Merge "feat(imx8m): keep console at runtime when building TF-A/bl31 with DEBUG" into integration

feat(imx8m): keep console at runtime when building TF-A/bl31 with DEBUG

Have informal console output at runtime is useful when searching
errors in TF-A.

Change-Id: I56b5c4fc184e571f79d92bd0aa4fc74f

feat(imx8m): keep console at runtime when building TF-A/bl31 with DEBUG

Have informal console output at runtime is useful when searching
errors in TF-A.

Change-Id: I56b5c4fc184e571f79d92bd0aa4fc74ff4ed6074
Signed-off-by: Markus Niebel <Markus.Niebel@ew.tq-group.com>
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>

show more ...

Merge changes from topic "imx8m-rdc" into integration

* changes:
refactor(imx8m): simplify RDC console config
fix(imx8m): add RDC entries for all missing UARTs

fix(imx8m): add RDC entries for all missing UARTs

Commit f7434fa13 ("fix(imx8m): ensure domain permissions for the
console") sets RDC domain to Cortex-A only for console UART. But
this only works if

fix(imx8m): add RDC entries for all missing UARTs

Commit f7434fa13 ("fix(imx8m): ensure domain permissions for the
console") sets RDC domain to Cortex-A only for console UART. But
this only works if there is an RDC configuration entry provided.
Add missing RDC entries using the (reset) default value, so
imx_rdc_console_access_enable() can actually configuration domain
access.

Fixes: f7434fa13507 ("fix(imx8m): ensure domain permissions for the console")
Change-Id: I550dbf2b53795ab43839139c455f2468442a3251
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>

show more ...

Merge "fix(imx8m): don't reconfigure default region0" into integration

fix(imx8m): don't reconfigure default region0

The current code and comments can be read as: "The TZC-380 region 0 can
be configured in size and attributes". This is not true, only the
attributes can

fix(imx8m): don't reconfigure default region0

The current code and comments can be read as: "The TZC-380 region 0 can
be configured in size and attributes". This is not true, only the
attributes can be set.

The TZC-380 region 0 is the TZC default (fallback) region. This region
is used if access to a certain DRAM address was done which isn't covered
by any other region (see [1] for more information). Region 0 covers the
complete AXI space from 0x0 to AXI-bus width. The access is secure-only
after reset.

The TZC-380 is not memory alias aware (see [1] for more information) and
due to the DDR controller, the i.MX8M allows memory alias access.

Configuring region 0 as secure + non-secure RW access opens the
potential security risk of allowing access to secure only memory e.g.
TEE memory area if the TEE didn't configure all memory aliases for its
memory. In such case region 0 is used as fallback if an attackers access
the TEE memory via memory aliases.

To fix this don't touch the TZC-380 at all. The TZC-380 is bypassed
by default if a platform doesn't require a TEE. If the platform requires
a TEE, the TEE is the one which knows the secure areas so let the TEE
configure the TZC-380 accordingly.

Furthmore, since commits:
- 0324081af010 ("feat(imx8mp): restrict peripheral access to secure
world")
- 1156c76361c1 ("feat(imx8mm): restrict peripheral access to secure
world")
the access is limited to the TEE too.

[1] https://developer.arm.com/documentation/ddi0431/c

Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I0a0f9b5ad0017f38d767f583d7765a2f79861589

show more ...

Merge changes from topic "fix-imx8m-uart-domain-permission" into integration

* changes:
fix(imx8m): ensure domain permissions for the console
refactor(imx8m): replace UART base magic numbers wit

Merge changes from topic "fix-imx8m-uart-domain-permission" into integration

* changes:
fix(imx8m): ensure domain permissions for the console
refactor(imx8m): replace UART base magic numbers with macros

show more ...

fix(imx8m): ensure domain permissions for the console

The commit d76f012ea8fc0 ("refactor(imx8m): replace magic number with
enum type") also hardcodes the domain permissions configuration for the
UA

fix(imx8m): ensure domain permissions for the console

The commit d76f012ea8fc0 ("refactor(imx8m): replace magic number with
enum type") also hardcodes the domain permissions configuration for the
UARTs, causing a regression for any board using a boot console different
from UART2. Indeed, previously, the RDC_PDAP_UARTn registers were set to
the reset value (0xff), meaning all domains were enabled for read and
write access.

