1. 05 Feb, 2019 1 commit
  2. 31 Jan, 2019 3 commits
    • Stephen Wolfe's avatar
      spd: trusty: pass max affinity level to Trusty · 1ffaaec9
      Stephen Wolfe authored
      
      
      During System Suspend, the entire system loses its state. To allow Trusty
      to save/restore its context and allow its TAs to participate in the suspend
      process, it needs to look at the max affinity level being suspended. This
      patch passes the max affinity level to Trusty to enable to do so.
      
      Change-Id: If7838dae10c3f5a694baedb15ec56fbad41f2b36
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      1ffaaec9
    • Mihir Joshi's avatar
      spd: tlkd: remove unwanted assert on System Suspend entry · 278d599c
      Mihir Joshi authored
      
      
      c_rt_ctx is used to store current SP before the system goes
      into suspend. The assert for its value being zero is not
      really necessary as the value gets over-written eventually.
      
      This patch removes assert(tlk_ctx->c_rt_ctx == 0) from the
      System Suspend path, as a result.
      
      Change-Id: If41f15e74ebbbfd82958d8e179114899b2ffb0a7
      Signed-off-by: default avatarMihir Joshi <mihirj@nvidia.com>
      278d599c
    • Mihir Joshi's avatar
      tlkd: support new TLK SMCs · 7bc05f52
      Mihir Joshi authored
      This patch adds support to handle following TLK SMCs:
      {TLK_SS_REGISTER_HANDLER, TLK_REGISTER_NS_DRAM_RANGES, TLK_SET_ROOT_OF_TRUST}
      
      These SMCs need to be supported in ATF in order to forward them to
      TLK. Otherwise, these functionalities won't work.
      
      Brief:
      TLK_SS_REGISTER_HANDLER: This SMC is issued by TLK Linux Driver to
      set up secure storage buffers.
      
      TLK_REGISTER_NS_DRAM_RANGES: Cboot performs this SMC during boot to
      pass NS memory ranges to TLK.
      
      TLK_SET_ROOT_OF_TRUST: Cboot performs this SMC during boot to pass
      Verified Boot parameters to TLK.
      
      Change-Id: I18af35f6dd6f510dfc22c1d1d1d07f643c7b82bc
      Reviewed-on: https://git-master.nvidia.com/r/1643851
      
      Signed-off-by: default avatarMihir Joshi <mihirj@nvidia.com>
      7bc05f52
  3. 30 Jan, 2019 1 commit
  4. 24 Jan, 2019 1 commit
  5. 23 Jan, 2019 1 commit
    • Anthony Zhou's avatar
      spd: trusty : fix defects flagged by MISRA scan · 591054a3
      Anthony Zhou authored
      
      
      Main Fixes:
      
      Use int32_t replace int [Rule 4.6]
      
      Added explicit casts (e.g. 0U) to integers in order for them to be
        compatible with whatever operation they're used in [Rule 10.1]
      
      Force operands of an operator to the same type category [Rule 10.4]
      
      Fixed if statement conditional to be essentially boolean [Rule 14.4]
      
      Voided non c-library functions whose return types are not used
      [Rule 17.7]
      
      Change-Id: I98caa330c371757eb2dfb9438448cb99115ed907
      Signed-off-by: default avatarAnthony Zhou <anzhou@nvidia.com>
      591054a3
  6. 22 Jan, 2019 2 commits
  7. 15 Jan, 2019 3 commits
  8. 08 Jan, 2019 2 commits
  9. 04 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Sanitise includes across codebase · 09d40e0e
      Antonio Nino Diaz authored
      Enforce full include path for includes. Deprecate old paths.
      
      The following folders inside include/lib have been left unchanged:
      
      - include/lib/cpus/${ARCH}
      - include/lib/el3_runtime/${ARCH}
      
      The reason for this change is that having a global namespace for
      includes isn't a good idea. It defeats one of the advantages of having
      folders and it introduces problems that are sometimes subtle (because
      you may not know the header you are actually including if there are two
      of them).
      
