- 08 Nov, 2017 1 commit
-
-
Antonio Nino Diaz authored
A Secure Partition is a software execution environment instantiated in S-EL0 that can be used to implement simple management and security services. Since S-EL0 is an unprivileged exception level, a Secure Partition relies on privileged firmware e.g. ARM Trusted Firmware to be granted access to system and processor resources. Essentially, it is a software sandbox that runs under the control of privileged software in the Secure World and accesses the following system resources: - Memory and device regions in the system address map. - PE system registers. - A range of asynchronous exceptions e.g. interrupts. - A range of synchronous exceptions e.g. SMC function identifiers. A Secure Partition enables privileged firmware to implement only the absolutely essential secure services in EL3 and instantiate the rest in a partition. Since the partition executes in S-EL0, its implementation cannot be overly complex. The component in ARM Trusted Firmware responsible for managing a Secure Partition is called the Secure Partition Manager (SPM). The SPM is responsible for the following: - Validating and allocating resources requested by a Secure Partition. - Implementing a well defined interface that is used for initialising a Secure Partition. - Implementing a well defined interface that is used by the normal world and other secure services for accessing the services exported by a Secure Partition. - Implementing a well defined interface that is used by a Secure Partition to fulfil service requests. - Instantiating the software execution environment required by a Secure Partition to fulfil a service request. Change-Id: I6f7862d6bba8732db5b73f54e789d717a35e802f Co-authored-by: Douglas Raillard <douglas.raillard@arm.com> Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Co-authored-by: Achin Gupta <achin.gupta@arm.com> Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 24 Oct, 2017 1 commit
-
-
Roberto Vargas authored
These hooks are intended to allow one platform to try load images from alternative places. There is a hook to initialize the sequence of boot locations and a hook to pass to the next sequence. Change-Id: Ia0f84c415208dc4fa4f9d060d58476db23efa5b2 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 16 Oct, 2017 10 commits
-
-
Jeenu Viswambharan authored
API documentation updated. Change-Id: I40feec1fe67a960d035061b54dd55610bc34ce1d Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
API documentation updated. Change-Id: I14e33cfc7dfa93257c82d76fae186b17a1b6d266 Co-authored-by: Yousuf A <yousuf.sait@arm.com> Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
SPIs can be routed to either a specific PE, or to any one of all available PEs. API documentation updated. Change-Id: I28675f634568aaf4ea1aa8aa7ebf25b419a963ed Co-authored-by: Yousuf A <yousuf.sait@arm.com> Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
API documentation updated. Change-Id: I129725059299af6cc612bafa8d74817f779d7c4f Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
The back end GIC driver converts and assigns the interrupt type to suitable group. For GICv2, a build option GICV2_G0_FOR_EL3 is introduced, which determines to which type Group 0 interrupts maps to. - When the build option is set 0 (the default), Group 0 interrupts are meant for Secure EL1. This is presently the case. - Otherwise, Group 0 interrupts are meant for EL3. This means the SPD will have to synchronously hand over the interrupt to Secure EL1. The query API allows the platform to query whether the platform supports interrupts of a given type. API documentation updated. Change-Id: I60fdb4053ffe0bd006b3b20914914ebd311fc858 Co-authored-by: Yousuf A <yousuf.sait@arm.com> Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
API documentation updated. Change-Id: Ib700eb1b8ca65503aeed0ac4ce0e7b934df67ff9 Co-authored-by: Yousuf A <yousuf.sait@arm.com> Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
API documentation updated. Change-Id: Ice7511f8df5356851001d2f7dc2a46cfe318f9ba Co-authored-by: Yousuf A <yousuf.sait@arm.com> Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
API documentation updated. Change-Id: I6d61785af0d5330930c709de971a904dc7c3516c Co-authored-by: Yousuf A <yousuf.sait@arm.com> Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
