- 11 Mar, 2015 1 commit
-
-
Juan Castillo authored
By default, the checkpatch script requires that commit references included in commit messages follow a predefined format. Github merge commits do not follow this convention, causing the code style test to fail when a new pull request is created. This patch adds the ignore GIT_COMMIT_ID option to the checkpatch parameters. This flag indicates the tool to ignore the commit message format. Change-Id: I37133cc5cf803f664b8ff00f62d458b39f06918c
-
- 10 Mar, 2015 1 commit
-
-
Sandrine Bailleux authored
The message printed by 'make help' is incomplete. It doesn't mention all relevant supported targets. This patch updates it. The format of the first line of the help message has been changed so that it no longer lists all supported targets. This eases the maintenance as we don't need to update the list in 2 places anymore whenever a new target is added. Also add a reference to the user guide to get the list of supported options. Change-Id: I79d8b815b0ffc0c43b4c05124378fce0e938365c
-
- 05 Mar, 2015 2 commits
-
-
Juan Castillo authored
Build target 'all' fails when GENERATE_COT=1 and no BL3-3 or BL3-0 (if required) images are specified. The reason is that, when GENERATE_COT=1, a dependency on the certificates is added to the target 'all', and the certificates depend on the BL3-3 and BL3-0 images, causing the build process to fail if the images are not specified. This patch moves the dependency on the certificates from 'all' to 'fip'. Target 'all' may be used to build the individual images. The certificates will be created by calling the target 'fip', where BL3-3 and BL3-0 (if required) must be specified. Change-Id: I870beb4e8f9f1bfad1d35b09c850a7ce3c9f4ec6
-
Sandrine Bailleux authored
The C library source files embedded into the Trusted Firmware tree are not required to comply to the Linux Coding Style. Unfortunately, 'make checkpatch' does take them into account. This patch modifies the Makefile so that the C library source and header files are now ignored by 'make checkpatch'. It also instructs the checkpatch.pl script to not treat the presence of a 'Change-Id' line in the commit message as an error. Change-Id: I38196202efe518bae3a57c2affe2ed7758c9f69c
-
- 03 Feb, 2015 1 commit
-
-
Achin Gupta authored
Final updates to readme.md and change-log.md for ARM Trusted Firmware version 1.1. Also increment the version in the Makefile. Change-Id: Ib001a6ec9a9c570985841d06f0ff80ed76c2996b
-
- 28 Jan, 2015 5 commits
-
-
Juan Castillo authored
This patch provides an API to access the authentication module that will be used to verify the authenticity of the images loaded into memory as part of the Trusted Board Boot process. To include the authentication module as part of the build, set the boolean build option TRUSTED_BOARD_BOOT. One single authentication module must be registered at build time by setting the build option AUTH_MOD=<mod_name>. All authentication modules will be located in 'common/auth/<mod_name>' and must present the <mod_name>.mk file that will be included by the build system to compile the module sources. To create an authentication module, an instance of auth_mod_t called 'auth_mod' must be declared in the module sources. The initialization and verification functions provided by the module will be exported through the function pointers specified when declaring this instance. If an authentication module includes third party sources that do not adhere to the C99 standard, the -pedantic option may be removed from the build options by setting the flag DISABLE_PEDANTIC in the module file <mod_name>.mk. Change-Id: I080bb04bd421029bcdf22ec2c63807afbf061dcd
-
Juan Castillo authored
This patch implements an authentication module based on the PolarSSL library (v1.3.9) to verify the Chain of Trust when Trusted Boot is enabled. PolarSSL sources must be fetched separately. The POLARSSL_DIR build option may be used to indicate the path to the PolarSSL main directory (this directory must contain the 'include' and 'library' subdirectories). To be able to build PolarSSL sources as a part of the Trusted Firmware build process, the DISABLE_PEDANTIC flag in polarssl.mk will tell the build system to remove the -pedantic option from the CFLAGS. Inclusion of PolarSSL increases the memory requirements of the BL1 and BL2 images. The following are the changes made to the FVP and Juno platforms to cater for this when TRUSTED_BOARD_BOOT is defined: Changes on FVP: - BL1 and BL2 stacks have been increased to 4 KB - BL1(rw) section has been increased to 32 KB. - BL2 memory region has been increased to 112 KB Changes on Juno: - BL1 and BL2 stacks have been increased to 4 KB - BL1(rw) section has been increased to 32 KB. - Trusted ROM region in Flash has been increased to 128 KB. - BL2 memory region has been increased to 116 KB Change-Id: Ie87d80d43408eb6239c4acd0ec5ab2120e4e9e80
