- 27 Feb, 2018 1 commit
-
-
Antonio Nino Diaz authored
During the warm boot sequence: 1. The MMU is enabled with the data cache disabled. The MMU table walker is set up to access the translation tables as in cacheable memory, but its accesses are non-cacheable because SCTLR_EL3.C controls them as well. 2. The interconnect is set up and the CPU enters coherency with the rest of the system. 3. The data cache is enabled. If the support for dynamic translation tables is enabled and another CPU makes changes to a region, the changes may only be present in the data cache, not in RAM. The CPU that is booting isn't in coherency with the rest of the system, so the table walker of that CPU isn't either. This means that it may read old entries from RAM and it may have invalid TLB entries corresponding to the dynamic mappings. This is not a problem for the boot code because the mapping is 1:1 and the regions are static. However, the code that runs after the boot sequence may need to access the dynamically mapped regions. This patch invalidates all TLBs during warm boot when the dynamic translation tables support is enabled to prevent this problem. Change-Id: I80264802dc0aa1cb3edd77d0b66b91db6961af3d Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 22 Feb, 2018 1 commit
-
-
Soby Mathew authored
The AArch32 assembly implementation of `print_errata_status` did not save a register which was getting clobbered by a `get_cpu_ops_ptr`. This patch fixes that. Change-Id: Id0711e46b7c685a18a10328d4b513e952a5d860b Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 08 Feb, 2018 1 commit
-
-
Sandrine Bailleux authored
When enabling VERBOSE() traces, the zlib library fails to compile because of an incompatible format specifier string. Fix that. Change-Id: I74ff1c8dc2e6157ee982f7754bce4504599e3013 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 07 Feb, 2018 1 commit
-
-
Victor Chong authored
Currently optee header info is only printed after it is validated, but this does not help with debugging in case of error, so print it before. Signed-off-by: Victor Chong <victor.chong@linaro.org>
-
- 05 Feb, 2018 1 commit
-
-
Etienne Carriere authored
AArch32 only platforms can boot the OP-TEE secure firmware as a BL32 secure payload. Such configuration can be defined through AARCH32_SP=optee. The source files can rely on AARCH32_SP_OPTEE to condition OP-TEE boot specific instruction sequences. OP-TEE does not expect ARM Trusted Firmware formatted structure as boot argument. Load sequence is expected to have already loaded to OP-TEE boot arguments into the bl32 entrypoint info structure. Last, AArch32 platform can only boot AArch32 OP-TEE images. Change-Id: Ic28eec5004315fc9111051add6bb1a1d607fc815 Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
-
- 01 Feb, 2018 3 commits
-
-
Masahiro Yamada authored
This commit adds some more files to use zlib from TF. To use zlib, ->zalloc and ->zfree hooks are needed. The implementation depends on the system. For user-space, the libc provides malloc() and friends. Unfortunately, ARM Trusted Firmware does not provide malloc() or any concept of dynamic memory allocation. I implemented very simple calloc() and free() for this. Stupidly, zfree() never frees memory, but it works enough for this. The purpose of using zlib is to implement gunzip() - this function takes compressed data from in_buf, then dumps the decompressed data to oub_buf. The work_buf is used for memory allocation during the decompress. Upon exit, it updates in_buf and out_buf. If successful, in_buf points to the end of input data, out_buf to the end of the decompressed data. To use this feature, you need to do: - include lib/zlib/zlib.mk from your platform.mk - add $(ZLIB_SOURCES) to your BL*_SOURCES Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
Import the following files from zlib 1.2.11: adler32.c crc32.c crc32.h inffast.c inffast.h inffixed.h inflate.c inflate.h inftrees.c inftrees.h zconf.h zlib.h zutil.c zutil.h The original tarball is available from http://zlib.net/ The zlib is free software, distributed under the zlib license. The license text is included in the "zlib.h" file. It should be compatible with BSD-3-Clause. The zlib license is included in the SPDX license list available at https://spdx.org/licenses/ , but I did not add the SPDX license tag to the imported files above, to keep them as they are in the upstream project. This seems the general policy for ARM Trusted Firmware, as SPDX License Identifier was not added to files imported from FreeBSD. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The assertion in zero_normalmem() fails for BL2_AT_EL3. This mode is executed in EL3, so it should check sctlr_el3 instead of sctlr_el1. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 31 Jan, 2018 2 commits
-
-
Joel Hutton authored
Add amu_context_save() and amu_context_restore() functions for aarch32 Change-Id: I4df83d447adeaa9d9f203e16dc5a919ffc04d87a Signed-off-by: Joel Hutton <joel.hutton@arm.com>
-
Joel Hutton authored
Change-Id: Id6dfe885a63561b1d2649521bd020367b96ae1af Signed-off-by: Joel Hutton <joel.hutton@arm.com>
