- 20 Apr, 2017 2 commits
-
-
Antonio Nino Diaz authored
Many asserts depend on code that is conditionally compiled based on the DEBUG define. This patch modifies the conditional inclusion of such code so that it is based on the ENABLE_ASSERTIONS build option. Change-Id: I6406674788aa7e1ad7c23d86ce94482ad3c382bd Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
The build option `ENABLE_ASSERTIONS` should be used instead. That way both C and ASM assertions can be enabled or disabled together. All occurrences of `ASM_ASSERTION` in common code and ARM platforms have been replaced by `ENABLE_ASSERTIONS`. ASM_ASSERTION has been removed from the user guide. Change-Id: I51f1991f11b9b7ff83e787c9a3270c274748ec6f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 19 Apr, 2017 1 commit
-
-
Antonio Nino Diaz authored
Add the new build option `ENABLE_ASSERTIONS` that controls whether or not assert functions are compiled out. It defaults to 1 for debug builds and to 0 for release builds. Additionally, a following patch will be done to allow this build option to hide auxiliary code used for the checks done in an `assert()`. This code is is currently under the DEBUG build flag. Assert messages are now only printed if LOG_LEVEL >= LOG_LEVEL_INFO, which is the default for debug builds. This patch also updates the User Guide. Change-Id: I1401530b56bab25561bb0f274529f1d12c5263bc Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 13 Apr, 2017 1 commit
-
-
Vignesh Radhakrishnan authored
This patch adds support for fake system suspend (SC7). This is a debug mode, to ensure that a different code path is executed for cases like pre-silicon development, where a full-fledged SC7 is not possible in early stages. This particular patch ensures that, if fake system suspend is enabled (denoted by tegra_fake_system_suspend variable having a non-zero value), instead of calling WFI, a request for a warm reset is made for starting the SC7 exit procedure. This ensures that the code path of kernel->ATF and back to kernel is executed without depending on other components involved in SC7 code path. Additionally, this patch also adds support for SMC call from kernel, enabling fake system suspend mode. Signed-off-by: Vignesh Radhakrishnan <vigneshr@nvidia.com> Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 03 Apr, 2017 1 commit
-
-
Douglas Raillard authored
Some header files using the ULL() macro were not directly including utils.h where the macro definition resides. As a consequence, a linker script with values using this macro did not see the macro definition and kept the "ULL(<value>)" call in the preprocessed file, which lead to link error. Files using ULL() macro now include utils.h directly. Change-Id: I433a7f36bd21a156c20e69bc2a2bb406140ebdf9 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 31 Mar, 2017 4 commits
-
-
dp-arm authored
Change-Id: If88270bc9edb32634a793b1e1be6c4829f39b9c5 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
Douglas Raillard authored
Introduce new build option ENABLE_STACK_PROTECTOR. It enables compilation of all BL images with one of the GCC -fstack-protector-* options. A new platform function plat_get_stack_protector_canary() is introduced. It returns a value that is used to initialize the canary for stack corruption detection. Returning a random value will prevent an attacker from predicting the value and greatly increase the effectiveness of the protection. A message is printed at the ERROR level when a stack corruption is detected. To be effective, the global data must be stored at an address lower than the base of the stacks. Failure to do so would allow an attacker to overwrite the canary as part of an attack which would void the protection. FVP implementation of plat_get_stack_protector_canary is weak as there is no real source of entropy on the FVP. It therefore relies on a timer's value, which could be predictable. Change-Id: Icaaee96392733b721fa7c86a81d03660d3c1bc06 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
Antonio Nino Diaz authored
This API makes sure that all the characters sent to the crash console are output before returning from it. Porting guide updated. Change-Id: I1785f970a40f6aacfbe592b6a911b1f249bb2735 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
This function ensures that console output is flushed, for example before shutting down or use by another component In line with other console APIs, console_flush() wraps console_core_flush(). Also implement console_core_flush() for PL011. Change-Id: I3db365065e4de04a454a5c2ce21be335a23a01e4 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 28 Mar, 2017 1 commit
-
-
Summer Qin authored
This patch adds an additional flag `XLAT_TABLE_NC` which marks the translation tables as Non-cacheable for MMU accesses. Change-Id: I7c28ab87f0ce67da237fadc3627beb6792860fd4 Signed-off-by: Summer Qin <summer.qin@arm.com>
