- 29 Oct, 2018 6 commits
-
-
Antonio Nino Diaz authored
No functional changes. Change-Id: I64abd72026082218a40b1a4b8f7dc26ff2478ba6 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
No functional changes. Change-Id: Iaab0310848be587b635ce5339726e92a50f534e0 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
No functional changes. Change-Id: I2f28f20944f552447ac4e9e755493cd7c0ea1192 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Soby Mathew authored
This patch introduces Position Independant Executable(PIE) support in TF-A. As a initial prototype, only BL31 can support PIE. A trivial dynamic linker is implemented which supports fixing up Global Offset Table(GOT) and Dynamic relocations(.rela.dyn). The fixup_gdt_reloc() helper function implements this linker and this needs to be called early in the boot sequence prior to invoking C functions. The GOT is placed in the RO section of BL31 binary for improved security and the BL31 linker script is modified to export the appropriate symbols required for the dynamic linker. The C compiler always generates PC relative addresses to linker symbols and hence referencing symbols exporting constants are a problem when relocating the binary. Hence the reference to the `__PERCPU_TIMESTAMP_SIZE__` symbol in PMF is removed and is now calculated at runtime based on start and end addresses. Change-Id: I1228583ff92cf432963b7cef052e95d995cca93d Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Soby Mathew authored
Previously the errata reporting was optional for CPU operation files and this was achieved by making use of weak reference to resolve to 0 if the symbol is not defined. This is error prone when adding new CPU operation files and weak references are problematic when fixing up dynamic relocations. Hence this patch removes the weak reference and makes it mandatory for the CPU operation files to define the errata reporting function. Change-Id: I8af192e19b85b7cd8c7579e52f8f05a4294e5396 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Soby Mathew authored
This patch fixes up the AArch64 assembly code to use adrp/adr instructions instead of ldr instruction for reference to symbols. This allows these assembly sequences to be Position Independant. Note that the the reference to sizes have been replaced with calculation of size at runtime. This is because size is a constant value and does not depend on execution address and using PC relative instructions for loading them makes them relative to execution address. Also we cannot use `ldr` instruction to load size as it generates a dynamic relocation entry which must *not* be fixed up and it is difficult for a dynamic loader to differentiate which entries need to be skipped. Change-Id: I8bf4ed5c58a9703629e5498a27624500ef40a836 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 26 Oct, 2018 1 commit
-
-
Antonio Nino Diaz authored
There are several platforms using arm_setup_page_tables(), which is supposed to be Arm platform only. This creates several dependency problems between platforms. This patch adds the definition XLAT_TABLES_LIB_V2 to the xlat tables lib v2 makefile. This way it is possible to detect from C code which version is being used and include the correct header. The file arm_xlat_tables.h has been renamed to xlat_tables_compat.h and moved to a common folder. This way, when in doubt, this header can be used to guarantee compatibility, as it includes the correct header based on XLAT_TABLES_LIB_V2. This patch also removes the usage of ARM_XLAT_TABLES_V1 from QEMU (so that is now locked in xlat lib v2) and ZynqMP (where it was added as a workaround). Change-Id: Ie1e22a23b44c549603d1402a237a70d0120d3e04 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 23 Oct, 2018 4 commits
-
-
Antonio Nino Diaz authored
Change-Id: Iad7adaf0b16a3d086594cb3432210ac2c4e207f8 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
The current version of libfdt (1.4.2) has been modified to integrate it in this repository. In order to do a clean import it is needed to remove the current version first. Change-Id: I2cab8c8e5632280d282fa7a2f2339768a0ad1e0f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Change-Id: I3ddc07cb02d73cd7614af7a5b21827aae155f9a0 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Imported from lib/libc/string/strrchr.c from commit: 59fd2fb98e4cc7e9bfc89598e28e21d405fd470c Change-Id: I898206c6f0372d4d211c149ec0fb9522d0a5b01c Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 16 Oct, 2018 2 commits
-
-
Andrew F. Davis authored
Leave the caches on and explicitly flush any data that may be stale when the core is powered down. This prevents non-coherent interconnect access which has negative side- effects on AM65x. Signed-off-by: Andrew F. Davis <afd@ti.com>
-
Jeenu Viswambharan authored
Pointer authentication is an Armv8.3 feature that introduces instructions that can be used to authenticate and verify pointers. Pointer authentication instructions are allowed to be accessed from all ELs but only when EL3 explicitly allows for it; otherwise, their usage will trap to EL3. Since EL3 doesn't have trap handling in place, this patch unconditionally disables all related traps to EL3 to avoid potential misconfiguration leading to an unhandled EL3 exception. Fixes ARM-software/tf-issues#629 Change-Id: I9bd2efe0dc714196f503713b721ffbf05672c14d Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 11 Oct, 2018 1 commit
-
-
ldts authored
Some platforms can only resume from system suspend from the boot CPU, hence they should only enter that state from that same core. The following commit presents an interface that allows the platform to reject system suspend entry near its very last stage (last CPU).
