- 15 Feb, 2017 2 commits
-
-
dp-arm authored
On Juno, the secure privileged invasive debug authentication signal (SPIDEN) is controlled by board SCC registers, which by default enable SPIDEN. Disable secure privileged external debug in release builds by programming the appropriate Juno SoC registers. Change-Id: I61045f09a47dc647bbe95e1b7a60e768f5499f49 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
dp-arm authored
Trusted Firmware currently has no support for secure self-hosted debug. To avoid unexpected exceptions, disable software debug exceptions, other than software breakpoint instruction exceptions, from all exception levels in secure state. This applies to both AArch32 and AArch64 EL3 initialization. Change-Id: Id097e54a6bbcd0ca6a2be930df5d860d8d09e777 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 13 Feb, 2017 1 commit
-
-
davidcunado-arm authored
Update AEM and Cortex Models versions
-
- 10 Feb, 2017 1 commit
-
-
David Cunado authored
AEMv8-A Model release v8.2 has been made available and Trusted Firmware has been tested against these versions as part of its CI system. This patch updates the user guide documentation to reflect the version of AEM and Cortex Models that Trusted Firmware has been tested against. Also, the Linaro Release Notes link was broken and this patch updates the link. Change-Id: I88729cef909a69fff629036f480fd6168ad7dc9a Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 07 Feb, 2017 1 commit
-
-
danh-arm authored
zynqmp: remove RESET_TO_BL31=1 from build instruction
-
- 06 Feb, 2017 3 commits
-
-
danh-arm authored
gitignore: ignore GNU GLOBAL tag files
-
danh-arm authored
PMF: Fixup PMF constants
-
Masahiro Yamada authored
RESET_TO_BL31=1 is specified by plat/xilinx/zynqmp/platform.mk with "override" directive. So, RESET_TO_BL31=1 is guaranteed without any operation on users' side. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 03 Feb, 2017 1 commit
-
-
Masahiro Yamada authored
GNU GLOBAL (https://www.gnu.org/software/global/ ) is source code tagging system. It creates 4 tag files (GTAGS, GRTAGS, GSYMS and GPATH) for the symbol cross-reference. Ignore them. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 02 Feb, 2017 1 commit
-
-
dp-arm authored
`PMF_ARM_TIF_IMPL_ID` should be set to 0x41. The code already left shifts it by 24 bit positions so this was overflowing. This fixes a build error with GCC 6.2 when `ENABLE_RUNTIME_INSTRUMENTATION` is set. Change-Id: I4c99d48ea7ce3d76e9edd1325b1979994db2c0fb Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 31 Jan, 2017 7 commits
-
-
danh-arm authored
Errata printing infrastructure
-
danh-arm authored
fiptool: Alignment support + misc refactoring
-
danh-arm authored
tbbr: Simplify conditional
-
danh-arm authored
Add -fno-builtin to CFLAGS
-
danh-arm authored
user-guide.md: Fix FVP references
-
danh-arm authored
Resolve build errors flagged by GCC 6.2
-
dp-arm authored
These are equivalent so use the reduced form. Change-Id: I40ca097411b9abab69985b8e4dbccf7582eae49e Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 30 Jan, 2017 3 commits
-
-
Jeenu Viswambharan authored
The errata reporting policy is as follows: - If an errata workaround is enabled: - If it applies (i.e. the CPU is affected by the errata), an INFO message is printed, confirming that the errata workaround has been applied. - If it does not apply, a VERBOSE message is printed, confirming that the errata workaround has been skipped. - If an errata workaround is not enabled, but would have applied had it been, a WARN message is printed, alerting that errata workaround is missing. The CPU errata messages are printed by both BL1 (primary CPU only) and runtime firmware on debug builds, once for each CPU/errata combination. Relevant output from Juno r1 console when ARM Trusted Firmware is built with PLAT=juno LOG_LEVEL=50 DEBUG=1: VERBOSE: BL1: cortex_a57: errata workaround for 806969 was not applied VERBOSE: BL1: cortex_a57: errata workaround for 813420 was not applied INFO: BL1: cortex_a57: errata workaround for disable_ldnp_overread was applied WARNING: BL1: cortex_a57: errata workaround for 826974 was missing! WARNING: BL1: cortex_a57: errata workaround for 826977 was missing! WARNING: BL1: cortex_a57: errata workaround for 828024 was missing! WARNING: BL1: cortex_a57: errata workaround for 829520 was missing! WARNING: