Merge "feat(intel): fix bridge disable and reset" into integration
diff --git a/Makefile b/Makefile
index d242722..4b60863 100644
--- a/Makefile
+++ b/Makefile
@@ -1124,7 +1124,6 @@
PSCI_EXTENDED_STATE_ID \
PSCI_OS_INIT_MODE \
RESET_TO_BL31 \
- RESET_TO_BL31_WITH_PARAMS \
SAVE_KEYS \
SEPARATE_CODE_AND_RODATA \
SEPARATE_BL2_NOLOAD_REGION \
@@ -1270,7 +1269,6 @@
PSCI_OS_INIT_MODE \
RAS_EXTENSION \
RESET_TO_BL31 \
- RESET_TO_BL31_WITH_PARAMS \
SEPARATE_CODE_AND_RODATA \
SEPARATE_BL2_NOLOAD_REGION \
SEPARATE_NOBITS_REGION \
diff --git a/bl31/aarch64/bl31_entrypoint.S b/bl31/aarch64/bl31_entrypoint.S
index b0c46dc..dfb14e9 100644
--- a/bl31/aarch64/bl31_entrypoint.S
+++ b/bl31/aarch64/bl31_entrypoint.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -66,19 +66,6 @@
_init_c_runtime=1 \
_exception_vectors=runtime_exceptions \
_pie_fixup_size=BL31_LIMIT - BL31_BASE
-
-#if !RESET_TO_BL31_WITH_PARAMS
- /* ---------------------------------------------------------------------
- * For RESET_TO_BL31 systems, BL31 is the first bootloader to run so
- * there's no argument to relay from a previous bootloader. Zero the
- * arguments passed to the platform layer to reflect that.
- * ---------------------------------------------------------------------
- */
- mov x20, 0
- mov x21, 0
- mov x22, 0
- mov x23, 0
-#endif /* RESET_TO_BL31_WITH_PARAMS */
#endif /* RESET_TO_BL31 */
/* --------------------------------------------------------------------
diff --git a/changelog.yaml b/changelog.yaml
index e100f82..a514abd 100644
--- a/changelog.yaml
+++ b/changelog.yaml
@@ -1219,6 +1219,9 @@
- title: Threat Model
scope: threat-model
+ - title: Porting Guide
+ scope: porting
+
- title: Build System
scope: build
diff --git a/docs/design/reset-design.rst b/docs/design/reset-design.rst
index 666ee4f..f8c5a43 100644
--- a/docs/design/reset-design.rst
+++ b/docs/design/reset-design.rst
@@ -141,26 +141,27 @@
Platform initialization
~~~~~~~~~~~~~~~~~~~~~~~
-In this configuration, when the CPU resets to BL31 there should be no parameters
-that can be passed in registers by previous boot stages. Instead, the platform
-code in BL31 needs to know, or be able to determine, the location of the BL32
-(if required) and BL33 images and provide this information in response to the
-``bl31_plat_get_next_image_ep_info()`` function.
-
-.. note::
- Some platforms that configure ``RESET_TO_BL31`` might still be able to
- receive parameters in registers depending on their actual boot sequence. On
- those occasions, and in addition to ``RESET_TO_BL31``, these platforms should
- set ``RESET_TO_BL31_WITH_PARAMS`` to avoid the input registers from being
- zeroed before entering BL31.
+In this configuration, since the CPU resets to BL31, no parameters are expected
+to be passed to BL31 (see notes below for clarification).
+Instead, the platform code in BL31 needs to know, or be able to determine, the
+location of the BL32 (if required) and BL33 images and provide this information
+in response to the ``bl31_plat_get_next_image_ep_info()`` function.
Additionally, platform software is responsible for carrying out any security
initialisation, for example programming a TrustZone address space controller.
This might be done by the Trusted Boot Firmware or by platform code in BL31.
+.. note::
+ Even though RESET_TO_BL31 is designed such that BL31 is the reset BL image,
+ some platforms may wish to pass some arguments to BL31 as per the defined
+ contract between BL31 and previous bootloaders. Previous bootloaders can
+ pass arguments through registers x0 through x3. BL31 will preserve them and
+ propagate them to platform code, which will handle these arguments in an
+ IMPDEF manner.
+
--------------
-*Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.*
.. |Default reset code flow| image:: ../resources/diagrams/default_reset_code.png
.. |Reset code flow with programmable reset address| image:: ../resources/diagrams/reset_code_no_boot_type_check.png
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index a5c2c9e..e078e47 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -755,11 +755,6 @@
entrypoint) or 1 (CPU reset to BL31 entrypoint).
The default value is 0.
-- ``RESET_TO_BL31_WITH_PARAMS``: If ``RESET_TO_BL31`` has been enabled, setting
- this additional option guarantees that the input registers are not cleared
- therefore allowing parameters to be passed to the BL31 entrypoint.
- The default value is 0.
