GitLab

This patch adds the authentication framework that will be used as
the base to implement Trusted Board Boot in the Trusted Firmware.
The framework comprises the following modules:

- Image Parser Module (IPM)

    This module is responsible for interpreting images, check
    their integrity and extract authentication information from
    them during Trusted Board Boot.

    The module currently supports three types of images i.e.
    raw binaries, X509v3 certificates and any type specific to
    a platform. An image parser library must be registered for
    each image type (the only exception is the raw image parser,
    which is included in the main module by default).

    Each parser library (if used) must export a structure in a
    specific linker section which contains function pointers to:

        1. Initialize the library
        2. Check the integrity of the image type supported by
           the library
        3. Extract authentication information from the image

- Cryptographic Module (CM)

    This module is responsible for verifying digital signatures
    and hashes. It relies on an external cryptographic library
    to perform the cryptographic operations.

    To register a cryptographic library, the library must use the
    REGISTER_CRYPTO_LIB macro, passing function pointers to:

        1. Initialize the library
        2. Verify a digital signature
        3. Verify a hash

    Failing to register a cryptographic library will generate
    a build time error.

- Authentication Module (AM)

    This module provides methods to authenticate an image, like
    hash comparison or digital signatures. It uses the image parser
    module to extract authentication parameters, the crypto module
    to perform cryptographic operations and the Chain of Trust to
    authenticate the images.

    The Chain of Trust (CoT) is a data structure that defines the
    dependencies between images and the authentication methods
    that must be followed to authenticate an image.

The Chain of Trust, when added, must provide a header file named
cot_def.h with the following definitions:

- COT_MAX_VERIFIED_PARAMS

    Integer value indicating the maximum number of authentication
    parameters an image can present. This value will be used by the
    authentication module to allocate the memory required to load
    the parameters in the image descriptor.

Change-Id: Ied11bd5cd410e1df8767a1df23bb720ce7e58178

This patch extends the build option `USE_COHERENT_MEMORY` to
conditionally remove coherent memory from the memory maps of
all boot loader stages. The patch also adds necessary
documentation for coherent memory removal in firmware-design,
porting and user guides.

Fixes ARM-Software/tf-issues#106

Change-Id: I260e8768c6a5c2efc402f5804a80657d8ce38773

This patch fixes the incorrect value of the LENGTH attribute in
the linker scripts. This attribute must define the memory size, not
the limit address.

Fixes ARM-software/tf-issues#252

Change-Id: I328c38b9ec502debe12046a8912d7dfc54610c46

This patch introduces a framework which will allow CPUs to perform
implementation defined actions after a CPU reset, during a CPU or cluster power
down, and when a crash occurs. CPU specific reset handlers have been implemented
in this patch. Other handlers will be implemented in subsequent patches.

Also moved cpu_helpers.S to the new directory lib/cpus/aarch64/.

Change-Id: I1ca1bade4d101d11a898fb30fea2669f9b37b956

Secure ROM at address 0x0000_0000 is defined as FVP_TRUSTED_ROM
Secure RAM at address 0x0400_0000 is defined as FVP_TRUSTED_SRAM
Secure RAM at address 0x0600_0000 is defined as FVP_TRUSTED_DRAM

BLn_BASE and BLn_LIMIT definitions have been updated and are based on
these new memory regions.

The available memory for each bootloader in the linker script is
defined by BLn_BASE and BLn_LIMIT, instead of the complete memory
region.

TZROM_BASE/SIZE and TZRAM_BASE/SIZE are no longer required as part of
the platform porting.

FVP common definitions are defined in fvp_def.h while platform_def.h
contains exclusively (with a few exceptions) the definitions that are
mandatory in the porting guide. Therefore, platform_def.h now includes
fvp_def.h instead of the other way around.

Porting guide has been updated to reflect these changes.

Change-Id: I39a6088eb611fc4a347db0db4b8f1f0417dbab05

Previously, platform.h contained many declarations and definitions
used for different purposes. This file has been split so that:

* Platform definitions used by common code that must be defined
  by the platform are now in platform_def.h. The exact include
  path is exported through $PLAT_INCLUDES in the platform makefile.

* Platform definitions specific to the FVP platform are now in
  /plat/fvp/fvp_def.h.

* Platform API declarations specific to the FVP platform are now
  in /plat/fvp/fvp_private.h.

* The remaining platform API declarations that must be ported by
  each platform are still in platform.h but this file has been
  moved to /include/plat/common since this can be shared by all
  platforms.

Change-Id: Ieb3bb22fbab3ee8027413c6b39a783534aee474a

Currently the platform code gets to define the base address of each
boot loader image. However, the linker scripts couteract this
flexibility by enforcing a fixed overall layout of the different
images. For example, they require that the BL3-1 image sits below
the BL2 image. Choosing BL3-1 and BL2 base addresses in such a way
that it violates this constraint makes the build fail at link-time.

