1. 16 May, 2017 1 commit
    • Antonio Nino Diaz's avatar
      Simplify assert() to reduce memory usage · 0da2fe7e
      Antonio Nino Diaz authored
      
      
      The behaviour of assert() now depends on the value of the new optional
      platform define `PLAT_LOG_LEVEL_ASSERT`. This defaults to `LOG_LEVEL` if
      not defined by the platform.
      
      - If `PLAT_LOG_LEVEL_ASSERT` >= `LOG_LEVEL_VERBOSE`, it prints the file
        name, line and asserted expression.
      - If `PLAT_LOG_LEVEL_ASSERT` >= `LOG_LEVEL_INFO`, it prints the file
        name and line.
      - If not, it doesn't print anything.
      
      Note the old behaviour was to print the function name whereas now it
      prints the file name. This reduces memory usage because the file name is
      shared between all assert calls in a given file. Also, the default
      behaviour in debug builds is to no longer print the asserted expression,
      greatly reducing the string usage.
      
      For FVP debug builds this change saves approximately:
      
                    No TBBR    TBBR
              BL1    1.6 KB   2.2 KB
              BL2    1.7 KB   2.1 KB
              BL31   2.6 KB   3.3 KB
      
      Change-Id: I2947569d593df0b25611dc3c7a6096f42155c115
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      0da2fe7e
  2. 05 May, 2017 1 commit
    • David Cunado's avatar
      Update AEM and Cortex Models versions · b9ecb216
      David Cunado authored
      
      
      AEMv8-A Model release v8.4 has been made available and Trusted Firmware
      has been tested against these versions as part of its CI system. This
      patch updates the user guide documentation to reflect the version of AEM
      and Cortex Models that Trusted Firmware has been tested against.
      
      Additionally, ARM FVPs FVP_Base_Cortex-A57x1-A53x1 and
      FVP_Base_Cortex-A57x2-A53x4 are removed from the list of tested FVPs
      as they are currently not being tested with the latest version of ARM
      Trusted Firmware.
      
      Also, documentation and links to Linaro pages have been updated to
      reflect the changes in the ARM community document hosting.
      
      Change-Id: Idae97303ce0929c82b137017de84ce94678f6f2b
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      b9ecb216
  3. 04 May, 2017 1 commit
    • Jeenu Viswambharan's avatar
      Introduce ARM SiP service to switch execution state · b10d4499
      Jeenu Viswambharan authored
      
      
      In AArch64, privileged exception levels control the execution state
      (a.k.a. register width) of the immediate lower Exception Level; i.e.
      whether the lower exception level executes in AArch64 or AArch32 state.
      For an exception level to have its execution state changed at run time,
      it must request the change by raising a synchronous exception to the
      higher exception level.
      
      This patch implements and adds such a provision to the ARM SiP service,
      by which an immediate lower exception level can request to switch its
      execution state. The execution state is switched if the request is:
      
        - raised from non-secure world;
      
        - raised on the primary CPU, before any secondaries are brought online
          with CPU_ON PSCI call;
      
        - raised from an exception level immediately below EL3: EL2, if
          implemented; otherwise NS EL1.
      
      If successful, the SMC doesn't return to the caller, but to the entry
      point supplied with the call. Otherwise, the caller will observe the SMC
      returning with STATE_SW_E_DENIED code. If ARM Trusted Firmware is built
      for AArch32, the feature is not supported, and the call will always
      fail.
      
      For the ARM SiP service:
      
        - Add SMC function IDs for both AArch32 and AArch64;
        - Increment the SiP service minor version to 2;
        - Adjust the number of supported SiP service calls.
      
      Add documentation for ARM SiP service.
      
      Fixes ARM-software/tf-issues#436
      
      Change-Id: I4347f2d6232e69fbfbe333b340fcd0caed0a4cea
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      b10d4499
  4. 26 Apr, 2017 1 commit
  5. 20 Apr, 2017 1 commit
    • Antonio Nino Diaz's avatar
      Remove build option `ASM_ASSERTION` · 044bb2fa
      Antonio Nino Diaz authored
      
      
      The build option `ENABLE_ASSERTIONS` should be used instead. That way
      both C and ASM assertions can be enabled or disabled together.
      
