDGE_BASE = plat/arm/board/rde1edge
-PLAT_INCLUDES += -I${SGICLARKH_BASE}/include/
+PLAT_INCLUDES += -I${RDE1EDGE_BASE}/include/
SGI_CPU_SOURCES := lib/cpus/aarch64/neoverse_e1.S
BL1_SOURCES += ${SGI_CPU_SOURCES}
-BL2_SOURCES += ${SGICLARKH_BASE}/sgiclarkh_plat.c \
- ${SGICLARKH_BASE}/sgiclarkh_security.c \
+BL2_SOURCES += ${RDE1EDGE_BASE}/rde1edge_plat.c \
+ ${RDE1EDGE_BASE}/rde1edge_security.c \
drivers/arm/tzc/tzc_dmc620.c \
lib/utils/mem_region.c \
plat/arm/common/arm_nor_psci_mem_protect.c
BL31_SOURCES += ${SGI_CPU_SOURCES} \
- ${SGICLARKH_BASE}/sgiclarkh_plat.c \
+ ${RDE1EDGE_BASE}/rde1edge_plat.c \
drivers/cfi/v2m/v2m_flash.c \
lib/utils/mem_region.c \
plat/arm/common/arm_nor_psci_mem_protect.c
# Add the FDT_SOURCES and options for Dynamic Config
-FDT_SOURCES += ${SGICLARKH_BASE}/fdts/${PLAT}_tb_fw_config.dts
+FDT_SOURCES += ${RDE1EDGE_BASE}/fdts/${PLAT}_tb_fw_config.dts
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
-FDT_SOURCES += ${SGICLARKH_BASE}/fdts/${PLAT}_nt_fw_config.dts
+FDT_SOURCES += ${RDE1EDGE_BASE}/fdts/${PLAT}_nt_fw_config.dts
NT_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_nt_fw_config.dtb
# Add the NT_FW_CONFIG to FIP and specify the same to certtool
diff --git a/plat/arm/board/sgiclarkh/sgiclarkh_plat.c b/plat/arm/board/rde1edge/rde1edge_plat.c
similarity index 100%
rename from plat/arm/board/sgiclarkh/sgiclarkh_plat.c
rename to plat/arm/board/rde1edge/rde1edge_plat.c
diff --git a/plat/arm/board/rde1edge/rde1edge_security.c b/plat/arm/board/rde1edge/rde1edge_security.c
new file mode 100644
index 0000000..2123e09
--- /dev/null
+++ b/plat/arm/board/rde1edge/rde1edge_security.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2019, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <platform_def.h>
+
+#include <common/debug.h>
+#include <drivers/arm/tzc_dmc620.h>
+
+uintptr_t rde1edge_dmc_base[] = {
+ RDE1EDGE_DMC620_BASE0,
+ RDE1EDGE_DMC620_BASE1
+};
+
+static const tzc_dmc620_driver_data_t rde1edge_plat_driver_data = {
+ .dmc_base = rde1edge_dmc_base,
+ .dmc_count = ARRAY_SIZE(rde1edge_dmc_base)
+};
+
+static const tzc_dmc620_acc_addr_data_t rde1edge_acc_addr_data[] = {
+ {
+ .region_base = ARM_AP_TZC_DRAM1_BASE,
+ .region_top = ARM_AP_TZC_DRAM1_BASE + ARM_TZC_DRAM1_SIZE - 1,
+ .sec_attr = TZC_DMC620_REGION_S_RDWR
+ }
+};
+
+static const tzc_dmc620_config_data_t rde1edge_plat_config_data = {
+ .plat_drv_data = &rde1edge_plat_driver_data,
+ .plat_acc_addr_data = rde1edge_acc_addr_data,
+ .acc_addr_count = ARRAY_SIZE(rde1edge_acc_addr_data)
+};
+
+/* Initialize the secure environment */
+void plat_arm_security_setup(void)
+{
+ arm_tzc_dmc620_setup(&rde1edge_plat_config_data);
+}
diff --git a/plat/arm/board/sgiclarkh/fdts/sgiclarkh_nt_fw_config.dts b/plat/arm/board/rdn1edge/fdts/rdn1edge_nt_fw_config.dts
similarity index 74%
copy from plat/arm/board/sgiclarkh/fdts/sgiclarkh_nt_fw_config.dts
copy to plat/arm/board/rdn1edge/fdts/rdn1edge_nt_fw_config.dts
index 3dedf1d..fff5874 100644
--- a/plat/arm/board/sgiclarkh/fdts/sgiclarkh_nt_fw_config.dts
+++ b/plat/arm/board/rdn1edge/fdts/rdn1edge_nt_fw_config.dts
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,7 +7,7 @@
/dts-v1/;
/ {
/* compatible string */
- compatible = "arm,sgi-clark";
+ compatible = "arm,rd-n1edge";
/*
* Place holder for system-id node with default values. The
@@ -18,5 +18,4 @@
platform-id = <0x0>;
config-id = <0x0>;
};
-
};
diff --git a/plat/arm/board/sgiclarka/fdts/sgiclarka_tb_fw_config.dts b/plat/arm/board/rdn1edge/fdts/rdn1edge_tb_fw_config.dts
similarity index 100%
rename from plat/arm/board/sgiclarka/fdts/sgiclarka_tb_fw_config.dts
rename to plat/arm/board/rdn1edge/fdts/rdn1edge_tb_fw_config.dts
diff --git a/plat/arm/board/sgiclarka/include/platform_def.h b/plat/arm/board/rdn1edge/include/platform_def.h
similarity index 74%
rename from plat/arm/board/sgiclarka/include/platform_def.h
rename to plat/arm/board/rdn1edge/include/platform_def.h
index d2cdb49..2ca0dd4 100644
--- a/plat/arm/board/sgiclarka/include/platform_def.h
+++ b/plat/arm/board/rdn1edge/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -18,8 +18,8 @@
#define PLAT_CSS_MHU_BASE UL(0x45400000)
/* Base address of DMC-620 instances */
-#define SGICLARKA_DMC620_BASE0 UL(0x4e000000)
-#define SGICLARKA_DMC620_BASE1 UL(0x4e100000)
+#define RDN1EDGE_DMC620_BASE0 UL(0x4e000000)
+#define RDN1EDGE_DMC620_BASE1 UL(0x4e100000)
/* System power domain level */
#define CSS_SYSTEM_PWR_DMN_LVL ARM_PWR_LVL2
diff --git a/plat/arm/board/sgiclarka/platform.mk b/plat/arm/board/rdn1edge/platform.mk
similarity index 73%
rename from plat/arm/board/sgiclarka/platform.mk
rename to plat/arm/board/rdn1edge/platform.mk
index 81e416e..cacdaa1 100644
--- a/plat/arm/board/sgiclarka/platform.mk
+++ b/plat/arm/board/rdn1edge/platform.mk
@@ -6,34 +6,34 @@
include plat/arm/css/sgi/sgi-common.mk
-SGICLARKA_BASE = plat/arm/board/sgiclarka
+RDN1EDGE_BASE = plat/arm/board/rdn1edge
-PLAT_INCLUDES += -I${SGICLARKA_BASE}/include/
+PLAT_INCLUDES += -I${RDN1EDGE_BASE}/include/
SGI_CPU_SOURCES := lib/cpus/aarch64/neoverse_n1.S
BL1_SOURCES += ${SGI_CPU_SOURCES}
-BL2_SOURCES += ${SGICLARKA_BASE}/sgiclarka_plat.c \
- ${SGICLARKA_BASE}/sgiclarka_security.c \
+BL2_SOURCES += ${RDN1EDGE_BASE}/rdn1edge_plat.c \
+ ${RDN1EDGE_BASE}/rdn1edge_security.c \
drivers/arm/tzc/tzc_dmc620.c \
lib/utils/mem_region.c \
plat/arm/common/arm_nor_psci_mem_protect.c
BL31_SOURCES += ${SGI_CPU_SOURCES} \
- ${SGICLARKA_BASE}/sgiclarka_plat.c \
+ ${RDN1EDGE_BASE}/rdn1edge_plat.c \
drivers/cfi/v2m/v2m_flash.c \
lib/utils/mem_region.c \
plat/arm/common/arm_nor_psci_mem_protect.c
# Add the FDT_SOURCES and options for Dynamic Config
-FDT_SOURCES += ${SGICLARKA_BASE}/fdts/${PLAT}_tb_fw_config.dts
+FDT_SOURCES += ${RDN1EDGE_BASE}/fdts/${PLAT}_tb_fw_config.dts
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
-FDT_SOURCES += ${SGICLARKA_BASE}/fdts/${PLAT}_nt_fw_config.dts
+FDT_SOURCES += ${RDN1EDGE_BASE}/fdts/${PLAT}_nt_fw_config.dts
NT_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_nt_fw_config.dtb
# Add the NT_FW_CONFIG to FIP and specify the same to certtool
diff --git a/plat/arm/board/sgiclarka/sgiclarka_plat.c b/plat/arm/board/rdn1edge/rdn1edge_plat.c
similarity index 100%
rename from plat/arm/board/sgiclarka/sgiclarka_plat.c
rename to plat/arm/board/rdn1edge/rdn1edge_plat.c
diff --git a/plat/arm/board/rdn1edge/rdn1edge_security.c b/plat/arm/board/rdn1edge/rdn1edge_security.c
new file mode 100644
index 0000000..ffa8935
--- /dev/null
+++ b/plat/arm/board/rdn1edge/rdn1edge_security.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2019, ARM Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <platform_def.h>
+
+#include <common/debug.h>
+#include <drivers/arm/tzc_dmc620.h>
+
+uintptr_t rdn1edge_dmc_base[] = {
+ RDN1EDGE_DMC620_BASE0,
+ RDN1EDGE_DMC620_BASE1
+};
+
+static const tzc_dmc620_driver_data_t rdn1edge_plat_driver_data = {
+ .dmc_base = rdn1edge_dmc_base,
+ .dmc_count = ARRAY_SIZE(rdn1edge_dmc_base)
+};
+
+static const tzc_dmc620_acc_addr_data_t rdn1edge_acc_addr_data[] = {
+ {
+ .region_base = ARM_AP_TZC_DRAM1_BASE,
+ .region_top = ARM_AP_TZC_DRAM1_BASE + ARM_TZC_DRAM1_SIZE - 1,
+ .sec_attr = TZC_DMC620_REGION_S_RDWR
+ }
+};
+
+static const tzc_dmc620_config_data_t rdn1edge_plat_config_data = {
+ .plat_drv_data = &rdn1edge_plat_driver_data,
+ .plat_acc_addr_data = rdn1edge_acc_addr_data,
+ .acc_addr_count = ARRAY_SIZE(rdn1edge_acc_addr_data)
+};
+
+/* Initialize the secure environment */
+void plat_arm_security_setup(void)
+{
+ arm_tzc_dmc620_setup(&rdn1edge_plat_config_data);
+}
diff --git a/plat/arm/board/sgiclarka/fdts/sgiclarka_nt_fw_config.dts b/plat/arm/board/sgiclarka/fdts/sgiclarka_nt_fw_config.dts
deleted file mode 100644
index 43bd856..0000000
--- a/plat/arm/board/sgiclarka/fdts/sgiclarka_nt_fw_config.dts
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
- * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-/dts-v1/;
-/ {
- /* compatible string */
- compatible = "arm,sgi-clark";
-
- /*
- * Place holder for system-id node with default values. The
- * value of platform-id and config-id will be set to the
- * correct values during the BL2 stage of boot.
