- 11 Dec, 2020 1 commit
-
-
Javier Almansa Sobrino authored
If FEAT_PMUv3 is implemented and PMEVTYPER<n>(_EL0).MT bit is implemented as well, it is possible to control whether PMU counters take into account events happening on other threads. If FEAT_MTPMU is implemented, EL3 (or EL2) can override the MT bit leaving it to effective state of 0 regardless of any write to it. This patch introduces the DISABLE_MTPMU flag, which allows to diable multithread event count from EL3 (or EL2). The flag is disabled by default so the behavior is consistent with those architectures that do not implement FEAT_MTPMU. Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com> Change-Id: Iee3a8470ae8ba13316af1bd40c8d4aa86e0cb85e
-
- 09 Nov, 2020 1 commit
-
-
Manish V Badarkhe authored
Provide missed command line parameters such as KEY_ALG, HASH_ALG and KEY_SIZE while generating the FWU certificate. Signed-off-by: Gilad Ben Yossef <Gilad.BenYossef@arm.com> Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I017fa3fff844f4262ae2441cbc9fee909d357fb3
-
- 20 Oct, 2020 1 commit
-
-
Arunachalam Ganapathy authored
Include EL2 registers related to Nested Virtualization in EL2 context save/restore routines if architecture supports it and platform wants to use these features in Secure world. Change-Id: If006ab83bbc2576488686f5ffdff88b91adced5c Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
-
- 12 Oct, 2020 1 commit
-
-
Alexei Fedorov authored
This patch adds default value of 'sha256' for HASH_ALG build flag to 'make_helpers\defaults.mk', according to 'docs\getting_started\build-options.rst'. This fixes Measured Boot driver error when TF-A uses default HASH_ALG value and TPM_HASH_ALG is set to sha384 or sha512. Change-Id: Id0aa34b54807de0adaf88e5f7d7032577c22f365 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 14 Sep, 2020 2 commits
-
-
Leonardo Sandoval authored
Loop macros make it easier for developers to include new variables to assert or define and also help code code readability on makefiles. Change-Id: I0d21d6e67b3eca8976c4d856ac8ccc02c8bb5ffa Signed-off-by: Leonardo Sandoval <leonardo.sandoval@linaro.org>
-
Sami Mujawar authored
Although support for building fiptool on a Windows host was present, the binary was not built when the top level makefile was invoked. This patch makes the necessary changes to the to support building of fiptool on a Windows host PC from the main makefile. Change-Id: I0c01ba237fa3010a027a1b324201131210cf4d7c Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
-
- 10 Sep, 2020 1 commit
-
-
Leonardo Sandoval authored
According to the documentation [1], KEY_SIZE defaults to 2048 when RSA algorithm is chosen, so set this value on the make's defaults file. [1] https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/build-options.html Change-Id: I030f98363198a752bc0dd03528f748de527d48d8 Signed-off-by: Leonardo Sandoval <leonardo.sandoval@linaro.org>
-
- 17 Aug, 2020 1 commit
-
-
Madhukar Pappireddy authored
SP804 TIMER is not platform specific, and current code base adds multiple defines to use this driver. Like FVP_USE_SP804_TIMER and FVP_VE_USE_SP804_TIMER. This patch removes platform specific build flag and adds generic flag `USE_SP804_TIMER` to be set to 1 by platform if needed. Change-Id: I5ab792c189885fd1b98ddd187f3a38ebdd0baba2 Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 12 Aug, 2020 1 commit
-
-
Manish Pandey authored
Add support to generate a certificate named "plat-sp-cert" for Secure Partitions(SP) owned by Platform. Earlier a single certificate file "sip-sp-cert" was generated which contained hash of all 8 SPs, with this change SPs are divided into two categories viz "SiP owned" and "Plat owned" containing 4 SPs each. Platform RoT key pair is used for signing. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: I5bd493cfce4cf3fc14b87c8ed1045f633d0c92b6
-
- 30 Jul, 2020 1 commit
-
-
Manish V Badarkhe authored
Openssl directory path is hardcoded to '/usr' in the makefile of certificate generation and firmware encryption tool using 'OPENSSL_DIR' variable. Hence changes are done to make 'OPENSSL_DIR' variable as a build option so that user can provide openssl directory path while building the certificate generation and firmware encryption tool. Also, updated the document for this newly created build option Change-Id: Ib1538370d2c59263417f5db3746d1087ee1c1339 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
