- TF-A - lists.trustedfirmware.org

Re-scheduling TF-A Tech Forum earlier by 1 hour

by Bill Fletcher

Hi all, Starting 18th June, the TF-A Tech Forum will be moved earlier by 1 hour to 1600 UK time (1500 UTC). This change is to avoid overlapping with the TF Technical Steering Committee call. We'll delete the existing invite and send a new one to this list. Regards Bill -- [image: Linaro] <http://www.linaro.org/> *Bill Fletcher* | *Field Engineering* T: +44 7833 498336 <+44+7833+498336> bill.fletcher(a)linaro.org | Skype: billfletcher2020

4 years, 11 months

1
0
0 0

ATF LTS version

by Varun Wadekar

Hello team, To extend the discussion around version upgrades from our last call, I would like to understand if there is enough interest around generating a LTS version of the TF-A to alleviate the pain. For NVIDIA, this would be helpful as it streamlines the upgrade path for our devices in the field. The LTS version will guarantee security fixes, bug fixes, stability fixes for the longer term and we won't have to upgrade the entire firmware to get these goodies. It would be interesting to see what OEMs and maintainers think about this? Has this been discussed at tf.org or Arm internally? -Varun

4 years, 11 months

1
0
0 0

Measured Boot in TF-A

by Alexei Fedorov

Hello all, The initial patch for Measured Boot has been split into 5 separates buildable ones: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3806 https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4473 https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4508 https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4509 https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4510 and are ready for review/merge. The design follows "TF-A Design Notes for Measured Boot" document . The number of API changes and code modifications based on the received feedback were made, and the most important are: 1. TPM hash algorithm is now independent from the one used by Trusted Boot and can be set separately to a different value. 2. Size of Event Log is passed as a driver build option and can be tuned to meet platform specific requirements (debug/release, number of images loaded, etc.). 3. Driver accepts platform specific table of images to be loaded/measured. 4. PCR index to use for TMP records is passed in platform specific table (see above) and can be set individually for each image. Regards. Alexei

4 years, 11 months

1
0
0 0

Question on confine_index_array.h import in tf-a

by Etienne Carriere

Dear all, As part of a patchset series review (topic scmi-msg), change [1] imports confine_array_index.h header file from OP-TEE OS repository. The file originates from the open source Fuschia project, see link in commit message of [1]. As being imported for external packages, the header file inherits Fushca and OP-TEE notices. The helper function can protect some data structure from side channel attacks leveraging index indirect access overflows during speculative execution. It is not Arm copyright. It is BSD-3-Clause license. I'll add an entry in the docs/license.rst for the file. Where to locate the file? It is ok to add such a file in include/common? Does it deserve a specific lib path, like include/lib/speculconfie_array_index.h? Maybe add as include/lib/cpus/confine_array_index.h as it is CPU speculative matters? Could you help [1] review to progress? [1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4055 Regards, Etienne

4 years, 11 months

1
0
0 0

Re: [TF-A] RK3399_BAUDRATE default value

by Hugh Cole-Baker

> On 6 Jun 2020, at 17:52, Heiko Stübner via TF-A <tf-a(a)lists.trustedfirmware.org> wrote: > > Hi Walter, > > Am Freitag, 5. Juni 2020, 22:45:25 CEST schrieb Walter Lozano via TF-A: >> I have noticed that default baudrate for rk3399 board RK3399_BAUDRATE >> defined in plat/rockchip/rk3399/rk3399_def.h is 115200 while U-boot >> default value and most documentation points to a value of 1500000 for >> console. > > console baudrate on rk3399 differ a lot between boards. There are a > number using the 1.5MHz and another big number using 115200 > (including but not limited to the ChromeOS devices from the Gru line). > > Hence we have the code that selects the actual baudrate from the > devicetree attached by u-boot when calling TF-A. > > So I guess it should stay as it is right now. On the RK3399 there are currently a couple of roadblocks preventing this selection of the baudrate from the devicetree from working. Firstly in U-Boot, SPL_ATF_NO_PLATFORM_PARAM is forced on when selecting ROCKCHIP_RK3399 in Kconfig [1]. Secondly in TF-A the 64K buffer used to store the passed devicetree isn't large enough to fit some of the RK3399 device tree blobs, as I found when removing SPL_ATF_NO_PLATFORM_PARAM from U-Boot. I guess the issue in TF-A needs to be fixed first before passing the platform parameter can be enabled in U-Boot, I've submitted a TF-A patch to increase the buffer size [2]. [1]: https://gitlab.denx.de/u-boot/u-boot/-/blob/61853a7ac7e167d90899ec4e99d2e07… [2]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4512 > Heiko > > >> This of course means that messages printed by ATF are not visible by >> default in this context. >> >> The change from 1500000 to 115200 was introduced in >> 0c05748bdebfad9fa43a80962186438bb8fbce62, >> >> https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=0c05… >> >> with the following message >> >> commit 0c05748bdebfad9fa43a80962186438bb8fbce62 >> Author: Caesar Wang <wxt(a)rock-chips.com> >> Date: Tue Apr 19 20:42:17 2016 +0800 >> >> rockchip: fixes for the required >> >> This patch has the following change for rk3399. >> >> * Set the uart to 115200 since the loader decide to set >> uart baud to 115200Hz. So the ATF also should set uart baud to 115200. >> [..] >> >> However, I'm not sure it this still applies. >> >> I'll be happy to submit a patch to update the value if it is OK. >> >> Regards, >> >> Walter >> >> > > > > > -- > TF-A mailing list > TF-A(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-a

