- 13 Aug, 2015 2 commits
-
-
Soby Mathew authored
This patch defines deprecated platform APIs to enable Trusted Firmware components like Secure Payload and their dispatchers(SPD) to continue to build and run when platform compatibility is disabled. This decouples the migration of platform ports to the new platform API from SPD and enables them to be migrated independently. The deprecated platform APIs defined in this patch are : platform_get_core_pos(), platform_get_stack() and platform_set_stack(). The patch also deprecates MPIDR based context management helpers like cm_get_context_by_mpidr(), cm_set_context_by_mpidr() and cm_init_context(). A mechanism to deprecate APIs and identify callers of these APIs during build is introduced, which is controlled by the build flag WARN_DEPRECATED. If WARN_DEPRECATED is defined to 1, the users of the deprecated APIs will be flagged either as a link error for assembly files or compile time warning for C files during build. Change-Id: Ib72c7d5dc956e1a74d2294a939205b200f055613
-
Soby Mathew authored
The state-id field in the power-state parameter of a CPU_SUSPEND call can be used to describe composite power states specific to a platform. The current PSCI implementation does not interpret the state-id field. It relies on the target power level and the state type fields in the power-state parameter to perform state coordination and power management operations. The framework introduced in this patch allows the PSCI implementation to intepret generic global states like RUN, RETENTION or OFF from the State-ID to make global state coordination decisions and reduce the complexity of platform ports. It adds support to involve the platform in state coordination which facilitates the use of composite power states and improves the support for entering standby states at multiple power domains. The patch also includes support for extended state-id format for the power state parameter as specified by PSCIv1.0. The PSCI implementation now defines a generic representation of the power-state parameter. It depends on the platform port to convert the power-state parameter (possibly encoding a composite power state) passed in a CPU_SUSPEND call to this representation via the `validate_power_state()` plat_psci_ops handler. It is an array where each index corresponds to a power level. Each entry contains the local power state the power domain at that power level could enter. The meaning of the local power state values is platform defined, and may vary between levels in a single platform. The PSCI implementation constrains the values only so that it can classify the state as RUN, RETENTION or OFF as required by the specification: * zero means RUN * all OFF state values at all levels must be higher than all RETENTION state values at all levels * the platform provides PLAT_MAX_RET_STATE and PLAT_MAX_OFF_STATE values to the framework The platform also must define the macros PLAT_MAX_RET_STATE and PLAT_MAX_OFF_STATE which lets the PSCI implementation find out which power domains have been requested to enter a retention or power down state. The PSCI implementation does not interpret the local power states defined by the platform. The only constraint is that the PLAT_MAX_RET_STATE < PLAT_MAX_OFF_STATE. For a power domain tree, the generic implementation maintains an array of local power states. These are the states requested for each power domain by all the cores contained within the domain. During a request to place multiple power domains in a low power state, the platform is passed an array of requested power-states for each power domain through the plat_get_target_pwr_state() API. It coordinates amongst these states to determine a target local power state for the power domain. A default weak implementation of this API is provided in the platform layer which returns the minimum of the requested power-states back to the PSCI state coordination. Finally, the plat_psci_ops power management handlers are