      For example, this patch had to be created because two headers were
      called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform
      to avoid collision."). More recently, this patch has had similar
      problems: 46f9b2c3 ("drivers: add tzc380 support").
      
      This problem was introduced in commit 4ecca339
      
       ("Move include and
      source files to logical locations"). At that time, there weren't too
      many headers so it wasn't a real issue. However, time has shown that
      this creates problems.
      
      Platforms that want to preserve the way they include headers may add the
      removed paths to PLAT_INCLUDES, but this is discouraged.
      
      Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      09d40e0e
  10. 11 Dec, 2018 17 commits
  11. 10 Dec, 2018 4 commits
    • Antonio Nino Diaz's avatar
      SPM: Remove SP memory mappings definitions · 09d413a1
      Antonio Nino Diaz authored
      
      
      This information is retrieved from the resource description now.
      
      Change-Id: Iaae23945eb2c45305cdc6442853e42f4e04fe094
      Co-authored-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      09d413a1
    • Antonio Nino Diaz's avatar
      SPM: Deprecate boot info struct · 08aa122b
      Antonio Nino Diaz authored
      
      
      This information is defined by the Secure Partition in the resource
      description.
      
      Change-Id: Ia7db90c5de8360a596106880d3f6a632a88d3ea8
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      08aa122b
    • Antonio Nino Diaz's avatar
      SPM: Deprecate the current implementation · 2d7b9e5e
      Antonio Nino Diaz authored
      
      
      The current SPM is a prototype that only supports one secure partition
      in EL0. The objective of SPM is to have multiple partitions. The current
      MM interface isn't adequate for this, so it is needed to modify heavily
      the code to add proper support for it.
      
      However, there are platforms which are already using this (like SGI) and
      removing the code would break it.  For this reason, the current SPM code
      has been duplicated in order to temporarily preserve compatibility. All
      new improvements/changes to SPM will be done in the non-deprecated copy,
      that may change without notice.
      
      The new build option SPM_DEPRECATED has been introduced to select the SPM
      implementation. It defaults to 1, that selects the deprecated SPM.
      
      Change-Id: Ic9f80b53b450e97b4d3f47e4ef4a138ee8d87443
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      2d7b9e5e
    • Jeenu Viswambharan's avatar
      AArch64: Use SSBS for CVE_2018_3639 mitigation · 48e1d350
      Jeenu Viswambharan authored
      
      
      The Armv8.5 extensions introduces PSTATE.SSBS (Speculation Store Bypass
      Safe) bit to mitigate against Variant 4 vulnerabilities. Although an
      Armv8.5 feature, this can be implemented by CPUs implementing earlier
      version of the architecture.
      
      With this patch, when both PSTATE.SSBS is implemented and
      DYNAMIC_WORKAROUND_CVE_2018_3639 is active, querying for
      SMCCC_ARCH_WORKAROUND_2 via. SMCCC_ARCH_FEATURES call would return 1 to
      indicate that mitigation on the PE is either permanently enabled or not
      required.
      
      When SSBS is implemented, SCTLR_EL3.DSSBS is initialized to 0 at reset
      of every BL stage. This means that EL3 always executes with mitigation
      applied.
      
      For Cortex A76, if the PE implements SSBS, the existing mitigation (by
      using a different vector table, and tweaking CPU ACTLR2) is not used.
      
      Change-Id: Ib0386c5714184144d4747951751c2fc6ba4242b6
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      48e1d350
  12. 26 Nov, 2018 1 commit
    • Jeenu Viswambharan's avatar
      SDEI: Unconditionally resume Secure if it was interrupted · 90a9213b
      Jeenu Viswambharan authored
      
      
      Secure world execution nearly always expect a controlled exit to
      Non-secure world. SDEI interrupts, although targets EL3, occur on behalf
      of Non-secure world, and may have higher priority than Secure world
      interrupts. Therefore they might preempt Secure execution, and yield
      execution to Non-secure SDEI handler. Upon completion of SDEI event
      handling (regardless of whether it's COPLETE or COMPLETE_AND_RESUME), we
      must resume Secure execution if it was preempted.
      
