Masahiro Yamada [Tue, 30 Jan 2018 10:30:39 +0000 (19:30 +0900)]
uniphier: allocate xlat region of on-chip SRAM only when needed
Currently, the xlat region of the on-chip SRAM is always allocated
for all BL images.
The access to the on-chip SRAM is necessary for loading images from
a USB memory device (i.e. when updating firmware), so unneeded for
the usual boot procedure.
To avoid this waste, allocate the xlat region dynamically only for
BL2, and only when it is necessary.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada [Tue, 30 Jan 2018 09:49:37 +0000 (18:49 +0900)]
uniphier: get back original BL31/32 location used before BL2-AT-EL3
Commit
247fc0435191 ("uniphier: switch to BL2-AT-EL3 and remove BL1
support") accidentally changed the location of BL31 and BL32. The
new memory map overlaps with the audio DSP images, also gives impact
to OP-TEE. They are both out of control of ARM Trusted Firmware, so
not easy to change. This commit restores the image layout that was
originally used prior to the BL2-AT-EL3 migration.
Reported-by: Katsuhiro Suzuki <suzuki.katsuhiro@socionext.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
davidcunado-arm [Thu, 1 Feb 2018 18:15:53 +0000 (18:15 +0000)]
Merge pull request #1245 from antonio-nino-diaz-arm/an/checkpatch
Analyze coding style of patches individually
davidcunado-arm [Thu, 1 Feb 2018 10:39:05 +0000 (10:39 +0000)]
Merge pull request #1240 from dp-arm/dp/smccc
Implement support for SMCCC v1.1 and optimize security mitigations for CVE-2017-5715 on AArch64
davidcunado-arm [Thu, 1 Feb 2018 08:58:23 +0000 (08:58 +0000)]
Merge pull request #1236 from dbasehore/gic-save-restore
RK3399 GIC save/restore
davidcunado-arm [Tue, 30 Jan 2018 20:50:16 +0000 (20:50 +0000)]
Merge pull request #1242 from afaerber/fiptool-hikey-pad
fiptool: Fix use after free
davidcunado-arm [Tue, 30 Jan 2018 12:45:52 +0000 (12:45 +0000)]
Merge pull request #1220 from jwerner-chromium/JW_ld_bfd
Makefile: Use ld.bfd linker if available
davidcunado-arm [Tue, 30 Jan 2018 11:15:20 +0000 (11:15 +0000)]
Merge pull request #1248 from stevecapperarm/fixes/pie-logic
Correct the Makefile logic for disabling PIE
davidcunado-arm [Tue, 30 Jan 2018 08:59:35 +0000 (08:59 +0000)]
Merge pull request #1235 from jwerner-chromium/JW_udelay
Fix udelay issues that can make duration slightly too short
davidcunado-arm [Mon, 29 Jan 2018 23:16:27 +0000 (23:16 +0000)]
Merge pull request #1237 from sandrine-bailleux-arm/sb/spm-timer
SPM: Map devices in the 1st GB
davidcunado-arm [Mon, 29 Jan 2018 22:46:27 +0000 (22:46 +0000)]
Merge pull request #1246 from sandrine-bailleux-arm/topics/sb/fix-cnp-doc
Fix documentation for CnP bit
davidcunado-arm [Mon, 29 Jan 2018 22:45:35 +0000 (22:45 +0000)]
Merge pull request #1243 from afaerber/hikey-docs
docs: hikey: Fix typo
Julius Werner [Wed, 10 Jan 2018 23:12:47 +0000 (15:12 -0800)]
Makefile: Use ld.bfd linker if available
Some toolchain distributions install both the BFD and GOLD linkers under
the names <target>-ld.bfd and <target>-ld.gold. <target>-ld will then be
a symlink that may point to either one of these.
Trusted Firmware should always be linked with the BFD linker, since GOLD
is meant primarily for userspace programs and doesn't support many of
the more obscure linker script features that may be needed for firmware.
With this patch the Makefile will auto-detect if ld.bfd is available and
use it explicitly in that case.
Change-Id: I7017055f67db3bd57d191d20a7af06ca646937d7
Signed-off-by: Julius Werner <jwerner@chromium.org>
Sandrine Bailleux [Mon, 29 Jan 2018 13:48:15 +0000 (14:48 +0100)]
Fix documentation for CnP bit
The CnP bit documentation in the Firmware Design Guide incorrectly
used the term "Page Entries" instead of "Processing Elements".
Fix that.
Change-Id: Ie44ee99c281b7b1a9ad90fba2c7d109f12425507
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Antonio Nino Diaz [Mon, 29 Jan 2018 12:00:31 +0000 (12:00 +0000)]
Analyze coding style of patches individually
With the old system `checkpatch.pl` gets one sole input that consists of
the commit message and commit diff of each commit between BASE_COMMIT
and HEAD. It also filters out changes in some files, which makes `git
format-patch` completely ignore that commit, even the commit message.
With the new system the commit message and commit diff are analyzed
separately. This means that, even if all the files modified by a commit
are filtered out, the commit message will still be analyzed.
Also, all commits are analyzed individually. This way it's easier to
know which commit caused the problem, and there are no warnings about
repeated "Signed-off-by" lines.
