Age | Commit message (Collapse) | Author |
|
Add CFG_BOOT_CM3 flag (default=y) to start the Cortex-M3 after
intialization.
Signed-off-by: Mourad Goumrhar <Mourad.Goumrhar@se.com>
|
|
Brief description of changes:
- Remove main_fiq
- Remove deprecated thread_handlers
- Remove SYSCTRL_BASE
- Replace CORE_MMU_DEVICE_SIZE with CORE_MMU_PGDIR_SIZE
- replace read/write functions with io_read/write
- Correct invocations io_write32() as per prototype:
void io_write32(vaddr_t addr, uint32_t val);
- Use GIC_SPI() macro to specify UART interrupt ID.
- Switch to use updated pager macro DECLARE_KEEP_PAGER().
- Remove overlapping IO memory regions registration to single secure
peripherals memory region registration.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: Ib91020501904dfb9ab6aa5497cb13234b20c8b36
|
|
Set the TrustZone configuration for NoC ports to
assign groups with critical ressources to the Secure world.
Signed-off-by: Mourad Goumrhar <Mourad.Goumrhar@se.com>
Change-Id: I3d4f1e387f4038356fece060750ab8bdd57fe114
|
|
Refactor the code by moving the list of register auth
to an external header file in RZN1 platform directory.
Use the list as a blacklist to allow everything by default
and only explicitly block critical registers.
Signed-off-by: Mourad Goumrhar <Mourad.Goumrhar@se.com>
Change-Id: Ib0a7ffe10c3516a72d6cdcb9abef37484f2dd6ae
|
|
This patch comfortably increases the TEE and TA RAM sizes as well as
SHMEM to make sure all xtest regression tests pass.
The location of the secure TEE and TA areas are moved across the
128M boundary.
Signed-off-by: Mourad Goumrhar <Mourad.Goumrhar@se.com>
|
|
Signed-off-by: Mourad Goumrhar <Mourad.Goumrhar@se.com>
|
|
Signed-off-by: Mourad Goumrhar <Mourad.Goumrhar@se.com>
|
|
Signed-off-by: Mourad Goumrhar <Mourad.Goumrhar@se.com>
|
|
Update optee after DDR memory layout changes
88000000 - Unallocated
87C00000 - TEE/TA RAM 4M
87A00000 - TEE NS Shmem 2M
87800000 - U-Boot 2M
87700000 - DTB
85000000 - Tmp FIT verification 39M
80008000 - Kernel + InitRAMfs ~80M
OP-TEE is moved to the end of the first 128MB bank on DDR.
Signed-off-by: Mourad Goumrhar <Mourad.Goumrhar@se.com>
|
|
|
|
|
|
|
|
Have OP-TEE share second SRAM bank with Cortex-M3 firmware.
Signed-off-by: Mourad Goumrhar <Mourad.Goumrhar@se.com>
|
|
Change-Id: Ifacc1beec47c739b179064d1de48b225121adef5
Signed-off-by: Wahid ESSID <wahid.essid@non.schneider-electric.com>
|
|
Manage UART1 for reception only
Draft of FW IRQ handler
Has a fix for sm32.S to be replaced later with optee_os commit dd24684
Has a fix for GIC interrupt handling to avoid reporting spurious,
which happens so frequently in multi-core configurations !
Change-Id: I0167550cdd5648c76e65baec6cf0e2d507f901f3
Signed-off-by: Laurent GONZALEZ <info@gezedo.com>
|
|
Change-Id: Ie0866ccefe4bffef14a204f665fbe4446503b035
Signed-off-by: Laurent GONZALEZ <info@gezedo.com>
|
|
Use PSCI to boot second core and reboot
Memory layout allow TEE in SRAM or DDR
Change-Id: Ib9115f7892c027bb5a05ddbaf0e2e4e5b9b1d54b
Signed-off-by: Laurent GONZALEZ <info@gezedo.com>
|
|
vm_unmap() uses r->va and r->size after it is freed and can cause the
end VA address calculation to be wrong and the while loop keep going
till it unmaps the rest of the regions. This bug can cause TA to
crash with a translation fault since vm_unmap() unmapped text and data
Signed-off-by: Khoa Hoang <admin@khoahoang.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
The following errors were observed when building with GCC 6.2.1:
- 64 bits:
GEN out/arm/core/tee.bin
Unexpected relocation type 0x101
- 32 bits:
GEN out/arm/core/tee.bin
Unexpected relocation type 0x2
Relocation type 0x101 is R_AARCH64_ABS64 and 0x2 is R_ARM_ABS32. The
errors are output by scripts/gen_tee_bin.py which expects only relative
relocations (the ones that are necessary for ASLR).
This patch adds the -Bsymbolic linker option to avoid these
relocations. More information can be found in Linux commit [1].
Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=08cc55b2afd97a654f71b3bebf8bb0ec89fdc498
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
As per Arm SMCCC v1.1 specification [1], PSCI PSCI_FEATURES function ID
should report Arm Architecture Call SMCCC_VERSION as supported when
the secure firmware supports both PSCI PSCI_FEATURES function ID and
Arm SMCCC_VERSION function ID.
