Changes to support building secure and normal MM mode images on FVP-
AEMv8-AEMv8.
Management Mode (MM) provides a secure execution environment on Server
and Clamshell platforms. It is specified in the Volume 4. PI
specification. An implementation exists in the EDK2-Staging code base.
In order to support MM on ARM, changes are required to both EDK2 and ARM
Trusted Firmware.
MM provides a management service rather than a security service. Hence
it has to be isolated from any software stack e.g. Trusted OS that
provides security services.
The MM Image executes in S-EL0 on ARM platforms in a sandboxed environment.
In future, there might be other sandboxed environments that co-exist with it.
Each sandbox implements a Secure Firmware Service.
The corresponding image is called
a SFS_PAYLOAD.
This change adds an optional parameter ATF_SFS_PAYLOAD.
ATF_SFS_PAYLOAD will be the path to management service in fd format
(EDK2 Firmware Device).
Signed-off-by: Supreeth Venkatesh <supreeth.venkatesh(a)arm.com>
---
Changes in v3:
- Add ARM_STANDALONE_MM_ENABLE=TRUE for normal MM Image
in platforms.config.
Changes in v2:
- Updated Commit Message to indicate concept of Secure Firmware Services
is still in flux.
- Changed internal variable in atf_build.sh file to SFS_OPTION
from SFS_PAYLOAD.
- Drop FIRMWARE_VER parameter for fvp_normal_mm platform.
---
atf-build.sh | 14 ++++++++++++--
platforms.config | 22 ++++++++++++++++++++++
2 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/atf-build.sh b/atf-build.sh
index 0c4c09c..4d6afa0 100755
--- a/atf-build.sh
+++ b/atf-build.sh
@@ -60,12 +60,14 @@ function build_platform
PLATFORM_ARCH="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o arch`"
PLATFORM_IMAGE_DIR="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o uefi_image_dir`"
PLATFORM_BUILDFLAGS="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o atf_buildflags`"
+ PLATFORM_SFS_PAYLOAD="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o atf_sfs_payload`"
if [ $VERBOSE -eq 1 ]; then
echo "PLATFORM_NAME=$PLATFORM_NAME"
echo "PLATFORM_ARCH=$PLATFORM_ARCH"
echo "PLATFORM_IMAGE_DIR=$PLATFORM_IMAGE_DIR"
echo "PLATFORM_BUILDFLAGS=$PLATFORM_BUILDFLAGS"
+ echo "PLATFORM_SFS_PAYLOAD=$PLATFORM_SFS_PAYLOAD"
fi
unset BL30 BL31 BL32 BL33
@@ -118,6 +120,14 @@ function build_platform
fi
fi
+ if [ X"$PLATFORM_SFS_PAYLOAD" != X"" ]; then
+ #
+ # Since SFS cannot be exported or undefined,
+ # we parametrise it here
+ #
+ SFS_OPTION="SFS_PAYLOAD=$EDK2_DIR/$PLATFORM_SFS_PAYLOAD"
+ fi
+
#
# Debug extraction handling
#
@@ -157,9 +167,9 @@ function build_platform
#
if [ $VERBOSE -eq 1 ]; then
echo "Calling ARM Trusted Firmware build:"
- echo "CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip"
+ echo "CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION $SFS_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip"
fi
- CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip
+ CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION $SFS_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip
if [ $? -eq 0 ]; then
#
# Copy resulting images to UEFI image dir
diff --git a/platforms.config b/platforms.config
index ebf81df..22c981d 100644
--- a/platforms.config
+++ b/platforms.config
@@ -51,6 +51,8 @@
# - BUILDFLAGS Any special flags you want to pass to the build command.
# - ATF_BUILDFLAGS Any special flags you want to pass to the ARM Trusted
# Firmware build command.
+# - ATF_SFS_PAYLOAD Any special secure firmware service payload you want
+# to pass to the ARM trusted Firmware build command.