Change-Id: Ic676a0b76801bb2607141a8d73dc3a942dc01c0e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Dimitris Papastamos [Mon, 8 Jan 2018 13:57:39 +0000 (13:57 +0000)]
Optimize SMCCC_ARCH_WORKAROUND_1 on Cortex A57/A72/A73 and A75
This patch implements a fast path for this SMC call on affected PEs by
detecting and returning immediately after executing the workaround.
NOTE: The MMU disable/enable workaround now assumes that the MMU was
enabled on entry to EL3. This is a valid assumption as the code turns
on the MMU after reset and leaves it on until the core powers off.
Change-Id: I13c336d06a52297620a9760fb2461b4d606a30b3
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos [Thu, 11 Jan 2018 15:29:36 +0000 (15:29 +0000)]
Optimize/cleanup BPIALL workaround
In the initial implementation of this workaround we used a dedicated
workaround context to save/restore state. This patch reduces the
footprint as no additional context is needed.
Additionally, this patch reduces the memory loads and stores by 20%,
reduces the instruction count and exploits static branch prediction to
optimize the SMC path.
Change-Id: Ia9f6bf06fbf8a9037cfe7f1f1fb32e8aec38ec7d
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos [Mon, 22 Jan 2018 12:58:52 +0000 (12:58 +0000)]
Add support for SMCCC_VERSION in PSCI features
On some platforms it may be necessary to discover the SMCCC version
via a PSCI features call.
Change-Id: I95281ac2263ca9aefda1809eb03464fbdb8ac24d
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos [Fri, 19 Jan 2018 16:58:29 +0000 (16:58 +0000)]
Implement support for SMCCC v1.1
SMCCC v1.1 comes with a relaxed calling convention for AArch64
callers. The caller only needs to save x0-x3 before doing an SMC
call.
This patch adds support for SMCCC_VERSION and SMCCC_ARCH_FEATURES.
Refer to "Firmware Interfaces for mitigating CVE_2017_5715 System
Software on Arm Systems"[0] for more information.
[0] https://developer.arm.com/-/media/developer/pdf/ARM%20DEN%
200070A%20Firmware%20interfaces%20for%20mitigating%20CVE-2017-5715_V1.0.pdf
Change-Id: If5b1c55c17d6c5c7cb9c2c3ed355d3a91cdad0a9
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos [Mon, 22 Jan 2018 11:53:04 +0000 (11:53 +0000)]
runtime_exceptions: Save x4-x29 unconditionally
In preparation for SMCCC v1.1 support, save x4 to x29 unconditionally.
Previously we expected callers coming from AArch64 mode to preserve
x8-x17. This is no longer the case with SMCCC v1.1 as AArch64 callers
only need to save x0-x3.
Change-Id: Ie62d620776533969ff4a02c635422f1b9208be9c
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos [Wed, 24 Jan 2018 16:41:14 +0000 (16:41 +0000)]
Disable workaround for CVE-2017-5715 on unaffected platforms
Change-Id: Ib67b841ab621ca1ace3280e44cf3e1d83052cb73
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
davidcunado-arm [Mon, 29 Jan 2018 09:54:52 +0000 (09:54 +0000)]
Merge pull request #1241 from vchong/fixmemprot
hikey: fix assert in sec_protect()
Sandrine Bailleux [Fri, 12 Jan 2018 14:50:12 +0000 (15:50 +0100)]
SPM: Map devices in the 1st GB
This patch maps the devices in the first GB of the system address map
on the FVP into the S-EL1&0 translation regime when SPM support is
enabled. This grants the Secure Partition access to the devices in
this region, for example the memory-mapped Generic Timer device.
Change-Id: I3aeea65f859ecbe83efde2acee20c55500c451bc
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Andreas Färber [Mon, 29 Jan 2018 01:47:10 +0000 (02:47 +0100)]
docs: hikey: Fix typo
The correct name of the manufacturer is LeMaker.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Andreas Färber [Sat, 27 Jan 2018 15:46:59 +0000 (16:46 +0100)]
fiptool: Fix use after free
Commit
880b9e8b4c99ad99eee14079d5a6162733ef4931 (Add padding at the end
of the last entry) added code using toc_entry pointer, whose memory is
already freed via variable buf. This causes enormous padding on openSUSE.
Free the memory buffer only after padding is done.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Victor Chong [Sat, 27 Jan 2018 12:36:12 +0000 (21:36 +0900)]
hikey: fix assert in sec_protect()
`assert(e)` was used in place of `if (e) ERROR()` when sec_protect()
was ported from hikey fork so the logic should have been reversed.
Fixes: 3d5d9f5a ("hikey: configure the top 16MB of DRAM as secure")
Fixes: 52988b38 ("hikey: configure 4 MB of secure DRAM for OP-TEE
Secure Data Path")
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Tested-by: Victor Chong <victor.chong@linaro.org>
davidcunado-arm [Fri, 26 Jan 2018 17:29:36 +0000 (17:29 +0000)]
Merge pull request #1205 from petegriffin/hikey-protect-memory
Hikey protect optee / sdp memory
Derek Basehore [Fri, 26 Jan 2018 06:05:41 +0000 (22:05 -0800)]
rockchip: Disable rdist before pwr_dm_suspend is called
This disables the redistributor before either of the pwr_dm_suspend
functions are called. This is because the rdist save code in the
rk3399 rockchip_soc_sys_pwr_dm_suspend function requires that each
redistributor be disabled before saving state.