passed the target local power states for each affected power domain using the generic representation described above. The platform executes operations specific to these target states. The platform power management handler for placing a power domain in a standby state (plat_pm_ops_t.pwr_domain_standby()) is now only used as a fast path for placing a core power domain into a standby or retention state should now be used to only place the core power domain in a standby or retention state. The extended state-id power state format can be enabled by setting the build flag PSCI_EXTENDED_STATE_ID=1 and it is disabled by default. Change-Id: I9d4123d97e179529802c1f589baaa4101759d80c
-
- 15 Jul, 2015 1 commit
-
-
Sandrine Bailleux authored
Linaro produce monthly software releases for the Juno and AEMv8-FVP platforms. These provide an integrated set of software components that have been tested together on these platforms. From now on, it is recommend that Trusted Firmware developers use the Linaro releases (currently 15.06) as a baseline for the dependent software components: normal world firmware, Linux kernel and device tree, file system as well as any additional micro-controller firmware required by the platform. This patch updates the user guide to document this new process. It changes the instructions to get the source code of the full software stack (including Trusted Firmware) and updates the dependency build instructions to make use of the build scripts that the Linaro releases provide. Change-Id: Ia8bd043f4b74f1e1b10ef0d12cc8a56ed3c92b6e
-
- 25 Jun, 2015 4 commits
-
-
Juan Castillo authored
This patch updates the user guide, adding instructions to build the Trusted Firmware with Trusted Board Support using the new framework. It also provides documentation about the framework itself, including a detailed section about the TBBR implementation using the framework. Change-Id: I0849fce9c5294cd4f52981e7a8423007ac348ec6
-
Juan Castillo authored
This patch modifies the Trusted Board Boot implementation to use the new authentication framework, making use of the authentication module, the cryto module and the image parser module to authenticate the images in the Chain of Trust. A new function 'load_auth_image()' has been implemented. When TBB is enabled, this function will call the authentication module to authenticate parent images following the CoT up to the root of trust to finally load and authenticate the requested image. The platform is responsible for picking up the right makefiles to build the corresponding cryptographic and image parser libraries. ARM platforms use the mbedTLS based libraries. The platform may also specify what key algorithm should be used to sign the certificates. This is done by declaring the 'KEY_ALG' variable in the platform makefile. FVP and Juno use ECDSA keys. On ARM platforms, BL2 and BL1-RW regions have been increased 4KB each to accommodate the ECDSA code. REMOVED BUILD OPTIONS: * 'AUTH_MOD' Change-Id: I47d436589fc213a39edf5f5297bbd955f15ae867
-
Juan Castillo authored
This patch extends the platform port by adding an API that returns either the Root of Trust public key (ROTPK) or its hash. This is usually stored in ROM or eFUSE memory. The ROTPK returned must be encoded in DER format according to the following ASN.1 structure: SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING } In case the platform returns a hash of the key: DigestInfo ::= SEQUENCE { digestAlgorithm AlgorithmIdentifier, keyDigest OCTET STRING } An implementation for ARM development platforms is provided in this patch. When TBB is enabled, the ROTPK hash location must be specified using the build option 'ARM_ROTPK_LOCATION'. Available options are: - 'regs' : return the ROTPK hash stored in the Trusted root-key storage registers. - 'devel_rsa' : return a ROTPK hash embedded in the BL1 and BL2 binaries. This hash has been obtained from the development RSA public key located in 'plat/arm/board/common/rotpk'. On FVP, the number of MMU tables has been increased to map and access the ROTPK registers. A new file 'board_common.mk' has been added to improve code sharing in the ARM develelopment platforms. Change-Id: Ib25862e5507d1438da10773e62bd338da8f360bf
