1. 02 Apr, 2020 7 commits
    • Sandrine Bailleux's avatar
      Check for out-of-bound accesses in the platform io policies · afe62624
      Sandrine Bailleux authored
      
      
      The platform io policies array is now always accessed through a fconf getter.
      This gives us an ideal spot to check for out-of-bound accesses.
      
      Remove the assertion in plat_get_image_source(), which is now redundant.
      
      Change-Id: Iefe808d530229073b68cbd164d927b8b6662a217
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      afe62624
    • Sandrine Bailleux's avatar
      Check for out-of-bound accesses in the CoT description · 6f8a2565
      Sandrine Bailleux authored
      
      
      The chain of trust array is now always accessed through a fconf getter.
      This gives us an ideal spot to check for out-of-bound accesses.
      
      Change-Id: Ic5ea20e43cf8ca959bb7f9b60de7c0839b390add
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      6f8a2565
    • Masahiro Yamada's avatar
      Pass more -D options to BL*_CPPFLAGS instead of BL*_CFLAGS · 9cefb4b1
      Masahiro Yamada authored
      Commit d5e97a1d ("Build: define IMAGE_AT_EL1 or IMAGE_AT_EL3
      globally for C files") does not have commit 848a7e8c ("Build:
      introduce per-BL CPPFLAGS and ASFLAGS") as an ancestor because
      they were pulled almost at the same time.
      
      This is a follow-up conversion to be consistent with commit
      11a3c5ee
      
       ("plat: pass -D option to BL*_CPPFLAGS instead of
      BL*_CFLAGS").
      
      With this change, the command line option, IMAGE_AT_EL3, will be
      passed to .S files as well.
      
      I remove the definition in include/lib/cpus/aarch64/cpu_macros.S
      
      Otherwise, the following error would happen.
      
        include/lib/cpus/aarch64/cpu_macros.S:29:0: error: "IMAGE_AT_EL3" redefined [-Werror]
      
      Change-Id: I943c8f22356483c2ae3c57b515c69243a8fa6889
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      9cefb4b1
    • Masahiro Yamada's avatar
      xlat_tables_v2: fix assembler warning of PLAT_RO_XLAT_TABLES · 268131c2
      Masahiro Yamada authored
      
      
      If PLAT_RO_XLAT_TABLES is defined, the base xlat table goes to the
      .rodata section instead of .bss section.
      
      This causes a warning like:
      
      /tmp/ccswitLr.s: Assembler messages:
      /tmp/ccswitLr.s:297: Warning: setting incorrect section attributes for .rodata
      
      It is practically no problem, but I want to keep the build log clean.
      
      Put the base table into the "base_xlat_table" section to suppress the
      assembler warnings.
      
      The linker script determines its final destination; rodata section if
      PLAT_RO_XLAT_TABLES=1, or bss section otherwise. So, the result is the
      same.
      
      Change-Id: Ic85d1d2dddd9b5339289fc2378cbcb21dd7db02e
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      268131c2
    • Masahiro Yamada's avatar
      linker_script: move bss section to bl_common.ld.h · a7739bc7
      Masahiro Yamada authored
      
      
      Move the bss section to the common header. This adds BAKERY_LOCK_NORMAL
      and PMF_TIMESTAMP, which previously existed only in BL31. This is not
      a big deal because unused data should not be compiled in the first
      place. I believe this should be controlled by BL*_SOURCES in Makefiles,
      not by linker scripts.
      
      I investigated BL1, BL2, BL2U, BL31 for plat=fvp, and BL2-AT-EL3,
      BL31, BL31 for plat=uniphier. I did not see any more  unexpected
      code addition.
      
      The bss section has bigger alignment. I added BSS_ALIGN for this.
      
      Currently, SORT_BY_ALIGNMENT() is missing in sp_min.ld.S, and with this
      change, the BSS symbols in SP_MIN will be sorted by the alignment.
      This is not a big deal (or, even better in terms of the image size).
      
