- 29 Jan, 2018 1 commit
-
-
davidcunado-arm authored
hikey: fix assert in sec_protect()
-
- 27 Jan, 2018 1 commit
-
-
Victor Chong authored
`assert(e)` was used in place of `if (e) ERROR()` when sec_protect() was ported from hikey fork so the logic should have been reversed. Fixes: 3d5d9f5a ("hikey: configure the top 16MB of DRAM as secure") Fixes: 52988b38 ("hikey: configure 4 MB of secure DRAM for OP-TEE Secure Data Path") Signed-off-by: Victor Chong <victor.chong@linaro.org> Tested-by: Victor Chong <victor.chong@linaro.org>
-
- 26 Jan, 2018 1 commit
-
-
davidcunado-arm authored
Hikey protect optee / sdp memory
-
- 25 Jan, 2018 4 commits
-
-
davidcunado-arm authored
uniphier: migrate to BL2-AT-EL3
-
davidcunado-arm authored
SPM: Declare explicit width based types in secure_partition_boot_info…
-
davidcunado-arm authored
Hikey960: Enable invalid FIQ handling
-
davidcunado-arm authored
Workarounds for CVE-2017-5715 on A9/A15 and A17 + serial console reporting
-
- 24 Jan, 2018 7 commits
-
-
davidcunado-arm authored
poplar: Enable emmc and recovery build support
-
davidcunado-arm authored
New console API and coreboot support [v4]
-
Masahiro Yamada authored
UniPhier platform implements non-TF boot ROM. Prior to the BL2-AT-EL3 support, BL1 (worked as a pseudo ROM) was needed just for ensuring BL2 is entered at EL1-S. Now, this platform is able to avoid this waste. Enable the BL2_AT_EL3 option, and remove BL1. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The warm boot mailbox code is compiled if PROGRAMMABLE_RESET_ADDRESS is disabled. The warm boot mailbox is useless for UniPhier SoC family because BL1 is not the first image. The UniPhier platform implements non-TF ROM, then BL1 works as a pseudo ROM, so it is never executed in the warm boot. The reset vector address is not actually programmable for UniPhier platform, but it should not hurt to enable PROGRAMMABLE_RESET_ADDRESS to disable the mailbox and remove pointless plat_get_my_entrypoint. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
davidcunado-arm authored
Allow API deprecation for uniphier platform
-
Peter Griffin authored
Update the memory firewall configuration to reserve 4 MB of secure RAM for use by the kernel and OP-TEE as the Secure Data Path pool. Note that this address range (0x3E800000 - 0x3EC00000) falls in the range already set aside by UEFI (which reserves the upper 32 MB of the 1GB DRAM for OP-TEE [1]) and was previously unused. [1] https://github.com/96boards-hikey/edk2/blob/hikey/HisiPkg/HiKeyPkg/Library/HiKeyLib/HiKeyMem.c#L44 Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Peter Griffin <peter.griffin@linaro.org> Acked-by: Victor Chong <victor.chong@linaro.org>
-
Jerome Forissier authored
DRAM region 0x3f000000 - 0x3fffffff is reserved for OP-TEE and should therefore be accessible only from secure world. Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Peter Griffin <peter.griffin@linaro.org> Acked-by: Victor Chong <victor.chong@linaro.org>
-
- 22 Jan, 2018 5 commits
-
-
Sughosh Ganu authored
The secure_partition_boot_info_t structure is used to communicate boot parameters with the StandaloneMM code executing at S-EL0 through a shared buffer. Certain data types used for members of this structure are opaque with their size depending on the toolchain being used. Declare the members of the structure with explicit width based data types, which would maintain compatibility across toolchains. Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>
-
Soby Mathew authored
The `override ERROR_DEPRECATION = 1` setting in uniphier platform makes deprecation of API difficult. Hence removing the same. This flag should be specified on the command line if needed. Change-Id: I8c82d8d13944e450a8cd636de3326137c04d7560 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Victor Chong authored
Signed-off-by: Victor Chong <victor.chong@linaro.org> Acked-by: Shawn Guo <shawn.guo@linaro.org> Tested-by: Shawn Guo <shawn.guo@linaro.org>
-
Victor Chong authored
Let bl1 and bl2 have the ability to load images from emmc instead of dram (mmap). Signed-off-by: Victor Chong <victor.chong@linaro.org> Acked-by: Shawn Guo <shawn.guo@linaro.org> Tested-by: Shawn Guo <shawn.guo@linaro.org>
-
Leo Yan authored
When some interrupts are configured as group 0 in GICv2, these interrupts trigger FIQ signal; this results in the Linux kernel panic by reporting log: "Bad mode in FIQ handler detected on CPU0, code 0x00000000 -- Unknown/Uncategorized". Unfortunately from kernel side it has no permission to read the GIC register for group 0 interrupts so we have no chance to get to know which interrupt is configured as secure interrupt and cause the kernel panic. For upper reason, this commit enables FIQ exception handling for SPD_none case. If the system has not enabled SPD the FIQ interrupt is trapped into EL3 and the FIQ handler can report the interrupt number so we can easily narrow down which FIQ introduce unexpected interrupt. After enable SPD we can rely on SPD interrupt route model to handle FIQ. Signed-off-by: Leo Yan <leo.yan@linaro.org>