-
Juan Castillo authored
This patch adds a boolean build option 'SAVE_KEYS' to indicate the certificate generation tool that it must save the private keys used to establish the chain of trust. This option depends on 'CREATE_KEYS' to be enabled. Default is '0' (do not save). Because the same filenames are used as outputs to save the keys, they are no longer a dependency to the cert_tool. This dependency has been removed from the Makefile. Documentation updated accordingly. Change-Id: I67ab1c2b1f8a25793f0de95e8620ce7596a6bc3b
-
- 08 Jun, 2015 1 commit
-
-
Juan Castillo authored
The 'ARM_TSP_RAM_LOCATION_ID' option specified in the user guide corresponds to the internal definition not visible to the final user. The proper build option is 'ARM_TSP_RAM_LOCATION'. This patch fixes it. Fixes ARM-software/tf-issues#308 Change-Id: Ica8cb72c0c5e8b3503f60b5357d16698e869b1bd
-
- 04 Jun, 2015 1 commit
-
-
Sandrine Bailleux authored
This patch introduces a new platform build option, called PROGRAMMABLE_RESET_ADDRESS, which tells whether the platform has a programmable or fixed reset vector address. If the reset vector address is fixed then the code relies on the platform_get_entrypoint() mailbox mechanism to figure out where it is supposed to jump. On the other hand, if it is programmable then it is assumed that the platform code will program directly the right address into the RVBAR register (instead of using the mailbox redirection) so the mailbox is ignored in this case. Change-Id: If59c3b11fb1f692976e1d8b96c7e2da0ebfba308
-
- 29 Apr, 2015 1 commit
-
-
Sandrine Bailleux authored
Move up the version numbers in the user guide of: * DS-5 (to v5.21) * EDK2 (to v3.0) * Linux Kernel (to 1.6-Juno) * Linaro file-system (to 15.03) * Juno SCP binary (to v1.7.0 within board recovery image 0.11.3). Change-Id: Ieb09e633acc2b33823ddf35f77f44e7da60b99ba
-
- 28 Apr, 2015 2 commits
-
-
Sandrine Bailleux authored
There has been a breaking change in the communication protocols used between the AP cores and the SCP on CSS based platforms like Juno. This means both the AP Trusted Firmware and SCP firmware must be updated at the same time. In case the user forgets to update the SCP ROM firmware, this patch detects when it still uses the previous version of the communication protocol. It will then output a comprehensive error message that helps trouble-shoot the issue. Change-Id: I7baf8f05ec0b7d8df25e0ee53df61fe7be0207c2
-
Dan Handley authored
Update the User Guide, Porting Guide and Firmware Design documents to align them with the recent changes made to the FVP and Juno platform ports. Also fix some other historical inaccuracies. Change-Id: I37aba4805f9044b1a047996d3e396c75f4a09176
-
- 16 Mar, 2015 1 commit
-
-
Vikram Kanigiri authored
Even though both CCI-400 and CCI-500 IPs have different configurations with respect to the number and types of supported interfaces, their register offsets and programming sequences are similar. This patch creates a common driver for enabling and disabling snoop transactions and DVMs with both the IPs. New platform ports which implement one of these IPs should use this common driver. Existing platform ports which implement CCI-400 should migrate to the common driver as the standalone CCI-400 will be deprecated in the future. Change-Id: I3ccd0eb7b062922d2e4a374ff8c21e79fa357556
-
- 10 Mar, 2015 1 commit
-
-
Sandrine Bailleux authored
The 'libssl-dev' package must be installed on the host to build the certificate generation tool. This patch adds it to the list of required tools in the User Guide. Change-Id: I018381fb14b7c2d2bd6f2b7929aaad0571f7eb2e
-
- 04 Feb, 2015 1 commit
-
-
Achin Gupta authored
