1. 09 Nov, 2017 1 commit
  2. 08 Nov, 2017 2 commits
    • Antonio Nino Diaz's avatar
      SPM: Introduce Secure Partition Manager · 2fccb228
      Antonio Nino Diaz authored
      
      
      A Secure Partition is a software execution environment instantiated in
      S-EL0 that can be used to implement simple management and security
      services. Since S-EL0 is an unprivileged exception level, a Secure
      Partition relies on privileged firmware e.g. ARM Trusted Firmware to be
      granted access to system and processor resources. Essentially, it is a
      software sandbox that runs under the control of privileged software in
      the Secure World and accesses the following system resources:
      
      - Memory and device regions in the system address map.
      - PE system registers.
      - A range of asynchronous exceptions e.g. interrupts.
      - A range of synchronous exceptions e.g. SMC function identifiers.
      
      A Secure Partition enables privileged firmware to implement only the
      absolutely essential secure services in EL3 and instantiate the rest in
      a partition. Since the partition executes in S-EL0, its implementation
      cannot be overly complex.
      
      The component in ARM Trusted Firmware responsible for managing a Secure
      Partition is called the Secure Partition Manager (SPM). The SPM is
      responsible for the following:
      
      - Validating and allocating resources requested by a Secure Partition.
      - Implementing a well defined interface that is used for initialising a
        Secure Partition.
      - Implementing a well defined interface that is used by the normal world
        and other secure services for accessing the services exported by a
        Secure Partition.
      - Implementing a well defined interface that is used by a Secure
        Partition to fulfil service requests.
      - Instantiating the software execution environment required by a Secure
        Partition to fulfil a service request.
      
      Change-Id: I6f7862d6bba8732db5b73f54e789d717a35e802f
      Co-authored-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      Co-authored-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      Co-authored-by: default avatarAchin Gupta <achin.gupta@arm.com>
      Co-authored-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      2fccb228
    • Antonio Nino Diaz's avatar
      xlat: Make function to calculate TCR PA bits public · ad02a759
      Antonio Nino Diaz authored
      
      
      This function can be useful to setup TCR_ELx by callers that don't use
      the translation tables library to setup the system registers related
      to them. By making it common, it can be reused whenever it is needed
      without duplicating code.
      
      Change-Id: Ibfada9e846d2a6cd113b1925ac911bb27327d375
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      ad02a759
  3. 01 Nov, 2017 1 commit
  4. 31 Oct, 2017 2 commits
  5. 25 Oct, 2017 1 commit
  6. 24 Oct, 2017 1 commit
  7. 23 Oct, 2017 2 commits
  8. 17 Oct, 2017 4 commits
  9. 16 Oct, 2017 15 commits
  10. 13 Oct, 2017 3 commits
    • Roberto Vargas's avatar
      Update PSCI version to 1.1 · 829e97d7
      Roberto Vargas authored
      
      
      Updated the PSCI version conforming to the PSCI v1.1
      specification (ARM DEN022D).
      
      Change-Id: I1f34772ef6de37ec1ade719a1ab3aa062152d995
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      829e97d7
    • David Cunado's avatar
      Init and save / restore of PMCR_EL0 / PMCR · 3e61b2b5
      David Cunado authored
      
      
      Currently TF does not initialise the PMCR_EL0 register in
      the secure context or save/restore the register.
      
      In particular, the DP field may not be set to one to prohibit
      cycle counting in the secure state, even though event counting
      generally is prohibited via the default setting of MDCR_EL3.SMPE
      to 0.
      
      This patch initialises PMCR_EL0.DP to one in the secure state
      to prohibit cycle counting and also initialises other fields
      that have an architectually UNKNOWN reset value.
      
      Additionally, PMCR_EL0 is added to the list of registers that are
      saved and restored during a world switch.
      
      Similar changes are made for PMCR for the AArch32 execution state.
      
      NOTE: secure world code at lower ELs that assume other values in PMCR_EL0
      will be impacted.
      
      Change-Id: Iae40e8c0a196d74053accf97063ebc257b4d2f3a
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      3e61b2b5
    • Roberto Vargas's avatar
      reset2: Add PSCI system_reset2 function · 36a8f8fd
      Roberto Vargas authored
      
      
      This patch implements PSCI_SYSTEM_RESET2 API as defined in PSCI
      v1.1 specification. The specification allows architectural and
      vendor-specific resets via this API. In the current specification,
      there is only one architectural reset, the warm reset. This reset is
      intended to provide a fast reboot path that guarantees not to reset
      system main memory.
      
      Change-Id: I057bb81a60cd0fe56465dbb5791d8e1cca025bd3
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      36a8f8fd
  11. 11 Oct, 2017 2 commits
    • Soby Mathew's avatar
      ARM platforms: enable GICv3 state save/restore · e35a3fb5
      Soby Mathew authored
      
      
      Provides GICv3 save/restore feature to arm_system_pwr_domain_resume and
      arm_system_pwr_domain_save functions.
      
      Introduce FVP PSCI power level 3 (System level) support. This is solely
      done to provide example code on how to use the GICv3 save and restore
      helpers.
      
      Also make CSS GICv3 platforms power off the Redistributor on SYSTEM
      SUSPEND as its state is saved and restored.
      
      Change-Id: I0d852f3af8824edee1a17c085cf593ddd33a4e77
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      Co-Authored-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      e35a3fb5
    • Soby Mathew's avatar
      ARM platforms: Add support for EL3 TZC memory region · a22dffc6
      Soby Mathew authored
      
      
      Some recent enhancements to EL3 runtime firmware like support for
      save and restoring GICv3 register context during system_suspend
      necessitates additional data memory for the firmware. This patch
      introduces support for creating a TZC secured DDR carveout for use
      by ARM reference platforms. A new linker section `el3_tzc_dram` is
      created using platform supplied linker script and data marked with
      the attribute `arm_el3_tzc_dram` will be placed in this section.
      The FVP makefile now defines the `PLAT_EXTRA_LD_SCRIPT` variable to
      allow inclusion of the platform linker script by the top level BL31
      linker script.
      