4 years, 11 months

2
1
0 0

Re: [TF-A] GICV3: system interface EOI ordering RFC

by Raghu Krishnamurthy

Hello, Sorry for chiming in late. Are we sure that the msr/mrs to the GICv3 EOI register is not a context synchronizing event or ensures ordering itself ? Also did the addition of DSB() fix the issue ? If yes, can you try adding a delay or a few NOP's/dummy instructions or an ISB to see if the issue goes away? We need to know the right thing to do architecturally and confirm that the issue is really due to reordering at the core before adding the DSB. Adding a DSB might be masking a timing issue. -Raghu On 6/8/20 4:47 AM, Sandeep Tripathy via TF-A wrote: >> -----Original Message----- >> From: Soby Mathew [mailto:Soby.Mathew@arm.com] >> Sent: Monday, June 08, 2020 3:36 PM >> To: Sandeep Tripathy; Olivier Deprez; tf-a(a)lists.trustedfirmware.org >> Cc: nd >> Subject: RE: [TF-A] GICV3: system interface EOI ordering RFC >> >> Just some inputs from my side: >> I agree we need at least a dsb() after the write to MMIO region to silence >> the >> peripheral and before the EOI at GIC sysreg interface. Adding it to the >> GIC EOI > > Thanks for the confirmation. Now it’s about choosing the right place. > >> API seems the logical thing to do but as Olivier mentions, there are >> interrupt >> handler which do not deal with MMIO (eg: the Systimer interrupt) so adding >> it >> to GICv3 API might be arduous for such handlers. >> >> So there is a choice here to let the interrupt handlers to deal with >> ensuring >> completeness before EOI at sysreg interface or adding it to GICv3 EOI API >> and >> take the overhead for interrupt handlers which do not have to deal with >> MMIO. >> > > Yes I feel either of these is a must to guarantee functionality > architecturally though > both approach end up with some unnecessary overhead. > > If GICv3 api takes care then it is an overhead for some ISRs dealing with > non-MMIO. > At present I do not see an active use case in reference implementation where > sys timer > ISR is in a performance intensive path where one additional DSB will be > perceivable. > But there may be some I could be totally wrong in this assumption (pmu/debug > or.. not sure). > Whereas I can certainly imagine some MMIO ISRs in performance critical path > where unnecessary > DSB is not acceptable at all. > > If the interrupt handler needs to ensure then it will generically add 'DSB' > as I think > the driver cannot and should not make assumptions about how EOI is done > afterwards. > That will be overhead for the ISRs dealing with MMIO peripherals and non > GIC-v3. > If we consider only GICv3+ then good. Otherwise I would prefer the > 'plat_ic_end_of_interrupt' > like Olivier mentioned with a #if GICv3 instead of each ISRs dealing with > it. > >> The GICv3 legacy MMIO CPU interface is deprecated for TF-A and the sys >> interface is the only one GICv3 driver in TF-A supports. > > Right we can ignore the GICv3 legacy mode but GICv2 will still remain ? > >> >> Best Regards >> Soby Mathew >> > > Thanks > Sandeep > >>> -----Original Message----- >>> From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Sandeep >>> Tripathy via TF-A >>> Sent: 08 June 2020 10:34 >>> To: Olivier Deprez <Olivier.Deprez(a)arm.com>; tf- >> a(a)lists.trustedfirmware.org >>> Subject: Re: [TF-A] GICV3: system interface EOI ordering RFC >>> >>> Hi Olivier, >>>> -----Original Message----- >>>> From: Olivier Deprez [mailto:Olivier.Deprez@arm.com] >>>> Sent: Monday, June 08, 2020 1:14 PM >>>> To: tf-a(a)lists.trustedfirmware.org; Sandeep Tripathy >>>> Subject: Re: [TF-A] GICV3: system interface EOI ordering RFC >>>> >>>> Hi Sandeep, >>>> >>>> gicv3_end_of_interrupt_sel1 is a static access helper macro. Its >>>> naming precisely tells what it does at gicv3 module level. It is >>>> called from >>> the weak >>>> plat_ic_end_of_interrupt function for BL32 image. >>>> >>>> I tend to think it is the driver responsibility to ensure the module >>> interrupt >>>> acknowledge register write is reaching HW in order (or "be visible to >>> all >>>> observers"). >>> >>> The driver should be agnostic of what interrupt controller is used and >>> its >>> behavior. >>> And since 'all' writes were to mmio ranges mapped Device(nGnRE) >>> /strongly-ordered(nGnRnE) >>> there was no such need. This is a special case for GICv3 system >>> interface only. >>> Adding at driver level a DSB is unnecessary for other interrupt >>> controllers. >>> >>>> Also I suspect adding a dsb might not be required generically for all >>> kind of IP. >>> >>> Here are you referring to the peripheral IP or interrupt controller IP ? >>> The issue is reordering at arm core itself (STR to device address Vs >>> msr(sysreg >>> write)). >>> So I think Its applicable for all IP. >>> >>>> Adding a barrier in generic code might incur an unnecessary >>>> bottleneck. >>> >>> But if there is a need to *ensure* presence of at least one DSB between >>> the >>> write transfer from core to device clear and gicv3 eoi icc register >>> write in a >>> generic way then what other option we have. >>>> >>>> Thus wouldn't it be better to add the barrier to the overridden >>>> platform function rather than in generic gicv3 code? >>> >>> That can be done but I feel this is more to do with gicv3 system >>> interface only. >>> Inside plat_xxx one has to check #if GICV3 ...and system interface. >>>> >>>> I have a put a comment in the review, we can continue the discussion >>> there. >>>> >>>> Regards, >>>> Olivier. >>>> >>> Thanks >>> Sandeep >>>> ________________________________________ >>>> From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of >>>> Sandeep Tripathy via TF-A <tf-a(a)lists.trustedfirmware.org> >>>> Sent: 05 June 2020 19:43 >>>> To: tf-a(a)lists.trustedfirmware.org >>>> Subject: [TF-A] GICV3: system interface EOI ordering RFC >>>> >>>> Hi, >>>> In a typical interrupt handling sequence we do 1-Read IAR >>>> 2-Do interrupt handling >>>> 3-Clear the interrupt at source , so that the device de-asserts IRQ >>> request to >>>> GIC >>>> >> I am suggesting a need of DSB here in case of GICv3 +. >>>> 4-Write to GIC cpu interface to do EOI. >>>> >>>> Till GICv2 and with GICv3 legacy interface ICC_EOI write is a write >>>> over >>> AMBA >>>> interface. The >>>> Addresses are mapped with (nR) attribute. Hence the write transfers >>> from the >>>> core will be >>>> generated at step 3 and 4 in order. Please ignore the additional >>> buffers/bridges >>>> in path from >>>> core till peripheral which has to be dealt separately as per SOC. >>>> >>>> Query: I understand GICv3 system interface accesses are not over this >>> protocol >>>> and core will not >>>> follow the ordering rule ? >>>> >>>> I have observed spurious interrupt issue/manifestation ( I don't have >>> the >>>> transfers probed) in >>>> RTOS environment where I have a primitive GICv3 driver but I wonder >>>> why things does not fail in Linux or tf-a. If it is working because >>>> from step(3) to >>> step(4) we have >>>> barriers by chace >>>> due to other device register writes then I would suggest to have one >>>> in >>> the EOI >>>> clearing API itself. >>>> >>>> RFC: >>> https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4454 >>>> >>>> Thanks >>>> Sandeep >>> -- >>> TF-A mailing list >>> TF-A(a)lists.trustedfirmware.org >>> https://lists.trustedfirmware.org/mailman/listinfo/tf-a