-
Juan Castillo authored
This patch adds the function plat_match_rotpk() to the platform porting layer to provide a Root Of Trust Public key (ROTPK) verification mechanism. This function is called during the Trusted Board Boot process and receives a supposed valid copy of the ROTPK as a parameter, usually obtained from an external source (for instance, a certificate). It returns 0 (success) if that key matches the actual ROTPK stored in the system or any other value otherwise. The mechanism to access the actual ROTPK stored in the system is platform specific and should be implemented as part of this function. The format of the ROTPK is also platform specific (to save memory, some platforms might store a hash of the key instead of the whole key). TRUSTED_BOARD_BOOT build option has been added to allow the user to enable the Trusted Board Boot features. The implementation of the plat_match_rotpk() funtion is mandatory when Trusted Board Boot is enabled. For development purposes, FVP and Juno ports provide a dummy function that returns always success (valid key). A safe trusted boot implementation should provide a proper matching function. Documentation updated accordingly. Change-Id: I74ff12bc2b041556c48533375527d9e8c035b8c3
-
Juan Castillo authored
This patch extends the FIP tool to include the certificates generated by the 'cert_create' tool. If GENERATE_COT build option is enabled, the Makefile adds the certificates as dependencies to create the FIP file. Thus, make target 'fip' will also build the certificates as part of the Trusted Firmware build process. Change-Id: I5eee500da7f7be6cfb6e3df0423599739d260074
-
Juan Castillo authored
This patch adds a tool that generates all the necessary elements to establish the chain of trust (CoT) between the images. The tool reads the binary images and signing keys and outputs the corresponding certificates that will be used by the target at run time to verify the authenticity of the images. Note: the platform port must provide the file platform_oid.h. This file will define the OIDs of the x509 extensions that will be added to the certificates in order to establish the CoT. Change-Id: I2734d6808b964a2107ab3a4805110698066a04be
-
- 26 Jan, 2015 1 commit
-
-
Juan Castillo authored
This patch allows the secure payload (BL3-2) to be loaded in the DRAM region secured by the TrustZone controller (top 16 MB of DRAM1). The location of BL3-2 can be selected at build time by setting the build flag FVP_TSP_RAM_LOCATION to one of the following options: - 'tsram' : Trusted SRAM (this is the default option) - 'tdram' : Trusted DRAM - 'dram' : Secure region in DRAM1 (top 16MB configured by the TrustZone controller) The number of MMU tables in BL3-2 depends on its location in memory: 3 in case it is loaded in DRAM, 2 otherwise. Documentation updated accordingly. Fixes ARM-software/tf-issues#212 Change-Id: I371eef3a4159f06a0c9e3c6c1f4c905b2f93803a
-
- 22 Jan, 2015 1 commit
-
-
Soby Mathew authored
This patch moves the bakery locks out of coherent memory to normal memory. This implies that the lock information needs to be placed on a separate cache line for each cpu. Hence the bakery_lock_info_t structure is allocated in the per-cpu data so as to minimize memory wastage. A similar platform per-cpu data is introduced for the platform locks. As a result of the above changes, the bakery lock api is completely changed. Earlier, a reference to the lock structure was passed to the lock implementation. Now a unique-id (essentially an index into the per-cpu data array) and an offset into the per-cpu data for bakery_info_t needs to be passed to the lock implementation. Change-Id: I1e76216277448713c6c98b4c2de4fb54198b39e0
-
- 06 Jan, 2015 1 commit
-
-
Juan Castillo authored
This patch allows to define the name of the FIP at build time by defining the FIP_NAME variable. If FIP_NAME is not defined, default name 'fip.bin' is used. Documentation updated accordingly. Change-Id: Ic41f42aac379b0c958b3dfd02863ba8ba7108710
-
- 26 Nov, 2014 1 commit
-
-
Sandrine Bailleux authored