Link: [1] https://developer.arm.com/docs/den0028/latest
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Cedric Neveux <cedric.neveux@nxp.com>
|
|
The core_is_buffer_*() helpers are sometimes used with physical
addresses (type paddr_t). This can cause problem on platforms where
sizeof(paddr_t) > sizeof(vaddr_t), that is on ARM32 systems with
CFG_CORE_LARGE_PHYS_ADDR=y. The FVP platform compiled for AArch32 is one
such system which as a consequence fails with:
E/TC:0 0 check_phys_mem_is_outside:335 Non-sec mem (0x880000000:0x180000000) ove
rlaps map (type 12 0xff000000:0x1000000)
E/TC:0 0 Panic at core/arch/arm/mm/core_mmu.c:336 <check_phys_mem_is_outside>
This patch fixes this problem by taking input addresses as paddr_t and
sizes as paddr_ssize_t instead. The wrapper macros which did some
automatic casting removed. The requires updates at some of the places
where these functions are called.
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
* changed "the the" to "the" in thread.h
* changed "the the" to "to the" in wait_queue.c
* changed "Optinally" to "Optionally" in generic_entry_a32.S
Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Load STM32_SIP_SVC_OK in output argument a0 on return from
SCMI message notification from SiP SMC function IDs. It simplifies
non-secure world to consider any non-zero values,
including standard unknown function error code (-1), as
reporting a failure.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
|
|
We have observed that existing ARM-TF for iMX8QM treats OP-TEE binary
as headerless image. So, to create proper boot image we need raw
OP-TEE binary image.
Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Peng Fan <peng.fan@nxp.com>
|
|
Add NSEC_DDR definition for for i.MX8QM and i.MX8QX SoCs.
This was tested on i.MX8QM platform.
Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Peng Fan <peng.fan@nxp.com>
|
|
To enable dynamic SHM on iMX platform we need to describe
which memory regions belong to non-secure memory areas.
Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Peng Fan <peng.fan@nxp.com>
|
|
This is needed to enable virtualization support iMX platforms.
Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Peng Fan <peng.fan@nxp.com>
|
|
Implement platform functions stm32mp_syscfg_enable_io_compensation()
and stm32mp_syscfg_disable_io_compensation() to enable/disable
STM23MP1 IO compensation. Enable IO compensation when platform boots.
This change defines SYSCFG clock that is needed and moves definition
of the RCC compatible string DT_RCC_CLK_COMPAT to RCC header file so
that it can be shared with stm32mp1_syscfg.c.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
libfdt is built only when CFG_DT=y. As a result, the libfdt header
files are only available when CFG_DT=y and any source file that makes
optional use of the library has to guard the #include <libfdt.h> with
a #ifdef CFG_DT ... #endif block. This contrasts with other features
which don't require such guards.
This patch builds libfdt unconditionally and removes the include
guards. No change is expected in the binaries.
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
As per Arm SMCCC v1.1 specification [1], PSCI PSCI_FEATURES function ID
should report Arm Architecture Call SMCCC_VERSION as supported when
the secure firmware supports both PSCI PSCI_FEATURES function ID and
Arm SMCCC_VERSION function ID.
Link: [1] https://developer.arm.com/docs/den0028/latest
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
|
|
Implement a SiP SMC based interface fàr the non-secure world to access
BSEC words. The service is embedded upon CFG_STM32_BSEC_SIP=y. If not
embedded, the service simply reports a failure.
This service is used by U-boot package since its release v2019.07-rc1 [1]
to retrieve information such as the device MAC address [2].
Link: [1] https://github.com/u-boot/u-boot/blob/v2019.07-rc1/arch/arm/mach-stm32mp/include/mach/stm32mp1_smc.h
Link: [2] https://github.com/u-boot/u-boot/blob/v2019.07-rc1/arch/arm/mach-stm32mp/cpu.c#L475
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
|
|
Add property st,non-secure-otp to MAC address NVMEM cells in stm32mp1
SoC DTSI and to board ID NVMEM cells in stm32mp1 ST boards DTS files
since non-secure world is allowed to access these OTPs despite they
are located in the upper BSEC words (secure) area.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
|
|
As per Arm SMCCC v1.1 specification [1], PSCI PSCI_FEATURES function ID
should report Arm Architecture Call SMCCC_VERSION as supported when
the secure firmware supports both PSCI PSCI_FEATURES function ID and
Arm SMCCC_VERSION function ID.
Link: [1] https://developer.arm.com/docs/den0028/latest
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
In 32-bit builds with CFG_CORE_LARGE_PHYS_ADDR=y, PRIxPA is "llx"
which is not the recommended format to print an unsigned long int.
Use "lx" instead to avoid warnings with some compilers.
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Enable and test CAAM driver on lx2160ardb platform for
hash, ciphers and RSA
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
Move the initialization sequences that deal with device tree parsing
support out of the text_init and rodata_init sections to relax memory
pressure on them. To do so this change splits init_primary_helper()
in 2 helper functions: generic_init_primary() for resources expected
in the init sections and paged_init_primary() for resources that move
the pageable sections.