This patch fixes this regression by ensuring that the console always has
read/write access enabled for domain 0.

Tested on a i.MX8MN BSH SMM S2 PRO board.

Fixes: d76f012ea8fc0 ("refactor(imx8m): replace magic number with enum type")
Change-Id: I2670bf485372f32ef45cebb72a7694a9a800f417
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>

show more ...

Merge changes I44537ba2,Ia12d3577,I06b3012c,Iec885405,Idab8013a into integration

* changes:
feat(imx8mp): optionally take params from BL2
feat(imx8mn): optionally take params from BL2
feat(imx

Merge changes I44537ba2,Ia12d3577,I06b3012c,Iec885405,Idab8013a into integration

* changes:
feat(imx8mp): optionally take params from BL2
feat(imx8mn): optionally take params from BL2
feat(imx8mm): optionally take params from BL2
feat(imx93): optionally take params from BL2
feat(imx): add helper to take params from BL2

show more ...

feat(imx8mm): optionally take params from BL2

Optionally take params from BL2 to offer more flexibility to BL2 on
where and if a BL32 image is expected. This uses imx_bl31_params_parse()
to check if

feat(imx8mm): optionally take params from BL2

Optionally take params from BL2 to offer more flexibility to BL2 on
where and if a BL32 image is expected. This uses imx_bl31_params_parse()
to check if arg0 can safely be accessed as a pointer and actually
contains a bl_params_t structure. If not, the hardcoded parameter
values are used as before.

Change-Id: I06b3012c67e43ea1e42946d863226bd93ccd4638
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

show more ...

Merge changes from topic "feature/imx8m-csu" into integration

* changes:
style(imx8m): add parenthesis to CSU_HP_REG
feat(imx8mp): restrict peripheral access to secure world
feat(imx8mp): set

Merge changes from topic "feature/imx8m-csu" into integration

* changes:
style(imx8m): add parenthesis to CSU_HP_REG
feat(imx8mp): restrict peripheral access to secure world
feat(imx8mp): set and lock almost all peripherals as non-secure
feat(imx8mm): restrict peripheral access to secure world
feat(imx8mm): set and lock almost all peripherals as non-secure
feat(imx8m): add defines for csu_sa access security
feat(imx8m): add imx csu_sa enum type defines for imx8m
fix(imx8m): fix CSU_SA_REG to work with all sa registers

show more ...

feat(imx8mm): restrict peripheral access to secure world

This restricts and locks all security relevant peripherals to only be
changeable by the secure world. Otherwise the normal world can simply
c

feat(imx8mm): restrict peripheral access to secure world

This restricts and locks all security relevant peripherals to only be
changeable by the secure world. Otherwise the normal world can simply
change the access settings and defeat all security measures put in
place.

Change-Id: I484a2c8164e58b68256d829470e00d5ec473e266
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>

show more ...

feat(imx8mm): set and lock almost all peripherals as non-secure

This sets and locks all peripheral type-1 masters, except CAAM, access
as non-secure, so that they can't access secure world resources

feat(imx8mm): set and lock almost all peripherals as non-secure

This sets and locks all peripheral type-1 masters, except CAAM, access
as non-secure, so that they can't access secure world resources from the
normal world.

The CAAM itself is TrustZone aware and handles memory access between the
normal world and the secure world on its own. Pinning it as non-secure
access results in bus aborts if the secure memory region is protected by
the TZASC380.

Change-Id: Idba4d8a491ccce0491489c61e73545baab1889c4
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>

show more ...

