plat/arm: juno: Use TRNG entropy source for SMCCC TRNG interface

Now that we have a framework for the SMCCC TRNG interface, and the
existing Juno entropy code has been prepared, add the few remainin

plat/arm: juno: Use TRNG entropy source for SMCCC TRNG interface

Now that we have a framework for the SMCCC TRNG interface, and the
existing Juno entropy code has been prepared, add the few remaining bits
to implement this interface for the Juno Trusted Entropy Source.

We retire the existing Juno specific RNG interface, and use the generic
one for the stack canary generation.

Change-Id: Ib6a6e5568cb8e0059d71740e2d18d6817b07127d
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

plat/arm: juno: Condition Juno entropy source with CRC instructions

The Juno Trusted Entropy Source has a bias, which makes the generated
raw numbers fail a FIPS 140-2 statistic test.

To improve th

plat/arm: juno: Condition Juno entropy source with CRC instructions

The Juno Trusted Entropy Source has a bias, which makes the generated
raw numbers fail a FIPS 140-2 statistic test.

To improve the quality of the numbers, we can use the CPU's CRC
instructions, which do a decent job on conditioning the bits.

This adds a *very* simple version of arm_acle.h, which is typically
provided by the compiler, and contains the CRC instrinsics definitions
we need. We need the original version by using -nostdinc.

Change-Id: I83d3e6902d6a1164aacd5060ac13a38f0057bd1a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

nxp: added the makefile helper macros

NXP specifc macro SET_NXP_MAKE_FLAG is added.

NXP has pool of multiple IPs. This macro helps:
- In soc.mk, this macro help the selected IP source files to be i

nxp: added the makefile helper macros

NXP specifc macro SET_NXP_MAKE_FLAG is added.

NXP has pool of multiple IPs. This macro helps:
- In soc.mk, this macro help the selected IP source files to be included
for that SoC.
-- The set of IPs required for one NXP SoC is different to the set of IPs
required by another NXP SoC.

- For the same SoC,
-- For one feature, the IP may be required in both BL2 and BL31.
-- Without the above feature, that IP may be required in one.
This macro help in selecting the inclusion of source and header files to:
--- BL2 only
--- BL31 only
--- COMM (used by BL2 and BL31)

Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I2cdb13b89aa815fc5219cf8bfb9666d0a9f78765

show more ...

Merge "plat/arm: juno: Refactor juno_getentropy()" into integration

Merge "plat/arm/rdn2: update TZC base address" into integration

Merge "morello: Modify morello_plat_info structure" into integration

plat/arm: juno: Refactor juno_getentropy()

Currently we use the Juno's TRNG hardware entropy source to initialise
the stack canary. The current function allows to fill a buffer of any
size, but we w

plat/arm: juno: Refactor juno_getentropy()

Currently we use the Juno's TRNG hardware entropy source to initialise
the stack canary. The current function allows to fill a buffer of any
size, but we will actually only ever request 16 bytes, as this is what
the hardware implements. Out of this, we only need at most 64 bits for
the canary.

In preparation for the introduction of the SMCCC TRNG interface, we
can simplify this Juno specific interface by making it compatible with
the generic one: We just deliver 64 bits of entropy on each call.
This reduces the complexity of the code. As the raw entropy register
readouts seem to be biased, it makes sense to do some conditioning
inside the juno_getentropy() function already.
Also initialise the TRNG hardware, if not already done.

Change-Id: I11b977ddc5417d52ac38709a9a7b61499eee481f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

plat/marvell: fix SPD handling in dram port

The DRAM port code issues a dummy write to SPD page-0 i2c address
in order to select this page for the forthcoming read transaction.
If the write buffer l

plat/marvell: fix SPD handling in dram port

The DRAM port code issues a dummy write to SPD page-0 i2c address
in order to select this page for the forthcoming read transaction.
If the write buffer length supplied to i2c_write is not zero, this
call is translated to 2 bus transations:

- set the target offset
- write the data to the target

However no actual data should be transferred to SPD page-0 in order
to select it. Actually, the second transation never receives an ACK
from the target device, which caused the following error report:

ERROR: Status 30 in write transaction

This patch sets the buffer length in page-0 select writes to zero,
leading to bypass the data transfer to the target device.
Issuing the target offset command to SPD page-0 address effectively
selects this page for the read operation.

