Enable support for loadables in SEC firmware FIT image. Currently
support is added for single loadable image.
Brief description of implementation:
Add two more address pointers (loadable_h, loadable_l) as arguments to
sec_firmware_init() api.
Create new api: sec_firmware_checks_copy_loadable() to check if loadables
node is present in SEC firmware FIT image. If present, verify loadable
image and copies it to secure DDR memory.
Populate address pointers with secure DDR memory addresses where loadable
is copied.
Example use-case could be trusted OS (tee.bin) as loadables node in SEC
firmware FIT image.
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Add space around operator "+", make it
match the coding style.
Signed-off-by: Andy Yan <andy.yan@rock-chips.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Macro VA_BITS and PTE_BLOCK_BITS are not used
in the code, so remove them.
Signed-off-by: Andy Yan <andy.yan@rock-chips.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: York Sun <york.sun@nxp.com>
kASLR support in kernel requires a random number to be passed via
chosen/kaslr-seed propert. sec_firmware generates this random seed
which can then be passed in the device tree node.
sec_firmware reserves JR3 for it's own usage. Node for JR3 is
removed from device-tree.
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
PSCI can be used on both multiple and single core socs. Current
implementation only allows PSCI to work on multiple core socs.
This patch removes this restriction so that PSCI can work on
single core socs as well.
Signed-off-by: Chenhui Zhao <chenhui.zhao@nxp.com>
Signed-off-by: Tang Yuantian <andy.tang@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Moved the ifdef into ppa.h and removed the duplicated macros.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Function mmu_change_region_attr() is added to change existing mapping
with updated PXN, UXN and memory type. This is a break-before-make
process during which the mapping becomes fault (invalid) before final
attributres are set.
Signed-off-by: York Sun <york.sun@nxp.com>
Moved the config FSL_PPA_ARMV8_PSCI from fsl-layerscape's Kconfig to
Kconfig under armv8 and renamed it to SEC_FIRMWARE_ARMV8_PSCI.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
The UL() macro is pretty useful in sharing constants between assembly
and C files while still being able to specify a type for C.
Move the macro from an armv8 specific header into a common header file
to be able to use it by arm code (for instance) as well.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Jagan Teki <jagan@openedev.com>
NXP/Freescale uses macro CONFIG_ARMV8_PSCI to enable their private PSCI
implementation in PPA firmware, but this macro naming too generic, so this
patch replaces it with a specic one CONFIG_FSL_PPA_ARMV8_PSCI.
And this macro CONFIG_ARMV8_PSCI will be used for a generic PSCI for ARMv8
which will be added in following patchs.
Signed-off-by: Hongbo Zhang <hongbo.zhang@nxp.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: York Sun <york.sun@nxp.com>
The FSL Primary Protected Application (PPA) is a software component
loaded during boot which runs in TrustZone and remains resident
after boot.
Use the secure firmware framework to integrate FSL PPA into U-Boot.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
This framework is introduced for ARMv8 secure monitor mode firmware.
The main functions of the framework are, on EL3, verify the firmware,
load it to the secure memory and jump into it, and while it returned
to U-Boot, do some necessary setups at the 'target exception level'
that is determined by the respective secure firmware.
So far, the framework support only FIT format image, and need to define
the name of which config node should be used in 'configurations' and
the name of property for the raw secure firmware image in that config.
The FIT image should be stored in Byte accessing memory, such as NOR
Flash, or else it should be copied to main memory to use this framework.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Introduce virtual and physical addresses in the mapping table. This change
have no impact on existing boards because they all use idential mapping.
Signed-off-by: York Sun <york.sun@nxp.com>
Make setup_pgtages() and get_tcr() available for platform code to
customize MMU tables.
Remove unintentional call of create_table().
Signed-off-by: York Sun <york.sun@nxp.com>
By now the code to only have a single page table level with 64k page
size and 42 bit address space is no longer used by any board in tree,
so we can safely remove it.
To clean up code, move the layerscape mmu code to the new defines,
removing redundant field definitions.
