1. 14 Aug, 2020 2 commits
    • Jimmy Brisson's avatar
      Use true instead of 1 in while · 92069086
      Jimmy Brisson authored
      
      
      This resolves MISRA defects such as:
      
          plat/common/plat_bl1_common.c:63:[MISRA C-2012 Rule 14.4 (required)]
          The condition expression "1" does not have an essentially boolean type.
      
      Change-Id: I679411980ad661191fbc834a44a5eca5494fd0e2
      Signed-off-by: default avatarJimmy Brisson <jimmy.brisson@arm.com>
      92069086
    • Jimmy Brisson's avatar
      Prevent colliding identifiers · d74c6b83
      Jimmy Brisson authored
      
      
      There was a collision between the name of the typedef in the CASSERT and
      something else, so we make the name of the typedef unique to the
      invocation of DEFFINE_SVC_UUID2 by appending the name that's passed into
      the macro. This eliminates the following MISRA violation:
      
          bl1/bl1_main.c:233:[MISRA C-2012 Rule 5.6 (required)] Identifier
          "invalid_svc_uuid" is already used to represent a typedef.
      
      This also resolves MISRA rule 5.9.
      
      These renamings are as follows:
        * tzram -> secram. This matches the function call name as it has
        sec_mem in it's  name
        * fw_config_base -> config_base. This file does not mess with
        hw_conig, so there's little chance of confusion
      
      Change-Id: I8734ba0956140c8e29b89d0596d10d61a6ef351e
      Signed-off-by: default avatarJimmy Brisson <jimmy.brisson@arm.com>
      d74c6b83
  2. 31 Jul, 2020 1 commit
    • Alexei Fedorov's avatar
      BL31: Fix relocation error for PIE · c2e3b3bb
      Alexei Fedorov authored
      
      
      This patch fixes BL31 linker error
       "relocation R_AARCH64_ABS32 against `a local symbol'
       can not be used when making a shared object"
      when Position Independent Executable (PIE) support
      is enabled with ENABLE_PIE=1 build option.
      
      Change-Id: I2692269676db3f3b27eed499fc029fffb67969be
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      c2e3b3bb
  3. 26 Jul, 2020 1 commit
    • Manish V Badarkhe's avatar
      SMCCC: Introduce function to check SMCCC function availability · 6f0a2f04
      Manish V Badarkhe authored
      
      
      Currently, 'SMCCC_ARCH_FEATURES' SMC call handler unconditionally
      returns 'SMC_OK' for 'SMCCC_ARCH_SOC_ID' function. This seems to
      be not correct for the platform which doesn't implement soc-id
      functionality i.e. functions to retrieve both soc-version and
      soc-revision.
      Hence introduced a platform function which will check whether SMCCC
      feature is available for the platform.
      
      Also, updated porting guide for the newly added platform function.
      
      Change-Id: I389f0ef6b0837bb24c712aa995b7176117bc7961
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      6f0a2f04
  4. 21 Jul, 2020 1 commit
  5. 13 Jul, 2020 1 commit
  6. 31 May, 2020 1 commit
    • Alexei Fedorov's avatar
      TF-A: Fix BL31 linker script error · 34dd1e96
      Alexei Fedorov authored
      
      
      The patch fixes BL31 linker script error
      "Init code ends past the end of the stacks"
      for platforms with number of CPUs less than 4,
      which is caused by __STACKS_END__ address being
      lower than __INIT_CODE_END__.
      The modified BL31 linker script detects such cases
      and increases the total amount of stack memory,
      setting __STACKS_END__ = __INIT_CODE_END__, and
      CPUs' stacks are calculated by BL31 'plat_get_my_stack'
      function accordingly. For platforms with more than 4 CPUs
      and __INIT_CODE_END__ < __STACKS_END__ stack memory does not
      increase and allocated CPUs' stacks match the existing
      implementation.
      The patch removes exclusion of PSCI initialization
      functions from the reclaimed .init section in
      'arm_reclaim_init.ld.S' script, which increases the
      size of reclaimed memory region.
      
