- 21 Dec, 2015 1 commit
-
-
Sandrine Bailleux authored
fvp_pwr_domain_on() used to program the CPUs mailbox. This changed with commit 804040d1 but the comment documenting this code still refers to the mailbox programming. This patch removes this out-dated information. Change-Id: Ibfe2a426bdda6e71f20c83a99cb223ceca9c559c
-
- 17 Dec, 2015 5 commits
-
-
danh-arm authored
Documentation: Clean legacy variables in User Guide
-
danh-arm authored
FWU: Add documentation for Firmware Update feature
-
Yatharth Kochar authored
This patch adds design documentation for the Firmware Update (FWU) feature in `firmware-update.md`. It provides an overview of FWU, describes the BL1 SMC interface, and includes diagrams showing an example FWU boot flow and the FWU state machine. This patch also updates the existing TF documents where needed: * `porting-guide.md` * `user-guide.md` * `firmware-design.md` * `rt-svc-writers-guide.md` * `trusted_board_boot.md` Change-Id: Ie6de31544429b18f01327bd763175e218299a4ce Co-Authored-By: Dan Handley <dan.handley@arm.com>
-
Olivier Martin authored
-
Olivier Martin authored
`FVP_TSP_RAM_LOCATION` has been renamed into `ARM_TSP_RAM_LOCATION`.
-
- 16 Dec, 2015 2 commits
- 15 Dec, 2015 6 commits
-
-
danh-arm authored
FWU: Pass client cookie to FWU_SMC_UPDATE_DONE
-
Sandrine Bailleux authored
This patch introduces a new document presenting the ARM Trusted Firmware Reset Design. It shows the reset code flow, lists the different build options that affect it, in which case to use them and what their exact effect is. The section about using BL31 entrypoint as the reset address has been moved from the general firmware design document to this one. It's also been improved to explain why the FVP port supports the RESET_TO_BL31 configuration, even though the reset vector address can't be programmed dynamically. This document includes some images, which have been generated using Dia version 0.97.2. This tool can be obtained from: https://wiki.gnome.org/Apps/Dia/Download This patch provides: - the image files describing the different reset flow diagrams; - the source '.dia' file; - a script automating the generation of the images from the '.dia' file. Note that the 2 latter files are not actually needed for the document and are provided for convenience only, in case the reset images need to be modified. Change-Id: Ib6302e8209d418a5b31c4e85e55fd9e83caf2ca2
-
danh-arm authored
FWU: Remove image_id arg from FWU_SMC_IMAGE_RESUME
-
Dan Handley authored
The current FWU_SMC_UPDATE_DONE implementation incorrectly passes an unused framework cookie through to the 1st argument in the platform function `bl1_plat_fwu_done`. The intent is to allow the SMC caller to pass a cookie through to this function. This patch fixes FWU_SMC_UPDATE_DONE to pass x1 from the caller through to `bl1_plat_fwu_done`. The argument names are updated for clarity. Upstream platforms currently do not use this argument so no impact is expected. Change-Id: I107f4b51eb03e7394f66d9a534ffab1cbc09a9b2
-
Dan Handley authored
The current implementation of FWU_SMC_IMAGE_RESUME when called from the normal world, uses the provided image_id argument to determine which secure image to resume into. This implies that the normal world has a choice of which secure image to resume into when in fact it is only possible to resume into the previously interrupted secure image. This patch removes the argument, tightens up the pre-conditions for the SMC and adds additional asserts. The pre-conditions for FWU_SMC_SEC_IMAGE_DONE are also tightened up. Change-Id: Ia5a46753bb01e8f8dad8a2999314f90db8f300e8
-
Soby Mathew authored