The command line options specified in the User Guide to run the AEMv8 Base FVP with the legacy VE memory map apply only when the model is configured to use GIC v2.0. This patch adds the 'gicv3.gicv2-only=1' to the command line to ensure that the right version of GIC is used. Change-Id: I34c44e19fd42c29818b734ac8f6aa9bf97b4e891
-
- 03 Feb, 2015 1 commit
-
-
Achin Gupta authored
This patch updates the user-guide.md with the various build options related to Trusted Board Boot and steps to build a FIP image which includes this support. It also adds a trusted-board-boot.md which describes the scope and design of this feature. Change-Id: Ifb421268ebf7e06a135684c8ebb04c94835ce061
-
- 02 Feb, 2015 2 commits
-
-
Sandrine Bailleux authored
Move up the version numbers in the user guide of: * DS-5 (to v5.20) * EDK2 (to v2.1-rc0) * Linux Kernel (to 1.3-Juno) * Linaro file-system (to 14.12) * Juno SCP binary (to 1.5.0-rc0 within board recovery image 0.10.1). Also remove duplicate information that is available from the ARM Connected Community website. * Base FVP (to 6.2) * Foundation FVP (to 9.1). Also update the name of the Foundation FVP binary since it has changed since version 2.1. Co-Authored-By: Dan Handley <dan.handley@arm.com> Change-Id: I1cf2f2b1a3f1b997ac905a4ab440876d265698c0
-
Sandrine Bailleux authored
Change-Id: Iaf9d6305edc478d39cf1b37c8a70ccdf723e8ef9
-
- 26 Jan, 2015 2 commits
-
-
Soby Mathew authored
This patch provides an option to specify a interrupt routing model where non-secure interrupts (IRQs) are routed to EL3 instead of S-EL1. When such an interrupt occurs, the TSPD arranges a return to the normal world after saving any necessary context. The interrupt routing model to route IRQs to EL3 is enabled only during STD SMC processing. Thus the pre-emption of S-EL1 is disabled during Fast SMC and Secure Interrupt processing. A new build option TSPD_ROUTE_NS_INT_EL3 is introduced to change the non secure interrupt target execution level to EL3. Fixes ARM-software/tf-issues#225 Change-Id: Ia1e779fbbb6d627091e665c73fa6315637cfdd32
-
Juan Castillo authored
This patch allows the secure payload (BL3-2) to be loaded in the DRAM region secured by the TrustZone controller (top 16 MB of DRAM1). The location of BL3-2 can be selected at build time by setting the build flag FVP_TSP_RAM_LOCATION to one of the following options: - 'tsram' : Trusted SRAM (this is the default option) - 'tdram' : Trusted DRAM - 'dram' : Secure region in DRAM1 (top 16MB configured by the TrustZone controller) The number of MMU tables in BL3-2 depends on its location in memory: 3 in case it is loaded in DRAM, 2 otherwise. Documentation updated accordingly. Fixes ARM-software/tf-issues#212 Change-Id: I371eef3a4159f06a0c9e3c6c1f4c905b2f93803a
-
- 22 Jan, 2015 1 commit
-
-
Soby Mathew authored
This patch extends the build option `USE_COHERENT_MEMORY` to conditionally remove coherent memory from the memory maps of all boot loader stages. The patch also adds necessary documentation for coherent memory removal in firmware-design, porting and user guides. Fixes ARM-Software/tf-issues#106 Change-Id: I260e8768c6a5c2efc402f5804a80657d8ce38773
-
- 12 Jan, 2015 1 commit
-
-
Juan Castillo authored
Patch 20d51cad moved the shared data page from the top of the Trusted SRAM to the bottom, changing the load addresses of BL3-1 and BL3-2. This patch updates BL3-1 and BL3-2 addresses in the instructions to run the Trusted Firmware on FVP using BL3-1 as reset vector. This patch is similar to but distinct from bfb1dd51 and 7ea4c437. Change-Id: I6b467f9a82360a5e2181db99fea881487de52704
-
- 09 Jan, 2015 1 commit
-
-
Sandrine Bailleux authored
Previously, the User Guide recommended launching the Foundation FVP with the parameter --no-secure-memory, which disabled security control of the address map. This was due to missing support for secure memory regions in v1 of the Foundation FVP. This is no longer needed as secure memory is now supported on the Foundation FVP. This patch updates the User Guide to recommend enabling secure memory instead. Change-Id: Ifae53c10ff6e1c7c6724af20e05a3d3a88f6a5ad
