fix(st-clock): force ARM_DIVSEL for flexgen63 config at 400MHz

The clkext2f frequency at 400MHZ, the default flexgen63 config,
is not supported without a divider by 2 as described in reference Manue

fix(st-clock): force ARM_DIVSEL for flexgen63 config at 400MHz

The clkext2f frequency at 400MHZ, the default flexgen63 config,
is not supported without a divider by 2 as described in reference Manuel,
chapter 3.3 Cortex-A35 clocking:

The clock for the Cortex-A35 subsystem can be selected among:
a clock from the device clock generator (aka ck_cpu1_ext2f). The maximum
frequency on this clock is 400 MHz with a divider by two, enabled thanks
to the CA35SS_SSC_CHGCLKREQ SSC register.

In OpenSTLinux clock tree you assume flexgen63 = 400MHz,
so we force divider by 2 for ck_cpu1_ext2f clock, the CA35 bypass clock
with ARM_DIVSEL = 0.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I9d11f9316ce3a2c7280a9bb7652d241b164ce5a1

show more ...

docs: deprecate Arm RD1AE platform

RD1AE (Kronos) is now deprecated in TF-A v2.14. Emit a build-time
warning in platform.mk of that platform to make the status explicit.
Update docs/plat/index.rst t

docs: deprecate Arm RD1AE platform

RD1AE (Kronos) is now deprecated in TF-A v2.14. Emit a build-time
warning in platform.mk of that platform to make the status explicit.
Update docs/plat/index.rst to list RD1AE with deleted version set to
TBD.
Drop from the deprecated table platforms that were already deleted in
v2.13 (TC2, fvp_r, SGI-575, RD-N1-Edge, RD-V1, RD-V1-MC).

Change-Id: Ia334a1901fbf303e876e85c8075e2ac7e3fa0d67
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

fix(el3-runtime): allow RNDR access at EL3 even when RNG_TRAP is enabled

RNG_TRAP will also trap RNDR accesses at EL3 which we don't want as we
have no way to handle nested exceptions. Clear the tra

fix(el3-runtime): allow RNDR access at EL3 even when RNG_TRAP is enabled

RNG_TRAP will also trap RNDR accesses at EL3 which we don't want as we
have no way to handle nested exceptions. Clear the trap with root
context to always allow access at EL3.

Change-Id: I6e4cd8b5a7730f6ffbeed912d9301877d271110d
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

fix(smccc): don't panic on a feature availability call with FEAT_RNG_TRAP

FEAT_RNG_TRAP requires a little bit of extra care to be reported
correctly, which we do. However, the check value isn't upda

fix(smccc): don't panic on a feature availability call with FEAT_RNG_TRAP

FEAT_RNG_TRAP requires a little bit of extra care to be reported
correctly, which we do. However, the check value isn't updated
accordingly leading to a panic. Update it to avoid.

Change-Id: Id5086b3cd1c6dd74287397b9636088fe1ccb5703
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

fix(bl1): use per-world context correctly

Currently, the configuration with BL1 and BL2 at SEL1 will transition
via el3_exit which will restore per-world context. However, that context
is never writ

fix(bl1): use per-world context correctly

Currently, the configuration with BL1 and BL2 at SEL1 will transition
via el3_exit which will restore per-world context. However, that context
is never written to and so zeroes end up in registers, which is not
necessarily correct.

This patch gets BL1 to call cm_manage_extensions_per_world() whenever
BL2 runs in a lower EL. This allows the per-world registers to have the
reset values we intend. An accompanying call to
cm_manage_extensions_el3() is also added for completeness.

Doing this shows a small deficiency in cptr_el3 - bits TFP and TCPAC
change a lot. This patch makes them consistent by always setting TCPAC
and TFP to 0 which unconditionally enable access to CPTR_EL2 and FPCR by
default as they are always accessible. Other places that manipulate the
TFP bit are removed.

A nice side effect of all of this is that we're now in a position to
enable and use any architectural extension in BL2.

Change-Id: I070d62bbf8e9d9b472caf7e2c931c303523be308
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge "feat(docs): update context management's threat model" into integration

Merge "docs: add Architectural Feature Support reference" into integration

Merge changes Ic735cd1c,Iba4cdbf5,I0dd74152,I3a051ca2,Ie413233d, ... into integration

* changes:
feat(stm32mp2): add RIFSC/RISAB protection for USB3DR
feat(st-drivers): add RIFSC driver
feat(s

Merge changes Ic735cd1c,Iba4cdbf5,I0dd74152,I3a051ca2,Ie413233d, ... into integration

* changes:
feat(stm32mp2): add RIFSC/RISAB protection for USB3DR
feat(st-drivers): add RIFSC driver
feat(stm32mp2): add STM32MP_USB_PROGRAMMER support
feat(stm32mp2): generate FIP for DDR initialization
feat(stm32mp2): add support for minimal FIP with only DDR FW
fix(st): allow several call of stm32cubeprog_uart_load
feat(st): update stm32cubeprogrammer API
feat(stm32mp1): add stm32_get_uid_otp
feat(st-usb): add USB DWC3 driver
fix(st): replace down counter by a timeout upon dfu detach

show more ...

