diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/about/maintainers.rst | 5 | ||||
| -rw-r--r-- | docs/about/release-information.rst | 6 | ||||
| -rw-r--r-- | docs/components/platform-interrupt-controller-API.rst | 20 | ||||
| -rw-r--r-- | docs/design/cpu-specific-build-macros.rst | 16 | ||||
| -rw-r--r-- | docs/design/trusted-board-boot.rst | 9 | ||||
| -rw-r--r-- | docs/getting_started/build-options.rst | 48 | ||||
| -rw-r--r-- | docs/plat/ast2700.rst | 4 | ||||
| -rw-r--r-- | docs/plat/index.rst | 8 | ||||
| -rw-r--r-- | docs/plat/rpi3.rst | 5 | ||||
| -rw-r--r-- | docs/plat/st/stm32mp1.rst | 1 | ||||
| -rw-r--r-- | docs/porting-guide.rst | 9 |
11 files changed, 81 insertions, 50 deletions
diff --git a/docs/about/maintainers.rst b/docs/about/maintainers.rst index 447d10873..604205333 100644 --- a/docs/about/maintainers.rst +++ b/docs/about/maintainers.rst @@ -501,8 +501,8 @@ Arm Rich IoT Platform ports ^^^^^^^^^^^^^^^^^^^^^^^^^^^ :|M|: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> :|G|: `abdellatif-elkhlifi`_ -:|M|: Vishnu Banavath <vishnu.banavath@arm.com> -:|G|: `vishnu-banavath`_ +:|M|: Xueliang Zhong <xueliang.zhong@arm.com> +:|G|: `xueliang-zhong-arm`_ :|F|: plat/arm/board/corstone700 :|F|: plat/arm/board/a5ds :|F|: plat/arm/board/corstone1000 @@ -1027,3 +1027,4 @@ Conventional Changelog Extensions .. _hilamirandakuzi1: https://github.com/hilamirandakuzi1 .. _rutigl: https://github.com/rutigl .. _avifishman: https://github.com/avifishman +.. _xueliang-zhong-arm: https://github.com/xueliang-zhong-arm diff --git a/docs/about/release-information.rst b/docs/about/release-information.rst index 0768e1fa7..9b51dabe5 100644 --- a/docs/about/release-information.rst +++ b/docs/about/release-information.rst @@ -54,7 +54,7 @@ depending on project requirement and partner feedback. +-----------------+---------------------------+------------------------------+ | v2.9 | 4th week of May '23 | 2nd week of May '23 | +-----------------+---------------------------+------------------------------+ -| v3.0 | 2nd week of Nov '23 | 2nd week of Oct '23 | +| v2.10 | 4th week of Nov '23 | 2nd week of Nov '23 | +-----------------+---------------------------+------------------------------+ Removal of Deprecated Interfaces @@ -84,9 +84,9 @@ after which it will be removed. | | Date | after | | | | | Release | | +================================+=============+=========+=========================================================+ -| CryptoCell-712 | 2.9 | 3.0 | No longer maintained. | +| CryptoCell-712 | 2.9 | 2.10 | No longer maintained. | +--------------------------------+-------------+---------+---------------------------------------------------------+ -| CryptoCell-713 | 2.9 | 3.0 | No longer maintained. | +| CryptoCell-713 | 2.9 | 2.10 | No longer maintained. | +--------------------------------+-------------+---------+---------------------------------------------------------+ -------------- diff --git a/docs/components/platform-interrupt-controller-API.rst b/docs/components/platform-interrupt-controller-API.rst index 069c87b84..4de39d1e5 100644 --- a/docs/components/platform-interrupt-controller-API.rst +++ b/docs/components/platform-interrupt-controller-API.rst @@ -120,39 +120,39 @@ This API should set the priority of the interrupt specified by first parameter In case of Arm standard platforms using GIC, the implementation of the API writes to GIC *Priority Register* set interrupt priority. -Function: int plat_ic_has_interrupt_type(unsigned int type); [optional] -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Function: bool plat_ic_has_interrupt_type(unsigned int type); [optional] +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :: Argument : unsigned int - Return : int + Return : bool This API should return whether the platform supports a given interrupt type. The parameter ``type`` shall be one of ``INTR_TYPE_EL3``, ``INTR_TYPE_S_EL1``, or ``INTR_TYPE_NS``. In case of Arm standard platforms using GICv3, the implementation of the API -returns ``1`` for all interrupt types. +returns *true* for all interrupt types. -In case of Arm standard platforms using GICv2, the API always return ``1`` for +In case of Arm standard platforms using GICv2, the API always return *true* for ``INTR_TYPE_NS``. Return value for other types depends on the value of build option ``GICV2_G0_FOR_EL3``: - For interrupt type ``INTR_TYPE_EL3``: - - When ``GICV2_G0_FOR_EL3`` is ``0``, it returns ``0``, indicating no support + - When ``GICV2_G0_FOR_EL3`` is ``0``, it returns *false*, indicating no support for EL3 interrupts. - - When ``GICV2_G0_FOR_EL3`` is ``1``, it returns ``1``, indicating support for + - When ``GICV2_G0_FOR_EL3`` is ``1``, it returns *true*, indicating support for EL3 interrupts. - For interrupt type ``INTR_TYPE_S_EL1``: - - When ``GICV2_G0_FOR_EL3`` is ``0``, it returns ``1``, indicating support for + - When ``GICV2_G0_FOR_EL3`` is ``0``, it returns *true*, indicating support for Secure EL1 interrupts. - - When ``GICV2_G0_FOR_EL3`` is ``1``, it returns ``0``, indicating no support + - When ``GICV2_G0_FOR_EL3`` is ``1``, it returns *false*, indicating no support for Secure EL1 interrupts. Function: void plat_ic_set_interrupt_type(unsigned int id, unsigned int type); [optional] @@ -306,4 +306,4 @@ masks out the interrupt ID field from the acknowledged value from GIC. -------------- -*Copyright (c) 2017-2019, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.* diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst index d1bf0d3d8..bf0455809 100644 --- a/docs/design/cpu-specific-build-macros.rst +++ b/docs/design/cpu-specific-build-macros.rst @@ -523,11 +523,27 @@ For Neoverse V1, the following errata build flags are defined : For Neoverse V2, the following errata build flags are defined : +- ``ERRATA_V2_2331132``: This applies errata 2331132 workaround to Neoverse-V2 + CPU. This needs to be enabled for revisions r0p0, r0p1 and r0p2. It is still + open. + - ``ERRATA_V2_2719103``: This applies errata 2719103 workaround to Neoverse-V2 CPU, this affects system configurations that do not use and ARM interconnect IP. This needs to be enabled for revisions r0p0 and r0p1. It has been fixed in r0p2. +- ``ERRATA_V2_2719105``: This applies errata 2719105 workaround to Neoverse-V2 + CPU. This needs to be enabled for revisions r0p0 and r0p1. It is fixed in + r0p2. + +- ``ERRATA_V2_2743011``: This applies errata 2743011 workaround to Neoverse-V2 + CPU. This needs to be enabled for revisions r0p0 and r0p1. It is fixed in + r0p2. + +- ``ERRATA_V2_2779510``: This applies errata 2779510 workaround to Neoverse-V2 + CPU. This needs to be enabled for revisions r0p0 and r0p1. It is fixed in + r0p2. + - ``ERRATA_V2_2801372``: This applies errata 2801372 workaround to Neoverse-V2 CPU, this affects all configurations. This needs to be enabled for revisions r0p0 and r0p1. It has been fixed in r0p2. diff --git a/docs/design/trusted-board-boot.rst b/docs/design/trusted-board-boot.rst index 46177d768..fed202ad9 100644 --- a/docs/design/trusted-board-boot.rst +++ b/docs/design/trusted-board-boot.rst @@ -216,10 +216,11 @@ Certificate Generation Tool The ``cert_create`` tool is built and runs on the host machine as part of the TF-A build process when ``GENERATE_COT=1``. It takes the boot loader images -and keys as inputs (keys must be in PEM format) and generates the -certificates (in DER format) required to establish the CoT. New keys can be -generated by the tool in case they are not provided. The certificates are then -passed as inputs to the ``fiptool`` utility for creating the FIP. +and keys as inputs and generates the certificates (in DER format) required to +establish the CoT. The input keys must either be a file in PEM format or a +PKCS11 URI in case a HSM is used. New keys can be generated by the tool in +case they are not provided. The certificates are then passed as inputs to +the ``fiptool`` utility for creating the FIP. The certificates are also stored individually in the output build directory. diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst index e440dbd40..7c84ef163 100644 --- a/docs/getting_started/build-options.rst +++ b/docs/getting_started/build-options.rst @@ -80,9 +80,9 @@ Common build options BL31 image for the ``fip`` target. In this case, the BL31 in TF-A will not be built. -- ``BL31_KEY``: This option is used when ``GENERATE_COT=1``. It specifies the - file that contains the BL31 private key in PEM format. If ``SAVE_KEYS=1``, - this file name will be used to save the key. +- ``BL31_KEY``: This option is used when ``GENERATE_COT=1``. It specifies a + file that contains the BL31 private key in PEM format or a PKCS11 URI. If + ``SAVE_KEYS=1``, only a file is accepted and it will be used to save the key. - ``BL32``: This is an optional build