# - TOS_BUILDFLAGS Any special flags you want to pass to the Trusted OS
# build command.
# - EXTRA_FILES Any additional files to be copied to output dir.
@@ -90,6 +92,26 @@ BUILD_ATF=yes
UEFI_BIN=FVP_AARCH64_EFI.fd
UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64
+# ARM FVP BASE AEMv8-A model
+[fvp_secure_mm]
+LONGNAME=aarch64 FVP RTSM for secure world mm mode image
+DSC=StandaloneSmmPkg/StandaloneSmmPkg.dsc
+ARCH=AARCH64
+UEFI_BIN=FVP_AARCH64_EFI_SECURE_MM.fd
+UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64-Secure-MM
+
+[fvp_normal_mm]
+LONGNAME=aarch64 FVP RTSM for normal world mm mode image
+DSC=OpenPlatformPkg/Platforms/ARM/VExpress/ArmVExpress-FVP-AArch64.dsc
+BUILDFLAGS=-D EDK2_OUT_DIR=Build/ArmVExpress-FVP-AArch64-Normal-MM -D EDK2_ENABLE_SMSC_91X=1 -D ARM_STANDALONE_MM_ENABLE=TRUE
+ARCH=AARCH64
+BUILD_ATF=debug
+UEFI_BIN=FVP_AARCH64_EFI.fd
+UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64-Normal-MM
+ATF_PLATFORM=fvp
+ATF_SFS_PAYLOAD=Build/StandaloneSmmPkg/DEBUG_GCC49/FV/STANDALONESMM.fd
+ATF_BUILDFLAGS=ARM_TSP_RAM_LOCATION=dram SFSD=mmd
+
[tc2]
LONGNAME=Versatile Express TC2
BUILDFLAGS=-D ARM_BIGLITTLE_TC2=1
--
2.7.4
Changes to support building secure and normal MM mode images on FVP-
AEMv8-AEMv8.
Management Mode (MM) provides a secure execution environment on Server
and Clamshell platforms. It is specified in the Volume 4. PI
specification. An implementation exists in the EDK2-Staging code base.
In order to support MM on ARM, changes are required to both EDK2 and ARM
Trusted Firmware.
MM provides a management service rather than a security service. Hence
it has to be isolated from any software stack e.g. Trusted OS that
provides security services.
The MM Image executes in S-EL0 on ARM platforms in a sandboxed environment.
In future, there might be other sandboxed environments that co-exist with it.
Each sandbox implements a Secure Firmware Service.
The corresponding image is called
a SFS_PAYLOAD.
This change adds an optional parameter ATF_SFS_PAYLOAD.
ATF_SFS_PAYLOAD will be the path to management service in fd format
(EDK2 Firmware Device).
Signed-off-by: Supreeth Venkatesh <supreeth.venkatesh(a)arm.com>
---
Changes in v2:
- Updated Commit Message to indicate concept of Secure Firmware Services
is still in flux.
- Changed internal variable in atf_build.sh file to SFS_OPTION
from SFS_PAYLOAD.
- Drop FIRMWARE_VER parameter for fvp_normal_mm platform.
