The diagram shown below illustrates the boot-flow involving OP-TEE OS
initialization.
(1)-----------+
| U-Boot SPL |
+------------+
|
v
(2)-------------------------------------------------------------+
| OpenSBI (fw_dynamic) |
| (4)------------------------+ |
| | optee dispatcher driver | |
+-----------------+-------^---------|-------+------------------+
M-mode | | |
---------+--[trusted domain]---+----.----+--[untrusted domain]-------
S-mode | (coldboot domain) | | |
v | | v
(3)---------------------------+ |(5)----------------------------+
| OP-TEE OS | | | U-Boot |
+----------------------------+ | +-----------------------------+
| |
| v
|(6)----------------------------+
| | Linux |
| +-----------------------------+
As OP-TEE OS has device-tree node fixups that need to be passed
through to the next boot stages, e.g. the reserved memory node:
reserved-memory {
#address-cells = <2>;
#size-cells = <2>;
ranges;
optee_core@f1000000 {
no-map;
reg = <0x0 0xf1000000 // OP-TEE OS base address
0x0 0x01000000>;
};
<...>
};
Instead of using 0x0 as the default value, allow identical next-arg1
to be used by non-coldboot domain (i.e., untrusted domain) when the
property is not provided.
Also, update the description of next-arg1 property in the document.
Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
Currently, the sbi_hartmask is indexed by hartid which puts a
limit on hartid to be less than SBI_HARTMASK_MAX_BITS.
We extend the sbi_hartmask implementation to use hartindex and
support updating sbi_hartmask using hartid. This removes the
limit on hartid and existing code works largely unmodified.
Signed-off-by: Xiang W <wxjstz@126.com>
Signed-off-by: Anup Patel <apatel@ventanamicro.com>
Let's use heap allocation in FDT domain parsing instead of using
a fixed size global array.
Signed-off-by: Anup Patel <apatel@ventanamicro.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Because firmware is split into rw/rx segments, it cannot be recorded
by a root_fw_region. This problem is solved by adding a flag
fw_region_inited to sbi_domain.
Signed-off-by: Xiang W <wxjstz@126.com>
Reviewed-by: Himanshu Chauhan <hchauhan@ventanamicro.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
Only privileged domains should be allowed to suspend the entire
system. Give the root domain this property by default and allow
other domains to be given the property by specifying it in the
DT.
Signed-off-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
The region access permission check in __fdt_parse_region() can be
simplified as masking SBI_DOMAIN_MEMREGION_{M,SU}_ACCESS_MASK is
enough.
While we are here, update the confusing comments to match the codes.
Signed-off-by: Bin Meng <bmeng@tinylab.org>
Reviewed-by: Anup Patel <anup@brainfault.org>
The M-mode regions can only be added to the root domain. The non-root
domains shouldn't be able to add them from FDT.
Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
Tested-by: Anup Patel <anup@brainfault.org>
C language standard uses true/false for the boolean type.
Let's switch to that for better language compatibility.
Signed-off-by: Bin Meng <bmeng@tinylab.org>
Reviewed-by: Anup Patel <anup@brainfault.org>
Reviewed-by: Samuel Holland <samuel@sholland.org>
Tested-by: Samuel Holland <samuel@sholland.org>
If fdt_getprop() returns NULL, this indicates an error. In this case lenp
is set to an error code. But even if lenp = 0 we should not continue.
If fdt_getprop() returns a wider value than we expect this is a separate
error condition.
In both cases the device-tree is invalid.
Addresses-Coverity-ID: 1529703 ("Dereference after null check")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Xiang W <wxjstz@126.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
Use strncmp() instead of strcmp() in __fixup_find_domain_offset()
so that it compiles fine when linking with external firmware (such
as EDK2).
Signed-off-by: Daniel Schaefer <daniel.schaefer@hpe.com>
Reviewed-by: Xiang W <wxjstz@126.com>
Reviewed-by: Abner Chang <abner.chang@hpe.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
We should copy over all restricted memregions from the root domain
to the domains populated from FDT. These restricted root memregions
are typically firmware memregion and M-mode only mmio memregions.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Xiang W <wxjstz@126.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
The fdt_domain_get() function is now redundant because the
fdt_domains_populate() function can explicitly register new
domains using the sbi_domain_register() function.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
We extend fdt_iterate_each_domain() and fdt_iterate_each_memregion()
functions to allow underlying iteration function to fail. This will
help us catch more domain misconfiguration issues at boot time.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
We add various helper routines to populate domains, iterate domains,
iterate domain memregions, and parse HART to domain assignment from
the FDT.
These helper routines can be used by platform support code and FDT
fixup code.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
