- 22 Jun, 2017 1 commit
-
-
dp-arm authored
SPE is only supported in non-secure state. Accesses to SPE specific registers from SEL1 will trap to EL3. During a world switch, before `TTBR` is modified the SPE profiling buffers are drained. This is to avoid a potential invalid memory access in SEL1. SPE is architecturally specified only for AArch64. Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 21 Jun, 2017 1 commit
-
-
David Cunado authored
This patch updates the el3_arch_init_common macro so that it fully initialises essential control registers rather then relying on hardware to set the reset values. The context management functions are also updated to fully initialise the appropriate control registers when initialising the non-secure and secure context structures and when preparing to leave EL3 for a lower EL. This gives better alignement with the ARM ARM which states that software must initialise RES0 and RES1 fields with 0 / 1. This patch also corrects the following typos: "NASCR definitions" -> "NSACR definitions" Change-Id: Ia8940b8351dc27bc09e2138b011e249655041cfc Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 12 Jun, 2017 2 commits
-
-
Masahiro Yamada authored
Add TSP to test BL32 without relying on external projects. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
Initial commit for Socionext UniPhier SoC support. BL1, Bl2, and BL31 are supported. Refer to docs/plat/socionext-uniphier.md for more detais. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 07 Jun, 2017 1 commit
-
-
Haojian Zhuang authored
Add document on HiKey960 platform and how to build. Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
-
- 05 Jun, 2017 1 commit
-
-
Soby Mathew authored
This patch adds the SCMI driver for communicating with SCP. The power domain management and system power management protocol of the SCMI specification[1] is implemented in the driver. The SCP power management abstraction layer for SCMI for CSS power management is also added. A new buid option `CSS_USE_SCMI_DRIVER` is introduced to select SCMI driver over SCPI. [1] ARM System Control and Management Interface v1.0 (SCMI) Document number: ARM DEN 0056A Change-Id: I67265615a17e679a2afe810b9b0043711ba09dbb Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 02 Jun, 2017 1 commit
-
-
Summer Qin authored
Change-Id: Ic0a9b3c6d212e7171b37f944e11f079282dcce87 Signed-off-by: Summer Qin <summer.qin@arm.com>
-
- 01 Jun, 2017 4 commits
-
-
Antonio Nino Diaz authored
This SMC is as a means for the image loading state machine to go from COPYING, COPIED or AUTHENTICATED states to RESET state. Previously, this was only done when the authentication of an image failed or when the execution of the image finished. Documentation updated. Change-Id: Ida6d4c65017f83ae5e27465ec36f54499c6534d9 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Added checks to FWU_SMC_IMAGE_COPY to prevent loading data into a memory region where another image data is already loaded. Without this check, if two images are configured to be loaded in overlapping memory regions, one of them can be loaded and authenticated and the copy function is still able to load data from the second image on top of the first one. Since the first image is still in authenticated state, it can be executed, which could lead to the execution of unauthenticated arbitrary code of the second image. Firmware update documentation updated. Change-Id: Ib6871e569794c8e610a5ea59fe162ff5dcec526c Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
It doesn't make sense to use the `-pedantic` flag when building the Trusted Firmware as we use GNU extensions and so our code is not fully ISO C compliant. This flag only makes sense if the code intends to be ISO C compliant. Change-Id: I6273564112759ff57f03b273f5349733a5f38aef Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Jeenu Viswambharan authored
ARM GIC-600 IP complies with ARM GICv3 architecture, but among others, implements a power control register in the Redistributor frame. This register must be programmed to mark the frame as powered on, before accessing other registers in the frame. Rest of initialization sequence remains the same. The driver provides APIs for Redistributor power management, and overrides those in the generic GICv3 driver. The driver data is shared between generic GICv3 driver and that of GIC-600. For FVP platform, the GIC-600 driver is chosen when FVP_USE_GIC_DRIVER is set to FVP_GIC600. Also update user guide. Change-Id: I321b2360728d69f6d4b0a747b2cfcc3fe5a20d67 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 24 May, 2017 3 commits
-
-
Haojian Zhuang authored
Add the description on hikey and how to build. Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
