- 07 Sep, 2018 12 commits
-
-
Soby Mathew authored
ARM Platforms:Enable non-secure access to UART1
-
Dimitris Papastamos authored
juno: Revert FWU update detect mechanism
-
Dimitris Papastamos authored
Improvements to Mbed TLS shared heap code
-
Dimitris Papastamos authored
SDEI: Mask events after CPU wakeup
-
Sathees Balya authored
The patch 7b56928a unified the FWU mechanism on FVP and Juno platforms due to issues with MCC firmware not preserving the NVFLAGS. With MCCv150 firmware, this issue is resolved. Also writing to the NOR flash while executing from the same flash in Bypass mode had some stability issues. Hence, since the MCC firmware issue is resolved, this patch reverts to the NVFLAGS mechanism to detect FWU. Also, with the introduction of SDS (Shared Data Structure) by the SCP, the reset syndrome needs to queried from the appropriate SDS field. Change-Id: If9c08f1afaaa4fcf197f3186887068103855f554 Signed-off-by:
Sathees Balya <sathees.balya@arm.com> Signed-off-by:
Soby Mathew <Soby.Mathew@arm.com>
-
John Tsichritzis authored
After introducing the Mbed TLS shared heap optimisation, reducing BL2 size by 3 pages didn't leave enough space for growth. We give 1 page back to maximum BL2 size. Change-Id: I4f05432f00b923693160f69a4e4ec310a37a2b16 Signed-off-by:John Tsichritzis <john.tsichritzis@arm.com>
-
Alexei Fedorov authored
Adds an undocumented build option that enables non-secure access to the PL011 UART1. This allows a custom build where the UART can be used as a serial debug port for WinDbg (or other debugger) connection. This option is not documented in the user guide, as it is provided as a convenience for Windows debugging, and not intended for general use. In particular, enabling non-secure access to the UART might allow a denial of service attack! Change-Id: I4cd7d59c2cac897cc654ab5e1188ff031114ed3c Signed-off-by:
Alexei Fedorov <Alexei.Fedorov@arm.com> Signed-off-by:
Evan Lloyd <evan.lloyd@arm.com>
-
John Tsichritzis authored
A cache flush is added in BL1, in Mbed TLS shared heap code. Thus, we ensure that the heap info written to the DTB always gets written back to memory. Hence, sharing this info with other images is guaranteed. Change-Id: I0faada31fe7a83854cd5e2cf277ba519e3f050d5 Signed-off-by: -
John Tsichritzis authored
In Mbed TLS shared heap code, an additional sanity check is introduced in BL2. Currently, when BL2 shares heap with BL1, it expects the heap info to be found in the DTB. If for any reason the DTB is missing, BL2 cannot have the heap address and, hence, Mbed TLS cannot proceed. So, BL2 cannot continue executing and it will eventually crash. With this change we ensure that if the DTB is missing BL2 will panic() instead of having an unpredictable crash. Change-Id: I3045ae43e54b7fe53f23e7c2d4d00e3477b6a446 Signed-off-by: -
John Tsichritzis authored
This patch, firstly, makes the error messages consistent to how printed strings are usually formatted. Secondly, it removes an unnecessary #if directive. Change-Id: Idbb8ef0070562634766b683ac65f8160c9d109e6 Signed-off-by: -
Dimitris Papastamos authored
Convert BL31 error message into warning
-
Jeenu Viswambharan authored
The specification requires that, after wakeup from a CPU suspend, the dispatcher must mask all events on the CPU. This patch adds the feature to the SDEI dispatcher by subscribing to the PSCI suspend to power down event, and masking all events on the PE. Change-Id: I9fe1d1bc2a58379ba7bba953a8d8b275fc18902c Signed-off-by:Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 06 Sep, 2018 1 commit
-
-
Antonio Nino Diaz authored
If BL32 isn't present or it fails to initialize the current code prints an error message in both debug and release builds. This is too verbose for release builds, so it has been converted into a warning. Also, it was missing a newline at the end of the message. Change-Id: I91e18d5d5864dbb19d47ecd54f174d2d8c06296c Signed-off-by:Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 05 Sep, 2018 12 commits
-
-
Dimitris Papastamos authored
Add missing barriers to Bakery Locks