-
- 09 Jul, 2020 1 commit
-
-
Manish V Badarkhe authored
Added a build option 'COT_DESC_IN_DTB' to create chain of trust at runtime using fconf. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I92b257ac4ece8bbf56f05a41d1e4056e2422ab89
-
- 12 Jun, 2020 1 commit
-
-
Varun Wadekar authored
This patch adds a build config 'RAS_TRAP_LOWER_EL_ERR_ACCESS' to set SCR_EL3.TERR during CPU boot. This bit enables trapping RAS register accesses from EL1 or EL2 to EL3. RAS_TRAP_LOWER_EL_ERR_ACCESS is disabled by default. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com> Change-Id: Ifb0fb0afedea7dd2a29a0b0491a1161ecd241438
-
- 09 Jun, 2020 1 commit
-
-
Madhukar Pappireddy authored
Using the fconf framework, the Group 0 and Group 1 secure interrupt descriptors are moved to device tree and retrieved in runtime. This feature is enabled by the build flag SEC_INT_DESC_IN_FCONF. Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 08 Jun, 2020 1 commit
-
-
Manish Pandey authored
Add support to generate certificate "sip-sp-cert" for Secure Partitions(SP) owned by Silicon provider(SiP). To avoid deviation from TBBR specification the support is only added for dualroot CoT and not for TBBR CoT. A single certificate file is generated containing hash of individual packages. Maximum 8 secure partitions are supported. Following new options added to cert_tool: --sip-sp-cert --> SiP owned Secure Partition Content Certificate --sp-pkg1 --> Secure Partition Package1 file --sp-pkg2 ..... --sp-pkg8 Trusted world key pair is used for signing. Going forward, this feature can be extended for Platfrom owned Partitions, if required. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ia6dfbc1447cfb41b1fcbd12cf2bf7b88f409bd8d
-
- 15 May, 2020 1 commit
-
-
Balint Dobszay authored
This patch introduces dynamic configuration for SDEI setup and is supported when the new build flag SDEI_IN_FCONF is enabled. Instead of using C arrays and processing the configuration at compile time, the config is moved to dts files. It will be retrieved at runtime during SDEI init, using the fconf layer. Change-Id: If5c35a7517ba00a9f258d7f3e7c8c20cee169a31 Signed-off-by: Balint Dobszay <balint.dobszay@arm.com> Co-authored-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 14 May, 2020 1 commit
-
-
Manish V Badarkhe authored
During context switching from higher EL (EL2 or higher) to lower EL can cause incorrect translation in TLB due to speculative execution of AT instruction using out-of-context translation regime. Workaround is implemented as below during EL's (EL1 or EL2) "context_restore" operation: 1. Disable page table walk using SCTLR.M and TCR.EPD0 & EPD1 bits for EL1 or EL2 (stage1 and stage2 disabled) 2. Save all system registers except TCR and SCTLR (for EL1 and EL2) 3. Do memory barrier operation (isb) to ensure all system register writes are done. 4. Restore TCR and SCTLR registers (for EL1 and EL2) Errata details are available for various CPUs as below: Cortex-A76: 1165522 Cortex-A72: 1319367 Cortex-A57: 1319537 Cortex-A55: 1530923 Cortex-A53: 1530924 More details can be found in mail-chain: https://lists.trustedfirmware.org/pipermail/tf-a/2020-April/000445.html Currently, Workaround is implemented as build option which is default disabled. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: If8545e61f782cb0c2dda7ffbaf50681c825bd2f0
-
- 01 Apr, 2020 1 commit
-
-
Manish V Badarkhe authored
Enable MTE support by adding memory tag option in Makefile This option is available only when ARMv8.5-MemTag is implemented MTE options are added in latest clang and armclang compiler which support below options: for clang <version 11.0.0> 1. -march=arm8.5-a+memtag 2. -fsanitize=memtag for armclang <version 6.12> 1. -march=arm8.5-a+memtag 2. -mmemtag-stack Set the option SUPPORT_STACK_MEMTAG=yes to enable memory stack tagging. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I4e0bbde4e9769ce03ead6f550158e22f32c1c413
-
- 31 Mar, 2020 1 commit
-
-
Masahiro Yamada authored
Currently, BL*_CFLAGS and BL*_LDFLAGS are supported. For completion, this adds BL*_CPPFLAGS and BL*_ASFLAGS. My main motivation is to pass -D<macro> to BL*_CPPFLAGS so that the macro can be used from all source files. Change-Id: I0ca1e4e26386bef7fed999af140ee7cce7c2f8ef Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 16 Mar, 2020 1 commit
