There are two different implementations to do a secure monitor call:
smc_call() and arm_smccc_smc(). The former is defined in fwcall.c and
seems to be an ad-hoc implementation. The latter is imported from linux.
smc_call() is also only available if CONFIG_ARMV8_PSCI is not defined.
This makes it impossible to have both PSCI calls and PSCI implementation
in one u-boot build. The layerscape SoC code decide at runtime via
check_psci() if there is a PSCI support. Therefore, this is a
prerequisite patch to add PSCI implementation support for the layerscape
SoCs.
Note, for the TFA part, this is only compile time tested with
(ls1028ardb_tfa_defconfig).
Signed-off-by: Michael Walle <michael@walle.cc>
[Rebased]
Signed-off-by: Priyanka Jain <priyanka.jain@nxp.com>
At present this function does not accept a size for the FIT. This means
that it must be read from the FIT itself, introducing potential security
risk. Update the function to include a size parameter, which can be
invalid, in which case fit_check_format() calculates it.
For now no callers pass the size, but this can be updated later.
Also adjust the return value to an error code so that all the different
types of problems can be distinguished by the user.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
Move this out of the common header and include it only where needed. In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly. Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.
Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.
Signed-off-by: Simon Glass <sjg@chromium.org>
These functions are CPU-related and do not use driver model. Move them to
cpu_func.h
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Returns job ring status as true in TFABOOT, as one job ring is always
reserved.
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Pankit Garg <pankit.garg@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Enable support for multiple loadable images in SEC firmware FIT image.
Also add example "sec_firmware_ppa.its" file.
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
JR3 was getting removed from device tree only if random number
generation was successful. However, if SEC firmware is present,
JR3 should be removed from device tree node irrespective of the
random seed generation as SEC firmware reserves it for it's use.
Not removing it in case of random number generation failure causes
the kernel to crash.
Random number generation was being called twice. This is not
required. If SEC firmware is running, SIP call can be made to the SEC
firmware to get the random number. This call itself would return
failure if function is not supported. Duplicate calling of random
number generation function has been removed.
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Remove the unit address from the config node name when U-Boot deals with
secure firmware FIT images.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Enable support for loadables in SEC firmware FIT image. Currently
support is added for single loadable image.
Brief description of implementation:
Add two more address pointers (loadable_h, loadable_l) as arguments to
sec_firmware_init() api.
Create new api: sec_firmware_checks_copy_loadable() to check if loadables
node is present in SEC firmware FIT image. If present, verify loadable
image and copies it to secure DDR memory.
Populate address pointers with secure DDR memory addresses where loadable
is copied.
Example use-case could be trusted OS (tee.bin) as loadables node in SEC
firmware FIT image.
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
kASLR support in kernel requires a random number to be passed via
chosen/kaslr-seed propert. sec_firmware generates this random seed
which can then be passed in the device tree node.
sec_firmware reserves JR3 for it's own usage. Node for JR3 is
removed from device-tree.
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
When U-Boot boots from EL2, skip some lowlevel init code requiring
EL3, including CCI-400/CCN-504, trust zone, GIC, etc. These
initialization tasks are carried out before U-Boot runs. This applies
to the RAM version image used for SPL boot if PPA is loaded first.
Signed-off-by: York Sun <york.sun@nxp.com>
PSCI can be used on both multiple and single core socs. Current
implementation only allows PSCI to work on multiple core socs.
This patch removes this restriction so that PSCI can work on
single core socs as well.
Signed-off-by: Chenhui Zhao <chenhui.zhao@nxp.com>
Signed-off-by: Tang Yuantian <andy.tang@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Moved the config FSL_PPA_ARMV8_PSCI from fsl-layerscape's Kconfig to
Kconfig under armv8 and renamed it to SEC_FIRMWARE_ARMV8_PSCI.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
NXP/Freescale uses macro CONFIG_ARMV8_PSCI to enable their private PSCI
implementation in PPA firmware, but this macro naming too generic, so this
patch replaces it with a specic one CONFIG_FSL_PPA_ARMV8_PSCI.
And this macro CONFIG_ARMV8_PSCI will be used for a generic PSCI for ARMv8
which will be added in following patchs.
Signed-off-by: Hongbo Zhang <hongbo.zhang@nxp.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: York Sun <york.sun@nxp.com>
When enabled sec firmware framework, but lack of definition of
the marco SEC_FIRMWARE_FIT_IMAGE, SEC_FIRMEWARE_FIT_CNF_NAME
and SEC_FIRMWARE_TARGET_EL, there will be some build errors,
so give a default definition.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
This framework is introduced for ARMv8 secure monitor mode firmware.
The main functions of the framework are, on EL3, verify the firmware,
load it to the secure memory and jump into it, and while it returned
to U-Boot, do some necessary setups at the 'target exception level'
that is determined by the respective secure firmware.
So far, the framework support only FIT format image, and need to define
the name of which config node should be used in 'configurations' and
the name of property for the raw secure firmware image in that config.
The FIT image should be stored in Byte accessing memory, such as NOR
Flash, or else it should be copied to main memory to use this framework.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>