- 06 Feb, 2017 1 commit
-
-
Douglas Raillard authored
Introduce zeromem_dczva function on AArch64 that can handle unaligned addresses and make use of DC ZVA instruction to zero a whole block at a time. This zeroing takes place directly in the cache to speed it up without doing external memory access. Remove the zeromem16 function on AArch64 and replace it with an alias to zeromem. This zeromem16 function is now deprecated. Remove the 16-bytes alignment constraint on __BSS_START__ in firmware-design.md as it is now not mandatory anymore (it used to comply with zeromem16 requirements). Change the 16-bytes alignment constraints in SP min's linker script to a 8-bytes alignment constraint as the AArch32 zeromem implementation is now more efficient on 8-bytes aligned addresses. Introduce zero_normalmem and zeromem helpers in platform agnostic header that are implemented this way: * AArch32: * zero_normalmem: zero using usual data access * zeromem: alias for zero_normalmem * AArch64: * zero_normalmem: zero normal memory using DC ZVA instruction (needs MMU enabled) * zeromem: zero using usual data access Usage guidelines: in most cases, zero_normalmem should be preferred. There are 2 scenarios where zeromem (or memset) must be used instead: * Code that must run with MMU disabled (which means all memory is considered device memory for data accesses). * Code that fills device memory with null bytes. Optionally, the following rule can be applied if performance is important: * Code zeroing small areas (few bytes) that are not secrets should use memset to take advantage of compiler optimizations. Note: Code zeroing security-related critical information should use zero_normalmem/zeromem instead of memset to avoid removal by compilers' optimizations in some cases or misbehaving versions of GCC. Fixes ARM-software/tf-issues#408 Change-Id: Iafd9663fc1070413c3e1904e54091cf60effaa82 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 26 Jan, 2017 1 commit
-
-
David Cunado authored
With GCC 6.2 compiler, more C undefined behaviour is being flagged as warnings, which result in build errors in ARM TF build. The specific issue that this patch resolves is the use of (1 << 31), which is predominantly used in case statements, where 1 is represented as a signed int. When shifted to msb the behaviour is undefined. The resolution is to specify 1 as an unsigned int using a convenience macro ULL(). A duplicate macro MAKE_ULL() is replaced. Fixes ARM-software/tf-issues#438 Change-Id: I08e3053bbcf4c022ee2be33a75bd0056da4073e1 Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 23 Jan, 2017 2 commits
-
-
Masahiro Yamada authored
One nasty part of ATF is some of boolean macros are always defined as 1 or 0, and the rest of them are only defined under certain conditions. For the former group, "#if FOO" or "#if !FOO" must be used because "#ifdef FOO" is always true. (Options passed by $(call add_define,) are the cases.) For the latter, "#ifdef FOO" or "#ifndef FOO" should be used because checking the value of an undefined macro is strange. For AARCH32/AARCH64, these macros are defined in the top-level Makefile as follows: ifeq (${ARCH},aarch32) $(eval $(call add_define,AARCH32)) else $(eval $(call add_define,AARCH64)) endif This means only one of the two is defined. So, AARCH32/AARCH64 belongs to the latter group where we should use #ifdef or #ifndef. The conditionals are mostly coded correctly, but I see some mistakes. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
One nasty part of ATF is some of boolean macros are always defined as 1 or 0, and the rest of them are only defined under certain conditions. For the former group, "#if FOO" or "#if !FOO" must be used because "#ifdef FOO" is always true. (Options passed by $(call add_define,) are the cases.) For the latter, "#ifdef FOO" or "#ifndef FOO" should be used because checking the value of an undefined macro is strange. Here, IMAGE_BL* is handled by make_helpers/build_macro.mk like follows: $(eval IMAGE := IMAGE_BL$(call uppercase,$(3))) $(OBJ): $(2) @echo " CC $$<" $$(Q)$$(CC) $$(TF_CFLAGS) $$(CFLAGS) -D$(IMAGE) -c $$< -o $$@ This means, IMAGE_BL* is defined when building the corresponding image, but *undefined* for the other images. So, IMAGE_BL* belongs to the latter group where we should use #ifdef or #ifndef. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 18 Jan, 2017 2 commits
-
-
Masahiro Yamada authored