- */
- system-id {
- platform-id = <0x0>;
- config-id = <0x0>;
- };
-};
diff --git a/plat/arm/board/sgiclarka/sgiclarka_security.c b/plat/arm/board/sgiclarka/sgiclarka_security.c
deleted file mode 100644
index c455111..0000000
--- a/plat/arm/board/sgiclarka/sgiclarka_security.c
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <platform_def.h>
-
-#include <common/debug.h>
-#include <drivers/arm/tzc_dmc620.h>
-
-uintptr_t sgiclarka_dmc_base[] = {
- SGICLARKA_DMC620_BASE0,
- SGICLARKA_DMC620_BASE1
-};
-
-static const tzc_dmc620_driver_data_t sgiclarka_plat_driver_data = {
- .dmc_base = sgiclarka_dmc_base,
- .dmc_count = ARRAY_SIZE(sgiclarka_dmc_base)
-};
-
-static const tzc_dmc620_acc_addr_data_t sgiclarka_acc_addr_data[] = {
- {
- .region_base = ARM_AP_TZC_DRAM1_BASE,
- .region_top = ARM_AP_TZC_DRAM1_BASE + ARM_TZC_DRAM1_SIZE - 1,
- .sec_attr = TZC_DMC620_REGION_S_RDWR
- }
-};
-
-static const tzc_dmc620_config_data_t sgiclarka_plat_config_data = {
- .plat_drv_data = &sgiclarka_plat_driver_data,
- .plat_acc_addr_data = sgiclarka_acc_addr_data,
- .acc_addr_count = ARRAY_SIZE(sgiclarka_acc_addr_data)
-};
-
-/* Initialize the secure environment */
-void plat_arm_security_setup(void)
-{
- arm_tzc_dmc620_setup(&sgiclarka_plat_config_data);
-}
diff --git a/plat/arm/board/sgiclarkh/sgiclarkh_security.c b/plat/arm/board/sgiclarkh/sgiclarkh_security.c
deleted file mode 100644
index aaf9691..0000000
--- a/plat/arm/board/sgiclarkh/sgiclarkh_security.c
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <platform_def.h>
-
-#include <common/debug.h>
-#include <drivers/arm/tzc_dmc620.h>
-
-uintptr_t sgiclarkh_dmc_base[] = {
- SGICLARKH_DMC620_BASE0,
- SGICLARKH_DMC620_BASE1
-};
-
-static const tzc_dmc620_driver_data_t sgiclarkh_plat_driver_data = {
- .dmc_base = sgiclarkh_dmc_base,
- .dmc_count = ARRAY_SIZE(sgiclarkh_dmc_base)
-};
-
-static const tzc_dmc620_acc_addr_data_t sgiclarkh_acc_addr_data[] = {
- {
- .region_base = ARM_AP_TZC_DRAM1_BASE,
- .region_top = ARM_AP_TZC_DRAM1_BASE + ARM_TZC_DRAM1_SIZE - 1,
- .sec_attr = TZC_DMC620_REGION_S_RDWR
- }
-};
-
-static const tzc_dmc620_config_data_t sgiclarkh_plat_config_data = {
- .plat_drv_data = &sgiclarkh_plat_driver_data,
- .plat_acc_addr_data = sgiclarkh_acc_addr_data,
- .acc_addr_count = ARRAY_SIZE(sgiclarkh_acc_addr_data)
-};
-
-/* Initialize the secure environment */
-void plat_arm_security_setup(void)
-{
- arm_tzc_dmc620_setup(&sgiclarkh_plat_config_data);
-}
diff --git a/plat/arm/common/aarch64/arm_pauth.c b/plat/arm/common/aarch64/arm_pauth.c
new file mode 100644
index 0000000..c847119
--- /dev/null
+++ b/plat/arm/common/aarch64/arm_pauth.c
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2019, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <cdefs.h>
+#include <stdint.h>
+
+/*
+ * Instruction pointer authentication key A. The low 64-bit are at [0], and the
+ * high bits at [1]. They are run-time constants so they are placed in the
+ * rodata section. They are written before MMU is turned on and the permissions
+ * are effective.
+ */
+uint64_t plat_apiakey[2] __section("rodata.apiakey");
+
+/*
+ * This is only a toy implementation to generate a seemingly random 128-bit key
+ * from sp and x30 values. A production system must re-implement this function
+ * to generate keys from a reliable randomness source.
+ */
+uint64_t *plat_init_apiakey(void)
+{
+ uintptr_t return_addr = (uintptr_t)__builtin_return_address(0U);
+ uintptr_t frame_addr = (uintptr_t)__builtin_frame_address(0U);
+
+ plat_apiakey[0] = (return_addr << 13) ^ frame_addr;
+ plat_apiakey[1] = (frame_addr << 15) ^ return_addr;
+
+ return plat_apiakey;
+}
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index f18a9af..5e890ed 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -236,6 +236,11 @@
lib/extensions/ras/ras_common.c
endif
+# Pointer Authentication sources
+ifeq (${ENABLE_PAUTH}, 1)
+PLAT_BL_COMMON_SOURCES += plat/arm/common/aarch64/arm_pauth.c
+endif
+
# SPM uses libfdt in Arm platforms
ifeq (${SPM_MM},0)
ifeq (${ENABLE_SPM},1)
diff --git a/plat/intel/soc/stratix10/aarch64/plat_helpers.S b/plat/intel/soc/stratix10/aarch64/plat_helpers.S
index 8f755be..f077cf3 100644
--- a/plat/intel/soc/stratix10/aarch64/plat_helpers.S
+++ b/plat/intel/soc/stratix10/aarch64/plat_helpers.S
@@ -19,8 +19,6 @@
.globl platform_mem_init
.globl plat_get_my_entrypoint
- .globl stratix10_sec_entry
- .globl cpuid_release
/* -----------------------------------------------------
* void plat_secondary_cold_boot_setup (void);
@@ -34,11 +32,11 @@
func plat_secondary_cold_boot_setup
/* Wait until the it gets reset signal from rstmgr gets populated */
poll_mailbox:
- wfi
+ wfi
- adr x0, stratix10_sec_entry
+ mov_imm x0, PLAT_S10_SEC_ENTRY
ldr x1, [x0]
- adr x2, cpuid_release
+ mov_imm x2, PLAT_CPUID_RELEASE
ldr x3, [x2]
mrs x4, mpidr_el1
and x4, x4, #0xff
@@ -68,7 +66,7 @@
endfunc plat_my_core_pos
func plat_get_my_entrypoint
- adr x1,stratix10_sec_entry
+ mov_imm x1, PLAT_S10_SEC_ENTRY
ldr x0, [x1]
ret
endfunc plat_get_my_entrypoint
@@ -121,9 +119,3 @@
.data
.align 3
-stratix10_sec_entry:
- .quad 0
-
-cpuid_release:
- .quad 0
-
diff --git a/plat/intel/soc/stratix10/bl31_plat_setup.c b/plat/intel/soc/stratix10/bl31_plat_setup.c
new file mode 100644
index 0000000..21a3708
--- /dev/null
+++ b/plat/intel/soc/stratix10/bl31_plat_setup.c
@@ -0,0 +1,151 @@
+/*
+ * Copyright (c) 2019, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <arch.h>
+#include <arch_helpers.h>
+#include <common/bl_common.h>
+#include <common/debug.h>
+#include <drivers/console.h>
+#include <drivers/delay_timer.h>
+#include <drivers/arm/gic_common.h>
+#include <drivers/arm/gicv2.h>
+#include <drivers/ti/uart/uart_16550.h>
+#include <drivers/generic_delay_timer.h>
+#include <drivers/arm/gicv2.h>
+#include <s10_mailbox.h>
+#include <lib/xlat_tables/xlat_tables.h>
+#include <lib/mmio.h>
+#include <plat/common/platform.h>
+#include <platform_def.h>
+#include <platform_private.h>
+
+#include "aarch64/stratix10_private.h"
+#include "s10_handoff.h"
+#include "s10_reset_manager.h"
+#include "s10_memory_controller.h"
+#include "s10_pinmux.h"
+#include "s10_clock_manager.h"
+#include "s10_system_manager.h"
+
+static entry_point_info_t bl32_image_ep_info;
+static entry_point_info_t bl33_image_ep_info;
+
+entry_point_info_t *bl31_plat_get_next_image_ep_info(uint32_t type)
+{
+ entry_point_info_t *next_image_info;
+
+ next_image_info = (type == NON_SECURE) ?
