1. 13 Nov, 2017 1 commit
    • Jeenu Viswambharan's avatar
      BL31: Introduce Exception Handling Framework · 21b818c0
      Jeenu Viswambharan authored
      
      
      EHF is a framework that allows dispatching of EL3 interrupts to their
      respective handlers in EL3.
      
      This framework facilitates the firmware-first error handling policy in
      which asynchronous exceptions may be routed to EL3. Such exceptions may
      be handed over to respective exception handlers. Individual handlers
      might further delegate exception handling to lower ELs.
      
      The framework associates the delegated execution to lower ELs with a
      priority value. For interrupts, this corresponds to the priorities
      programmed in GIC; for other types of exceptions, viz. SErrors or
      Synchronous External Aborts, individual dispatchers shall explicitly
      associate delegation to a secure priority. In order to prevent lower
      priority interrupts from preempting higher priority execution, the
      framework provides helpers to control preemption by virtue of
      programming Priority Mask register in the interrupt controller.
      
      This commit allows for handling interrupts targeted at EL3. Exception
      handlers own interrupts by assigning them a range of secure priorities,
      and registering handlers for each priority range it owns.
      
      Support for exception handling in BL31 image is enabled by setting the
      build option EL3_EXCEPTION_HANDLING=1.
      
      Documentation to follow.
      
      NOTE: The framework assumes the priority scheme supported by platform
      interrupt controller is compliant with that of ARM GIC architecture (v2
      or later).
      
      Change-Id: I7224337e4cea47c6ca7d7a4ca22a3716939f7e42
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      21b818c0
  2. 08 Nov, 2017 1 commit
    • Antonio Nino Diaz's avatar
      SPM: Introduce Secure Partition Manager · 2fccb228
      Antonio Nino Diaz authored
      
      
      A Secure Partition is a software execution environment instantiated in
      S-EL0 that can be used to implement simple management and security
      services. Since S-EL0 is an unprivileged exception level, a Secure
      Partition relies on privileged firmware e.g. ARM Trusted Firmware to be
      granted access to system and processor resources. Essentially, it is a
      software sandbox that runs under the control of privileged software in
      the Secure World and accesses the following system resources:
      
      - Memory and device regions in the system address map.
      - PE system registers.
      - A range of asynchronous exceptions e.g. interrupts.
      - A range of synchronous exceptions e.g. SMC function identifiers.
      
      A Secure Partition enables privileged firmware to implement only the
      absolutely essential secure services in EL3 and instantiate the rest in
      a partition. Since the partition executes in S-EL0, its implementation
      cannot be overly complex.
      
      The component in ARM Trusted Firmware responsible for managing a Secure
      Partition is called the Secure Partition Manager (SPM). The SPM is
      responsible for the following:
      
      - Validating and allocating resources requested by a Secure Partition.
      - Implementing a well defined interface that is used for initialising a
        Secure Partition.
      - Implementing a well defined interface that is used by the normal world
        and other secure services for accessing the services exported by a
        Secure Partition.
      - Implementing a well defined interface that is used by a Secure
        Partition to fulfil service requests.
      - Instantiating the software execution environment required by a Secure
        Partition to fulfil a service request.
      
      Change-Id: I6f7862d6bba8732db5b73f54e789d717a35e802f
      Co-authored-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      Co-authored-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      Co-authored-by: default avatarAchin Gupta <achin.gupta@arm.com>
      Co-authored-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      2fccb228
  3. 06 Nov, 2017 1 commit
  4. 16 Oct, 2017 1 commit
    • Jeenu Viswambharan's avatar
      GIC: Add APIs to set interrupt type and query support · 74dce7fa
      Jeenu Viswambharan authored
      
      
      The back end GIC driver converts and assigns the interrupt type to
      suitable group.
      
      For GICv2, a build option GICV2_G0_FOR_EL3 is introduced, which
      determines to which type Group 0 interrupts maps to.
      
       - When the build option is set 0 (the default), Group 0 interrupts are
         meant for Secure EL1. This is presently the case.
      
       - Otherwise, Group 0 interrupts are meant for EL3. This means the SPD
         will have to synchronously hand over the interrupt to Secure EL1.
      
      The query API allows the platform to query whether the platform supports
      interrupts of a given type.
      
      API documentation updated.
      