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
Julius Werner [Mon, 22 Jan 2018 22:02:03 +0000 (14:02 -0800)]
delay_timer: Guarantee that delay time can never be undershot
Delay functions like udelay() are often used to ensure that the
necessary time passed to allow some asynchronous event to finish, such
as the stabilization delay for a power rail. For these use cases it is
not very problematic if the delay is slightly longer than requested,
but it is critical that the delay must never be shorter.
The current udelay() implementation contains two hazards that may cause
the delay to be slightly shorter than intended: Firstly, the amount of
ticks to wait is calculated with an integer division, which may cut off
the last fraction of ticks needed. Secondly, the delay may be short by a
fraction of a tick because we do not know whether the initial ("start")
sample of the timer was near the start or near the end of the current
tick. Thus, if the code intends to wait for one tick, it might read the
timer value close to the end of the current tick and then read it again
right after the start of the next tick, concluding that the duration of
a full tick has passed when it in fact was just a fraction of it.
This patch rounds up the division and always adds one extra tick to
counteract both problems and ensure that delays will always be larger
but never smaller than requested.
Change-Id: Ic5fe5f858b5cdf3c0dbf3e488d4d5702d9569433
Signed-off-by: Julius Werner <jwerner@chromium.org>
davidcunado-arm [Thu, 25 Jan 2018 16:36:43 +0000 (16:36 +0000)]
Merge pull request #1232 from masahir0y/uniphier
uniphier: migrate to BL2-AT-EL3
davidcunado-arm [Thu, 25 Jan 2018 00:52:01 +0000 (00:52 +0000)]
Merge pull request #1234 from SNG-ARM/master
SPM: Declare explicit width based types in secure_partition_boot_info…
davidcunado-arm [Thu, 25 Jan 2018 00:07:06 +0000 (00:07 +0000)]
Merge pull request #1231 from Leo-Yan/hikey960_enable_fiq_handling
Hikey960: Enable invalid FIQ handling
davidcunado-arm [Thu, 25 Jan 2018 00:06:50 +0000 (00:06 +0000)]
Merge pull request #1228 from dp-arm/dp/cve_2017_5715
Workarounds for CVE-2017-5715 on A9/A15 and A17 + serial console reporting
davidcunado-arm [Wed, 24 Jan 2018 23:00:01 +0000 (23:00 +0000)]
Merge pull request #1223 from vchong/poplar_bl1loadsfip
poplar: Enable emmc and recovery build support
davidcunado-arm [Wed, 24 Jan 2018 14:31:53 +0000 (14:31 +0000)]
Merge pull request #1193 from jwerner-chromium/JW_coreboot
New console API and coreboot support [v4]
Masahiro Yamada [Tue, 19 Dec 2017 02:56:05 +0000 (11:56 +0900)]
uniphier: switch to BL2-AT-EL3 and remove BL1 support
UniPhier platform implements non-TF boot ROM. Prior to the BL2-AT-EL3
support, BL1 (worked as a pseudo ROM) was needed just for ensuring BL2
is entered at EL1-S. Now, this platform is able to avoid this waste.
Enable the BL2_AT_EL3 option, and remove BL1.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada [Mon, 22 Jan 2018 09:35:16 +0000 (18:35 +0900)]
uniphier: set PROGRAMMABLE_RESET_ADDRESS to disable warm boot mailbox
The warm boot mailbox code is compiled if PROGRAMMABLE_RESET_ADDRESS
is disabled.
The warm boot mailbox is useless for UniPhier SoC family because BL1
is not the first image. The UniPhier platform implements non-TF ROM,
then BL1 works as a pseudo ROM, so it is never executed in the warm
boot.
The reset vector address is not actually programmable for UniPhier
platform, but it should not hurt to enable PROGRAMMABLE_RESET_ADDRESS
to disable the mailbox and remove pointless plat_get_my_entrypoint.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
davidcunado-arm [Wed, 24 Jan 2018 12:31:06 +0000 (12:31 +0000)]
Merge pull request #1233 from soby-mathew/sm/rm_uniphier_override
Allow API deprecation for uniphier platform
Peter Griffin [Thu, 21 Dec 2017 18:03:46 +0000 (18:03 +0000)]
hikey: configure 4 MB of secure DRAM for OP-TEE Secure Data Path
Update the memory firewall configuration to reserve 4 MB of secure RAM
for use by the kernel and OP-TEE as the Secure Data Path pool.
Note that this address range (0x3E800000 - 0x3EC00000) falls in the
range already set aside by UEFI (which reserves the upper 32 MB of the
1GB DRAM for OP-TEE [1]) and was previously unused.
[1] https://github.com/96boards-hikey/edk2/blob/hikey/HisiPkg/HiKeyPkg/Library/HiKeyLib/HiKeyMem.c#L44
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
Acked-by: Victor Chong <victor.chong@linaro.org>
Jerome Forissier [Mon, 4 May 2015 07:40:03 +0000 (09:40 +0200)]
hikey: configure the top 16MB of DRAM as secure
DRAM region 0x3f000000 - 0x3fffffff is reserved for OP-TEE and should
therefore be accessible only from secure world.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
Acked-by: Victor Chong <victor.chong@linaro.org>
Derek Basehore [Wed, 24 Jan 2018 01:18:57 +0000 (17:18 -0800)]
rockchip/rk3399: Save and restore GIC
This adds calls to the GICv3 save/restore functions for the GIC
distributor and redistributor.
