- 16 May, 2017 1 commit
-
-
Antonio Nino Diaz authored
The behaviour of assert() now depends on the value of the new optional platform define `PLAT_LOG_LEVEL_ASSERT`. This defaults to `LOG_LEVEL` if not defined by the platform. - If `PLAT_LOG_LEVEL_ASSERT` >= `LOG_LEVEL_VERBOSE`, it prints the file name, line and asserted expression. - If `PLAT_LOG_LEVEL_ASSERT` >= `LOG_LEVEL_INFO`, it prints the file name and line. - If not, it doesn't print anything. Note the old behaviour was to print the function name whereas now it prints the file name. This reduces memory usage because the file name is shared between all assert calls in a given file. Also, the default behaviour in debug builds is to no longer print the asserted expression, greatly reducing the string usage. For FVP debug builds this change saves approximately: No TBBR TBBR BL1 1.6 KB 2.2 KB BL2 1.7 KB 2.1 KB BL31 2.6 KB 3.3 KB Change-Id: I2947569d593df0b25611dc3c7a6096f42155c115 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 05 May, 2017 1 commit
-
-
David Cunado authored
AEMv8-A Model release v8.4 has been made available and Trusted Firmware has been tested against these versions as part of its CI system. This patch updates the user guide documentation to reflect the version of AEM and Cortex Models that Trusted Firmware has been tested against. Additionally, ARM FVPs FVP_Base_Cortex-A57x1-A53x1 and FVP_Base_Cortex-A57x2-A53x4 are removed from the list of tested FVPs as they are currently not being tested with the latest version of ARM Trusted Firmware. Also, documentation and links to Linaro pages have been updated to reflect the changes in the ARM community document hosting. Change-Id: Idae97303ce0929c82b137017de84ce94678f6f2b Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 04 May, 2017 1 commit
-
-
Jeenu Viswambharan authored
In AArch64, privileged exception levels control the execution state (a.k.a. register width) of the immediate lower Exception Level; i.e. whether the lower exception level executes in AArch64 or AArch32 state. For an exception level to have its execution state changed at run time, it must request the change by raising a synchronous exception to the higher exception level. This patch implements and adds such a provision to the ARM SiP service, by which an immediate lower exception level can request to switch its execution state. The execution state is switched if the request is: - raised from non-secure world; - raised on the primary CPU, before any secondaries are brought online with CPU_ON PSCI call; - raised from an exception level immediately below EL3: EL2, if implemented; otherwise NS EL1. If successful, the SMC doesn't return to the caller, but to the entry point supplied with the call. Otherwise, the caller will observe the SMC returning with STATE_SW_E_DENIED code. If ARM Trusted Firmware is built for AArch32, the feature is not supported, and the call will always fail. For the ARM SiP service: - Add SMC function IDs for both AArch32 and AArch64; - Increment the SiP service minor version to 2; - Adjust the number of supported SiP service calls. Add documentation for ARM SiP service. Fixes ARM-software/tf-issues#436 Change-Id: I4347f2d6232e69fbfbe333b340fcd0caed0a4cea Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 26 Apr, 2017 1 commit
-
-
David Cunado authored
Since Issue B (November 2016) of the SMC Calling Convention document standard SMC calls are renamed to yielding SMC calls to help avoid confusion with the standard service SMC range, which remains unchanged. http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf This patch adds a new define for yielding SMC call type and deprecates the current standard SMC call type. The tsp is migrated to use this new terminology and, additionally, the documentation and code comments are updated to use this new terminology. Change-Id: I0d7cc0224667ee6c050af976745f18c55906a793 Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 20 Apr, 2017 1 commit
-
-
Antonio Nino Diaz authored
The build option `ENABLE_ASSERTIONS` should be used instead. That way both C and ASM assertions can be enabled or disabled together. All occurrences of `ASM_ASSERTION` in common code and ARM platforms have been replaced by `ENABLE_ASSERTIONS`. ASM_ASSERTION has been removed from the user guide. Change-Id: I51f1991f11b9b7ff83e787c9a3270c274748ec6f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 19 Apr, 2017 3 commits
-
-
Antonio Nino Diaz authored