-
- 10 Oct, 2018 2 commits
-
-
Andrew F. Davis authored
When a platform enables its caches before it accesses the psci_non_cpu_pd_nodes structure then explicit cache maintenance is not needed. Signed-off-by: Andrew F. Davis <afd@ti.com>
-
Andrew F. Davis authored
The MMU is not disabled in this path, update the comment to reflect this. Also clarify that both paths call prepare_cpu_pwr_dwn(), but the second path does stack cache maintenance. Signed-off-by: Andrew F. Davis <afd@ti.com>
-
- 08 Oct, 2018 1 commit
-
-
Antonio Nino Diaz authored
Commit 79621f00 broke sgi575. It is possible to have a region with 0 as value for the attributes. It means device memory, read only, secure, executable. This is legitimate if the code is in flash and the code is executed from there. This is the case for SGI_MAP_FLASH0_RO, defined in the file plat/arm/css/sgi/sgi_plat.c. This problem is solved by checking both size and attributes in xlat v1. In xlat v2, it is enough to check the granularity, as it can never be 0. Change-Id: I7be11f1b0e51c4c2ffd560b4a6cdfbf15de2c276 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 03 Oct, 2018 3 commits
-
-
Daniel Boulby authored
Mark the xlat tables code only used in BL31 initialization as __init to be reclaimed once no longer needed Change-Id: I3106bfd994706a57c578624573bcfa525fbbd3c4 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
-
Daniel Boulby authored
Mark the initialization functions in BL31, such as context management, EHF, RAS and PSCI as __init so that they can be reclaimed by the platform when no longer needed Change-Id: I7446aeee3dde8950b0f410cb766b7a2312c20130 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
-
Daniel Boulby authored
Depending on the build flags it is possible that some of the memory regions mapped in page table setup could have a size of 0. In this case we simply want to do nothing but still wish to map the other regions in the array. Therefore we cannot only use size == 0 as the termination logic for the loop. Since an attributes field with value 0 means that the region is device memory, read only, secure and executable. Device memory can't be executable, so this combination should never be used and it is safe to use as a terminator value. Therefore by changing the termination logic to use attributes instead of size we prevent terminating the loop when we don't intend to. Change-Id: I92fc7f689ab08543497be6be4896dace2ed7b66a Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
-
- 28 Sep, 2018 4 commits
-
-
Antonio Nino Diaz authored
Change-Id: Icd1cdd42afdc78895a9be6c46b414b0a155cfa63 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Change-Id: I83de2ae3e0795e6fec3c1e5b37c441b64b0c9cb6 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Change-Id: I9fd8016527ad7706494f34356fdae8efacef5f72 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Roberto Vargas authored
Change-Id: I40d040aa05bcbf11536a96ce59827711456b93a8 Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 21 Sep, 2018 1 commit
-
-
Daniel Boulby authored
Ensure case clauses: * Terminate with an unconditional break, return or goto statement. * Use conditional break, return or goto statements as long as the end of the case clause is unreachable; such case clauses must terminate with assert(0) /* Unreachable */ or an unconditional __dead2 function call * Only fallthough when doing otherwise would result in less readable/maintainable code; such case clauses must terminate with a /* Fallthrough */ comment to make it clear this is the case and indicate that a fallthrough is intended. This reduces the chance of bugs appearing due to unintended flow through a switch statement Change-Id: I70fc2d1f4fd679042397dec12fd1982976646168 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
-
- 10 Sep, 2018 1 commit
-
-
Soby Mathew authored
This patch fixes the name of the Cortex-ares errata function which was previously named `cortex_a72_errata_report` which was an error. Change-Id: Ia124df4628261021baa8d9a30308bc286d45712b Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 07 Sep, 2018 1 commit
-
-
Jeenu Viswambharan authored
Change-Id: Ia02a2dbfd4e25547776e78bed40a91f3452553d7 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 05 Sep, 2018 4 commits
-
-
Jeenu Viswambharan authored
With the current implementation, it's possible for a contender to observe accesses in the Critical Section before acquiring or releasing the lock. Insert fencing in the locking and release codes to prevent any reorder. Fixes ARM-software/tf-issues#609 Change-Id: I773b82aa41dd544a2d3dbacb9a4b42c9eb767bbb Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Varun Wadekar authored