These APIs allow the GIC implementation to categorize interrupt numbers into SPIs, PPIs, and SGIs. The default implementations for GICv2 and GICv3 follows interrupt numbering as specified by the ARM GIC architecture. API documentation updated. Change-Id: Ia6aa379dc955994333232e6138f259535d4fa087 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
Document the API in separate platform interrupt controller API document. Change-Id: If18f208e10a8a243f5c59d226fcf48e985941949 Co-authored-by: Yousuf A <yousuf.sait@arm.com> Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 11 Sep, 2017 1 commit
-
-
Soby Mathew authored
This patch gives users control over logging messages printed from the C code using the LOG macros defined in debug.h Users now have the ability to reduce the log_level at run time using the tf_log_set_max_level() function. The default prefix string can be defined by platform by overriding the `plat_log_get_prefix()` platform API which is also introduced in this patch. The new log framework results in saving of some RO data. For example, when BL1 is built for FVP with LOG_LEVEL=LOG_LEVEL_VERBOSE, resulted in saving 384 bytes of RO data and increase of 8 bytes of RW data. The framework also adds about 108 bytes of code to the release build of FVP. Fixes ARM-software/tf-issues#462 Change-Id: I476013d9c3deedfdd4c8b0b0f125665ba6250554 Co-authored-by: Eleanor Bonnici <Eleanor.bonnici@arm.com> Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 03 May, 2017 1 commit
-
-
dp-arm authored
To make software license auditing simpler, use SPDX[0] license identifiers instead of duplicating the license text in every file. NOTE: Files that have been imported by FreeBSD have not been modified. [0]: https://spdx.org/ Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 31 Mar, 2017 2 commits
-
-
Douglas Raillard authored
Introduce new build option ENABLE_STACK_PROTECTOR. It enables compilation of all BL images with one of the GCC -fstack-protector-* options. A new platform function plat_get_stack_protector_canary() is introduced. It returns a value that is used to initialize the canary for stack corruption detection. Returning a random value will prevent an attacker from predicting the value and greatly increase the effectiveness of the protection. A message is printed at the ERROR level when a stack corruption is detected. To be effective, the global data must be stored at an address lower than the base of the stacks. Failure to do so would allow an attacker to overwrite the canary as part of an attack which would void the protection. FVP implementation of plat_get_stack_protector_canary is weak as there is no real source of entropy on the FVP. It therefore relies on a timer's value, which could be predictable. Change-Id: Icaaee96392733b721fa7c86a81d03660d3c1bc06 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
Antonio Nino Diaz authored
This API makes sure that all the characters sent to the crash console are output before returning from it. Porting guide updated. Change-Id: I1785f970a40f6aacfbe592b6a911b1f249bb2735 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 13 Feb, 2017 1 commit
-
-
dp-arm authored
This patch introduces the following three platform interfaces: * void plat_psci_stat_accounting_start(const psci_power_state_t *state_info) This is an optional hook that platforms can implement in order to perform accounting before entering a low power state. This typically involves capturing a timestamp. * void plat_psci_stat_accounting_stop(const psci_power_state_t *state_info) This is an optional hook that platforms can implement in order to perform accounting after exiting from a low power state. This typically involves capturing a timestamp. * u_register_t plat_psci_stat_get_residency(unsigned int lvl, const psci_power_state_t *state_info, unsigned int last_cpu_index) This is an optional hook that platforms can implement in order to calculate the PSCI stat residency. If any of these interfaces are overridden by the platform, it is recommended that all of them are. By default `ENABLE_PSCI_STAT` is disabled. If `ENABLE_PSCI_STAT` is set but `ENABLE_PMF` is not set then an alternative PSCI stat collection backend must be provided. If both are set, then default weak definitions of these functions are provided, using PMF to calculate the residency. NOTE: Previously, platforms did not have to explicitly set `ENABLE_PMF` since this was automatically done by the top-level Makefile. Change-Id: I17b47804dea68c77bc284df15ee1ccd66bc4b79b Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 15 Dec, 2016 1 commit