-
- ``RESET_TO_SP_MIN``: SP_MIN is the minimal AArch32 Secure Payload provided
in TF-A. This flag configures SP_MIN entrypoint as the CPU reset vector
instead of the BL1 entrypoint. It can take the value 0 (CPU reset to BL1
diff --git a/docs/getting_started/index.rst b/docs/getting_started/index.rst
index 5ebabea..8180a3f 100644
--- a/docs/getting_started/index.rst
+++ b/docs/getting_started/index.rst
@@ -12,10 +12,9 @@
build-options
build-internals
image-terminology
- porting-guide
psci-lib-integration-guide
rt-svc-writers-guide
--------------
-*Copyright (c) 2019, Arm Limited. All rights reserved.*
+*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
diff --git a/docs/index.rst b/docs/index.rst
index 3860199..d5ab8fc 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -11,6 +11,7 @@
process/index
components/index
design/index
+ porting-guide
plat/index
perf/index
security_advisories/index
@@ -84,7 +85,7 @@
--------------
-*Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved.*
.. _Armv7-A and Armv8-A: https://developer.arm.com/products/architecture/a-profile
.. _Secure Monitor: http://www.arm.com/products/processors/technologies/trustzone/tee-smc.php
diff --git a/docs/getting_started/porting-guide.rst b/docs/porting-guide.rst
similarity index 99%
rename from docs/getting_started/porting-guide.rst
rename to docs/porting-guide.rst
index ae3ffb5..bc9c00f 100644
--- a/docs/getting_started/porting-guide.rst
+++ b/docs/porting-guide.rst
@@ -26,6 +26,13 @@
defined. We intend to convert existing weak functions over time. Until
then, you will find references to *weak* functions in this document.
+Please review the :ref:`Threat Model` documents as part of the porting
+effort. Some platform interfaces play a key role in mitigating against some of
+the threats. Failing to fulfill these expectations could undermine the security
+guarantees offered by TF-A. These platform responsibilities are highlighted in
+the threat assessment section, under the "`Mitigations implemented?`" box for
+each threat.
+
Some modifications are common to all Boot Loader (BL) stages. Section 2
discusses these in detail. The subsequent sections discuss the remaining
modifications for each BL stage in detail.
@@ -38,7 +45,7 @@
source files in ``plat/arm/common/``. This is done so that there are no
dependencies between platforms maintained by different people/companies. If you
want to use any of the functionality present in ``plat/arm`` files, please
-create a pull request that moves the code to ``plat/common`` so that it can be
+propose a patch that moves the code to ``plat/common`` so that it can be
discussed.
Common modifications
@@ -54,7 +61,7 @@
A platform port must enable the Memory Management Unit (MMU) as well as the
instruction and data caches for each BL stage. Setting up the translation
tables is the responsibility of the platform port because memory maps differ
-across platforms. A memory translation library (see ``lib/xlat_tables/``) is
+across platforms. A memory translation library (see ``lib/xlat_tables_v2/``) is
provided to help in this setup.
Note that although this library supports non-identity mappings, this is intended
@@ -3578,7 +3585,7 @@
storage access is only required by BL1 and BL2 phases and performed inside the
``load_image()`` function in ``bl_common.c``.
-.. uml:: ../resources/diagrams/plantuml/io_framework_usage_overview.puml
+.. uml:: resources/diagrams/plantuml/io_framework_usage_overview.puml
It is mandatory to implement at least one storage driver. For the Arm
development platforms the Firmware Image Package (FIP) driver is provided as
@@ -3588,7 +3595,7 @@
in ``drivers/io/io_storage.c`` and the driver files are located in
``drivers/io/``.
-.. uml:: ../resources/diagrams/plantuml/io_arm_class_diagram.puml
+.. uml:: resources/diagrams/plantuml/io_arm_class_diagram.puml
Each IO driver must provide ``io_dev_*`` structures, as described in
``drivers/io/io_driver.h``. These are returned via a mandatory registration
@@ -3599,12 +3606,12 @@
abstraction layer. These drivers then need to be initialized by bootloader
phases as required in their respective ``blx_platform_setup()`` functions.
-.. uml:: ../resources/diagrams/plantuml/io_dev_registration.puml
+.. uml:: resources/diagrams/plantuml/io_dev_registration.puml
The storage abstraction layer provides mechanisms (``io_dev_init()``) to
initialize storage devices before IO operations are called.
-.. uml:: ../resources/diagrams/plantuml/io_dev_init_and_check.puml
+.. uml:: resources/diagrams/plantuml/io_dev_init_and_check.puml
The basic operations supported by the layer
include ``open()``, ``close()``, ``read()``, ``write()``, ``size()`` and ``seek()``.