      Change-Id: I60fdb4053ffe0bd006b3b20914914ebd311fc858
      Co-authored-by: default avatarYousuf A <yousuf.sait@arm.com>
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      74dce7fa
  5. 31 Aug, 2017 1 commit
    • Soby Mathew's avatar
      Export KEY_ALG as a user build option · 2091755c
      Soby Mathew authored
      
      
      The `KEY_ALG` variable is used to select the algorithm for key
      generation by `cert_create` tool for signing the certificates. This
      variable was previously undocumented and did not have a global default
      value. This patch corrects this and also adds changes to derive the
      value of `TF_MBEDTLS_KEY_ALG` based on `KEY_ALG` if it not set by the
      platform. The corresponding assignment of these variables are also now
      removed from the `arm_common.mk` makefile.
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      Change-Id: I78e2d6f4fc04ed5ad35ce2266118afb63127a5a4
      2091755c
  6. 09 Aug, 2017 1 commit
  7. 01 Aug, 2017 1 commit
    • Jeenu Viswambharan's avatar
      CCI: Adapt for specific product at run time · e33fd445
      Jeenu Viswambharan authored
      
      
      The current build system and driver requires the CCI product to be
      specified at build time. The device constraints can be determined at run
      time from its ID registers, obviating the need for specifying them
      ahead.
      
      This patch adds changes to identify and validate CCI at run time. Some
      global variables are renamed to be in line with the rest of the code
      base.
      
      The build option ARM_CCI_PRODUCT_ID is now removed, and user guide is
      updated.
      
      Change-Id: Ibb765e349d3bc95ff3eb9a64bde1207ab710a93d
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      e33fd445
  8. 28 Jun, 2017 2 commits
  9. 22 Jun, 2017 1 commit
    • dp-arm's avatar
      aarch64: Enable Statistical Profiling Extensions for lower ELs · d832aee9
      dp-arm authored
      
      
      SPE is only supported in non-secure state.  Accesses to SPE specific
      registers from SEL1 will trap to EL3.  During a world switch, before
      `TTBR` is modified the SPE profiling buffers are drained.  This is to
      avoid a potential invalid memory access in SEL1.
      
      SPE is architecturally specified only for AArch64.
      
      Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      d832aee9
  10. 01 Jun, 2017 1 commit
  11. 23 May, 2017 2 commits
    • Masahiro Yamada's avatar
      cert: move platform_oid.h to include/tools_share for all platforms · bb41eb7a
      Masahiro Yamada authored
      
      
      Platforms aligned with TBBR are supposed to use their own OIDs, but
      defining the same macros with different OIDs does not provide any
      value (at least technically).
      
      For easier use of TBBR, this commit allows platforms to reuse the OIDs
      obtained by ARM Ltd.  This will be useful for non-ARM vendors that
      do not need their own extension fields in their certificate files.
      
      The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h
      
      Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by
      defining USE_TBBR_DEFS as 1.  USE_TBBR_DEFS is 0 by default to keep the
      backward compatibility.
      
      For clarification, I inserted a blank line between headers from the
      include/ directory (#include <...>) and ones from a local directory
      (#include "..." ).
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      bb41eb7a
    • Masahiro Yamada's avatar
      Build: fix assert_boolean implementation · be4cd40e
      Masahiro Yamada authored
      
      
      The current assert_boolean does not work with variables assigned with
      '=' flavor instead of ':='.
      
      For example,
      
       FOO = $(BAR)
       BAR := 1
      
      Here, $(value FOO) is evaluated to $(BAR), not 1.  This is not what
      we expect.  While I am here, I simplified the implementation.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      be4cd40e
  12. 15 May, 2017 1 commit
  13. 03 May, 2017 1 commit
  14. 02 May, 2017 2 commits
    • Evan Lloyd's avatar
      Build: Correct Unix specific echo commands · 052ab529
      Evan Lloyd authored
      
      
      Some recent changes have added direct use of the echo command without
      parameters.  This fails on a Windows shell, because echo without
      parameters reports the mode ("ECHO is on").
      This is corrected using the ECHO_BLANK_LINE macro already provided
      for that purpose.
      