      All occurrences of `ASM_ASSERTION` in common code and ARM platforms have
      been replaced by `ENABLE_ASSERTIONS`.
      
      ASM_ASSERTION has been removed from the user guide.
      
      Change-Id: I51f1991f11b9b7ff83e787c9a3270c274748ec6f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      044bb2fa
  6. 19 Apr, 2017 3 commits
    • Antonio Nino Diaz's avatar
      Add `ENABLE_ASSERTIONS` build option · cc8b5632
      Antonio Nino Diaz authored
      
      
      Add the new build option `ENABLE_ASSERTIONS` that controls whether or
      not assert functions are compiled out. It defaults to 1 for debug builds
      and to 0 for release builds.
      
      Additionally, a following patch will be done to allow this build option
      to hide auxiliary code used for the checks done in an `assert()`. This
      code is is currently under the DEBUG build flag.
      
      Assert messages are now only printed if LOG_LEVEL >= LOG_LEVEL_INFO,
      which is the default for debug builds.
      
      This patch also updates the User Guide.
      
      Change-Id: I1401530b56bab25561bb0f274529f1d12c5263bc
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      cc8b5632
    • Soby Mathew's avatar
      PSCI: Build option to enable D-Caches early in warmboot · bcc3c49c
      Soby Mathew authored
      
      
      This patch introduces a build option to enable D-cache early on the CPU
      after warm boot. This is applicable for platforms which do not require
      interconnect programming to enable cache coherency (eg: single cluster
      platforms). If this option is enabled, then warm boot path enables
      D-caches immediately after enabling MMU.
      
      Fixes ARM-Software/tf-issues#456
      
      Change-Id: I44c8787d116d7217837ced3bcf0b1d3441c8d80e
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      bcc3c49c
    • Antonio Nino Diaz's avatar
      ARM platforms: Add option to use xlat tables lib v1 · 3b211ff5
      Antonio Nino Diaz authored
      
      
      ARM platforms have migrated to the translation tables library v2.
      However, for testing purposes, it can be useful to temporarily switch
      back to the old version.
      
      This patch introduces the option `ARM_XLAT_TABLES_LIB_V1`, that switches
      to v1 of the library when is set to 1. By default, it is 0, so that ARM
      platforms use the new version unless specifically stated.
      
      Updated User Guide.
      
      Change-Id: I53d3c8dd97706f6af9c6fca0364a88ef341efd31
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      3b211ff5
  7. 31 Mar, 2017 2 commits
    • Douglas Raillard's avatar
      Add support for GCC stack protection · 51faada7
      Douglas Raillard authored
      
      
      Introduce new build option ENABLE_STACK_PROTECTOR. It enables
      compilation of all BL images with one of the GCC -fstack-protector-*
      options.
      
      A new platform function plat_get_stack_protector_canary() is introduced.
      It returns a value that is used to initialize the canary for stack
      corruption detection. Returning a random value will prevent an attacker
      from predicting the value and greatly increase the effectiveness of the
      protection.
      
      A message is printed at the ERROR level when a stack corruption is
      detected.
      
      To be effective, the global data must be stored at an address
      lower than the base of the stacks. Failure to do so would allow an
      attacker to overwrite the canary as part of an attack which would void
      the protection.
      
      FVP implementation of plat_get_stack_protector_canary is weak as
      there is no real source of entropy on the FVP. It therefore relies on a
      timer's value, which could be predictable.
      
      Change-Id: Icaaee96392733b721fa7c86a81d03660d3c1bc06
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      51faada7
    • Antonio Nino Diaz's avatar
      Add and use plat_crash_console_flush() API · 801cf93c
      Antonio Nino Diaz authored
      
      
      This API makes sure that all the characters sent to the crash console
      are output before returning from it.
      