BL1: cortex_a57: errata workaround for 833471 was missing! ... VERBOSE: BL31: cortex_a57: errata workaround for 806969 was not applied VERBOSE: BL31: cortex_a57: errata workaround for 813420 was not applied INFO: BL31: cortex_a57: errata workaround for disable_ldnp_overread was applied WARNING: BL31: cortex_a57: errata workaround for 826974 was missing! WARNING: BL31: cortex_a57: errata workaround for 826977 was missing! WARNING: BL31: cortex_a57: errata workaround for 828024 was missing! WARNING: BL31: cortex_a57: errata workaround for 829520 was missing! WARNING: BL31: cortex_a57: errata workaround for 833471 was missing! ... VERBOSE: BL31: cortex_a53: errata workaround for 826319 was not applied INFO: BL31: cortex_a53: errata workaround for disable_non_temporal_hint was applied Also update documentation. Change-Id: Iccf059d3348adb876ca121cdf5207bdbbacf2aba Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
At present, spin locks can only defined from C files. Add some macros such that they can be defined from assembly files too. Change-Id: I64f0c214062f5c15b3c8b412c7f25c908e87d970 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Douglas Raillard authored
Disable the automatic substitution of functions with builtins. The existing -ffreestanding option should already do this but explicitly adding -fno-builtin reduces the risk of compiler variation. With this option, GCC is not supposed to be able to make assumptions on what the function does, which could otherwise lead to security-sensitive code removal. This can lead to potentially less efficient code but improves predictability of what code is actually compiled into the binary. Change-Id: I06ad151c61318bd1b00d84976f051d2d94314acc Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 28 Jan, 2017 2 commits
-
-
Masahiro Yamada authored
The current fiptool packs all the images without any padding between them. So, the offset to each image has no alignment. This is not efficient, for example, when the FIP is read from a block-oriented device. For example, (e)MMC is accessed by block-addressing. The block size is 512 byte. So, the best case is each image is aligned by 512 byte since the DMA engine can transfer the whole of the image to its load address directly. The worst case is the offset does not have even DMA-capable alignment (this is where we stand now). In this case, we need to transfer every block to a bounce buffer, then do memcpy() from the bounce buffer to our final destination. At least, this should work with the abstraction by the block I/O layer, but the CPU-intervention for the whole data transfer makes it really slow. This commit adds a new option --align to the fiptool. This option, if given, requests the tool to align each component in the FIP file by the specified byte. Also, add a new Make option FIP_ALIGN for easier access to this feature; users can give something like FIP_ALIGN=512 from the command line, or add "FIP_ALIGN := 512" to their platform.mk file. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The struct image has "uuid" and "size" to memorize the field values they had in the TOC entry. So, parse_fip() copies them from struct fip_toc_entry to struct image, then pack_images() copies them back to struct fip_toc_entry. The next commit (support --align option) will require to save the "offset" field as well. This makes me realize that struct image can embed struct fip_toc_entry. This commit will allow the "flags" field to persevere the "update" command. At this moment, the "flags" is not used in a useful way. (Yet, platforms can save their own parameters in the flags field.) It makes sense to save it unless users explicitly replace the image. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 27 Jan, 2017 8 commits
-
-
Masahiro Yamada authored
We have same patterns for fwrite(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The global option --verbose should come after the "fiptool". Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
We need not mention like [--force], [--out <path>] because they are included in [opts]. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
We need not handle the image_head as a special case. Just use a double-pointer to simplify the traverse. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