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
Derek Basehore [Wed, 24 Jan 2018 00:24:43 +0000 (16:24 -0800)]
rockchip/rk3399: Add udelay to wait loops
We were looping for MAX_WAIT_COUNT in several places without any
delays, so this adds the delays to make those loops more predictable.
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
Derek Basehore [Wed, 24 Jan 2018 00:02:27 +0000 (16:02 -0800)]
rockchip/rk3399: Fix QOS save/restore
The code was accidentally restoring the QOS on suspend and saving the
QOS on resume. This is the opposite of what we want.
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
Derek Basehore [Tue, 23 Jan 2018 23:49:17 +0000 (15:49 -0800)]
GICv3: Fix Dist restore for when the GIC is reset
If the GIC loses power during suspend, which the restore code was
written for, exit early in the post restore power sequence. This
prevents an assert from tripping, and the power sequence isn't needed
in this case anyways.
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
Derek Basehore [Tue, 23 Jan 2018 23:44:31 +0000 (15:44 -0800)]
rockchip/rk3399: Change PD_CTR_LOOP to 10000
This brings ATF into line with the kernel on the timeout for power
domains turning on. We could actually timeout (when we shouldn't) on
resume when turning power domains on. The guaranteed maximum delay is
now 10ms.
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
Steve Capper [Tue, 23 Jan 2018 03:30:05 +0000 (03:30 +0000)]
Correct the Makefile logic for disabling PIE
In the Makefile we use findstring to locate gcc toolchains
that have PIE enabled by default.
Unfortunately the result of findstring is compared against
an integer, 1, rather than a non-empty string; the logic to
disable PIE then doesn't get applied.
This patch fixes the flag test.
Fixes: f7ec31db2db3 ("Disable PIE compilation option")
Change-Id: I4cd2866974e313d6b408f9681311d78a208ab468
Signed-off-by: Steve Capper <steve.capper@arm.com>
Julius Werner [Mon, 22 Jan 2018 21:56:13 +0000 (13:56 -0800)]
Make div_round_up() correct for divisors that are not a power of 2
The current div_round_up() implementation relies on round_up() which
only works correctly for boundaries that are a power of 2. It is
documented as such, but this still seems dangerously easy to overlook,
especially since many other environments (e.g. the Linux kernel) have a
similar macro without these limitations.
There is a different way to calculate this that can deal with all kinds
of divisors without other drawbacks, so let's just use that instead.
Change-Id: Id382736683f5d4e880ef00c53cfa23a2f9208440
Signed-off-by: Julius Werner <jwerner@chromium.org>
Sughosh Ganu [Mon, 11 Dec 2017 13:33:19 +0000 (19:03 +0530)]
SPM: Declare explicit width based types in secure_partition_boot_info_t structure
The secure_partition_boot_info_t structure is used to communicate boot
parameters with the StandaloneMM code executing at S-EL0 through a
shared buffer. Certain data types used for members of this structure
are opaque with their size depending on the toolchain being used.
Declare the members of the structure with explicit width based data
types, which would maintain compatibility across toolchains.
Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>
Soby Mathew [Fri, 10 Nov 2017 12:08:46 +0000 (12:08 +0000)]
Allow API deprecation for uniphier platform
The `override ERROR_DEPRECATION = 1` setting in uniphier platform
makes deprecation of API difficult. Hence removing the same. This
flag should be specified on the command line if needed.
Change-Id: I8c82d8d13944e450a8cd636de3326137c04d7560
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Victor Chong [Mon, 15 Jan 2018 15:29:47 +0000 (00:29 +0900)]
poplar: Add support for recovery build
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Shawn Guo <shawn.guo@linaro.org>
Tested-by: Shawn Guo <shawn.guo@linaro.org>
Victor Chong [Tue, 2 Jan 2018 16:53:08 +0000 (01:53 +0900)]
poplar: Enable emmc support
Let bl1 and bl2 have the ability to load images from emmc instead of
dram (mmap).
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Shawn Guo <shawn.guo@linaro.org>
Tested-by: Shawn Guo <shawn.guo@linaro.org>
Leo Yan [Mon, 22 Jan 2018 04:40:25 +0000 (12:40 +0800)]
Hikey960: Enable invalid FIQ handling
When some interrupts are configured as group 0 in GICv2, these
interrupts trigger FIQ signal; this results in the Linux kernel panic
by reporting log: "Bad mode in FIQ handler detected on CPU0, code
0x00000000 -- Unknown/Uncategorized". Unfortunately from kernel side it
has no permission to read the GIC register for group 0 interrupts so we
have no chance to get to know which interrupt is configured as secure
interrupt and cause the kernel panic.
For upper reason, this commit enables FIQ exception handling for
SPD_none case. If the system has not enabled SPD the FIQ interrupt is
trapped into EL3 and the FIQ handler can report the interrupt number so
we can easily narrow down which FIQ introduce unexpected interrupt.
After enable SPD we can rely on SPD interrupt route model to handle FIQ.