Updates inline comments to state generic_boot_init_primary() lies in
the init area, not in the unpaged area as wrongly stated prior this
change.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (stm32mp1)
|
|
Core checks TZC400 configuration during initialization to ensure
DDR firewall expectations are satisfied.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Identify platform flavors from targeted embedded DTS file.
Supported platform flavors are 157A_DK1, 157C_DK2, 157C_ED1 and
157C_EV1. They relate to 2 SoC variants and 4 ST boards.
Supported SoC variants are 157A and 157C. The later implements a
cryptography computation hardware accelerator. Supported ST boards
are DK1, DK2, ED1 and EV1. The 2 first integrate a 500MByte DDR while
the 2 later integrate a 1GByte DDR.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
|
|
Synchronize with STM32MP15 DTS files from Linux kernel v5.6.10.
Changes made on DTS/DTSI file from Linux kernel v5.6.10:
- stm32mp151.dtsi: add ETZPC node, declare PSCI v1.0.
- stm32mp157a-dk1.dts: disable RCC secure-status.
- stm32mp157c-dk2.dts: disable RCC secure-status.
- stm32mp157c-ed1.dts (included by ev1): disable RCC secure-status.
- Remove resources related to input DT bindings using explicit inline
comments as those are under Linux kernel GPLv2 licensing model.
ETZPC node useless in non-secure Linux kernel but needed by secure
world.
RCC node remains disabled for the secure side so that RCC TZ
hardening is disabled since mainline Linux kernel and U-Boot
do not support SCMI clocks and reset domains. IWDG1, ETZPC, STGEN
and CRYP1 devices are described to ease their later integration.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
|
|
Implement PSCI_SYSTEM_OFF command when STPMIC1 is used.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
|
|
Implement STPMIC1 as PMIC (Power Management Integrated Circuit)
accessed through an I2C bus for stm32mp1 platforms. PMIC
configuration mandate device tree support as configuration
can be complex and specific per board.
At initialization Core looks for a PMIC I2C node in the FDT. If
found, it checks it can communicate with the PMIC and dump some
regulators for some debug support.
Save PMIC low power transition configuration as these information
will be needed from an unpaged execution context.
stm32mp_get_pmic()/stm32mp_put_pmic() helper functions are needed
to get/put PMIC resources.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
|
|
Helper function stm32mp_with_pmic() tells if platform uses
a PMIC or not.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
|
|
Unconditionally enable the BLOB driver to provide a HuK on i.MX
platforms.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Clement Faure <clement.faure@nxp.com>
|
|
The KEEP_INIT() and KEEP_PAGER() macros are quite often used in C files
immediately after the definition of a function or a structure without a
blank line in between. This style mimics what the Linux kernel does for
a similar use cases: EXPORT_SYMBOL().
Unfortunately, the checkpatch.pl tool expects a blank line after
structure and function definitions, except for a few special cases such
as EXPORT_SYMBOL(). As a result we often get unwanted warnings when we
use KEEP_INIT() and KEEP_PAGER(). Among the exceptions are all words
starting with DECLARE_ or DEFINE_, so by renaming our macros we could
avoid the checkpatch warnings.
This commit renames KEEP_INIT() and KEEP_PAGER() to DECLARE_KEEP_INIT()
and DECLARE_KEEP_PAGER(), respectively. The assembler macros are also
renamed for consistency. No functional change is expected.
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
With this change some system clocks are enabled by Core at
boot time and have a reference counter synchronized with
the clock hardware state. RTCAPB must be enabled for secondary
cores to boot, if any.
This change also ensures these secure clocks are derived from
secure clocks.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Add the NXP CAAM driver:
- HMAC
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
Fix implementation that divides clock with a value that in fact is
a bit shift value.
Fix implementation for getting MPU clock: when PMUDIV is zero,
MPU clock is disabled.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Use IS_ENABLED() and weak attribute to remove conditional statement
at pre-compilation time. Keep IS_ENABLED(CFG_SM_PLATFORM_HANDLER)
in the decision to ensure weak function is not even called when
CFG_SM_PLATFORM_HANDLER is disabled, for fast path consideration of
secure monitor traversal.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
|
|
SMCCC v1.1 specification: support defined function IDs with weak
handlers platform can override, as other PSCI function handler.
We could state we support v1.2 but Linux kernel v5.7-rc1 expects
strict v1.1 support.
unsigned long arm_arch_version(void);
returns SMCCC_V_1_1
unsigned long arm_arch_feature(unsigned long a1);
default supports version only
unsigned long arm_arch_soc_id(void);
unsigned long arm_arch_workaround_1(void);
unsigned long arm_arch_workaround_2(void);
default return ARM_SMCCC_RET_NOT_SUPPORTED
This helper is needed by Linux kernel (U-Boot) drivers that rely on
arm_smccc_v1_1() supports.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
|
|
Use GRST control in RCC to reset the system on PCSI_RESET request.
Any core can call this function.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
|