-
- 29 Jan, 2018 3 commits
-
-
Dimitris Papastamos authored
This patch implements a fast path for this SMC call on affected PEs by detecting and returning immediately after executing the workaround. NOTE: The MMU disable/enable workaround now assumes that the MMU was enabled on entry to EL3. This is a valid assumption as the code turns on the MMU after reset and leaves it on until the core powers off. Change-Id: I13c336d06a52297620a9760fb2461b4d606a30b3 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
In the initial implementation of this workaround we used a dedicated workaround context to save/restore state. This patch reduces the footprint as no additional context is needed. Additionally, this patch reduces the memory loads and stores by 20%, reduces the instruction count and exploits static branch prediction to optimize the SMC path. Change-Id: Ia9f6bf06fbf8a9037cfe7f1f1fb32e8aec38ec7d Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
On some platforms it may be necessary to discover the SMCCC version via a PSCI features call. Change-Id: I95281ac2263ca9aefda1809eb03464fbdb8ac24d Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 19 Jan, 2018 3 commits
-
-
Julius Werner authored
coreboot supports an in-memory console to store firmware logs even when no serial console is available. It is widely supported by coreboot-compatible bootloaders (including SeaBIOS and GRUB) and can be read by the Linux kernel. This patch allows BL31 to add its own log messages to this console. The driver will be registered automatically if coreboot support is compiled in and detects the presence of a console buffer in the coreboot tables. Change-Id: I31254dfa0c2fdeb7454634134b5707b4b4154907 Signed-off-by: Julius Werner <jwerner@chromium.org>
-
Julius Werner authored
This patch adds the foundation for a platform-independent coreboot support library that can be shared by all platforms that boot BL31 from coreboot (acting as BL2). It adds code to parse the "coreboot table", a data structure that coreboot uses to communicate different kinds of information to later-stage firmware and certain OS drivers. As a first small use case for this information, allow platforms to access the serial console configuration used by coreboot, removing the need to hardcode base address and divisors and allowing Trusted Firmware to benefit from coreboot's user configuration (e.g. which UART to pick and which baud rate to use). Change-Id: I2bfb39cd2609ce6640b844ab68df6c9ae3f28e9e Signed-off-by: Julius Werner <jwerner@chromium.org>
-
Manoj Kumar authored
In AARCH32 mode, cortex_a72_reset_func branches to address in lr register instead of r5 register. This leads to linux boot failure of Cortex-A72 cores in AARCH32 mode on Juno-R2 board. This patch fixes the branching of cortex_a72_reset_func to r5 register as in cortex_a57_reset_func implementation. Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
-
- 18 Jan, 2018 4 commits
-
-
Dimitris Papastamos authored
A per-cpu vbar is installed that implements the workaround by invalidating the branch target buffer (BTB) directly in the case of A9 and A17 and indirectly by invalidating the icache in the case of A15. For Cortex A57 and A72 there is currently no workaround implemented when EL3 is in AArch32 mode so report it as missing. For other vulnerable CPUs (e.g. Cortex A73 and Cortex A75), there are no changes since there is currently no upstream AArch32 EL3 support for these CPUs. Change-Id: Ib42c6ef0b3c9ff2878a9e53839de497ff736258f Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
Even though the workaround for CVE-2017-5715 is not a CPU erratum, the code is piggybacking on the errata framework to print whether the workaround was applied, missing or not needed. Change-Id: I821197a4b8560c73fd894cd7cd9ecf9503c72fa3 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
As we are using the errata framework to handle workarounds in a more general sense, change the default string to reflect that. Change-Id: I2e266af2392c9d95e18fe4e965f9a1d46fd0e95e Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Roberto Vargas authored
This patch enables BL2 to execute at the highest exception level without any dependancy on TF BL1. This enables platforms which already have a non-TF Boot ROM to directly load and execute BL2 and subsequent BL stages without need for BL1. This is not currently possible because BL2 executes at S-EL1 and cannot jump straight to EL3. Change-Id: Ief1efca4598560b1b8c8e61fbe26d1f44e929d69 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 15 Jan, 2018 1 commit
-
-
Dimitris Papastamos authored
If AMU is not supported by the hardware but it is enabled in Trusted Firmware, the console will be spammed with warnings every time a CPU is brought up with a CPU ON call. Remove the warning message as this is more in line with how other extensions like SPE and SVE are handled. Change-Id: Iba6d367e4d1375ab554d23d2eaceab3ae1362c5a Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 11 Jan, 2018 8 commits
-
-
Dimitris Papastamos authored
Change-Id: I504d3f65ca5829bc1f4ebadb764931f8379ee81f Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