Signed-off-by: Leo Yan <leo.yan@linaro.org>
davidcunado-arm [Sat, 20 Jan 2018 17:04:49 +0000 (17:04 +0000)]
Merge pull request #1229 from manojkumar-arm/manojkumar-arm/ca72-aarch32-reset-fix
lib/cpus: fix branching in reset function for cortex-a72 AARCH32 mode
davidcunado-arm [Fri, 19 Jan 2018 23:56:58 +0000 (23:56 +0000)]
Merge pull request #1227 from geesun/qx/emmc_macros
emmc: add macros CMD21, BUS_WIDTH_DDR_4 and BUS_WIDTH_DDR_8
Julius Werner [Tue, 13 Jun 2017 22:53:45 +0000 (15:53 -0700)]
coreboot: Add support for CBMEM console
coreboot supports an in-memory console to store firmware logs even when
no serial console is available. It is widely supported by
coreboot-compatible bootloaders (including SeaBIOS and GRUB) and can be
read by the Linux kernel.
This patch allows BL31 to add its own log messages to this console. The
driver will be registered automatically if coreboot support is compiled
in and detects the presence of a console buffer in the coreboot tables.
Change-Id: I31254dfa0c2fdeb7454634134b5707b4b4154907
Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner [Wed, 2 Aug 2017 23:31:04 +0000 (16:31 -0700)]
rockchip: Move to MULTI_CONSOLE_API
This patch changes all Rockchip platforms to use the new
MULTI_CONSOLE_API. The platform-specific plat_crash_console
implementations are removed so that the platform can use the ones from
the common platform code instead.
Also change the registers used in plat_crash_print_regs. The existing
use of x16 and x17 has always been illegal, since those registers are
reserved for use by the linker as a temporary scratch registers in
intra-procedure-call veneers and can never be expected to maintain their
values across a function call.
Change-Id: I8249424150be8d5543ed4af93b56756795a5288f
Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner [Fri, 9 Jun 2017 22:22:44 +0000 (15:22 -0700)]
rockchip: Use coreboot-supplied serial console on coreboot systems
This patch changes all Rockchip platforms to initialize the serial
console with information supplied by coreboot rather than hardcoded
base address and divisor values if BL31 is run on top of coreboot.
Moving the BL2-to-BL31 parameter parsing as early as possible to ensure
that the console is available for all following code.
Also update the Rockchip platform to use MULTI_CONSOLE_API.
Change-Id: I670d350fa2f8b8133539f91ac14977ab47db60d9
Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner [Fri, 9 Jun 2017 22:17:15 +0000 (15:17 -0700)]
Add platform-independent coreboot support library
This patch adds the foundation for a platform-independent coreboot
support library that can be shared by all platforms that boot BL31 from
coreboot (acting as BL2). It adds code to parse the "coreboot table", a
data structure that coreboot uses to communicate different kinds of
information to later-stage firmware and certain OS drivers.
As a first small use case for this information, allow platforms to
access the serial console configuration used by coreboot, removing the
need to hardcode base address and divisors and allowing Trusted Firmware
to benefit from coreboot's user configuration (e.g. which UART to pick
and which baud rate to use).
Change-Id: I2bfb39cd2609ce6640b844ab68df6c9ae3f28e9e
Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner [Tue, 19 Sep 2017 00:01:06 +0000 (17:01 -0700)]
drivers: cadence: cdns: Update CDNS driver to support MULTI_CONSOLE_API
This patch updates the Cadence CDNS console driver to support the new
console API. The driver will continue to support the old API as well by
checking the MULTI_CONSOLE_API compile-time flag.
Change-Id: I2ef8fb0d6ab72696997db1e0243a533499569d6b
Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner [Mon, 18 Sep 2017 23:59:43 +0000 (16:59 -0700)]
drivers: arm: pl011: Update PL011 driver to support MULTI_CONSOLE_API
This patch updates the ARM PL011 console driver to support the new
console API. The driver will continue to support the old API as well by
checking the MULTI_CONSOLE_API compile-time flag.
Change-Id: Ic34e4158addbb0c5fae500c9cff899c05a4f4206
Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner [Mon, 18 Sep 2017 23:57:51 +0000 (16:57 -0700)]
drivers: ti: uart: Update 16550 UART driver to support MULTI_CONSOLE_API
This patch updates the TI 16550 console driver to support the new
console API. The driver will continue to support the old API as well by
checking the MULTI_CONSOLE_API compile-time flag.
Change-Id: I60a44b7ba3c35c74561824c04b8dbe3e3039324c
Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner [Mon, 18 Sep 2017 23:49:48 +0000 (16:49 -0700)]
Add default crash console code to hook up to new console API
This patch expands the weak stubs for the plat_crash_console_xxx
functions in common platform code to use the new console API for crash
output. This should make crash console output "just work" for most cases
without the need for the platform to explicitly set up a crash console.
For cases where the normal console framework doesn't work (e.g. very
early crashes, before the platform can register any consoles), platforms
are still able to override the functions just like before.
This feature requires the MULTI_CONSOLE_API compile-time flag to work.
For builds which don't have it set, this patch has no practical effect.
Change-Id: I80dd161cb43f9db59a0bad2dae33c6560cfac584
Signed-off-by: Julius Werner <jwerner@chromium.org>
davidcunado-arm [Fri, 19 Jan 2018 13:40:12 +0000 (13:40 +0000)]
Merge pull request #1200 from robertovargas-arm/bl2-el3
Add BL2_AT_EL3 build option
Manoj Kumar [Fri, 19 Jan 2018 12:21:31 +0000 (17:51 +0530)]
lib/cpus: fix branching in reset function for cortex-a72 AARCH32 mode
In AARCH32 mode, cortex_a72_reset_func branches to address in lr
register instead of r5 register. This leads to linux boot failure
of Cortex-A72 cores in AARCH32 mode on Juno-R2 board.