-
-
dp-arm authored
The previous code required that a certificate be signed with the ROT key before the platform's NV counter could be updated with the value in the certificate. This implies that the Non-Trusted NV counter was not being updated for Non-Trusted content certificates, as they cannot be signed with the ROT key in the TBBR CoT scheme. The code is reworked to only allow updating the platform's Trusted NV counter when a certificate protected by the Trusted NV counter is signed with the ROT key. Content certificates protected by the Non-Trusted NV counter are allowed to update the platform's Non-Trusted NV counter, assuming that the certificate value is higher than the platform's value. A new optional platform API has been introduced, named plat_set_nv_ctr2(). Platforms may choose to implement it and perform additional checks based on the authentication image descriptor before modifying the NV counters. A default weak implementation is available that just calls into plat_set_nv_ctr(). Fixes ARM-software/tf-issues#426 Change-Id: I4fc978fd28a3007bc0cef972ff1f69ad0413b79c Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 21 Sep, 2016 1 commit
-
-
Yatharth Kochar authored
This patch adds common changes to support AArch32 state in BL1 and BL2. Following are the changes: * Added functions for disabling MMU from Secure state. * Added AArch32 specific SMC function. * Added semihosting support. * Added reporting of unhandled exceptions. * Added uniprocessor stack support. * Added `el3_entrypoint_common` macro that can be shared by BL1 and BL32 (SP_MIN) BL stages. The `el3_entrypoint_common` is similar to the AArch64 counterpart with the main difference in the assembly instructions and the registers that are relevant to AArch32 execution state. * Enabled `LOAD_IMAGE_V2` flag in Makefile for `ARCH=aarch32` and added check to make sure that platform has not overridden to disable it. Change-Id: I33c6d8dfefb2e5d142fdfd06a0f4a7332962e1a3
-
- 20 Sep, 2016 1 commit
-
-
Yatharth Kochar authored
This patch adds capability to load BL images based on image descriptors instead of hard coded way of loading BL images. This framework is designed such that it can be readily adapted by any BL stage that needs to load images. In order to provide the above capability the following new platform functions are introduced: bl_load_info_t *plat_get_bl_image_load_info(void); This function returns pointer to the list of images that the platform has populated to load. bl_params_t *plat_get_next_bl_params(void); This function returns a pointer to the shared memory that the platform has kept aside to pass trusted firmware related information that next BL image needs. void plat_flush_next_bl_params(void); This function flushes to main memory all the params that are passed to next image. int bl2_plat_handle_post_image_load(unsigned int image_id) This function can be used by the platforms to update/use image information for given `image_id`. `desc_image_load.c` contains utility functions which can be used by the platforms to generate, load and executable, image list based on the registered image descriptors. This patch also adds new version of `load_image/load_auth_image` functions in-order to achieve the above capability. Following are the changes for the new version as compared to old: - Refactor the signature and only keep image_id and image_info_t arguments. Removed image_base argument as it is already passed through image_info_t. Given that the BL image base addresses and limit/size are already provided by the platforms, the meminfo_t and entry_point_info arguments are not needed to provide/reserve the extent of free memory for the given BL image. - Added check for the image size against the defined max size. This is needed because the image size could come from an unauthenticated source (e.g. the FIP header). To make this check, new member is added to the image_info_t struct for identifying the image maximum size. New flag `LOAD_IMAGE_V2` is added in the Makefile. Default value is 0. NOTE: `TRUSTED_BOARD_BOOT` is currently not supported when `LOAD_IMAGE_V2` is enabled. Change-Id: Ia7b643f4817a170d5a2fbf479b9bc12e63112e79