      Change-Id: I6edd991032588588427ba2fe6c3d7668f7080e3d
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      90a9213b
  13. 14 Nov, 2018 1 commit
    • Sughosh Ganu's avatar
      SPM: Raise running priority of the core while in Secure Partition · 6e3bad36
      Sughosh Ganu authored
      
      
      The current secure partition design mandates that a) at a point, only
      a single core can be executing in the secure partition, and b) a core
      cannot be preempted by an interrupt while executing in secure
      partition.
      
      Ensure this by activating the SPM priority prior to entering the
      parition. Deactivate the priority on return from the
      partition.
      
      Change-Id: Icb3473496d16b733564592eef06304a1028e4f5c
      Signed-off-by: default avatarSughosh Ganu <sughosh.ganu@arm.com>
      6e3bad36
  14. 08 Nov, 2018 1 commit
    • Antonio Nino Diaz's avatar
      Standardise header guards across codebase · c3cf06f1
      Antonio Nino Diaz authored
      
      
      All identifiers, regardless of use, that start with two underscores are
      reserved. This means they can't be used in header guards.
      
      The style that this project is now to use the full name of the file in
      capital letters followed by 'H'. For example, for a file called
      "uart_example.h", the header guard is UART_EXAMPLE_H.
      
      The exceptions are files that are imported from other projects:
      
      - CryptoCell driver
      - dt-bindings folders
      - zlib headers
      
      Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      c3cf06f1
  15. 31 Oct, 2018 1 commit
    • Varun Wadekar's avatar
      sdei: include "context.h" to fix compilation errors · c4491aa9
      Varun Wadekar authored
      
      
      This patch includes context.h from sdei_private.h to fix the
      following compilation errors:
      
      <snip>
      In file included from services/std_svc/sdei/sdei_event.c:9:0:
      services/std_svc/sdei/sdei_private.h: In function 'sdei_client_el':
      services/std_svc/sdei/sdei_private.h:164:2: error: unknown type name 'cpu_context_t'
        cpu_context_t *ns_ctx = cm_get_context(NON_SECURE);
        ^
      services/std_svc/sdei/sdei_private.h:165:2: error: unknown type name 'el3_state_t'
        el3_state_t *el3_ctx = get_el3state_ctx(ns_ctx);
        ^
      services/std_svc/sdei/sdei_private.h:165:2: error: implicit declaration of function 'get_el3state_ctx' [-Werror=implicit-function-declaration]
      services/std_svc/sdei/sdei_private.h:165:25: error: initialization makes pointer from integer without a cast [-Werror]
        el3_state_t *el3_ctx = get_el3state_ctx(ns_ctx);
                               ^
      services/std_svc/sdei/sdei_private.h:167:2: error: implicit declaration of function 'read_ctx_reg' [-Werror=implicit-function-declaration]
        return ((read_ctx_reg(el3_ctx, CTX_SCR_EL3) & SCR_HCE_BIT) != 0U) ?
        ^
      services/std_svc/sdei/sdei_private.h:167:33: error: 'CTX_SCR_EL3' undeclared (first use in this function)
        return ((read_ctx_reg(el3_ctx, CTX_SCR_EL3) & SCR_HCE_BIT) != 0U) ?
                                       ^
      services/std_svc/sdei/sdei_private.h:167:33: note: each undeclared identifier is reported only once for each function it appears in
      cc1: all warnings being treated as errors
      <snip>
      
      Change-Id: Id0cad56accf81b19cb0d301784f3f086dd052722
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      c4491aa9