      Change-Id: I5fd7192861b4496f6f46b4f096e80a752cd135d6
      Signed-off-by: default avatarEvan Lloyd <evan.lloyd@arm.com>
      052ab529
    • Evan Lloyd's avatar
      Build: Fix parallel build · 6ba7d274
      Evan Lloyd authored
      
      
      2 problems were found, but are in one change to avoid submitting a patch
      that might fail to build. The problems were:
      1.  The macro MAKE_PREREQ_DIR has a minor bug, in that it is capable of
          generating recursive dependencies.
      2.  The inclusion of BUILD_DIR in TEMP_OBJ_DIRS left no explicit
          dependency, BUILD_DIR might not exist when subdirectories are
          created by a thread on another CPU.
      
      This fix corrects these with the following changes:
      1.  MAKE_PREREQ_DIR does nothing for a direct self dependency.
      2.  BUILD_DIR is built using MAKE_PREREQ_DIR.
      3.  BUILD_DIR is an explicit prerequisite of all OBJ_DIRS.
      
      Change-Id: I938cddea4a006df225c02a47b9cf759212f27fb7
      Signed-off-by: default avatarEvan Lloyd <evan.lloyd@arm.com>
      6ba7d274
  15. 19 Apr, 2017 1 commit
    • Soby Mathew's avatar
      PSCI: Build option to enable D-Caches early in warmboot · bcc3c49c
      Soby Mathew authored
      
      
      This patch introduces a build option to enable D-cache early on the CPU
      after warm boot. This is applicable for platforms which do not require
      interconnect programming to enable cache coherency (eg: single cluster
      platforms). If this option is enabled, then warm boot path enables
      D-caches immediately after enabling MMU.
      
      Fixes ARM-Software/tf-issues#456
      
      Change-Id: I44c8787d116d7217837ced3bcf0b1d3441c8d80e
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      bcc3c49c
  16. 31 Mar, 2017 1 commit
    • Douglas Raillard's avatar
      Add support for GCC stack protection · 51faada7
      Douglas Raillard authored
      
      
      Introduce new build option ENABLE_STACK_PROTECTOR. It enables
      compilation of all BL images with one of the GCC -fstack-protector-*
      options.
      
      A new platform function plat_get_stack_protector_canary() is introduced.
      It returns a value that is used to initialize the canary for stack
      corruption detection. Returning a random value will prevent an attacker
      from predicting the value and greatly increase the effectiveness of the
      protection.
      
      A message is printed at the ERROR level when a stack corruption is
      detected.
      
      To be effective, the global data must be stored at an address
      lower than the base of the stacks. Failure to do so would allow an
      attacker to overwrite the canary as part of an attack which would void
      the protection.
      
      FVP implementation of plat_get_stack_protector_canary is weak as
      there is no real source of entropy on the FVP. It therefore relies on a
      timer's value, which could be predictable.
      
      Change-Id: Icaaee96392733b721fa7c86a81d03660d3c1bc06
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      51faada7
  17. 02 Mar, 2017 1 commit
  18. 14 Feb, 2017 1 commit
    • Jeenu Viswambharan's avatar
      Introduce locking primitives using CAS instruction · c877b414
      Jeenu Viswambharan authored
      
      
      The ARMv8v.1 architecture extension has introduced support for far
      atomics, which includes compare-and-swap. Compare and Swap instruction
      is only available for AArch64.
      
      Introduce build options to choose the architecture versions to target
      ARM Trusted Firmware:
      
        - ARM_ARCH_MAJOR: selects the major version of target ARM
          Architecture. Default value is 8.
      
        - ARM_ARCH_MINOR: selects the minor version of target ARM
          Architecture. Default value is 0.
      
      When:
      
        (ARM_ARCH_MAJOR > 8) || ((ARM_ARCH_MAJOR == 8) && (ARM_ARCH_MINOR >= 1)),
      
      for AArch64, Compare and Swap instruction is used to implement spin
      locks. Otherwise, the implementation falls back to using
      load-/store-exclusive instructions.
      
      Update user guide, and introduce a section in Firmware Design guide to
      summarize support for features introduced in ARMv8 Architecture
      Extensions.
      
      Change-Id: I73096a0039502f7aef9ec6ab3ae36680da033f16
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      c877b414
  19. 28 Jan, 2017 1 commit
    • Masahiro Yamada's avatar
      fiptool: support --align option to add desired alignment to image offset · 1c75d5df
      Masahiro Yamada authored
      
      
      The current fiptool packs all the images without any padding between
      them.  So, the offset to each image has no alignment.  This is not
      efficient, for example, when the FIP is read from a block-oriented
      device.
      