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index 63617b2..af980f5 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -264,9 +264,6 @@
# By default, BL1 acts as the reset handler, not BL31
RESET_TO_BL31 := 0
-# By default, clear the input registers when RESET_TO_BL31 is enabled
-RESET_TO_BL31_WITH_PARAMS := 0
-
# For Chain of Trust
SAVE_KEYS := 0
diff --git a/plat/intel/soc/common/sip/socfpga_sip_fcs.c b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
index 3b0b370..508043f 100644
--- a/plat/intel/soc/common/sip/socfpga_sip_fcs.c
+++ b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
@@ -283,6 +283,7 @@
uint32_t load_size;
uintptr_t id_offset;
+ inv_dcache_range(src_addr, src_size); /* flush cache before mmio read to avoid reading old values */
id_offset = src_addr + FCS_OWNER_ID_OFFSET;
fcs_decrypt_payload payload = {
FCS_DECRYPTION_DATA_0,
@@ -392,6 +393,7 @@
return INTEL_SIP_SMC_STATUS_REJECTED;
}
+ inv_dcache_range(src_addr, src_size); /* flush cache before mmio read to avoid reading old values */
id_offset = src_addr + FCS_OWNER_ID_OFFSET;
fcs_decrypt_ext_payload payload = {
session_id,
@@ -822,6 +824,7 @@
CMD_CASUAL, (uint32_t *) dst_addr, &resp_len);
if (resp_len > 0) {
+ inv_dcache_range(dst_addr, (resp_len * MBOX_WORD_BYTE)); /* flush cache before mmio read to avoid reading old values */
op_status = mmio_read_32(dst_addr) &
FCS_CS_KEY_RESP_STATUS_MASK;
}
@@ -1269,7 +1272,7 @@
memcpy((uint8_t *) &payload[i], (uint8_t *) mac_offset,
src_size - data_size);
- memset((void *)&dst_addr, 0, sizeof(dst_size));
+ memset((void *) dst_addr, 0, *dst_size);
i += (src_size - data_size) / MBOX_WORD_BYTE;
}
@@ -1874,7 +1877,7 @@
memcpy((uint8_t *) &payload[i], (uint8_t *) sig_pubkey_offset,
src_size - data_size);
- memset((void *)&dst_addr, 0, sizeof(dst_size));
+ memset((void *) dst_addr, 0, *dst_size);
i += (src_size - data_size) / MBOX_WORD_BYTE;
}
diff --git a/plat/intel/soc/common/socfpga_psci.c b/plat/intel/soc/common/socfpga_psci.c
index 5fd6559..bdece93 100644
--- a/plat/intel/soc/common/socfpga_psci.c
+++ b/plat/intel/soc/common/socfpga_psci.c
@@ -14,6 +14,7 @@
#include "socfpga_mailbox.h"
#include "socfpga_plat_def.h"
#include "socfpga_reset_manager.h"
+#include "socfpga_system_manager.h"
#include "socfpga_sip_svc.h"
@@ -38,12 +39,19 @@
int socfpga_pwr_domain_on(u_register_t mpidr)
{
unsigned int cpu_id = plat_core_pos_by_mpidr(mpidr);
+ uint32_t psci_boot = 0x00;
VERBOSE("%s: mpidr: 0x%lx\n", __func__, mpidr);
if (cpu_id == -1)
return PSCI_E_INTERN_FAIL;
+ if (cpu_id == 0x00) {
+ psci_boot = mmio_read_32(SOCFPGA_SYSMGR(BOOT_SCRATCH_COLD_8));
+ psci_boot |= 0x20000; /* bit 17 */
+ mmio_write_32(SOCFPGA_SYSMGR(BOOT_SCRATCH_COLD_8), psci_boot);
+ }
+
mmio_write_64(PLAT_CPUID_RELEASE, cpu_id);
/* release core reset */
diff --git a/plat/xilinx/zynqmp/bl31_zynqmp_setup.c b/plat/xilinx/zynqmp/bl31_zynqmp_setup.c
index 50fd67b2..c99d1b1 100644
--- a/plat/xilinx/zynqmp/bl31_zynqmp_setup.c
+++ b/plat/xilinx/zynqmp/bl31_zynqmp_setup.c
@@ -239,6 +239,8 @@
panic();
}
#endif
+
+ custom_runtime_setup();
}
/*
diff --git a/plat/xilinx/zynqmp/custom_sip_svc.c b/plat/xilinx/zynqmp/custom_sip_svc.c
index fbb0a33..7ffffd2 100644
--- a/plat/xilinx/zynqmp/custom_sip_svc.c
+++ b/plat/xilinx/zynqmp/custom_sip_svc.c
@@ -23,3 +23,7 @@
void custom_mmap_add(void)
{
}
+
+void custom_runtime_setup(void)
+{
+}
diff --git a/plat/xilinx/zynqmp/include/custom_svc.h b/plat/xilinx/zynqmp/include/custom_svc.h
index ef0eb67..7ccde24 100644
--- a/plat/xilinx/zynqmp/include/custom_svc.h
+++ b/plat/xilinx/zynqmp/include/custom_svc.h
@@ -15,5 +15,6 @@
void custom_early_setup(void);
void custom_mmap_add(void);
+void custom_runtime_setup(void);
#endif /* CUSTOM_SVC_H */