Change-Id: I4bf8e8c09da115ee875f934bc8fbc9349b995017
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Reviewed-on: https://sj1git1.cavium.com/24387
Tested-by: sa_ip-sw-jenkins <sa_ip-sw-jenkins@marvell.com>
Reviewed-by: Ofer Heifetz <oferh@marvell.com>
Reviewed-by: Moti Buskila <motib@marvell.com>

show more ...

plat/marvell/armada/a8k: support HW RNG by SMC

Add initialization for TRNG-IP-76 driver and support SMC call
0xC200FF11 used for reading HW RNG value by secondary bootloader
software for KASLR suppo

plat/marvell/armada/a8k: support HW RNG by SMC

Add initialization for TRNG-IP-76 driver and support SMC call
0xC200FF11 used for reading HW RNG value by secondary bootloader
software for KASLR support.

Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Change-Id: I1d644f67457b28d347523f8a7bfc4eacc45cba68
Reviewed-on: https://sj1git1.cavium.com/c/IP/SW/boot/atf/+/32688
Reviewed-by: Stefan Chulski <stefanc@marvell.com>
Reviewed-by: Ofer Heifetz <oferh@marvell.com>

show more ...

plat/arm/rdn2: update TZC base address

Update TZC base address to align with the recent changes in the platform
memory map.

Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.c

plat/arm/rdn2: update TZC base address

Update TZC base address to align with the recent changes in the platform
memory map.

Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I0d0ad528a2e236607c744979e1ddc5c6d426687a

show more ...

plat/arm: fvp: Protect GICR frames for fused/unused cores

Currently, BLs are mapping the GIC memory region as read-write
for all cores on boot-up.

This opens up the security hole where the active c

plat/arm: fvp: Protect GICR frames for fused/unused cores

Currently, BLs are mapping the GIC memory region as read-write
for all cores on boot-up.

This opens up the security hole where the active core can write
the GICR frame of fused/inactive core. To avoid this issue, disable
the GICR frame of all inactive cores as below:

1. After primary CPU boots up, map GICR region of all cores as
read-only.
2. After primary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
3. After secondary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
4. All unused/fused core's redistributor regions remain read-only and
write attempt to such protected regions results in an exception.

As mentioned above, this patch offers only the GICR memory-mapped
region protection considering there is no facility at the GIC IP
level to avoid writing the redistributor area.

These changes are currently done in BL31 of Arm FVP and guarded under
the flag 'FVP_GICR_REGION_PROTECTION'.

As of now, this patch is tested manually as below:
1. Disable the FVP cores (core 1, 2, 3) with core 0 as an active core.
2. Verify data abort triggered by manually updating the ‘GICR_CTLR’
register of core 1’s(fused) redistributor from core 0(active).

Change-Id: I86c99c7b41bae137b2011cf2ac17fad0a26e776d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

plat/arm: fvp: Do not map GIC region in BL1 and BL2

GIC memory region is not getting used in BL1 and BL2.
Hence avoid its mapping in BL1 and BL2 that freed some
page table entries to map other memor

plat/arm: fvp: Do not map GIC region in BL1 and BL2

GIC memory region is not getting used in BL1 and BL2.
Hence avoid its mapping in BL1 and BL2 that freed some
page table entries to map other memory regions in the
future.

Retains mapping of CCN interconnect region in BL1 and BL2
overlapped with the GIC memory region.

Change-Id: I880dd0690f94b140e59e4ff0c0d436961b9cb0a7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

plat/arm: Remove ARM_LINUX_KERNEL_AS_BL33 relying on RESET_TO_BL31

So far the ARM platform Makefile would require that RESET_TO_BL31 is set
when we ask for the ARM_LINUX_KERNEL_AS_BL33 feature.
Ther

plat/arm: Remove ARM_LINUX_KERNEL_AS_BL33 relying on RESET_TO_BL31

So far the ARM platform Makefile would require that RESET_TO_BL31 is set
when we ask for the ARM_LINUX_KERNEL_AS_BL33 feature.
There is no real technical reason for that, and the one place in the
code where this was needed has been fixed.