The 'fiptool' target doesn't depend on fip_create's source files, neither directly nor indirectly. As a result, the FIP tool is not rebuilt whenever its source files change. This patch makes the ${FIPTOOL} target into a phony target so that the FIP tool's sub-makefile is always called. The sub-makefile correctly handles the dependencies. It also moves the completion message into the sub-makefile so that it is only displayed when the tool is actually recompiled. Fixes ARM-software/tf-issues#278 Change-Id: Ia027519fe51d3c42be30665d1ad20a7b89fa350f
-
- 29 Oct, 2014 1 commit
-
-
Soby Mathew authored
This patch optimizes the Cortex-A57 cluster power down sequence by not flushing the Level1 data cache. The L1 data cache and the L2 unified cache are inclusive. A flush of the L2 by set/way flushes any dirty lines from the L1 as well. This is a known safe deviation from the Cortex-A57 TRM defined power down sequence. This optimization can be enabled by the platform through the 'SKIP_A57_L1_FLUSH_PWR_DWN' build flag. Each Cortex-A57 based platform must make its own decision on whether to use the optimization. This patch also renames the cpu-errata-workarounds.md to cpu-specific-build-macros.md as this facilitates documentation of both CPU Specific errata and CPU Specific Optimization build macros. Change-Id: I299b9fe79e9a7e08e8a0dffb7d345f9a00a71480
-
- 16 Sep, 2014 1 commit
-
-
Soby Mathew authored
This patch adds support for supplying pre-built BL binaries for BL2, BL3-1 and BL3-2 during trusted firmware build. Specifying BLx = <path_to_BLx> in the build command line, where 'x' is any one of BL2, BL3-1 or BL3-2, will skip building that BL stage from source and include the specified binary in final fip image. This patch also makes BL3-3 binary for FIP optional depending on the value of 'NEED_BL33' flag which is defined by the platform. Fixes ARM-software/tf-issues#244 Fixes ARM-software/tf-issues#245 Change-Id: I3ebe1d4901f8b857e8bb51372290978a3323bfe7
-
- 28 Aug, 2014 1 commit
-
-
Dan Handley authored
Final updates to readme.md and change-log.md for ARM Trusted Firmware version 1.0. Also increment the version in the Makefile. Change-Id: I00fe1016c8b936834bbf7bbba7aab07f51261bbb
-
- 20 Aug, 2014 2 commits
-
-
Soby Mathew authored
This patch adds workarounds for selected errata which affect the Cortex-A57 r0p0 part. Each workaround has a build time flag which should be used by the platform port to enable or disable the corresponding workaround. The workarounds are disabled by default. An assertion is raised if the platform enables a workaround which does not match the CPU revision at runtime. Change-Id: I9ae96b01c6ff733d04dc733bd4e67dbf77b29fb0
-
Soby Mathew authored
This patch adds CPU core and cluster power down sequences to the CPU specific operations framework introduced in a earlier patch. Cortex-A53, Cortex-A57 and generic AEM sequences have been added. The latter is suitable for the Foundation and Base AEM FVPs. A pointer to each CPU's operations structure is saved in the per-cpu data so that it can be easily accessed during power down seqeunces. An optional platform API has been introduced to allow a platform to disable the Accelerator Coherency Port (ACP) during a cluster power down sequence. The weak definition of this function (plat_disable_acp()) does not take any action. It should be overriden with a strong definition if the ACP is present on a platform. Change-Id: I8d09bd40d2f528a28d2d3f19b77101178778685d
-
- 19 Aug, 2014 1 commit
-
-
Dan Handley authored
* Move TSP platform porting functions to new file: include/bl32/tsp/platform_tsp.h. * Create new TSP_IRQ_SEC_PHY_TIMER definition for use by the generic TSP interrupt handling code, instead of depending on the FVP specific definition IRQ_SEC_PHY_TIMER. * Rename TSP platform porting functions from bl32_* to tsp_*, and definitions from BL32_* to TSP_*. * Update generic TSP code to use new platform porting function names and definitions. * Update FVP port accordingly and move all TSP source files to: plat/fvp/tsp/. * Update porting guide with above changes. Note: THIS CHANGE REQUIRES ALL PLATFORM PORTS OF THE TSP TO BE UPDATED Fixes ARM-software/tf-issues#167 Change-Id: Ic0ff8caf72aebb378d378193d2f017599fc6b78f
-
- 14 Aug, 2014 1 commit
-
-
Dan Handley authored
Move the remaining IO storage source file (io_storage.c) from the lib to the drivers directory. This requires that platform ports explicitly add this file to the list of source files. Also move the IO header files to a new sub-directory, include/io. Change-Id: I862b1252a796b3bcac0d93e50b11e7fb2ded93d6
-
- 12 Aug, 2014 1 commit
-
-
Dan Handley authored