-
- 18 Jul, 2016 1 commit
-
-
Soby Mathew authored
This patch reworks type usage in generic code, drivers and ARM platform files to make it more portable. The major changes done with respect to type usage are as listed below: * Use uintptr_t for storing address instead of uint64_t or unsigned long. * Review usage of unsigned long as it can no longer be assumed to be 64 bit. * Use u_register_t for register values whose width varies depending on whether AArch64 or AArch32. * Use generic C types where-ever possible. In addition to the above changes, this patch also modifies format specifiers in print invocations so that they are AArch64/AArch32 agnostic. Only files related to upcoming feature development have been reworked. Change-Id: I9f8c78347c5a52ba7027ff389791f1dad63ee5f8
-
- 03 Jun, 2016 1 commit
-
-
Soby Mathew authored
A production ROM with TBB enabled must have the ability to boot test software before a real ROTPK is deployed (e.g. manufacturing mode). Previously the function plat_get_rotpk_info() must return a valid ROTPK for TBB to succeed. This patch adds an additional bit `ROTPK_NOT_DEPLOYED` in the output `flags` parameter from plat_get_rotpk_info(). If this bit is set, then the ROTPK in certificate is used without verifying against the platform value. Fixes ARM-software/tf-issues#381 Change-Id: Icbbffab6bff8ed76b72431ee21337f550d8fdbbb
-
- 20 May, 2016 1 commit
-
-
Antonio Nino Diaz authored
Added plat_get_syscnt_freq2, which is a 32 bit variant of the 64 bit plat_get_syscnt_freq. The old one has been flagged as deprecated. Common code has been updated to use this new version. Porting guide has been updated. Change-Id: I9e913544926c418970972bfe7d81ee88b4da837e
-
- 21 Apr, 2016 1 commit
-
-
Yatharth Kochar authored
This patch moves the definition for `plat_get_syscnt_freq()` from arm_bl31_setup.c to arm_common.c. This could be useful in case a delay timer needs to be installed based on the generic timer in other BLs. This patch also modifies the return type for this function from `uint64_t` to `unsigned long long` within ARM and other platform files. Change-Id: Iccdfa811948e660d4fdcaae60ad1d700e4eda80d
-
- 01 Apr, 2016 1 commit
-
-
Soby Mathew authored
This patch modifies the return type of the platform API `plat_get_ns_image_entrypoint()` from `unsigned long` to `uintptr_t` in accordance with the coding guidelines. Change-Id: Icb4510ca98b706aa4d535fe27e203394184fb4ca
-
- 31 Mar, 2016 1 commit
-
-
Juan Castillo authored
This patch adds support for non-volatile counter authentication to the Authentication Module. This method consists of matching the counter values provided in the certificates with the ones stored in the platform. If the value from the certificate is lower than the platform, the boot process is aborted. This mechanism protects the system against rollback. The TBBR CoT has been updated to include this method as part of the authentication process. Two counters are used: one for the trusted world images and another for the non trusted world images. ** NEW PLATFORM APIs (mandatory when TBB is enabled) ** int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr); This API returns the non-volatile counter value stored in the platform. The cookie in the first argument may be used to select the counter in case the platform provides more than one (i.e. TBSA compliant platforms must provide trusted and non-trusted counters). This cookie is specified in the CoT. int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr); This API sets a new counter value. The cookie may be used to select the counter to be updated. An implementation of these new APIs for ARM platforms is also provided. The values are obtained from the Trusted Non-Volatile Counters peripheral. The cookie is used to pass the extension OID. This OID may be interpreted by the platform to know which counter must return. On Juno, The trusted and non-trusted counter values have been tied to 31 and 223, respectively, and cannot be modified. ** IMPORTANT ** THIS PATCH BREAKS THE BUILD WHEN TRUSTED_BOARD_BOOT IS ENABLED. THE NEW PLATFORM APIs INTRODUCED IN THIS PATCH MUST BE IMPLEMENTED IN ORDER TO SUCCESSFULLY BUILD TF. Change-Id: Ic943b76b25f2a37f490eaaab6d87b4a8b3cbc89a