On some systems, the AMU counters might reset to 0 when a CPU powerdown happens. This behaviour conflicts with the intended use-case of AMU as lower ELs are only expected to see non-decreasing counter values. Change-Id: If25519965d4e6e47e09225d0e732947986cbb5ec Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
Add some AMU helper functions to allow configuring, reading and writing of the Group 0 and Group 1 counters. Documentation for these helpers will come in a separate patch. Change-Id: I656e070d2dae830c22414f694aa655341d4e2c40 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
A new platform macro `PLAT_AMU_GROUP1_COUNTERS_MASK` controls which group 1 counters should be enabled. The maximum number of group 1 counters supported by AMUv1 is 16 so the mask can be at most 0xffff. If the platform does not define this mask, no group 1 counters are enabled. A related platform macro `PLAT_AMU_GROUP1_NR_COUNTERS` is used by generic code to allocate an array to save and restore the counters on CPU suspend. Change-Id: I6d135badf4846292de931a43bb563077f42bb47b Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
The suspend hook is published at the start of a CPU powerdown operation. The resume hook is published at the end of a CPU powerup operation. Change-Id: I50c05e2dde0d33834095ac41b4fcea4c161bb434 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
If the CSV2 field reads as 1 then branch targets trained in one context cannot affect speculative execution in a different context. In that case skip the workaround on Cortex A75. Change-Id: I4d5504cba516a67311fb5f0657b08f72909cbd38 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
Invalidate the Branch Target Buffer (BTB) on entry to EL3 by temporarily dropping into AArch32 Secure-EL1 and executing the `BPIALL` instruction. This is achieved by using 3 vector tables. There is the runtime vector table which is used to handle exceptions and 2 additional tables which are required to implement this workaround. The additional tables are `vbar0` and `vbar1`. The sequence of events for handling a single exception is as follows: 1) Install vector table `vbar0` which saves the CPU context on entry to EL3 and sets up the Secure-EL1 context to execute in AArch32 mode with the MMU disabled and I$ enabled. This is the default vector table. 2) Before doing an ERET into Secure-EL1, switch vbar to point to another vector table `vbar1`. This is required to restore EL3 state when returning from the workaround, before proceeding with normal EL3 exception handling. 3) While in Secure-EL1, the `BPIALL` instruction is executed and an SMC call back to EL3 is performed. 4) On entry to EL3 from Secure-EL1, the saved context from step 1) is restored. The vbar is switched to point to `vbar0` in preparation to handle further exceptions. Finally a branch to the runtime vector table entry is taken to complete the handling of the original exception. This workaround is enabled by default on the affected CPUs. NOTE ==== There are 4 different stubs in Secure-EL1. Each stub corresponds to an exception type such as Sync/IRQ/FIQ/SError. Each stub will move a different value in `R0` before doing an SMC call back into EL3. Without this piece of information it would not be possible to know what the original exception type was as we cannot use `ESR_EL3` to distinguish between IRQs and FIQs. Change-Id: I90b32d14a3735290b48685d43c70c99daaa4b434 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
Invalidate the Branch Target Buffer (BTB) on entry to EL3 by disabling and enabling the MMU. To achieve this without performing any branch instruction, a per-cpu vbar is installed which executes the workaround and then branches off to the corresponding vector entry in the main vector table. A side effect of this change is that the main vbar is configured before any reset handling. This is to allow the per-cpu reset function to override the vbar setting. This workaround is enabled by default on the affected CPUs. Change-Id: I97788d38463a5840a410e3cea85ed297a1678265 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 10 Jan, 2018 1 commit
-
-
Antonio Nino Diaz authored
`mm_cursor` doesn't have the needed data because the `memmove()` that is called right before it overwrites that information. In order to get the information of the region that was being mapped, `mm` has to be used instead (like it is done to fill the fields of `unmap_mm`). If the incorrect information is read, this check isn't reliable and `xlat_tables_unmap_region` may be requested to unmap memory that isn't mapped at all, triggering assertions. Change-Id: I602d4ac83095d4e5dac9deb34aa5d00d00e6c289 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 30 Nov, 2017 1 commit
-
-
David Cunado authored