Add the new build option `ENABLE_ASSERTIONS` that controls whether or not assert functions are compiled out. It defaults to 1 for debug builds and to 0 for release builds. Additionally, a following patch will be done to allow this build option to hide auxiliary code used for the checks done in an `assert()`. This code is is currently under the DEBUG build flag. Assert messages are now only printed if LOG_LEVEL >= LOG_LEVEL_INFO, which is the default for debug builds. This patch also updates the User Guide. Change-Id: I1401530b56bab25561bb0f274529f1d12c5263bc Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Soby Mathew authored
This patch introduces a build option to enable D-cache early on the CPU after warm boot. This is applicable for platforms which do not require interconnect programming to enable cache coherency (eg: single cluster platforms). If this option is enabled, then warm boot path enables D-caches immediately after enabling MMU. Fixes ARM-Software/tf-issues#456 Change-Id: I44c8787d116d7217837ced3bcf0b1d3441c8d80e Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Antonio Nino Diaz authored
ARM platforms have migrated to the translation tables library v2. However, for testing purposes, it can be useful to temporarily switch back to the old version. This patch introduces the option `ARM_XLAT_TABLES_LIB_V1`, that switches to v1 of the library when is set to 1. By default, it is 0, so that ARM platforms use the new version unless specifically stated. Updated User Guide. Change-Id: I53d3c8dd97706f6af9c6fca0364a88ef341efd31 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 31 Mar, 2017 2 commits
-
-
Douglas Raillard authored
Introduce new build option ENABLE_STACK_PROTECTOR. It enables compilation of all BL images with one of the GCC -fstack-protector-* options. A new platform function plat_get_stack_protector_canary() is introduced. It returns a value that is used to initialize the canary for stack corruption detection. Returning a random value will prevent an attacker from predicting the value and greatly increase the effectiveness of the protection. A message is printed at the ERROR level when a stack corruption is detected. To be effective, the global data must be stored at an address lower than the base of the stacks. Failure to do so would allow an attacker to overwrite the canary as part of an attack which would void the protection. FVP implementation of plat_get_stack_protector_canary is weak as there is no real source of entropy on the FVP. It therefore relies on a timer's value, which could be predictable. Change-Id: Icaaee96392733b721fa7c86a81d03660d3c1bc06 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
Antonio Nino Diaz authored
This API makes sure that all the characters sent to the crash console are output before returning from it. Porting guide updated. Change-Id: I1785f970a40f6aacfbe592b6a911b1f249bb2735 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 29 Mar, 2017 1 commit
-
-
David Cunado authored
This patch updates the User Guide to recommend the latest version of mbed TLS library to use with ARM Trusted Firmware. - Upgrade mbed TLS library: 2.2.1 -> 2.4.2 Change-Id: Ifb5386fec0673d6dbfdaa474233e397afc279c85
-
- 27 Mar, 2017 1 commit
-
-
Summer Qin authored
This patch modifies some of the functions in ARM platform layer to cater for the case when multi-threading `MT` is set in MPIDR. A new build flag `ARM_PLAT_MT` is added, and when enabled, the functions accessing MPIDR now assume that the `MT` bit is set for the platform and access the bit fields accordingly. Also, a new API plat_arm_get_cpu_pe_count is added when `ARM_PLAT_MT` is enabled, returning the PE count within the physical cpu corresponding to `mpidr`. Change-Id: I04ccf212ac3054a60882761f4087bae299af13cb Signed-off-by: Summer Qin <summer.qin@arm.com>
-
- 20 Mar, 2017 2 commits
-
-
dp-arm authored
Fixes ARM-software/tf-issues#463 Change-Id: I73e0c5fbd87004953df8b1fa19319ad562ecc867 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
Andre Przywara authored
ARM erratum 855873 applies to all Cortex-A53 CPUs. The recommended workaround is to promote "data cache clean" instructions to "data cache clean and invalidate" instructions. For core revisions of r0p3 and later this can be done by setting a bit in the CPUACTLR_EL1 register, so that hardware takes care of the promotion. As CPUACTLR_EL1 is both IMPLEMENTATION DEFINED and can be trapped to EL3, we set the bit in firmware. Also we dump this register upon crashing to provide more debug information. Enable the workaround for the Juno boards. Change-Id: I3840114291958a406574ab6c49b01a9d9847fec8 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
- 08 Mar, 2017 2 commits
-
-
Antonio Nino Diaz authored