+ &bl33_image_ep_info : &bl32_image_ep_info;
+
+ /* None of the images on this platform can have 0x0 as the entrypoint */
+ if (next_image_info->pc)
+ return next_image_info;
+ else
+ return NULL;
+}
+
+void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1,
+ u_register_t arg2, u_register_t arg3)
+{
+ static console_16550_t console;
+
+ console_16550_register(PLAT_UART0_BASE, PLAT_UART_CLOCK, PLAT_BAUDRATE,
+ &console);
+ /*
+ * Check params passed from BL31 should not be NULL,
+ */
+ void *from_bl2 = (void *) arg0;
+
+ bl_params_t *params_from_bl2 = (bl_params_t *)from_bl2;
+
+ assert(params_from_bl2 != NULL);
+ assert(params_from_bl2->h.type == PARAM_BL_PARAMS);
+ assert(params_from_bl2->h.version >= VERSION_2);
+
+ /*
+ * Copy BL32 (if populated by BL31) and BL33 entry point information.
+ * They are stored in Secure RAM, in BL31's address space.
+ */
+
+ bl_params_node_t *bl_params = params_from_bl2->head;
+
+ while (bl_params) {
+ if (bl_params->image_id == BL33_IMAGE_ID)
+ bl33_image_ep_info = *bl_params->ep_info;
+
+ bl_params = bl_params->next_params_info;
+ }
+ SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE);
+}
+
+static const interrupt_prop_t s10_interrupt_props[] = {
+ PLAT_INTEL_S10_G1S_IRQ_PROPS(GICV2_INTR_GROUP0),
+ PLAT_INTEL_S10_G0_IRQ_PROPS(GICV2_INTR_GROUP0)
+};
+
+static unsigned int target_mask_array[PLATFORM_CORE_COUNT];
+
+static const gicv2_driver_data_t plat_gicv2_gic_data = {
+ .gicd_base = PLAT_INTEL_S10_GICD_BASE,
+ .gicc_base = PLAT_INTEL_S10_GICC_BASE,
+ .interrupt_props = s10_interrupt_props,
+ .interrupt_props_num = ARRAY_SIZE(s10_interrupt_props),
+ .target_masks = target_mask_array,
+ .target_masks_num = ARRAY_SIZE(target_mask_array),
+};
+
+/*******************************************************************************
+ * Perform any BL3-1 platform setup code
+ ******************************************************************************/
+void bl31_platform_setup(void)
+{
+ /* Initialize the gic cpu and distributor interfaces */
+ gicv2_driver_init(&plat_gicv2_gic_data);
+ gicv2_distif_init();
+ gicv2_pcpu_distif_init();
+ gicv2_cpuif_enable();
+}
+
+const mmap_region_t plat_stratix10_mmap[] = {
+ MAP_REGION_FLAT(DRAM_BASE, DRAM_SIZE, MT_MEMORY | MT_RW | MT_NS),
+ MAP_REGION_FLAT(DEVICE1_BASE, DEVICE1_SIZE, MT_DEVICE | MT_RW | MT_NS),
+ MAP_REGION_FLAT(DEVICE2_BASE, DEVICE2_SIZE, MT_DEVICE | MT_RW | MT_NS),
+ MAP_REGION_FLAT(OCRAM_BASE, OCRAM_SIZE,
+ MT_NON_CACHEABLE | MT_RW | MT_SECURE),
+ MAP_REGION_FLAT(DEVICE3_BASE, DEVICE3_SIZE,
+ MT_DEVICE | MT_RW | MT_SECURE),
+ MAP_REGION_FLAT(MEM64_BASE, MEM64_SIZE, MT_DEVICE | MT_RW | MT_NS),
+ MAP_REGION_FLAT(DEVICE4_BASE, DEVICE4_SIZE, MT_DEVICE | MT_RW | MT_NS),
+ {0},
+};
+
+/*******************************************************************************
+ * Perform the very early platform specific architectural setup here. At the
+ * moment this is only intializes the mmu in a quick and dirty way.
+ ******************************************************************************/
+void bl31_plat_arch_setup(void)
+{
+ const mmap_region_t bl_regions[] = {
+ MAP_REGION_FLAT(BL31_BASE, BL31_END - BL31_BASE,
+ MT_MEMORY | MT_RW | MT_SECURE),
+ MAP_REGION_FLAT(BL_CODE_BASE, BL_CODE_END - BL_CODE_BASE,
+ MT_CODE | MT_SECURE),
+ MAP_REGION_FLAT(BL_RO_DATA_BASE,
+ BL_RO_DATA_END - BL_RO_DATA_BASE,
+ MT_RO_DATA | MT_SECURE),
+#if USE_COHERENT_MEM
+ MAP_REGION_FLAT(BL_COHERENT_RAM_BASE,
+ BL_COHERENT_RAM_END - BL_COHERENT_RAM_BASE,
+ MT_DEVICE | MT_RW | MT_SECURE),
+#endif
+ {0},
+ };
+
+ setup_page_tables(bl_regions, plat_stratix10_mmap);
+ enable_mmu_el3(0);
+}
+
diff --git a/plat/intel/soc/stratix10/include/plat_macros.S b/plat/intel/soc/stratix10/include/plat_macros.S
index 667f6c8..495aa9d 100644
--- a/plat/intel/soc/stratix10/include/plat_macros.S
+++ b/plat/intel/soc/stratix10/include/plat_macros.S
@@ -17,9 +17,6 @@
* ---------------------------------------------
*/
.macro plat_crash_print_regs
- mov_imm x17, PLAT_GICC_BASE
- mov_imm x16, PLAT_GICD_BASE
- arm_print_gic_regs
.endm
#endif /* __PLAT_MACROS_S__ */
diff --git a/plat/intel/soc/stratix10/include/s10_mailbox.h b/plat/intel/soc/stratix10/include/s10_mailbox.h
new file mode 100644
index 0000000..78db520
--- /dev/null
+++ b/plat/intel/soc/stratix10/include/s10_mailbox.h
@@ -0,0 +1,125 @@
+/*
+ * Copyright (c) 2019, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef __S10_MBOX__
+#define __S10_MBOX__
+
+#define MBOX_OFFSET 0xffa30000
+
+#define MBOX_ATF_CLIENT_ID 0x1
+#define MBOX_JOB_ID 0x1
+
+/* Mailbox interrupt flags and masks */
+#define MBOX_INT_FLAG_COE 0x1
+#define MBOX_INT_FLAG_RIE 0x2
+#define MBOX_INT_FLAG_UAE 0x100
+#define MBOX_COE_BIT(INTERRUPT) ((INTERRUPT) & 0x3)
+#define MBOX_UAE_BIT(INTERRUPT) (((INTERRUPT) & (1<<4)))
+
+/* Mailbox response and status */
+#define MBOX_RESP_BUFFER_SIZE 16
+#define MBOX_RESP_ERR(BUFFER) ((BUFFER) & 0x00000fff)
+#define MBOX_RESP_LEN(BUFFER) (((BUFFER) & 0x007ff000) >> 12)
+#define MBOX_RESP_CLIENT_ID(BUFFER) (((BUFFER) & 0xf0000000) >> 28)
+#define MBOX_RESP_JOB_ID(BUFFER) (((BUFFER) & 0x0f000000) >> 24)
+#define MBOX_STATUS_UA_MASK (1<<8)
+
+/* Mailbox command and response */
+#define MBOX_CMD_FREE_OFFSET 0x14
+#define MBOX_CMD_BUFFER_SIZE 32
+#define MBOX_CLIENT_ID_CMD(CLIENT_ID) ((CLIENT_ID) << 28)
+#define MBOX_JOB_ID_CMD(JOB_ID) (JOB_ID<<24)
+#define MBOX_CMD_LEN_CMD(CMD_LEN) ((CMD_LEN) << 12)
+#define MBOX_INDIRECT (1 << 11)
+#define MBOX_INSUFFICIENT_BUFFER -2
+#define MBOX_CIN 0x00
+#define MBOX_ROUT 0x04
+#define MBOX_URG 0x08
+#define MBOX_INT 0x0C
+#define MBOX_COUT 0x20
+#define MBOX_RIN 0x24