-
- 14 Mar, 2016 1 commit
-
-
Antonio Nino Diaz authored
Added a new platform porting function plat_panic_handler, to allow platforms to handle unexpected error situations. It must be implemented in assembly as it may be called before the C environment is initialized. A default implementation is provided, which simply spins. Corrected all dead loops in generic code to call this function instead. This includes the dead loop that occurs at the end of the call to panic(). All unnecesary wfis from bl32/tsp/aarch64/tsp_exceptions.S have been removed. Change-Id: I67cb85f6112fa8e77bd62f5718efcef4173d8134
-
- 14 Jan, 2016 1 commit
-
-
Soren Brinkmann authored
Use the new __deprecated macro from the generic cdefs header and remove the deprecated __warn_deprecated. Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
-
- 15 Dec, 2015 1 commit
-
-
Dan Handley authored
The current FWU_SMC_UPDATE_DONE implementation incorrectly passes an unused framework cookie through to the 1st argument in the platform function `bl1_plat_fwu_done`. The intent is to allow the SMC caller to pass a cookie through to this function. This patch fixes FWU_SMC_UPDATE_DONE to pass x1 from the caller through to `bl1_plat_fwu_done`. The argument names are updated for clarity. Upstream platforms currently do not use this argument so no impact is expected. Change-Id: I107f4b51eb03e7394f66d9a534ffab1cbc09a9b2
-
- 14 Dec, 2015 2 commits
-
-
Juan Castillo authored
This patch removes the dash character from the image name, to follow the image terminology in the Trusted Firmware Wiki page: https://github.com/ARM-software/arm-trusted-firmware/wiki Changes apply to output messages, comments and documentation. non-ARM platform files have been left unmodified. Change-Id: Ic2a99be4ed929d52afbeb27ac765ceffce46ed76
-
Juan Castillo authored
This patch replaces all references to the SCP Firmware (BL0, BL30, BL3-0, bl30) with the image terminology detailed in the TF wiki (https://github.com/ARM-software/arm-trusted-firmware/wiki): BL0 --> SCP_BL1 BL30, BL3-0 --> SCP_BL2 bl30 --> scp_bl2 This change affects code, documentation, build system, tools and platform ports that load SCP firmware. ARM plaforms have been updated to the new porting API. IMPORTANT: build option to specify the SCP FW image has changed: BL30 --> SCP_BL2 IMPORTANT: This patch breaks compatibility for platforms that use BL2 to load SCP firmware. Affected platforms must be updated as follows: BL30_IMAGE_ID --> SCP_BL2_IMAGE_ID BL30_BASE --> SCP_BL2_BASE bl2_plat_get_bl30_meminfo() --> bl2_plat_get_scp_bl2_meminfo() bl2_plat_handle_bl30() --> bl2_plat_handle_scp_bl2() Change-Id: I24c4c1a4f0e4b9f17c9e4929da815c4069549e58
-
- 09 Dec, 2015 4 commits
-
-
Yatharth Kochar authored
The Firmware Update (FWU) feature needs support for an optional secure world image, BL2U, to allow additional secure world initialization required by FWU, for example DDR initialization. This patch adds generic framework support to create BL2U. NOTE: A platform makefile must supply additional `BL2U_SOURCES` to build the bl2u target. A subsequent patch adds bl2u support for ARM platforms. Change-Id: If2ce036199bb40b39b7f91a9332106bcd4e25413
-
Yatharth Kochar authored
Firmware update(a.k.a FWU) feature is part of the TBB architecture. BL1 is responsible for carrying out the FWU process if platform specific code detects that it is needed. This patch adds support for FWU feature support in BL1 which is included by enabling `TRUSTED_BOARD_BOOT` compile time flag. This patch adds bl1_fwu.c which contains all the core operations of FWU, which are; SMC handler, image copy, authentication, execution and resumption. It also adds bl1.h introducing #defines for all BL1 SMCs. Following platform porting functions are introduced: int bl1_plat_mem_check(uintptr_t mem_base, unsigned int mem_size, unsigned int flags); This function can be used to add platform specific memory checks for the provided base/size for the given security state. The weak definition will invoke `assert()` and return -ENOMEM. __dead2 void bl1_plat_fwu_done(void *cookie, void *reserved); This function can be used to initiate platform specific procedure to mark completion of the FWU process. The weak definition waits forever calling `wfi()`. plat_bl1_common.c contains weak definitions for above functions. FWU process starts when platform detects it and return the image_id other than BL2_IMAGE_ID by using `bl1_plat_get_next_image_id()` in `bl1_main()`. NOTE: User MUST provide platform specific real definition for bl1_plat_mem_check() in order to use it for Firmware update. Change-Id: Ice189a0885d9722d9e1dd03f76cac1aceb0e25ed