-
- 27 Mar, 2017 2 commits
-
-
Soby Mathew authored
This patch re-factors the following headers to make it easier to integrate the PSCI library with an AArch32 Secure Payload : * bl_common.h : The entry point information and the param header data structures are factored out into separate headers ep_info.h and param_headers.h * psci.h : The PSCI library interfaces are factored out into the new header psci_lib.h * context_mgmt.h : The header file is modified to not include arch.h when compiled for AArch32 mode. No functional changes are introduced by this patch. Change-Id: I5e21a843c0af2ba8e47dee4e577cf95929be8cd4 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Summer Qin authored
This patch modifies some of the functions in ARM platform layer to cater for the case when multi-threading `MT` is set in MPIDR. A new build flag `ARM_PLAT_MT` is added, and when enabled, the functions accessing MPIDR now assume that the `MT` bit is set for the platform and access the bit fields accordingly. Also, a new API plat_arm_get_cpu_pe_count is added when `ARM_PLAT_MT` is enabled, returning the PE count within the physical cpu corresponding to `mpidr`. Change-Id: I04ccf212ac3054a60882761f4087bae299af13cb Signed-off-by: Summer Qin <summer.qin@arm.com>
-
- 22 Mar, 2017 1 commit
-
-
dp-arm authored
These macros are not part of mbed TLS so they should not be prefixed with `MBEDTLS_` to avoid potential collision in the future. Use the `TBBR_` suffix to highlight that they only used in TF. `MBEDTLS_KEY_ALG` was not modified because that is documented and used by platforms to select the key algorithm. Change-Id: Ief224681715c481691c80810501830ce16e210b0 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 20 Mar, 2017 1 commit
-
-
Andre Przywara authored
ARM erratum 855873 applies to all Cortex-A53 CPUs. The recommended workaround is to promote "data cache clean" instructions to "data cache clean and invalidate" instructions. For core revisions of r0p3 and later this can be done by setting a bit in the CPUACTLR_EL1 register, so that hardware takes care of the promotion. As CPUACTLR_EL1 is both IMPLEMENTATION DEFINED and can be trapped to EL3, we set the bit in firmware. Also we dump this register upon crashing to provide more debug information. Enable the workaround for the Juno boards. Change-Id: I3840114291958a406574ab6c49b01a9d9847fec8 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
- 08 Mar, 2017 4 commits
-
-
Antonio Nino Diaz authored
Modify ARM common makefile to use version 2 of the translation tables library and include the new header in C files. Simplify header dependencies related to this library to simplify the change. The following table contains information about the size increase in bytes for BL1 after applying this patch. The code has been compiled for different configurations of FVP in AArch64 mode with compiler GCC 4.9.3 20150413. The sizes have been calculated with the output of `nm` by adding the size of all regions and comparing the total size before and after the change. They are sumarized in the table below: text bss data total Release +660 -20 +88 +728 Debug +740 -20 +242 +962 Debug (LOG_LEVEL=50) +1120 -20 +317 +1417 Change-Id: I539e307f158ab71e3a8b771640001fc1bf431b29 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
TLBI instructions for EL3 won't have the desired effect under specific circumstances in Cortex-A57 r0p0. The workaround is to execute DSB and TLBI twice each time. Even though this errata is only needed in r0p0, the current errata framework is not prepared to apply run-time workarounds. The current one is always applied if compiled in, regardless of the CPU or its revision. This errata has been enabled for Juno. The `DSB` instruction used when initializing the translation tables has been changed to `DSB ISH` as an optimization and to be consistent with the barriers used for the workaround. Change-Id: Ifc1d70b79cb5e0d87e90d88d376a59385667d338 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Added APIs to add and remove regions to the translation tables dynamically while the MMU is enabled. Only static regions are allowed to overlap other static ones (for backwards compatibility). A new private attribute (MT_DYNAMIC / MT_STATIC) has been added to flag each region as such. The dynamic mapping functionality can be enabled or disabled when compiling by setting the build option PLAT_XLAT_TABLES_DYNAMIC to 1 or 0. This can be done per-image. TLB maintenance code during dynamic table mapping and unmapping has also been added. Fixes ARM-software/tf-issues#310 Change-Id: I19e8992005c4292297a382824394490c5387aa3b Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