TLBI instructions for EL3 won't have the desired effect under specific circumstances in Cortex-A57 r0p0. The workaround is to execute DSB and TLBI twice each time. Even though this errata is only needed in r0p0, the current errata framework is not prepared to apply run-time workarounds. The current one is always applied if compiled in, regardless of the CPU or its revision. This errata has been enabled for Juno. The `DSB` instruction used when initializing the translation tables has been changed to `DSB ISH` as an optimization and to be consistent with the barriers used for the workaround. Change-Id: Ifc1d70b79cb5e0d87e90d88d376a59385667d338 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Added APIs to add and remove regions to the translation tables dynamically while the MMU is enabled. Only static regions are allowed to overlap other static ones (for backwards compatibility). A new private attribute (MT_DYNAMIC / MT_STATIC) has been added to flag each region as such. The dynamic mapping functionality can be enabled or disabled when compiling by setting the build option PLAT_XLAT_TABLES_DYNAMIC to 1 or 0. This can be done per-image. TLB maintenance code during dynamic table mapping and unmapping has also been added. Fixes ARM-software/tf-issues#310 Change-Id: I19e8992005c4292297a382824394490c5387aa3b Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 02 Mar, 2017 3 commits
-
-
Jeenu Viswambharan authored
The current PSCI implementation can apply certain optimizations upon the assumption that all PSCI participants are cache-coherent. - Skip performing cache maintenance during power-up. - Skip performing cache maintenance during power-down: At present, on the power-down path, CPU driver disables caches and MMU, and performs cache maintenance in preparation for powering down the CPU. This means that PSCI must perform additional cache maintenance on the extant stack for correct functioning. If all participating CPUs are cache-coherent, CPU driver would neither disable MMU nor perform cache maintenance. The CPU being powered down, therefore, remain cache-coherent throughout all PSCI call paths. This in turn means that PSCI cache maintenance operations are not required during power down. - Choose spin locks instead of bakery locks: The current PSCI implementation must synchronize both cache-coherent and non-cache-coherent participants. Mutual exclusion primitives are not guaranteed to function on non-coherent memory. For this reason, the current PSCI implementation had to resort to bakery locks. If all participants are cache-coherent, the implementation can enable MMU and data caches early, and substitute bakery locks for spin locks. Spin locks make use of architectural mutual exclusion primitives, and are lighter and faster. The optimizations are applied when HW_ASSISTED_COHERENCY build option is enabled, as it's expected that all PSCI participants are cache-coherent in those systems. Change-Id: Iac51c3ed318ea7e2120f6b6a46fd2db2eae46ede Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
The boolean build option HW_ASSISTED_COHERENCY is introduced to enable various optimizations in ARM Trusted Software, when built for such systems. It's set to 0 by default. Change-Id: I638390da6e1718fe024dcf5b402e07084f1eb014 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Summer Qin authored
Now the TRUSTED_BOARD_BOOT is supported for AArch64 when LOAD_IMAGE_V2 is enabled. This patch updates the user-guide.md documentation for the same. Change-Id: I97de07435c81258c2a5f41a30a69736863a10bd1 Signed-off-by: Summer Qin <summer.qin@arm.com>
-
- 28 Feb, 2017 1 commit
-
-
Varun Wadekar authored
This patch enables L2 ECC and Parity Protection for ARM Cortex-A57 CPUs for Tegra SoCs. Change-Id: I038fcd529991d0201a4951ce2730ab71b1c980f9 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 23 Feb, 2017 1 commit
-
-
Douglas Raillard authored
The errata is enabled by default on r0p4, which is confusing given that we state we do not enable errata by default. This patch clarifies this sentence by saying it is enabled in hardware by default. Change-Id: I70a062d93e1da2416d5f6d5776a77a659da737aa Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 22 Feb, 2017 2 commits
-
-
Varun Wadekar authored
The BL2 fills in the UART controller ID to be used as the normal as well as the crash console on Tegra platforms. The controller ID to UART controller base address mapping is handled by each Tegra SoC the base addresses might change across Tegra chips. This patch adds the handler to parse the platform params to get the UART ID for the per-soc handlers. Change-Id: I4d167b20a59aaf52a31e2a8edf94d8d6f89598fa Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch adds another member, tzdram_base, to the plat_params_from_bl2 struct in order to store the TZDRAM carveout base address used to load the Trusted OS. The monitor programs the memory controller with the TZDRAM base and size in order to deny any accesses from the NS world. Change-Id: If39b8674d548175d7ccb6525c18d196ae8a8506c Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 14 Feb, 2017 1 commit