-
Yatharth Kochar authored
As of now BL1 loads and execute BL2 based on hard coded information provided in BL1. But due to addition of support for upcoming Firmware Update feature, BL1 now require more flexible approach to load and run different images using information provided by the platform. This patch adds new mechanism to load and execute images based on platform provided image id's. BL1 now queries the platform to fetch the image id of the next image to be loaded and executed. In order to achieve this, a new struct image_desc_t was added which holds the information about images, such as: ep_info and image_info. This patch introduces following platform porting functions: unsigned int bl1_plat_get_next_image_id(void); This is used to identify the next image to be loaded and executed by BL1. struct image_desc *bl1_plat_get_image_desc(unsigned int image_id); This is used to retrieve the image_desc for given image_id. void bl1_plat_set_ep_info(unsigned int image_id, struct entry_point_info *ep_info); This function allows platforms to update ep_info for given image_id. The plat_bl1_common.c file provides default weak implementations of all above functions, the `bl1_plat_get_image_desc()` always return BL2 image descriptor, the `bl1_plat_get_next_image_id()` always return BL2 image ID and `bl1_plat_set_ep_info()` is empty and just returns. These functions gets compiled into all BL1 platforms by default. Platform setup in BL1, using `bl1_platform_setup()`, is now done _after_ the initialization of authentication module. This change provides the opportunity to use authentication while doing the platform setup in BL1. In order to store secure/non-secure context, BL31 uses percpu_data[] to store context pointer for each core. In case of BL1 only the primary CPU will be active hence percpu_data[] is not required to store the context pointer. This patch introduce bl1_cpu_context[] and bl1_cpu_context_ptr[] to store the context and context pointers respectively. It also also re-defines cm_get_context() and cm_set_context() for BL1 in bl1/bl1_context_mgmt.c. BL1 now follows the BL31 pattern of using SP_EL0 for the C runtime environment, to support resuming execution from a previously saved context. NOTE: THE `bl1_plat_set_bl2_ep_info()` PLATFORM PORTING FUNCTION IS NO LONGER CALLED BY BL1 COMMON CODE. PLATFORMS THAT OVERRIDE THIS FUNCTION MAY NEED TO IMPLEMENT `bl1_plat_set_ep_info()` INSTEAD TO MAINTAIN EXISTING BEHAVIOUR. Change-Id: Ieee4c124b951c2e9bc1c1013fa2073221195d881
-
Soby Mathew authored
It is not ideal for BL31 to continue to use boot console at runtime which could be potentially uninitialized. This patch introduces a new optional platform porting API `bl31_plat_runtime_setup()` which allows the platform to perform any BL31 runtime setup just prior to BL31 exit during cold boot. The default weak implementation of this function will invoke `console_uninit()` which will suppress any BL31 runtime logs. On the ARM Standard platforms, there is an anomaly that the boot console will be reinitialized on resumption from system suspend in `arm_system_pwr_domain_resume()`. This will be resolved in the following patch. NOTE: The default weak definition of `bl31_plat_runtime_setup()` disables the BL31 console. To print the BL31 runtime messages, platforms must override this API and initialize a runtime console. Fixes ARM-software/tf-issues#328 Change-Id: Ibaf8346fcceb447fe1a5674094c9f8eb4c09ac4a
-
- 28 Oct, 2015 1 commit
-
-
Juan Castillo authored
