Linaro-uefi

linaro-uefi@lists.linaro.org

811 discussions

[PATCH v3] MM: Initial Changes to support secure and normal MM mode images.

by Supreeth Venkatesh

Changes to support building secure and normal MM mode images on FVP- AEMv8-AEMv8. Management Mode (MM) provides a secure execution environment on Server and Clamshell platforms. It is specified in the Volume 4. PI specification. An implementation exists in the EDK2-Staging code base. In order to support MM on ARM, changes are required to both EDK2 and ARM Trusted Firmware. MM provides a management service rather than a security service. Hence it has to be isolated from any software stack e.g. Trusted OS that provides security services. The MM Image executes in S-EL0 on ARM platforms in a sandboxed environment. In future, there might be other sandboxed environments that co-exist with it. Each sandbox implements a Secure Firmware Service. The corresponding image is called a SFS_PAYLOAD. This change adds an optional parameter ATF_SFS_PAYLOAD. ATF_SFS_PAYLOAD will be the path to management service in fd format (EDK2 Firmware Device). Signed-off-by: Supreeth Venkatesh <supreeth.venkatesh(a)arm.com> --- Changes in v3: - Add ARM_STANDALONE_MM_ENABLE=TRUE for normal MM Image in platforms.config. Changes in v2: - Updated Commit Message to indicate concept of Secure Firmware Services is still in flux. - Changed internal variable in atf_build.sh file to SFS_OPTION from SFS_PAYLOAD. - Drop FIRMWARE_VER parameter for fvp_normal_mm platform. --- atf-build.sh | 14 ++++++++++++-- platforms.config | 22 ++++++++++++++++++++++ 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/atf-build.sh b/atf-build.sh index 0c4c09c..4d6afa0 100755 --- a/atf-build.sh +++ b/atf-build.sh @@ -60,12 +60,14 @@ function build_platform PLATFORM_ARCH="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o arch`" PLATFORM_IMAGE_DIR="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o uefi_image_dir`" PLATFORM_BUILDFLAGS="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o atf_buildflags`" + PLATFORM_SFS_PAYLOAD="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o atf_sfs_payload`" if [ $VERBOSE -eq 1 ]; then echo "PLATFORM_NAME=$PLATFORM_NAME" echo "PLATFORM_ARCH=$PLATFORM_ARCH" echo "PLATFORM_IMAGE_DIR=$PLATFORM_IMAGE_DIR" echo "PLATFORM_BUILDFLAGS=$PLATFORM_BUILDFLAGS" + echo "PLATFORM_SFS_PAYLOAD=$PLATFORM_SFS_PAYLOAD" fi unset BL30 BL31 BL32 BL33 @@ -118,6 +120,14 @@ function build_platform fi fi + if [ X"$PLATFORM_SFS_PAYLOAD" != X"" ]; then + # + # Since SFS cannot be exported or undefined, + # we parametrise it here + # + SFS_OPTION="SFS_PAYLOAD=$EDK2_DIR/$PLATFORM_SFS_PAYLOAD" + fi + # # Debug extraction handling # @@ -157,9 +167,9 @@ function build_platform # if [ $VERBOSE -eq 1 ]; then echo "Calling ARM Trusted Firmware build:" - echo "CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip" + echo "CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION $SFS_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip" fi - CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip + CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION $SFS_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip if [ $? -eq 0 ]; then # # Copy resulting images to UEFI image dir diff --git a/platforms.config b/platforms.config index ebf81df..22c981d 100644 --- a/platforms.config +++ b/platforms.config @@ -51,6 +51,8 @@ # - BUILDFLAGS Any special flags you want to pass to the build command. # - ATF_BUILDFLAGS Any special flags you want to pass to the ARM Trusted # Firmware build command. +# - ATF_SFS_PAYLOAD Any special secure firmware service payload you want +# to pass to the ARM trusted Firmware build command. # - TOS_BUILDFLAGS Any special flags you want to pass to the Trusted OS # build command. # - EXTRA_FILES Any additional files to be copied to output dir. @@ -90,6 +92,26 @@ BUILD_ATF=yes UEFI_BIN=FVP_AARCH64_EFI.fd UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64 +# ARM FVP BASE AEMv8-A model +[fvp_secure_mm] +LONGNAME=aarch64 FVP RTSM for secure world mm mode image +DSC=StandaloneSmmPkg/StandaloneSmmPkg.dsc +ARCH=AARCH64 +UEFI_BIN=FVP_AARCH64_EFI_SECURE_MM.fd +UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64-Secure-MM + +[fvp_normal_mm] +LONGNAME=aarch64 FVP RTSM for normal world mm mode image +DSC=OpenPlatformPkg/Platforms/ARM/VExpress/ArmVExpress-FVP-AArch64.dsc +BUILDFLAGS=-D EDK2_OUT_DIR=Build/ArmVExpress-FVP-AArch64-Normal-MM -D EDK2_ENABLE_SMSC_91X=1 -D ARM_STANDALONE_MM_ENABLE=TRUE +ARCH=AARCH64 +BUILD_ATF=debug +UEFI_BIN=FVP_AARCH64_EFI.fd +UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64-Normal-MM +ATF_PLATFORM=fvp +ATF_SFS_PAYLOAD=Build/StandaloneSmmPkg/DEBUG_GCC49/FV/STANDALONESMM.fd +ATF_BUILDFLAGS=ARM_TSP_RAM_LOCATION=dram SFSD=mmd + [tc2] LONGNAME=Versatile Express TC2 BUILDFLAGS=-D ARM_BIGLITTLE_TC2=1 -- 2.7.4