      Change-Id: I927773e00dd84e1ffe72f9ee534f4f2fc7b6153c
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      34dd1e96
  7. 25 May, 2020 1 commit
    • J-Alves's avatar
      SPCI is now called PSA FF-A · 662af36d
      J-Alves authored
      
      
      SPCI is renamed as PSA FF-A which stands for Platform Security
      Architecture Firmware Framework for A class processors.
      This patch replaces the occurrence of SPCI with PSA FF-A(in documents)
      or simply FFA(in code).
      
      Change-Id: I4ab10adb9ffeef1ff784641dfafd99f515133760
      Signed-off-by: default avatarJ-Alves <joao.alves@arm.com>
      662af36d
  8. 19 May, 2020 1 commit
    • johpow01's avatar
      Enable v8.6 WFE trap delays · 6cac724d
      johpow01 authored
      
      
      This patch enables the v8.6 extension to add a delay before WFE traps
      are taken. A weak hook plat_arm_set_twedel_scr_el3 has been added in
      plat/common/aarch64/plat_common.c that disables this feature by default
      but platform-specific code can override it when needed.
      
      The only hook provided sets the TWED fields in SCR_EL3, there are similar
      fields in HCR_EL2, SCTLR_EL2, and SCTLR_EL1 to control WFE trap delays in
      lower ELs but these should be configured by code running at EL2 and/or EL1
      depending on the platform configuration and is outside the scope of TF-A.
      Signed-off-by: default avatarJohn Powell <john.powell@arm.com>
      Change-Id: I0a9bb814205efeab693a3d0a0623e62144abba2d
      6cac724d
  9. 13 May, 2020 2 commits
    • Olivier Deprez's avatar
      SPMD: extract SPMC DTB header size from SPMD · 23d5ba86
      Olivier Deprez authored
      
      
      Currently BL2 passes TOS_FW_CONFIG address and size through registers to
      BL31. This corresponds to SPMC manifest load address and size. The SPMC
      manifest is mapped in BL31 by dynamic mapping. This patch removes BL2
      changes from generic code (which were enclosed by SPD=spmd) and retrieves
      SPMC manifest size directly from within SPMD. The SPMC manifest load
      address is still passed through a register by generic code.
      Signed-off-by: default avatarOlivier Deprez <olivier.deprez@arm.com>
      Change-Id: I35c5abd95c616ae25677302f0b1d0c45c51c042f
      23d5ba86
    • Olivier Deprez's avatar
      SPMD: code/comments cleanup · 52696946
      Olivier Deprez authored
      As a follow-up to bdd2596d
      
      , and related to SPM Dispatcher
      EL3 component and SPM Core S-EL2/S-EL1 component: update
      with cosmetic and coding rules changes. In addition:
      -Add Armv8.4-SecEL2 arch detection helper.
      -Add an SPMC context (on current core) get helper.
      -Return more meaningful error return codes.
      -Remove complexity in few spmd_smc_handler switch-cases.
      -Remove unused defines and structures from spmd_private.h
      Signed-off-by: default avatarOlivier Deprez <olivier.deprez@arm.com>
      Change-Id: I99e642450b0dafb19d3218a2f0e2d3107e8ca3fe
      52696946
  10. 29 Apr, 2020 1 commit
    • Andre Przywara's avatar
      fdt/wrappers: Replace fdtw_read_cells() implementation · ff4e6c35
      Andre Przywara authored
      Our fdtw_read_cells() implementation goes to great lengths to
      sanity-check every parameter and result, but leaves a big hole open:
      The size of the storage the value pointer points at needs to match the
      number of cells given. This can't be easily checked at compile time,
      since we lose the size information by using a void pointer.
      Regardless the current usage of this function is somewhat wrong anyways,
      since we use it on single-element, fixed-length properties only, for
      which the DT binding specifies the size.
      Typically we use those functions dealing with a number of cells in DT
      context to deal with *dynamically* sized properties, which depend on
      other properties (#size-cells, #clock-cells, ...), to specify the number
      of cells needed.
      