---
atf-build.sh | 14 ++++++++++++--
platforms.config | 22 ++++++++++++++++++++++
2 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/atf-build.sh b/atf-build.sh
index 0c4c09c..4d6afa0 100755
--- a/atf-build.sh
+++ b/atf-build.sh
@@ -60,12 +60,14 @@ function build_platform
PLATFORM_ARCH="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o arch`"
PLATFORM_IMAGE_DIR="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o uefi_image_dir`"
PLATFORM_BUILDFLAGS="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o atf_buildflags`"
+ PLATFORM_SFS_PAYLOAD="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o atf_sfs_payload`"
if [ $VERBOSE -eq 1 ]; then
echo "PLATFORM_NAME=$PLATFORM_NAME"
echo "PLATFORM_ARCH=$PLATFORM_ARCH"
echo "PLATFORM_IMAGE_DIR=$PLATFORM_IMAGE_DIR"
echo "PLATFORM_BUILDFLAGS=$PLATFORM_BUILDFLAGS"
+ echo "PLATFORM_SFS_PAYLOAD=$PLATFORM_SFS_PAYLOAD"
fi
unset BL30 BL31 BL32 BL33
@@ -118,6 +120,14 @@ function build_platform
fi
fi
+ if [ X"$PLATFORM_SFS_PAYLOAD" != X"" ]; then
+ #
+ # Since SFS cannot be exported or undefined,
+ # we parametrise it here
+ #
+ SFS_OPTION="SFS_PAYLOAD=$EDK2_DIR/$PLATFORM_SFS_PAYLOAD"
+ fi
+
#
# Debug extraction handling
#
@@ -157,9 +167,9 @@ function build_platform
#
if [ $VERBOSE -eq 1 ]; then
echo "Calling ARM Trusted Firmware build:"
- echo "CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip"
+ echo "CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION $SFS_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip"
fi
- CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip
+ CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION $SFS_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip
if [ $? -eq 0 ]; then
#
# Copy resulting images to UEFI image dir
diff --git a/platforms.config b/platforms.config
index ebf81df..17d4d86 100644
--- a/platforms.config
+++ b/platforms.config
@@ -51,6 +51,8 @@
# - BUILDFLAGS Any special flags you want to pass to the build command.
# - ATF_BUILDFLAGS Any special flags you want to pass to the ARM Trusted
# Firmware build command.
+# - ATF_SFS_PAYLOAD Any special secure firmware service payload you want
+# to pass to the ARM trusted Firmware build command.
# - TOS_BUILDFLAGS Any special flags you want to pass to the Trusted OS
# build command.
# - EXTRA_FILES Any additional files to be copied to output dir.
@@ -90,6 +92,26 @@ BUILD_ATF=yes
UEFI_BIN=FVP_AARCH64_EFI.fd
UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64
+# ARM FVP BASE AEMv8-A model
+[fvp_secure_mm]
+LONGNAME=aarch64 FVP RTSM for secure world mm mode image
+DSC=StandaloneSmmPkg/StandaloneSmmPkg.dsc
+ARCH=AARCH64
+UEFI_BIN=FVP_AARCH64_EFI_SECURE_MM.fd
+UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64-Secure-MM
+
+[fvp_normal_mm]
+LONGNAME=aarch64 FVP RTSM for normal world mm mode image
+DSC=OpenPlatformPkg/Platforms/ARM/VExpress/ArmVExpress-FVP-AArch64.dsc
+BUILDFLAGS=-D EDK2_OUT_DIR=Build/ArmVExpress-FVP-AArch64-Normal-MM -D EDK2_ENABLE_SMSC_91X=1
+ARCH=AARCH64
+BUILD_ATF=debug
+UEFI_BIN=FVP_AARCH64_EFI.fd
+UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64-Normal-MM
+ATF_PLATFORM=fvp
+ATF_SFS_PAYLOAD=Build/StandaloneSmmPkg/DEBUG_GCC49/FV/STANDALONESMM.fd
+ATF_BUILDFLAGS=ARM_TSP_RAM_LOCATION=dram SFSD=mmd
+
[tc2]
LONGNAME=Versatile Express TC2
BUILDFLAGS=-D ARM_BIGLITTLE_TC2=1
--
2.7.4
ARM TZASC-380 IP provides a mechanism to split memory regions being
protected via it into eight equal-sized sub-regions. A bit-setting
allows the corresponding subregion to be disabled.
Several NXP/FSL SoCs support the TZASC-380 IP block and allow
the DDR connected via the TZASC to be partitioned into regions
having different security settings and also allow subregions
to be disabled.
This patch enables this support and can be used for SoCs which
support such a partition of DDR regions.