This patch fixes the branching of cortex_a72_reset_func to r5
register as in cortex_a57_reset_func implementation.
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Roberto Vargas [Tue, 16 Jan 2018 10:35:23 +0000 (10:35 +0000)]
bl2-el3: Don't compile BL1 when BL2_AT_EL3 is defined in FVP
This patch modifies the makefiles to avoid the definition
of BL1_SOURCES and BL2_SOURCES in the tbbr makefiles, and
it lets to the platform makefiles to define them if they
actually need these images. In the case of BL2_AT_EL3
BL1 will not be needed usually because the Boot ROM will
jump directly to BL2.
Change-Id: Ib6845a260633a22a646088629bcd7387fe35dcf9
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas [Tue, 2 Jan 2018 11:23:41 +0000 (11:23 +0000)]
bl2-el3: Don't include BL2 in fip for BL2 at EL3
It is better to not include BL2 in FIP when using `BL2 at EL3` as
platforms using this config would not have the capability to parse the
FIP format in Boot ROM and BL2 needs to be loaded independently. This
patch does the required changes for the same.
Change-Id: Iad285c247b3440e2d827fef97c3dd81f5c09cabc
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas [Mon, 20 Nov 2017 13:36:10 +0000 (13:36 +0000)]
bl2-el3: Add documentation for BL2 at EL3
Update firmware-design.rst, porting-guide.rst and user-guide.rst
with the information about BL2 at EL3. Firmware-design.rst is
also update to explain how to test this feauture with FVP.
Change-Id: I86d64bc64594e13eb041cea9cefa3f7f3fa745bd
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Dimitris Papastamos [Wed, 3 Jan 2018 10:48:59 +0000 (10:48 +0000)]
Workaround for CVE-2017-5715 for Cortex A9, A15 and A17
A per-cpu vbar is installed that implements the workaround by
invalidating the branch target buffer (BTB) directly in the case of A9
and A17 and indirectly by invalidating the icache in the case of A15.
For Cortex A57 and A72 there is currently no workaround implemented
when EL3 is in AArch32 mode so report it as missing.
For other vulnerable CPUs (e.g. Cortex A73 and Cortex A75), there are
no changes since there is currently no upstream AArch32 EL3 support
for these CPUs.
Change-Id: Ib42c6ef0b3c9ff2878a9e53839de497ff736258f
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos [Tue, 2 Jan 2018 11:37:02 +0000 (11:37 +0000)]
sp_min: Implement workaround for CVE-2017-5715
This patch introduces two workarounds for ARMv7 systems. The
workarounds need to be applied prior to any `branch` instruction in
secure world. This is achieved using a custom vector table where each
entry is an `add sp, sp, #1` instruction.
On entry to monitor mode, once the sequence of `ADD` instructions is
executed, the branch target buffer (BTB) is invalidated. The bottom
bits of `SP` are then used to decode the exception entry type.
A side effect of this change is that the exception vectors are
installed before the CPU specific reset function. This is now
consistent with how it is done on AArch64.
Note, on AArch32 systems, the exception vectors are typically tightly
integrated with the secure payload (e.g. the Trusted OS). This
workaround will need porting to each secure payload that requires it.
The patch to modify the AArch32 per-cpu vbar to the corresponding
workaround vector table according to the CPU type will be done in a
later patch.
Change-Id: I5786872497d359e496ebe0757e8017fa98f753fa
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos [Tue, 16 Jan 2018 10:32:47 +0000 (10:32 +0000)]
Print erratum application report for CVE-2017-5715
Even though the workaround for CVE-2017-5715 is not a CPU erratum, the
code is piggybacking on the errata framework to print whether the
workaround was applied, missing or not needed.
Change-Id: I821197a4b8560c73fd894cd7cd9ecf9503c72fa3
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos [Tue, 16 Jan 2018 10:42:20 +0000 (10:42 +0000)]
Change the default errata format string
As we are using the errata framework to handle workarounds in a more
general sense, change the default string to reflect that.
Change-Id: I2e266af2392c9d95e18fe4e965f9a1d46fd0e95e
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Roberto Vargas [Fri, 17 Nov 2017 10:51:54 +0000 (10:51 +0000)]
bl2-el3: Mark all the assembly functions in bl2 at el3
When BL2_AT_EL3 option is enabled some platforms are going to
need a resident part in BL2 because the boot rom may jump to it
after a reset. This patch introduces __TEXT_RESIDENT_START__ and
__TEXT_RESIDENT_END__ linker symbols that mark the resident region.
Change-Id: Ib20c1b8ee257831bcc0ca7d3df98d0cb617a04f8
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas [Thu, 2 Nov 2017 16:36:51 +0000 (16:36 +0000)]
Mark functions defined in assembly files
This patch change the name of the section containing the functions
defined in assembly files from text.* to text.asm.*. This change
makes possible to select in the linker script the functions
defined in those files.
Change-Id: If35e44ef1b43ffd951dfac5e052db75d7198e2e0
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas [Fri, 17 Nov 2017 13:22:18 +0000 (13:22 +0000)]
bl2-el3: Add BL2 at EL3 support in FVP
This patch add supports for the new API added for BL2 at EL3 for
FVP. We don't have a non-TF Boot ROM for FVP, but this option can be
tested setting specific parameters in the model.