      Another problem with the current implementation is the use of
      ambiguously sized types (uintptr_t, size_t) together with a certain
      expectation about their size. In general there is no relation between
      the length of a DT property and the bitness of the code that parses the
      DTB: AArch64 code could encounter 32-bit addresses (where the physical
      address space is limited to 4GB [1]), while AArch32 code could read
      64-bit sized properties (/memory nodes on LPAE systems, [2]).
      
      To make this more clear, fix the potential issues and also align more
      with other DT users (Linux and U-Boot), introduce functions to explicitly
      read uint32 and uint64 properties. As the other DT consumers, we do this
      based on the generic "read array" function.
      Convert all users to use either of those two new functions, and make
      sure we never use a pointer to anything other than uint32_t or uint64_t
      variables directly.
      
      This reveals (and fixes) a bug in plat_spmd_manifest.c, where we write
      4 bytes into a uint16_t variable (passed via a void pointer).
      
      Also we change the implementation of the function to better align with
      other libfdt users, by using the right types (fdt32_t) and common
      variable names (*prop, prop_names).
      
      [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi#n874
      [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/boot/dts/ecx-2000.dts
      
      
      
      Change-Id: I718de960515117ac7a3331a1b177d2ec224a3890
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      ff4e6c35
  11. 27 Mar, 2020 1 commit
    • Zelalem's avatar
      Flush dcache when storing timestamp · f27b6924
      Zelalem authored
      
      
      On DynamIQ CPU FVPs, stats test cases are failing when
      hardware-assisted coherency is enabled due to a corrupt
      timestamp value. Investigation of the issue indicates that
      on these models the timestamp value is stored in cache
      instead of memory. This patch flushes the dcache when the
      timestamp is stored to make sure it is stored in memory.
      
      Change-Id: I05cd54ba5991a5a96dd07f1e08b5212273201411
      Signed-off-by: default avatarZelalem <zelalem.aweke@arm.com>
      f27b6924
  12. 17 Mar, 2020 1 commit
  13. 12 Mar, 2020 1 commit
  14. 06 Mar, 2020 2 commits
    • Alexei Fedorov's avatar
      Fix crash dump for lower EL · b4292bc6
      Alexei Fedorov authored
      
      
      This patch provides a fix for incorrect crash dump data for
      lower EL when TF-A is built with HANDLE_EA_EL3_FIRST=1 option
      which enables routing of External Aborts and SErrors to EL3.
      
      Change-Id: I9d5e6775e6aad21db5b78362da6c3a3d897df977
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      b4292bc6
    • Sumit Garg's avatar
      TBB: Add an IO abstraction layer to load encrypted firmwares · 2be57b86
      Sumit Garg authored
      
      
      TBBR spec advocates for optional encryption of firmwares (see optional
      requirement: R060_TBBR_FUNCTION). So add an IO abstaction layer to
      support firmware decryption that can be stacked above any underlying IO/
      packaging layer like FIP etc. It aims to provide a framework to load any
      encrypted IO payload.
      
      Also, add plat_get_enc_key_info() to be implemented in a platform
      specific manner as handling of encryption key may vary from one platform
      to another.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I9892e0ddf00ebecb8981301dbfa41ea23e078b03
      2be57b86
  15. 03 Mar, 2020 1 commit
  16. 20 Feb, 2020 1 commit
  17. 10 Feb, 2020 1 commit
  18. 04 Feb, 2020 1 commit
  19. 10 Jan, 2020 1 commit
    • Deepika Bhavnani's avatar
      Unify type of "cpu_idx" across PSCI module. · 5b33ad17
      Deepika Bhavnani authored
      
      
      NOTE for platform integrators:
         API `plat_psci_stat_get_residency()` third argument
         `last_cpu_idx` is changed from "signed int" to the
         "unsigned int" type.
      