-
-
Louis Mayencourt authored
Merge the previously introduced arm_fconf_io_storage into arm_io_storage. This removes the duplicate io_policies and functions definition. This patch: - replace arm_io_storage.c with the content of arm_fconf_io_storage.c - rename the USE_FCONF_BASED_IO option into ARM_IO_IN_DTB. - use the ARM_IO_IN_DTB option to compile out io_policies moved in dtb. - propagate DEFINES when parsing dts. - use ARM_IO_IN_DTB to include or not uuid nodes in fw_config dtb. - set the ARM_IO_IN_DTB to 0 by default for fvp. This ensure that the behavior of fvp stays the same as it was before the introduction of fconf. Change-Id: Ia774a96d1d3a2bccad29f7ce2e2b4c21b26c080e Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 06 Mar, 2020 2 commits
-
-
Sumit Garg authored
Following build flags have been added to support optional firmware encryption: - FW_ENC_STATUS: Top level firmware's encryption numeric flag, values: 0: Encryption is done with Secret Symmetric Key (SSK) which is common for a class of devices. 1: Encryption is done with Binding Secret Symmetric Key (BSSK) which is unique per device. - ENC_KEY: A 32-byte (256-bit) symmetric key in hex string format. It could be SSK or BSSK depending on FW_ENC_STATUS flag. - ENC_NONCE: A 12-byte (96-bit) encryption nonce or Initialization Vector (IV) in hex string format. - ENCRYPT_BL31: Binary flag to enable encryption of BL31 firmware. - ENCRYPT_BL32: Binary flag to enable encryption of Secure BL32 payload. Similar flags can be added to encrypt other firmwares as well depending on use-cases. Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Change-Id: I94374d6830ad5908df557f63823e58383d8ad670
-
Sumit Garg authored
Add framework for autheticated decryption of data. Currently this patch optionally imports mbedtls library as a backend if build option "DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption using AES-GCM algorithm. Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271
-
- 03 Mar, 2020 1 commit
-
-
Max Shvetsov authored
Added SPMD_SPM_AT_SEL2 build command line parameter. Set to 1 to run SPM at S-EL2. Set to 0 to run SPM at S-EL1 (pre-v8.4 or S-EL2 is disabled). Removed runtime EL from SPM core manifest. Change-Id: Icb4f5ea4c800f266880db1d410d63fe27a1171c0 Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
- 02 Mar, 2020 1 commit
-
-
Max Shvetsov authored
NOTE: Not all EL-2 system registers are saved/restored. This subset includes registers recognized by ARMv8.0 Change-Id: I9993c7d78d8f5f8e72d1c6c8d6fd871283aa3ce0 Signed-off-by: Jose Marinho <jose.marinho@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
- 27 Feb, 2020 1 commit
-
-
Masahiro Yamada authored
The MAKE_BL macro is invoked for 1, 2, 2u, 31, 32. Fix the comments. Change-Id: I35dd25cc2ea13885c184fb9c8229a322b33f7e71 Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 24 Feb, 2020 2 commits
-
-
Petre-Ionut Tudor authored
This patch introduces a build flag which allows the xlat tables to be mapped in a read-only region within BL31 memory. It makes it much harder for someone who has acquired the ability to write to arbitrary secure memory addresses to gain control of the translation tables. The memory attributes of the descriptors describing the tables themselves are changed to read-only secure data. This change happens at the end of BL31 runtime setup. Until this point, the tables have read-write permissions. This gives a window of opportunity for changes to be made to the tables with the MMU on (e.g. reclaiming init code). No changes can be made to the tables with the MMU turned on from this point onwards. This change is also enabled for sp_min and tspd. To make all this possible, the base table was moved to .rodata. The penalty we pay is that now .rodata must be aligned to the size of the base table (512B alignment). Still, this is better than putting the base table with the higher level tables in the xlat_table section, as that would cost us a full 4KB page. Changing the tables from read-write to read-only cannot be done with the MMU on, as the break-before-make sequence would invalidate the descriptor which resolves the level 3 page table where that very descriptor is located. This would make the translation required for writing the changes impossible, generating an MMU fault. The caches are also flushed. Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com> Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