      Porting guide updated.
      
      Change-Id: I1785f970a40f6aacfbe592b6a911b1f249bb2735
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      801cf93c
  8. 29 Mar, 2017 1 commit
    • David Cunado's avatar
      Upgrade mbed TLS version · cfa33e2f
      David Cunado authored
      This patch updates the User Guide to recommend the latest version
      of mbed TLS library to use with ARM Trusted Firmware.
      
       - Upgrade mbed TLS library:   2.2.1 -> 2.4.2
      
      Change-Id: Ifb5386fec0673d6dbfdaa474233e397afc279c85
      cfa33e2f
  9. 27 Mar, 2017 1 commit
    • Summer Qin's avatar
      ARM platforms: Add support for MT bit in MPIDR · d8d6cf24
      Summer Qin authored
      
      
      This patch modifies some of the functions in ARM platform layer to cater
      for the case when multi-threading `MT` is set in MPIDR. A new build flag
      `ARM_PLAT_MT` is added, and when enabled, the functions accessing MPIDR
      now assume that the `MT` bit is set for the platform and access the bit
      fields accordingly.
      
      Also, a new API plat_arm_get_cpu_pe_count is added when `ARM_PLAT_MT` is
      enabled, returning the PE count within the physical cpu corresponding to
      `mpidr`.
      
      Change-Id: I04ccf212ac3054a60882761f4087bae299af13cb
      Signed-off-by: default avatarSummer Qin <summer.qin@arm.com>
      d8d6cf24
  10. 20 Mar, 2017 2 commits
    • dp-arm's avatar
      firmware-design: Fix typo in ToC header flags specification · d34f4f84
      dp-arm authored
      
      
      Fixes ARM-software/tf-issues#463
      
      Change-Id: I73e0c5fbd87004953df8b1fa19319ad562ecc867
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      d34f4f84
    • Andre Przywara's avatar
      Add workaround for ARM Cortex-A53 erratum 855873 · b75dc0e4
      Andre Przywara authored
      
      
      ARM erratum 855873 applies to all Cortex-A53 CPUs.
      The recommended workaround is to promote "data cache clean"
      instructions to "data cache clean and invalidate" instructions.
      For core revisions of r0p3 and later this can be done by setting a bit
      in the CPUACTLR_EL1 register, so that hardware takes care of the promotion.
      As CPUACTLR_EL1 is both IMPLEMENTATION DEFINED and can be trapped to EL3,
      we set the bit in firmware.
      Also we dump this register upon crashing to provide more debug
      information.
      
      Enable the workaround for the Juno boards.
      
      Change-Id: I3840114291958a406574ab6c49b01a9d9847fec8
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      b75dc0e4
  11. 08 Mar, 2017 2 commits
    • Antonio Nino Diaz's avatar
      Apply workaround for errata 813419 of Cortex-A57 · ccbec91c
      Antonio Nino Diaz authored
      
      
      TLBI instructions for EL3 won't have the desired effect under specific
      circumstances in Cortex-A57 r0p0. The workaround is to execute DSB and
      TLBI twice each time.
      
      Even though this errata is only needed in r0p0, the current errata
      framework is not prepared to apply run-time workarounds. The current one
      is always applied if compiled in, regardless of the CPU or its revision.
      
      This errata has been enabled for Juno.
      
      The `DSB` instruction used when initializing the translation tables has
      been changed to `DSB ISH` as an optimization and to be consistent with
      the barriers used for the workaround.
      
      Change-Id: Ifc1d70b79cb5e0d87e90d88d376a59385667d338
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      ccbec91c
    • Antonio Nino Diaz's avatar
      Add dynamic region support to xlat tables lib v2 · 0b64f4ef
      Antonio Nino Diaz authored
      
      
      Added APIs to add and remove regions to the translation tables
      dynamically while the MMU is enabled. Only static regions are allowed
      to overlap other static ones (for backwards compatibility).
      
