feat(intel): add SMC for enquiring firmware version

This command allows non-secure world software to enquire the
version of currently running Secure Device Manager (SDM) firmware.

This will be usef

feat(intel): add SMC for enquiring firmware version

This command allows non-secure world software to enquire the
version of currently running Secure Device Manager (SDM) firmware.

This will be useful in maintaining backward-compatibility as well
as ensuring software cross-compabitility.

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ibc23734d1135db74423da5e29655f9d32472a3b0

show more ...

fix(intel): configuration status based on start request

Configuration status command now returns the result based on the last
config start command made to the runtime software. The status type can
b

fix(intel): configuration status based on start request

Configuration status command now returns the result based on the last
config start command made to the runtime software. The status type can
be either:
- NO_REQUEST (default)
- RECONFIGURATION
- BITSTREAM_AUTH

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I97406abe09b49b9d9a5b43e62fe09eb23c729bff
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>

show more ...

fix(intel): bit-wise configuration flag handling

Change configuration type handling to bit-wise flag. This is to align
with Linux's FPGA Manager definitions and promotes better compatibility.

Signe

fix(intel): bit-wise configuration flag handling

Change configuration type handling to bit-wise flag. This is to align
with Linux's FPGA Manager definitions and promotes better compatibility.

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I5aaf91d3fec538fe3f4fe8395d9adb47ec969434

show more ...

fix(intel): get config status OK status

Config status have different OK requirement between MBOX_CONFIG_STATUS
and MBOX_RECONFIG_STATUS request. This patch adds the checking to
differentiate between

fix(intel): get config status OK status

Config status have different OK requirement between MBOX_CONFIG_STATUS
and MBOX_RECONFIG_STATUS request. This patch adds the checking to
differentiate between both command.

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I45a4c3de460b031757dbcbd0b3a8055cb0a55aff
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>

show more ...

fix(intel): use macro as return value

SMC function should strictly return INTEL_SIP_SMC_STATUS macro. Directly
returning value of variable status might cause confusion in calling
software.

Signed-o

fix(intel): use macro as return value

SMC function should strictly return INTEL_SIP_SMC_STATUS macro. Directly
returning value of variable status might cause confusion in calling
software.

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Iea17f4feaa5c917e8b995471f3019dba6ea8dcd3
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>

show more ...

Merge changes from topic "vendor_makefile_extension" into integration

* changes:
feat(plat/mediatek/build_helpers): introduce mtk makefile
build(makefile): add extra makefile variable for extens

Merge changes from topic "vendor_makefile_extension" into integration

* changes:
feat(plat/mediatek/build_helpers): introduce mtk makefile
build(makefile): add extra makefile variable for extension

show more ...

fix(intel): fix fpga config write return mechanism

This revert commit 279c8015fefcb544eb311b9052f417fc02ab84aa.
The previous change breaks this feature compatibility with Linux driver.
Hence, the fi

fix(intel): fix fpga config write return mechanism

This revert commit 279c8015fefcb544eb311b9052f417fc02ab84aa.
The previous change breaks this feature compatibility with Linux driver.
Hence, the fix for the earlier issue is going to be fixed in uboot instead.

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I93220243bad65ed53322050d990544c7df4ce66b

show more ...

feat(intel): add SiP service for DCMF status

This patch adds 2 additional RSU SiP services for Intel SoCFPGA
platforms:
- INTEL_SIP_SMC_RSU_COPY_DCMF_STATUS stores current DCMF status in
BL31
- IN

feat(intel): add SiP service for DCMF status

This patch adds 2 additional RSU SiP services for Intel SoCFPGA
platforms:
- INTEL_SIP_SMC_RSU_COPY_DCMF_STATUS stores current DCMF status in
BL31
- INTEL_SIP_SMC_RSU_DCMF_STATUS is calling function for non-secure
software to retrieve stored DCMF status

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ic7a3e6988c71ad4bf66c58a1d669956524dfdf11

show more ...

Merge changes from topic "qemu-measured-boot" into integration

* changes:
fix(arm): fix fvp and juno build with USE_ROMLIB option
feat(fdt-wrappers): add function to find or add a sudnode

feat(intel): add RSU 'Max Retry' SiP SMC services

Add SiP SMC services to store/retrieve 'Max Retry' counter
for Remote System Update (RSU).

Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
S

feat(intel): add RSU 'Max Retry' SiP SMC services

Add SiP SMC services to store/retrieve 'Max Retry' counter
for Remote System Update (RSU).

Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: I17c1f0107ead64e6160954d26407f399003bcbd9

show more ...

feat(qemu): add support for measured boot

Add helper functions to generate event log for qemu
when MEASURED_BOOT=1.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Change-Id: I17a098cb614a3

feat(qemu): add support for measured boot

Add helper functions to generate event log for qemu
when MEASURED_BOOT=1.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Change-Id: I17a098cb614a3a89fe0fe9577bed6edda8bfd070

show more ...

fix(arm): fix fvp and juno build with USE_ROMLIB option

Change-Id: I8a9b30a952be594435003f0d684e3faad484e8b8
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

feat(intel): enable SMC SoC FPGA bridges enable/disable

Enable SoC FPGA bridges enable/disable from non-secure world
through secure monitor calls

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <

feat(intel): enable SMC SoC FPGA bridges enable/disable

Enable SoC FPGA bridges enable/disable from non-secure world
through secure monitor calls

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I4474abab9731923a61ff0e7eb2c2fa32048001cb
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>

show more ...

feat(intel): add SMC/PSCI services for DCMF version support

Support get/store RSU DCMF version:
INTEL_SIP_SMC_RSU_DCMF_VERSION - Get current DCMF version
INTEL_SIP_SMC_RSU_COPY_DCMF_VERSION - Store

feat(intel): add SMC/PSCI services for DCMF version support

Support get/store RSU DCMF version:
INTEL_SIP_SMC_RSU_DCMF_VERSION - Get current DCMF version
INTEL_SIP_SMC_RSU_COPY_DCMF_VERSION - Store current DCMF version

Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: I85ffbc0efc859736899d4812f040fd7be17c8d8d

show more ...

feat(intel): allow to access all register addresses if DEBUG=1

Allow to access all register addresses from SMC call if compile the code
with DEBUG=1 for debugging purpose.

Signed-off-by: Siew Chin

feat(intel): allow to access all register addresses if DEBUG=1

Allow to access all register addresses from SMC call if compile the code
with DEBUG=1 for debugging purpose.

Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: Idd31827fb71307efbdbcceeaa05f6cb072842e10

show more ...

fix(intel): modify how configuration type is handled

This patch creates macros to handle different configuration
types. These changes will help in adding new configuration
types in the future.

Sign

fix(intel): modify how configuration type is handled

This patch creates macros to handle different configuration
types. These changes will help in adding new configuration
types in the future.

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: I5826a8e5942228a9ed376212f0df43b1605c0199

show more ...

feat(intel): support SiP SVC version

This command supports to return SiP SVC major and minor version.

Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.li

feat(intel): support SiP SVC version

This command supports to return SiP SVC major and minor version.

Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: Ia8bf678b8de0278aeaae748f24bdd05f8c9f9b47

show more ...

feat(intel): enable firewall for OCRAM in BL31

Set OCRAM as secure region and required privileged access in BL31 to
prevent software running in normal world (non-secure) accessing memory
region in O

feat(intel): enable firewall for OCRAM in BL31

Set OCRAM as secure region and required privileged access in BL31 to
prevent software running in normal world (non-secure) accessing memory
region in OCRAM which may contain sensitive information (e.g. FSBL,
handoff data)

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ib6b24efd69f49cd3f9aa4ef2ea9f1af5ce582bd6
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>

show more ...

feat(intel): create source file for firewall configuration

Move codes that previously were part of system_manager driver into
firewall driver which are more appropriate based on their functionalitie

feat(intel): create source file for firewall configuration

Move codes that previously were part of system_manager driver into
firewall driver which are more appropriate based on their functionalities.

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I35e9d792f35ee7491c2f306781417a0c8faae3fd
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>

show more ...

fix(intel): refactor NOC header

Refactor NOC header to be shareable across both Stratix 10 and Agilex
platforms. This patch also removes redundant NOC declarations in system
manager header file.

Si

fix(intel): refactor NOC header

Refactor NOC header to be shareable across both Stratix 10 and Agilex
platforms. This patch also removes redundant NOC declarations in system
manager header file.