4 years, 11 months

1
0
0 0

Re: [TF-A] GICV3: system interface EOI ordering RFC

by Sandeep Tripathy

> -----Original Message----- > From: Soby Mathew [mailto:Soby.Mathew@arm.com] > Sent: Monday, June 08, 2020 3:36 PM > To: Sandeep Tripathy; Olivier Deprez; tf-a(a)lists.trustedfirmware.org > Cc: nd > Subject: RE: [TF-A] GICV3: system interface EOI ordering RFC > > Just some inputs from my side: > I agree we need at least a dsb() after the write to MMIO region to silence > the > peripheral and before the EOI at GIC sysreg interface. Adding it to the > GIC EOI Thanks for the confirmation. Now it’s about choosing the right place. > API seems the logical thing to do but as Olivier mentions, there are > interrupt > handler which do not deal with MMIO (eg: the Systimer interrupt) so adding > it > to GICv3 API might be arduous for such handlers. > > So there is a choice here to let the interrupt handlers to deal with > ensuring > completeness before EOI at sysreg interface or adding it to GICv3 EOI API > and > take the overhead for interrupt handlers which do not have to deal with > MMIO. > Yes I feel either of these is a must to guarantee functionality architecturally though both approach end up with some unnecessary overhead. If GICv3 api takes care then it is an overhead for some ISRs dealing with non-MMIO. At present I do not see an active use case in reference implementation where sys timer ISR is in a performance intensive path where one additional DSB will be perceivable. But there may be some I could be totally wrong in this assumption (pmu/debug or.. not sure). Whereas I can certainly imagine some MMIO ISRs in performance critical path where unnecessary DSB is not acceptable at all. If the interrupt handler needs to ensure then it will generically add 'DSB' as I think the driver cannot and should not make assumptions about how EOI is done afterwards. That will be overhead for the ISRs dealing with MMIO peripherals and non GIC-v3. If we consider only GICv3+ then good. Otherwise I would prefer the 'plat_ic_end_of_interrupt' like Olivier mentioned with a #if GICv3 instead of each ISRs dealing with it. > The GICv3 legacy MMIO CPU interface is deprecated for TF-A and the sys > interface is the only one GICv3 driver in TF-A supports. Right we can ignore the GICv3 legacy mode but GICv2 will still remain ? > > Best Regards > Soby Mathew > Thanks Sandeep > > -----Original Message----- > > From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Sandeep > > Tripathy via TF-A > > Sent: 08 June 2020 10:34 > > To: Olivier Deprez <Olivier.Deprez(a)arm.com>; tf- > a(a)lists.trustedfirmware.org > > Subject: Re: [TF-A] GICV3: system interface EOI ordering RFC > > > > Hi Olivier, > > > -----Original Message----- > > > From: Olivier Deprez [mailto:Olivier.Deprez@arm.com] > > > Sent: Monday, June 08, 2020 1:14 PM > > > To: tf-a(a)lists.trustedfirmware.org; Sandeep Tripathy > > > Subject: Re: [TF-A] GICV3: system interface EOI ordering RFC > > > > > > Hi Sandeep, > > > > > > gicv3_end_of_interrupt_sel1 is a static access helper macro. Its > > > naming precisely tells what it does at gicv3 module level. It is > > > called from > > the weak > > > plat_ic_end_of_interrupt function for BL32 image. > > > > > > I tend to think it is the driver responsibility to ensure the module > > interrupt > > > acknowledge register write is reaching HW in order (or "be visible to > > all > > > observers"). > > > > The driver should be agnostic of what interrupt controller is used and > > its > > behavior. > > And since 'all' writes were to mmio ranges mapped Device(nGnRE) > > /strongly-ordered(nGnRnE) > > there was no such need. This is a special case for GICv3 system > > interface only. > > Adding at driver level a DSB is unnecessary for other interrupt > > controllers. > > > > > Also I suspect adding a dsb might not be required generically for all > > kind of IP. > > > > Here are you referring to the peripheral IP or interrupt controller IP ? > > The issue is reordering at arm core itself (STR to device address Vs > > msr(sysreg > > write)). > > So I think Its applicable for all IP. > > > > > Adding a barrier in generic code might incur an unnecessary > > > bottleneck. > > > > But if there is a need to *ensure* presence of at least one DSB between > > the > > write transfer from core to device clear and gicv3 eoi icc register > > write in a > > generic way then what other option we have. > > > > > > Thus wouldn't it be better to add the barrier to the overridden > > > platform function rather than in generic gicv3 code? > > > > That can be done but I feel this is more to do with gicv3 system > > interface only. > > Inside plat_xxx one has to check #if GICV3 ...and system interface. > > > > > > I have a put a comment in the review, we can continue the discussion > > there. > > > > > > Regards, > > > Olivier. > > > > > Thanks > > Sandeep > > > ________________________________________ > > > From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of > > > Sandeep Tripathy via TF-A <tf-a(a)lists.trustedfirmware.org> > > > Sent: 05 June 2020 19:43 > > > To: tf-a(a)lists.trustedfirmware.org > > > Subject: [TF-A] GICV3: system interface EOI ordering RFC > > > > > > Hi, > > > In a typical interrupt handling sequence we do 1-Read IAR > > > 2-Do interrupt handling > > > 3-Clear the interrupt at source , so that the device de-asserts IRQ > > request to > > > GIC > > > >> I am suggesting a need of DSB here in case of GICv3 +. > > > 4-Write to GIC cpu interface to do EOI. > > > > > > Till GICv2 and with GICv3 legacy interface ICC_EOI write is a write > > > over > > AMBA > > > interface. The > > > Addresses are mapped with (nR) attribute. Hence the write transfers > > from the > > > core will be > > > generated at step 3 and 4 in order. Please ignore the additional > > buffers/bridges > > > in path from > > > core till peripheral which has to be dealt separately as per SOC. > > > > > > Query: I understand GICv3 system interface accesses are not over this > > protocol > > > and core will not > > > follow the ordering rule ? > > > > > > I have observed spurious interrupt issue/manifestation ( I don't have > > the > > > transfers probed) in > > > RTOS environment where I have a primitive GICv3 driver but I wonder > > > why things does not fail in Linux or tf-a. If it is working because > > > from step(3) to > > step(4) we have > > > barriers by chace > > > due to other device register writes then I would suggest to have one > > > in > > the EOI > > > clearing API itself. > > > > > > RFC: > > https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4454 > > > > > > Thanks > > > Sandeep > > -- > > TF-A mailing list > > TF-A(a)lists.trustedfirmware.org > > https://lists.trustedfirmware.org/mailman/listinfo/tf-a