For Denver CPUs, this approach enables the mitigation during EL3 initialization, following every PE reset. No mechanism is provided to disable the mitigation at runtime. This approach permanently mitigates the EL3 software stack only. Other software components are responsible to enable it for their exception levels. TF-A implements this approach for the Denver CPUs with DENVER_MIDR_PN3 and earlier: * By setting bit 11 (Disable speculative store buffering) of `ACTLR_EL3` * By setting bit 9 (Disable speculative memory disambiguation) of `ACTLR_EL3` TF-A implements this approach for the Denver CPUs with DENVER_MIDR_PN4 and later: * By setting bit 18 (Disable speculative store buffering) of `ACTLR_EL3` * By setting bit 17 (Disable speculative memory disambiguation) of `ACTLR_EL3` Change-Id: If1de96605ce3f7b0aff5fab2c828e5aecb687555 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
Denver CPUs expect the power state field to be reset to 'C1' during boot. This patch updates the reset handler to reset the ACTLR_.PMSTATE field to 'C1' state during CPU boot. Change-Id: I7cb629627a4dd1a30ec5cbb3a5e90055244fe30c Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
The current functions to disable and enable Dynamic Code Optimizer (DCO) assume that all denver cores are in the same cluster. They ignore AFF1 field of the mpidr_el1 register, which leads to incorect logical core id calculation. This patch calls the platform handler, plat_my_core_pos(), to get the logical core id to disable/enable DCO for the core. Original change by: Krishna Sitaraman <ksitaraman@nvidia.com> Change-Id: I45fbd1f1eb032cc1db677a4fdecc554548b4a830 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 30 Aug, 2018 3 commits
-
-
Antonio Nino Diaz authored
No functional changes. Change-Id: I907aa47565af2a6c435a5560041fd2b59e65c25c Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
When any of these functions is called the backtrace will be printed to the console. Change-Id: Id60842df824b320c485a9323ed6b80600f4ebe35 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Julius Werner authored
This patch fixes a bug in the context management code that causes it to ignore the HANDLE_EA_EL3_FIRST compile-time option and instead always configure SCR_EL3 to force all external aborts to trap into EL3. The code used #ifdef to read compile-time option declared with add_define in the Makefile... however, those options are always defined, they're just defined to either 0 or 1, so #if is the correct syntax to check for them. Also update the documentation to match. This bug has existed since the Nov 2017 commit 76454abf (AArch64: Introduce External Abort handling), which changed the HANDLE_EA_EL3_FIRST option to use add_define. Change-Id: I7189f41d0daee78fa2fcf4066323e663e1e04d3d Signed-off-by: Julius Werner <jwerner@chromium.org>
-
- 23 Aug, 2018 2 commits
-
-
nathan-menhorn authored
Updated optee_utils.c to fix ARM-software/tf-issues#603 related to the tee-validate-header bug. Minor updates to the header valid checking logic. It would never make sense to have less than 1 image to load so this is now checked. Changed OPTEE_MAX_IMAGE_NUM to OPTEE_MAX_NUM_IMAGES to clarify its definition. OPTEE_MAX_IMAGE_NUM sounds like an ID assigned to the last image to load. OPTEE_MAX_NUM_IMAGES sounds like the maximum number of images to load. Signed-off-by: Nathan Menhorn <nathan.menhorn@xilinx.com>
-
John Tsichritzis authored
The initial implementation was corrupting registers that it shouldn't. Now this is fixed. Change-Id: Iaa407c18e668b2d9381391bf10d6876fe936aded Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 22 Aug, 2018 4 commits
-
-
Antonio Nino Diaz authored
armclang replaces calls to printf by calls to one of the symbols __0printf, __1printf or __2printf. This patch adds new functions with these names that internally call printf so that the Trusted Firmware can be compiled with this compiler. Change-Id: I06a0e3e5001232fe5b2577615666ddd66e81eef0 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
tf_printf and tf_snprintf are now called printf and snprintf, so the code needs to be updated. Change-Id: Iffeee97afcd6328c4c2d30830d4923b964682d71 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Change their names to printf and snprintf. They are much smaller than the previous versions we had, which makes them better suited for the Trusted Firmware. Change-Id: Ia872af91b7b967c47fce012eccecede7873a3daf Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
The codebase was using non-standard headers. It is needed to replace them by the correct ones so that we can use the new libc headers. Change-Id: I530f71d9510cb036e69fe79823c8230afe890b9d Acked-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-