Merge changes I9c2bf78a,Iaff5f1fa,I44686a36 into integration

* changes:
fix(imx8m): map BL32 memory only if SPD_opteed or SPD_trusty is enabled
feat(imx8mn): add workaround for errata ERR050362

Merge changes I9c2bf78a,Iaff5f1fa,I44686a36 into integration

* changes:
fix(imx8m): map BL32 memory only if SPD_opteed or SPD_trusty is enabled
feat(imx8mn): add workaround for errata ERR050362
feat(imx8m): enable snvs privileged registers access

show more ...

fix(imx8m): map BL32 memory only if SPD_opteed or SPD_trusty is enabled

Always map the BL32 memory can interfere with the BL33 mapping if the
BL33 is not aware of the mapping, e.g. different memory

fix(imx8m): map BL32 memory only if SPD_opteed or SPD_trusty is enabled

Always map the BL32 memory can interfere with the BL33 mapping if the
BL33 is not aware of the mapping, e.g. different memory tagging
secure/non-secure. Therefore map the memory only if BL32 (opteed,
trusty) is enabled and BL33 is aware of this memory mapping.

Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I9c2bf78aa6e88c93e749a9248724186fee9df864

show more ...

feat(imx8m): enable snvs privileged registers access

Allow non-privileged access to all SNVS registers in case of no TEE is
available.

Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-I

feat(imx8m): enable snvs privileged registers access

Allow non-privileged access to all SNVS registers in case of no TEE is
available.

Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I44686a3639a68c72c7eacc80691c294d5c32c9ae

show more ...

Merge "fix(imx8m): make IMX_BOOT_UART_BASE autodetection option more obvious" into integration

fix(imx8m): make IMX_BOOT_UART_BASE autodetection option more obvious

Switch from IMX_BOOT_UART_BASE=0 to IMX_BOOT_UART_BASE=auto to make it
more obvious that the detection is based on the runtime a

fix(imx8m): make IMX_BOOT_UART_BASE autodetection option more obvious

Switch from IMX_BOOT_UART_BASE=0 to IMX_BOOT_UART_BASE=auto to make it
more obvious that the detection is based on the runtime autodetection.

In addition this moves the evaluation of IMX_BOOT_UART_BASE into the
makefile which removes the ugly conditional compilation as well.

Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I92c13607bf81c6267f4b6aee829d74902b7f72d2

show more ...

Merge "feat(imx8m): detect console base address during runtime" into integration

feat(imx8m): detect console base address during runtime

Provide a helper to detect the enabled UART device during runtime. This
lower the integration effort and make it more straight forward for
'si

feat(imx8m): detect console base address during runtime

Provide a helper to detect the enabled UART device during runtime. This
lower the integration effort and make it more straight forward for
'simple' use-cases with a single UART enabled. If multiple UARTs are
enabled the first enabled is returned.

The auto-detection is enabled by setting IMX_BOOT_UART_BASE=0 to keep
the backward compatibility. For more advanced use-cases (multiple UARTs
are enabled) the user still has to provide the correct base address.

Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I300a167e1a10f9aa991c8d1c3efe2c6b23f56c47

show more ...

Merge "feat(imx8mm): add BL31 PIE support" into integration

Merge "refactor(imx8mm): introduce BL2_SIZE and BL31_SIZE" into integration

Merge "refactor(imx8mm): make use of setup_page_tables()" into integration

Merge "refactor(imx8mm): cleanup the mmap region settings" into integration

Merge changes from topic "imx8m-hab-support" into integration

* changes:
docs(imx8m): update for high assurance boot
feat(imx8m): add support for high assurance boot
feat(imx8mp): add hab and

Merge changes from topic "imx8m-hab-support" into integration

* changes:
docs(imx8m): update for high assurance boot
feat(imx8m): add support for high assurance boot
feat(imx8mp): add hab and map required memory blocks
feat(imx8mn): add hab and map required memory blocks
feat(imx8mm): add hab and map required memory blocks

show more ...