This patch adds a new build option, ENABLE_SVE_FOR_NS, which when set to one EL3 will check to see if the Scalable Vector Extension (SVE) is implemented when entering and exiting the Non-secure world. If SVE is implemented, EL3 will do the following: - Entry to Non-secure world: SIMD, FP and SVE functionality is enabled. - Exit from Non-secure world: SIMD, FP and SVE functionality is disabled. As SIMD and FP registers are part of the SVE Z-registers then any use of SIMD / FP functionality would corrupt the SVE registers. The build option default is 1. The SVE functionality is only supported on AArch64 and so the build option is set to zero when the target archiecture is AArch32. This build option is not compatible with the CTX_INCLUDE_FPREGS - an assert will be raised on platforms where SVE is implemented and both ENABLE_SVE_FOR_NS and CTX_INCLUDE_FPREGS are set to 1. Also note this change prevents secure world use of FP&SIMD registers on SVE-enabled platforms. Existing Secure-EL1 Payloads will not work on such platforms unless ENABLE_SVE_FOR_NS is set to 0. Additionally, on the first entry into the Non-secure world the SVE functionality is enabled and the SVE Z-register length is set to the maximum size allowed by the architecture. This includes the use case where EL2 is implemented but not used. Change-Id: Ie2d733ddaba0b9bef1d7c9765503155188fe7dae Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 29 Nov, 2017 3 commits
-
-
Dimitris Papastamos authored
The `ENABLE_AMU` build option can be used to enable the architecturally defined AMU counters. At present, there is no support for the auxiliary counter group. Change-Id: Ifc7532ef836f83e629f2a146739ab61e75c4abc8 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
The `ENABLE_AMU` build option can be used to enable the architecturally defined AMU counters. At present, there is no support for the auxiliary counter group. Change-Id: I7ea0c0a00327f463199d1b0a481f01dadb09d312 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
The Cortex A75 has 5 AMU counters. The first three counters are fixed and the remaining two are programmable. A new build option is introduced, `ENABLE_AMU`. When set, the fixed counters will be enabled for use by lower ELs. The programmable counters are currently disabled. Change-Id: I4bd5208799bb9ed7d2596e8b0bfc87abbbe18740 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 23 Nov, 2017 1 commit
-
-
Matt Ma authored
This patch replaces the macro ASM_ASSERTION with the macro ENABLE_ASSERTIONS in ARM Cortex-A53/57/72 MPCore Processor related files. There is build error when ASM_ASSERTION is set to 1 and ENABLE_ASSERTIONS is set to 0 because function asm_assert in common/aarch32/debug.S is defined in the macro ENABLE_ASSERTIONS but is called with the macro ASM_ASSERTION. There is also the indication to use ENABLE_ASSERTIONS but not ASM_ASSERTION in the Makefile. Signed-off-by: Matt Ma <matt.ma@spreadtrum.com>
-
- 20 Nov, 2017 3 commits
-
-
Roberto Vargas authored
There is an edge case where the cache maintaince done in psci_do_cpu_off may not seen by some cores. This case is handled in psci_cpu_on_start but it hasn't handled in psci_affinity_info. Change-Id: I4d64f3d1ca9528e364aea8d04e2d254f201e1702 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Dimitris Papastamos authored
Factor out SPE operations in a separate file. Use the publish subscribe framework to drain the SPE buffers before entering secure world. Additionally, enable SPE before entering normal world. A side effect of this change is that the profiling buffers are now only drained when a transition from normal world to secure world happens. Previously they were drained also on return from secure world, which is unnecessary as SPE is not supported in S-EL1. Change-Id: I17582c689b4b525770dbb6db098b3a0b5777b70a Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
Factor out extension enabling to a separate function that is called before exiting from EL3 for first entry into Non-secure world. Change-Id: Ic21401ebba531134d08643c0a1ca9de0fc590a1b Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 17 Nov, 2017 1 commit
-
-
Antonio Nino Diaz authored
If an implementation of ARMv8.2 includes ARMv8.2-LPA, the value 0b0110 is permitted in ID_AA64MMFR0_EL1.PARange, which means that the Physical Address range supported is 52 bits (4 PiB). It is a reserved value otherwise. Change-Id: Ie0147218e9650aa09f0034a9ee03c1cca8db908a Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 15 Nov, 2017 1 commit
-
-
David Cunado authored
The FPEXC32_EL2 register controls SIMD and FP functionality when the lower ELs are executing in AArch32 mode. It is architecturally mapped to AArch32 system register FPEXC. This patch removes FPEXC32_EL2 register from the System Register context and adds it to the floating-point context. EL3 only saves / restores the floating-point context if the build option CTX_INCLUDE_FPREGS is set to 1. The rationale for this change is that if the Secure world is using FP functionality and EL3 is not managing the FP context, then the Secure world will save / restore the appropriate FP registers. NOTE - this is a break in behaviour in the unlikely case that CTX_INCLUDE_FPREGS is set to 0 and the platform contains an AArch32 Secure Payload that modifies FPEXC, but does not save and restore this register Change-Id: Iab80abcbfe302752d52b323b4abcc334b585c184 Signed-off-by: David Cunado <david.cunado@arm.com>
-