      A new private attribute (MT_DYNAMIC / MT_STATIC) has been added to
      flag each region as such.
      
      The dynamic mapping functionality can be enabled or disabled when
      compiling by setting the build option PLAT_XLAT_TABLES_DYNAMIC to 1
      or 0. This can be done per-image.
      
      TLB maintenance code during dynamic table mapping and unmapping has
      also been added.
      
      Fixes ARM-software/tf-issues#310
      
      Change-Id: I19e8992005c4292297a382824394490c5387aa3b
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      0b64f4ef
  12. 02 Mar, 2017 3 commits
    • Jeenu Viswambharan's avatar
      PSCI: Optimize call paths if all participants are cache-coherent · b0408e87
      Jeenu Viswambharan authored
      
      
      The current PSCI implementation can apply certain optimizations upon the
      assumption that all PSCI participants are cache-coherent.
      
        - Skip performing cache maintenance during power-up.
      
        - Skip performing cache maintenance during power-down:
      
          At present, on the power-down path, CPU driver disables caches and
          MMU, and performs cache maintenance in preparation for powering down
          the CPU. This means that PSCI must perform additional cache
          maintenance on the extant stack for correct functioning.
      
          If all participating CPUs are cache-coherent, CPU driver would
          neither disable MMU nor perform cache maintenance. The CPU being
          powered down, therefore, remain cache-coherent throughout all PSCI
          call paths. This in turn means that PSCI cache maintenance
          operations are not required during power down.
      
        - Choose spin locks instead of bakery locks:
      
          The current PSCI implementation must synchronize both cache-coherent
          and non-cache-coherent participants. Mutual exclusion primitives are
          not guaranteed to function on non-coherent memory. For this reason,
          the current PSCI implementation had to resort to bakery locks.
      
          If all participants are cache-coherent, the implementation can
          enable MMU and data caches early, and substitute bakery locks for
          spin locks. Spin locks make use of architectural mutual exclusion
          primitives, and are lighter and faster.
      
      The optimizations are applied when HW_ASSISTED_COHERENCY build option is
      enabled, as it's expected that all PSCI participants are cache-coherent
      in those systems.
      
      Change-Id: Iac51c3ed318ea7e2120f6b6a46fd2db2eae46ede
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      b0408e87
    • Jeenu Viswambharan's avatar
      build: Define build option for hardware-assisted coherency · 3c251af3
      Jeenu Viswambharan authored
      
      
      The boolean build option HW_ASSISTED_COHERENCY is introduced to enable
      various optimizations in ARM Trusted Software, when built for such
      systems. It's set to 0 by default.
      
      Change-Id: I638390da6e1718fe024dcf5b402e07084f1eb014
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      3c251af3
    • Summer Qin's avatar
      Update LOAD_IMAGE_V2 user guide documentation · 7334e5c7
      Summer Qin authored
      
      
      Now the TRUSTED_BOARD_BOOT is supported for AArch64 when LOAD_IMAGE_V2
      is enabled. This patch updates the user-guide.md documentation for the
      same.
      
      Change-Id: I97de07435c81258c2a5f41a30a69736863a10bd1
      Signed-off-by: default avatarSummer Qin <summer.qin@arm.com>
      7334e5c7
  13. 28 Feb, 2017 1 commit
  14. 23 Feb, 2017 1 commit
  15. 22 Feb, 2017 2 commits
    • Varun Wadekar's avatar
      Tegra: init normal/crash console for platforms · e1084216
      Varun Wadekar authored
      
      
      The BL2 fills in the UART controller ID to be used as the normal as
      well as the crash console on Tegra platforms. The controller ID to
      UART controller base address mapping is handled by each Tegra SoC
      the base addresses might change across Tegra chips.
      
      This patch adds the handler to parse the platform params to get the
      UART ID for the per-soc handlers.
      