      For example, (e)MMC is accessed by block-addressing.  The block size
      is 512 byte.  So, the best case is each image is aligned by 512 byte
      since the DMA engine can transfer the whole of the image to its load
      address directly.  The worst case is the offset does not have even
      DMA-capable alignment (this is where we stand now).  In this case,
      we need to transfer every block to a bounce buffer, then do memcpy()
      from the bounce buffer to our final destination.  At least, this
      should work with the abstraction by the block I/O layer, but the
      CPU-intervention for the whole data transfer makes it really slow.
      
      This commit adds a new option --align to the fiptool.  This option,
      if given, requests the tool to align each component in the FIP file
      by the specified byte.  Also, add a new Make option FIP_ALIGN for
      easier access to this feature; users can give something like
      FIP_ALIGN=512 from the command line, or add "FIP_ALIGN := 512" to
      their platform.mk file.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      1c75d5df
  20. 19 Jan, 2017 2 commits
  21. 05 Jan, 2017 4 commits
  22. 14 Dec, 2016 1 commit
  23. 08 Nov, 2016 1 commit
  24. 29 Jul, 2016 1 commit
    • dp-arm's avatar
      Replace fip_create with fiptool · 819281ee
      dp-arm authored
      fiptool provides a more consistent and intuitive interface compared to
      the fip_create program.  It serves as a better base to build on more
      features in the future.
      
      fiptool supports various subcommands.  Below are the currently
      supported subcommands:
      
      1) info   - List the images contained in a FIP file.
      2) create - Create a new FIP file with the given images.
      3) update - Update an existing FIP with the given images.
      4) unpack - Extract a selected set or all the images from a FIP file.
      5) remove - Remove images from a FIP file.  This is a new command that
         was not present in fip_create.
      
      To create a new FIP file, replace "fip_create" with "fiptool create".
      
      To update a FIP file, replace "fip_create" with "fiptool update".
      
      To dump the contents of a FIP file, replace "fip_create --dump" with
      "fiptool info".
      
      A compatibility script that emulates the basic functionality of
      fip_create is provided.  Existing scripts might or might not work with
      the compatibility script.  Users are strongly encouraged to migrate to
      fiptool.
      
      Fixes ARM-Software/tf-issues#87
      Fixes ARM-Software/tf-issues#108
      Fixes ARM-Software/tf-issues#361
      
      Change-Id: I7ee4da7ac60179cc83cf46af890fd8bc61a53330
      819281ee
  25. 13 Jun, 2016 1 commit
  26. 14 Apr, 2016 1 commit
    • Sandrine Bailleux's avatar
      Give user's compiler flags precedence over default ones · 403973c9
      Sandrine Bailleux authored
      The user can provide additional CFLAGS to use when building TF.
      However, these custom CFLAGS are currently prepended to the
      standard CFLAGS that are hardcoded in the TF build system. This
      is an issue because when providing conflicting compiler flags
      (e.g. different optimisations levels like -O1 and -O0), the last
      one on the command line usually takes precedence. This means that
      the user flags get overriden.
      
      To address this problem, this patch separates the TF CFLAGS from
      the user CFLAGS. The former are now stored in the TF_CFLAGS make
      variable, whereas the CFLAGS make variable is untouched and reserved
      for the user. The order of the 2 sets of flags is enforced when
      invoking the compiler.
      
      Fixes ARM-Software/tf-issues#350
      
      Change-Id: Ib189f44555b885f1dffbec6015092f381600e560
      403973c9
  27. 01 Apr, 2016 7 commits
    • Evan Lloyd's avatar
      Make:Improve version string generation portability · 414ab853
      Evan Lloyd authored
      To get round problems encountered when building in a DOS build
      environment the generation of the .o file containing build identifier
      strings is modified.
      The problems encounterred were:
         1. DOS echo doesn't strip ' characters from the output text.
         2. git is not available from CMD.EXE so the BUILD_STRING value needs
            some other origin.
      
      A BUILD_STRING value of "development build" is used for now.
      
      MAKE_BUILD_STRINGS is used to customise build string generation in a DOS
      environment. This variable is not defined in the UNIX build environment
      make file helper, and so the existing build string generation behaviour
      is retained in these build environments.
      