We have lots of duplicated defines (and comment blocks too). Move them to include/plat/common/common_def.h. While we are here, suffix the end address with _END instead of _LIMIT. The _END is a better fit to indicate the linker-derived real end address. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The usage of _LIMIT seems odd here, so rename as follows: BL_CODE_LIMIT --> BL_CODE_END BL_RO_DATA_LIMIT --> BL_RO_DATA_END BL1_CODE_LIMIT --> BL1_CODE_END BL1_RO_DATA_LIMIT --> BL1_RO_DATA_END Basically, we want to use _LIMIT and _END properly as follows: *_SIZE + *_MAX_SIZE = *_LIMIT *_SIZE + *_SIZE = *_END The _LIMIT is generally defined by platform_def.h to indicate the platform-dependent memory constraint. So, its typical usage is ASSERT(. <= BL31_LIMIT, "BL31 image has exceeded its limit.") in a linker script. On the other hand, _END is used to indicate the end address of the compiled image, i.e. we do not know it until the image is linked. Here, all of these macros belong to the latter, so should be suffixed with _END. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 20 Dec, 2016 1 commit
-
-
Sandrine Bailleux authored
Before adding a base address and a size to compute the end address of an image to copy or authenticate, check this won't result in an integer overflow. If it does then consider the input arguments are invalid. As a result, bl1_plat_mem_check() can now safely assume the end address (computed as the sum of the base address and size of the memory region) doesn't overflow, as the validation is done upfront in bl1_fwu_image_copy/auth(). A debug assertion has been added nonetheless in the ARM implementation in order to help catching such problems, should bl1_plat_mem_check() be called in a different context in the future. Fixes TFV-1: Malformed Firmware Update SMC can result in copy of unexpectedly large data into secure memory Change-Id: I8b8f8dd4c8777705722c7bd0e8b57addcba07e25 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Signed-off-by: Dan Handley <dan.handley@arm.com>
-
- 19 Dec, 2016 1 commit
-
-
Jeenu Viswambharan authored
ASM_ASSERT failure and panic messages are suppressed at present. This patch enables printing the PC location for panic messages, and file name and line number upon assembly assert failure. Change-Id: I80cb715988e7ce766f64da1e1d7065a74a096a0c Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 15 Dec, 2016 3 commits
-
-
dp-arm authored
The previous code required that a certificate be signed with the ROT key before the platform's NV counter could be updated with the value in the certificate. This implies that the Non-Trusted NV counter was not being updated for Non-Trusted content certificates, as they cannot be signed with the ROT key in the TBBR CoT scheme. The code is reworked to only allow updating the platform's Trusted NV counter when a certificate protected by the Trusted NV counter is signed with the ROT key. Content certificates protected by the Non-Trusted NV counter are allowed to update the platform's Non-Trusted NV counter, assuming that the certificate value is higher than the platform's value. A new optional platform API has been introduced, named plat_set_nv_ctr2(). Platforms may choose to implement it and perform additional checks based on the authentication image descriptor before modifying the NV counters. A default weak implementation is available that just calls into plat_set_nv_ctr(). Fixes ARM-software/tf-issues#426 Change-Id: I4fc978fd28a3007bc0cef972ff1f69ad0413b79c Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
Jeenu Viswambharan authored
Earlier patches introduced GIC Redistributor power management for ARM platforms. This patch modifies FVP power management to power down Redistributor during CPU power on/off. Change-Id: I2adb9c50a7dd750019fe3b4e576b5d5fc364bffb Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
As with other ARM platform GIC APIs, these directly invoke the GICv3 driver APIs for Redistributor power management. For the sake of uniform GIC API, empty stubs are placed for those GIC drivers that lack Redistributor component. Change-Id: Iad0d760d4dbca790998f7768cda621ff3b15a864 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 14 Dec, 2016 1 commit
-
-
Yatharth Kochar authored
This patch enables TRUSTED_BOARD_BOOT (Authentication and FWU) support, for AArch64, when LOAD_IMAGE_V2 is enabled. This patch also enables LOAD_IMAGE_V2 for ARM platforms. Change-Id: I294a2eebce7a30b6784c80c9d4ac7752808ee3ad Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>
-
- 07 Dec, 2016 2 commits
-
-
Soby Mathew authored
The capabilities exposed by the PSCI generic layer depends on the hooks populated by the platform in `plat_arm_psci_pm_ops`. Currently ARM Standard platforms statically define this structure. However, some platforms may want to modify the hooks at runtime before registering them with the generic layer. This patch introduces a new ARM platform layer API `plat_arm_psci_override_pm_ops` which allows the platform to probe the power controller and modify `plat_arm_psci_pm_ops` if required. Consequently, 'plat_arm_psci_pm_ops' is no longer qualified as `const` on ARM Standard platforms. Change-Id: I7dbb44b7bd36c20ec14ded5ee45a96816ca2ab9d Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Soby Mathew authored