-
-
Jeenu Viswambharan authored
The ARMv8v.1 architecture extension has introduced support for far atomics, which includes compare-and-swap. Compare and Swap instruction is only available for AArch64. Introduce build options to choose the architecture versions to target ARM Trusted Firmware: - ARM_ARCH_MAJOR: selects the major version of target ARM Architecture. Default value is 8. - ARM_ARCH_MINOR: selects the minor version of target ARM Architecture. Default value is 0. When: (ARM_ARCH_MAJOR > 8) || ((ARM_ARCH_MAJOR == 8) && (ARM_ARCH_MINOR >= 1)), for AArch64, Compare and Swap instruction is used to implement spin locks. Otherwise, the implementation falls back to using load-/store-exclusive instructions. Update user guide, and introduce a section in Firmware Design guide to summarize support for features introduced in ARMv8 Architecture Extensions. Change-Id: I73096a0039502f7aef9ec6ab3ae36680da033f16 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 13 Feb, 2017 2 commits
-
-
David Cunado authored
This Linaro release updates both the binaries and the toolchain: Linaro binaries upgraded 16.06 --> 16.12 AArch64 compiler upgraded 15.05 (gcc 4.9) --> 5.3-2015.05 (gcc 5.3) AArch32 compiler upgraded 15.05 (gcc 4.9) --> 5.3-2015.05 (gcc 5.3) The ARM TF codebase has been tested against these new binaries. This patch updates the User Guide to reflect that the 16.12 release is now a supported Linaro Release. Change-Id: I6247e820f591df7d05df4f622ee45a3abf2c2d72 Signed-off-by: David Cunado <david.cunado@arm.com>
-
dp-arm authored
This patch introduces the following three platform interfaces: * void plat_psci_stat_accounting_start(const psci_power_state_t *state_info) This is an optional hook that platforms can implement in order to perform accounting before entering a low power state. This typically involves capturing a timestamp. * void plat_psci_stat_accounting_stop(const psci_power_state_t *state_info) This is an optional hook that platforms can implement in order to perform accounting after exiting from a low power state. This typically involves capturing a timestamp. * u_register_t plat_psci_stat_get_residency(unsigned int lvl, const psci_power_state_t *state_info, unsigned int last_cpu_index) This is an optional hook that platforms can implement in order to calculate the PSCI stat residency. If any of these interfaces are overridden by the platform, it is recommended that all of them are. By default `ENABLE_PSCI_STAT` is disabled. If `ENABLE_PSCI_STAT` is set but `ENABLE_PMF` is not set then an alternative PSCI stat collection backend must be provided. If both are set, then default weak definitions of these functions are provided, using PMF to calculate the residency. NOTE: Previously, platforms did not have to explicitly set `ENABLE_PMF` since this was automatically done by the top-level Makefile. Change-Id: I17b47804dea68c77bc284df15ee1ccd66bc4b79b Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 10 Feb, 2017 1 commit
-
-
David Cunado authored
AEMv8-A Model release v8.2 has been made available and Trusted Firmware has been tested against these versions as part of its CI system. This patch updates the user guide documentation to reflect the version of AEM and Cortex Models that Trusted Firmware has been tested against. Also, the Linaro Release Notes link was broken and this patch updates the link. Change-Id: I88729cef909a69fff629036f480fd6168ad7dc9a Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 06 Feb, 2017 2 commits
-
-
Douglas Raillard authored
Introduce zeromem_dczva function on AArch64 that can handle unaligned addresses and make use of DC ZVA instruction to zero a whole block at a time. This zeroing takes place directly in the cache to speed it up without doing external memory access. Remove the zeromem16 function on AArch64 and replace it with an alias to zeromem. This zeromem16 function is now deprecated. Remove the 16-bytes alignment constraint on __BSS_START__ in firmware-design.md as it is now not mandatory anymore (it used to comply with zeromem16 requirements). Change the 16-bytes alignment constraints in SP min's linker script to a 8-bytes alignment constraint as the AArch32 zeromem implementation is now more efficient on 8-bytes aligned addresses. Introduce zero_normalmem and zeromem helpers in platform agnostic header that are implemented this way: * AArch32: * zero_normalmem: zero using usual data access * zeromem: alias for zero_normalmem * AArch64: * zero_normalmem: zero normal memory using DC ZVA instruction (needs MMU enabled) * zeromem: zero using usual data access Usage guidelines: in most cases, zero_normalmem should be preferred. There are 2 scenarios where zeromem (or memset) must be used instead: * Code that must run with MMU disabled (which means all memory is considered device memory for data accesses). * Code that fills device memory with null bytes. Optionally, the following rule can be applied if performance is important: * Code zeroing small areas (few bytes) that are not secrets should use memset to take advantage of compiler optimizations. Note: Code zeroing security-related critical information should use zero_normalmem/zeromem instead of memset to avoid removal by compilers' optimizations in some cases or misbehaving versions of GCC. Fixes ARM-software/tf-issues#408 Change-Id: Iafd9663fc1070413c3e1904e54091cf60effaa82 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
Masahiro Yamada authored
RESET_TO_BL31=1 is specified by plat/xilinx/zynqmp/platform.mk with "override" directive. So, RESET_TO_BL31=1 is guaranteed without any operation on users' side. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 30 Jan, 2017 1 commit
-
-
Jeenu Viswambharan authored
The errata reporting policy is as follows: - If an errata workaround is enabled: - If it applies (i.e. the CPU is affected by the errata), an INFO message is printed, confirming that the errata workaround has been applied. - If it does not apply, a VERBOSE message is printed, confirming that the errata workaround has been skipped. - If an errata workaround is not enabled, but would have applied had it been, a WARN message is printed, alerting that errata workaround is missing. The CPU errata messages are printed by both BL1 (primary CPU only) and runtime firmware on debug builds, once for each CPU/errata combination. Relevant output from Juno r1 console when ARM Trusted Firmware is built with PLAT=juno LOG_LEVEL=50 DEBUG=1: VERBOSE: BL1: cortex_a57: errata workaround for 806969 was not applied VERBOSE: BL1: cortex_a57: errata workaround for 813420 was not applied INFO: BL1: cortex_a57: errata workaround for disable_ldnp_overread was applied WARNING: BL1: cortex_a57: errata workaround for 826974 was missing! WARNING: BL1: cortex_a57: errata workaround for 826977 was missing! WARNING: BL1: cortex_a57: errata workaround for 828024 was missing! WARNING: BL1: cortex_a57: errata workaround for 829520 was missing! WARNING: BL1: cortex_a57: errata workaround for 833471 was missing! ... VERBOSE: BL31: cortex_a57: errata workaround for 806969 was not applied VERBOSE: BL31: cortex_a57: errata workaround for 813420 was not applied INFO: BL31: cortex_a57: errata workaround for disable_ldnp_overread was applied WARNING: BL31: cortex_a57: errata workaround for 826974 was missing! WARNING: BL31: cortex_a57: errata workaround for 826977 was missing! WARNING: BL31: cortex_a57: errata workaround for 828024 was missing! WARNING: BL31: cortex_a57: errata workaround for 829520 was missing! WARNING: BL31: cortex_a57: errata workaround for 833471 was missing! ... VERBOSE: BL31: cortex_a53: errata workaround for 826319 was not applied INFO: BL31: cortex_a53: errata workaround for disable_non_temporal_hint was applied Also update documentation. Change-Id: Iccf059d3348adb876ca121cdf5207bdbbacf2aba Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 26 Jan, 2017 1 commit
-
-
Jeenu Viswambharan authored
The current user guide mentions that Foundation model doesn't support debugger interface. Clarify that all FVPs support --cadi-server option such that a CADI-compliant debugger can connect to and control model execution. Also fix broken URL to FVP home page. Change-Id: Ia14d618a4e0abb4b228eb1616040f9b51fb3f6f9 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 20 Dec, 2016 1 commit
-
-
Sandrine Bailleux authored
- Clarify the documentation of the 'FWU_SMC_IMAGE_COPY' SMC in the Firmware Update guide. Also extend the list of pre-conditions to include the additional input validation implemented by previous patches. - Improve documentation of bl1_plat_mem_check() in the porting guide. It now specifies that the generic FWU code protects bl1_plat_mem_check() from integer overflows resulting from the addition of the base address and size passed in arguments. Change-Id: I07b47a3778df7b9c089529b2dd2135707640a91c Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 15 Dec, 2016 3 commits
-
-
David Cunado authored
Foundation Model release 10.2 has been made available and Trusted Firmware has been tested against that it as part of its CI system. This patch updates the user guide documentation to reflect the version of Foundation Model that Trusted Firmware has been tested against. Change-Id: I8571e1027b24892b41d04b93b24245a371ca2cae Signed-off-by: David Cunado <david.cunado@arm.com>