The folder lib/xlat_tables_v2 has been created to store a new version of the translation tables library for further modifications in patches to follow. At the moment it only contains a basic implementation that supports static regions. This library allows different translation tables to be modified by using different 'contexts'. For now, the implementation defaults to the translation tables used by the current image, but it is possible to modify other tables than the ones in use. Added a new API to print debug information for the current state of the translation tables, rather than printing the information while the tables are being created. This allows subsequent debug printing of the xlat tables after they have been changed, which will be useful when dynamic regions are implemented in a patch to follow. The common definitions stored in `xlat_tables.h` header have been moved to a new file common to both versions, `xlat_tables_defs.h`. All headers related to the translation tables library have been moved to a the subfolder `xlat_tables`. Change-Id: Ia55962c33e0b781831d43a548e505206dffc5ea9 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 06 Mar, 2017 1 commit
-
-
Anthony Zhou authored
According to the ARM DEN0028A spec, hypervisor ID(VMID) should be stored in x7 (or w7). This patch gets this value from the context and passes it to Trusty. In order to do so, introduce new macros to pass five to eight parameters to the Trusted OS. Change-Id: I101cf45d0712e1e880466b2274f9a48af755c9fa Signed-off-by: Anthony Zhou <anzhou@nvidia.com> Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 02 Mar, 2017 1 commit
-
-
Soby Mathew authored
Due to incorrect conditional compilation checks, bakery locks were excluded from the CCN driver and the power controller driver for FVP when BL32 was built as the EL3 Runtime Software in AArch32 mode. This patch corrects the same. Change-Id: Ib1f163d9167a5c38e4d622232c4835cad9c235aa Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 28 Feb, 2017 2 commits
-
-
Varun Wadekar authored
This patch exports memcpy16() for platforms, as an option to memcpy(). Change-Id: I5d4e1cfb4608ec3674224b1447fdd740de549b1f Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch enables L2 ECC and Parity Protection for ARM Cortex-A57 CPUs for Tegra SoCs. Change-Id: I038fcd529991d0201a4951ce2730ab71b1c980f9 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 23 Feb, 2017 1 commit
-
-
Varun Wadekar authored
This patch moves the code to disable DCO operations out from common CPU files. This allows the platform code to call thsi API as and when required. There are certain CPU power down states which require the DCO to be kept ON and platforms can decide selectively now. Change-Id: Icb946fe2545a7d8c5903c420d1ee169c4921a2d1 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 22 Feb, 2017 1 commit
-
-
Varun Wadekar authored
This patch adds support for all variants of the Denver CPUs. The variants export their cpu_ops to allow all Denver platforms to run the Trusted Firmware stack. Change-Id: I1488813ddfd506ffe363d8a32cda1b575e437035 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 15 Feb, 2017 2 commits
-
-
dp-arm authored
On Juno, the secure privileged invasive debug authentication signal (SPIDEN) is controlled by board SCC registers, which by default enable SPIDEN. Disable secure privileged external debug in release builds by programming the appropriate Juno SoC registers. Change-Id: I61045f09a47dc647bbe95e1b7a60e768f5499f49 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
dp-arm authored
Trusted Firmware currently has no support for secure self-hosted debug. To avoid unexpected exceptions, disable software debug exceptions, other than software breakpoint instruction exceptions, from all exception levels in secure state. This applies to both AArch32 and AArch64 EL3 initialization. Change-Id: Id097e54a6bbcd0ca6a2be930df5d860d8d09e777 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 13 Feb, 2017 1 commit
-
-
dp-arm authored
This patch introduces the following three platform interfaces: * void plat_psci_stat_accounting_start(const psci_power_state_t *state_info) This is an optional hook that platforms can implement in order to perform accounting before entering a low power state. This typically involves capturing a timestamp. * void plat_psci_stat_accounting_stop(const psci_power_state_t *state_info) This is an optional hook that platforms can implement in order to perform accounting after exiting from a low power state. This typically involves capturing a timestamp. * u_register_t plat_psci_stat_get_residency(unsigned int lvl, const psci_power_state_t *state_info, unsigned int last_cpu_index) This is an optional hook that platforms can implement in order to calculate the PSCI stat residency. If any of these interfaces are overridden by the platform, it is recommended that all of them are. By default `ENABLE_PSCI_STAT` is disabled. If `ENABLE_PSCI_STAT` is set but `ENABLE_PMF` is not set then an alternative PSCI stat collection backend must be provided. If both are set, then default weak definitions of these functions are provided, using PMF to calculate the residency. NOTE: Previously, platforms did not have to explicitly set `ENABLE_PMF` since this was automatically done by the top-level Makefile. Change-Id: I17b47804dea68c77bc284df15ee1ccd66bc4b79b Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 06 Feb, 2017 1 commit