The bl2 image is loaded directly in memory instead of being loaded
by a non-TF Boot ROM and the reset address is changed:
--data cluster0.cpu0=bl2.bin@0x4001000
-C cluster0.cpu0.RVBAR=0x4001000
These parameters mean that in the cold boot path the processor will
jump to BL2 again. For this reason, BL2 is loaded in dram in this
case, to avoid other images reclaiming BL2 memory.
Change-Id: Ieb2ff8535a9e67ccebcd8c2212cad366e7776422
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas [Mon, 30 Oct 2017 14:43:43 +0000 (14:43 +0000)]
bl2-el3: Add BL2_EL3 image
This patch enables BL2 to execute at the highest exception level
without any dependancy on TF BL1. This enables platforms which already
have a non-TF Boot ROM to directly load and execute BL2 and subsequent BL
stages without need for BL1. This is not currently possible because
BL2 executes at S-EL1 and cannot jump straight to EL3.
Change-Id: Ief1efca4598560b1b8c8e61fbe26d1f44e929d69
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
davidcunado-arm [Wed, 17 Jan 2018 20:22:57 +0000 (20:22 +0000)]
Merge pull request #1226 from masahir0y/utils
utils: rename struct mem_region_t to struct mem_region
davidcunado-arm [Wed, 17 Jan 2018 17:34:29 +0000 (17:34 +0000)]
Merge pull request #1211 from Leo-Yan/remove_ca73_cpu_nap_state
Hikey960: Remove ca73 cpu nap state
Qixiang Xu [Wed, 17 Jan 2018 05:31:21 +0000 (13:31 +0800)]
emmc: add macros CMD21, BUS_WIDTH_DDR_4 and BUS_WIDTH_DDR_8
Add some macros according to JEDEC Standard Embedded Multi-Media
Card (eMMC) Electrical Standard (5.1)": Table 145 - Bus Mode
Selection.
Change-Id: Iaa45e0582653ef4290efd60d039f0bdc420eeb47
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
Masahiro Yamada [Tue, 16 Jan 2018 14:15:38 +0000 (23:15 +0900)]
utils: rename struct mem_region_t to struct mem_region
typedef mem_region_t mem_region_t;
... seems to work because they belong to different name-spaces,
but humans are confused even if compilers are not.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Leo Yan [Thu, 4 Jan 2018 01:32:50 +0000 (09:32 +0800)]
Hikey960: Change CPU standby state for WFI
At early time, the CPU CA73 retention state has been supported on
Hikey960. Later we found the system has the hang issue and for
resolving this issue Hisilicon released new MCU firmware, but
unfortunately the new MCU firmware has side effect and results in the
CA73 CPU cannot really enter retention state and roll back to WFI state.
After discussion we cannot see the possibility to enable CA73 retention
state anymore on Hikey960, based on this conclusion we should remove
this state supporting from ARM-TF and roll back to WFI state only. We
will commit one patch to remove CA73 CPU retention state in kernel DT
binding as well.
Cc: Daniel Lezcano <daniel.lezcano@linaro.org>
Cc: Haojian Zhuang <haojian.zhuang@linaro.org>
Cc: Kevin Wang <jean.wangtao@linaro.org>
Cc: Vincent Guittot <vincent.guittot@linaro.org>
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Leo Yan [Wed, 3 Jan 2018 06:52:19 +0000 (14:52 +0800)]
Revert "Hikey960: Change to use recommended power state id format"
This reverts commit
fdae60b6ba27c216fd86d13b7432a1ff4f57dd84.
The commit
fdae60b6ba27c216fd86d13b7432a1ff4f57dd84 changed the
parameter encoding for the hikey960. However that implies a DT change
in the kernel side. After submitting the DT change for upstreaming,
the backward compatibility issue and the interface change raise some
concerns from the Linux community about the issues related to kernel <->
ATF alignment. There is no way to detect a mis-alignment of those
without a deep knowledge of the ATF and the kernel. Furthermore, the
failing calls to PSCI in the idle path (because of bad parameters), will
lead to busy looping, implying: thermal issues and extra energy
consumption.
In regard of the Linux community concerns, the potential issues when the
ATF and the kernel are not aligned, it is preferable to revert the
commit.
