- 02 Apr, 2020 7 commits
-
-
Sandrine Bailleux authored
The platform io policies array is now always accessed through a fconf getter. This gives us an ideal spot to check for out-of-bound accesses. Remove the assertion in plat_get_image_source(), which is now redundant. Change-Id: Iefe808d530229073b68cbd164d927b8b6662a217 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Sandrine Bailleux authored
The chain of trust array is now always accessed through a fconf getter. This gives us an ideal spot to check for out-of-bound accesses. Change-Id: Ic5ea20e43cf8ca959bb7f9b60de7c0839b390add Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Masahiro Yamada authored
Commit d5e97a1d ("Build: define IMAGE_AT_EL1 or IMAGE_AT_EL3 globally for C files") does not have commit 848a7e8c ("Build: introduce per-BL CPPFLAGS and ASFLAGS") as an ancestor because they were pulled almost at the same time. This is a follow-up conversion to be consistent with commit 11a3c5ee ("plat: pass -D option to BL*_CPPFLAGS instead of BL*_CFLAGS"). With this change, the command line option, IMAGE_AT_EL3, will be passed to .S files as well. I remove the definition in include/lib/cpus/aarch64/cpu_macros.S Otherwise, the following error would happen. include/lib/cpus/aarch64/cpu_macros.S:29:0: error: "IMAGE_AT_EL3" redefined [-Werror] Change-Id: I943c8f22356483c2ae3c57b515c69243a8fa6889 Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
If PLAT_RO_XLAT_TABLES is defined, the base xlat table goes to the .rodata section instead of .bss section. This causes a warning like: /tmp/ccswitLr.s: Assembler messages: /tmp/ccswitLr.s:297: Warning: setting incorrect section attributes for .rodata It is practically no problem, but I want to keep the build log clean. Put the base table into the "base_xlat_table" section to suppress the assembler warnings. The linker script determines its final destination; rodata section if PLAT_RO_XLAT_TABLES=1, or bss section otherwise. So, the result is the same. Change-Id: Ic85d1d2dddd9b5339289fc2378cbcb21dd7db02e Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
Move the bss section to the common header. This adds BAKERY_LOCK_NORMAL and PMF_TIMESTAMP, which previously existed only in BL31. This is not a big deal because unused data should not be compiled in the first place. I believe this should be controlled by BL*_SOURCES in Makefiles, not by linker scripts. I investigated BL1, BL2, BL2U, BL31 for plat=fvp, and BL2-AT-EL3, BL31, BL31 for plat=uniphier. I did not see any more unexpected code addition. The bss section has bigger alignment. I added BSS_ALIGN for this. Currently, SORT_BY_ALIGNMENT() is missing in sp_min.ld.S, and with this change, the BSS symbols in SP_MIN will be sorted by the alignment. This is not a big deal (or, even better in terms of the image size). Change-Id: I680ee61f84067a559bac0757f9d03e73119beb33 Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The common section data are repeated in many linker scripts (often twice in each script to support SEPARATE_CODE_AND_RODATA). When you add a new read-only data section, you end up with touching lots of places. After this commit, you will only need to touch bl_common.ld.h when you add a new section to RODATA_COMMON. Replace a series of RO section with RODATA_COMMON, which contains 6 sections, some of which did not exist before. This is not a big deal because unneeded data should not be compiled in the first place. I believe this should be controlled by BL*_SOURCES in Makefiles, not by linker scripts. When I was working on this commit, the BL1 image size increased due to the fconf_populator. Commit c452ba15 ("fconf: exclude fconf_dyn_cfg_getter.c from BL1_SOURCES") fixed this issue. I investigated BL1, BL2, BL2U, BL31 for plat=fvp, and BL2-AT-EL3, BL31, BL31 for plat=uniphier. I did not see any more unexpected code addition. Change-Id: I5d14d60dbe3c821765bce3ae538968ef266f1460 Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
These are mostly used to collect data from special structure, and repeated in many linker scripts. To differentiate the alignment size between aarch32/aarch64, I added a new macro STRUCT_ALIGN. While I moved the PMF_SVC_DESCS, I dropped #if ENABLE_PMF conditional. As you can see in include/lib/pmf/pmf_helpers.h, PMF_REGISTER_SERVICE* are no-op when ENABLE_PMF=0. So, pmf_svc_descs and pmf_timestamp_array data are not populated. Change-Id: I3f4ab7fa18f76339f1789103407ba76bda7e56d0 Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 01 Apr, 2020 2 commits
-
-
Varun Wadekar authored
This patch changes the prototype cm_setup_context() to use struct entry_point_info rather than the typedef'ed version of it. This fixes the following compilation error seen with EL3_EXCEPTION_HANDLING = 1. <snip> In file included from bl31/ehf.c:19: include/lib/el3_runtime/context_mgmt.h:35:49: error: unknown type name 'entry_point_info_t' 35 | void cm_setup_context(cpu_context_t *ctx, const entry_point_info_t *ep); | ^~~~~~~~~~~~~~~~~~ <snip> Signed-off-by: Varun Wadekar <vwadekar@nvidia.com> Change-Id: I73b059ff2dade2259cefd0f9a097c7ea4a88055d