8 years, 3 months

how to get mapped FS0 in UEFI shell

by haojian.zhuang＠linaro.org

Hi all, After I switched to generic BDS, I can’t find FS0 in UEFI shell. Is it right behavior? Best Regards Haojian

8 years, 3 months

[PATCH v6 0/3] add hikey platform

by Haojian Zhuang

v6: 1. Fix ident. 2. Fix the memory layout register offset. v5: 1. Optimize on identifying memory size. 2. Remove PcdFdtDevicePath. v4: 1. Add bit definition of MDDRC_AXI_MAP register. 2. Clean patches with comments. v3: 1. Clean patches with comments. v2: 1. Fix UniApp in hikey DSC file. v1: 1. Add hikey platform with DwEmmc Driver. Haojian Zhuang (3): Platforms: add skeleton of hikey platform Drivers/Mmc/DwEmmc: add designware emmc support Platforms/Hisilicon/HiKey: enable emmc Chips/Hisilicon/Hi6220/Hi6220.dec | 32 + Chips/Hisilicon/Hi6220/Include/Hi6220.h | 77 +++ Drivers/Mmc/DwEmmcDxe/DwEmmc.h | 127 ++++ Drivers/Mmc/DwEmmcDxe/DwEmmcDxe.c | 648 +++++++++++++++++++++ Drivers/Mmc/DwEmmcDxe/DwEmmcDxe.dec | 42 ++ Drivers/Mmc/DwEmmcDxe/DwEmmcDxe.inf | 54 ++ Platforms/Hisilicon/HiKey/HiKey.dec | 36 ++ Platforms/Hisilicon/HiKey/HiKey.dsc | 480 +++++++++++++++ Platforms/Hisilicon/HiKey/HiKey.fdf | 351 +++++++++++ Platforms/Hisilicon/HiKey/Include/ArmPlatform.h | 26 + Platforms/Hisilicon/HiKey/Library/HiKeyLib/HiKey.c | 159 +++++ .../Hisilicon/HiKey/Library/HiKeyLib/HiKeyHelper.S | 49 ++ .../Hisilicon/HiKey/Library/HiKeyLib/HiKeyLib.inf | 51 ++ .../Hisilicon/HiKey/Library/HiKeyLib/HiKeyMem.c | 204 +++++++ 14 files changed, 2336 insertions(+) create mode 100644 Chips/Hisilicon/Hi6220/Hi6220.dec create mode 100644 Chips/Hisilicon/Hi6220/Include/Hi6220.h create mode 100644 Drivers/Mmc/DwEmmcDxe/DwEmmc.h create mode 100644 Drivers/Mmc/DwEmmcDxe/DwEmmcDxe.c create mode 100644 Drivers/Mmc/DwEmmcDxe/DwEmmcDxe.dec create mode 100644 Drivers/Mmc/DwEmmcDxe/DwEmmcDxe.inf create mode 100644 Platforms/Hisilicon/HiKey/HiKey.dec create mode 100644 Platforms/Hisilicon/HiKey/HiKey.dsc create mode 100644 Platforms/Hisilicon/HiKey/HiKey.fdf create mode 100644 Platforms/Hisilicon/HiKey/Include/ArmPlatform.h create mode 100644 Platforms/Hisilicon/HiKey/Library/HiKeyLib/HiKey.c create mode 100644 Platforms/Hisilicon/HiKey/Library/HiKeyLib/HiKeyHelper.S create mode 100644 Platforms/Hisilicon/HiKey/Library/HiKeyLib/HiKeyLib.inf create mode 100644 Platforms/Hisilicon/HiKey/Library/HiKeyLib/HiKeyMem.c -- 2.7.4