-
- 20 Jan, 2018 1 commit
-
-
davidcunado-arm authored
lib/cpus: fix branching in reset function for cortex-a72 AARCH32 mode
-
- 19 Jan, 2018 11 commits
-
-
davidcunado-arm authored
emmc: add macros CMD21, BUS_WIDTH_DDR_4 and BUS_WIDTH_DDR_8
-
Julius Werner authored
coreboot supports an in-memory console to store firmware logs even when no serial console is available. It is widely supported by coreboot-compatible bootloaders (including SeaBIOS and GRUB) and can be read by the Linux kernel. This patch allows BL31 to add its own log messages to this console. The driver will be registered automatically if coreboot support is compiled in and detects the presence of a console buffer in the coreboot tables. Change-Id: I31254dfa0c2fdeb7454634134b5707b4b4154907 Signed-off-by: Julius Werner <jwerner@chromium.org>
-
Julius Werner authored
This patch changes all Rockchip platforms to use the new MULTI_CONSOLE_API. The platform-specific plat_crash_console implementations are removed so that the platform can use the ones from the common platform code instead. Also change the registers used in plat_crash_print_regs. The existing use of x16 and x17 has always been illegal, since those registers are reserved for use by the linker as a temporary scratch registers in intra-procedure-call veneers and can never be expected to maintain their values across a function call. Change-Id: I8249424150be8d5543ed4af93b56756795a5288f Signed-off-by: Julius Werner <jwerner@chromium.org>
-
Julius Werner authored
This patch changes all Rockchip platforms to initialize the serial console with information supplied by coreboot rather than hardcoded base address and divisor values if BL31 is run on top of coreboot. Moving the BL2-to-BL31 parameter parsing as early as possible to ensure that the console is available for all following code. Also update the Rockchip platform to use MULTI_CONSOLE_API. Change-Id: I670d350fa2f8b8133539f91ac14977ab47db60d9 Signed-off-by: Julius Werner <jwerner@chromium.org>
-
Julius Werner authored
This patch adds the foundation for a platform-independent coreboot support library that can be shared by all platforms that boot BL31 from coreboot (acting as BL2). It adds code to parse the "coreboot table", a data structure that coreboot uses to communicate different kinds of information to later-stage firmware and certain OS drivers. As a first small use case for this information, allow platforms to access the serial console configuration used by coreboot, removing the need to hardcode base address and divisors and allowing Trusted Firmware to benefit from coreboot's user configuration (e.g. which UART to pick and which baud rate to use). Change-Id: I2bfb39cd2609ce6640b844ab68df6c9ae3f28e9e Signed-off-by: Julius Werner <jwerner@chromium.org>
-
Julius Werner authored
This patch updates the Cadence CDNS console driver to support the new console API. The driver will continue to support the old API as well by checking the MULTI_CONSOLE_API compile-time flag. Change-Id: I2ef8fb0d6ab72696997db1e0243a533499569d6b Signed-off-by: Julius Werner <jwerner@chromium.org>
-
Julius Werner authored
This patch updates the ARM PL011 console driver to support the new console API. The driver will continue to support the old API as well by checking the MULTI_CONSOLE_API compile-time flag. Change-Id: Ic34e4158addbb0c5fae500c9cff899c05a4f4206 Signed-off-by: Julius Werner <jwerner@chromium.org>
-
Julius Werner authored
This patch updates the TI 16550 console driver to support the new console API. The driver will continue to support the old API as well by checking the MULTI_CONSOLE_API compile-time flag. Change-Id: I60a44b7ba3c35c74561824c04b8dbe3e3039324c Signed-off-by: Julius Werner <jwerner@chromium.org>
-
Julius Werner authored
This patch expands the weak stubs for the plat_crash_console_xxx functions in common platform code to use the new console API for crash output. This should make crash console output "just work" for most cases without the need for the platform to explicitly set up a crash console. For cases where the normal console framework doesn't work (e.g. very early crashes, before the platform can register any consoles), platforms are still able to override the functions just like before. This feature requires the MULTI_CONSOLE_API compile-time flag to work. For builds which don't have it set, this patch has no practical effect. Change-Id: I80dd161cb43f9db59a0bad2dae33c6560cfac584 Signed-off-by: Julius Werner <jwerner@chromium.org>