-
Gilad Ben-Yossef authored
Add Crypto 713 support as crypto module and NVM counter provider. As files under include/drivers/arm/cryptocell/713/ are copied verbatim from the CryptoCell SBROM lib project they are filtered from checkpatch coding style check. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Change-Id: I7c361772f00ca7d96481f81ac6cbb2704467e52c
-
- 31 Mar, 2020 2 commits
-
-
Masahiro Yamada authored
enable_mmu_* has a different function name, so it is not handy in the shared code. enable_mmu() calls an appropriate one depending on the exception level. Change-Id: I0657968bfcb91c32733f75f9259f550a5c35b1c3 Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
There are some cases where we want to run EL-dependent code in the shared code. We could use #ifdef, but it leaves slight possibility where we do not know the exception level at the build-time (e.g. library code). The counter approach is to use get_current_el(), but it is run-time detection, so all EL code is linked, some of which might be unneeded. This commit adds get_current_el_maybe_constant(). This is a static inline function that returns a constant value if we know the exception level at build-time. This is mostly the case. if (get_current_el_maybe_constant() == 1) { /* do something for EL1 */ } else if (get_current_el_maybe_constant() == 3) { /* do something for EL3 */ } If get_current_el_maybe_constant() is build-time constant, the compiler will optimize out the unreachable code. If such code is included from the library code, it is not built-time constant. In this case, it falls back to get_current_el(), so it still works. Change-Id: Idb03c20342a5b5173fe2d6b40e1fac7998675ad3 Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 30 Mar, 2020 1 commit
-
-
Manish V Badarkhe authored
Moved SMCCC defines from plat_arm.h to new <smccc_def.h> header and include this header in all ARM platforms. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I4cbc69c7b9307461de87b7c7bf200dd9b810e485
-
- 25 Mar, 2020 2 commits
-
-
Alexei Fedorov authored
This patch provides support for measured boot by adding calculation of BL2 image hash in BL1 and writing these data in TB_FW_CONFIG DTB. Change-Id: Ic074a7ed19b14956719c271c805b35d147b7cec1 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
Manish V Badarkhe authored
Fixed below 'tautological-constant-compare' error when building the source code with latest clang compiler <clang version 11.0.0>. plat/common/plat_psci_common.c:36:2: error: converting the result of '<<' to a boolean always evaluates to true [-Werror,-Wtautological-constant-compare] PMF_STORE_ENABLE) ^ include/lib/pmf/pmf.h:28:29: note: expanded from macro 'PMF_STORE_ENABLE' PMF_STORE_ENABLE (1 << 0) This error is observed beacuse of CASSERT placed in "PMF_DEFINE_CAPTURE_TIMESTAMP" which do below stuff: CASSERT(_flags, select_proper_config); where _flags = PMF_STORE_ENABLE (1 << 0) which always results true. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: Ifa82ea202496a23fdf1d27ea1798d1f1b583a021
-
- 23 Mar, 2020 1 commit
-
-
Yann Gautier authored
Correct the following warning given by sparse tool: include/drivers/raw_nand.h:158:3: warning: symbol '__packed' was not declared. Should it be static? Change-Id: I03bd9a8aee5cdc5212ce5225be8033f1a6e92bd9 Signed-off-by: Yann Gautier <yann.gautier@st.com>
-
- 22 Mar, 2020 1 commit
-
-
Mustafa Yigit Bilgen authored
This patch adds support to handle following TLK SMCs: {TLK_SET_BL_VERSION, TLK_LOCK_BL_INTERFACE, TLK_BL_RPMB_SERVICE} These SMCs need to be supported in ATF in order to forward them to TLK. Otherwise, these functionalities won't work. Brief: TLK_SET_BL_VERSION: This SMC is issued by the bootloader to supply its version to TLK. TLK can use this to prevent rollback attacks. TLK_LOCK_BL_INTERFACE: This SMC is issued by bootloader before handing off execution to the OS. This allows preventing sensitive SMCs being used by the OS. TLK_BL_RPMB_SERVICE: bootloader issues this SMC to sign or verify RPMB frames. Tested by: Tests TLK can receive the new SMCs issued by bootloader Change-Id: I57c2d189a5f7a77cea26c3f8921866f2a6f0f944 Signed-off-by: Mustafa Yigit Bilgen <mbilgen@nvidia.com>
-
- 20 Mar, 2020 1 commit
-
-
Olivier Deprez authored
TPIDR_EL2 is missing from the EL2 state register save/restore sequence. This patch adds it to the context save restore routines. Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I35fc5ee82f97b72bcedac57c791312e7b3a45251
-
- 19 Mar, 2020 2 commits
-
-
Varun Wadekar authored
TLK does not participate in the system off/reset process and so has no use for the SYSTEM_OFF/RESET notifications. This patch removes the system off/reset handlers as a result. Change-Id: Icf1430b1400cea88000e6d54426eb604a43cbe6c Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Kalyani Chidambaram authored