      Change-Id: I4d167b20a59aaf52a31e2a8edf94d8d6f89598fa
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      e1084216
    • Varun Wadekar's avatar
      Tegra: add tzdram_base to plat_params_from_bl2 struct · e0d4158c
      Varun Wadekar authored
      
      
      This patch adds another member, tzdram_base, to the plat_params_from_bl2 struct
      in order to store the TZDRAM carveout base address used to load the Trusted OS.
      The monitor programs the memory controller with the TZDRAM base and size in order
      to deny any accesses from the NS world.
      
      Change-Id: If39b8674d548175d7ccb6525c18d196ae8a8506c
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      e0d4158c
  16. 14 Feb, 2017 1 commit
    • Jeenu Viswambharan's avatar
      Introduce locking primitives using CAS instruction · c877b414
      Jeenu Viswambharan authored
      
      
      The ARMv8v.1 architecture extension has introduced support for far
      atomics, which includes compare-and-swap. Compare and Swap instruction
      is only available for AArch64.
      
      Introduce build options to choose the architecture versions to target
      ARM Trusted Firmware:
      
        - ARM_ARCH_MAJOR: selects the major version of target ARM
          Architecture. Default value is 8.
      
        - ARM_ARCH_MINOR: selects the minor version of target ARM
          Architecture. Default value is 0.
      
      When:
      
        (ARM_ARCH_MAJOR > 8) || ((ARM_ARCH_MAJOR == 8) && (ARM_ARCH_MINOR >= 1)),
      
      for AArch64, Compare and Swap instruction is used to implement spin
      locks. Otherwise, the implementation falls back to using
      load-/store-exclusive instructions.
      
      Update user guide, and introduce a section in Firmware Design guide to
      summarize support for features introduced in ARMv8 Architecture
      Extensions.
      
      Change-Id: I73096a0039502f7aef9ec6ab3ae36680da033f16
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      c877b414
  17. 13 Feb, 2017 2 commits
    • David Cunado's avatar
      Migrate to Linaro Release 16.12 · e361cf3b
      David Cunado authored
      
      
      This Linaro release updates both the binaries and the toolchain:
      Linaro binaries upgraded 16.06 --> 16.12
      AArch64 compiler upgraded 15.05 (gcc 4.9) --> 5.3-2015.05 (gcc 5.3)
      AArch32 compiler upgraded 15.05 (gcc 4.9) --> 5.3-2015.05 (gcc 5.3)
      
      The ARM TF codebase has been tested against these new binaries. This patch
      updates the User Guide to reflect that the 16.12 release is now a supported
      Linaro Release.
      
      Change-Id: I6247e820f591df7d05df4f622ee45a3abf2c2d72
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      e361cf3b
    • dp-arm's avatar
      PSCI: Decouple PSCI stat residency calculation from PMF · 04c1db1e
      dp-arm authored
      
      
      This patch introduces the following three platform interfaces:
      
      * void plat_psci_stat_accounting_start(const psci_power_state_t *state_info)
      
        This is an optional hook that platforms can implement in order
        to perform accounting before entering a low power state.  This
        typically involves capturing a timestamp.
      
      * void plat_psci_stat_accounting_stop(const psci_power_state_t *state_info)
      
        This is an optional hook that platforms can implement in order
        to perform accounting after exiting from a low power state.  This
        typically involves capturing a timestamp.
      
      * u_register_t plat_psci_stat_get_residency(unsigned int lvl,
      	const psci_power_state_t *state_info,
      	unsigned int last_cpu_index)
      
        This is an optional hook that platforms can implement in order
        to calculate the PSCI stat residency.
      
      If any of these interfaces are overridden by the platform, it is
      recommended that all of them are.
      
      By default `ENABLE_PSCI_STAT` is disabled.  If `ENABLE_PSCI_STAT`
      is set but `ENABLE_PMF` is not set then an alternative PSCI stat
      collection backend must be provided.  If both are set, then default
      weak definitions of these functions are provided, using PMF to
      calculate the residency.
      