option which specifies the path to BL32 image for the ``fip`` target. In this case, the BL32 in TF-A will not @@ -94,16 +94,16 @@ Common build options - ``BL32_EXTRA2``: This is an optional build option which specifies the path to Trusted OS Extra2 image for the ``fip`` target. -- ``BL32_KEY``: This option is used when ``GENERATE_COT=1``. It specifies the - file that contains the BL32 private key in PEM format. If ``SAVE_KEYS=1``, - this file name will be used to save the key. +- ``BL32_KEY``: This option is used when ``GENERATE_COT=1``. It specifies a + file that contains the BL32 private key in PEM format or a PKCS11 URI. If + ``SAVE_KEYS=1``, only a file is accepted and it will be used to save the key. - ``BL33``: Path to BL33 image in the host file system. This is mandatory for ``fip`` target in case TF-A BL2 is used. -- ``BL33_KEY``: This option is used when ``GENERATE_COT=1``. It specifies the - file that contains the BL33 private key in PEM format. If ``SAVE_KEYS=1``, - this file name will be used to save the key. +- ``BL33_KEY``: This option is used when ``GENERATE_COT=1``. It specifies a + file that contains the BL33 private key in PEM format or a PKCS11 URI. If + ``SAVE_KEYS=1``, only a file is accepted and it will be used to save the key. - ``BRANCH_PROTECTION``: Numeric value to enable ARMv8.3 Pointer Authentication and ARMv8.5 Branch Target Identification support for TF-A BL images themselves. @@ -749,8 +749,9 @@ Common build options MARCH_DIRECTIVE := -march=armv8.5-a - ``NON_TRUSTED_WORLD_KEY``: This option is used when ``GENERATE_COT=1``. It - specifies the file that contains the Non-Trusted World private key in PEM - format. If ``SAVE_KEYS=1``, this file name will be used to save the key. + specifies a file that contains the Non-Trusted World private key in PEM + format or a PKCS11 URI. If ``SAVE_KEYS=1``, only a file is accepted and it + will be used to save the key. - ``NS_BL2U``: Path to NS_BL2U image in the host file system. This image is optional. It is only needed if the platform makefile specifies that it @@ -827,10 +828,10 @@ Common build options instead of the BL1 entrypoint. It can take the value 0 (CPU reset to BL1 entrypoint) or 1 (CPU reset to SP_MIN entrypoint). The default value is 0. -- ``ROT_KEY``: This option is used when ``GENERATE_COT=1``. It specifies the - file that contains the ROT private key in PEM format and enforces public key - hash generation. If ``SAVE_KEYS=1``, this - file name will be used to save the key. +- ``ROT_KEY``: This option is used when ``GENERATE_COT=1``. It specifies a + file that contains the ROT private key in PEM format or a PKCS11 URI and + enforces public key hash generation. If ``SAVE_KEYS=1``, only a file is + accepted and it will be used to save the key. - ``SAVE_KEYS``: This option is used when ``GENERATE_COT=1``. It tells the certificate generation tool to save the keys used to establish the Chain of @@ -840,9 +841,9 @@ Common build options If a SCP_BL2 image is present then this option must be passed for the ``fip`` target. -- ``SCP_BL2_KEY``: This option is used when ``GENERATE_COT=1``. It specifies the - file that contains the SCP_BL2 private key in PEM format. If ``SAVE_KEYS=1``, - this file name will be used to save the key. +- ``SCP_BL2_KEY``: This option is used when ``GENERATE_COT=1``. It specifies a + file that contains the SCP_BL2 private key in PEM format or a PKCS11 URI. + If ``SAVE_KEYS=1``, only a file is accepted and it will be used to save the key. - ``SCP_BL2U``: Path to SCP_BL2U image in the host file system. This image is optional. It is only needed if the platform makefile specifies that it @@ -944,6 +945,11 @@ Common build options hardware will limit the effective VL to the maximum physically supported VL. +- ``TRANSFER_LIST``: Setting this to ``1`` enables support for Firmware + Handoff using Transfer List defined in `Firmware Handoff specification`_. + This defaults to ``0``. Please note that this is an experimental feature + based on Firmware Handoff specification v0.9. + - ``TRNG_SUPPORT``: Setting this to ``1`` enables support for True Random Number Generator Interface to BL31 image. This defaults to ``0``. @@ -959,8 +965,9 @@ Common build options already exist in disk, they will be overwritten without further notice. - ``TRUSTED_WORLD_KEY``: This option is used when ``GENERATE_COT=1``. It - specifies the file that contains the