4 years, 11 months

1
0
0 0

Re: [TF-A] GICV3: system interface EOI ordering RFC

by Soby Mathew

Just some inputs from my side: I agree we need atleast a dsb() after the write to MMIO region to silence the peripheral and before the EOI at GIC sysreg interface. Adding it to the GIC EOI API seems the logical thing to do but as Olivier mentions, there are interrupt handler which do not deal with MMIO (eg: the Systimer interrupt) so adding it to GICv3 API might be arduous for such handlers. So there is a choice here to let the interrupt handlers to deal with ensuring completeness before EOI at sysreg interface or adding it to GICv3 EOI API and take the overhead for interrupt handlers which do not have to deal with MMIO. The GICv3 legacy MMIO CPU interface is deprecated for TF-A and the sys interface is the only one GICv3 driver in TF-A supports. Best Regards Soby Mathew > -----Original Message----- > From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Sandeep > Tripathy via TF-A > Sent: 08 June 2020 10:34 > To: Olivier Deprez <Olivier.Deprez(a)arm.com>; tf-a(a)lists.trustedfirmware.org > Subject: Re: [TF-A] GICV3: system interface EOI ordering RFC > > Hi Olivier, > > -----Original Message----- > > From: Olivier Deprez [mailto:Olivier.Deprez@arm.com] > > Sent: Monday, June 08, 2020 1:14 PM > > To: tf-a(a)lists.trustedfirmware.org; Sandeep Tripathy > > Subject: Re: [TF-A] GICV3: system interface EOI ordering RFC > > > > Hi Sandeep, > > > > gicv3_end_of_interrupt_sel1 is a static access helper macro. Its > > naming precisely tells what it does at gicv3 module level. It is > > called from > the weak > > plat_ic_end_of_interrupt function for BL32 image. > > > > I tend to think it is the driver responsibility to ensure the module > interrupt > > acknowledge register write is reaching HW in order (or "be visible to > all > > observers"). > > The driver should be agnostic of what interrupt controller is used and its > behavior. > And since 'all' writes were to mmio ranges mapped Device(nGnRE) > /strongly-ordered(nGnRnE) > there was no such need. This is a special case for GICv3 system interface only. > Adding at driver level a DSB is unnecessary for other interrupt controllers. > > > Also I suspect adding a dsb might not be required generically for all > kind of IP. > > Here are you referring to the peripheral IP or interrupt controller IP ? > The issue is reordering at arm core itself (STR to device address Vs msr(sysreg > write)). > So I think Its applicable for all IP. > > > Adding a barrier in generic code might incur an unnecessary bottleneck. > > But if there is a need to *ensure* presence of at least one DSB between the > write transfer from core to device clear and gicv3 eoi icc register write in a > generic way then what other option we have. > > > > Thus wouldn't it be better to add the barrier to the overridden > > platform function rather than in generic gicv3 code? > > That can be done but I feel this is more to do with gicv3 system interface only. > Inside plat_xxx one has to check #if GICV3 ...and system interface. > > > > I have a put a comment in the review, we can continue the discussion > there. > > > > Regards, > > Olivier. > > > Thanks > Sandeep > > ________________________________________ > > From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of > > Sandeep Tripathy via TF-A <tf-a(a)lists.trustedfirmware.org> > > Sent: 05 June 2020 19:43 > > To: tf-a(a)lists.trustedfirmware.org > > Subject: [TF-A] GICV3: system interface EOI ordering RFC > > > > Hi, > > In a typical interrupt handling sequence we do 1-Read IAR > > 2-Do interrupt handling > > 3-Clear the interrupt at source , so that the device de-asserts IRQ > request to > > GIC > > >> I am suggesting a need of DSB here in case of GICv3 +. > > 4-Write to GIC cpu interface to do EOI. > > > > Till GICv2 and with GICv3 legacy interface ICC_EOI write is a write > > over > AMBA > > interface. The > > Addresses are mapped with (nR) attribute. Hence the write transfers > from the > > core will be > > generated at step 3 and 4 in order. Please ignore the additional > buffers/bridges > > in path from > > core till peripheral which has to be dealt separately as per SOC. > > > > Query: I understand GICv3 system interface accesses are not over this > protocol > > and core will not > > follow the ordering rule ? > > > > I have observed spurious interrupt issue/manifestation ( I don't have > the > > transfers probed) in > > RTOS environment where I have a primitive GICv3 driver but I wonder > > why things does not fail in Linux or tf-a. If it is working because > > from step(3) to > step(4) we have > > barriers by chace > > due to other device register writes then I would suggest to have one > > in > the EOI > > clearing API itself. > > > > RFC: > https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4454 > > > > Thanks > > Sandeep > -- > TF-A mailing list > TF-A(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-a