      NOTE: Previously, platforms did not have to explicitly set
      `ENABLE_PMF` since this was automatically done by the top-level
      Makefile.
      
      Change-Id: I17b47804dea68c77bc284df15ee1ccd66bc4b79b
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      04c1db1e
  18. 10 Feb, 2017 1 commit
    • David Cunado's avatar
      Update AEM and Cortex Models versions · dbd1ab8e
      David Cunado authored
      
      
      AEMv8-A Model release v8.2 has been made available and Trusted Firmware
      has been tested against these versions as part of its CI system. This
      patch updates the user guide documentation to reflect the version of AEM
      and Cortex Models that Trusted Firmware has been tested against.
      
      Also, the Linaro Release Notes link was broken and this patch updates the
      link.
      
      Change-Id: I88729cef909a69fff629036f480fd6168ad7dc9a
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      dbd1ab8e
  19. 06 Feb, 2017 2 commits
    • Douglas Raillard's avatar
      Introduce unified API to zero memory · 308d359b
      Douglas Raillard authored
      
      
      Introduce zeromem_dczva function on AArch64 that can handle unaligned
      addresses and make use of DC ZVA instruction to zero a whole block at a
      time. This zeroing takes place directly in the cache to speed it up
      without doing external memory access.
      
      Remove the zeromem16 function on AArch64 and replace it with an alias to
      zeromem. This zeromem16 function is now deprecated.
      
      Remove the 16-bytes alignment constraint on __BSS_START__ in
      firmware-design.md as it is now not mandatory anymore (it used to comply
      with zeromem16 requirements).
      
      Change the 16-bytes alignment constraints in SP min's linker script to a
      8-bytes alignment constraint as the AArch32 zeromem implementation is now
      more efficient on 8-bytes aligned addresses.
      
      Introduce zero_normalmem and zeromem helpers in platform agnostic header
      that are implemented this way:
      * AArch32:
      	* zero_normalmem: zero using usual data access
      	* zeromem: alias for zero_normalmem
      * AArch64:
      	* zero_normalmem: zero normal memory  using DC ZVA instruction
      	                  (needs MMU enabled)
      	* zeromem: zero using usual data access
      
      Usage guidelines: in most cases, zero_normalmem should be preferred.
      
      There are 2 scenarios where zeromem (or memset) must be used instead:
      * Code that must run with MMU disabled (which means all memory is
        considered device memory for data accesses).
      * Code that fills device memory with null bytes.
      
      Optionally, the following rule can be applied if performance is
      important:
      * Code zeroing small areas (few bytes) that are not secrets should use
        memset to take advantage of compiler optimizations.
      
        Note: Code zeroing security-related critical information should use
        zero_normalmem/zeromem instead of memset to avoid removal by
        compilers' optimizations in some cases or misbehaving versions of GCC.
      
      Fixes ARM-software/tf-issues#408
      
      Change-Id: Iafd9663fc1070413c3e1904e54091cf60effaa82
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      308d359b
    • Masahiro Yamada's avatar
      zynqmp: remove RESET_TO_BL31=1 from build instruction · 4fff02c6
      Masahiro Yamada authored
      
      
      RESET_TO_BL31=1 is specified by plat/xilinx/zynqmp/platform.mk with
      "override" directive.  So, RESET_TO_BL31=1 is guaranteed without any
      operation on users' side.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      4fff02c6
  20. 30 Jan, 2017 1 commit
    • Jeenu Viswambharan's avatar
      Report errata workaround status to console · 10bcd761
      Jeenu Viswambharan authored
      
      
      The errata reporting policy is as follows:
      
        - If an errata workaround is enabled:
      
          - If it applies (i.e. the CPU is affected by the errata), an INFO
            message is printed, confirming that the errata workaround has been
            applied.
      
          - If it does not apply, a VERBOSE message is printed, confirming
            that the errata workaround has been skipped.
      
        - If an errata workaround is not enabled, but would have applied had
          it been, a WARN message is printed, alerting that errata workaround
          is missing.
      