-
Sandrine Bailleux authored
The build system needs to drive the cert_create tool in a slightly different manner when using the dualroot chain of trust. - It needs to pass it the platform root of trust key file. - It must not try to generate the Non-Trusted Firmware Key Certificate, which is not part of the dualroot CoT. Change-Id: Ibcc821c5735765523730f861ae8230208f41302b Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 18 Feb, 2020 1 commit
-
-
Vijayenthiran Subramaniam authored
Add `CREATE_SEQ` function to generate sequence of numbers starting from 1 to allow easy comparison of a user defined macro with non-zero positive numbers. Change-Id: Ibcb336a223d958154b1007d08c428fbaf1e48664 Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
-
- 07 Feb, 2020 1 commit
-
-
Louis Mayencourt authored
Use the firmware configuration framework to store the io_policies information inside the configuration device tree instead of the static structure in the code base. The io_policies required by BL1 can't be inside the dtb, as this one is loaded by BL1, and only available at BL2. This change currently only applies to FVP platform. Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 29 Jan, 2020 1 commit
-
-
Sandrine Bailleux authored
Allows to select the chain of trust to use when the Trusted Boot feature is enabled. This affects both the cert_create tool and the firmware itself. Right now, the only available CoT is TBBR. Change-Id: I7ab54e66508a1416cb3fcd3dfb0f055696763b3d Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 28 Jan, 2020 1 commit
-
-
Alexei Fedorov authored
This patch adds 'calc_hash' function using Mbed TLS library required for Measured Boot support. Change-Id: Ifc5aee0162d04db58ec6391e0726a526f29a52bb Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 24 Jan, 2020 1 commit
-
-
Masahiro Yamada authored
make_helpers/build_macros.mk supports per-BL CFLAGS. For example, you can pass compiler flags only to BL31 by using BL31_CFLAGS. This commit adds per-BL LDFLAGS support, which is useful as well. My main motivation of this addition is to use it for ENABLE_PIE. When ENABLE_PIE is enabled, some linker flags are added to TF_LDFLAGS, which affects all the TF images. It will make more sense to pass the relevant options only to BL images that support it. Change-Id: I203acaab0091db5ae0ea6e66460ee7dc8d9c4d75 Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 14 Jan, 2020 1 commit
-
-
Balint Dobszay authored
Using the /include/ syntax, the include was evaluated by dtc, only after running the preprocessor, therefore the .dtsi files were not preprocessed. This patch adds the #include syntax instead. Evaluating this and preprocessing the files now happens in a single step, done by the C preprocessor. Change-Id: I6d0104b6274316fc736e84973502a4d6c2c9d6e0 Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
-
- 29 Dec, 2019 1 commit
-
-
Samuel Holland authored
Some platforms are extremely memory constrained and must split BL31 between multiple non-contiguous areas in SRAM. Allow the NOBITS sections (.bss, stacks, page tables, and coherent memory) to be placed in a separate region of RAM from the loaded firmware image. Because the NOBITS region may be at a lower address than the rest of BL31, __RW_{START,END}__ and __BL31_{START,END}__ cannot include this region, or el3_entrypoint_common would attempt to invalidate the dcache for the entire address space. New symbols __NOBITS_{START,END}__ are added when SEPARATE_NOBITS_REGION is enabled, and the dcached for the NOBITS region is invalidated separately. Signed-off-by: Samuel Holland <samuel@sholland.org> Change-Id: Idedfec5e4dbee77e94f2fdd356e6ae6f4dc79d37
-
- 20 Dec, 2019 2 commits
-
-
Paul Beesley authored
The Secure Partition Manager (SPM) prototype implementation is being removed. This is preparatory work for putting in place a dispatcher component that, in turn, enables partition managers at S-EL2 / S-EL1. This patch removes: - The core service files (std_svc/spm) - The Resource Descriptor headers (include/services) - SPRT protocol support and service definitions - SPCI protocol support and service definitions Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426 Signed-off-by: Paul Beesley <paul.beesley@arm.com> Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