8 years, 3 months

[PATCH v2] MM: Initial Changes to support secure and normal MM mode images.

by Supreeth Venkatesh

Changes to support building secure and normal MM mode images on FVP- AEMv8-AEMv8. Management Mode (MM) provides a secure execution environment on Server and Clamshell platforms. It is specified in the Volume 4. PI specification. An implementation exists in the EDK2-Staging code base. In order to support MM on ARM, changes are required to both EDK2 and ARM Trusted Firmware. MM provides a management service rather than a security service. Hence it has to be isolated from any software stack e.g. Trusted OS that provides security services. The MM Image executes in S-EL0 on ARM platforms in a sandboxed environment. In future, there might be other sandboxed environments that co-exist with it. Each sandbox implements a Secure Firmware Service. The corresponding image is called a SFS_PAYLOAD. This change adds an optional parameter ATF_SFS_PAYLOAD. ATF_SFS_PAYLOAD will be the path to management service in fd format (EDK2 Firmware Device). Signed-off-by: Supreeth Venkatesh <supreeth.venkatesh(a)arm.com> --- Changes in v2: - Updated Commit Message to indicate concept of Secure Firmware Services is still in flux. - Changed internal variable in atf_build.sh file to SFS_OPTION from SFS_PAYLOAD. - Drop FIRMWARE_VER parameter for fvp_normal_mm platform. --- atf-build.sh | 14 ++++++++++++-- platforms.config | 22 ++++++++++++++++++++++ 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/atf-build.sh b/atf-build.sh index 0c4c09c..4d6afa0 100755 --- a/atf-build.sh +++ b/atf-build.sh @@ -60,12 +60,14 @@ function build_platform PLATFORM_ARCH="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o arch`" PLATFORM_IMAGE_DIR="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o uefi_image_dir`" PLATFORM_BUILDFLAGS="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o atf_buildflags`" + PLATFORM_SFS_PAYLOAD="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o atf_sfs_payload`" if [ $VERBOSE -eq 1 ]; then echo "PLATFORM_NAME=$PLATFORM_NAME" echo "PLATFORM_ARCH=$PLATFORM_ARCH" echo "PLATFORM_IMAGE_DIR=$PLATFORM_IMAGE_DIR" echo "PLATFORM_BUILDFLAGS=$PLATFORM_BUILDFLAGS" + echo "PLATFORM_SFS_PAYLOAD=$PLATFORM_SFS_PAYLOAD" fi unset BL30 BL31 BL32 BL33 @@ -118,6 +120,14 @@ function build_platform fi fi + if [ X"$PLATFORM_SFS_PAYLOAD" != X"" ]; then + # + # Since SFS cannot be exported or undefined, + # we parametrise it here + # + SFS_OPTION="SFS_PAYLOAD=$EDK2_DIR/$PLATFORM_SFS_PAYLOAD" + fi + # # Debug extraction handling # @@ -157,9 +167,9 @@ function build_platform # if [ $VERBOSE -eq 1 ]; then echo "Calling ARM Trusted Firmware build:" - echo "CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip" + echo "CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION $SFS_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip" fi - CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip + CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION $SFS_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip if [ $? -eq 0 ]; then # # Copy resulting images to UEFI image dir diff --git a/platforms.config b/platforms.config index ebf81df..17d4d86 100644 --- a/platforms.config +++ b/platforms.config @@ -51,6 +51,8 @@ # - BUILDFLAGS Any special flags you want to pass to the build command. # - ATF_BUILDFLAGS Any special flags you want to pass to the ARM Trusted # Firmware build command. +# - ATF_SFS_PAYLOAD Any special secure firmware service payload you want +# to pass to the ARM trusted Firmware build command. # - TOS_BUILDFLAGS Any special flags you want to pass to the Trusted OS # build command. # - EXTRA_FILES Any additional files to be copied to output dir. @@ -90,6 +92,26 @@ BUILD_ATF=yes UEFI_BIN=FVP_AARCH64_EFI.fd UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64 +# ARM FVP BASE AEMv8-A model +[fvp_secure_mm] +LONGNAME=aarch64 FVP RTSM for secure world mm mode image +DSC=StandaloneSmmPkg/StandaloneSmmPkg.dsc +ARCH=AARCH64 +UEFI_BIN=FVP_AARCH64_EFI_SECURE_MM.fd +UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64-Secure-MM + +[fvp_normal_mm] +LONGNAME=aarch64 FVP RTSM for normal world mm mode image +DSC=OpenPlatformPkg/Platforms/ARM/VExpress/ArmVExpress-FVP-AArch64.dsc +BUILDFLAGS=-D EDK2_OUT_DIR=Build/ArmVExpress-FVP-AArch64-Normal-MM -D EDK2_ENABLE_SMSC_91X=1 +ARCH=AARCH64 +BUILD_ATF=debug +UEFI_BIN=FVP_AARCH64_EFI.fd +UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64-Normal-MM +ATF_PLATFORM=fvp +ATF_SFS_PAYLOAD=Build/StandaloneSmmPkg/DEBUG_GCC49/FV/STANDALONESMM.fd +ATF_BUILDFLAGS=ARM_TSP_RAM_LOCATION=dram SFSD=mmd + [tc2] LONGNAME=Versatile Express TC2 BUILDFLAGS=-D ARM_BIGLITTLE_TC2=1 -- 2.7.4