+#define MBOX_STATUS 0x2C
+#define MBOX_CMD_BUFFER 0x40
+#define MBOX_RESP_BUFFER 0xC0
+
+#define MBOX_RESP_BUFFER_SIZE 16
+#define MBOX_RESP_OK 0
+#define MBOX_RESP_INVALID_CMD 1
+#define MBOX_RESP_UNKNOWN_BR 2
+#define MBOX_RESP_UNKNOWN 3
+#define MBOX_RESP_NOT_CONFIGURED 256
+
+/* Mailbox SDM doorbell */
+#define MBOX_DOORBELL_TO_SDM 0x400
+#define MBOX_DOORBELL_FROM_SDM 0x480
+
+/* Mailbox QSPI commands */
+#define MBOX_CMD_RESTART 2
+#define MBOX_CMD_QSPI_OPEN 50
+#define MBOX_CMD_QSPI_CLOSE 51
+#define MBOX_CMD_QSPI_DIRECT 59
+#define MBOX_CMD_GET_IDCODE 16
+#define MBOX_CMD_QSPI_SET_CS 52
+
+/* Mailbox REBOOT commands */
+#define MBOX_CMD_REBOOT_HPS 71
+
+/* Generic error handling */
+#define MBOX_TIMEOUT -2047
+#define MBOX_NO_RESPONSE -2
+#define MBOX_WRONG_ID -3
+
+/* Mailbox status */
+#define RECONFIG_STATUS_STATE 0
+#define RECONFIG_STATUS_PIN_STATUS 2
+#define RECONFIG_STATUS_SOFTFUNC_STATUS 3
+#define PIN_STATUS_NSTATUS (1 << 31)
+#define SOFTFUNC_STATUS_SEU_ERROR (1 << 3)
+#define SOFTFUNC_STATUS_INIT_DONE (1 << 1)
+#define SOFTFUNC_STATUS_CONF_DONE (1 << 0)
+#define MBOX_CFGSTAT_STATE_CONFIG 0x10000000
+
+/* SMC function IDs for SiP Service queries */
+#define SIP_SVC_CALL_COUNT 0x8200ff00
+#define SIP_SVC_UID 0x8200ff01
+#define SIP_SVC_VERSION 0x8200ff03
+
+/* SiP Service Calls version numbers */
+#define SIP_SVC_VERSION_MAJOR 0
+#define SIP_SVC_VERSION_MINOR 1
+
+/* Mailbox reconfiguration commands */
+#define MBOX_RECONFIG 6
+#define MBOX_RECONFIG_DATA 8
+#define MBOX_RECONFIG_STATUS 9
+
+/* Sip get memory */
+#define INTEL_SIP_SMC_FPGA_CONFIG_START 0xC2000001
+#define INTEL_SIP_SMC_FPGA_CONFIG_GET_MEM 0xC2000005
+#define INTEL_SIP_SMC_FPGA_CONFIG_ISDONE 0xC2000004
+#define INTEL_SIP_SMC_FPGA_CONFIG_WRITE 0x42000002
+#define INTEL_SIP_SMC_FPGA_CONFIG_COMPLETED_WRITE 0xC2000003
+#define INTEL_SIP_SMC_STATUS_OK 0
+#define INTEL_SIP_SMC_STATUS_ERROR 0x4
+#define INTEL_SIP_SMC_STATUS_BUSY 0x1
+#define INTEL_SIP_SMC_STATUS_REJECTED 0x2
+#define INTEL_SIP_SMC_FPGA_CONFIG_ADDR 0x1000
+#define INTEL_SIP_SMC_FPGA_CONFIG_SIZE 16777216
+
+void mailbox_set_int(int interrupt_input);
+int mailbox_init(void);
+void mailbox_set_qspi_close(void);
+void mailbox_set_qspi_open(void);
+void mailbox_set_qspi_direct(void);
+int mailbox_send_cmd(int job_id, unsigned int cmd, uint32_t *args,
+ int len, int urgent, uint32_t *response);
+void mailbox_send_cmd_async(int job_id, unsigned int cmd, uint32_t *args,
+ int len, int urgent);
+int mailbox_read_response(int job_id, uint32_t *response);
+int mailbox_get_qspi_clock(void);
+void mailbox_reset_cold(void);
+
+#endif
diff --git a/plat/intel/soc/stratix10/plat_psci.c b/plat/intel/soc/stratix10/plat_psci.c
new file mode 100644
index 0000000..7578528
--- /dev/null
+++ b/plat/intel/soc/stratix10/plat_psci.c
@@ -0,0 +1,209 @@
+/*
+ * Copyright (c) 2019, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <arch_helpers.h>
+#include <assert.h>
+#include <common/debug.h>
+#include <errno.h>
+#include <lib/mmio.h>
+#include <drivers/arm/gic_common.h>
+#include <drivers/arm/gicv2.h>
+#include <plat/common/platform.h>
+#include <lib/psci/psci.h>
+
+#include "platform_def.h"
+#include "platform_private.h"
+#include "s10_reset_manager.h"
+#include "s10_mailbox.h"
+
+#define S10_RSTMGR_OFST 0xffd11000
+#define S10_RSTMGR_MPUMODRST_OFST 0x20
+
+uintptr_t *stratix10_sec_entry = (uintptr_t *) PLAT_S10_SEC_ENTRY;
+uintptr_t *cpuid_release = (uintptr_t *) PLAT_CPUID_RELEASE;
+
+/*******************************************************************************
+ * plat handler called when a CPU is about to enter standby.
+ ******************************************************************************/
+void plat_cpu_standby(plat_local_state_t cpu_state)
+{
+ /*
+ * Enter standby state
+ * dsb is good practice before using wfi to enter low power states
+ */
+ VERBOSE("%s: cpu_state: 0x%x\n", __func__, cpu_state);
+ dsb();
+ wfi();
+}
+
+/*******************************************************************************
+ * plat handler called when a power domain is about to be turned on. The
+ * mpidr determines the CPU to be turned on.
+ ******************************************************************************/
+int plat_pwr_domain_on(u_register_t mpidr)
+{
+ unsigned int cpu_id = plat_core_pos_by_mpidr(mpidr);
+
+ VERBOSE("%s: mpidr: 0x%lx\n", __func__, mpidr);
+
+ if (cpu_id == -1)
+ return PSCI_E_INTERN_FAIL;
+
+ *cpuid_release = cpu_id;
+
+ /* release core reset */
+ mmio_setbits_32(S10_RSTMGR_OFST + S10_RSTMGR_MPUMODRST_OFST,
+ 1 << cpu_id);
+ return PSCI_E_SUCCESS;
+}
+
+/*******************************************************************************
+ * plat handler called when a power domain is about to be turned off. The
+ * target_state encodes the power state that each level should transition to.
+ ******************************************************************************/
+void plat_pwr_domain_off(const psci_power_state_t *target_state)
+{
+ unsigned int cpu_id = plat_my_core_pos();
+
+ for (size_t i = 0; i <= PLAT_MAX_PWR_LVL; i++)
+ VERBOSE("%s: target_state->pwr_domain_state[%lu]=%x\n",
+ __func__, i, target_state->pwr_domain_state[i]);
+
+ /* TODO: Prevent interrupts from spuriously waking up this cpu */
+ /* gicv2_cpuif_disable(); */
+
+ /* assert core reset */
+ mmio_setbits_32(S10_RSTMGR_OFST + S10_RSTMGR_MPUMODRST_OFST,
+ 1 << cpu_id);
+}
+
+/*******************************************************************************
+ * plat handler called when a power domain is about to be suspended. The
+ * target_state encodes the power state that each level should transition to.