Trusted World private key in PEM - format. If ``SAVE_KEYS=1``, this file name will be used to save the key. + specifies a file that contains the Trusted World private key in PEM + format or a PKCS11 URI. If ``SAVE_KEYS=1``, only a file is accepted and + it will be used to save the key. - ``TSP_INIT_ASYNC``: Choose BL32 initialization method as asynchronous or synchronous, (see "Initializing a BL32 Image" section in @@ -1298,3 +1305,4 @@ Firmware update options .. _PSA DRTM specification: https://developer.arm.com/documentation/den0113/a .. _GCC: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html .. _Clang: https://clang.llvm.org/docs/DiagnosticsReference.html +.. _Firmware Handoff specification: https://github.com/FirmwareHandoff/firmware_handoff/releases/tag/v0.9 diff --git a/docs/plat/ast2700.rst b/docs/plat/ast2700.rst index 0352aea35..6deade3b7 100644 --- a/docs/plat/ast2700.rst +++ b/docs/plat/ast2700.rst @@ -7,11 +7,11 @@ Each core operates at 1.6GHz. Boot Flow --------- - BootRom --> BL1/BL2 --> TF-A BL31 --> BL32 (optional) --> BL33 --> Linux Kernel + BootRom --> TF-A BL31 --> BL32 --> BL33 --> Linux Kernel How to build ------------ .. code:: shell - make CROSS_COMPILE=aarch64-linux-gnu- PLAT=ast2700 + make CROSS_COMPILE=aarch64-linux-gnu- PLAT=ast2700 SPD=opteed diff --git a/docs/plat/index.rst b/docs/plat/index.rst index 7a05fb649..fc3effd6e 100644 --- a/docs/plat/index.rst +++ b/docs/plat/index.rst @@ -73,13 +73,13 @@ Deprecated platforms +----------------+----------------+--------------------+--------------------+ | mt6795 | MTK | 2.5 | 2.7 | +----------------+----------------+--------------------+--------------------+ -| sgi575 | Arm | 2.8 | 3.0 | +| sgi575 | Arm | 2.8 | 2.10 | +----------------+----------------+--------------------+--------------------+ -| rdn1edge | Arm | 2.8 | 3.0 | +| rdn1edge | Arm | 2.8 | 2.10 | +----------------+----------------+--------------------+--------------------+ -| tc0 | Arm | 2.8 | 3.0 | +| tc0 | Arm | 2.8 | 2.10 | +----------------+----------------+--------------------+--------------------+ -| rde1edge | Arm | 2.9 | 3.1 | +| rde1edge | Arm | 2.9 | 3.0 | +----------------+----------------+--------------------+--------------------+ -------------- diff --git a/docs/plat/rpi3.rst b/docs/plat/rpi3.rst index 38c3dfa82..5d97a88fc 100644 --- a/docs/plat/rpi3.rst +++ b/docs/plat/rpi3.rst @@ -296,11 +296,6 @@ The following is not currently supported: address by changing the file ``armstub8.bin``, so there's no point in using TF-A in this case. -- ``MULTI_CONSOLE_API=0``: The multi console API must be enabled. Note that the - crash console uses the internal 16550 driver functions directly in order to be - able to print error messages during early crashes before setting up the - multi console API. - Building the firmware for kernels that don't support PSCI ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/docs/plat/st/stm32mp1.rst b/docs/plat/st/stm32mp1.rst index 35e8f8c7a..b6e4b0d84 100644 --- a/docs/plat/st/stm32mp1.rst +++ b/docs/plat/st/stm32mp1.rst @@ -205,6 +205,7 @@ __________________ --nt-fw <u-boot_directory>/u-boot-nodtb.bin \ --hw-config <u-boot_directory>/u-boot.dtb \ --fw-config build/stm32mp1/release/fdts/fw-config.dtb \ + --trusted-key-cert build/stm32mp1/release/trusted_key.crt \ --tos-fw-cert build/stm32mp1/release/tos_fw_content.crt \ --tos-fw-key-cert build/stm32mp1/release/tos_fw_key.crt \ --nt-fw-cert build/stm32mp1/release/nt_fw_content.crt \ diff --git a/docs/porting-guide.rst b/docs/porting-guide.rst index 5a017ce0f..f612e1ca5 100644 --- a/docs/porting-guide.rst +++ b/docs/porting-guide.rst @@ -3463,6 +3463,15 @@ build system. to ``no``. If any of the options ``EL3_PAYLOAD_BASE`` or ``PRELOADED_BL33_BASE`` are used, this flag will be set to ``no`` automatically. +- **ARM_ARCH_MAJOR and ARM_ARCH_MINOR** + By default, ARM_ARCH_MAJOR.ARM_ARCH_MINOR is set to 8.0 in ``defaults.mk``, + if the platform makefile/build defines or uses the correct ARM_ARCH_MAJOR and + ARM_ARCH_MINOR then mandatory Architectural features available for that Arch + version will be enabled by default and any optional Arch feature supported by + the Architecture and available in TF-A can be enabled from platform specific + makefile. Look up to ``arch_features.mk`` for details pertaining to mandatory + and optional Arch specific features. + Platform include paths ---------------------- |