      Change-Id: I680ee61f84067a559bac0757f9d03e73119beb33
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      a7739bc7
    • Masahiro Yamada's avatar
      linker_script: replace common read-only data with RODATA_COMMON · 0a0a7a9a
      Masahiro Yamada authored
      The common section data are repeated in many linker scripts (often
      twice in each script to support SEPARATE_CODE_AND_RODATA). When you
      add a new read-only data section, you end up with touching lots of
      places.
      
      After this commit, you will only need to touch bl_common.ld.h when
      you add a new section to RODATA_COMMON.
      
      Replace a series of RO section with RODATA_COMMON, which contains
      6 sections, some of which did not exist before.
      
      This is not a big deal because unneeded data should not be compiled
      in the first place. I believe this should be controlled by BL*_SOURCES
      in Makefiles, not by linker scripts.
      
      When I was working on this commit, the BL1 image size increased
      due to the fconf_populator. Commit c452ba15
      
       ("fconf: exclude
      fconf_dyn_cfg_getter.c from BL1_SOURCES") fixed this issue.
      
      I investigated BL1, BL2, BL2U, BL31 for plat=fvp, and BL2-AT-EL3,
      BL31, BL31 for plat=uniphier. I did not see any more  unexpected
      code addition.
      
      Change-Id: I5d14d60dbe3c821765bce3ae538968ef266f1460
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      0a0a7a9a
    • Masahiro Yamada's avatar
      linker_script: move more common code to bl_common.ld.h · 9fb288a0
      Masahiro Yamada authored
      
      
      These are mostly used to collect data from special structure,
      and repeated in many linker scripts.
      
      To differentiate the alignment size between aarch32/aarch64, I added
      a new macro STRUCT_ALIGN.
      
      While I moved the PMF_SVC_DESCS, I dropped #if ENABLE_PMF conditional.
      As you can see in include/lib/pmf/pmf_helpers.h, PMF_REGISTER_SERVICE*
      are no-op when ENABLE_PMF=0. So, pmf_svc_descs and pmf_timestamp_array
      data are not populated.
      
      Change-Id: I3f4ab7fa18f76339f1789103407ba76bda7e56d0
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      9fb288a0
  2. 01 Apr, 2020 2 commits
    • Varun Wadekar's avatar
      include: fixup 'cm_setup_context' prototype · 25d819a3
      Varun Wadekar authored
      
      
      This patch changes the prototype cm_setup_context() to use struct entry_point_info
      rather than the typedef'ed version of it. This fixes the following compilation error
      seen with EL3_EXCEPTION_HANDLING = 1.
      
      <snip>
      In file included from bl31/ehf.c:19:
      include/lib/el3_runtime/context_mgmt.h:35:49: error: unknown type name 'entry_point_info_t'
         35 | void cm_setup_context(cpu_context_t *ctx, const entry_point_info_t *ep);
            |                                                 ^~~~~~~~~~~~~~~~~~
      <snip>
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      Change-Id: I73b059ff2dade2259cefd0f9a097c7ea4a88055d
      25d819a3
    • Gilad Ben-Yossef's avatar
      cryptocell: add support for Cryptocell 713 · 4501843f
      Gilad Ben-Yossef authored
      
      
      Add Crypto 713 support as crypto module and NVM counter provider.
      
      As files under include/drivers/arm/cryptocell/713/ are copied verbatim
      from the CryptoCell SBROM lib project they are filtered from checkpatch
      coding style check.
      Signed-off-by: default avatarGilad Ben-Yossef <gilad@benyossef.com>
      Change-Id: I7c361772f00ca7d96481f81ac6cbb2704467e52c
      4501843f
  3. 31 Mar, 2020 2 commits
    • Masahiro Yamada's avatar
      xlat_tables_v2: add enable_mmu() · f5547735
      Masahiro Yamada authored
      
      
      enable_mmu_* has a different function name, so it is not handy in the
      shared code. enable_mmu() calls an appropriate one depending on the
      exception level.
      