4 years, 11 months

1
0
0 0

Re: [TF-A] GICV3: system interface EOI ordering RFC

by Olivier Deprez

Hi Sandeep, gicv3_end_of_interrupt_sel1 is a static access helper macro. Its naming precisely tells what it does at gicv3 module level. It is called from the weak plat_ic_end_of_interrupt function for BL32 image. I tend to think it is the driver responsibility to ensure the module interrupt acknowledge register write is reaching HW in order (or "be visible to all observers"). Also I suspect adding a dsb might not be required generically for all kind of IP. Adding a barrier in generic code might incur an unnecessary bottleneck. Thus wouldn't it be better to add the barrier to the overridden platform function rather than in generic gicv3 code? I have a put a comment in the review, we can continue the discussion there. Regards, Olivier. ________________________________________ From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of Sandeep Tripathy via TF-A <tf-a(a)lists.trustedfirmware.org> Sent: 05 June 2020 19:43 To: tf-a(a)lists.trustedfirmware.org Subject: [TF-A] GICV3: system interface EOI ordering RFC Hi, In a typical interrupt handling sequence we do 1-Read IAR 2-Do interrupt handling 3-Clear the interrupt at source , so that the device de-asserts IRQ request to GIC >> I am suggesting a need of DSB here in case of GICv3 +. 4-Write to GIC cpu interface to do EOI. Till GICv2 and with GICv3 legacy interface ICC_EOI write is a write over AMBA interface. The Addresses are mapped with (nR) attribute. Hence the write transfers from the core will be generated at step 3 and 4 in order. Please ignore the additional buffers/bridges in path from core till peripheral which has to be dealt separately as per SOC. Query: I understand GICv3 system interface accesses are not over this protocol and core will not follow the ordering rule ? I have observed spurious interrupt issue/manifestation ( I don’t have the transfers probed) in RTOS environment where I have a primitive GICv3 driver but I wonder why things does not fail in Linux or tf-a. If it is working because from step(3) to step(4) we have barriers by chace due to other device register writes then I would suggest to have one in the EOI clearing API itself. RFC: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4454 Thanks Sandeep

4 years, 11 months

2
1
0 0

Re: [TF-A] RK3399_BAUDRATE default value

by Heiko Stübner

Hi Walter, Am Freitag, 5. Juni 2020, 22:45:25 CEST schrieb Walter Lozano via TF-A: > I have noticed that default baudrate for rk3399 board RK3399_BAUDRATE > defined in plat/rockchip/rk3399/rk3399_def.h is 115200 while U-boot > default value and most documentation points to a value of 1500000 for > console. console baudrate on rk3399 differ a lot between boards. There are a number using the 1.5MHz and another big number using 115200 (including but not limited to the ChromeOS devices from the Gru line). Hence we have the code that selects the actual baudrate from the devicetree attached by u-boot when calling TF-A. So I guess it should stay as it is right now. Heiko > This of course means that messages printed by ATF are not visible by > default in this context. > > The change from 1500000 to 115200 was introduced in > 0c05748bdebfad9fa43a80962186438bb8fbce62, > > https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=0c05… > > with the following message > > commit 0c05748bdebfad9fa43a80962186438bb8fbce62 > Author: Caesar Wang <wxt(a)rock-chips.com> > Date: Tue Apr 19 20:42:17 2016 +0800 > > rockchip: fixes for the required > > This patch has the following change for rk3399. > > * Set the uart to 115200 since the loader decide to set > uart baud to 115200Hz. So the ATF also should set uart baud to 115200. > [..] > > However, I'm not sure it this still applies. > > I'll be happy to submit a patch to update the value if it is OK. > > Regards, > > Walter > >

4 years, 11 months

1
0
0 0

RK3399_BAUDRATE default value

by Walter Lozano

I have noticed that default baudrate for rk3399 board RK3399_BAUDRATE defined in plat/rockchip/rk3399/rk3399_def.h is 115200 while U-boot default value and most documentation points to a value of 1500000 for console. This of course means that messages printed by ATF are not visible by default in this context. The change from 1500000 to 115200 was introduced in 0c05748bdebfad9fa43a80962186438bb8fbce62, https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=0c05… with the following message commit 0c05748bdebfad9fa43a80962186438bb8fbce62 Author: Caesar Wang <wxt(a)rock-chips.com> Date: Tue Apr 19 20:42:17 2016 +0800 rockchip: fixes for the required This patch has the following change for rk3399. * Set the uart to 115200 since the loader decide to set uart baud to 115200Hz. So the ATF also should set uart baud to 115200. [..] However, I'm not sure it this still applies. I'll be happy to submit a patch to update the value if it is OK. Regards, Walter