8 years, 3 months

[PATCH V2 1/1] ArmPlatformPkg/TZASC: Allow specifying subregions to be disabled

by Bhupesh Sharma

ARM TZASC-380 IP provides a mechanism to split memory regions being protected via it into eight equal-sized sub-regions. A bit-setting allows the corresponding subregion to be disabled. Several NXP/FSL SoCs support the TZASC-380 IP block and allow the DDR connected via the TZASC to be partitioned into regions having different security settings and also allow subregions to be disabled. This patch enables this support and can be used for SoCs which support such a partition of DDR regions. Details of the 'subregion_disable' register can be viewed here: http://infocenter.arm.com/help/topic/com.arm.doc.ddi0431c/CHDIGDCI.html Cc: Leif Lindholm <leif.lindholm(a)linaro.org> Cc: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Bhupesh Sharma <bhupesh.linux(a)gmail.com> Contributed-under: TianoCore Contribution Agreement 1.0 --- .../Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c | 14 +++++++------- ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c | 10 ++++++++-- ArmPlatformPkg/Include/Drivers/ArmTrustzone.h | 3 ++- 3 files changed, 17 insertions(+), 10 deletions(-) diff --git a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c index 6fa0774f59f8..42d731ea98c9 100644 --- a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c +++ b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c @@ -72,18 +72,18 @@ ArmPlatformSecTrustzoneInit ( // NOR Flash 0 non secure (BootMon) TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED, ARM_VE_SMB_NOR0_BASE,0, - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0); // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin) if (PcdGetBool (PcdTrustzoneSupport) == TRUE) { //Note: Your OS Kernel must be aware of the secure regions before to enable this region TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0, - TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); + TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0); } else { TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, ARM_VE_SMB_NOR1_BASE,0, - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0); } // Base of SRAM. Only half of SRAM in Non Secure world @@ -92,22 +92,22 @@ ArmPlatformSecTrustzoneInit ( //Note: Your OS Kernel must be aware of the secure regions before to enable this region TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, ARM_VE_SMB_SRAM_BASE,0, - TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW); + TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW, 0); } else { TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, ARM_VE_SMB_SRAM_BASE,0, - TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); + TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0); } // Memory Mapped Peripherals. All in non secure world TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED, ARM_VE_SMB_PERIPH_BASE,0, - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0); // MotherBoard Peripherals and On-chip peripherals. TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED, ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0, - TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW); + TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW, 0); } /** diff --git a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c index 070c0dcb5d4d..c99c16d4c442 100644 --- a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c +++ b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c @@ -87,20 +87,26 @@ TZASCSetRegion ( IN UINTN LowAddress, IN UINTN HighAddress, IN UINTN Size, - IN UINTN Security + IN UINTN Security, + IN UINTN SubregionDisableMask ) { UINT32* Region; + UINT32 RegionAttributes; if (RegionId > TZASCGetNumRegions(TzascBase)) { return EFI_INVALID_PARAMETER; } + RegionAttributes = ((Security & 0xF) << 28) | + ((SubregionDisableMask & 0xFF) << 8) | + ((Size & 0x3F) << 1) | (Enabled & 0x1); + Region = (UINT32*)((UINTN)TzascBase + TZASC_REGIONS_REG + (RegionId * 0x10)); MmioWrite32((UINTN)(Region), LowAddress&0xFFFF8000); MmioWrite32((UINTN)(Region+1), HighAddress); - MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) | ((Size & 0x3F) << 1) | (Enabled & 0x1)); + MmioWrite32((UINTN)(Region+2), RegionAttributes); return EFI_SUCCESS; } diff --git a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h index 78e98aad535f..1ba963d7b6c5 100644 --- a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h +++ b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h @@ -82,7 +82,8 @@ TZASCSetRegion ( IN UINTN LowAddress, IN UINTN HighAddress, IN UINTN Size, - IN UINTN Security + IN UINTN Security, + IN UINTN SubregionDisableMask ); #endif -- 2.7.4

8 years, 3 months

[PATCH] MM: Initial Changes to support secure and normal MM mode images.