      The CPU errata messages are printed by both BL1 (primary CPU only) and
      runtime firmware on debug builds, once for each CPU/errata combination.
      
      Relevant output from Juno r1 console when ARM Trusted Firmware is built
      with PLAT=juno LOG_LEVEL=50 DEBUG=1:
      
        VERBOSE: BL1: cortex_a57: errata workaround for 806969 was not applied
        VERBOSE: BL1: cortex_a57: errata workaround for 813420 was not applied
        INFO:    BL1: cortex_a57: errata workaround for disable_ldnp_overread was applied
        WARNING: BL1: cortex_a57: errata workaround for 826974 was missing!
        WARNING: BL1: cortex_a57: errata workaround for 826977 was missing!
        WARNING: BL1: cortex_a57: errata workaround for 828024 was missing!
        WARNING: BL1: cortex_a57: errata workaround for 829520 was missing!
        WARNING: BL1: cortex_a57: errata workaround for 833471 was missing!
        ...
        VERBOSE: BL31: cortex_a57: errata workaround for 806969 was not applied
        VERBOSE: BL31: cortex_a57: errata workaround for 813420 was not applied
        INFO:    BL31: cortex_a57: errata workaround for disable_ldnp_overread was applied
        WARNING: BL31: cortex_a57: errata workaround for 826974 was missing!
        WARNING: BL31: cortex_a57: errata workaround for 826977 was missing!
        WARNING: BL31: cortex_a57: errata workaround for 828024 was missing!
        WARNING: BL31: cortex_a57: errata workaround for 829520 was missing!
        WARNING: BL31: cortex_a57: errata workaround for 833471 was missing!
        ...
        VERBOSE: BL31: cortex_a53: errata workaround for 826319 was not applied
        INFO:    BL31: cortex_a53: errata workaround for disable_non_temporal_hint was applied
      
      Also update documentation.
      
      Change-Id: Iccf059d3348adb876ca121cdf5207bdbbacf2aba
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      10bcd761
  21. 26 Jan, 2017 1 commit
  22. 20 Dec, 2016 1 commit
    • Sandrine Bailleux's avatar
      Improve FWU documentation · 34ba298e
      Sandrine Bailleux authored
      
      
       - Clarify the documentation of the 'FWU_SMC_IMAGE_COPY' SMC in the
         Firmware Update guide. Also extend the list of pre-conditions to
         include the additional input validation implemented by previous
         patches.
      
       - Improve documentation of bl1_plat_mem_check() in the porting
         guide. It now specifies that the generic FWU code protects
         bl1_plat_mem_check() from integer overflows resulting from
         the addition of the base address and size passed in arguments.
      
      Change-Id: I07b47a3778df7b9c089529b2dd2135707640a91c
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      34ba298e
  23. 15 Dec, 2016 3 commits
    • David Cunado's avatar
      Update Foundation Model version · 8434f76f
      David Cunado authored
      
      
      Foundation Model release 10.2 has been made available and Trusted
      Firmware has been tested against that it as part of its CI system.
      
      This patch updates the user guide documentation to reflect the version
      of Foundation Model that Trusted Firmware has been tested against.
      
      Change-Id: I8571e1027b24892b41d04b93b24245a371ca2cae
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      8434f76f
    • Jeenu Viswambharan's avatar
      Add provision to extend CPU operations at more levels · 5dd9dbb5
      Jeenu Viswambharan authored
      
      
      Various CPU drivers in ARM Trusted Firmware register functions to handle
      power-down operations. At present, separate functions are registered to
      power down individual cores and clusters.
      
      This scheme operates on the basis of core and cluster, and doesn't cater
      for extending the hierarchy for power-down operations. For example,
      future CPUs might support multiple threads which might need powering
      down individually.
      
      This patch therefore reworks the CPU operations framework to allow for
      registering power down handlers on specific level basis. Henceforth:
      
        - Generic code invokes CPU power down operations by the level
          required.
      