-
dp-arm authored
Change-Id: I92fd2fb920fcfc31bfcdadae787d8c84c5ca463b Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
Antonio Nino Diaz authored
This options enables an implementation of SHA-256 that has a smaller code footprint (~1.6 KB less) but is also ~30% slower. For ARM platforms, code size is currently considered more important than execution speed in the mbed TLS crypto module. Added a small note about this option to the documentation of the authentication framework. Change-Id: I4c0b221ea5d3466465261316ba07b627fa01b233 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 23 May, 2017 1 commit
-
-
Masahiro Yamada authored
Platforms aligned with TBBR are supposed to use their own OIDs, but defining the same macros with different OIDs does not provide any value (at least technically). For easier use of TBBR, this commit allows platforms to reuse the OIDs obtained by ARM Ltd. This will be useful for non-ARM vendors that do not need their own extension fields in their certificate files. The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by defining USE_TBBR_DEFS as 1. USE_TBBR_DEFS is 0 by default to keep the backward compatibility. For clarification, I inserted a blank line between headers from the include/ directory (#include <...>) and ones from a local directory (#include "..." ). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 19 May, 2017 1 commit
-
-
David Cunado authored
This Linaro release updates just the binaries: Linaro binaries upgraded 16.12 --> 17.01 The toolchain remains at 5.3-2015.05 (gcc 5.3) for both AArch64 and AArch32. The ARM TF codebase has been tested against these new binaries. This patch updates the User Guide to reflect that the 17.01 release is now a supported Linaro Release. Change-Id: I83c579dabd3fa9861ba0d41507036efbd87abcb5 Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 16 May, 2017 1 commit
-
-
Antonio Nino Diaz authored
The behaviour of assert() now depends on the value of the new optional platform define `PLAT_LOG_LEVEL_ASSERT`. This defaults to `LOG_LEVEL` if not defined by the platform. - If `PLAT_LOG_LEVEL_ASSERT` >= `LOG_LEVEL_VERBOSE`, it prints the file name, line and asserted expression. - If `PLAT_LOG_LEVEL_ASSERT` >= `LOG_LEVEL_INFO`, it prints the file name and line. - If not, it doesn't print anything. Note the old behaviour was to print the function name whereas now it prints the file name. This reduces memory usage because the file name is shared between all assert calls in a given file. Also, the default behaviour in debug builds is to no longer print the asserted expression, greatly reducing the string usage. For FVP debug builds this change saves approximately: No TBBR TBBR BL1 1.6 KB 2.2 KB BL2 1.7 KB 2.1 KB BL31 2.6 KB 3.3 KB Change-Id: I2947569d593df0b25611dc3c7a6096f42155c115 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 05 May, 2017 1 commit
-
-
David Cunado authored
AEMv8-A Model release v8.4 has been made available and Trusted Firmware has been tested against these versions as part of its CI system. This patch updates the user guide documentation to reflect the version of AEM and Cortex Models that Trusted Firmware has been tested against. Additionally, ARM FVPs FVP_Base_Cortex-A57x1-A53x1 and FVP_Base_Cortex-A57x2-A53x4 are removed from the list of tested FVPs as they are currently not being tested with the latest version of ARM Trusted Firmware. Also, documentation and links to Linaro pages have been updated to reflect the changes in the ARM community document hosting. Change-Id: Idae97303ce0929c82b137017de84ce94678f6f2b Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 04 May, 2017 1 commit
-
-
Jeenu Viswambharan authored
In AArch64, privileged exception levels control the execution state (a.k.a. register width) of the immediate lower Exception Level; i.e. whether the lower exception level executes in AArch64 or AArch32 state. For an exception level to have its execution state changed at run time, it must request the change by raising a synchronous exception to the higher exception level. This patch implements and adds such a provision to the ARM SiP service, by which an immediate lower exception level can request to switch its execution state. The execution state is switched if the request is: - raised from non-secure world; - raised on the primary CPU, before any secondaries are brought online with CPU_ON PSCI call; - raised from an exception level immediately below EL3: EL2, if implemented; otherwise NS EL1. If successful, the SMC doesn't return to the caller, but to the entry point supplied with the call. Otherwise, the caller will observe the SMC returning with STATE_SW_E_DENIED code. If ARM Trusted Firmware is built for AArch32, the feature is not supported, and the call will always fail. For the ARM SiP service: - Add SMC function IDs for both AArch32 and AArch64; - Increment the SiP service minor version to 2; - Adjust the number of supported SiP service calls. Add documentation for ARM SiP service. Fixes ARM-software/tf-issues#436 Change-Id: I4347f2d6232e69fbfbe333b340fcd0caed0a4cea Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 26 Apr, 2017 1 commit