by Supreeth Venkatesh

Changes to support building secure and normal MM mode images on FVP- AEMv8-AEMv8. Management Mode (MM) provides a secure execution environment on Server and Clamshell platforms. It is specified in the Volume 4. PI specification. An implementation exists in the EDK2-Staging code base. In order to support MM on ARM, changes are required to both EDK2 and ARM Trusted Firmware. MM provides a management service rather than a security service. Hence it has to be isolated from any software stack e.g. Trusted OS that provides security services. Secure Firmware Services (SFS) is being proposed to provide a generic framework for running management services in S-EL0. This change adds an optional parameter ATF_SFS_PAYLOAD. ATF_SFS_PAYLOAD will be the path to management service in fd format (EDK2 Firmware Device). Signed-off-by: Supreeth Venkatesh <supreeth.venkatesh(a)arm.com> --- atf-build.sh | 14 ++++++++++++-- platforms.config | 22 ++++++++++++++++++++++ 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/atf-build.sh b/atf-build.sh index 0c4c09c..bc6d8ca 100755 --- a/atf-build.sh +++ b/atf-build.sh @@ -60,12 +60,14 @@ function build_platform PLATFORM_ARCH="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o arch`" PLATFORM_IMAGE_DIR="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o uefi_image_dir`" PLATFORM_BUILDFLAGS="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o atf_buildflags`" + PLATFORM_SFS_PAYLOAD="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o atf_sfs_payload`" if [ $VERBOSE -eq 1 ]; then echo "PLATFORM_NAME=$PLATFORM_NAME" echo "PLATFORM_ARCH=$PLATFORM_ARCH" echo "PLATFORM_IMAGE_DIR=$PLATFORM_IMAGE_DIR" echo "PLATFORM_BUILDFLAGS=$PLATFORM_BUILDFLAGS" + echo "PLATFORM_SFS_PAYLOAD=$PLATFORM_SFS_PAYLOAD" fi unset BL30 BL31 BL32 BL33 @@ -118,6 +120,14 @@ function build_platform fi fi + if [ X"$PLATFORM_SFS_PAYLOAD" != X"" ]; then + # + # Since SFS cannot be exported or undefined, + # we parametrise it here + # + SFS_PAYLOAD="SFS_PAYLOAD=$EDK2_DIR/$PLATFORM_SFS_PAYLOAD" + fi + # # Debug extraction handling # @@ -157,9 +167,9 @@ function build_platform # if [ $VERBOSE -eq 1 ]; then echo "Calling ARM Trusted Firmware build:" - echo "CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip" + echo "CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} $SFS_PAYLOAD all fip" fi - CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip + CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} $SFS_PAYLOAD all fip if [ $? -eq 0 ]; then # # Copy resulting images to UEFI image dir diff --git a/platforms.config b/platforms.config index ebf81df..726fd4f 100644 --- a/platforms.config +++ b/platforms.config @@ -51,6 +51,8 @@ # - BUILDFLAGS Any special flags you want to pass to the build command. # - ATF_BUILDFLAGS Any special flags you want to pass to the ARM Trusted # Firmware build command. +# - ATF_SFS_PAYLOAD Any special secure firmware service payload you want +# to pass to the ARM trusted Firmware build command. # - TOS_BUILDFLAGS Any special flags you want to pass to the Trusted OS # build command. # - EXTRA_FILES Any additional files to be copied to output dir. @@ -90,6 +92,26 @@ BUILD_ATF=yes UEFI_BIN=FVP_AARCH64_EFI.fd UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64 +# ARM FVP BASE AEMv8-A model +[fvp_secure_mm] +LONGNAME=aarch64 FVP RTSM for secure world mm mode image +DSC=StandaloneSmmPkg/StandaloneSmmPkg.dsc +ARCH=AARCH64 +UEFI_BIN=FVP_AARCH64_EFI_SECURE_MM.fd +UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64-Secure-MM + +[fvp_normal_mm] +LONGNAME=aarch64 FVP RTSM for normal world mm mode image +DSC=OpenPlatformPkg/Platforms/ARM/VExpress/ArmVExpress-FVP-AArch64.dsc +BUILDFLAGS=-D EDK2_OUT_DIR=Build/ArmVExpress-FVP-AArch64-Normal-MM -D EDK2_ENABLE_SMSC_91X=1 -D FIRMWARE_VER=02bd6a3 +ARCH=AARCH64 +BUILD_ATF=debug +UEFI_BIN=FVP_AARCH64_EFI.fd +UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64-Normal-MM +ATF_PLATFORM=fvp +ATF_SFS_PAYLOAD=Build/StandaloneSmmPkg/DEBUG_GCC49/FV/STANDALONESMM.fd +ATF_BUILDFLAGS=ARM_TSP_RAM_LOCATION=dram SFSD=mmd + [tc2] LONGNAME=Versatile Express TC2 BUILDFLAGS=-D ARM_BIGLITTLE_TC2=1 -- 2.7.4