-
- 07 Jan, 2015 1 commit
-
-
Joakim Bech authored
Fixes arm-software/tf-issues#276
-
- 06 Jan, 2015 1 commit
-
-
Juan Castillo authored
This patch allows to define the name of the FIP at build time by defining the FIP_NAME variable. If FIP_NAME is not defined, default name 'fip.bin' is used. Documentation updated accordingly. Change-Id: Ic41f42aac379b0c958b3dfd02863ba8ba7108710
-
- 22 Oct, 2014 1 commit
-
-
Juan Castillo authored
This patch deprecates the build option to relocate the shared data into Trusted DRAM in FVP. After this change, shared data is always located at the base of Trusted SRAM. This reduces the complexity of the memory map and the number of combinations in the build options. Fixes ARM-software/tf-issues#257 Change-Id: I68426472567b9d8c6d22d8884cb816f6b61bcbd3
-
- 14 Oct, 2014 1 commit
-
-
Juan Castillo authored
This patch configures the TrustZone Controller in Juno to split the 2GB DDR-DRAM memory at 0x80000000 into Secure and Non-Secure regions: - Secure DDR-DRAM: top 16 MB, except for the last 2 MB which are used by the SCP for DDR retraining - Non-Secure DDR-DRAM: remaining DRAM starting at base address Build option PLAT_TSP_LOCATION selects the location of the secure payload (BL3-2): - 'tsram' : Trusted SRAM (default option) - 'dram' : Secure region in the DDR-DRAM (set by the TrustZone controller) The MMU memory map has been updated to give BL2 permission to load BL3-2 into the DDR-DRAM secure region. Fixes ARM-software/tf-issues#233 Change-Id: I6843fc32ef90aadd3ea6ac4c7f314f8ecbd5d07b
-
- 16 Sep, 2014 1 commit
-
-
Soby Mathew authored
This patch adds support for supplying pre-built BL binaries for BL2, BL3-1 and BL3-2 during trusted firmware build. Specifying BLx = <path_to_BLx> in the build command line, where 'x' is any one of BL2, BL3-1 or BL3-2, will skip building that BL stage from source and include the specified binary in final fip image. This patch also makes BL3-3 binary for FIP optional depending on the value of 'NEED_BL33' flag which is defined by the platform. Fixes ARM-software/tf-issues#244 Fixes ARM-software/tf-issues#245 Change-Id: I3ebe1d4901f8b857e8bb51372290978a3323bfe7
-
- 28 Aug, 2014 1 commit
-
-
Dan Handley authored
* Fix broken link to SCP download. * Remove requirement to install `ia32-libs`. This package is no longer available in current versions of Ubuntu and is no longer required when using the Linaro toolchain. Change-Id: I9823d535a1d69136685754b7707b73e1eef0978d
-
- 27 Aug, 2014 3 commits
-
-
Sandrine Bailleux authored
This patch gathers miscellaneous minor fixes to the documentation, and comments in the source code. Change-Id: I631e3dda5abafa2d90f464edaee069a1e58b751b Co-Authored-By: Soby Mathew <soby.mathew@arm.com> Co-Authored-By: Dan Handley <dan.handley@arm.com>
-
Juan Castillo authored
This patch makes the Trusted Firmware build instructions in the user guide platform independent. FVP specific instructions have been grouped together under a new section dedicated to FVP. Juno specific instructions to build and run the Trusted Firmware, UEFI and Linux have been added. Change-Id: I9bfb1b9d732b1f73abbe29f68ac931e1773a4fd5
-
Dan Handley authored
Fix the instructions for resetting to the BL3-1 entrypoint in the user guide. The BL3-1 and BL3-2 image locations changed in the fix to ARM-software/tf-issues#100 (commit 186c1d4b). This is distinct from the similar issue fixed in commit bfb1dd51. Also clarify the dependence on the FVP_SHARED_DATA_LOCATION and FVP_TSP_RAM_LOCATION build options, and tidy up the "Notes regarding Base FVP configuration options" section. Change-Id: I6b03452a71f0c69efa169852712bcb184242696e
-
- 21 Aug, 2014 1 commit
-
-
Dan Handley authored
