Age | Commit message (Collapse) | Author |
|
If ATF loads OP-TEE, it will pass OP-TEE base
address and size to the u-boot through boot information.
This will help u-boot update device tree accordingly.
Note that u-boot on i.MX 8QxP does not need this information
to configure memory mapping. Query to the SC Firmware
is used instead.
Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
(cherry picked from commit 70c1d422e520f8f1c201a7e4fe22870832240db7)
|
|
Configure OP-TEE Share memory to be accessible by OS.
Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
(cherry picked from commit b2d0c8530c75bb77450372114229cadd8555780b)
|
|
Reuse Trusty support for OP-TEE
Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
(cherry picked from commit a558c8fb87171f4ebcc44bb0b8aa699c989a2a7d)
|
|
JR0 and JR1 of CAAM are owned by SECO, only kick the power
of JR2 and JR3 here and assign the resources to be accessed
by secure world.
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Due imx8qm_mek's UART0_RTS_B and UART0_CTS_0 pad
reuse to be the UART2 for base bard which operated by
M4_1, so don't touch these two pads in ATF.
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
Acked-by: Pete Zhang <pete.zhang@nxp.com>
|
|
Tee(Trusty Os) will be stored in fit for Android and Android Auto
so we don't need to copy it anymore, this will save some boot time.
Signed-off-by: Luo Ji <ji.luo@nxp.com>
|
|
The Trusty OS binary will be installed into
container.img and loaded into 0x84000000.
Due Trusty OS addresss is in 0xfe000000 which
ROM cannot reach, so use ATF to copy it into
the target address.
Mapped the BL32 code into MMU due the Trusty
SPD need to check the code status and decide
the CPU executing mode.
To reserve and protect the memory for secure
world, modify the partition code to keep
BL32 spaces in secure_part.
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
|
|
With flash_uboot_cm4ddr in imx-mkimage, the m4 code will access ddr.
However after m4 core moved to non-secure partition, the ddr memory
is still in secure partition. Then m4 core will fault.
So postpone moving resources including m4 core, until other resources,
such as memory/pin moved to non-secure partition.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
(cherry picked from commit 1c8ce0ad5f583ec41026d4ab5bef622f1b45aecd)
|
|
Switch to MULTI_CONSOLE_API to make debug UART work.
Signed-off-by: Anson Huang <Anson.Huang@nxp.com>
|
|
With default configuration, M4 and A35 in one partition, M4 is loaded by ROM.
"err = sc_rm_move_all(ipc_handle, secure_part, os_part, true, true);"
M4 core will first be moved to non-secure OS part, then the resource used
by M4 will be moved to non-secure OS part later. But before the resource be
moved to non-secure OS part, M4 core is still running, so a non-secure M4
core access a secure resource will trigger error in M4 side.
First mark M4 core as non-movable, after all other resoures moved to OS
part, move M4 to OS part. No need to check whether M4 is created a new
partition by SCFW, if a partition already created, the call to mark
M4 as non-removable will fail, because it M4 is in its own partition.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
|
clean up the license identifier with short SPDX short identifier.
Signed-off-by: Bai Ping <ping.bai@nxp.com>
|
|
Use MU0 to comply with boot image usage of MU,
Also power on and pass MU1 for OS/Hypervisor.
Signed-off-by: Anson Huang <Anson.Huang@nxp.com>
|
|
In order to save power when AP side is suspend,
the DBLOG need to be put into low power mode.
GIC need to be power off to save power. before GIC
power off, we need to save the GIC setting, then
after resume, we need to restore the gic setting.
irqsteer need to be used to wakeup the AP side
when wakeup interrupt is pending for AP side.
Signed-off-by: Bai Ping <ping.bai@nxp.com>
|
|
Reserve the memory region that is only can access by ATF. ATF is running
in this memory region, while masters in other partitions can't access it.
Signed-off-by: Ye Li <ye.li@nxp.com>
|
|
Change to search the ATF owned memory regions and assign them to non-secure
OS partition. Not allocate new memory region for each one.
Signed-off-by: Ye Li <ye.li@nxp.com>
|
|
As we already have control for debug console in platform_def.h,
so no need to un-initialize console in plat runtime setup, just
overwrite the common implementation with blank function.
Signed-off-by: Anson Huang <Anson.Huang@nxp.com>
|
|
Not only the resources, but also the memory regions need to assign to
non-secure partition. Otherwise, when the boot partition is secured,
the OS non-secure partition can't access any memory.
This patch currently assign all memory to NS partition, since it is not
isolated, the current secure partition also can access them. In future,
may need to change the regions for reserving some memory in secure
partition for ATF and BL32.
Signed-off-by: Ye Li <ye.li@nxp.com>
|
|
Signed-off-by: Nitin Garg <nitin.garg@nxp.com>
|
|
missed bit 31 and 30 which are needed
Signed-off-by: Nitin Garg <nitin.garg@nxp.com>
|
|
Signed-off-by: Nitin Garg <nitin.garg@nxp.com>
|
|
Disable ATF console output for iMX8QM
Signed-off-by: Nitin Garg <nitin.garg@nxp.com>
|
|
change MMU mapping to use the address of
the MU currently being used for ATF
Signed-off-by: Teo Hall <teo.hall@nxp.com>
|
|
add more resources to secure partition for
protection. Also add in functionality to allow
for register access of some secure-owned
peripherals.
These peripherals will still be protected from
power or clk changes.
Signed-off-by: Teo Hall <teo.hall@nxp.com>
|
|
add rm svc api and set aside separate MU for
secure api calls into SCU
Signed-off-by: Teo Hall <teo.hall@nxp.com>
|
|
Add i.MX8QM platform support.
Signed-off-by: Anson Huang <Anson.Huang@nxp.com>
Signed-off-by: Bai Ping <ping.bai@nxp.com>
|