        - CPU drivers explicitly mention CPU_NO_RESET_FUNC when the CPU has no
          reset function.
      
        - CPU drivers register power down handlers as a list: a mandatory
          handler for level 0, and optional handlers for higher levels.
      
      All existing CPU drivers are adapted to the new CPU operations framework
      without needing any functional changes within.
      
      Also update firmware design guide.
      
      Change-Id: I1826842d37a9e60a9e85fdcee7b4b8f6bc1ad043
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      5dd9dbb5
    • dp-arm's avatar
      tbbr: Fix updating of Non-Trusted NV counter · d35dee23
      dp-arm authored
      
      
      The previous code required that a certificate be signed with the ROT
      key before the platform's NV counter could be updated with the value
      in the certificate.  This implies that the Non-Trusted NV counter was
      not being updated for Non-Trusted content certificates, as they cannot
      be signed with the ROT key in the TBBR CoT scheme.
      
      The code is reworked to only allow updating the platform's Trusted NV
      counter when a certificate protected by the Trusted NV counter is
      signed with the ROT key.
      
      Content certificates protected by the Non-Trusted NV counter are
      allowed to update the platform's Non-Trusted NV counter, assuming
      that the certificate value is higher than the platform's value.
      
      A new optional platform API has been introduced, named
      plat_set_nv_ctr2().  Platforms may choose to implement it and perform
      additional checks based on the authentication image descriptor before
      modifying the NV counters.  A default weak implementation is available
      that just calls into plat_set_nv_ctr().
      
      Fixes ARM-software/tf-issues#426
      
      Change-Id: I4fc978fd28a3007bc0cef972ff1f69ad0413b79c
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      d35dee23
  24. 13 Dec, 2016 2 commits
    • Antonio Nino Diaz's avatar
      Add PLAT_xxx_ADDR_SPACE_SIZE definitions · 0029624f
      Antonio Nino Diaz authored
      
      
      Added the definitions `PLAT_PHY_ADDR_SPACE_SIZE` and
      `PLAT_VIRT_ADDR_SPACE_SIZE` which specify respectively the physical
      and virtual address space size a platform can use.
      
      `ADDR_SPACE_SIZE` is now deprecated. To maintain compatibility, if any
      of the previous defines aren't present, the value of `ADDR_SPACE_SIZE`
      will be used instead.
      
      For AArch64, register ID_AA64MMFR0_EL1 is checked to calculate the
      max PA supported by the hardware and to verify that the previously
      mentioned definition is valid. For AArch32, a 40 bit physical
      address space is considered.
      
      Added asserts to check for overflows.
      
      Porting guide updated.
      
      Change-Id: Ie8ce1da5967993f0c94dbd4eb9841fc03d5ef8d6
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      0029624f
    • Jeenu Viswambharan's avatar
      Docs: Fix monospace formatting in user guide · adefa3d8
      Jeenu Viswambharan authored
      
      
      Change-Id: I28b2790ff2f87b9fe3cf1020e59e1e0a00be6f97
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      adefa3d8
  25. 22 Nov, 2016 1 commit
  26. 17 Nov, 2016 1 commit
    • Douglas Raillard's avatar
      Docs: Clarify IRQ/FIQ handler API in Interrupt Design Guide · 94a8ca24
      Douglas Raillard authored
      
      
      The API description currently states that interrupt handlers
      (interrupt_type_handler_t pointers) SHOULD return a pointer
      to the target cpu_context.
      
      This patch rewords the description of the interrupts handlers to state
      that it MUST return a pointer to the target security context. It also
      warns about potential portability issue. Specifically, this pointer is
      not used on AArch64 and calls to context library APIs must be used to
      ask BL31 to return to a specific context. However, this could change in
      the future and interrupt handlers must always return the pointer.
      
      Change-Id: I3f82a046de4d7a5b51a8cbebe7eb2a00dbbdb4f0
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      94a8ca24
  27. 14 Nov, 2016 1 commit