      Change-Id: I0657968bfcb91c32733f75f9259f550a5c35b1c3
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      f5547735
    • Masahiro Yamada's avatar
      Add get_current_el_maybe_constant() · fd092be2
      Masahiro Yamada authored
      
      
      There are some cases where we want to run EL-dependent code in the
      shared code.
      
      We could use #ifdef, but it leaves slight possibility where we do not
      know the exception level at the build-time (e.g. library code).
      
      The counter approach is to use get_current_el(), but it is run-time
      detection, so all EL code is linked, some of which might be unneeded.
      
      This commit adds get_current_el_maybe_constant(). This is a static
      inline function that returns a constant value if we know the exception
      level at build-time. This is mostly the case.
      
          if (get_current_el_maybe_constant() == 1) {
                  /* do something for EL1 */
          } else if (get_current_el_maybe_constant() == 3) {
                  /* do something for EL3 */
          }
      
      If get_current_el_maybe_constant() is build-time constant, the compiler
      will optimize out the unreachable code.
      
      If such code is included from the library code, it is not built-time
      constant. In this case, it falls back to get_current_el(), so it still
      works.
      
      Change-Id: Idb03c20342a5b5173fe2d6b40e1fac7998675ad3
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      fd092be2
  4. 30 Mar, 2020 1 commit
  5. 25 Mar, 2020 2 commits
    • Alexei Fedorov's avatar
      FVP: Add BL2 hash calculation in BL1 · 0ab49645
      Alexei Fedorov authored
      
      
      This patch provides support for measured boot by adding calculation
      of BL2 image hash in BL1 and writing these data in TB_FW_CONFIG DTB.
      
      Change-Id: Ic074a7ed19b14956719c271c805b35d147b7cec1
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      0ab49645
    • Manish V Badarkhe's avatar
      Fix 'tautological-constant-compare' error · 4c4a1327
      Manish V Badarkhe authored
      
      
      Fixed below 'tautological-constant-compare' error when building the source
      code with latest clang compiler <clang version 11.0.0>.
      
      plat/common/plat_psci_common.c:36:2:
      error: converting the result of '<<' to a boolean always evaluates
      to true [-Werror,-Wtautological-constant-compare]
              PMF_STORE_ENABLE)
              ^
      include/lib/pmf/pmf.h:28:29: note: expanded from macro 'PMF_STORE_ENABLE'
      PMF_STORE_ENABLE        (1 << 0)
      
      This error is observed beacuse of CASSERT placed in
      "PMF_DEFINE_CAPTURE_TIMESTAMP" which do below stuff:
      CASSERT(_flags, select_proper_config);
      where _flags = PMF_STORE_ENABLE (1 << 0) which always results true.
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      Change-Id: Ifa82ea202496a23fdf1d27ea1798d1f1b583a021
      4c4a1327
  6. 23 Mar, 2020 1 commit
  7. 22 Mar, 2020 1 commit
    • Mustafa Yigit Bilgen's avatar
      spd: tlkd: support new TLK SMCs for RPMB service · bd0c2f8d
      Mustafa Yigit Bilgen authored
      
      
      This patch adds support to handle following TLK SMCs:
      {TLK_SET_BL_VERSION, TLK_LOCK_BL_INTERFACE, TLK_BL_RPMB_SERVICE}
      
      These SMCs need to be supported in ATF in order to forward them to
      TLK. Otherwise, these functionalities won't work.
      
      Brief:
      TLK_SET_BL_VERSION: This SMC is issued by the bootloader to supply its
      version to TLK. TLK can use this to prevent rollback attacks.
      
      TLK_LOCK_BL_INTERFACE: This SMC is issued by bootloader before handing off
      execution to the OS. This allows preventing sensitive SMCs being used
      by the OS.
      
      TLK_BL_RPMB_SERVICE: bootloader issues this SMC to sign or verify RPMB
      frames.
      