Merge "feat(cpus): enable Maximum Power Mitigation Mechanism" into integration

Merge "feat(cpus): add support for venom cpu" into integration

Merge "fix(security): add clrbhb support" into integration

feat(stm32mp2): add RIFSC/RISAB protection for USB3DR

Add RIFSC/RISAB protection for USB3-IP:
- USB3DR Peripheral only accessible form Secure/Priv
- USB3DR Master is Secure/Priv to access SYSRAM in

feat(stm32mp2): add RIFSC/RISAB protection for USB3DR

Add RIFSC/RISAB protection for USB3-IP:
- USB3DR Peripheral only accessible form Secure/Priv
- USB3DR Master is Secure/Priv to access SYSRAM in bl2 plat setup.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Change-Id: Ic735cd1cadc5a3a52065b0c7db328268d405a77c

show more ...

feat(st-drivers): add RIFSC driver

RIFSC (RIF Security Controller) is responsible for the isolation
of hardware resources like memory or peripherals. It is composed of:

-RISC registers(slave periph

feat(st-drivers): add RIFSC driver

RIFSC (RIF Security Controller) is responsible for the isolation
of hardware resources like memory or peripherals. It is composed of:

-RISC registers(slave peripherals) with RISUP(Resource Isolation
Slave Unit for Peripherals) OR RISAL(Resource Isolation Slave Unit
for Address space - Lite) logics.
-RIMC registers(Non RIF-Aware masters counterpart) with RIMU
(Resource Isolation Master Unit) logic. It is possible for a master to
inherit from its slave port(RISUP) configuration.

This doesn't support semaphore acquisition.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Maxime Méré <maxime.mere@foss.st.com>
Change-Id: Iba4cdbf53243292fa0b42cad8392c43734dd9bc2

show more ...

feat(stm32mp2): add STM32MP_USB_PROGRAMMER support

Add STM32MP_USB_PROGRAMMER support for STM32MP2 platform by
compiling usb-dwc3 driver and adding the requested memory and
USB-DFU configurations.

feat(stm32mp2): add STM32MP_USB_PROGRAMMER support

Add STM32MP_USB_PROGRAMMER support for STM32MP2 platform by
compiling usb-dwc3 driver and adding the requested memory and
USB-DFU configurations.

The DFU stack is used in BL2 when STM32MP_USB_PROGRAMMER is activated
by the STMicroelectronics tools STM32Cubeprogrammer for serial boot mode
on USB.

Change-Id: I0dd74152ee6e0a3a3d1332d4fb2edbae7743fcc1
Signed-off-by: Pankaj Dev <pankaj.dev@st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>

show more ...

feat(stm32mp2): generate FIP for DDR initialization

Generate a minimal FIP used for DDR initialization for serial boot
when STM32MP_DDR_FIP_IO_STORAGE is activated.

It is loaded in internal memory

feat(stm32mp2): generate FIP for DDR initialization

Generate a minimal FIP used for DDR initialization for serial boot
when STM32MP_DDR_FIP_IO_STORAGE is activated.

It is loaded in internal memory before to be used with support of
the FIP memmap.

To ease Trusted Boot porting for serial boot, we can use TOOL_ADD_IMG
with a DDR_ prefix. To avoid the overriding rule issue with the check
rule in TOOL_ADD_IMG, a copy of the STM32MP_DDR_FW variable is created.

Change-Id: I3a051ca2b258771e48c6e9fed9d77ab512c2416f
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>

show more ...

feat(stm32mp2): add support for minimal FIP with only DDR FW

Load a minimal FIP used for DDR initialization for serial boot
when STM32MP_DDR_FIP_IO_STORAGE is activated.

This DDR FIP is loaded at t

feat(stm32mp2): add support for minimal FIP with only DDR FW

Load a minimal FIP used for DDR initialization for serial boot
when STM32MP_DDR_FIP_IO_STORAGE is activated.

This DDR FIP is loaded at the beginning of SYSRAM and used with
support of memmap features.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: Ie413233de0e4d785b2d669087da34110df557ad3

show more ...

fix(st): allow several call of stm32cubeprog_uart_load

Update the function stm32cubeprog_uart_load() to skip the UART
initialization when the function is called a second time.

On STM32MP25, this fu

fix(st): allow several call of stm32cubeprog_uart_load

Update the function stm32cubeprog_uart_load() to skip the UART
initialization when the function is called a second time.

On STM32MP25, this function is called 2 times, first to load FIP DDR
in small internal memory and after DDR initialization, to load FIP in
this large external memory

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: Ibbb4ad44b89730d6c6101c89e56c59978d38cfed

show more ...

feat(st): update stm32cubeprogrammer API

Update the API stm32cubeprog_[uart/usb]_load() to provide the requested
phase; the phase is no more assumed to PHASE_SSBL.