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I6348b67a8b54c2ad19327d6b8c25ae37d25e4b4a
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>

show more ...

feat(plat/mediatek/build_helpers): introduce mtk makefile

In order to modularize software libraries and platform drivers,
we create makefile helpers to treat a folder as a basic compile
unit.

Each

feat(plat/mediatek/build_helpers): introduce mtk makefile

In order to modularize software libraries and platform drivers,
we create makefile helpers to treat a folder as a basic compile
unit.

Each module has a build rule (rules.mk) to describe driver and software
library source codes to be built in.

Signed-off-by: Leon Chen <leon.chen@mediatek.com>
Change-Id: Ib2113b259dc97937b7295b265509025b43b14077

show more ...

feat(fvp): update HW_CONFIG DT loading mechanism

Currently, HW-config is loaded into non-secure memory, which mean
a malicious NS-agent could tamper with it. Ideally, this shouldn't
be an issue sinc

feat(fvp): update HW_CONFIG DT loading mechanism

Currently, HW-config is loaded into non-secure memory, which mean
a malicious NS-agent could tamper with it. Ideally, this shouldn't
be an issue since no software runs in non-secure world at this time
(non-secure world has not been started yet).

It does not provide a guarantee though since malicious external
NS-agents can take control of this memory region for update/corruption
after BL2 loads it and before BL31/BL32/SP_MIN consumes it. The threat
is mapped to Threat ID#3 (Bypass authentication scenario) in threat
model [1].

Hence modified the code as below -
1. BL2 loads the HW_CONFIG into secure memory
2. BL2 makes a copy of the HW_CONFIG in the non-secure memory at an
address provided by the newly added property(ns-load-address) in
the 'hw-config' node of the FW_CONFIG
3. SP_MIN receives the FW_CONFIG address from BL2 via arg1 so that
it can retrieve details (address and size) of HW_CONFIG from
FW_CONFIG
4. A secure and non-secure HW_CONFIG address will eventually be used
by BL31/SP_MIN/BL32 and BL33 components respectively
5. BL31/SP_MIN dynamically maps the Secure HW_CONFIG region and reads
information from it to local variables (structures) and then
unmaps it
6. Reduce HW_CONFIG maximum size from 16MB to 1MB; it appears
sufficient, and it will also create a free space for any future
components to be added to memory

[1]: https://trustedfirmware-a.readthedocs.io/en/latest/threat_model/threat_model.html

Change-Id: I1d431f3e640ded60616604b1c33aa638b9a1e55e
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

feat(ti): allow build config of low power mode support

Not all K3 platforms support low power mode, so to allow these
features to be included for platforms that do in build and
therefore reported in

feat(ti): allow build config of low power mode support

Not all K3 platforms support low power mode, so to allow these
features to be included for platforms that do in build and
therefore reported in the PSCI caps, define K3_PM_SYSTEM_SUSPEND
flag that can be set during build that will cause appropriate
space and functionality to be included in build for system
suspend support.

Change-Id: I821fbbd5232d91de6c40f63254b855e285d9b3e8
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>

show more ...

feat(ti): increase SEC_SRAM_SIZE to 128k

Increase the lite platform SEC_SRAM_SIZE to 128k to allow space
for GIC context.

Change-Id: I6414309757ce9a9b7b3a9233a401312bfc459a3b
Signed-off-by: Dave Ge

feat(ti): increase SEC_SRAM_SIZE to 128k

Increase the lite platform SEC_SRAM_SIZE to 128k to allow space
for GIC context.

Change-Id: I6414309757ce9a9b7b3a9233a401312bfc459a3b
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>

show more ...

feat(ti): add PSCI handlers for system suspend

Add necessary K3 PSCI handlers to enable system suspend to be reported
in the PSCI capabilities when asked during OS boot.

Additionally, have the hand

feat(ti): add PSCI handlers for system suspend

Add necessary K3 PSCI handlers to enable system suspend to be reported
in the PSCI capabilities when asked during OS boot.

Additionally, have the handlers provide information that all domains
should be off and also have the power domain suspend handler invoke the
TISCI_MSG_ENTER_SLEEP message to enter system suspend.

Change-Id: I351a16167770e9909e8ca525ee0d74fa93331194
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>

show more ...