8 years, 3 months

[PATCH v5 0/3] add hikey platform

by Haojian Zhuang

v5: 1. Optimize on identifying memory size. 2. Remove PcdFdtDevicePath. v4: 1. Add bit definition of MDDRC_AXI_MAP register. 2. Clean patches with comments. v3: 1. Clean patches with comments. v2: 1. Fix UniApp in hikey DSC file. v1: 1. Add hikey platform with DwEmmc Driver. Haojian Zhuang (3): Platforms: add skeleton of hikey platform Drivers/Mmc/DwEmmc: add designware emmc support Platforms/Hisilicon/HiKey: enable emmc Chips/Hisilicon/Hi6220/Hi6220.dec | 32 + Chips/Hisilicon/Hi6220/Include/Hi6220.h | 77 +++ Drivers/Mmc/DwEmmcDxe/DwEmmc.h | 127 ++++ Drivers/Mmc/DwEmmcDxe/DwEmmcDxe.c | 648 +++++++++++++++++++++ Drivers/Mmc/DwEmmcDxe/DwEmmcDxe.dec | 42 ++ Drivers/Mmc/DwEmmcDxe/DwEmmcDxe.inf | 54 ++ Platforms/Hisilicon/HiKey/HiKey.dec | 36 ++ Platforms/Hisilicon/HiKey/HiKey.dsc | 480 +++++++++++++++ Platforms/Hisilicon/HiKey/HiKey.fdf | 351 +++++++++++ Platforms/Hisilicon/HiKey/Include/ArmPlatform.h | 26 + Platforms/Hisilicon/HiKey/Library/HiKeyLib/HiKey.c | 159 +++++ .../Hisilicon/HiKey/Library/HiKeyLib/HiKeyHelper.S | 49 ++ .../Hisilicon/HiKey/Library/HiKeyLib/HiKeyLib.inf | 51 ++ .../Hisilicon/HiKey/Library/HiKeyLib/HiKeyMem.c | 211 +++++++ 14 files changed, 2343 insertions(+) create mode 100644 Chips/Hisilicon/Hi6220/Hi6220.dec create mode 100644 Chips/Hisilicon/Hi6220/Include/Hi6220.h create mode 100644 Drivers/Mmc/DwEmmcDxe/DwEmmc.h create mode 100644 Drivers/Mmc/DwEmmcDxe/DwEmmcDxe.c create mode 100644 Drivers/Mmc/DwEmmcDxe/DwEmmcDxe.dec create mode 100644 Drivers/Mmc/DwEmmcDxe/DwEmmcDxe.inf create mode 100644 Platforms/Hisilicon/HiKey/HiKey.dec create mode 100644 Platforms/Hisilicon/HiKey/HiKey.dsc create mode 100644 Platforms/Hisilicon/HiKey/HiKey.fdf create mode 100644 Platforms/Hisilicon/HiKey/Include/ArmPlatform.h create mode 100644 Platforms/Hisilicon/HiKey/Library/HiKeyLib/HiKey.c create mode 100644 Platforms/Hisilicon/HiKey/Library/HiKeyLib/HiKeyHelper.S create mode 100644 Platforms/Hisilicon/HiKey/Library/HiKeyLib/HiKeyLib.inf create mode 100644 Platforms/Hisilicon/HiKey/Library/HiKeyLib/HiKeyMem.c -- 2.7.4

8 years, 3 months

[PATCH] Hisilicon D03/D05: add SCSI cdb16 command

by Heyi Guo

This patch resolves the issue 2393: https://bugs.linaro.org. The cdb16 command should be used if the hard disk size larger than 4TB. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chenhui Sun <sunchenhui(a)huawei.com> Signed-off-by: Jason Zhang <zhangjinsong2(a)huawei.com> --- .../Binary/D03/Drivers/Sas/SasDriverDxe.efi | Bin 210752 -> 208288 bytes .../Binary/D05/Drivers/Sas/SasDriverDxe.efi | Bin 210400 -> 230912 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/Platforms/Hisilicon/Binary/D03/Drivers/Sas/SasDriverDxe.efi b/Platforms/Hisilicon/Binary/D03/Drivers/Sas/SasDriverDxe.efi index b956b19..19cd038 100644 Binary files a/Platforms/Hisilicon/Binary/D03/Drivers/Sas/SasDriverDxe.efi and b/Platforms/Hisilicon/Binary/D03/Drivers/Sas/SasDriverDxe.efi differ diff --git a/Platforms/Hisilicon/Binary/D05/Drivers/Sas/SasDriverDxe.efi b/Platforms/Hisilicon/Binary/D05/Drivers/Sas/SasDriverDxe.efi index 6021d12..8d9ecd2 100644 Binary files a/Platforms/Hisilicon/Binary/D05/Drivers/Sas/SasDriverDxe.efi and b/Platforms/Hisilicon/Binary/D05/Drivers/Sas/SasDriverDxe.efi differ -- 1.9.1