This patch introduces an additional layer of abstraction between CSS power management hooks and the SCPI driver. A new set of APIs are introduced in order to abstract out power management operations from underlying communication mechanism with the SCP. The SCPI and the associated MHU drivers are moved into a `drivers` folder in CSS. The new SCP communication abstraction layer is added in the `drivers/scp` folder. The existing CSS power management uses the new APIs to reflect this abstraction. Change-Id: I7d775129fc0558e9703c2724523fb8f0a916838c Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 05 Dec, 2016 1 commit
-
-
Jeenu Viswambharan authored
There are many instances in ARM Trusted Firmware where control is transferred to functions from which return isn't expected. Such jumps are made using 'bl' instruction to provide the callee with the location from which it was jumped to. Additionally, debuggers infer the caller by examining where 'lr' register points to. If a 'bl' of the nature described above falls at the end of an assembly function, 'lr' will be left pointing to a location outside of the function range. This misleads the debugger back trace. This patch defines a 'no_ret' macro to be used when jumping to functions from which return isn't expected. The macro ensures to use 'bl' instruction for the jump, and also, for debug builds, places a 'nop' instruction immediately thereafter (unless instructed otherwise) so as to leave 'lr' pointing within the function range. Change-Id: Ib34c69fc09197cfd57bc06e147cc8252910e01b0 Co-authored-by: Douglas Raillard <douglas.raillard@arm.com> Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 22 Nov, 2016 1 commit
-
-
Douglas Raillard authored
Add dependency information in the user guide for ARM_RECOM_STATE_ID_ENC that needs to be set when using PSCI_EXTENDED_STATE_ID on ARM platforms. Also clarify the build error message. Change-Id: Id125a0299b179f5f222bca4e2503204bf89a3c59 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 12 Oct, 2016 1 commit
-
-
dp-arm authored
This patch adds ARM SiP service for use by ARM standard platforms. This service is added to support the SMC interface for the Performance measurement framework(PMF). Change-Id: I26f5712f9ab54f5f721dd4781e35a16f40aacc44 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 23 Sep, 2016 1 commit
-
-
Sandrine Bailleux authored
This prevents a warning being emitted in the console during FVP configuration setup when using the Foundation FVP 9.6 onwards. Change-Id: I685b8bd0dbd0119af4b0cb3f7d708fcc08e99561
-
- 21 Sep, 2016 6 commits
-
-
Yatharth Kochar authored
This patch adds ARM Cortex-A32 MPCore Processor support in the CPU specific operations framework. It also includes this support for the Base FVP port. Change-Id: If3697b88678df737c29f79cf3fa1ea2cb6fa565d
-
Yatharth Kochar authored
This patch adds support in SP_MIN to receive generic and platform specific arguments from BL2. The new signature is as following: void sp_min_early_platform_setup(void *from_bl2, void *plat_params_from_bl2); ARM platforms have been modified to use this support. Note: Platforms may break if using old signature. Default value for RESET_TO_SP_MIN is changed to 0. Change-Id: I008d4b09fd3803c7b6231587ebf02a047bdba8d0
-
Yatharth Kochar authored
This patch adds ARM platform changes in BL2 for AArch32 state. It instantiates a descriptor array for ARM platforms describing image and entrypoint information for `SCP_BL2`, `BL32` and `BL33`. It also enables building of BL2 for ARCH=aarch32. Change-Id: I60dc7a284311eceba401fc789311c50ac746c51e
-
Yatharth Kochar authored
This patch adds ARM platform changes in BL1 for AArch32 state. It also enables building of BL1 for ARCH=aarch32. Change-Id: I079be81a93d027f37b0f7d8bb474b1252bb4cf48
-
Yatharth Kochar authored
This patch adds common changes to support AArch32 state in BL1 and BL2. Following are the changes: * Added functions for disabling MMU from Secure state. * Added AArch32 specific SMC function. * Added semihosting support. * Added reporting of unhandled exceptions. * Added uniprocessor stack support. * Added `el3_entrypoint_common` macro that can be shared by BL1 and BL32 (SP_MIN) BL stages. The `el3_entrypoint_common` is similar to the AArch64 counterpart with the main difference in the assembly instructions and the registers that are relevant to AArch32 execution state. * Enabled `LOAD_IMAGE_V2` flag in Makefile for `ARCH=aarch32` and added check to make sure that platform has not overridden to disable it. Change-Id: I33c6d8dfefb2e5d142fdfd06a0f4a7332962e1a3