      Issue / Trouble points
      1. cpu_idx is used as mix of `unsigned int` and `signed int` in code
      with typecasting at some places leading to coverity issues.
      
      2. Underlying platform API's return cpu_idx as `unsigned int`
      and comparison is performed with platform specific defines
      `PLAFORM_xxx` which is not consistent
      
      Misra Rule 10.4:
      The value of a complex expression of integer type may only be cast to
      a type that is narrower and of the same signedness as the underlying
      type of the expression.
      
      Based on above points, cpu_idx is kept as `unsigned int` to match
      the API's and low-level functions and platform defines are updated
      where ever required
      Signed-off-by: default avatarDeepika Bhavnani <deepika.bhavnani@arm.com>
      Change-Id: Ib26fd16e420c35527204b126b9b91e8babcc3a5c
      5b33ad17
  20. 09 Jan, 2020 1 commit
  21. 20 Dec, 2019 1 commit
    • Paul Beesley's avatar
      spm: Remove SPM Alpha 1 prototype and support files · 538b0020
      Paul Beesley authored
      
      
      The Secure Partition Manager (SPM) prototype implementation is
      being removed. This is preparatory work for putting in place a
      dispatcher component that, in turn, enables partition managers
      at S-EL2 / S-EL1.
      
      This patch removes:
      
      - The core service files (std_svc/spm)
      - The Resource Descriptor headers (include/services)
      - SPRT protocol support and service definitions
      - SPCI protocol support and service definitions
      
      Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426
      Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      Signed-off-by: default avatarArtsem Artsemenka <artsem.artsemenka@arm.com>
      538b0020
  22. 11 Sep, 2019 1 commit
    • Justin Chadwell's avatar
      Add UBSAN support and handlers · 1f461979
      Justin Chadwell authored
      
      
      This patch adds support for the Undefined Behaviour sanitizer. There are
      two types of support offered - minimalistic trapping support which
      essentially immediately crashes on undefined behaviour and full support
      with full debug messages.
      
      The full support relies on ubsan.c which has been adapted from code used
      by OPTEE.
      
      Change-Id: I417c810f4fc43dcb56db6a6a555bfd0b38440727
      Signed-off-by: default avatarJustin Chadwell <justin.chadwell@arm.com>
      1f461979
  23. 19 Aug, 2019 1 commit
  24. 01 Aug, 2019 1 commit
    • Julius Werner's avatar
      Switch AARCH32/AARCH64 to __aarch64__ · 402b3cf8
      Julius Werner authored
      
      
      NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__.
      
      All common C compilers pre-define the same macros to signal which
      architecture the code is being compiled for: __arm__ for AArch32 (or
      earlier versions) and __aarch64__ for AArch64. There's no need for TF-A
      to define its own custom macros for this. In order to unify code with
      the export headers (which use __aarch64__ to avoid another dependency),
      let's deprecate the AARCH32 and AARCH64 macros and switch the code base
      over to the pre-defined standard macro. (Since it is somewhat
      unintuitive that __arm__ only means AArch32, let's standardize on only
      using __aarch64__.)
      
      Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      402b3cf8
  25. 28 Jun, 2019 1 commit
  26. 03 Apr, 2019 1 commit
  27. 01 Apr, 2019 1 commit
    • Ambroise Vincent's avatar
      Remove several warnings reported with W=1 · 609e053c
      Ambroise Vincent authored
      
      
      Improved support for W=1 compilation flag by solving missing-prototypes
      and old-style-definition warnings.
      
      The libraries are compiling with warnings (which turn into errors with
      the Werror flag).
      
      Outside of libraries, some warnings cannot be fixed without heavy
      structural changes.
      