Details of the 'subregion_disable' register can be viewed here:
http://infocenter.arm.com/help/topic/com.arm.doc.ddi0431c/CHDIGDCI.html
Cc: Leif Lindholm <leif.lindholm(a)linaro.org>
Cc: Ard Biesheuvel <ard.biesheuvel(a)linaro.org>
Signed-off-by: Bhupesh Sharma <bhupesh.linux(a)gmail.com>
Contributed-under: TianoCore Contribution Agreement 1.0
---
.../Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c | 14 +++++++-------
ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c | 10 ++++++++--
ArmPlatformPkg/Include/Drivers/ArmTrustzone.h | 3 ++-
3 files changed, 17 insertions(+), 10 deletions(-)
diff --git a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
index 6fa0774f59f8..42d731ea98c9 100644
--- a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
+++ b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
@@ -72,18 +72,18 @@ ArmPlatformSecTrustzoneInit (
// NOR Flash 0 non secure (BootMon)
TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED,
ARM_VE_SMB_NOR0_BASE,0,
- TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
+ TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
// NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin)
if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {
//Note: Your OS Kernel must be aware of the secure regions before to enable this region
TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0,
- TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
+ TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0);
} else {
TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
ARM_VE_SMB_NOR1_BASE,0,
- TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
+ TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
}
// Base of SRAM. Only half of SRAM in Non Secure world
@@ -92,22 +92,22 @@ ArmPlatformSecTrustzoneInit (
//Note: Your OS Kernel must be aware of the secure regions before to enable this region
TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
ARM_VE_SMB_SRAM_BASE,0,
- TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW);
+ TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW, 0);
} else {
TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
ARM_VE_SMB_SRAM_BASE,0,
- TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
+ TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0);
}
// Memory Mapped Peripherals. All in non secure world
TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED,
ARM_VE_SMB_PERIPH_BASE,0,
- TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
+ TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
// MotherBoard Peripherals and On-chip peripherals.
TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED,
ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0,
- TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW);
+ TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW, 0);
}
/**
diff --git a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
index 070c0dcb5d4d..c99c16d4c442 100644
--- a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
+++ b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
@@ -87,20 +87,26 @@ TZASCSetRegion (
IN UINTN LowAddress,
IN UINTN HighAddress,
IN UINTN Size,
- IN UINTN Security
+ IN UINTN Security,
+ IN UINTN SubregionDisableMask
)
{
UINT32* Region;
+ UINT32 RegionAttributes;
if (RegionId > TZASCGetNumRegions(TzascBase)) {
return EFI_INVALID_PARAMETER;
}
+ RegionAttributes = ((Security & 0xF) << 28) |
+ ((SubregionDisableMask & 0xFF) << 8) |
+ ((Size & 0x3F) << 1) | (Enabled & 0x1);
+
Region = (UINT32*)((UINTN)TzascBase + TZASC_REGIONS_REG + (RegionId * 0x10));
MmioWrite32((UINTN)(Region), LowAddress&0xFFFF8000);
MmioWrite32((UINTN)(Region+1), HighAddress);
- MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) | ((Size & 0x3F) << 1) | (Enabled & 0x1));
+ MmioWrite32((UINTN)(Region+2), RegionAttributes);
return EFI_SUCCESS;
}
diff --git a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
index 78e98aad535f..1ba963d7b6c5 100644
--- a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
+++ b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
@@ -82,7 +82,8 @@ TZASCSetRegion (
IN UINTN LowAddress,
IN UINTN HighAddress,
IN UINTN Size,
- IN UINTN Security
+ IN UINTN Security,
+ IN UINTN SubregionDisableMask
);
#endif
--
2.7.4
Changes to support building secure and normal MM mode images on FVP-
AEMv8-AEMv8.
Management Mode (MM) provides a secure execution environment on Server
and Clamshell platforms. It is specified in the Volume 4. PI
specification. An implementation exists in the EDK2-Staging code base.
In order to support MM on ARM, changes are required to both EDK2 and ARM
Trusted Firmware.
MM provides a management service rather than a security service. Hence
it has to be isolated from any software stack e.g. Trusted OS that
provides security services. Secure Firmware Services (SFS) is being
proposed to provide a generic framework for running management services
in S-EL0.