-
Jeenu Viswambharan authored
Various CPU drivers in ARM Trusted Firmware register functions to handle power-down operations. At present, separate functions are registered to power down individual cores and clusters. This scheme operates on the basis of core and cluster, and doesn't cater for extending the hierarchy for power-down operations. For example, future CPUs might support multiple threads which might need powering down individually. This patch therefore reworks the CPU operations framework to allow for registering power down handlers on specific level basis. Henceforth: - Generic code invokes CPU power down operations by the level required. - CPU drivers explicitly mention CPU_NO_RESET_FUNC when the CPU has no reset function. - CPU drivers register power down handlers as a list: a mandatory handler for level 0, and optional handlers for higher levels. All existing CPU drivers are adapted to the new CPU operations framework without needing any functional changes within. Also update firmware design guide. Change-Id: I1826842d37a9e60a9e85fdcee7b4b8f6bc1ad043 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
dp-arm authored
The previous code required that a certificate be signed with the ROT key before the platform's NV counter could be updated with the value in the certificate. This implies that the Non-Trusted NV counter was not being updated for Non-Trusted content certificates, as they cannot be signed with the ROT key in the TBBR CoT scheme. The code is reworked to only allow updating the platform's Trusted NV counter when a certificate protected by the Trusted NV counter is signed with the ROT key. Content certificates protected by the Non-Trusted NV counter are allowed to update the platform's Non-Trusted NV counter, assuming that the certificate value is higher than the platform's value. A new optional platform API has been introduced, named plat_set_nv_ctr2(). Platforms may choose to implement it and perform additional checks based on the authentication image descriptor before modifying the NV counters. A default weak implementation is available that just calls into plat_set_nv_ctr(). Fixes ARM-software/tf-issues#426 Change-Id: I4fc978fd28a3007bc0cef972ff1f69ad0413b79c Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 13 Dec, 2016 2 commits
-
-
Antonio Nino Diaz authored
Added the definitions `PLAT_PHY_ADDR_SPACE_SIZE` and `PLAT_VIRT_ADDR_SPACE_SIZE` which specify respectively the physical and virtual address space size a platform can use. `ADDR_SPACE_SIZE` is now deprecated. To maintain compatibility, if any of the previous defines aren't present, the value of `ADDR_SPACE_SIZE` will be used instead. For AArch64, register ID_AA64MMFR0_EL1 is checked to calculate the max PA supported by the hardware and to verify that the previously mentioned definition is valid. For AArch32, a 40 bit physical address space is considered. Added asserts to check for overflows. Porting guide updated. Change-Id: Ie8ce1da5967993f0c94dbd4eb9841fc03d5ef8d6 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Jeenu Viswambharan authored
Change-Id: I28b2790ff2f87b9fe3cf1020e59e1e0a00be6f97 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 22 Nov, 2016 1 commit
-
-
Douglas Raillard authored
Add dependency information in the user guide for ARM_RECOM_STATE_ID_ENC that needs to be set when using PSCI_EXTENDED_STATE_ID on ARM platforms. Also clarify the build error message. Change-Id: Id125a0299b179f5f222bca4e2503204bf89a3c59 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 17 Nov, 2016 1 commit
-
-
Douglas Raillard authored
The API description currently states that interrupt handlers (interrupt_type_handler_t pointers) SHOULD return a pointer to the target cpu_context. This patch rewords the description of the interrupts handlers to state that it MUST return a pointer to the target security context. It also warns about potential portability issue. Specifically, this pointer is not used on AArch64 and calls to context library APIs must be used to ask BL31 to return to a specific context. However, this could change in the future and interrupt handlers must always return the pointer. Change-Id: I3f82a046de4d7a5b51a8cbebe7eb2a00dbbdb4f0 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 14 Nov, 2016 1 commit
-
-
Douglas Raillard authored
Fix a link broken by a missing space that turned it into a link to an non-existent anchor. Change-Id: Ie863e963db28afa3a28b69d3f63bd7638bdf5af9 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-