-
Dimitris Papastamos authored
Qemu updates
-
Jeenu Viswambharan authored
With the current implementation, it's possible for a contender to observe accesses in the Critical Section before acquiring or releasing the lock. Insert fencing in the locking and release codes to prevent any reorder. Fixes ARM-software/tf-issues#609 Change-Id: I773b82aa41dd544a2d3dbacb9a4b42c9eb767bbb Signed-off-by: -
Jeenu Viswambharan authored
'dmb ld' is not a recognized instruction for ARMv7. Since generic code may use 'dmb ld', alias it to 'dmb' when building for ARMv7. Change-Id: I502f360cb6412897ca9580b725d9f79469a7612e Signed-off-by: -
Dimitris Papastamos authored
Atf master+linaro warp7 squash v4
-
Dimitris Papastamos authored
Mbed TLS shared heap
-
Dimitris Papastamos authored
Recent Denver CPU fixes from downstream
-
Dimitris Papastamos authored
Xilinx latest platform related changes
-
Dimitris Papastamos authored
Fix broken links in documentation
-
Varun Wadekar authored
For Denver CPUs, this approach enables the mitigation during EL3 initialization, following every PE reset. No mechanism is provided to disable the mitigation at runtime. This approach permanently mitigates the EL3 software stack only. Other software components are responsible to enable it for their exception levels. TF-A implements this approach for the Denver CPUs with DENVER_MIDR_PN3 and earlier: * By setting bit 11 (Disable speculative store buffering) of `ACTLR_EL3` * By setting bit 9 (Disable speculative memory disambiguation) of `ACTLR_EL3` TF-A implements this approach for the Denver CPUs with DENVER_MIDR_PN4 and later: * By setting bit 18 (Disable speculative store buffering) of `ACTLR_EL3` * By setting bit 17 (Disable speculative memory disambiguation) of `ACTLR_EL3` Change-Id: If1de96605ce3f7b0aff5fab2c828e5aecb687555 Signed-off-by:Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
Denver CPUs expect the power state field to be reset to 'C1' during boot. This patch updates the reset handler to reset the ACTLR_.PMSTATE field to 'C1' state during CPU boot. Change-Id: I7cb629627a4dd1a30ec5cbb3a5e90055244fe30c Signed-off-by: -
Varun Wadekar authored
The current functions to disable and enable Dynamic Code Optimizer (DCO) assume that all denver cores are in the same cluster. They ignore AFF1 field of the mpidr_el1 register, which leads to incorect logical core id calculation. This patch calls the platform handler, plat_my_core_pos(), to get the logical core id to disable/enable DCO for the core. Original change by: Krishna Sitaraman <ksitaraman@nvidia.com> Change-Id: I45fbd1f1eb032cc1db677a4fdecc554548b4a830 Signed-off-by:
-
- 04 Sep, 2018 15 commits
-
-
Bryan O'Donoghue authored
This patch adds me to various maintainer activities in the ATF tree associated with the NXP i.MX7 generally and WaARP7 in particular. Signed-off-by:Bryan O'Donoghue <bryan.odonoghue@linaro.org>
-
Bryan O'Donoghue authored
This patch describes the boot-flow and building of the WaRP7 TF-A port. What it describes is booting and unsigned TF-A. A very brief section has been added on signing BL2 which is in no-way comprehensive. For a comprehensive description of the signing process try the Boundary Devices blog on the matter. https://boundarydevices.com/high-assurance-boot-hab-dummies/ Signed-off-by:
-
Jens Wiklander authored
Replaces deprecated early platform setup APIs * Replaces bl31_early_platform_setup() with bl31_early_platform_setup2() * Replaces bl2_early_platform_setup() with bl2_early_platform_setup2() Signed-off-by:Jens Wiklander <jens.wiklander@linaro.org>
-
Bryan O'Donoghue authored
Previous changes in this series made the necessary driver additions and updates. With those changes in-place we can add the platform.mk and bl2_el3_setup.c to drive the boot process. After this commit its possible to build a fully-functional TF-A for the WaRP7 and boot from the BootROM to the Linux command prompt in secure or non-secure mode. Signed-off-by: -
Bryan O'Donoghue authored