Create new LOG_LEVEL build option, which controls the amount of console output compiled into the build. This should be one of the following: 0 (LOG_LEVEL_NONE) 10 (LOG_LEVEL_NOTICE) 20 (LOG_LEVEL_ERROR) 30 (LOG_LEVEL_WARNING) 40 (LOG_LEVEL_INFO) 50 (LOG_LEVEL_VERBOSE) All log output up to and including the log level is compiled into the build. The default value is 40 in debug builds and 20 in release builds. Complement the existing INFO, WARN and ERROR console output macros with NOTICE and VERBOSE macros, which are conditionally compiled in depending on the value of LOG_LEVEL. Fixes ARM-software/tf-issues#232 Change-Id: I951e2f333e7b90fc4b1060741d9a6db699d5aa72
-
- 11 Aug, 2014 1 commit
-
-
Soby Mathew authored
This patch defines a compile time macro for each boot loader stage which allows compilation of code only for a specific stage. Change-Id: I3a4068404cd3dc26d652556ca9ca7afea8dd28ef
-
- 28 Jul, 2014 2 commits
-
-
Soby Mathew authored
This patch reworks the crash reporting mechanism to further optimise the stack and code size. The reporting makes use of assembly console functions to avoid calling C Runtime to report the CPU state. The crash buffer requirement is reduced to 64 bytes with this implementation. The crash buffer is now part of per-cpu data which makes retrieving the crash buffer trivial. Also now panic() will use crash reporting if invoked from BL3-1. Fixes ARM-software/tf-issues#199 Change-Id: I79d27a4524583d723483165dc40801f45e627da5
-
Soby Mathew authored
The patch implements a macro ASM_ASSERT() which can be invoked from assembly code. When assertion happens, file name and line number of the check is written to the crash console. Fixes ARM-software/tf-issues#95 Change-Id: I6f905a068e1c0fa4f746d723f18df60daaa00a86
-
- 25 Jul, 2014 2 commits
-
-
Juan Castillo authored
Print out Trusted Firmware version at runtime at each BL stage. Message consists of TF version as defined statically in the Makefile (e.g. v0.4), build mode (debug|release) and a customizable build string: 1. By defining BUILD_STRING in command line when building TF 2. Default string is git commit ID 3. Empty if git meta-data is not available Fixes ARM-software/tf-issues#203 Change-Id: I5c5ba438f66ab68810427d76b49c5b9177a957d6
-
Soby Mathew authored
This patch implements a "tf_printf" which supports only the commonly used format specifiers in Trusted Firmware, which uses a lot less stack space than the stdlib printf function. Fixes ARM-software/tf-issues#116 Change-Id: I7dfa1944f4c1e634b3e2d571f49afe02d109a351
-
- 17 Jul, 2014 1 commit
-
-
Sandrine Bailleux authored
The ARM_GIC_ARCH build option was supposed to default to 2 on all platforms. However, the default value was set in the FVP makefile so for all other platforms it wasn't even defined. This patch moves the default value to the main Makefile. The platform port can then override it if needed. Change-Id: I8e2da1cce7ffa3ed18814bbdcbcf2578101f18a6
-
- 10 Jul, 2014 2 commits
-
-
Sandrine Bailleux authored
- Add support for loading a BL3-0 image in BL2. Information about memory extents is populated by platform-specific code. Subsequent handling of BL3-0 is also platform specific. The BL2 main function has been broken down to improve readability. The BL3-2 image is now loaded before the BL3-3 image to align with the boot flow. - Build system: Add support for specifying a BL3-0 image that will be included into the FIP image. - IO FIP driver: Add support for identifying a BL3-0 image inside a FIP image. - Update the documentation to reflect the above changes. Change-Id: I067c184afd52ccaa86569f13664757570c86fc48
-
Juan Castillo authored
CTX_INCLUDE_FPREGS make variable allows us to include or exclude FP registers from context structure, in case FP is not used by TSPD. Fixes ARM-software/tf-issues#194 Change-Id: Iee41af382d691340c7ae21830ad1bbf95dad1f4b
-
- 24 Jun, 2014 1 commit
-
-
Juan Castillo authored
Exclude stdlib files because they do not follow kernel code style. Fixes ARM-software/tf-issues#73 Change-Id: I4cfafa38ab436f5ab22c277cb38f884346a267ab
-
- 23 Jun, 2014 1 commit
-
-
Sandrine Bailleux authored
Add the '-Wmissing-include-dirs' flag to the CFLAGS and ASFLAGS to make the build fail if the compiler or the assembler is given a nonexistant directory in the list of directories to be searched for header files. Also remove 'include/bl1' and 'include/bl2' directories from the search path for header files as they don't exist anymore. Change-Id: I2475b78ba8b7b448b9d0afaa9ad975257f638b89
-
- 10 Jun, 2014 1 commit
-
-
Andrew Thoelke authored
Replace the current out-of-line assembler implementations of the system register and system instruction operations with inline assembler. This enables better compiler optimisation and code generation when accessing system registers. Fixes ARM-software/tf-issues#91 Change-Id: I149af3a94e1e5e5140a3e44b9abfc37ba2324476