This change adds an optional parameter ATF_SFS_PAYLOAD.
ATF_SFS_PAYLOAD will be the path to management service in fd format
(EDK2 Firmware Device).
Signed-off-by: Supreeth Venkatesh <supreeth.venkatesh(a)arm.com>
---
atf-build.sh | 14 ++++++++++++--
platforms.config | 22 ++++++++++++++++++++++
2 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/atf-build.sh b/atf-build.sh
index 0c4c09c..bc6d8ca 100755
--- a/atf-build.sh
+++ b/atf-build.sh
@@ -60,12 +60,14 @@ function build_platform
PLATFORM_ARCH="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o arch`"
PLATFORM_IMAGE_DIR="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o uefi_image_dir`"
PLATFORM_BUILDFLAGS="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o atf_buildflags`"
+ PLATFORM_SFS_PAYLOAD="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o atf_sfs_payload`"
if [ $VERBOSE -eq 1 ]; then
echo "PLATFORM_NAME=$PLATFORM_NAME"
echo "PLATFORM_ARCH=$PLATFORM_ARCH"
echo "PLATFORM_IMAGE_DIR=$PLATFORM_IMAGE_DIR"
echo "PLATFORM_BUILDFLAGS=$PLATFORM_BUILDFLAGS"
+ echo "PLATFORM_SFS_PAYLOAD=$PLATFORM_SFS_PAYLOAD"
fi
unset BL30 BL31 BL32 BL33
@@ -118,6 +120,14 @@ function build_platform
fi
fi
+ if [ X"$PLATFORM_SFS_PAYLOAD" != X"" ]; then
+ #
+ # Since SFS cannot be exported or undefined,
+ # we parametrise it here
+ #
+ SFS_PAYLOAD="SFS_PAYLOAD=$EDK2_DIR/$PLATFORM_SFS_PAYLOAD"
+ fi
+
#
# Debug extraction handling
#
@@ -157,9 +167,9 @@ function build_platform
#
if [ $VERBOSE -eq 1 ]; then
echo "Calling ARM Trusted Firmware build:"
- echo "CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip"
+ echo "CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} $SFS_PAYLOAD all fip"
fi
- CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip
+ CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} $SFS_PAYLOAD all fip
if [ $? -eq 0 ]; then
#
# Copy resulting images to UEFI image dir
diff --git a/platforms.config b/platforms.config
index ebf81df..726fd4f 100644
--- a/platforms.config
+++ b/platforms.config
@@ -51,6 +51,8 @@
# - BUILDFLAGS Any special flags you want to pass to the build command.
# - ATF_BUILDFLAGS Any special flags you want to pass to the ARM Trusted
# Firmware build command.
+# - ATF_SFS_PAYLOAD Any special secure firmware service payload you want
+# to pass to the ARM trusted Firmware build command.
# - TOS_BUILDFLAGS Any special flags you want to pass to the Trusted OS
# build command.
# - EXTRA_FILES Any additional files to be copied to output dir.
@@ -90,6 +92,26 @@ BUILD_ATF=yes
UEFI_BIN=FVP_AARCH64_EFI.fd
UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64
+# ARM FVP BASE AEMv8-A model
+[fvp_secure_mm]
+LONGNAME=aarch64 FVP RTSM for secure world mm mode image
+DSC=StandaloneSmmPkg/StandaloneSmmPkg.dsc
+ARCH=AARCH64
+UEFI_BIN=FVP_AARCH64_EFI_SECURE_MM.fd
+UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64-Secure-MM
+
+[fvp_normal_mm]
+LONGNAME=aarch64 FVP RTSM for normal world mm mode image
+DSC=OpenPlatformPkg/Platforms/ARM/VExpress/ArmVExpress-FVP-AArch64.dsc
+BUILDFLAGS=-D EDK2_OUT_DIR=Build/ArmVExpress-FVP-AArch64-Normal-MM -D EDK2_ENABLE_SMSC_91X=1 -D FIRMWARE_VER=02bd6a3
+ARCH=AARCH64
+BUILD_ATF=debug
+UEFI_BIN=FVP_AARCH64_EFI.fd
+UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64-Normal-MM
+ATF_PLATFORM=fvp
+ATF_SFS_PAYLOAD=Build/StandaloneSmmPkg/DEBUG_GCC49/FV/STANDALONESMM.fd
+ATF_BUILDFLAGS=ARM_TSP_RAM_LOCATION=dram SFSD=mmd
+
[tc2]
LONGNAME=Versatile Express TC2
BUILDFLAGS=-D ARM_BIGLITTLE_TC2=1
--
2.7.4
This patch resolves the issue 2393: https://bugs.linaro.org.