-
-
Douglas Raillard authored
Introduce zeromem_dczva function on AArch64 that can handle unaligned addresses and make use of DC ZVA instruction to zero a whole block at a time. This zeroing takes place directly in the cache to speed it up without doing external memory access. Remove the zeromem16 function on AArch64 and replace it with an alias to zeromem. This zeromem16 function is now deprecated. Remove the 16-bytes alignment constraint on __BSS_START__ in firmware-design.md as it is now not mandatory anymore (it used to comply with zeromem16 requirements). Change the 16-bytes alignment constraints in SP min's linker script to a 8-bytes alignment constraint as the AArch32 zeromem implementation is now more efficient on 8-bytes aligned addresses. Introduce zero_normalmem and zeromem helpers in platform agnostic header that are implemented this way: * AArch32: * zero_normalmem: zero using usual data access * zeromem: alias for zero_normalmem * AArch64: * zero_normalmem: zero normal memory using DC ZVA instruction (needs MMU enabled) * zeromem: zero using usual data access Usage guidelines: in most cases, zero_normalmem should be preferred. There are 2 scenarios where zeromem (or memset) must be used instead: * Code that must run with MMU disabled (which means all memory is considered device memory for data accesses). * Code that fills device memory with null bytes. Optionally, the following rule can be applied if performance is important: * Code zeroing small areas (few bytes) that are not secrets should use memset to take advantage of compiler optimizations. Note: Code zeroing security-related critical information should use zero_normalmem/zeromem instead of memset to avoid removal by compilers' optimizations in some cases or misbehaving versions of GCC. Fixes ARM-software/tf-issues#408 Change-Id: Iafd9663fc1070413c3e1904e54091cf60effaa82 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 02 Feb, 2017 1 commit
-
-
dp-arm authored
`PMF_ARM_TIF_IMPL_ID` should be set to 0x41. The code already left shifts it by 24 bit positions so this was overflowing. This fixes a build error with GCC 6.2 when `ENABLE_RUNTIME_INSTRUMENTATION` is set. Change-Id: I4c99d48ea7ce3d76e9edd1325b1979994db2c0fb Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 30 Jan, 2017 2 commits
-
-
Jeenu Viswambharan authored
The errata reporting policy is as follows: - If an errata workaround is enabled: - If it applies (i.e. the CPU is affected by the errata), an INFO message is printed, confirming that the errata workaround has been applied. - If it does not apply, a VERBOSE message is printed, confirming that the errata workaround has been skipped. - If an errata workaround is not enabled, but would have applied had it been, a WARN message is printed, alerting that errata workaround is missing. The CPU errata messages are printed by both BL1 (primary CPU only) and runtime firmware on debug builds, once for each CPU/errata combination. Relevant output from Juno r1 console when ARM Trusted Firmware is built with PLAT=juno LOG_LEVEL=50 DEBUG=1: VERBOSE: BL1: cortex_a57: errata workaround for 806969 was not applied VERBOSE: BL1: cortex_a57: errata workaround for 813420 was not applied INFO: BL1: cortex_a57: errata workaround for disable_ldnp_overread was applied WARNING: BL1: cortex_a57: errata workaround for 826974 was missing! WARNING: BL1: cortex_a57: errata workaround for 826977 was missing! WARNING: BL1: cortex_a57: errata workaround for 828024 was missing! WARNING: BL1: cortex_a57: errata workaround for 829520 was missing! WARNING: BL1: cortex_a57: errata workaround for 833471 was missing! ... VERBOSE: BL31: cortex_a57: errata workaround for 806969 was not applied VERBOSE: BL31: cortex_a57: errata workaround for 813420 was not applied INFO: BL31: cortex_a57: errata workaround for disable_ldnp_overread was applied WARNING: BL31: cortex_a57: errata workaround for 826974 was missing! WARNING: BL31: cortex_a57: errata workaround for 826977 was missing! WARNING: BL31: cortex_a57: errata workaround for 828024 was missing! WARNING: BL31: cortex_a57: errata workaround for 829520 was missing! WARNING: BL31: cortex_a57: errata workaround for 833471 was missing! ... VERBOSE: BL31: cortex_a53: errata workaround for 826319 was not applied INFO: BL31: cortex_a53: errata workaround for disable_non_temporal_hint was applied Also update documentation. Change-Id: Iccf059d3348adb876ca121cdf5207bdbbacf2aba Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