4 years, 11 months

1
0
0 0

GICV3: system interface EOI ordering RFC

by Sandeep Tripathy

Hi, In a typical interrupt handling sequence we do 1-Read IAR 2-Do interrupt handling 3-Clear the interrupt at source , so that the device de-asserts IRQ request to GIC >> I am suggesting a need of DSB here in case of GICv3 +. 4-Write to GIC cpu interface to do EOI. Till GICv2 and with GICv3 legacy interface ICC_EOI write is a write over AMBA interface. The Addresses are mapped with (nR) attribute. Hence the write transfers from the core will be generated at step 3 and 4 in order. Please ignore the additional buffers/bridges in path from core till peripheral which has to be dealt separately as per SOC. Query: I understand GICv3 system interface accesses are not over this protocol and core will not follow the ordering rule ? I have observed spurious interrupt issue/manifestation ( I don’t have the transfers probed) in RTOS environment where I have a primitive GICv3 driver but I wonder why things does not fail in Linux or tf-a. If it is working because from step(3) to step(4) we have barriers by chace due to other device register writes then I would suggest to have one in the EOI clearing API itself. RFC: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4454 Thanks Sandeep

4 years, 11 months

1
0
0 0

Re: [TF-A] Slides for recent TF-A Forums

by Joanna Farley

Hi Okash, These are generally provided on https://www.trustedfirmware.org/meetings/tf-a-technical-forum/ however they are missing from 7th May onwards at the moment. I have an update pending approval on tf.org for adding the details of that session and then I need to add the information from the session on 21st May and the session yesterday. Joanna From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of Okash Khawaja via TF-A <tf-a(a)lists.trustedfirmware.org> Reply to: Okash Khawaja <okash.khawaja(a)gmail.com> Date: Friday, 5 June 2020 at 11:29 To: "tf-a(a)lists.trustedfirmware.org" <tf-a(a)lists.trustedfirmware.org> Subject: [TF-A] Slides for recent TF-A Forums Hi, Where can I find slides for recent TF-A Forum presentations? Thanks, Okash

4 years, 11 months

1
0
0 0

Slides for recent TF-A Forums

by Okash Khawaja

Hi, Where can I find slides for recent TF-A Forum presentations? Thanks, Okash

4 years, 11 months

1
0
0 0

Re: [TF-A] Gerrit seems to be broken

by Madhukar Pappireddy

Hi Bill, I continue to the error while trying to invoke “Allow-CI” or other votes as part of gerrit review. I tried multiple browsers as well and logged out before attempting again. Thanks, Madhu From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Bill Fletcher via TF-A Sent: Tuesday, June 2, 2020 12:13 PM To: Varun Wadekar <vwadekar(a)nvidia.com> Cc: tf-a(a)lists.trustedfirmware.org Subject: Re: [TF-A] Gerrit seems to be broken Hi Varun, Do you still see the problem? It has been reported before. Regards Bill On Tue, 2 Jun 2020 at 18:01, Varun Wadekar via TF-A <tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>> wrote: Hello, The TF gerrit review dashboard seems to be broken this morning. I see “Server error” and it does not allow me to post scores or comments. Tried different browsers, but same issue persists. Anyone else seeing the same problem? Is this is a known issue? If yes, is anyone working on it? -Varun -- TF-A mailing list TF-A(a)lists.trustedfirmware.org<mailto:TF-A@lists.trustedfirmware.org> https://lists.trustedfirmware.org/mailman/listinfo/tf-a -- [Image removed by sender. Linaro]<http://www.linaro.org/> Bill Fletcher | Field Engineering T: +44 7833 498336<tel:+44+7833+498336> bill.fletcher(a)linaro.org<mailto:bill.fletcher@linaro.org> | Skype: billfletcher2020

4 years, 11 months

3
4
0 0

Re: [TF-A] Gerrit seems to be broken

by Bill Fletcher

Hi Varun, Do you still see the problem? It has been reported before. Regards Bill On Tue, 2 Jun 2020 at 18:01, Varun Wadekar via TF-A < tf-a(a)lists.trustedfirmware.org> wrote: > Hello, > > > > The TF gerrit review dashboard seems to be broken this morning. I see > “Server error” and it does not allow me to post scores or comments. Tried > different browsers, but same issue persists. > > > > Anyone else seeing the same problem? Is this is a known issue? If yes, is > anyone working on it? > > > > -Varun > -- > TF-A mailing list > TF-A(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-a > -- [image: Linaro] <http://www.linaro.org/> *Bill Fletcher* | *Field Engineering* T: +44 7833 498336 <+44+7833+498336> bill.fletcher(a)linaro.org | Skype: billfletcher2020

4 years, 11 months

1
0
0 0

Re: [TF-A] Gerrit seems to be broken

by Joanna Farley

Working for me, the main and additional dashboards. https://review.trustedfirmware.org/admin/repos/TF-A/trusted-firmware-a,dash… I posted comments earlier ok as well. Joanna From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of Varun Wadekar via TF-A <tf-a(a)lists.trustedfirmware.org> Reply to: Varun Wadekar <vwadekar(a)nvidia.com> Date: Tuesday, 2 June 2020 at 18:02 To: "tf-a(a)lists.trustedfirmware.org" <tf-a(a)lists.trustedfirmware.org> Subject: [TF-A] Gerrit seems to be broken Hello, The TF gerrit review dashboard seems to be broken this morning. I see “Server error” and it does not allow me to post scores or comments. Tried different browsers, but same issue persists. Anyone else seeing the same problem? Is this is a known issue? If yes, is anyone working on it? -Varun