This patch adds a callback into the BootROM's provided High Assurance Boot (HAB) failsafe function when panicking i.e. the call is done without making use of stack. The HAB failsafe function allows a piece of software to call into the BootROM and place the processor into failsafe mode. Failsafe mode is a special mode which presents a serial download protocol interface over UART or USB at the time of writing. If the board has been set into secure mode, then only a signed binary can be used to recover the board. Thus failsafe gives a putatively secure method of performing a secure recovery over UART or USB. Signed-off-by:
Ryan Harkin <ryan.harkin@linaro.org>
-
Bryan O'Donoghue authored
This patch adds entries to the mem params array for - BL32 - BL32_EXTRA1 - BL32_EXTRA2 - BL33 - HW_CONFIG_ID BL32 is marked as bootable to indicate that OPTEE is the thing that should be booted next. In our model OPTEE chain-loads onto u-boot so only BL32 is bootable. Signed-off-by:
Rui Miguel Silva <rui.silva@linaro.org> Signed-off-by:
-
Bryan O'Donoghue authored
This commit adds support for parsing a FIP pre-loaded by a previous boot-phase such as u-boot or via ATF reading directly from eMMC. [bod: squashing several patches from Rui, Jun and bod] Signed-off-by:
Jun Nie <jun.nie@linaro.org> Signed-off-by:
-
Bryan O'Donoghue authored
This patch defines a platform_def.h describing - FIP layout and location - eMMC device select - UART identity select - System clock frequency - Operational memory map Signed-off-by:
-
Bryan O'Donoghue authored
In order to link even a basic image we need to declare REGISTER_BL_IMAGE_DESCS. This patch declares an empty structure which is passed to REGISTER_BL_IMAGE_DESCS(). Later patches will add in some meaningful data. Signed-off-by: -
Bryan O'Donoghue authored
Internal declarations for the WaRP7 port will go here. For now just include sys/types.h. Signed-off-by: -
Bryan O'Donoghue authored
This commit adds warp7_image_load.c with the functions - plat_flush_next_bl_params() - plat_get_bl_image_load_info() - plat_get_next_bl_params() Signed-off-by: -
Bryan O'Donoghue authored
This commit adds a warp7_helpers.S which contains a implementation of: - platform_mem_init - plat_get_my_entrypoint - plat_crash_console_init - plat_crash_console_putc Signed-off-by: -
Bryan O'Donoghue authored
The watchdog block on the IMX is mercifully simple. This patch maps the various registers and bits associated with the block. We are mostly only really interested in the power-down-enable (PDE) bits in the block for the purposes of ATF. The i.MX7 Solo Applications Processor Reference Manual details the PDE bit as follows: "Power Down Enable bit. Reset value of this bit is 1, which means the power down counter inside the WDOG is enabled after reset. The software must write 0 to this bit to disable the counter within 16 seconds of reset de-assertion. Once disabled this counter cannot be enabled again. See Power-down counter event for operation of this counter." This patch does that zero write in-lieu of later phases in the boot no-longer have the necessary permissions to rewrite the PDE bit directly. Signed-off-by: -
Bryan O'Donoghue authored
This patch defines the most basic part of the CAAM and the only piece of the CAAM silicon we are really interested in, in ATF, the CAAM control structure. The CAAM itself is a huge address space of some 32k, way out of scope for the purpose we have in ATF. This patch adds a simple CAAM init function that assigns ownership of the CAAM job-rings to the non-secure MID with the ownership bit set to non-secure. This will allow later logic in the boot process such as OPTEE, u-boot and Linux to assign job-rings as appropriate, restricting if necessary but leaving open the main functionality of the CAAM to the Linux NS runtime. Signed-off-by: -
Jens Wiklander authored
The QEMU platform has only been used with LOAD_IMAGE_V2=1 for some time now and bit rot has occurred for LOAD_IMAGE_V2=0. To ease the maintenance make LOAD_IMAGE_V2=1 mandatory and remove the platform specific code for LOAD_IMAGE_V2=0. Signed-off-by:
-