+ ******************************************************************************/
+void plat_pwr_domain_suspend(const psci_power_state_t *target_state)
+{
+ unsigned int cpu_id = plat_my_core_pos();
+
+ for (size_t i = 0; i <= PLAT_MAX_PWR_LVL; i++)
+ VERBOSE("%s: target_state->pwr_domain_state[%lu]=%x\n",
+ __func__, i, target_state->pwr_domain_state[i]);
+ /* assert core reset */
+ mmio_setbits_32(S10_RSTMGR_OFST + S10_RSTMGR_MPUMODRST_OFST,
+ 1 << cpu_id);
+
+}
+
+/*******************************************************************************
+ * plat handler called when a power domain has just been powered on after
+ * being turned off earlier. The target_state encodes the low power state that
+ * each level has woken up from.
+ ******************************************************************************/
+void plat_pwr_domain_on_finish(const psci_power_state_t *target_state)
+{
+ for (size_t i = 0; i <= PLAT_MAX_PWR_LVL; i++)
+ VERBOSE("%s: target_state->pwr_domain_state[%lu]=%x\n",
+ __func__, i, target_state->pwr_domain_state[i]);
+
+ /* Program the gic per-cpu distributor or re-distributor interface */
+ gicv2_pcpu_distif_init();
+ gicv2_set_pe_target_mask(plat_my_core_pos());
+
+ /* Enable the gic cpu interface */
+ gicv2_cpuif_enable();
+}
+
+/*******************************************************************************
+ * plat handler called when a power domain has just been powered on after
+ * having been suspended earlier. The target_state encodes the low power state
+ * that each level has woken up from.
+ * TODO: At the moment we reuse the on finisher and reinitialize the secure
+ * context. Need to implement a separate suspend finisher.
+ ******************************************************************************/
+void plat_pwr_domain_suspend_finish(const psci_power_state_t *target_state)
+{
+ unsigned int cpu_id = plat_my_core_pos();
+
+ for (size_t i = 0; i <= PLAT_MAX_PWR_LVL; i++)
+ VERBOSE("%s: target_state->pwr_domain_state[%lu]=%x\n",
+ __func__, i, target_state->pwr_domain_state[i]);
+
+ /* release core reset */
+ mmio_clrbits_32(S10_RSTMGR_OFST + S10_RSTMGR_MPUMODRST_OFST,
+ 1 << cpu_id);
+}
+
+/*******************************************************************************
+ * plat handlers to shutdown/reboot the system
+ ******************************************************************************/
+static void __dead2 plat_system_off(void)
+{
+ wfi();
+ ERROR("System Off: operation not handled.\n");
+ panic();
+}
+
+static void __dead2 plat_system_reset(void)
+{
+ INFO("assert Peripheral from Reset\r\n");
+
+ deassert_peripheral_reset();
+ mailbox_reset_cold();
+
+ while (1)
+ wfi();
+}
+
+int plat_validate_power_state(unsigned int power_state,
+ psci_power_state_t *req_state)
+{
+ VERBOSE("%s: power_state: 0x%x\n", __func__, power_state);
+
+ return PSCI_E_SUCCESS;
+}
+
+int plat_validate_ns_entrypoint(unsigned long ns_entrypoint)
+{
+ VERBOSE("%s: ns_entrypoint: 0x%lx\n", __func__, ns_entrypoint);
+ return PSCI_E_SUCCESS;
+}
+
+void plat_get_sys_suspend_power_state(psci_power_state_t *req_state)
+{
+ req_state->pwr_domain_state[PSCI_CPU_PWR_LVL] = PLAT_MAX_OFF_STATE;
+ req_state->pwr_domain_state[1] = PLAT_MAX_OFF_STATE;
+}
+
+/*******************************************************************************
+ * Export the platform handlers via plat_arm_psci_pm_ops. The ARM Standard
+ * platform layer will take care of registering the handlers with PSCI.
+ ******************************************************************************/
+const plat_psci_ops_t plat_psci_pm_ops = {
+ .cpu_standby = plat_cpu_standby,
+ .pwr_domain_on = plat_pwr_domain_on,
+ .pwr_domain_off = plat_pwr_domain_off,
+ .pwr_domain_suspend = plat_pwr_domain_suspend,
+ .pwr_domain_on_finish = plat_pwr_domain_on_finish,
+ .pwr_domain_suspend_finish = plat_pwr_domain_suspend_finish,
+ .system_off = plat_system_off,
+ .system_reset = plat_system_reset,
+ .validate_power_state = plat_validate_power_state,
+ .validate_ns_entrypoint = plat_validate_ns_entrypoint,
+ .get_sys_suspend_power_state = plat_get_sys_suspend_power_state
+};
+
+/*******************************************************************************
+ * Export the platform specific power ops.
+ ******************************************************************************/
+int plat_setup_psci_ops(uintptr_t sec_entrypoint,
+ const struct plat_psci_ops **psci_ops)
+{
+ /* Save warm boot entrypoint.*/
+ *stratix10_sec_entry = sec_entrypoint;
+
+ *psci_ops = &plat_psci_pm_ops;
+ return 0;
+}
diff --git a/plat/intel/soc/stratix10/plat_sip_svc.c b/plat/intel/soc/stratix10/plat_sip_svc.c
new file mode 100644
index 0000000..2c2332b
--- /dev/null
+++ b/plat/intel/soc/stratix10/plat_sip_svc.c
@@ -0,0 +1,378 @@
+/*
+ * Copyright (c) 2019, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <common/debug.h>
+#include <common/runtime_svc.h>
+#include <lib/mmio.h>
+#include <s10_mailbox.h>
+#include <tools_share/uuid.h>
+
+/* Number of SiP Calls implemented */
+#define SIP_NUM_CALLS 0x3
+
+/* Total buffer the driver can hold */
+#define FPGA_CONFIG_BUFFER_SIZE 4
+
+int current_block;
+int current_buffer;
+int current_id = 1;
+int max_blocks;
+uint32_t bytes_per_block;
+uint32_t blocks_submitted;
+uint32_t blocks_completed;
+
+struct fpga_config_info {
+ uint32_t addr;
+ int size;
+ int size_written;
+ uint32_t write_requested;
+ int subblocks_sent;
+ int block_number;
+};
+
+/* SiP Service UUID */
+DEFINE_SVC_UUID2(intl_svc_uid,
+ 0xa85273b0, 0xe85a, 0x4862, 0xa6, 0x2a,
+ 0xfa, 0x88, 0x88, 0x17, 0x68, 0x81);
+
+uint64_t plat_sip_handler(uint32_t smc_fid,
+ uint64_t x1,
+ uint64_t x2,
+ uint64_t x3,
+ uint64_t x4,
+ void *cookie,
+ void *handle,
+ uint64_t flags)
+{
+ ERROR("%s: unhandled SMC (0x%x)\n", __func__, smc_fid);
+ SMC_RET1(handle, SMC_UNK);
+}
+
+struct fpga_config_info fpga_config_buffers[FPGA_CONFIG_BUFFER_SIZE];
+
+static void intel_fpga_sdm_write_buffer(struct fpga_config_info *buffer)
+{
+ uint32_t args[3];
+
+ while (max_blocks > 0 && buffer->size > buffer->size_written) {
+ if (buffer->size - buffer->size_written <=
+ bytes_per_block) {
+ args[0] = (1<<8);
+ args[1] = buffer->addr + buffer->size_written;
+ args[2] = buffer->size - buffer->size_written;
+ buffer->size_written +=
+ buffer->size - buffer->size_written;
+ buffer->subblocks_sent++;
+ mailbox_send_cmd_async(0x4,
+ MBOX_RECONFIG_DATA,
+ args, 3, 0);
+ current_buffer++;
+ current_buffer %= FPGA_CONFIG_BUFFER_SIZE;
+ } else {
+ args[0] = (1<<8);
+ args[1] = buffer->addr + buffer->size_written;
+ args[2] = bytes_per_block;
+ buffer->size_written += bytes_per_block;
+ mailbox_send_cmd_async(0x4,
+ MBOX_RECONFIG_DATA,
+ args, 3, 0);
+ buffer->subblocks_sent++;
+ }
+ max_blocks--;
+ }
+}
+
+static int intel_fpga_sdm_write_all(void)
+{
+ int i;
+
+ for (i = 0; i < FPGA_CONFIG_BUFFER_SIZE; i++)
+ intel_fpga_sdm_write_buffer(
+ &fpga_config_buffers[current_buffer]);
+
+ return 0;
+}
+
+uint32_t intel_mailbox_fpga_config_isdone(void)
+{
+ uint32_t args[2];