-
- 23 May, 2014 1 commit
-
-
Dan Handley authored
Previously, platform.h contained many declarations and definitions used for different purposes. This file has been split so that: * Platform definitions used by common code that must be defined by the platform are now in platform_def.h. The exact include path is exported through $PLAT_INCLUDES in the platform makefile. * Platform definitions specific to the FVP platform are now in /plat/fvp/fvp_def.h. * Platform API declarations specific to the FVP platform are now in /plat/fvp/fvp_private.h. * The remaining platform API declarations that must be ported by each platform are still in platform.h but this file has been moved to /include/plat/common since this can be shared by all platforms. Change-Id: Ieb3bb22fbab3ee8027413c6b39a783534aee474a
-
- 22 May, 2014 1 commit
-
-
Vikram Kanigiri authored
This change adds optional reset vector support to BL3-1 which means BL3-1 entry point can detect cold/warm boot, initialise primary cpu, set up cci and mail box. When using BL3-1 as a reset vector it is assumed that the BL3-1 platform code can determine the location of the BL3-2 images, or load them as there are no parameters that can be passed to BL3-1 at reset. It also fixes the incorrect initialisation of mailbox registers on the FVP platform This feature can be enabled by building the code with make variable RESET_TO_BL31 set as 1 Fixes ARM-software/TF-issues#133 Fixes ARM-software/TF-issues#20 Change-Id: I4e23939b1c518614b899f549f1e8d412538ee570
-
- 16 May, 2014 4 commits
-
-
Jeenu Viswambharan authored
At present, non-secure timer register contents are saved and restored as part of world switch by BL3-1. This effectively means that the non-secure timer stops, and non-secure timer interrupts are prevented from asserting until BL3-1 switches back, introducing latency for non-secure services. Often, secure world might depend on alternate sources for secure interrupts (secure timer or platform timer) instead of non-secure timers, in which case this save and restore is unnecessary. This patch introduces a boolean build-time configuration NS_TIMER_SWITCH to choose whether or not to save and restore non-secure timer registers upon world switch. The default choice is made not to save and restore them. Fixes ARM-software/tf-issues#148 Change-Id: I1b9d623606acb9797c3e0b02fb5ec7c0a414f37e
-
Jeenu Viswambharan authored
At present, various build options are initialized at various places in the Makefile. This patch gathers all build option declarations at the top of the Makefile and assigns them default values. Change-Id: I9f527bc8843bf69c00cb754dc60377bdb407a951
-
Jeenu Viswambharan authored
This patch introduces two convenience functions to the build system: - assert_boolean: asserts that a given option is assigned either 0 or 1 as values - add_define: helps add/append macro definitions to build tool command line. This also introduces the variable DEFINES which is used to collect and pass all relevant configurations to build tools Change-Id: I3126894b034470d39858ebb3bd183bda681c7126
-
Soby Mathew authored
This patch implements the register reporting when unhandled exceptions are taken in BL3-1. Unhandled exceptions will result in a dump of registers to the console, before halting execution by that CPU. The Crash Stack, previously called the Exception Stack, is used for this activity. This stack is used to preserve the CPU context and runtime stack contents for debugging and analysis. This also introduces the per_cpu_ptr_cache, referenced by tpidr_el3, to provide easy access to some of BL3-1 per-cpu data structures. Initially, this is used to provide a pointer to the Crash stack. panic() now prints the the error file and line number in Debug mode and prints the PC value in release mode. The Exception Stack is renamed to Crash Stack with this patch. The original intention of exception stack is no longer valid since we intend to support several valid exceptions like IRQ and FIQ in the trusted firmware context. This stack is now utilized for dumping and reporting the system state when a crash happens and hence the rename. Fixes ARM-software/tf-issues#79 Improve reporting of unhandled exception Change-Id: I260791dc05536b78547412d147193cdccae7811a
-
- 06 May, 2014 1 commit
-
-
Dan Handley authored
Remove all usage of the vpath keyword in makefiles as it was prone to mistakes. Specify the relative paths to source files instead. Also reorder source files in makefiles alphabetically. Fixes ARM-software/tf-issues#121 Change-Id: Id15f60655444bae60e0e2165259efac71a50928b
-