4 years, 11 months

1
0
0 0

Gerrit seems to be broken

by Varun Wadekar

Hello, The TF gerrit review dashboard seems to be broken this morning. I see "Server error" and it does not allow me to post scores or comments. Tried different browsers, but same issue persists. Anyone else seeing the same problem? Is this is a known issue? If yes, is anyone working on it? -Varun

4 years, 11 months

1
0
0 0

TF-A Tech Forum Agenda @ Thr 4th June 2020 17:00-1800 BST

by Joanna Farley

Hi All, The next TF-A Tech Forum is scheduled for Thu 4th June 2020 17:00 - 18:00 (BST). A reoccurring meeting invite has been sent out to the subscribers of this TF-A mailing list. If you don’t have this please let me know. Agenda: * TF-A SMC fuzzing module overview - Presented by Mark Dykes * General explanation of the approach taken to randomize the type and timing of the SMC calls in TF-A to provide a Fuzz testing capability. * Optional TF-A Mailing List Topic Discussions Thanks Joanna

4 years, 11 months

1
0
0 0

Re: [TF-A] Unhandled Exception at EL3 in BL31 for Neoverse N1 with direct connect of DSU

by Manish Badarkhe

Hi Andrzej I think recent patch: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3493 which is currently in review may be solution for your issue where SCU presence is being checked before accessing CLUSTERCFR_EL1 register. Thanks Manish Badarkhe From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of "Witkowski, Andrzej via TF-A" <tf-a(a)lists.trustedfirmware.org> Reply to: "Witkowski, Andrzej" <andrzej.witkowski(a)intel.com> Date: Monday, 1 June 2020 at 19:38 To: "tf-a(a)lists.trustedfirmware.org" <tf-a(a)lists.trustedfirmware.org> Cc: "Witkowski, Andrzej" <andrzej.witkowski(a)intel.com>, "Lessnau, Adam" <adam.lessnau(a)intel.com> Subject: [TF-A] Unhandled Exception at EL3 in BL31 for Neoverse N1 with direct connect of DSU Hi, I work on project which uses ARM CPU Neoverse N1 with direct connect of DSU. I noticed the following error “Unhandled Exception at EL3” in BL31 bootloader after switching from ATF 2.1 to 2.2. The root cause is that after invoking neoverse_n1_errata-report function in lib/cpus/aarch64/neoverse_n1.S file and reaching the line 525, the function check_errata_dsu_934 in lib/cpus/aarch64/dsu_helpers.S file is always invoked regardless of whether ERRATA_DSU_936184 is set to 0 or to 1. In our case, ERRATA_DSU_936184 := 0. [cid:image001.png@01D6384E.C183C050] [cid:image002.png@01D6384E.C183C050] Neoverse N1 with direct connect version of DSU doesn’t contain SCU/L3 cache and CLUSTERCFR_EL1 register. The error “Unhandled Exception at EL3” appears in BL31 bootloader during attempt to read the CLUSTERCFR_EL1 register which doesn’t exist in our RTL HW. Andrzej Witkowskie Intel Technology Poland --------------------------------------------------------------------- Intel Technology Poland sp. z o.o. ul. Słowackiego 173 | 80-298 Gdańsk | Sąd Rejonowy Gdańsk Północ | VII Wydział Gospodarczy Krajowego Rejestru Sądowego - KRS 101882 | NIP 957-07-52-316 | Kapitał zakładowy 200.000 PLN. Ta wiadomość wraz z załącznikami jest przeznaczona dla określonego adresata i może zawierać informacje poufne. W razie przypadkowego otrzymania tej wiadomości, prosimy o powiadomienie nadawcy oraz trwałe jej usunięcie; jakiekolwiek przeglądanie lub rozpowszechnianie jest zabronione. This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). If you are not the intended recipient, please contact the sender and delete all copies; any review or distribution by others is strictly prohibited.

4 years, 11 months

1
0
0 0

Unhandled Exception at EL3 in BL31 for Neoverse N1 with direct connect of DSU

by Witkowski, Andrzej

Hi, I work on project which uses ARM CPU Neoverse N1 with direct connect of DSU. I noticed the following error "Unhandled Exception at EL3" in BL31 bootloader after switching from ATF 2.1 to 2.2. The root cause is that after invoking neoverse_n1_errata-report function in lib/cpus/aarch64/neoverse_n1.S file and reaching the line 525, the function check_errata_dsu_934 in lib/cpus/aarch64/dsu_helpers.S file is always invoked regardless of whether ERRATA_DSU_936184 is set to 0 or to 1. In our case, ERRATA_DSU_936184 := 0. [cid:image001.png@01D63828.FA4B1440] [cid:image002.png@01D6382A.B84A0950] Neoverse N1 with direct connect version of DSU doesn't contain SCU/L3 cache and CLUSTERCFR_EL1 register. The error "Unhandled Exception at EL3" appears in BL31 bootloader during attempt to read the CLUSTERCFR_EL1 register which doesn't exist in our RTL HW. Andrzej Witkowskie Intel Technology Poland --------------------------------------------------------------------- Intel Technology Poland sp. z o.o. ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII Wydzia Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP 957-07-52-316 | Kapita zakadowy 200.000 PLN. Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata i moe zawiera informacje poufne. W razie przypadkowego otrzymania tej wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie; jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione. This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). If you are not the intended recipient, please contact the sender and delete all copies; any review or distribution by others is strictly prohibited.