-
-
David Cunado authored
Since Issue B (November 2016) of the SMC Calling Convention document standard SMC calls are renamed to yielding SMC calls to help avoid confusion with the standard service SMC range, which remains unchanged. http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf This patch adds a new define for yielding SMC call type and deprecates the current standard SMC call type. The tsp is migrated to use this new terminology and, additionally, the documentation and code comments are updated to use this new terminology. Change-Id: I0d7cc0224667ee6c050af976745f18c55906a793 Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 20 Apr, 2017 1 commit
-
-
Antonio Nino Diaz authored
The build option `ENABLE_ASSERTIONS` should be used instead. That way both C and ASM assertions can be enabled or disabled together. All occurrences of `ASM_ASSERTION` in common code and ARM platforms have been replaced by `ENABLE_ASSERTIONS`. ASM_ASSERTION has been removed from the user guide. Change-Id: I51f1991f11b9b7ff83e787c9a3270c274748ec6f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 19 Apr, 2017 3 commits
-
-
Antonio Nino Diaz authored
Add the new build option `ENABLE_ASSERTIONS` that controls whether or not assert functions are compiled out. It defaults to 1 for debug builds and to 0 for release builds. Additionally, a following patch will be done to allow this build option to hide auxiliary code used for the checks done in an `assert()`. This code is is currently under the DEBUG build flag. Assert messages are now only printed if LOG_LEVEL >= LOG_LEVEL_INFO, which is the default for debug builds. This patch also updates the User Guide. Change-Id: I1401530b56bab25561bb0f274529f1d12c5263bc Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Soby Mathew authored
This patch introduces a build option to enable D-cache early on the CPU after warm boot. This is applicable for platforms which do not require interconnect programming to enable cache coherency (eg: single cluster platforms). If this option is enabled, then warm boot path enables D-caches immediately after enabling MMU. Fixes ARM-Software/tf-issues#456 Change-Id: I44c8787d116d7217837ced3bcf0b1d3441c8d80e Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Antonio Nino Diaz authored
ARM platforms have migrated to the translation tables library v2. However, for testing purposes, it can be useful to temporarily switch back to the old version. This patch introduces the option `ARM_XLAT_TABLES_LIB_V1`, that switches to v1 of the library when is set to 1. By default, it is 0, so that ARM platforms use the new version unless specifically stated. Updated User Guide. Change-Id: I53d3c8dd97706f6af9c6fca0364a88ef341efd31 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 31 Mar, 2017 2 commits
-
-
Douglas Raillard authored
Introduce new build option ENABLE_STACK_PROTECTOR. It enables compilation of all BL images with one of the GCC -fstack-protector-* options. A new platform function plat_get_stack_protector_canary() is introduced. It returns a value that is used to initialize the canary for stack corruption detection. Returning a random value will prevent an attacker from predicting the value and greatly increase the effectiveness of the protection. A message is printed at the ERROR level when a stack corruption is detected. To be effective, the global data must be stored at an address lower than the base of the stacks. Failure to do so would allow an attacker to overwrite the canary as part of an attack which would void the protection. FVP implementation of plat_get_stack_protector_canary is weak as there is no real source of entropy on the FVP. It therefore relies on a timer's value, which could be predictable. Change-Id: Icaaee96392733b721fa7c86a81d03660d3c1bc06 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
Antonio Nino Diaz authored
This API makes sure that all the characters sent to the crash console are output before returning from it. Porting guide updated. Change-Id: I1785f970a40f6aacfbe592b6a911b1f249bb2735 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 29 Mar, 2017 1 commit
-
-
David Cunado authored