Signed-off-by: Alexander Graf <agraf@suse.de>
The MMU range table can vary depending on things we may only find
out at runtime. While the very simple ThunderX variant does not
change, other boards will, so move the definition from a static
entry in a header file to the board file.
Signed-off-by: Alexander Graf <agraf@suse.de>
The idea to generate our pages tables from an array of memory ranges
is very sound. However, instead of hard coding the code to create up
to 2 levels of 64k granule page tables, we really should just create
normal 4k page tables that allow us to set caching attributes on 2M
or 4k level later on.
So this patch moves the full_va mapping code to 4k page size and
makes it fully flexible to dynamically create as many levels as
necessary for a map (including dynamic 1G/2M pages). It also adds
support to dynamically split a large map into smaller ones when
some code wants to set dcache attributes.
With all this in place, there is very little reason to create your
own page tables in board specific files.
Signed-off-by: Alexander Graf <agraf@suse.de>
When running in EL1, AArch64 knows two page table maps. One with addresses
that start with all zeros (TTBR0) and one with addresses that start with all
ones (TTBR1).
In U-Boot we don't care about the high up maps, so just disable them to ensure
we don't walk an invalid page table by accident.
Reported-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Based on the memory map we can determine a lot of hard coded fields of
TCR, like the maximum VA and max PA we want to support. Calculate those
dynamically to reduce the chance for pit falls.
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch adds code which sets up 2-level page tables on ARM64 thus
extending available VA space. CPUs implementing 64k translation
granule are able to use direct PA-VA mapping of the whole 48 bit
address space.
It also adds the ability to reset the SCTRL register at the very beginning
of execution to avoid interference from stale mappings set up by early
firmware/loaders/etc.
Signed-off-by: Sergey Temerkhanov <s.temerkhanov@gmail.com>
Signed-off-by: Radha Mohan Chintakuntla <rchintakuntla@cavium.com>
For most device addresses excution shouldn't be allowed. Revise
the MMU table to enforce execute-never bits. OCRAM, DDR and IFC
are allowed for excution.
Signed-off-by: York Sun <yorksun@freescale.com>
Signed-off-by: Alison Wang <alison.wang@freescale.com>
Reported-by: Zhichun Hua <zhichun.hua@freescale.com>
Freescale LayerScape with Chassis Generation 2 is a set of SoCs with
ARMv8 cores and 2rd generation of Chassis.
Signed-off-by: Li Yang <leoli@freescale.com>
Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
Signed-off-by: Mingkai Hu <Mingkai.Hu@freescale.com>
Signed-off-by: Gong Qianyu <Qianyu.Gong@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
For EL3 and EL2, the documentation says that bits 31 and 23 are reserved
but should be written as 1.
For EL1, only bit 23 is not reserved, so only write bit 31 as 1.
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Use the inner shareable attribute for memory, which makes more sense
considering that this code is called when caches are being enabled.
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
This patch rewrites MMU translation table entries. To start, all table
entries are written as "invalid", then "device-ngnrnr" and "normal" are
written to the entries to enable access to specific addresses.
Signed-off-by: Alison Wang <alison.wang@freescale.com>
Signed-off-by: York Sun <yorksun@freescale.com>
For ARMv8, outer shareable is 0b10, inner shareable is 0b11 at bit
position [13:12] of TCR_ELx register.
Signed-off-by: Zhichun Hua <zhichun.hua@freescale.com>
Signed-off-by: York Sun <yorksun@freescale.com>
According to hardware implementation, a single outer shareable global
coherence group is defined. Inner shareable has not bee enabled.
Signed-off-by: York Sun <yorksun@freescale.com>
Make MMU function reusable. Platform code can setup its own MMU tables.
Signed-off-by: York Sun <yorksun@freescale.com>
CC: David Feng <fenghua@phytium.com.cn>
Relocation code based on a patch by Scott Wood, which is:
Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: David Feng <fenghua@phytium.com.cn>