This patch adds an optional API to the platform port: void plat_error_handler(int err) __dead2; The platform error handler is called when there is a specific error condition after which Trusted Firmware cannot continue. While panic() simply prints the crash report (if enabled) and spins, the platform error handler can be used to hand control over to the platform port so it can perform specific bookeeping or post-error actions (for example, reset the system). This function must not return. The parameter indicates the type of error using standard codes from errno.h. Possible errors reported by the generic code are: -EAUTH : a certificate or image could not be authenticated (when Trusted Board Boot is enabled) -ENOENT : the requested image or certificate could not be found or an IO error was detected -ENOMEM : resources exhausted. Trusted Firmware does not use dynamic memory, so this error is usually an indication of an incorrect array size A default weak implementation of this function has been provided. It simply implements an infinite loop. Change-Id: Iffaf9eee82d037da6caa43b3aed51df555e597a3
-
- 13 Aug, 2015 2 commits
-
-
Soby Mathew authored
This patch defines deprecated platform APIs to enable Trusted Firmware components like Secure Payload and their dispatchers(SPD) to continue to build and run when platform compatibility is disabled. This decouples the migration of platform ports to the new platform API from SPD and enables them to be migrated independently. The deprecated platform APIs defined in this patch are : platform_get_core_pos(), platform_get_stack() and platform_set_stack(). The patch also deprecates MPIDR based context management helpers like cm_get_context_by_mpidr(), cm_set_context_by_mpidr() and cm_init_context(). A mechanism to deprecate APIs and identify callers of these APIs during build is introduced, which is controlled by the build flag WARN_DEPRECATED. If WARN_DEPRECATED is defined to 1, the users of the deprecated APIs will be flagged either as a link error for assembly files or compile time warning for C files during build. Change-Id: Ib72c7d5dc956e1a74d2294a939205b200f055613
-
Soby Mathew authored
This commit does the switch to the new PSCI framework implementation replacing the existing files in PSCI folder with the ones in PSCI1.0 folder. The corresponding makefiles are modified as required for the new implementation. The platform.h header file is also is switched to the new one as required by the new frameworks. The build flag ENABLE_PLAT_COMPAT defaults to 1 to enable compatibility layer which let the existing platform ports to continue to build and run with minimal changes. The default weak implementation of platform_get_core_pos() is now removed from platform_helpers.S and is provided by the compatibility layer. Note: The Secure Payloads and their dispatchers still use the old platform and framework APIs and hence it is expected that the ENABLE_PLAT_COMPAT build flag will remain enabled in subsequent patch. The compatibility for SPDs using the older APIs on platforms migrated to the new APIs will be added in the following patch. Change-Id: I18c51b3a085b564aa05fdd98d11c9f3335712719
-
- 25 Jun, 2015 2 commits
-
-
Juan Castillo authored
The authentication framework deprecates plat_match_rotpk() in favour of plat_get_rotpk_info(). This patch removes plat_match_rotpk() from the platform port. Change-Id: I2250463923d3ef15496f9c39678b01ee4b33883b
-
Juan Castillo authored
This patch extends the platform port by adding an API that returns either the Root of Trust public key (ROTPK) or its hash. This is usually stored in ROM or eFUSE memory. The ROTPK returned must be encoded in DER format according to the following ASN.1 structure: SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING } In case the platform returns a hash of the key: DigestInfo ::= SEQUENCE { digestAlgorithm AlgorithmIdentifier, keyDigest OCTET STRING } An implementation for ARM development platforms is provided in this patch. When TBB is enabled, the ROTPK hash location must be specified using the build option 'ARM_ROTPK_LOCATION'. Available options are: - 'regs' : return the ROTPK hash stored in the Trusted root-key storage registers. - 'devel_rsa' : return a ROTPK hash embedded in the BL1 and BL2 binaries. This hash has been obtained from the development RSA public key located in 'plat/arm/board/common/rotpk'. On FVP, the number of MMU tables has been increased to map and access the ROTPK registers. A new file 'board_common.mk' has been added to improve code sharing in the ARM develelopment platforms. Change-Id: Ib25862e5507d1438da10773e62bd338da8f360bf
-