+ uint32_t response[6];
+ int status;
+
+ status = mailbox_send_cmd(1, MBOX_RECONFIG_STATUS, args, 0, 0,
+ response);
+
+ if (status < 0)
+ return INTEL_SIP_SMC_STATUS_ERROR;
+
+ if (response[RECONFIG_STATUS_STATE] &&
+ response[RECONFIG_STATUS_STATE] != MBOX_CFGSTAT_STATE_CONFIG)
+ return INTEL_SIP_SMC_STATUS_ERROR;
+
+ if (!(response[RECONFIG_STATUS_PIN_STATUS] & PIN_STATUS_NSTATUS))
+ return INTEL_SIP_SMC_STATUS_ERROR;
+
+ if (response[RECONFIG_STATUS_SOFTFUNC_STATUS] &
+ SOFTFUNC_STATUS_SEU_ERROR)
+ return INTEL_SIP_SMC_STATUS_ERROR;
+
+ if ((response[RECONFIG_STATUS_SOFTFUNC_STATUS] &
+ SOFTFUNC_STATUS_CONF_DONE) &&
+ (response[RECONFIG_STATUS_SOFTFUNC_STATUS] &
+ SOFTFUNC_STATUS_INIT_DONE))
+ return INTEL_SIP_SMC_STATUS_OK;
+
+ return INTEL_SIP_SMC_STATUS_ERROR;
+}
+
+static int mark_last_buffer_xfer_completed(uint32_t *buffer_addr_completed)
+{
+ int i;
+
+ for (i = 0; i < FPGA_CONFIG_BUFFER_SIZE; i++) {
+ if (fpga_config_buffers[i].block_number == current_block) {
+ fpga_config_buffers[i].subblocks_sent--;
+ if (fpga_config_buffers[i].subblocks_sent == 0
+ && fpga_config_buffers[i].size <=
+ fpga_config_buffers[i].size_written) {
+ fpga_config_buffers[i].write_requested = 0;
+ current_block++;
+ *buffer_addr_completed =
+ fpga_config_buffers[i].addr;
+ return 0;
+ }
+ }
+ }
+
+ return -1;
+}
+
+unsigned int address_in_ddr(uint32_t *addr)
+{
+ if (((unsigned long long)addr > DRAM_BASE) &&
+ ((unsigned long long)addr < DRAM_BASE + DRAM_SIZE))
+ return 0;
+
+ return -1;
+}
+
+int intel_fpga_config_completed_write(uint32_t *completed_addr,
+ uint32_t *count)
+{
+ uint32_t status = INTEL_SIP_SMC_STATUS_OK;
+ *count = 0;
+ int resp_len = 0;
+ uint32_t resp[5];
+ int all_completed = 1;
+ int count_check = 0;
+
+ if (address_in_ddr(completed_addr) != 0 || address_in_ddr(count) != 0)
+ return INTEL_SIP_SMC_STATUS_ERROR;
+
+ for (count_check = 0; count_check < 3; count_check++)
+ if (address_in_ddr(&completed_addr[*count + count_check]) != 0)
+ return INTEL_SIP_SMC_STATUS_ERROR;
+
+ resp_len = mailbox_read_response(0x4, resp);
+
+ while (resp_len >= 0 && *count < 3) {
+ max_blocks++;
+ if (mark_last_buffer_xfer_completed(
+ &completed_addr[*count]) == 0)
+ *count = *count + 1;
+ else
+ break;
+ resp_len = mailbox_read_response(0x4, resp);
+ }
+
+ if (*count <= 0) {
+ if (resp_len != MBOX_NO_RESPONSE &&
+ resp_len != MBOX_TIMEOUT && resp_len != 0) {
+ return INTEL_SIP_SMC_STATUS_ERROR;
+ }
+
+ *count = 0;
+ }
+
+ intel_fpga_sdm_write_all();
+
+ if (*count > 0)
+ status = INTEL_SIP_SMC_STATUS_OK;
+ else if (*count == 0)
+ status = INTEL_SIP_SMC_STATUS_BUSY;
+
+ for (int i = 0; i < FPGA_CONFIG_BUFFER_SIZE; i++) {
+ if (fpga_config_buffers[i].write_requested != 0) {
+ all_completed = 0;
+ break;
+ }
+ }
+
+ if (all_completed == 1)
+ return INTEL_SIP_SMC_STATUS_OK;
+
+ return status;
+}
+
+int intel_fpga_config_start(uint32_t config_type)
+{
+ uint32_t response[3];
+ int status = 0;
+
+ status = mailbox_send_cmd(2, MBOX_RECONFIG, 0, 0, 0,
+ response);
+
+ if (status < 0)
+ return status;
+
+ max_blocks = response[0];
+ bytes_per_block = response[1];
+
+ for (int i = 0; i < FPGA_CONFIG_BUFFER_SIZE; i++) {
+ fpga_config_buffers[i].size = 0;
+ fpga_config_buffers[i].size_written = 0;
+ fpga_config_buffers[i].addr = 0;
+ fpga_config_buffers[i].write_requested = 0;
+ fpga_config_buffers[i].block_number = 0;
+ fpga_config_buffers[i].subblocks_sent = 0;
+ }
+
+ blocks_submitted = 0;
+ current_block = 0;
+ current_buffer = 0;
+
+ return 0;
+}
+
+
+uint32_t intel_fpga_config_write(uint64_t mem, uint64_t size)
+{
+ int i = 0;
+ uint32_t status = INTEL_SIP_SMC_STATUS_OK;
+
+ if (mem < DRAM_BASE || mem > DRAM_BASE + DRAM_SIZE)
+ status = INTEL_SIP_SMC_STATUS_REJECTED;
+
+ if (mem + size > DRAM_BASE + DRAM_SIZE)
+ status = INTEL_SIP_SMC_STATUS_REJECTED;
+
+ for (i = 0; i < FPGA_CONFIG_BUFFER_SIZE; i++) {
+ if (!fpga_config_buffers[i].write_requested) {
+ fpga_config_buffers[i].addr = mem;
+ fpga_config_buffers[i].size = size;
+ fpga_config_buffers[i].size_written = 0;
+ fpga_config_buffers[i].write_requested = 1;
+ fpga_config_buffers[i].block_number =
+ blocks_submitted++;
+ fpga_config_buffers[i].subblocks_sent = 0;
+ break;
+ }
+ }
+
+
+ if (i == FPGA_CONFIG_BUFFER_SIZE) {
+ status = INTEL_SIP_SMC_STATUS_REJECTED;
+ return status;
+ } else if (i == FPGA_CONFIG_BUFFER_SIZE - 1) {
+ status = INTEL_SIP_SMC_STATUS_BUSY;
+ }
+
+ intel_fpga_sdm_write_all();
+
+ return status;
+}
+
+/*
+ * This function is responsible for handling all SiP calls from the NS world
+ */
+
+uintptr_t sip_smc_handler(uint32_t smc_fid,
+ u_register_t x1,
+ u_register_t x2,
+ u_register_t x3,
+ u_register_t x4,
+ void *cookie,
+ void *handle,
+ u_register_t flags)
+{
+ uint32_t status = INTEL_SIP_SMC_STATUS_OK;
+ uint32_t completed_addr[3];
+ uint32_t count = 0;
+
+ switch (smc_fid) {
+ case SIP_SVC_UID:
+ /* Return UID to the caller */
+ SMC_UUID_RET(handle, intl_svc_uid);
+ break;
+ case INTEL_SIP_SMC_FPGA_CONFIG_ISDONE:
+ status = intel_mailbox_fpga_config_isdone();
+ SMC_RET4(handle, status, 0, 0, 0);
+ break;
+ case INTEL_SIP_SMC_FPGA_CONFIG_GET_MEM:
+ SMC_RET3(handle, INTEL_SIP_SMC_STATUS_OK,
+ INTEL_SIP_SMC_FPGA_CONFIG_ADDR,
+ INTEL_SIP_SMC_FPGA_CONFIG_SIZE -
+ INTEL_SIP_SMC_FPGA_CONFIG_ADDR);
+ break;
+ case INTEL_SIP_SMC_FPGA_CONFIG_START:
+ status = intel_fpga_config_start(x1);
+ SMC_RET4(handle, status, 0, 0, 0);
+ break;
+ case INTEL_SIP_SMC_FPGA_CONFIG_WRITE:
+ status = intel_fpga_config_write(x1, x2);
+ SMC_RET4(handle, status, 0, 0, 0);
+ break;
+ case INTEL_SIP_SMC_FPGA_CONFIG_COMPLETED_WRITE:
+ status = intel_fpga_config_completed_write(completed_addr,
+ &count);
+ switch (count) {
+ case 1:
+ SMC_RET4(handle, INTEL_SIP_SMC_STATUS_OK,
+ completed_addr[0], 0, 0);
+ break;
+ case 2:
+ SMC_RET4(handle, INTEL_SIP_SMC_STATUS_OK,
+ completed_addr[0],
+ completed_addr[1], 0);
+ break;
+ case 3:
+ SMC_RET4(handle, INTEL_SIP_SMC_STATUS_OK,
+ completed_addr[0],
+ completed_addr[1],
+ completed_addr[2]);
+ break;
+ case 0:
+ SMC_RET4(handle, status, 0, 0, 0);
+ break;
+ default:
+ SMC_RET1(handle, INTEL_SIP_SMC_STATUS_ERROR);
+ }
+ break;
+
+ default:
+ return plat_sip_handler(smc_fid, x1, x2, x3, x4,
+ cookie, handle, flags);
+ }
+}
+
+DECLARE_RT_SVC(
+ s10_sip_svc,
+ OEN_SIP_START,
+ OEN_SIP_END,
+ SMC_TYPE_FAST,
+ NULL,
+ sip_smc_handler
+);
+
+DECLARE_RT_SVC(
+ s10_sip_svc_std,
+ OEN_SIP_START,
+ OEN_SIP_END,
+ SMC_TYPE_YIELD,
+ NULL,
+ sip_smc_handler
+);
diff --git a/plat/intel/soc/stratix10/plat_topology.c b/plat/intel/soc/stratix10/plat_topology.c
new file mode 100644
index 0000000..4951f74
--- /dev/null
+++ b/plat/intel/soc/stratix10/plat_topology.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2019, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <arch.h>
+#include <platform_def.h>
+#include <lib/psci/psci.h>
+static const unsigned char plat_power_domain_tree_desc[] = {1, 4};
+
+/*******************************************************************************
+ * This function returns the default topology tree information.