-
davidcunado-arm authored
Add BL2_AT_EL3 build option
-
Manoj Kumar authored
In AARCH32 mode, cortex_a72_reset_func branches to address in lr register instead of r5 register. This leads to linux boot failure of Cortex-A72 cores in AARCH32 mode on Juno-R2 board. This patch fixes the branching of cortex_a72_reset_func to r5 register as in cortex_a57_reset_func implementation. Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
-
- 18 Jan, 2018 9 commits
-
-
Roberto Vargas authored
This patch modifies the makefiles to avoid the definition of BL1_SOURCES and BL2_SOURCES in the tbbr makefiles, and it lets to the platform makefiles to define them if they actually need these images. In the case of BL2_AT_EL3 BL1 will not be needed usually because the Boot ROM will jump directly to BL2. Change-Id: Ib6845a260633a22a646088629bcd7387fe35dcf9 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
It is better to not include BL2 in FIP when using `BL2 at EL3` as platforms using this config would not have the capability to parse the FIP format in Boot ROM and BL2 needs to be loaded independently. This patch does the required changes for the same. Change-Id: Iad285c247b3440e2d827fef97c3dd81f5c09cabc Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
Update firmware-design.rst, porting-guide.rst and user-guide.rst with the information about BL2 at EL3. Firmware-design.rst is also update to explain how to test this feauture with FVP. Change-Id: I86d64bc64594e13eb041cea9cefa3f7f3fa745bd Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Dimitris Papastamos authored
A per-cpu vbar is installed that implements the workaround by invalidating the branch target buffer (BTB) directly in the case of A9 and A17 and indirectly by invalidating the icache in the case of A15. For Cortex A57 and A72 there is currently no workaround implemented when EL3 is in AArch32 mode so report it as missing. For other vulnerable CPUs (e.g. Cortex A73 and Cortex A75), there are no changes since there is currently no upstream AArch32 EL3 support for these CPUs. Change-Id: Ib42c6ef0b3c9ff2878a9e53839de497ff736258f Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
This patch introduces two workarounds for ARMv7 systems. The workarounds need to be applied prior to any `branch` instruction in secure world. This is achieved using a custom vector table where each entry is an `add sp, sp, #1` instruction. On entry to monitor mode, once the sequence of `ADD` instructions is executed, the branch target buffer (BTB) is invalidated. The bottom bits of `SP` are then used to decode the exception entry type. A side effect of this change is that the exception vectors are installed before the CPU specific reset function. This is now consistent with how it is done on AArch64. Note, on AArch32 systems, the exception vectors are typically tightly integrated with the secure payload (e.g. the Trusted OS). This workaround will need porting to each secure payload that requires it. The patch to modify the AArch32 per-cpu vbar to the corresponding workaround vector table according to the CPU type will be done in a later patch. Change-Id: I5786872497d359e496ebe0757e8017fa98f753fa Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
Even though the workaround for CVE-2017-5715 is not a CPU erratum, the code is piggybacking on the errata framework to print whether the workaround was applied, missing or not needed. Change-Id: I821197a4b8560c73fd894cd7cd9ecf9503c72fa3 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
As we are using the errata framework to handle workarounds in a more general sense, change the default string to reflect that. Change-Id: I2e266af2392c9d95e18fe4e965f9a1d46fd0e95e Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Roberto Vargas authored
When BL2_AT_EL3 option is enabled some platforms are going to need a resident part in BL2 because the boot rom may jump to it after a reset. This patch introduces __TEXT_RESIDENT_START__ and __TEXT_RESIDENT_END__ linker symbols that mark the resident region. Change-Id: Ib20c1b8ee257831bcc0ca7d3df98d0cb617a04f8 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
This patch change the name of the section containing the functions defined in assembly files from text.* to text.asm.*. This change makes possible to select in the linker script the functions defined in those files. Change-Id: If35e44ef1b43ffd951dfac5e052db75d7198e2e0 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-