lookup_image(_desc)_from_uuid() traverses the linked list, so it is not efficient. We just want to make sure *p points to NULL here. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
Commit e0f083a0 ("fiptool: Prepare ground for expanding the set of images at runtime") introduced another side effect; the "update" command now changes the image order in the FIP. Let's say you have an FIP with BL2, BL31, BL32, BL33. If you update for example, BL32 with the "update" command, you will get a new FIP with BL2, BL31, BL33, BL32, in this order. It happens like this; remove_image() removes the old image from the linked list, add_image() adds the new image at the tail of the list, then images are packed in the new order. Prior to that commit, images were updated by replace_image(), but it was deleted by the re-work. Revive replace_image() that is re-implemented to work with the linked list. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The conditional if (desc != NULL) ... is always true here because we assert it 6 lines above: assert(desc != NULL); Remove the if-conditional and concatenate the printf() calls. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
This line should check the existence of the input file, but it is actually checking the output file. When -o option is given to the "update" command, the outfile is unlikely to exist, then parse_fip() is skipped and an empty FIP file is output. This is wrong behavior. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 26 Jan, 2017 3 commits
-
-
danh-arm authored
Patches for 8173 crbook
-
Jeenu Viswambharan authored
The current user guide mentions that Foundation model doesn't support debugger interface. Clarify that all FVPs support --cadi-server option such that a CADI-compliant debugger can connect to and control model execution. Also fix broken URL to FVP home page. Change-Id: Ia14d618a4e0abb4b228eb1616040f9b51fb3f6f9 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
David Cunado authored
With GCC 6.2 compiler, more C undefined behaviour is being flagged as warnings, which result in build errors in ARM TF build. The specific issue that this patch resolves is the use of (1 << 31), which is predominantly used in case statements, where 1 is represented as a signed int. When shifted to msb the behaviour is undefined. The resolution is to specify 1 as an unsigned int using a convenience macro ULL(). A duplicate macro MAKE_ULL() is replaced. Fixes ARM-software/tf-issues#438 Change-Id: I08e3053bbcf4c022ee2be33a75bd0056da4073e1 Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 24 Jan, 2017 7 commits
-
-
danh-arm authored
Import constant-time bcmp() and use it where necessary
-
Antonio Nino Diaz authored
To avoid timing side-channel attacks, it is needed to use a constant time memory comparison function when comparing hashes. The affected code only cheks for equality so it isn't needed to use any variant of memcmp(), bcmp() is enough. Also, timingsafe_bcmp() is as fast as memcmp() when the two compared regions are equal, so this change incurrs no performance hit in said case. In case they are unequal, the boot sequence wouldn't continue as normal, so performance is not an issue. Change-Id: I1c7c70ddfa4438e6031c8814411fef79fd3bb4df Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Some side-channel attacks involve an attacker inferring something from the time taken for a memory compare operation to complete, for example when comparing hashes during image authentication. To mitigate this, timingsafe_bcmp() must be used for such operations instead of the standard memcmp(). This function executes in constant time and so doesn't leak any timing information to the caller. Change-Id: I470a723dc3626a0ee6d5e3f7fd48d0a57b8aa5fd Signed-off-by: dp-arm <dimitris.papastamos@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
danh-arm authored
Add strnlen() to local C library
-
Sandrine Bailleux authored
This code has been imported and slightly adapted from FreeBSD: https://github.com/freebsd/freebsd/blob/6253393ad8df55730481bf2aafd76bdd6182e2f5/lib/libc/string/strnlen.c Change-Id: Ie5ef5f92e6e904adb88f8628077fdf1d27470eb3 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Koan-Sin Tan authored
Now it's possbile to build BL31 for MT8173 with ERROR_DEPRECATED=1. Signed-off-by: Koan-Sin Tan <koansin.tan@gmail.com>
-
Koan-Sin Tan authored
Signed-off-by: Koan-Sin Tan <koansin.tan@gmail.com>
-