This patch enables dual execution optimized translations for EL2 and EL3 CPU exception levels. Change-Id: I28fe98bb05687400f247e94adf44a1f3a85c38b1 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 17 Mar, 2020 2 commits
-
-
Andre Przywara authored
There is really no reason to use and pass around a struct when its only member is the (fixed) base address. Remove the struct and just use the base address on its own inside the GPIO driver. Then set the base address automatically. This simplifies GPIO setup for users, which now don't need to deal with zeroing a struct and setting the base address anymore. Change-Id: I3060f7859e3f8ef9a24cc8fb38307b5da943f127 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Manish V Badarkhe authored
Implemented SMCCC_ARCH_SOC_ID call in order to get below SOC information: 1. SOC revision 2. SOC version Implementation done using below SMCCC specification document: https://developer.arm.com/docs/den0028/c Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: Ie0595f1c345a6429a6fb4a7f05534a0ca9c9a48b
-
- 12 Mar, 2020 1 commit
-
-
Max Shvetsov authored
This patch introduces the `SPCI_ID_GET` interface which will return the ID of the calling SPCI component. Returns 0 for requests from the non-secure world and the SPCI component ID as specified in the manifest for secure world requests. Change-Id: Icf81eb1d0e1d7d5c521571e04972b6e2d356e0d1 Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com> Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
-
- 11 Mar, 2020 7 commits
-
-
Varun Wadekar authored
This patch adds an interrupt handler for TLK. On receiving an interrupt, the source of the interrupt is determined and the interrupt is marked complete. The IRQ number is passed to TLK along with a special SMC function ID. TLK issues an SMC to notify completion of the interrupt handler in the S-EL1 world. Change-Id: I76f28cee6537245c5e448d2078f86312219cea1a Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Madhukar Pappireddy authored
Necessary infrastructure added to integrate fconf framework in BL31 & SP_MIN. Created few populator() functions which parse HW_CONFIG device tree and registered them with fconf framework. Many of the changes are only applicable for fvp platform. This patch: 1. Adds necessary symbols and sections in BL31, SP_MIN linker script 2. Adds necessary memory map entry for translation in BL31, SP_MIN 3. Creates an abstraction layer for hardware configuration based on fconf framework 4. Adds necessary changes to build flow (makefiles) 5. Minimal callback to read hw_config dtb for capturing properties related to GIC(interrupt-controller node) 6. updates the fconf documentation Change-Id: Ib6292071f674ef093962b9e8ba0d322b7bf919af Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
Madhukar Pappireddy authored
Change-Id: Ie1018bfbae2fe95c699e58648665baa75e862000 Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
Madhukar Pappireddy authored
A populate() function essentially captures the value of a property, defined by a platform, into a fconf related c structure. Such a callback is usually platform specific and is associated to a specific configuration source. For example, a populate() function which captures the hardware topology of the platform can only parse HW_CONFIG DTB. Hence each populator function must be registered with a specific 'config_type' identifier. It broadly represents a logical grouping of configuration properties which is usually a device tree source file. Example: > TB_FW: properties related to trusted firmware such as IO policies, base address of other DTBs, mbedtls heap info etc. > HW_CONFIG: properties related to hardware configuration of the SoC such as topology, GIC controller, PSCI hooks, CPU ID etc. This patch modifies FCONF_REGISTER_POPULATOR macro and fconf_populate() to register and invoke the appropriate callbacks selectively based on configuration type. Change-Id: I6f63b1fd7a8729c6c9137d5b63270af1857bb44a Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
Masahiro Yamada authored
TF-A has so many linker scripts, at least one linker script for each BL image, and some platforms have their own ones. They duplicate quite similar code (and comments). When we add some changes to linker scripts, we end up with touching so many files. This is not nice in the maintainability perspective. When you look at Linux kernel, the common code is macrofied in include/asm-generic/vmlinux.lds.h, which is included from each arch linker script, arch/*/kernel/vmlinux.lds.S TF-A can follow this approach. Let's factor out the common code into include/common/bl_common.ld.h As a start point, this commit factors out the xlat_table section. Change-Id: Ifa369e9b48e8e12702535d721cc2a16d12397895 Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
With this, it is clearer that .base_table_entries and .tables_num are the array size of .base_table and .tables, respectively. Change-Id: I634e65aba835ab9908cc3919355df6bc6e18d42a Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