This patch updates the relevant documentation in ARM Trusted Firmware for the new GIC drivers. The user-guide.md and porting-guide.md have been updated as follows: * The build option to compile Trusted Firmware with different GIC drivers for FVP has been explained in the user-guide.md. * The implementation details of interrupt management framework porting APIs for GICv3 have been added in porting-guide.md. * The Linaro tracking kernel release does not work OOB in GICv3 mode. The instructions for changing UEFI configuration in order to run with the new GICv3 driver in ARM TF have been added to user-guide.md. The interrupt-framework-design.md has been updated as follows: * Describes support for registering and handling interrupts targeted to EL3 e.g. Group 0 interrupts in GICv3. * Describes the build option `TSP_NS_INTR_ASYNC_PREEMPT` in detail. * Describes preemption of TSP in S-EL1 by non secure interrupts and also possibly by higher priority EL3 interrupts. * Describes the normal world sequence for issuing `standard` SMC calls. * Modifies the document to correspond to the current state of interrupt handling in TSPD and TSP. * Modifies the various functions names in the document to reflect the current names used in code. Change-Id: I78c9514b5be834f193405aad3c1752a4a9e27a6c
-
- 14 Dec, 2015 6 commits
-
-
danh-arm authored
FWU: Fix secure memory check in image auth
-
danh-arm authored
Apply new image terminology
-
Dan Handley authored
The implementation of FWU_SMC_IMAGE_AUTH performs a number of pre-condition checks before authenticating the image. One of these checks calls `bl1_plat_mem_check()` to ensure the image source is mapped in when authenticating an image in place. The framework incorrectly passes the security state of the caller into this function instead of the security state of the source image. This patch corrects the defect. The defect would only manifest itself for secure world callers authenticating non-secure images in place, which is not done by current upstream platforms. Change-Id: I617c7b43e02ac7149f266aeaf3874316e62f3003
-
Juan Castillo authored
This patch removes the dash character from the image name, to follow the image terminology in the Trusted Firmware Wiki page: https://github.com/ARM-software/arm-trusted-firmware/wiki Changes apply to output messages, comments and documentation. non-ARM platform files have been left unmodified. Change-Id: Ic2a99be4ed929d52afbeb27ac765ceffce46ed76
-
Juan Castillo authored
This patch replaces all references to the SCP Firmware (BL0, BL30, BL3-0, bl30) with the image terminology detailed in the TF wiki (https://github.com/ARM-software/arm-trusted-firmware/wiki): BL0 --> SCP_BL1 BL30, BL3-0 --> SCP_BL2 bl30 --> scp_bl2 This change affects code, documentation, build system, tools and platform ports that load SCP firmware. ARM plaforms have been updated to the new porting API. IMPORTANT: build option to specify the SCP FW image has changed: BL30 --> SCP_BL2 IMPORTANT: This patch breaks compatibility for platforms that use BL2 to load SCP firmware. Affected platforms must be updated as follows: BL30_IMAGE_ID --> SCP_BL2_IMAGE_ID BL30_BASE --> SCP_BL2_BASE bl2_plat_get_bl30_meminfo() --> bl2_plat_get_scp_bl2_meminfo() bl2_plat_handle_bl30() --> bl2_plat_handle_scp_bl2() Change-Id: I24c4c1a4f0e4b9f17c9e4929da815c4069549e58
-
Juan Castillo authored
This patch applies the TBBR naming convention to the certificates and the corresponding extensions defined by the CoT: * Certificate UUID names * Certificate identifier names * OID names Changes apply to: * Generic code (variables and defines) * The default certificate identifiers provided in the generic code * Build system * ARM platforms port * cert_create tool internal definitions * fip_create and cert_create tools command line options * Documentation IMPORTANT: this change breaks the compatibility with platforms that use TBBR. The platform will need to adapt the identifiers and OIDs to the TBBR naming convention introduced by this patch: Certificate UUIDs: UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT --> UUID_TRUSTED_BOOT_FW_CERT UUID_SCP_FIRMWARE_BL30_KEY_CERT --> UUID_SCP_FW_KEY_CERT UUID_SCP_FIRMWARE_BL30_CERT --> UUID_SCP_FW_CONTENT_CERT UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT --> UUID_SOC_FW_KEY_CERT UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT --> UUID_SOC_FW_CONTENT_CERT UUID_SECURE_PAYLOAD_BL32_KEY_CERT --> UUID_TRUSTED_OS_FW_KEY_CERT UUID_SECURE_PAYLOAD_BL32_CERT --> UUID_TRUSTED_OS_FW_CONTENT_CERT UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT --> UUID_NON_TRUSTED_FW_KEY_CERT UUID_NON_TRUSTED_FIRMWARE_BL33_CERT --> UUID_NON_TRUSTED_FW_CONTENT_CERT Certificate identifiers: BL2_CERT_ID --> TRUSTED_BOOT_FW_CERT_ID BL30_KEY_CERT_ID --> SCP_FW_KEY_CERT_ID BL30_CERT_ID --> SCP_FW_CONTENT_CERT_ID BL31_KEY_CERT_ID --> SOC_FW_KEY_CERT_ID BL31_CERT_ID --> SOC_FW_CONTENT_CERT_ID BL32_KEY_CERT_ID --> TRUSTED_OS_FW_KEY_CERT_ID BL32_CERT_ID --> TRUSTED_OS_FW_CONTENT_CERT_ID BL33_KEY_CERT_ID --> NON_TRUSTED_FW_KEY_CERT_ID BL33_CERT_ID --> NON_TRUSTED_FW_CONTENT_CERT_ID OIDs: TZ_FW_NVCOUNTER_OID --> TRUSTED_FW_NVCOUNTER_OID NTZ_FW_NVCOUNTER_OID --> NON_TRUSTED_FW_NVCOUNTER_OID BL2_HASH_OID --> TRUSTED_BOOT_FW_HASH_OID TZ_WORLD_PK_OID --> TRUSTED_WORLD_PK_OID NTZ_WORLD_PK_OID --> NON_TRUSTED_WORLD_PK_OID BL30_CONTENT_CERT_PK_OID --> SCP_FW_CONTENT_CERT_PK_OID BL30_HASH_OID --> SCP_FW_HASH_OID BL31_CONTENT_CERT_PK_OID --> SOC_FW_CONTENT_CERT_PK_OID BL31_HASH_OID --> SOC_AP_FW_HASH_OID BL32_CONTENT_CERT_PK_OID --> TRUSTED_OS_FW_CONTENT_CERT_PK_OID BL32_HASH_OID --> TRUSTED_OS_FW_HASH_OID BL33_CONTENT_CERT_PK_OID --> NON_TRUSTED_FW_CONTENT_CERT_PK_OID BL33_HASH_OID --> NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID BL2U_HASH_OID --> AP_FWU_CFG_HASH_OID SCP_BL2U_HASH_OID --> SCP_FWU_CFG_HASH_OID NS_BL2U_HASH_OID --> FWU_HASH_OID Change-Id: I1e047ae046299ca913911c39ac3a6e123bd41079
-
- 10 Dec, 2015 6 commits
-
-
danh-arm authored
Move up to mbed TLS 2.x
-
Juan Castillo authored
The mbed TLS library has introduced some changes in the API from the 1.3.x to the 2.x releases. Using the 2.x releases requires some changes to the crypto and transport modules. This patch updates both modules to the mbed TLS 2.x API. All references to the mbed TLS library in the code or documentation have been updated to 'mbed TLS'. Old references to PolarSSL have been updated to 'mbed TLS'. User guide updated to use mbed TLS 2.2.0. NOTE: moving up to mbed TLS 2.x from 1.3.x is not backward compatible. Applying this patch will require an mbed TLS 2.x release to be used. Also note that the mbed TLS license changed to Apache version 2.0. Change-Id: Iba4584408653cf153091f2ca2ee23bc9add7fda4
-
danh-arm authored
Move up dependency versions in user guide
-
Sandrine Bailleux authored
Move up the version numbers in the user guide of: * DS-5 (to v5.22) * Base FVP (to 7.0) * Foundation FVP (to 9.4) * Linaro release (to 15.10) Note that, starting from Linaro release 15.10, the related release instructions have migrated from http://releases.linaro.org to the ARM Connected Community website. The URLs in the User Guide have been updated accordingly. The 'libssl-dev' package has been removed from the list of prerequisite tools, as it is already referenced on the ARM Connected Community page. Also, the 'device-tree-compiler' package has been marked as an optional dependency, since the Trusted Firmware repository provides the prebuilt DTB files. Hence, this tool is needed only when the user wants to rebuild the DTS files. Change-Id: I4a172ece60bf90437131c6b96e73a9f1e9b40117
-
danh-arm authored
De-feature PL011 UART driver to match generic UART spec
-
Juan Castillo authored
The Server Base System Architecture document (ARM-DEN-0029) specifies a generic UART device. The programmer's view of this generic UART is a subset of the ARM PL011 UART. However, the current PL011 driver in Trusted Firmware uses some features that are outside the generic UART specification. This patch modifies the PL011 driver to exclude features outside the SBSA generic UART specification by setting the boolean build option 'PL011_GENERIC_UART=1'. Default value is 0 (use full PL011 features). User guide updated. Fixes ARM-software/tf-issues#216 Change-Id: I6e0eb86f9d69569bc3980fb57e70d6da5d91a737
-
- 09 Dec, 2015 14 commits
-
-
danh-arm authored
Enable BL31 to configure a runtime console
-
danh-arm authored
Firmware Update patch stack
-
Yatharth Kochar authored