Cc: Vincent Guittot <vincent.guittot@linaro.org>
Cc: Haojian Zhuang <haojian.zhuang@linaro.org>
Cc: Kevin Wang <jean.wangtao@linaro.org>
Co-authored-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Leo Yan <leo.yan@linaro.org>
davidcunado-arm [Tue, 16 Jan 2018 10:44:30 +0000 (10:44 +0000)]
Merge pull request #1221 from hzhuang1/fix_HLE
emmc/dw_mmc: fix the assert on HLE bit
davidcunado-arm [Tue, 16 Jan 2018 01:10:26 +0000 (01:10 +0000)]
Merge pull request #1219 from antonio-nino-diaz-arm/an/mm-version
SPM: Fix version header definitions
davidcunado-arm [Tue, 16 Jan 2018 01:10:13 +0000 (01:10 +0000)]
Merge pull request #1218 from antonio-nino-diaz-arm/an/xlat-fix
xlat v2: Correctly unmap regions on map error
davidcunado-arm [Tue, 16 Jan 2018 01:09:57 +0000 (01:09 +0000)]
Merge pull request #1216 from hzhuang1/fix_psci
Hikey960: Fix hikey960 pcie mount fail
davidcunado-arm [Tue, 16 Jan 2018 01:09:37 +0000 (01:09 +0000)]
Merge pull request #1215 from vwadekar/tlkd-ns-dram-ranges
spd: tlkd: support for "NS memory ranges" function ID
davidcunado-arm [Mon, 15 Jan 2018 23:58:52 +0000 (23:58 +0000)]
Merge pull request #1217 from robertovargas-arm/doc-plat_try_next_boot_source
Add documentation about plat_try_next_boot_source to bl1_platform_setup
davidcunado-arm [Mon, 15 Jan 2018 23:58:20 +0000 (23:58 +0000)]
Merge pull request #1213 from masahir0y/uniphier
uniphier: clean-up platform makefile
davidcunado-arm [Mon, 15 Jan 2018 16:37:39 +0000 (16:37 +0000)]
Merge pull request #1225 from dp-arm/dp/amu-remove-warn
AMU: Remove unnecessary WARN()
Dimitris Papastamos [Mon, 15 Jan 2018 14:52:57 +0000 (14:52 +0000)]
AMU: Remove unnecessary WARN()
If AMU is not supported by the hardware but it is enabled in Trusted
Firmware, the console will be spammed with warnings every time a CPU
is brought up with a CPU ON call.
Remove the warning message as this is more in line with how other
extensions like SPE and SVE are handled.
Change-Id: Iba6d367e4d1375ab554d23d2eaceab3ae1362c5a
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
davidcunado-arm [Fri, 12 Jan 2018 09:02:24 +0000 (09:02 +0000)]
Merge pull request #1197 from dp-arm/dp/amu
AMUv1 support
davidcunado-arm [Thu, 11 Jan 2018 23:39:30 +0000 (23:39 +0000)]
Merge pull request #1214 from dp-arm/dp/cve_2017_5715
Workarounds for CVE-2017-5715 on Cortex A57/A72/A73 and A75
davidcunado-arm [Thu, 11 Jan 2018 18:33:43 +0000 (18:33 +0000)]
Merge pull request #1222 from davidcunado-arm/dp/bl31_mem
Increase BL31 memory space by 2 pages
Dimitris Papastamos [Thu, 11 Jan 2018 15:32:32 +0000 (15:32 +0000)]
Increase BL31 memory space by 2 pages
On some build configurations BL31 is running out of space. Now that
TSP is moved to secure dram, we have a bit of additional space to use
in BL31.
Change-Id: Ib89fcd8bae99c85c9c5e5d9228bb42fb7048dcb6
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Signed-off-by: David Cunado <david.cunado@arm.com>
Dimitris Papastamos [Mon, 11 Dec 2017 11:45:35 +0000 (11:45 +0000)]
Add hooks to save/restore AMU context for Cortex A75
Change-Id: I504d3f65ca5829bc1f4ebadb764931f8379ee81f
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos [Tue, 28 Nov 2017 13:47:06 +0000 (13:47 +0000)]
AMU: Add hooks to save/restore AMU context
On some systems, the AMU counters might reset to 0 when a CPU
powerdown happens. This behaviour conflicts with the intended
use-case of AMU as lower ELs are only expected to see non-decreasing
counter values.
Change-Id: If25519965d4e6e47e09225d0e732947986cbb5ec
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos [Mon, 13 Nov 2017 09:49:45 +0000 (09:49 +0000)]
AMU: Add configuration helpers for aarch64
Add some AMU helper functions to allow configuring, reading and
writing of the Group 0 and Group 1 counters. Documentation for these
helpers will come in a separate patch.
Change-Id: I656e070d2dae830c22414f694aa655341d4e2c40
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos [Wed, 13 Dec 2017 10:54:37 +0000 (10:54 +0000)]
AMU: Add plat interface to select which group 1 counters to enable
A new platform macro `PLAT_AMU_GROUP1_COUNTERS_MASK` controls which
group 1 counters should be enabled. The maximum number of group 1
counters supported by AMUv1 is 16 so the mask can be at most 0xffff.
If the platform does not define this mask, no group 1 counters are
enabled.
A related platform macro `PLAT_AMU_GROUP1_NR_COUNTERS` is used by
generic code to allocate an array to save and restore the counters on
CPU suspend.
Change-Id: I6d135badf4846292de931a43bb563077f42bb47b
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos [Tue, 28 Nov 2017 15:16:00 +0000 (15:16 +0000)]
Add PubSub events for CPU powerdown/powerup
The suspend hook is published at the start of a CPU powerdown
operation. The resume hook is published at the end of a CPU powerup
operation.
Change-Id: I50c05e2dde0d33834095ac41b4fcea4c161bb434
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos [Tue, 2 Jan 2018 15:53:01 +0000 (15:53 +0000)]
Use PFR0 to identify need for mitigation of CVE-2017-5915
If the CSV2 field reads as 1 then branch targets trained in one
context cannot affect speculative execution in a different context.
In that case skip the workaround on Cortex A75.
Change-Id: I4d5504cba516a67311fb5f0657b08f72909cbd38
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
projects / project / bcm63xx / atf.git / log