At present, spin locks can only defined from C files. Add some macros such that they can be defined from assembly files too. Change-Id: I64f0c214062f5c15b3c8b412c7f25c908e87d970 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 26 Jan, 2017 1 commit
-
-
David Cunado authored
With GCC 6.2 compiler, more C undefined behaviour is being flagged as warnings, which result in build errors in ARM TF build. The specific issue that this patch resolves is the use of (1 << 31), which is predominantly used in case statements, where 1 is represented as a signed int. When shifted to msb the behaviour is undefined. The resolution is to specify 1 as an unsigned int using a convenience macro ULL(). A duplicate macro MAKE_ULL() is replaced. Fixes ARM-software/tf-issues#438 Change-Id: I08e3053bbcf4c022ee2be33a75bd0056da4073e1 Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 24 Jan, 2017 2 commits
-
-
Antonio Nino Diaz authored
Some side-channel attacks involve an attacker inferring something from the time taken for a memory compare operation to complete, for example when comparing hashes during image authentication. To mitigate this, timingsafe_bcmp() must be used for such operations instead of the standard memcmp(). This function executes in constant time and so doesn't leak any timing information to the caller. Change-Id: I470a723dc3626a0ee6d5e3f7fd48d0a57b8aa5fd Signed-off-by: dp-arm <dimitris.papastamos@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Sandrine Bailleux authored
This code has been imported and slightly adapted from FreeBSD: https://github.com/freebsd/freebsd/blob/6253393ad8df55730481bf2aafd76bdd6182e2f5/lib/libc/string/strnlen.c Change-Id: Ie5ef5f92e6e904adb88f8628077fdf1d27470eb3 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 23 Jan, 2017 2 commits
-
-
Masahiro Yamada authored
One nasty part of ATF is some of boolean macros are always defined as 1 or 0, and the rest of them are only defined under certain conditions. For the former group, "#if FOO" or "#if !FOO" must be used because "#ifdef FOO" is always true. (Options passed by $(call add_define,) are the cases.) For the latter, "#ifdef FOO" or "#ifndef FOO" should be used because checking the value of an undefined macro is strange. Here, IMAGE_BL* is handled by make_helpers/build_macro.mk like follows: $(eval IMAGE := IMAGE_BL$(call uppercase,$(3))) $(OBJ): $(2) @echo " CC $$<" $$(Q)$$(CC) $$(TF_CFLAGS) $$(CFLAGS) -D$(IMAGE) -c $$< -o $$@ This means, IMAGE_BL* is defined when building the corresponding image, but *undefined* for the other images. So, IMAGE_BL* belongs to the latter group where we should use #ifdef or #ifndef. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Haojian Zhuang authored
Support Designware eMMC driver. It's based on both IO block and eMMC driver. Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
-
- 19 Jan, 2017 1 commit
-
-
Antonio Nino Diaz authored
Fix the parameter type of the maintenance functions of data cache. Add missing declarations for AArch32 versions of dcsw_op_louis and dcsw_op_all to match the AAch64 ones. Change-Id: I4226e8ea4f8b2b5bc2972992c83de659ee0da52c
-
- 18 Jan, 2017 2 commits
-
-
Masahiro Yamada authored
We have lots of duplicated defines (and comment blocks too). Move them to include/plat/common/common_def.h. While we are here, suffix the end address with _END instead of _LIMIT. The _END is a better fit to indicate the linker-derived real end address. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The usage of _LIMIT seems odd here, so rename as follows: BL_CODE_LIMIT --> BL_CODE_END BL_RO_DATA_LIMIT --> BL_RO_DATA_END BL1_CODE_LIMIT --> BL1_CODE_END BL1_RO_DATA_LIMIT --> BL1_RO_DATA_END Basically, we want to use _LIMIT and _END properly as follows: *_SIZE + *_MAX_SIZE = *_LIMIT *_SIZE + *_SIZE = *_END The _LIMIT is generally defined by platform_def.h to indicate the platform-dependent memory constraint. So, its typical usage is ASSERT(. <= BL31_LIMIT, "BL31 image has exceeded its limit.") in a linker script. On the other hand, _END is used to indicate the end address of the compiled image, i.e. we do not know it until the image is linked. Here, all of these macros belong to the latter, so should be suffixed with _END. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 16 Jan, 2017 1 commit
-
-
Antonio Nino Diaz authored
Delete old version of libfdt at lib/libfdt. Move new libfdt API headers to include/lib/libfdt and all other files to lib/libfdt. Change-Id: I32b7888f1f20d62205310e363accbef169ad7b1b Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-