Firmware update feature needs a new FIP called `fwu_fip.bin` that includes Secure(SCP_BL2U, BL2U) and Normal world(NS_BL2U) images along with the FWU_CERT certificate in order for NS_BL1U to load the images and help the Firmware update process to complete. This patch adds the capability to support the new target `fwu_fip` which includes above mentioned FWU images in the make files. The new target of `fwu_fip` and its dependencies are included for compilation only when `TRUSTED_BOARD_BOOT` is defined. Change-Id: Ie780e3aac6cbd0edfaff3f9af96a2332bd69edbc
-
Yatharth Kochar authored
Firmware Update (FWU) introduces a new set of images called SCP_BL2U, BL2U and NS_BL2U, which can be packed in a FWU FIP file. This patch introduces new UUIDs for the Firmware Update images and extends the 'fip'create' tool so that these new images can be packed in a FIP file. Change-Id: I7c60211b4f3cc265411efb131e6d3c624768f522
-
Yatharth Kochar authored
Firmware Update requires an X509v3 certificate which contains hashes for SCP_BL2U, BL2U and NS_BL2U images as extensions. This patch extends the Chain of Trust definition in the 'cert_create' tool to include the Firmware Update certificate and the required extensions (including command line options). A new field in the extension structure will be used to indicate that the extension is optional. In the case of an image hash extension, this field will tell the tool that the hash should be included in the certificate, but filled with zeros. Change-Id: I1f77a66b018826b71745910771f38d9cf6050388
-
Yatharth Kochar authored
This patch adds support for Firmware update in BL2U for ARM platforms such that TZC initialization is performed on all ARM platforms and (optionally) transfer of SCP_BL2U image on ARM CSS platforms. BL2U specific functions are added to handle early_platform and plat_arch setup. The MMU is configured to map in the BL2U code/data area and other required memory. Change-Id: I57863295a608cc06e6cbf078b7ce34cbd9733e4f
-
Yatharth Kochar authored
The Firmware Update (FWU) feature needs support for an optional secure world image, BL2U, to allow additional secure world initialization required by FWU, for example DDR initialization. This patch adds generic framework support to create BL2U. NOTE: A platform makefile must supply additional `BL2U_SOURCES` to build the bl2u target. A subsequent patch adds bl2u support for ARM platforms. Change-Id: If2ce036199bb40b39b7f91a9332106bcd4e25413
-
Yatharth Kochar authored
This patch adds Firmware Update support for ARM platforms. New files arm_bl1_fwu.c and juno_bl1_setup.c were added to provide platform specific Firmware update code. BL1 now includes mmap entry for `ARM_MAP_NS_DRAM1` to map DRAM for authenticating NS_BL2U image(For both FVP and JUNO platform). Change-Id: Ie116cd83f5dc00aa53d904c2f1beb23d58926555
-
Yatharth Kochar authored
Firmware update(a.k.a FWU) feature is part of the TBB architecture. BL1 is responsible for carrying out the FWU process if platform specific code detects that it is needed. This patch adds support for FWU feature support in BL1 which is included by enabling `TRUSTED_BOARD_BOOT` compile time flag. This patch adds bl1_fwu.c which contains all the core operations of FWU, which are; SMC handler, image copy, authentication, execution and resumption. It also adds bl1.h introducing #defines for all BL1 SMCs. Following platform porting functions are introduced: int bl1_plat_mem_check(uintptr_t mem_base, unsigned int mem_size, unsigned int flags); This function can be used to add platform specific memory checks for the provided base/size for the given security state. The weak definition will invoke `assert()` and return -ENOMEM. __dead2 void bl1_plat_fwu_done(void *cookie, void *reserved); This function can be used to initiate platform specific procedure to mark completion of the FWU process. The weak definition waits forever calling `wfi()`. plat_bl1_common.c contains weak definitions for above functions. FWU process starts when platform detects it and return the image_id other than BL2_IMAGE_ID by using `bl1_plat_get_next_image_id()` in `bl1_main()`. NOTE: User MUST provide platform specific real definition for bl1_plat_mem_check() in order to use it for Firmware update. Change-Id: Ice189a0885d9722d9e1dd03f76cac1aceb0e25ed