Signed-off-by: Patrick Delaunay <

feat(st): update stm32cubeprogrammer API

Update the API stm32cubeprog_[uart/usb]_load() to provide the requested
phase; the phase is no more assumed to PHASE_SSBL.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I3e14ce0bd5bfce59f141d672b0d66be04012820f

show more ...

feat(stm32mp1): add stm32_get_uid_otp

Add a generic function to get the unique device id (UID)
from the OTP.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: Id15dbb6668b4b

feat(stm32mp1): add stm32_get_uid_otp

Add a generic function to get the unique device id (UID)
from the OTP.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: Id15dbb6668b4bafe44e86c33e76ec64a3c982387

show more ...

feat(st-usb): add USB DWC3 driver

Initial patch for usb-dwc3 driver in STM32MP2 for USB-DFU Mode

Change-Id: Ia63bd7fcd77403c7fe2dca2709021cab31b3b508
Signed-off-by: Maxime Méré <maxime.mere@foss.st

feat(st-usb): add USB DWC3 driver

Initial patch for usb-dwc3 driver in STM32MP2 for USB-DFU Mode

Change-Id: Ia63bd7fcd77403c7fe2dca2709021cab31b3b508
Signed-off-by: Maxime Méré <maxime.mere@foss.st.com>
Signed-off-by: Pankaj Dev <pankaj.dev@st.com>

show more ...

fix(st): replace down counter by a timeout upon dfu detach

On stm32mp2, DFU detach sometimes makes subsequent usb start to fail.
The core doesn't have the time to properly finalize the last setup
ph

fix(st): replace down counter by a timeout upon dfu detach

On stm32mp2, DFU detach sometimes makes subsequent usb start to fail.
The core doesn't have the time to properly finalize the last setup
phase. This results in error logs seen:
ERROR: dwc3_handle_dev_event: 1688
ERROR: dwc3_handle_dev_event: 1692

Just enabling "DFU USB STOP" message hides the issue, sequentially:
usb_core_start()
...
usb_dfu_loop() // runs until DFU_DETACH command
--> while(it_count != 0U) {
usb_core_handle_it()
if (usb_dfu_detach_req)
it_count--; // down count from 100 to 0
}
...
INFO("DFU USB STOP...\n");
usb_core_stop()

The down-counter (it_count) value doesn't seem to be enough, and seems
not robust against CPU speed. So rather adopt a 100us timeout. It's
determined experimentally (above issue seems to be triggered around
20us to 30us, so keep some margin).

Change-Id: Iac37c346ad938cd917dfbd7e4622546d29ee7517
Signed-off-by: Fabrice Gasnier <fabrice.gasnier@foss.st.com>

show more ...

docs: add Architectural Feature Support reference

Introduce a central document to track the status of Arm architectural
features in TF-A.

This aims to provide a single reference point to check whet

docs: add Architectural Feature Support reference

Introduce a central document to track the status of Arm architectural
features in TF-A.

This aims to provide a single reference point to check whether a given
feature is:
- explicitly supported in TF-A (OK)
- transparent from EL3 (no changes required) (NA)
- Analyzed but decided not to implemened (NO)
- Implementation in progress (WIP)
- not yet analyzed.

This reduces the current reliance on grepping the code, browsing JIRA,
or cross-referencing the Arm ARM to answer feature status queries.

The content is aligned with Arm’s yearly architectural feature updates
(see [Architecture Feature Descriptions](https://developer.arm.com/documentation/109697/latest/)).

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I32cc07268fc641180837a42a973308dab0824236

show more ...

Merge "docs: add dependabot patches for LTS" into integration

Merge changes from topic "ahmed-azeem/rdaspen-enhancements" into integration

* changes:
fix(dsu): dsu config for all cores in hot reset
docs(rdaspen): bl32 and GPT support
feat(rdaspen): suppo

Merge changes from topic "ahmed-azeem/rdaspen-enhancements" into integration

* changes:
fix(dsu): dsu config for all cores in hot reset
docs(rdaspen): bl32 and GPT support
feat(rdaspen): support BL32 (OP-TEE)

show more ...

feat(s32g274ardb): add DDR clock source support

Introduce support to configure DDR clock
source and safely deasserting the reset
signal for the DDR controller.

These utilities are required before
i

feat(s32g274ardb): add DDR clock source support

Introduce support to configure DDR clock
source and safely deasserting the reset
signal for the DDR controller.

These utilities are required before
initializing the DDR subsystem.

Change-Id: I48cc984f73fca5cde1b81e9075488fd5bed420d6
Signed-off-by: Ghennadi Procopciuc <ghennadi.procopciuc@nxp.com>
Signed-off-by: Andrei Cherechesu <andrei.cherechesu@nxp.com>
Signed-off-by: Khristine Andreea Barbulescu <khristineandreea.barbulescu@nxp.com>

show more ...