-
Yatharth Kochar authored
This patch adds changes in ARM platform code to use new version of image loading. Following are the major changes: -Refactor the signatures for bl31_early_platform_setup() and arm_bl31_early_platform_setup() function to use `void *` instead of `bl31_params_t *`. -Introduce `plat_arm_bl2_handle_scp_bl2()` to handle loading of SCP_BL2 image from BL2. -Remove usage of reserve_mem() function from `arm_bl1_early_platform_setup()` -Extract BL32 & BL33 entrypoint info, from the link list passed by BL2, in `arm_bl31_early_platform_setup()` -Provides weak definitions for following platform functions: plat_get_bl_image_load_info plat_get_next_bl_params plat_flush_next_bl_params bl2_plat_handle_post_image_load -Instantiates a descriptor array for ARM platforms describing image and entrypoint information for `SCP_BL2`, `BL31`, `BL32` and `BL33` images. All the above changes are conditionally compiled using the `LOAD_IMAGE_V2` flag. Change-Id: I5e88b9785a3df1a2b2bbbb37d85b8e353ca61049
-
- 15 Sep, 2016 3 commits
-
-
Jeenu Viswambharan authored
This patch implements CSS platform hook to support NODE_HW_STATE PSCI API. The platform hook queries SCP to obtain CSS power state. Power states returned by SCP are then converted to expected PSCI return codes. Juno's PSCI operation structure is modified to use the CSS implementation. Change-Id: I4a5edac0e5895dd77b51398cbd78f934831dafc0
-
Jeenu Viswambharan authored
This patch adds the function scpi_get_css_power_state to perform the 'Get CSS Power State' SCP command and handle its response. The function parses SCP response to obtain power states of requested cluster and CPUs within. Change-Id: I3ea26e48dff1a139da73f6c1e0893f21accaf9f0
-
Jeenu Viswambharan authored
This patch implements FVP platform hook to support NODE_HW_STATE PSCI API. The platform hook validates the given MPIDR and reads corresponding status from FVP power controller, and returns expected values for the PSCI call. Change-Id: I286c92637da11858db2c8aba8ba079389032de6d
-
- 19 Aug, 2016 1 commit
-
-
Sandrine Bailleux authored
This patch adds a WFI instruction in the default implementations of plat_error_handler() and plat_panic_handler(). This potentially reduces power consumption by allowing the hardware to enter a low-power state. The same change has been made to the FVP and Juno platform ports. Change-Id: Ia4e6e1e5bf1ed42efbba7d0ebbad7be8d5f9f173
-
- 10 Aug, 2016 2 commits
-
-
Soby Mathew authored
This patch implements the support for SP_MIN in FVP. The SP_MIN platform APIs are implemented and the required makefile support is added for FVP. Change-Id: Id50bd6093eccbd5e38894e3fd2b20d5baeac5452
-
Soby Mathew authored
This patch adds AArch32 support for FVP and implements common platform APIs like `plat_get_my_stack`, `plat_set_my_stack`, `plat_my_core_cos` for AArch32. Only Multi Processor(MP) implementations of these functions are considered in this patch. The ARM Standard platform layer helpers are implemented for AArch32 and the common makefiles are modified to cater for both AArch64 and AArch32 builds. Compatibility with the deprecated platform API is not supported for AArch32. Change-Id: Iad228400613eec91abf731b49e21a15bcf2833ea
-
- 09 Aug, 2016 1 commit
-
-
Soby Mathew authored
This patch migrates the upstream platform makefiles to include the console drivers from the new location in ARM Trusted Firmware code base. Change-Id: I866d6c4951e475de1f836ce8a8c1d5e6da9577e3
-
- 25 Jul, 2016 1 commit
-
-
Antonio Nino Diaz authored
Compile option `ARM_BOARD_OPTIMISE_MMAP` has been renamed to `ARM_BOARD_OPTIMISE_MEM` because it now applies not only to defines related to the translation tables but to the image size as well. The defines `PLAT_ARM_MAX_BL1_RW_SIZE`, `PLAT_ARM_MAX_BL2_SIZE` and `PLAT_ARM_MAX_BL31_SIZE` have been moved to the file board_arm_def.h. This way, ARM platforms no longer have to set their own values if `ARM_BOARD_OPTIMISE_MEM=0` and they can specify optimized values otherwise. The common sizes have been set to the highest values used for any of the current build configurations. This is needed because in some build configurations some images are running out of space. This way there is a common set of values known to work for all of them and it can be optimized for each particular platform if needed. The space reserved for BL2 when `TRUSTED_BOARD_BOOT=0` has been increased. This is needed because when memory optimisations are disabled the values for Juno of `PLAT_ARM_MMAP_ENTRIES` and `MAX_XLAT_TABLES` are higher. If in this situation the code is compiled in debug mode and with "-O0", the code won't fit. Change-Id: I70a3d8d3a0b0cad1d6b602c01a7ea334776e718e