Remove the requirement of those two options to be always enabled
together.
This enables the direct kernel boot feature for the Foundation FVP
(as described in the documentation), which requires a BL1/FIP
combination to boot, so cannot use RESET_TO_BL31.

Change-Id: I6814797b6431b6614d684bab3c5830bfd9481851
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

plat/arm: Always allow ARM_LINUX_KERNEL_AS_BL33

At the moment we have the somewhat artifical limitation of
ARM_LINUX_KERNEL_AS_BL33 only being used together with RESET_TO_BL31.

However there does n

plat/arm: Always allow ARM_LINUX_KERNEL_AS_BL33

At the moment we have the somewhat artifical limitation of
ARM_LINUX_KERNEL_AS_BL33 only being used together with RESET_TO_BL31.

However there does not seem to be a good technical reason for that,
it was probably just to differentate between two different boot flows.

Move the initial register setup for ARM_LINUX_KERNEL_AS_BL33 out of the
RESET_TO_BL31 #ifdef, so that we initialise the registers in any case.

This allows to use a preloaded kernel image when using BL1 and FIP.

Change-Id: I832df272d3829f077661f4ee6d3dd9a276a0118f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

morello: Modify morello_plat_info structure

The structure has been modified to specify the memory
size in bytes instead of Gigabytes.

Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Signed-off-by

morello: Modify morello_plat_info structure

The structure has been modified to specify the memory
size in bytes instead of Gigabytes.

Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Change-Id: I3384677d79af4f3cf55d3c353b6c20bb827b5ae7

show more ...

rainier: remove cpu workaround for errata 1542419

This patch removes the Neoverse N1 CPU errata workaround for
bug 1542419 as the bug is not present in Rainier R0P0 core.

Change-Id: Icaca299b13ef83

rainier: remove cpu workaround for errata 1542419

This patch removes the Neoverse N1 CPU errata workaround for
bug 1542419 as the bug is not present in Rainier R0P0 core.

Change-Id: Icaca299b13ef830b2ee5129576aae655a6288e69
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>

show more ...

plat/qemu: trigger reboot with secure pl061

Secure pl061 qemu driver allows to rize the GPIO pin
from the secure world to reboot and power down
virtual machine.

Do not define secure-gpio for sbsa-r

plat/qemu: trigger reboot with secure pl061

Secure pl061 qemu driver allows to rize the GPIO pin
from the secure world to reboot and power down
virtual machine.

Do not define secure-gpio for sbsa-ref platform due to
reboot is done via sbsa-ec watchdog.

Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Change-Id: I508d7c5cf4c75cb169b34b00682a76f6761d3869

show more ...

qti: spmi_arb: Fix NUM_APID and REG_APID_MAP() argument

The NUM_APID value was derived from kernel device tree sources, but I
made a conversion mistake: the amount of bytes in the APID map is the
to

qti: spmi_arb: Fix NUM_APID and REG_APID_MAP() argument

The NUM_APID value was derived from kernel device tree sources, but I
made a conversion mistake: the amount of bytes in the APID map is the
total size of the "core" register range (0x1100) minus the offset of the
APID map in that range (0x900). This is of course 0x1100 - 0x900 = 0x800
and not 0x200, so the amount of 4-byte integers it can fit is not 0x80
but 0x200. Fix this and make the math more explicit so it can be more
easily factored out and adjusted if that becomes necessary for a future
SoC.

Also fix a dangerous typo in REG_APID_MAP() where the macro would
reference a random variable `i` rather than its argument (`apid`), and
we just got lucky that the only caller in the current code happened to
pass in a variable called `i` as that argument.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I049dd044fa5aeb65be0e7b12150afd6eb4bac0fa

show more ...