The cdb16 command should be used if the hard disk size larger than 4TB.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chenhui Sun <sunchenhui(a)huawei.com>
Signed-off-by: Jason Zhang <zhangjinsong2(a)huawei.com>
---
.../Binary/D03/Drivers/Sas/SasDriverDxe.efi | Bin 210752 -> 208288 bytes
.../Binary/D05/Drivers/Sas/SasDriverDxe.efi | Bin 210400 -> 230912 bytes
2 files changed, 0 insertions(+), 0 deletions(-)
diff --git a/Platforms/Hisilicon/Binary/D03/Drivers/Sas/SasDriverDxe.efi b/Platforms/Hisilicon/Binary/D03/Drivers/Sas/SasDriverDxe.efi
index b956b19..19cd038 100644
Binary files a/Platforms/Hisilicon/Binary/D03/Drivers/Sas/SasDriverDxe.efi and b/Platforms/Hisilicon/Binary/D03/Drivers/Sas/SasDriverDxe.efi differ
diff --git a/Platforms/Hisilicon/Binary/D05/Drivers/Sas/SasDriverDxe.efi b/Platforms/Hisilicon/Binary/D05/Drivers/Sas/SasDriverDxe.efi
index 6021d12..8d9ecd2 100644
Binary files a/Platforms/Hisilicon/Binary/D05/Drivers/Sas/SasDriverDxe.efi and b/Platforms/Hisilicon/Binary/D05/Drivers/Sas/SasDriverDxe.efi differ
--
1.9.1
Hi,
I submit small patchset, which fixes HS200 operation for XenonDxe driver
eMMC and also enables PCD-based configuration of each controller's
voltage supply, bus width and determine phy operation (so called
'slow mode').
The patches are available publicly in the github:
https://github.com/MarvellEmbeddedProcessors/edk2-open-platform/commits/opp…
Any comments or remarks would be welcome.
Best regards,
Marcin
Marcin Wojtas (5):
Drivers/SdMmc/XenonDxe: Fix HS200 operation
Drivers/SdMmc/XenonDxe: Enable supply voltage setting
Drivers/SdMmc/XenonDxe: Enable bus width setting
Drivers/SdMmc/XenonDxe: Enable 'slow mode' setting
Platforms/Marvell/A70x0: Introduce custom board settings for SD/MMC
Documentation/Marvell/PortingGuide/Xenon.txt | 35 +++++++++++++++++++
Drivers/SdMmc/XenonDxe/EmmcDevice.c | 34 ++++--------------
Drivers/SdMmc/XenonDxe/SdMmcPciHcDxe.c | 52 ++++++++++++++++++++++++----
Drivers/SdMmc/XenonDxe/SdMmcPciHcDxe.inf | 7 ++++
Drivers/SdMmc/XenonDxe/XenonSdhci.c | 16 ++++++---
Drivers/SdMmc/XenonDxe/XenonSdhci.h | 3 +-
Platforms/Marvell/Armada/Armada70x0.dsc | 5 +++
Platforms/Marvell/Marvell.dec | 5 +++
8 files changed, 117 insertions(+), 40 deletions(-)
create mode 100644 Documentation/Marvell/PortingGuide/Xenon.txt
--
1.8.3.1