-
Yatharth Kochar authored
As of now BL1 loads and execute BL2 based on hard coded information provided in BL1. But due to addition of support for upcoming Firmware Update feature, BL1 now require more flexible approach to load and run different images using information provided by the platform. This patch adds new mechanism to load and execute images based on platform provided image id's. BL1 now queries the platform to fetch the image id of the next image to be loaded and executed. In order to achieve this, a new struct image_desc_t was added which holds the information about images, such as: ep_info and image_info. This patch introduces following platform porting functions: unsigned int bl1_plat_get_next_image_id(void); This is used to identify the next image to be loaded and executed by BL1. struct image_desc *bl1_plat_get_image_desc(unsigned int image_id); This is used to retrieve the image_desc for given image_id. void bl1_plat_set_ep_info(unsigned int image_id, struct entry_point_info *ep_info); This function allows platforms to update ep_info for given image_id. The plat_bl1_common.c file provides default weak implementations of all above functions, the `bl1_plat_get_image_desc()` always return BL2 image descriptor, the `bl1_plat_get_next_image_id()` always return BL2 image ID and `bl1_plat_set_ep_info()` is empty and just returns. These functions gets compiled into all BL1 platforms by default. Platform setup in BL1, using `bl1_platform_setup()`, is now done _after_ the initialization of authentication module. This change provides the opportunity to use authentication while doing the platform setup in BL1. In order to store secure/non-secure context, BL31 uses percpu_data[] to store context pointer for each core. In case of BL1 only the primary CPU will be active hence percpu_data[] is not required to store the context pointer. This patch introduce bl1_cpu_context[] and bl1_cpu_context_ptr[] to store the context and context pointers respectively. It also also re-defines cm_get_context() and cm_set_context() for BL1 in bl1/bl1_context_mgmt.c. BL1 now follows the BL31 pattern of using SP_EL0 for the C runtime environment, to support resuming execution from a previously saved context. NOTE: THE `bl1_plat_set_bl2_ep_info()` PLATFORM PORTING FUNCTION IS NO LONGER CALLED BY BL1 COMMON CODE. PLATFORMS THAT OVERRIDE THIS FUNCTION MAY NEED TO IMPLEMENT `bl1_plat_set_ep_info()` INSTEAD TO MAINTAIN EXISTING BEHAVIOUR. Change-Id: Ieee4c124b951c2e9bc1c1013fa2073221195d881
-
Yatharth Kochar authored
The upcoming Firmware Update feature needs transitioning across Secure/Normal worlds to complete the FWU process and hence requires context management code to perform this task. Currently context management code is part of BL31 stage only. This patch moves the code from (include)/bl31 to (include)/common. Some function declarations/definitions and macros have also moved to different files to help code sharing. Change-Id: I3858b08aecdb76d390765ab2b099f457873f7b0c
-
Yatharth Kochar authored
This patch adds support for secure setup of the SoC on CSS platforms in BL1. This change is required to provide memory access to normal world images that take part in upcoming Firmware Update feature. Change-Id: Ib202fb6cb82622c1874b700637d82ea72575e6fe
-
Yatharth Kochar authored
The primary usage of `RUN_IMAGE` SMC function id, used by BL2 is to make a request to BL1 to execute BL31. But BL2 also uses it as opcode to check if it is allowed to execute which is not the intended usage of `RUN_IMAGE` SMC. This patch removes the usage of `RUN_IMAGE` as opcode passed to next EL to check if it is allowed to execute. Change-Id: I6aebe0415ade3f43401a4c8a323457f032673657
-
Yatharth Kochar authored
This patch adds `uppercase` macro to prepare IMAGE_BLxx defines used for conditional compilation and to prepare variables used for defining BL source and linker file names. This change is needed for upcoming BL images that can have names which uses both letters and numbers. Change-Id: I05ce9bcd0d221a54db92c0fe3ad28e9e0080ed2e
-