+ ******************************************************************************/
+const unsigned char *plat_get_power_domain_tree_desc(void)
+{
+ return plat_power_domain_tree_desc;
+}
+
+/*******************************************************************************
+ * This function implements a part of the critical interface between the psci
+ * generic layer and the platform that allows the former to query the platform
+ * to convert an MPIDR to a unique linear index. An error code (-1) is returned
+ * in case the MPIDR is invalid.
+ ******************************************************************************/
+int plat_core_pos_by_mpidr(u_register_t mpidr)
+{
+ unsigned int cluster_id, cpu_id;
+
+ mpidr &= MPIDR_AFFINITY_MASK;
+
+ if (mpidr & ~(MPIDR_CLUSTER_MASK | MPIDR_CPU_MASK))
+ return -1;
+
+ cluster_id = (mpidr >> MPIDR_AFF1_SHIFT) & MPIDR_AFFLVL_MASK;
+ cpu_id = (mpidr >> MPIDR_AFF0_SHIFT) & MPIDR_AFFLVL_MASK;
+
+ if (cluster_id >= PLATFORM_CLUSTER_COUNT)
+ return -1;
+
+ /*
+ * Validate cpu_id by checking whether it represents a CPU in
+ * one of the two clusters present on the platform.
+ */
+ if (cpu_id >= PLATFORM_MAX_CPUS_PER_CLUSTER)
+ return -1;
+
+ return (cpu_id + (cluster_id * 4));
+}
+
diff --git a/plat/intel/soc/stratix10/platform.mk b/plat/intel/soc/stratix10/platform.mk
index 01b0c76..debdea1 100644
--- a/plat/intel/soc/stratix10/platform.mk
+++ b/plat/intel/soc/stratix10/platform.mk
@@ -46,8 +46,23 @@
plat/intel/soc/stratix10/soc/s10_system_manager.c \
common/desc_image_load.c
-# plat/intel/soc/stratix10/plat_topology.c \
+BL31_SOURCES += drivers/arm/cci/cci.c \
+ lib/cpus/aarch64/cortex_a53.S \
+ lib/cpus/aarch64/aem_generic.S \
+ lib/cpus/aarch64/cortex_a53.S \
+ plat/common/plat_psci_common.c \
+ plat/intel/soc/stratix10/plat_sip_svc.c \
+ plat/intel/soc/stratix10/bl31_plat_setup.c \
+ plat/intel/soc/stratix10/plat_psci.c \
+ plat/intel/soc/stratix10/plat_topology.c \
+ plat/intel/soc/stratix10/plat_delay_timer.c \
+ plat/intel/soc/stratix10/soc/s10_reset_manager.c\
+ plat/intel/soc/stratix10/soc/s10_pinmux.c \
+ plat/intel/soc/stratix10/soc/s10_clock_manager.c\
+ plat/intel/soc/stratix10/soc/s10_handoff.c \
+ plat/intel/soc/stratix10/soc/s10_mailbox.c \
PROGRAMMABLE_RESET_ADDRESS := 0
BL2_AT_EL3 := 1
MULTI_CONSOLE_API := 1
+USE_COHERENT_MEM := 1
diff --git a/plat/intel/soc/stratix10/platform_def.h b/plat/intel/soc/stratix10/platform_def.h
index 88469ed..3ed9023 100644
--- a/plat/intel/soc/stratix10/platform_def.h
+++ b/plat/intel/soc/stratix10/platform_def.h
@@ -15,6 +15,9 @@
#include <plat/common/common_def.h>
+#define PLAT_CPUID_RELEASE 0xffe1b000
+#define PLAT_S10_SEC_ENTRY 0xffe1b008
+
/* Define next boot image name and offset */
#define PLAT_NS_IMAGE_OFFSET 0x50000
#define PLAT_HANDOFF_OFFSET 0xFFE3F000
@@ -75,7 +78,7 @@
#define DRAM_SIZE (0x80000000)
#define OCRAM_BASE (0xFFE00000)
-#define OCRAM_SIZE (0x00100000)
+#define OCRAM_SIZE (0x00040000)
#define MEM64_BASE (0x0100000000)
#define MEM64_SIZE (0x1F00000000)
@@ -111,10 +114,10 @@
#define BL1_RW_SIZE (0x14000)
#define BL2_BASE (0xffe00000)
-#define BL2_LIMIT (0xffe1c000)
+#define BL2_LIMIT (0xffe1b000)
#define BL31_BASE (0xffe1c000)
-#define BL31_LIMIT (0xffe3ffff)
+#define BL31_LIMIT (0xffe3bfff)
/*******************************************************************************
* Platform specific page table and MMU setup constants
diff --git a/plat/intel/soc/stratix10/soc/s10_mailbox.c b/plat/intel/soc/stratix10/soc/s10_mailbox.c
new file mode 100644
index 0000000..00a07f3
--- /dev/null
+++ b/plat/intel/soc/stratix10/soc/s10_mailbox.c
@@ -0,0 +1,275 @@
+/*
+ * Copyright (c) 2019, Intel Corporation. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <lib/mmio.h>
+#include <common/debug.h>
+#include "s10_mailbox.h"
+
+static int fill_mailbox_circular_buffer(uint32_t header_cmd, uint32_t *args,
+ int len)
+{
+ uint32_t cmd_free_offset;
+ int i;
+
+ cmd_free_offset = mmio_read_32(MBOX_OFFSET + MBOX_CIN);
+
+ if (cmd_free_offset >= MBOX_CMD_BUFFER_SIZE) {
+ INFO("Insufficient buffer in mailbox\n");
+ return MBOX_INSUFFICIENT_BUFFER;
+ }
+
+
+ mmio_write_32(MBOX_OFFSET + MBOX_CMD_BUFFER + (cmd_free_offset++ * 4),
+ header_cmd);
+
+
+ for (i = 0; i < len; i++) {
+ cmd_free_offset %= MBOX_CMD_BUFFER_SIZE;
+ mmio_write_32(MBOX_OFFSET + MBOX_CMD_BUFFER +
+ (cmd_free_offset++ * 4), args[i]);
+ }
+
+ cmd_free_offset %= MBOX_CMD_BUFFER_SIZE;
+ mmio_write_32(MBOX_OFFSET + MBOX_CIN, cmd_free_offset);
+
+ return 0;
+}
+
+int mailbox_read_response(int job_id, uint32_t *response)
+{
+ int rin = 0;
+ int rout = 0;
+ int response_length = 0;
+ int resp = 0;
+ int total_resp_len = 0;
+ int timeout = 100000;
+
+ mmio_write_32(MBOX_OFFSET + MBOX_DOORBELL_TO_SDM, 1);
+
+ while (mmio_read_32(MBOX_OFFSET + MBOX_DOORBELL_FROM_SDM) != 1) {
+ if (timeout-- < 0)
+ return MBOX_NO_RESPONSE;
+ }
+
+ mmio_write_32(MBOX_OFFSET + MBOX_DOORBELL_FROM_SDM, 0);
+
+ rin = mmio_read_32(MBOX_OFFSET + MBOX_RIN);
+ rout = mmio_read_32(MBOX_OFFSET + MBOX_ROUT);
+
+ while (rout != rin) {
+ resp = mmio_read_32(MBOX_OFFSET +
+ MBOX_RESP_BUFFER + ((rout++)*4));
+
+ rout %= MBOX_RESP_BUFFER_SIZE;
+ mmio_write_32(MBOX_OFFSET + MBOX_ROUT, rout);
+
+ if (MBOX_RESP_CLIENT_ID(resp) != MBOX_ATF_CLIENT_ID ||
+ MBOX_RESP_JOB_ID(resp) != job_id) {
+ return MBOX_WRONG_ID;
+ }
+
+ if (MBOX_RESP_ERR(resp) > 0) {
+ INFO("Error in response: %x\n", resp);
+ return -resp;
+ }
+ response_length = MBOX_RESP_LEN(resp);
+
+ while (response_length) {
+
+ response_length--;
+ resp = mmio_read_32(MBOX_OFFSET +
+ MBOX_RESP_BUFFER +
+ (rout)*4);
+ if (response) {