8 years, 3 months

[PATCH 0/5] Armada 70x0 XenonDxe improvements

by Marcin Wojtas

Hi, I submit small patchset, which fixes HS200 operation for XenonDxe driver eMMC and also enables PCD-based configuration of each controller's voltage supply, bus width and determine phy operation (so called 'slow mode'). The patches are available publicly in the github: https://github.com/MarvellEmbeddedProcessors/edk2-open-platform/commits/opp… Any comments or remarks would be welcome. Best regards, Marcin Marcin Wojtas (5): Drivers/SdMmc/XenonDxe: Fix HS200 operation Drivers/SdMmc/XenonDxe: Enable supply voltage setting Drivers/SdMmc/XenonDxe: Enable bus width setting Drivers/SdMmc/XenonDxe: Enable 'slow mode' setting Platforms/Marvell/A70x0: Introduce custom board settings for SD/MMC Documentation/Marvell/PortingGuide/Xenon.txt | 35 +++++++++++++++++++ Drivers/SdMmc/XenonDxe/EmmcDevice.c | 34 ++++-------------- Drivers/SdMmc/XenonDxe/SdMmcPciHcDxe.c | 52 ++++++++++++++++++++++++---- Drivers/SdMmc/XenonDxe/SdMmcPciHcDxe.inf | 7 ++++ Drivers/SdMmc/XenonDxe/XenonSdhci.c | 16 ++++++--- Drivers/SdMmc/XenonDxe/XenonSdhci.h | 3 +- Platforms/Marvell/Armada/Armada70x0.dsc | 5 +++ Platforms/Marvell/Marvell.dec | 5 +++ 8 files changed, 117 insertions(+), 40 deletions(-) create mode 100644 Documentation/Marvell/PortingGuide/Xenon.txt -- 1.8.3.1

8 years, 3 months

[linaro-uefi v1 1/2] Hisilicon/D05: add cpld to get sfp status

by Chenhui Sun

From: Heyi Guo <heyi.guo(a)linaro.org> This patch is for https://bugs.linaro.org/show_bug.cgi?id=2711. When there is no optical module plugged in XGE port, the interfaces (ethX) will show up/down information on console, such as below: [root@localhost ~]# [ 676.034368] hns-nic HISI00C2:03 eth3: link up [ 676.038840] IPv6: ADDRCONF(NETDEV_CHANGE): eth3: link becomes ready [ 677.058362] hns-nic HISI00C2:03 eth3: link down [ 692.418366] hns-nic HISI00C2:03 eth3: link up [ 693.442359] hns-nic HISI00C2:03 eth3: link down [ 748.738365] hns-nic HISI00C2:03 eth3: link up [ 749.762363] hns-nic HISI00C2:03 eth3: link down This patch adds a logic to check whether the optical module is absent or not, if absent, means the interface is down, otherwise check the mac link status. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Daode Huang <huangdaode(a)hisilicon.com> --- .../Hisilicon/Hi1616/D05AcpiTables/Dsdt/D05Hns.asl | 23 ++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/Chips/Hisilicon/Hi1616/D05AcpiTables/Dsdt/D05Hns.asl b/Chips/Hisilicon/Hi1616/D05AcpiTables/Dsdt/D05Hns.asl index 14a905d..11c28ba 100644 --- a/Chips/Hisilicon/Hi1616/D05AcpiTables/Dsdt/D05Hns.asl +++ b/Chips/Hisilicon/Hi1616/D05AcpiTables/Dsdt/D05Hns.asl @@ -174,6 +174,15 @@ Scope(_SB) H3L3, 16, // port5 , 16, //RESERVED } + OperationRegion(HSFP, SystemMemory, 0x78000010, 0x100) + Field(HSFP, ByteAcc, NoLock, Preserve) { + Offset (0x2), + HSF0, 1, // port0 + , 7, //RESERVED + Offset (0x6), + HSF1, 1, // port1 + , 7, //RESERVED + } Name (_HID, "HISI00B2") Name (_CCA, 1) // Cache-coherent controller Name (_CRS, ResourceTemplate (){ @@ -520,7 +529,21 @@ Scope(_SB) //Get sfp status case (0x5) { + Store (1, Local1) //set no sfp default + Store (DeRefOf (Index (Arg3, 0)), Local0) + If (LEqual (Local0, 0)) + { + // port 0: + Store (HSF0, Local1) + } + ElseIf (LEqual (Local0, 1)) + { + // port 1 + Store (HSF1, Local1) + } + XOr (Local1, 1, local1) + Return (Local1) } } } -- 1.9.1

8 years, 3 months

← Newer
1
...
23
24
25
26
27
28
29
...
82
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Linaro-uefi