Merge changes from topic "RD_INFRA_POWER_MODING" into integration

* changes:
plat/arm/board: enable AMU for RD-N2
plat/arm/board: enable AMU for RD-V1
plat/arm/sgi: allow all PSCI callbacks on

Merge changes from topic "RD_INFRA_POWER_MODING" into integration

* changes:
plat/arm/board: enable AMU for RD-N2
plat/arm/board: enable AMU for RD-V1
plat/arm/sgi: allow all PSCI callbacks on RD-V1

show more ...

Merge "plat/arm:juno: fix parallel build issue for romlib config" into integration

product/tc0: Enable Theodul DSU in TC platform

Increase the core count and add respective entries in DTS.
Add Klein assembly file to cpu sources for core initialization.
Add SCMI entries for cores.

product/tc0: Enable Theodul DSU in TC platform

Increase the core count and add respective entries in DTS.
Add Klein assembly file to cpu sources for core initialization.
Add SCMI entries for cores.

Signed-off-by: Avinash Mehta <avinash.mehta@arm.com>
Change-Id: I14dc1d87df6dcc8d560ade833ce1f92507054747

show more ...

plat/arm:juno: fix parallel build issue for romlib config

When building TF-A with USE_ROMLIB=1 and -j make options, the build fails with the following error:
make[1]: *** No rule to make target '/bu

plat/arm:juno: fix parallel build issue for romlib config

When building TF-A with USE_ROMLIB=1 and -j make options, the build fails with the following error:
make[1]: *** No rule to make target '/build/juno/debug/romlib/romlib.bin', needed by 'bl1_romlib.bin'.
This patch fixes that issue.

Signed-off-by: Zelalem <zelalem.aweke@arm.com>
Change-Id: I0cca416f3f50f400759164e0735c2d6b520ebf84

show more ...

Merge changes from topic "marvell-a3k-separate-flash-and-uart" into integration

* changes:
plat: marvell: armada: a3k: Do not use 'echo -e' in Makefile
docs: marvell: Update info about BOOTDEV=S

Merge changes from topic "marvell-a3k-separate-flash-and-uart" into integration

* changes:
plat: marvell: armada: a3k: Do not use 'echo -e' in Makefile
docs: marvell: Update info about BOOTDEV=SATA

show more ...

Merge changes from topic "marvell-a3k-separate-flash-and-uart" into integration

* changes:
docs: marvell: Update info about WTMI_IMG option
plat: marvell: armada: a3k: Remove unused variable WTM

Merge changes from topic "marvell-a3k-separate-flash-and-uart" into integration

* changes:
docs: marvell: Update info about WTMI_IMG option
plat: marvell: armada: a3k: Remove unused variable WTMI_SYSINIT_IMG from Makefile
plat: marvell: armada: Show informative build messages and blank lines
plat: marvell: armada: Move definition of mrvl_flash target to common marvell_common.mk file
plat: marvell: armada: a3k: Use $(Q) instead of @
plat: marvell: armada: a3k: Add a new target mrvl_uart which builds UART image
plat: marvell: armada: a3k: Build UART image files directly in $(BUILD_UART) subdirectory
plat: marvell: armada: a3k: Build intermediate files in $(BUILD_PLAT) directory
plat: marvell: armada: a3k: Correctly set DDR_TOPOLOGY and CLOCKSPRESET for WTMI
plat: marvell: armada: a3k: Allow use of the system Crypto++ library
docs: marvell: Update info about WTP and MV_DDR_PATH parameters
plat: marvell: armada: a3k: Add checks that WTP, MV_DDR_PATH and CRYPTOPP_PATH are correctly defined
docs: marvell: Update mv-ddr-marvell and A3700-utils-marvell branches

show more ...

Merge changes from topic "sunxi-split-psci" into integration

* changes:
allwinner: Leave CPU power alone during BL31 setup
allwinner: psci: Invert check in .validate_ns_entrypoint
allwinner: p

Merge changes from topic "sunxi-split-psci" into integration

* changes:
allwinner: Leave CPU power alone during BL31 setup
allwinner: psci: Invert check in .validate_ns_entrypoint
allwinner: psci: Drop MPIDR check from .pwr_domain_on
allwinner: psci: Drop .get_node_hw_state callback

show more ...