      NOTE: This commit completes a cumulative series aimed at improving
            build portability across development environments.
            This enables the build to run on several new build environments,
            if the relevant tools are available.
            At this point the build is tested on Windows 7 Enterprise SP1,
            using CMD.EXE, Cygwin and Msys (MinGW),as well as a native
            Linux envionment".  The Windows platform builds used
            aarch64-none-elf-gcc.exe 4.9.1.  CMD.EXE and Msys used Gnu
            Make 3.81, cygwin used Gnu Make 4.1.
      
      CAVEAT: The cert_create tool build is not tested on the Windows
              platforms (openssl-for-windows has a GPL license).
      
      Change-Id: Iaa4fc89dbe2a9ebae87e2600c9eef10a6af30251
      414ab853
    • Evan Lloyd's avatar
      Make:Improve directory generation portability. · 51b27702
      Evan Lloyd authored
      Because of command differences in some build environments the "inline"
      method of generating the build directory structure is not portable.
      (e.g. in DOS environments the mkdir shell command fails if a directory
      already exists, whereas in UNIX environments it succeeds.)
      
      To improve portability we generate the directories needed using make,
      but use the "order-only prerequisites" feature of make to prevent writes
      of files into the directories generating re-builds, as suggested in the
      GNU make Manual (Version 4.1 September 2014).
      
      Change-Id: Ic9af475831063c7fe6f8bccffef184d79e799419
      51b27702
    • Evan Lloyd's avatar
      Make:Allow for extension in tool names. · 42a45b51
      Evan Lloyd authored
      In some build environments executable programs have a specific file
      extension.  The value of BIN_EXT is appended to the relevant tool file
      names to allow for this.
      The value of BIN_EXT is set, where appropriate, by the build environment
      specific make helper (to .exe for Windows build environments).
      
      .gitignore is updated to hide the new (.exe) files.
      
      Change-Id: Icc32f64b750e425265075ad4e0dea18129640b86
      42a45b51
    • Evan Lloyd's avatar
      Make:Use environment variables for OS detection. · e7f54dbd
      Evan Lloyd authored
      Add make helper files to select the appropriate settings for the build
      environment. Selection is made in make_helpers/build_env.mk, which
      selects other files to include using generic build environment settings.
      The Trusted Firmware Makefile and supporting tool Makefiles are updated
      to include build_env.mk instead of unix.mk.
      
      NOTE: This change does not fully enable builds in other build
            environments. It facilitates this without compromising the
            existing build environments.
      
      Change-Id: Ic4064ffe6ce158bbd16d7cc9f27dd4655a3580f6
      e7f54dbd
    • Evan Lloyd's avatar
      Make:Diagnostic fail if no eval · 1670d9df
      Evan Lloyd authored
      To help diagnose make problems, we report an error if the make
      program used does not provide the $(eval ) make functionality.
      This will detect early versions of GNU make and other make programs.
      
      Change-Id: I0ebb0f63694cf0b04eaeb7ea1e9e172fb9770ce0
      1670d9df
    • Evan Lloyd's avatar
      Make:Make shell commands more portable · f1477d4a
      Evan Lloyd authored
      Macros are inserted to replace direct invocations of commands that are
      problematic on some build environments. (e.g. Some environments expect
      \ in paths instead of /.)
      The changes take into account mismatched command mappings across
      environments.
      The new helper file unix.mk retains existing makefile behaviour on unix
      like build environments by providing the following macro definitions:
        SHELL_COPY        cp -f
        SHELL_COPY_TREE   cp -rf
        SHELL_DELETE      rm -f
        SHELL_DELETE_ALL  rm -rf
        MAKE_PREREQ_DIR   mkdir -p  (As make target)
        SHELL_REMOVE_DIR  rm -rf
      
      Change-Id: I1b5ca5e1208e78230b15284c4af00c1c006cffcb
      f1477d4a
    • Evan Lloyd's avatar
      Make:Remove calls to shell from makefiles. · 231c1470
      Evan Lloyd authored
      As an initial stage of making Trusted Firmware build environment more
      portable, we remove most uses of the $(shell ) function and replace them
      with more portable make function based solutions.
      
      Note that the setting of BUILD_STRING still uses $(shell ) since it's
      not possible to reimplement this as a make function. Avoiding invocation
      of this on incompatible host platforms will be implemented separately.
      
      Change-Id: I768e2f9a265c78814a4adf2edee4cc46cda0f5b8
      231c1470