+ *(response + total_resp_len) = resp;
+ total_resp_len++;
+ }
+ rout++;
+ rout %= MBOX_RESP_BUFFER_SIZE;
+ mmio_write_32(MBOX_OFFSET + MBOX_ROUT, rout);
+ }
+ return total_resp_len;
+ }
+
+ return MBOX_NO_RESPONSE;
+}
+
+
+int mailbox_poll_response(int job_id, int urgent, uint32_t *response)
+{
+ int timeout = 80000;
+ int rin = 0;
+ int rout = 0;
+ int response_length = 0;
+ int resp = 0;
+ int total_resp_len = 0;
+
+ mmio_write_32(MBOX_OFFSET + MBOX_DOORBELL_TO_SDM, 1);
+
+ while (1) {
+ while (timeout > 0 &&
+ mmio_read_32(MBOX_OFFSET +
+ MBOX_DOORBELL_FROM_SDM) != 1) {
+ timeout--;
+ }
+
+ if (mmio_read_32(MBOX_OFFSET + MBOX_DOORBELL_FROM_SDM) != 1) {
+ INFO("Timed out waiting for SDM");
+ return MBOX_TIMEOUT;
+ }
+
+ mmio_write_32(MBOX_OFFSET + MBOX_DOORBELL_FROM_SDM, 0);
+
+ if (urgent & 1) {
+ if ((mmio_read_32(MBOX_OFFSET + MBOX_STATUS) &
+ MBOX_STATUS_UA_MASK) ^
+ (urgent & MBOX_STATUS_UA_MASK)) {
+ mmio_write_32(MBOX_OFFSET + MBOX_URG, 0);
+ return 0;
+ }
+
+ mmio_write_32(MBOX_OFFSET + MBOX_URG, 0);
+ INFO("Error: Mailbox did not get UA");
+ return -1;
+ }
+
+ rin = mmio_read_32(MBOX_OFFSET + MBOX_RIN);
+ rout = mmio_read_32(MBOX_OFFSET + MBOX_ROUT);
+
+ while (rout != rin) {
+ resp = mmio_read_32(MBOX_OFFSET +
+ MBOX_RESP_BUFFER + ((rout++)*4));
+
+ rout %= MBOX_RESP_BUFFER_SIZE;
+ mmio_write_32(MBOX_OFFSET + MBOX_ROUT, rout);
+
+ if (MBOX_RESP_CLIENT_ID(resp) != MBOX_ATF_CLIENT_ID ||
+ MBOX_RESP_JOB_ID(resp) != job_id)
+ continue;
+
+ if (MBOX_RESP_ERR(resp) > 0) {
+ INFO("Error in response: %x\n", resp);
+ return -MBOX_RESP_ERR(resp);
+ }
+ response_length = MBOX_RESP_LEN(resp);
+
+ while (response_length) {
+
+ response_length--;
+ resp = mmio_read_32(MBOX_OFFSET +
+ MBOX_RESP_BUFFER +
+ (rout)*4);
+ if (response) {
+ *(response + total_resp_len) = resp;
+ total_resp_len++;
+ }
+ rout++;
+ rout %= MBOX_RESP_BUFFER_SIZE;
+ mmio_write_32(MBOX_OFFSET + MBOX_ROUT, rout);
+ }
+ return total_resp_len;
+ }
+ }
+}
+
+void mailbox_send_cmd_async(int job_id, unsigned int cmd, uint32_t *args,
+ int len, int urgent)
+{
+ if (urgent)
+ mmio_write_32(MBOX_OFFSET + MBOX_URG, 1);
+
+ fill_mailbox_circular_buffer(MBOX_CLIENT_ID_CMD(MBOX_ATF_CLIENT_ID) |
+ MBOX_JOB_ID_CMD(job_id) |
+ MBOX_CMD_LEN_CMD(len) |
+ MBOX_INDIRECT |
+ cmd, args, len);
+}
+
+int mailbox_send_cmd(int job_id, unsigned int cmd, uint32_t *args,
+ int len, int urgent, uint32_t *response)
+{
+ int status;
+
+ if (urgent) {
+ urgent |= mmio_read_32(MBOX_OFFSET + MBOX_STATUS) &
+ MBOX_STATUS_UA_MASK;
+ mmio_write_32(MBOX_OFFSET + MBOX_URG, 1);
+ }
+
+ status = fill_mailbox_circular_buffer(
+ MBOX_CLIENT_ID_CMD(MBOX_ATF_CLIENT_ID) |
+ MBOX_JOB_ID_CMD(job_id) |
+ cmd, args, len);
+
+ if (status)
+ return status;
+
+ return mailbox_poll_response(job_id, urgent, response);
+}
+
+void mailbox_set_int(int interrupt)
+{
+
+ mmio_write_32(MBOX_OFFSET+MBOX_INT, MBOX_COE_BIT(interrupt) |
+ MBOX_UAE_BIT(interrupt));
+}
+
+
+void mailbox_set_qspi_open(void)
+{
+ mailbox_set_int(MBOX_INT_FLAG_COE | MBOX_INT_FLAG_RIE);
+ mailbox_send_cmd(MBOX_JOB_ID, MBOX_CMD_QSPI_OPEN, 0, 0, 0, 0);
+}
+
+void mailbox_set_qspi_direct(void)
+{
+ mailbox_send_cmd(MBOX_JOB_ID, MBOX_CMD_QSPI_DIRECT, 0, 0, 0, 0);
+}
+
+void mailbox_set_qspi_close(void)
+{
+ mailbox_set_int(MBOX_INT_FLAG_COE | MBOX_INT_FLAG_RIE);
+ mailbox_send_cmd(MBOX_JOB_ID, MBOX_CMD_QSPI_CLOSE, 0, 0, 0, 0);
+}
+
+int mailbox_get_qspi_clock(void)
+{
+ mailbox_set_int(MBOX_INT_FLAG_COE | MBOX_INT_FLAG_RIE);
+ return mailbox_send_cmd(MBOX_JOB_ID, MBOX_CMD_QSPI_DIRECT, 0, 0, 0, 0);
+}
+
+void mailbox_qspi_set_cs(int device_select)
+{
+ uint32_t cs_setting = device_select;
+
+ /* QSPI device select settings at 31:28 */
+ cs_setting = (cs_setting << 28);
+ mailbox_set_int(MBOX_INT_FLAG_COE | MBOX_INT_FLAG_RIE);
+ mailbox_send_cmd(MBOX_JOB_ID, MBOX_CMD_QSPI_SET_CS, &cs_setting,
+ 1, 0, 0);
+}
+
+void mailbox_reset_cold(void)
+{
+ mailbox_set_int(MBOX_INT_FLAG_COE | MBOX_INT_FLAG_RIE);
+ mailbox_send_cmd(MBOX_JOB_ID, MBOX_CMD_REBOOT_HPS, 0, 0, 0, 0);
+}
+
+int mailbox_init(void)
+{
+ int status = 0;
+
+ mailbox_set_int(MBOX_INT_FLAG_COE | MBOX_INT_FLAG_RIE);
+ status = mailbox_send_cmd(0, MBOX_CMD_RESTART, 0, 0, 1, 0);
+
+ if (status)
+ return status;
+
+ mailbox_set_int(MBOX_INT_FLAG_COE | MBOX_INT_FLAG_RIE);
+
+ return 0;
+}
+
diff --git a/plat/rpi3/rpi3_bl2_setup.c b/plat/rpi3/rpi3_bl2_setup.c
index 3d1f8f9..b5e5835 100644
--- a/plat/rpi3/rpi3_bl2_setup.c
+++ b/plat/rpi3/rpi3_bl2_setup.c
@@ -44,8 +44,8 @@
memset(¶ms, 0, sizeof(struct rpi3_sdhost_params));
params.reg_base = RPI3_SDHOST_BASE;
- params.bus_width = MMC_BUS_WIDTH_4;
- params.clk_rate = 392464;
+ params.bus_width = MMC_BUS_WIDTH_1;
+ params.clk_rate = 50000000;
mmc_info.mmc_dev_type = MMC_IS_SD_HC;
rpi3_sdhost_init(¶ms, &mmc_info);
}
diff --git a/readme.rst b/readme.rst
index deca2d2..ae9ca80 100644
--- a/readme.rst
+++ b/readme.rst
@@ -194,7 +194,7 @@
- Allwinner sun50i_64 and sun50i_h6
- Amlogic Meson S905 (GXBB)
-- Arm SGI-575, SGI Clark.A, SGI Clark.H and SGM-775
+- Arm SGI-575, RDN1Edge, RDE1Edge and SGM-775
- Arm Neoverse N1 System Development Platform
- HiKey, HiKey960 and Poplar boards
- Marvell Armada 3700 and 8K
diff --git a/services/spd/trusty/generic-arm64-smcall.c b/services/spd/trusty/generic-arm64-smcall.c
index 771e2cf..dfc3e71 100644
--- a/services/spd/trusty/generic-arm64-smcall.c
+++ b/services/spd/trusty/generic-arm64-smcall.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -8,6 +8,7 @@
#include <common/debug.h>
#include <common/runtime_svc.h>
+#include <platform_def.h>
#include "generic-arm64-smcall.h"