4 years, 11 months

1
0
0 0

Announcing new maintainers for the TF-A project

by Sandrine Bailleux

Hi all, Now that the tf.org project maintenance process [1] has been finalized, it is time to think about electing new maintainers for the project. We are delighted to announce that the following contributors have been appointed maintainers by their peers: - Julius Werner (Google) - Varun Wadekar (NVIDIA) - Andre Przywara (Arm) - Lauren Wehrmeister (Arm) - Madhukar Pappireddy (Arm) As outlined in [1], here is the definition and responsibilities of maintainers: ------------8<------------ There are a number of maintainers assigned to the project. The project keeps a list of them along with their contact information. Maintainers don't necessarily need a deep domain expertise of all areas of the project, instead they look at the project from a high level perspective. They are expected to ensure that changes adhere to the project's quality criteria, to its architectural direction, to its threat model and so on. Code owners and maintainers are complementary roles. Unlike code owners, maintainers can approve any patch, no matter what module it concerns. They are responsible for ensuring patches have had enough overall review and adding their own approval in a timely manner. They also have merge rights, i.e. the ability to merge a patch in the tree once it has received all required approvals. ------------8<------------ These people have been granted Code-Review -2/+2 rights in Gerrit and have been added in the maintainers.rst file as part of this patch: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4298 Congratulations to them! Best regards, Sandrine [1] https://developer.trustedfirmware.org/w/collaboration/project-maintenance-p…

4 years, 11 months

1
0
0 0

Re: [TF-A] After migrating from TFA-1.5 to TFA2.3, parts of NOTICE messages are missed, which comes as part of boot-up logs.

by Manish Pandey2

Hi Pankaj, Can you please send the specific NOTICE messages which are missing, may be sending 1.5 and 2.3 logs will help. thanks Manish ________________________________ From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of Pankaj Gupta via TF-A <tf-a(a)lists.trustedfirmware.org> Sent: 27 May 2020 09:36 To: tf-a(a)lists.trustedfirmware.org <tf-a(a)lists.trustedfirmware.org> Subject: [TF-A] After migrating from TFA-1.5 to TFA2.3, parts of NOTICE messages are missed, which comes as part of boot-up logs. Hi After migrating from TFA-1.5 to TFA2.3, parts of NOTICE messages are missed, which comes as part of boot-up logs. Any pointers on how to fix this issue. Thanks. Regards Pankaj

4 years, 11 months

1
0
0 0

After migrating from TFA-1.5 to TFA2.3, parts of NOTICE messages are missed, which comes as part of boot-up logs.

by Pankaj Gupta

Hi After migrating from TFA-1.5 to TFA2.3, parts of NOTICE messages are missed, which comes as part of boot-up logs. Any pointers on how to fix this issue. Thanks. Regards Pankaj

4 years, 11 months

1
0
0 0

Re: [TF-A] fconf: Validating config data

by Manish Badarkhe

Hi Raghu We have plan to work on this and come up with some design which handles mandatory/critical properties. On 13/05/2020, 22:18, "TF-A on behalf of Raghu K via TF-A" <tf-a-bounces(a)lists.trustedfirmware.org on behalf of tf-a(a)lists.trustedfirmware.org> wrote: Hi All, Since the 2.3 release is done, can we revisit this topic? I think we left this with finalizing on how to handle bad/incorrect DTB's. Sandrine's latest proposal below: "A bad DTB seems more like an integration error than a programming error to me, and thus should be handled with runtime checks according to the current guidelines. Incorrect values for mandatory properties should probably be treated as unrecoverable errors (causing a panic) and incorrect/missing optional properties as recoverable errors (issuing a warning message)." I agree with this proposal and think we should follow this. This addresses my original concern of handling errors consistently and being safe by verifying mandatory/critical properties at run-time. Thoughts ? Thanks Raghu On 4/13/20 10:27 AM, Raghu Krishnamurthy wrote: > Thanks Sandrine. Revisiting after v2.3 is sounds fine. > > -Raghu > > On 4/10/20 2:25 AM, Sandrine Bailleux wrote: >> Hi Raghu, >> >> On 4/8/20 12:50 AM, Raghu Krishnamurthy wrote: >>> Thanks Sandrine, Louis, >>> >>> Agree with both of you. I'm fine with using asserts or panics, as >>> long as we uniformly use it. The change i sent out(review 3845) was >>> because i noticed inconsistency in handling errors. If we do use >>> asserts, all code that checks for mandatory properties, should be >>> changed to assert as opposed to return error code. For optional >>> properties, we can continue to return an error code or print >>> warnings etc. >> >> Yes, I too think consistency is key here. As you said, we need to >> settle on the expected behaviour and enforce it uniformly across the >> fconf code. Let's revisit this code after the v2.3 release. >> >>> I would like to point out that using asserts here is different from >>> what is documented in the coding guidelines. The guidelines >>> explicitly spells out using asserts for "programming errors". >>> Now, is having a bad DTB considered a programming error? ;) The DTB >>> is platform data as opposed to code. The guidelines might need to be >>> updated based on the conclusion here. >> >> Now that you point it out, and after taking a closer look at [1], I >> think I was wrong. A bad DTB seems more like an integration error >> than a programming error to me, and thus should be handled with >> runtime checks according to the current guidelines. Incorrect values >> for mandatory properties should probably be treated as unrecoverable >> errors (causing a panic) and incorrect/missing optional properties as >> recoverable errors (issuing a warning message). >> >> [1] >> https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-guideline… >> >> >>> Also note the couple of scenarios i mentioned in an earlier email. >>> Platforms like RPI4 don't generally enable TBBR and the DTB image >>> could get corrupt or be modified on purpose. On a release build, >>> this could cause silent corruption. Panic() would avoid this. >>> >>> In any case, it would be good to settle on the expected behavior for >>> each of these abnormal cases. I don't have a strong preference for >>> asserts or panics here, since each has its pros and cons as both of >>> you called out. >>> >>> Thanks >>> Raghu > -- TF-A mailing list TF-A(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a

4 years, 12 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-A