This patch requires the platform code to now define a limit address
for each image. The linker scripts check that the image fits within
these bounds so they don't rely anymore on the position of a given
image in regard to the others.

Fixes ARM-software/tf-issues#163

Change-Id: I8c108646825da19a6a8dfb091b613e1dd4ae133c

BL1 RO and RW base address used to be fixed, respectively to the first
address of the Trusted ROM and the first address of the Trusted RAM.

Introduce new platform defines to configure the BL1 RO and RW base
addresses.

Change-Id: If26616513a47798593a4bb845a4b0fb37c867cd6

All common functions are being built into all binary images,
whether or not they are actually used. This change enables the
use of -ffunction-sections, -fdata-sections and --gc-sections
in the compiler and linker to remove unused code and data from
the images.

Change-Id: Ia9f78c01054ac4fa15d145af38b88a0d6fb7d409

At present, the entry point for each BL image is specified via the
Makefiles and provided on the command line to the linker. When using a
link script the entry point should rather be specified via the ENTRY()
directive in the link script.

This patch updates linker scripts of all BL images to specify the entry
point using the ENTRY() directive. It also removes the --entry flag
passed to the linker through Makefile.

Fixes issue ARM-software/tf-issues#66

Change-Id: I1369493ebbacea31885b51185441f6b628cf8da0

This patch factors out the ARM FVP specific code to create MMU
translation tables so that it is possible for a boot loader stage to
create a different set of tables instead of using the default ones.
The default translation tables are created with the assumption that
the calling boot loader stage executes out of secure SRAM. This might
not be true for the BL3_2 stage in the future.

A boot loader stage can define the `fill_xlation_tables()` function as
per its requirements. It returns a reference to the level 1
translation table which is used by the common platform code to setup
the TTBR_EL3.

This patch is a temporary solution before a larger rework of
translation table creation logic is introduced.

Change-Id: I09a075d5da16822ee32a411a9dbe284718fb4ff6

This patch reworks BL2 to BL3-1 hand over interface by introducing a
composite structure (bl31_args) that holds the superset of information
that needs to be passed from BL2 to BL3-1.

  - The extents of secure memory available to BL3-1
  - The extents of memory available to BL3-2 (not yet implemented) and
    BL3-3
  - Information to execute BL3-2 (not yet implemented) and BL3-3 images

This patch also introduces a new platform API (bl2_get_bl31_args_ptr)
that needs to be implemented by the platform code to export reference to
bl31_args structure which has been allocated in platform-defined memory.

The platform will initialize the extents of memory available to BL3-3
during early platform setup in bl31_args structure. This obviates the
need for bl2_get_ns_mem_layout platform API.

BL2 calls the bl2_get_bl31_args_ptr function to get a reference to
bl31_args structure. It uses the 'bl33_meminfo' field of this structure
to load the BL3-3 image. It sets the entry point information for the
BL3-3 image in the 'bl33_image_info' field of this structure. The
reference to this structure is passed to the BL3-1 image.

Also fixes issue ARM-software/tf-issues#25

Change-Id: Ic36426196dd5ebf89e60ff42643bed01b3500517

This patch ensures that VBAR_EL3 points to the simple stack-less
'early_exceptions' when the C runtime stack is not correctly setup to
use the more complex 'runtime_exceptions'. It is initialised to
'runtime_exceptions' once this is done.

This patch also moves all exception vectors into a '.vectors' section
and modifies linker scripts to place all such sections together. This
will minimize space wastage from alignment restrictions.

Change-Id: I8c3e596ea3412c8bd582af9e8d622bb1cb2e049d

This patch moves the translation tables into their own section. This
saves space that would otherwise have been lost in padding due to page
table alignment constraints. The BL31 and BL32 bases have been
consequently adjusted.

Change-Id: Ibd65ae8a5ce4c4ea9a71a794c95bbff40dc63e65

Change-Id: Ic7fb61aabae1d515b9e6baf3dd003807ff42da60

- Add instructions for contributing to ARM Trusted Firmware.

- Update copyright text in all files to acknowledge contributors.

Change-Id: I9311aac81b00c6c167d2f8c889aea403b84450e5

  - Check at link-time that bootloader images will fit in memory
    at run time and that they won't overlap each other.
  - Remove text and rodata orphan sections.
  - Define new linker symbols to remove the need for platform setup
    code to know the order of sections.
  - Reduce the size of the raw binary images by cutting some sections
    out of the disk image and allocating them at load time, whenever
    possible.
  - Rework alignment constraints on sections.
  - Remove unused linker symbols.
  - Homogenize linker symbols names across all BLs.
  - Add some comments in the linker scripts.

Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9