xlat_tables_v2_helpers.h defines two quite similar macros, REGISTER_XLAT_CONTEXT_FULL_SPEC and REGISTER_XLAT_CONTEXT_RO_BASE_TABLE. Only the difference is the section of _ctx_name##_base_xlat_table. Parameterize it and unify these two macros. The base xlat table goes into the .bss section by default. If PLAT_RO_XLAT_TABLES is defined, it goes into the .rodata section. Change-Id: I8b02f4da98f0c272e348a200cebd89f479099c55 Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 10 Mar, 2020 1 commit
-
-
Alexei Fedorov authored
This patch provides separation of GICD, GICR accessor functions and adds new macros for GICv3 registers access as a preparation for GICv3.1 and GICv4 support. NOTE: Platforms need to modify to include both 'gicdv3_helpers.c' and 'gicrv3_helpers.c' instead of the single helper file previously. Change-Id: I1641bd6d217d6eb7d1228be3c4177b2d556da60a Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 06 Mar, 2020 3 commits
-
-
Alexei Fedorov authored
This patch provides a fix for incorrect crash dump data for lower EL when TF-A is built with HANDLE_EA_EL3_FIRST=1 option which enables routing of External Aborts and SErrors to EL3. Change-Id: I9d5e6775e6aad21db5b78362da6c3a3d897df977 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
Sumit Garg authored
TBBR spec advocates for optional encryption of firmwares (see optional requirement: R060_TBBR_FUNCTION). So add an IO abstaction layer to support firmware decryption that can be stacked above any underlying IO/ packaging layer like FIP etc. It aims to provide a framework to load any encrypted IO payload. Also, add plat_get_enc_key_info() to be implemented in a platform specific manner as handling of encryption key may vary from one platform to another. Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Change-Id: I9892e0ddf00ebecb8981301dbfa41ea23e078b03
-
Sumit Garg authored
Add framework for autheticated decryption of data. Currently this patch optionally imports mbedtls library as a backend if build option "DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption using AES-GCM algorithm. Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271
-
- 04 Mar, 2020 1 commit
-
-
Manish Pandey authored
This patch implements loading of Secure Partition packages using existing framework of loading other bl images. The current framework uses a statically defined array to store all the possible image types and at run time generates a link list and traverse through it to load different images. To load SPs, a new array of fixed size is introduced which will be dynamically populated based on number of SPs available in the system and it will be appended to the loadable images list. Change-Id: I8309f63595f2a71b28a73b922d20ccba9c4f6ae4 Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
-
- 03 Mar, 2020 4 commits
-
-
Max Shvetsov authored
Added SPMD_SPM_AT_SEL2 build command line parameter. Set to 1 to run SPM at S-EL2. Set to 0 to run SPM at S-EL1 (pre-v8.4 or S-EL2 is disabled). Removed runtime EL from SPM core manifest. Change-Id: Icb4f5ea4c800f266880db1d410d63fe27a1171c0 Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
Max Shvetsov authored
Change-Id: I8881d489994aea667e3dd59932ab4123f511d6ba Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
Max Shvetsov authored
This patch adds EL2 registers that are supported up to ARMv8.6. ARM_ARCH_MINOR has to specified to enable save/restore routine. Note: Following registers are still not covered in save/restore. * AMEVCNTVOFF0<n>_EL2 * AMEVCNTVOFF1<n>_EL2 * ICH_AP0R<n>_EL2 * ICH_AP1R<n>_EL2 * ICH_LR<n>_EL2 Change-Id: I4813f3243e56e21cb297b31ef549a4b38d4876e1 Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
Olivier Deprez authored
Use the firmware configuration framework to retrieve information about Secure Partitions to facilitate loading them into memory. To load a SP image we need UUID look-up into FIP and the load address where it needs to be loaded in memory. This patch introduces a SP populator function which gets UUID and load address from firmware config device tree and updates its C data structure. Change-Id: I17faec41803df9a76712dcc8b67cadb1c9daf8cd Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
-
- 02 Mar, 2020 1 commit
-
-
Max Shvetsov authored
NOTE: Not all EL-2 system registers are saved/restored. This subset includes registers recognized by ARMv8.0 Change-Id: I9993c7d78d8f5f8e72d1c6c8d6fd871283aa3ce0 Signed-off-by: Jose Marinho <jose.marinho@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
- 01 Mar, 2020 1 commit
-
-
Madhukar Pappireddy authored
aarch32 CPUs speculatively execute instructions following a ERET as if it was not a jump instruction. This could lead to cache-based side channel vulnerabilities. The software fix is to place barrier instructions following ERET. The counterpart patch for aarch64 is merged: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=f461fe346b728d0e88142fd7b8f2816415af18bc Change-Id: I2aa3105bee0b92238f389830b3a3b8650f33af3d Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-