Move up the version numbers of the following Trusted Firmware dependencies in the user guide: * Foundation and Base FVPs (latest publically available versions). * EDK2 implementation. The guide now uses the latest version from https://github.com/ARM-software/edk2.git. This requires the `iasl` package to also be installed. * Linux kernel. The guide now uses the latest version from https://github.com/ARM-software/linux.git. * Linaro OpenEmbedded file system. * ARM Development Studio 5. Change-Id: I95bb863a61e47b9ef8be3d110f7087375ee78add
-
- 14 Aug, 2014 1 commit
-
-
Juan Castillo authored
This patch groups the current contents of the Trusted DRAM region at address 0x00_0600_0000 (entrypoint mailboxes and BL3-1 parameters) in a single shared memory area that may be allocated to Trusted SRAM (default) or Trusted DRAM at build time by setting the FVP_SHARED_DATA_LOCATION make variable. The size of this shared memory is 4096 bytes. The combination 'Shared data in Trusted SRAM + TSP in Trusted DRAM' is not currently supported due to restrictions in the maximum number of mmu tables that can be created. Documentation has been updated to reflect these changes. Fixes ARM-software/tf-issues#100 Change-Id: I26ff04d33ce4cacf8d770d1a1e24132b4fc53ff0
-
- 13 Aug, 2014 1 commit
-
-
Dan Handley authored
Fix the instructions for resetting to the BL3-1 entrypoint in the user guide. The BL3-1 and BL3-2 image locations changed in the fix to ARM-software/tf-issues#117 (commit a1b6db6c). Fixes ARM-software/tf-issues#237 Change-Id: I764eb17c66034511efb984c0e7cfda29bd99198f
-
- 12 Aug, 2014 2 commits
-
-
Dan Handley authored
Create new LOG_LEVEL build option, which controls the amount of console output compiled into the build. This should be one of the following: 0 (LOG_LEVEL_NONE) 10 (LOG_LEVEL_NOTICE) 20 (LOG_LEVEL_ERROR) 30 (LOG_LEVEL_WARNING) 40 (LOG_LEVEL_INFO) 50 (LOG_LEVEL_VERBOSE) All log output up to and including the log level is compiled into the build. The default value is 40 in debug builds and 20 in release builds. Complement the existing INFO, WARN and ERROR console output macros with NOTICE and VERBOSE macros, which are conditionally compiled in depending on the value of LOG_LEVEL. Fixes ARM-software/tf-issues#232 Change-Id: I951e2f333e7b90fc4b1060741d9a6db699d5aa72
-
Juan Castillo authored
Secure ROM at address 0x0000_0000 is defined as FVP_TRUSTED_ROM Secure RAM at address 0x0400_0000 is defined as FVP_TRUSTED_SRAM Secure RAM at address 0x0600_0000 is defined as FVP_TRUSTED_DRAM BLn_BASE and BLn_LIMIT definitions have been updated and are based on these new memory regions. The available memory for each bootloader in the linker script is defined by BLn_BASE and BLn_LIMIT, instead of the complete memory region. TZROM_BASE/SIZE and TZRAM_BASE/SIZE are no longer required as part of the platform porting. FVP common definitions are defined in fvp_def.h while platform_def.h contains exclusively (with a few exceptions) the definitions that are mandatory in the porting guide. Therefore, platform_def.h now includes fvp_def.h instead of the other way around. Porting guide has been updated to reflect these changes. Change-Id: I39a6088eb611fc4a347db0db4b8f1f0417dbab05
-
- 07 Aug, 2014 1 commit
-
-
Juan Castillo authored
Tests show a slight reduction in code size compared to 13.11. User guide updated. Fixes ARM-software/tf-issues#207 Change-Id: I9b80a5d7820cdfd443cac4d4b63f925b74a8c3a3
-
- 01 Aug, 2014 1 commit
-
-
Vikram Kanigiri authored
This patch adds support for BL3-2 initialization by asynchronous method where BL3-1 transfers control to BL3-2 using world switch. After BL3-2 initialization, it transfers control to BL3-3 via SPD service handler. The SPD service handler initializes the CPU context to BL3-3 entrypoint depending on the return function indentifier from TSP initialization. Fixes ARM-software/TF-issues#184 Change-Id: I7b135c2ceeb356d3bb5b6a287932e96ac67c7a34
-
- 28 Jul, 2014 1 commit
-
-
Soby Mathew authored
The patch implements a macro ASM_ASSERT() which can be invoked from assembly code. When assertion happens, file name and line number of the check is written to the crash console. Fixes ARM-software/tf-issues#95 Change-Id: I6f905a068e1c0fa4f746d723f18df60daaa00a86
-