      Tested by: Tests TLK can receive the new SMCs issued by bootloader
      
      Change-Id: I57c2d189a5f7a77cea26c3f8921866f2a6f0f944
      Signed-off-by: default avatarMustafa Yigit Bilgen <mbilgen@nvidia.com>
      bd0c2f8d
  8. 20 Mar, 2020 1 commit
  9. 19 Mar, 2020 2 commits
  10. 17 Mar, 2020 2 commits
  11. 12 Mar, 2020 1 commit
  12. 11 Mar, 2020 7 commits
    • Varun Wadekar's avatar
      spd: tlkd: secure timer interrupt handler · d205cda6
      Varun Wadekar authored
      
      
      This patch adds an interrupt handler for TLK. On receiving an
      interrupt, the source of the interrupt is determined and the
      interrupt is marked complete. The IRQ number is passed to
      TLK along with a special SMC function ID. TLK issues an SMC
      to notify completion of the interrupt handler in the S-EL1
      world.
      
      Change-Id: I76f28cee6537245c5e448d2078f86312219cea1a
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      d205cda6
    • Madhukar Pappireddy's avatar
      fconf: necessary modifications to support fconf in BL31 & SP_MIN · 26d1e0c3
      Madhukar Pappireddy authored
      
      
      Necessary infrastructure added to integrate fconf framework in BL31 & SP_MIN.
      Created few populator() functions which parse HW_CONFIG device tree
      and registered them with fconf framework. Many of the changes are
      only applicable for fvp platform.
      
      This patch:
      1. Adds necessary symbols and sections in BL31, SP_MIN linker script
      2. Adds necessary memory map entry for translation in BL31, SP_MIN
      3. Creates an abstraction layer for hardware configuration based on
         fconf framework
      4. Adds necessary changes to build flow (makefiles)
      5. Minimal callback to read hw_config dtb for capturing properties
         related to GIC(interrupt-controller node)
      6. updates the fconf documentation
      
      Change-Id: Ib6292071f674ef093962b9e8ba0d322b7bf919af
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      26d1e0c3
    • Madhukar Pappireddy's avatar
      Use Speculation Barrier instruction for v8.5 cores · ccfb5c81
      Madhukar Pappireddy authored
      
      
      Change-Id: Ie1018bfbae2fe95c699e58648665baa75e862000
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      ccfb5c81
    • Madhukar Pappireddy's avatar
      fconf: enhancements to firmware configuration framework · 25d740c4
      Madhukar Pappireddy authored
      
      
      A populate() function essentially captures the value of a property,
      defined by a platform, into a fconf related c structure. Such a
      callback is usually platform specific and is associated to a specific
      configuration source.
      For example, a populate() function which captures the hardware topology
      of the platform can only parse HW_CONFIG DTB. Hence each populator
      function must be registered with a specific 'config_type' identifier.
      It broadly represents a logical grouping of configuration properties
      which is usually a device tree source file.
      
      Example:
      > TB_FW: properties related to trusted firmware such as IO policies,
      	 base address of other DTBs, mbedtls heap info etc.
      > HW_CONFIG: properties related to hardware configuration of the SoC
      	 such as topology, GIC controller, PSCI hooks, CPU ID etc.
      
      This patch modifies FCONF_REGISTER_POPULATOR macro and fconf_populate()
      to register and invoke the appropriate callbacks selectively based on
      configuration type.
      
      Change-Id: I6f63b1fd7a8729c6c9137d5b63270af1857bb44a
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      25d740c4
    • Masahiro Yamada's avatar
      Factor xlat_table sections in linker scripts out into a header file · 665e71b8
      Masahiro Yamada authored
      
      
      TF-A has so many linker scripts, at least one linker script for each BL
      image, and some platforms have their own ones. They duplicate quite
      similar code (and comments).
      
      When we add some changes to linker scripts, we end up with touching
      so many files. This is not nice in the maintainability perspective.
      