      Change-Id: I1668cf99123ac4195c2a6a1d48945f7a64c67f16
      Signed-off-by: default avatarAmbroise Vincent <ambroise.vincent@arm.com>
      609e053c
  28. 28 Feb, 2019 2 commits
  29. 07 Feb, 2019 1 commit
  30. 04 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Sanitise includes across codebase · 09d40e0e
      Antonio Nino Diaz authored
      Enforce full include path for includes. Deprecate old paths.
      
      The following folders inside include/lib have been left unchanged:
      
      - include/lib/cpus/${ARCH}
      - include/lib/el3_runtime/${ARCH}
      
      The reason for this change is that having a global namespace for
      includes isn't a good idea. It defeats one of the advantages of having
      folders and it introduces problems that are sometimes subtle (because
      you may not know the header you are actually including if there are two
      of them).
      
      For example, this patch had to be created because two headers were
      called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform
      to avoid collision."). More recently, this patch has had similar
      problems: 46f9b2c3 ("drivers: add tzc380 support").
      
      This problem was introduced in commit 4ecca339
      
       ("Move include and
      source files to logical locations"). At that time, there weren't too
      many headers so it wasn't a real issue. However, time has shown that
      this creates problems.
      
      Platforms that want to preserve the way they include headers may add the
      removed paths to PLAT_INCLUDES, but this is discouraged.
      
      Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      09d40e0e
  31. 11 Dec, 2018 1 commit
  32. 10 Dec, 2018 2 commits
  33. 07 Dec, 2018 2 commits
    • Julius Werner's avatar
      plat/common/crash_console_helpers.S: Fix MULTI_CONSOLE_API support · 63c52d00
      Julius Werner authored
      Crash reporting via the default consoles registered by MULTI_CONSOLE_API
      has been broken since commit d35cc347
      
       (Console: Use callee-saved
      registers), which was introduced to allow console drivers written in C.
      It's not really possible with the current crash reporting framework to
      support console drivers in C, however we should make sure that the
      existing assembly drivers that do support crash reporting continue to
      work through the MULTI_CONSOLE_API.
      
      This patch fixes the problem by creating custom console_putc() and
      console_flush() implementations for the crash reporting case that do not
      use the stack. Platforms that want to use this feature will have to link
      plat/common/aarch64/crash_console_helpers.S explicitly.
      
      Also update the documentation to better reflect the new reality (of this
      being an option rather than the expected default for most platforms).
      
      Change-Id: Id0c761e5e2fddaf25c277bc7b8ab603946ca73cb
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      63c52d00
    • Julius Werner's avatar
      plat/common: Remove duplication of plat_crash_console functions/stubs · b2f7c9dd
      Julius Werner authored
      Commit e74afb65 (Deprecate weak crash console functions) deprecated the
      default inclusion of weak definitions for plat_crash_console functions
      in plat/common/aarch64/platform_helpers.S. The code was later copied out
      to plat/common/aarch64/crash_console_helpers.S so platforms can link it
      explicitly if they want to. However, since deprecation does not mean
      removal, the same code is also still duplicated in platform_helpers.S.
      
      The duplicated code contains both empty stubs for the !MULTI_CONSOLE_API
      case, and a real implementation that used to work but was broken by
      commit d35cc347
      
       (Console: Use callee-saved registers) for
      MULTI_CONSOLE_API. It's not great to have both of these duplicated in
      two files, so this patch splits them up: in platform_helpers.S we'll
      only keep the empty stubs (guarded by !ERROR_DEPRECATED), which should
      not regress functionality since the MULTI_CONSOLE_API implementation was
      already broken anyway. In crash_console_helpers.S, we'll only keep the
      MULTI_CONSOLE_API version, which is enough both as an implementation in
      itself and as a sample for how to reimplement these functions in a
      platform-specific file.
      
      Change-Id: I83d95a90ab6aac597dc2ea2f2797ac2c8ed075d4
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      b2f7c9dd
  34. 26 Oct, 2018 1 commit