      Change-Id: I0e7f4a75a6ac51419c667875ff2677043df1585d
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      a22dffc6
  12. 06 Oct, 2017 1 commit
    • David Cunado's avatar
      Increase PLAT_ARM_MMAP_ENTRIES and MAX_XLAT_TABLES · 2e421ad2
      David Cunado authored
      
      
      The MEM_PROTECT support adds a MMAP region for DRAM2, which when
      building with TBBR support and OP-TEE tsp requires an additional
      entry in the MMAP region array in BL2 - PLAT_ARM_MMAP_ENTRIES is
      increased.
      
      The MEM_PROTECT support also adds a new region in BL31, and when
      BL31 is placed in DRAM, the memory mappings require an additional
      translation table - MAX_XLAT_TABLES is increased.
      
      Change-Id: I0b76260da817dcfd0b8f73a7193c36efda977625
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      2e421ad2
  13. 05 Oct, 2017 5 commits
    • Soby Mathew's avatar
      GICv3: ITS architectural save and restore helpers · b258278e
      Soby Mathew authored
      
      
      This patch adds functions to save and restore GICv3 ITS registers during
      system suspend. Please note that the power management of GIC ITS is
      implementation defined. These functions only implements the
      architectural part of the ITS power management and they do not restore
      memory structures or register content required to support ITS. Even if
      the ITS implementation stores structures in memory, an implementation
      defined power down sequence is likely to be required to flush some
      internal ITS caches to memory. If such implementation defined sequence
      is not followed, the platform must ensure that the ITS is not power
      gated during system suspend.
      
      Change-Id: I5f31e5541975aa7dcaab69b0b7f67583c0e27678
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      b258278e
    • Soby Mathew's avatar
      GICv3: add functions for save and restore · ebf1ca10
      Soby Mathew authored
      
      
      During system suspend, the GICv3 Distributor and Redistributor context
      can be lost due to power gating of the system power domain. This means
      that the GICv3 context needs to be saved prior to system suspend and
      restored on wakeup. Currently the consensus is that the Firmware should
      be in charge of this. See tf-issues#464 for more details.
      
      This patch introduces helper APIs in the GICv3 driver to save and
      restore the Distributor and Redistributor contexts. The GICv3 ITS
      context is not considered in this patch because the specification says
      that the details of ITS power management is implementation-defined.
      These APIs are expected to be appropriately invoked by the platform
      layer during system suspend.
      
      Fixes ARM-software/tf-issues#464
      
      Change-Id: Iebb9c6770ab8c4d522546f161fa402d2fe02ec00
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      ebf1ca10
    • Antonio Nino Diaz's avatar
      xlat: Add support for EL0 and EL1 mappings · 609c9191
      Antonio Nino Diaz authored
      
      
      This patch introduces the ability of the xlat tables library to manage
      EL0 and EL1 mappings from a higher exception level.
      
      Attributes MT_USER and MT_PRIVILEGED have been added to allow the user
      specify the target EL in the translation regime EL1&0.
      
      REGISTER_XLAT_CONTEXT2 macro is introduced to allow creating a
      xlat_ctx_t that targets a given translation regime (EL1&0 or EL3).
      
      A new member is added to xlat_ctx_t to represent the translation regime
      the xlat_ctx_t manages. The execute_never mask member is removed as it
      is computed from existing information.
      
      Change-Id: I95e14abc3371d7a6d6a358cc54c688aa9975c110
      Co-authored-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      Co-authored-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      Co-authored-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      609c9191
    • Douglas Raillard's avatar
      xlat: Introduce function xlat_arch_tlbi_va_regime() · b4ae615b
      Douglas Raillard authored
      
      
      Introduce a variant of the TLB invalidation helper function that
      allows the targeted translation regime to be specified, rather than
      defaulting to the current one.
      
      This new function is useful in the context of EL3 software managing
      translation tables for the S-EL1&0 translation regime, as then it
      might need to invalidate S-EL1&0 TLB entries rather than EL3 ones.
      
      Define a new enumeration to be able to represent translation regimes in
      the xlat tables library.
      
      Change-Id: Ibe4438dbea2d7a6e7470bfb68ff805d8bf6b07e5
      Co-authored-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      Co-authored-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      Co-authored-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      b4ae615b
    • Sandrine Bailleux's avatar
      xlat: Introduce MAP_REGION2() macro · fdb1964c
      Sandrine Bailleux authored
      
      
      The current implementation of the memory mapping API favours mapping
      memory regions using the biggest possible block size in order to
      reduce the number of translation tables needed.
      
      In some cases, this behaviour might not be desirable. When translation
      tables are edited at run-time, coarse-grain mappings like that might
      need splitting into finer-grain tables. This operation has a
      performance cost.
      
      The MAP_REGION2() macro allows to specify the granularity of
      translation tables used for the initial mapping of a memory region.
      This might increase performance for memory regions that are likely to
      be edited in the future, at the expense of a potentially increased
      memory footprint.
      
      The Translation Tables Library Design Guide has been updated to
      explain the use case for this macro. Also added a few intermediate
      titles to make the guide easier to digest.
      
      Change-Id: I04de9302e0ee3d326b8877043a9f638766b81b7b
      Co-authored-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      Co-authored-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      fdb1964c