      When you look at Linux kernel, the common code is macrofied in
      include/asm-generic/vmlinux.lds.h, which is included from each arch
      linker script, arch/*/kernel/vmlinux.lds.S
      
      TF-A can follow this approach. Let's factor out the common code into
      include/common/bl_common.ld.h
      
      As a start point, this commit factors out the xlat_table section.
      
      Change-Id: Ifa369e9b48e8e12702535d721cc2a16d12397895
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      665e71b8
    • Masahiro Yamada's avatar
      xlat_tables_v2: use ARRAY_SIZE in REGISTER_XLAT_CONTEXT_FULL_SPEC · e2822458
      Masahiro Yamada authored
      
      
      With this, it is clearer that .base_table_entries and .tables_num
      are the array size of .base_table and .tables, respectively.
      
      Change-Id: I634e65aba835ab9908cc3919355df6bc6e18d42a
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      e2822458
    • Masahiro Yamada's avatar
      xlat_tables_v2: merge REGISTER_XLAT_CONTEXT_{FULL_SPEC,RO_BASE_TABLE} · 363830df
      Masahiro Yamada authored
      
      
      xlat_tables_v2_helpers.h defines two quite similar macros,
      REGISTER_XLAT_CONTEXT_FULL_SPEC and REGISTER_XLAT_CONTEXT_RO_BASE_TABLE.
      
      Only the difference is the section of _ctx_name##_base_xlat_table.
      
      Parameterize it and unify these two macros.
      
      The base xlat table goes into the .bss section by default.
      If PLAT_RO_XLAT_TABLES is defined, it goes into the .rodata section.
      
      Change-Id: I8b02f4da98f0c272e348a200cebd89f479099c55
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      363830df
  13. 10 Mar, 2020 1 commit
  14. 06 Mar, 2020 3 commits
    • Alexei Fedorov's avatar
      Fix crash dump for lower EL · b4292bc6
      Alexei Fedorov authored
      
      
      This patch provides a fix for incorrect crash dump data for
      lower EL when TF-A is built with HANDLE_EA_EL3_FIRST=1 option
      which enables routing of External Aborts and SErrors to EL3.
      
      Change-Id: I9d5e6775e6aad21db5b78362da6c3a3d897df977
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      b4292bc6
    • Sumit Garg's avatar
      TBB: Add an IO abstraction layer to load encrypted firmwares · 2be57b86
      Sumit Garg authored
      
      
      TBBR spec advocates for optional encryption of firmwares (see optional
      requirement: R060_TBBR_FUNCTION). So add an IO abstaction layer to
      support firmware decryption that can be stacked above any underlying IO/
      packaging layer like FIP etc. It aims to provide a framework to load any
      encrypted IO payload.
      
      Also, add plat_get_enc_key_info() to be implemented in a platform
      specific manner as handling of encryption key may vary from one platform
      to another.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I9892e0ddf00ebecb8981301dbfa41ea23e078b03
      2be57b86
    • Sumit Garg's avatar
      drivers: crypto: Add authenticated decryption framework · 7cda17bb
      Sumit Garg authored
      
      
      Add framework for autheticated decryption of data. Currently this
      patch optionally imports mbedtls library as a backend if build option
      "DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption
      using AES-GCM algorithm.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271
      7cda17bb
  15. 04 Mar, 2020 1 commit
    • Manish Pandey's avatar
      SPMD: loading Secure Partition payloads · cb3b5344
      Manish Pandey authored
      
      
      This patch implements loading of Secure Partition packages using
      existing framework of loading other bl images.
      
      The current framework uses a statically defined array to store all the
      possible image types and at run time generates a link list and traverse
      through it to load different images.
      
      To load SPs, a new array of fixed size is introduced which will be
      dynamically populated based on number of SPs available in the system
      and it will be appended to the loadable images list.
      
      Change-Id: I8309f63595f2a71b28a73b922d20ccba9c4f6ae4
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      cb3b5344
  16. 03 Mar, 2020 4 commits
  17. 02 Mar, 2020 1 commit
  18. 01 Mar, 2020 1 commit