-
- 19 Jul, 2016 4 commits
-
-
Soby Mathew authored
Previously the definition of `plat_get_syscnt_freq2()` in `arm_common.c` was conditionally defined based on the ERROR_DEPRECATED flag. This patch makes this function available irrespective of the flag and removes the deprecated `plat_get_syscnt_freq()` definition. Change-Id: I250ca787ca1b5e867096c6ba8f2bb444db44c97b
-
Soby Mathew authored
The PRELOADED_BL33_BASE build option allows to preload a BL33 and bypass its loading by BL2. In ARM standard platforms, the conditional behaviour of PRELOADED_BL33_BASE is moved within the implementation of `plat_get_ns_image_entrypoint()` so that all callers may benefit from this feature. Change-Id: Iea060e204ec72f8081087837854535c4e320da4e
-
Soby Mathew authored
This patch moves the `arm_common.c` file from `plat/arm/common/aarch64/` to the parent directory since the functions implemented in the file are not AArch64 specific. The platform makefiles are also modified for this change. Change-Id: I776d2e4958f59041476cf2f53a9adb5b2d304ee0
-
Soby Mathew authored
The `plat_psci_common.c` was moved to the new location `plat/common` and a stub file was retained at previous location for compatibility. This patch modifies the platform makefiles to include the file from the new location. Change-Id: Iabddeeb824e9a5d72d176d7c644735966c8c0699
-
- 18 Jul, 2016 1 commit
-
-
Soby Mathew authored
This patch reworks type usage in generic code, drivers and ARM platform files to make it more portable. The major changes done with respect to type usage are as listed below: * Use uintptr_t for storing address instead of uint64_t or unsigned long. * Review usage of unsigned long as it can no longer be assumed to be 64 bit. * Use u_register_t for register values whose width varies depending on whether AArch64 or AArch32. * Use generic C types where-ever possible. In addition to the above changes, this patch also modifies format specifiers in print invocations so that they are AArch64/AArch32 agnostic. Only files related to upcoming feature development have been reworked. Change-Id: I9f8c78347c5a52ba7027ff389791f1dad63ee5f8
-
- 08 Jul, 2016 3 commits
-
-
Sandrine Bailleux authored
On ARM CSS platforms, the whole flash used to be mapped as executable. This is not required, given that the flash is used to store the BL1 and FIP images and: - The FIP is not executed in place, its images are copied to RAM and executed from there. - BL1 is executed in place from flash but only its code needs to be mapped as executable and platform code takes care of re-mapping BL1's read-only section as executable. Therefore, this patch now maps the flash as non-executable by default on these platforms. This increases security by restricting the executable region to what is strictly needed. This patch also adds some comments to clarify the memory mapping attributes on these platforms. Change-Id: I4db3c145508bea1f43fbe0f6dcd551e1aec1ecd3
-
Sandrine Bailleux authored
This patch adds some verbose traces in the arm_setup_page_tables() function to print the extents of the different memory regions it maps. Change-Id: Ia3ae1053e7ebf3579601ff9238b0e3791eb1e9e4
-
Sandrine Bailleux authored
The arm_setup_page_tables() function used to expect a single set of addresses defining the extents of the whole read-only section, code and read-only data mixed up, which was mapped as executable. This patch changes this behaviour. arm_setup_page_tables() now expects 2 separate sets of addresses: - the extents of the code section; - the extents of the read-only data section. The code is mapped as executable, whereas the data is mapped as execute-never. New #defines have been introduced to identify the extents of the code and the read-only data section. Given that all BL images except BL1 share the same memory layout and linker script structure, these #defines are common across these images. The slight memory layout differences in BL1 have been handled by providing values specific to BL1. Note that this patch also affects the Xilinx platform port, which uses the arm_setup_page_tables() function. It has been updated accordingly, such that the memory mappings on this platform are unchanged. This is achieved by passing null values as the extents of the read-only data section so that it is ignored. As a result, the whole read-only section is still mapped as executable. Fixes ARM-software/tf-issues#85 Change-Id: I1f95865c53ce6e253a01286ff56e0aa1161abac5
-