-
Paul Beesley authored
There are two different implementations of Secure Partition management in TF-A. One is based on the "Management Mode" (MM) design, the other is based on the Secure Partition Client Interface (SPCI) specification. Currently there is a dependency between their build flags that shouldn't exist, making further development harder than it should be. This patch removes that dependency, making the two flags function independently. Before: ENABLE_SPM=1 is required for using either implementation. By default, the SPCI-based implementation is enabled and this is overridden if SPM_MM=1. After: ENABLE_SPM=1 enables the SPCI-based implementation. SPM_MM=1 enables the MM-based implementation. The two build flags are mutually exclusive. Note that the name of the ENABLE_SPM flag remains a bit ambiguous - this will be improved in a subsequent patch. For this patch the intention was to leave the name as-is so that it is easier to track the changes that were made. Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
- 17 Dec, 2019 1 commit
-
-
Olivier Deprez authored
The 9p interface provides abstraction layers allowing the software that uses devices to be independent from the hardware. This patch provides a file system abstraction to link drivers to their devices and propose a common interface to expose driver operations to higher layers. This file system can be used to access and configure a device by doing read/write operations. Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: Ia9662393baf489855dc0c8f389fe4a0afbc9c255
-
- 02 Dec, 2019 1 commit
-
-
zelalem-aweke authored
This patch enables LTO for TF-A when compiled with GCC. LTO is disabled by default and is enabled by ENABLE_LTO=1 build option. LTO is enabled only for aarch64 as there seem to be a bug in the aarch32 compiler when LTO is enabled. The changes in the makefiles include: - Adding -flto and associated flags to enable LTO. - Using gcc as a wrapper at link time instead of ld. This is recommended when using LTO as gcc internally takes care of invoking the necessary plugins for LTO. - Adding switches to pass options to ld. - Adding a flag to disable fix for erratum cortex-a53-843419 unless explicitly enabled. This is needed because GCC seem to automatically add the erratum fix when used as a wrapper for LD. Additionally, this patch updates the TF-A user guide with the new build option. Signed-off-by: zelalem-aweke <zelalem.aweke@arm.com> Change-Id: I1188c11974da98434b7dc9344e058cd1eacf5468
-
- 04 Oct, 2019 1 commit
-
-
Soby Mathew authored
Make the spinlock implementation use ARMv8.1-LSE CAS instruction based on a platform build option. The CAS-based implementation used to be unconditionally selected for all ARM8.1+ platforms. The previous CAS spinlock implementation had a bug wherein the spin_unlock() implementation had an `sev` after `stlr` which is not sufficient. A dsb is needed to ensure that the stlr completes prior to the sev. Having a dsb is heavyweight and a better solution would be to use load exclusive semantics to monitor the lock and wake up from wfe when a store happens to the lock. The patch implements the same. Change-Id: I5283ce4a889376e4cc01d1b9d09afa8229a2e522 Signed-off-by: Soby Mathew <soby.mathew@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
-
- 12 Sep, 2019 2 commits
-
-
Justin Chadwell authored
cert_tool is now able to accept a command line option for specifying the key size. It now supports the following options: 1024, 2048 (default), 3072 and 4096. This is also modifiable by TFA using the build flag KEY_SIZE. Change-Id: Ifadecf84ade3763249ee8cc7123a8178f606f0e5 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
Hadi Asyrafi authored
Some of the platform (ie. Agilex) make use of CCU IPs which will only be initialized during bl2_el3_early_platform_setup. Any operation to the cache beforehand will crash the platform. Hence, this will provide an option to skip the data cache invalidation upon bl2 entry at EL3 Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com> Change-Id: I2c924ed0589a72d0034714c31be8fe57237d1f06
-