This patch updates the User Guide to recommend the latest version of mbed TLS library to use with ARM Trusted Firmware. - Upgrade mbed TLS library: 2.2.1 -> 2.4.2 Change-Id: Ifb5386fec0673d6dbfdaa474233e397afc279c85
-
- 27 Mar, 2017 1 commit
-
-
Summer Qin authored
This patch modifies some of the functions in ARM platform layer to cater for the case when multi-threading `MT` is set in MPIDR. A new build flag `ARM_PLAT_MT` is added, and when enabled, the functions accessing MPIDR now assume that the `MT` bit is set for the platform and access the bit fields accordingly. Also, a new API plat_arm_get_cpu_pe_count is added when `ARM_PLAT_MT` is enabled, returning the PE count within the physical cpu corresponding to `mpidr`. Change-Id: I04ccf212ac3054a60882761f4087bae299af13cb Signed-off-by: Summer Qin <summer.qin@arm.com>
-
- 20 Mar, 2017 2 commits
-
-
dp-arm authored
Fixes ARM-software/tf-issues#463 Change-Id: I73e0c5fbd87004953df8b1fa19319ad562ecc867 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
Andre Przywara authored
ARM erratum 855873 applies to all Cortex-A53 CPUs. The recommended workaround is to promote "data cache clean" instructions to "data cache clean and invalidate" instructions. For core revisions of r0p3 and later this can be done by setting a bit in the CPUACTLR_EL1 register, so that hardware takes care of the promotion. As CPUACTLR_EL1 is both IMPLEMENTATION DEFINED and can be trapped to EL3, we set the bit in firmware. Also we dump this register upon crashing to provide more debug information. Enable the workaround for the Juno boards. Change-Id: I3840114291958a406574ab6c49b01a9d9847fec8 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
- 08 Mar, 2017 2 commits
-
-
Antonio Nino Diaz authored
TLBI instructions for EL3 won't have the desired effect under specific circumstances in Cortex-A57 r0p0. The workaround is to execute DSB and TLBI twice each time. Even though this errata is only needed in r0p0, the current errata framework is not prepared to apply run-time workarounds. The current one is always applied if compiled in, regardless of the CPU or its revision. This errata has been enabled for Juno. The `DSB` instruction used when initializing the translation tables has been changed to `DSB ISH` as an optimization and to be consistent with the barriers used for the workaround. Change-Id: Ifc1d70b79cb5e0d87e90d88d376a59385667d338 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Added APIs to add and remove regions to the translation tables dynamically while the MMU is enabled. Only static regions are allowed to overlap other static ones (for backwards compatibility). A new private attribute (MT_DYNAMIC / MT_STATIC) has been added to flag each region as such. The dynamic mapping functionality can be enabled or disabled when compiling by setting the build option PLAT_XLAT_TABLES_DYNAMIC to 1 or 0. This can be done per-image. TLB maintenance code during dynamic table mapping and unmapping has also been added. Fixes ARM-software/tf-issues#310 Change-Id: I19e8992005c4292297a382824394490c5387aa3b Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 02 Mar, 2017 3 commits
-
-
Jeenu Viswambharan authored
The current PSCI implementation can apply certain optimizations upon the assumption that all PSCI participants are cache-coherent. - Skip performing cache maintenance during power-up. - Skip performing cache maintenance during power-down: At present, on the power-down path, CPU driver disables caches and MMU, and performs cache maintenance in preparation for powering down the CPU. This means that PSCI must perform additional cache maintenance on the extant stack for correct functioning. If all participating CPUs are cache-coherent, CPU driver would neither disable MMU nor perform cache maintenance. The CPU being powered down, therefore, remain cache-coherent throughout all PSCI call paths. This in turn means that PSCI cache maintenance operations are not required during power down. - Choose spin locks instead of bakery locks: The current PSCI implementation must synchronize both cache-coherent and non-cache-coherent participants. Mutual exclusion primitives are not guaranteed to function on non-coherent memory. For this reason, the current PSCI implementation had to resort to bakery locks. If all participants are cache-coherent, the implementation can enable MMU and data caches early, and substitute bakery locks for spin locks. Spin locks make use of architectural mutual exclusion primitives, and are lighter and faster. The optimizations are applied when HW_ASSISTED_COHERENCY build option is enabled, as it's expected that all PSCI participants are cache-coherent in those systems. Change-Id: Iac51c3ed318ea7e2120f6b6a46fd2db2eae46ede Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
The boolean build option HW_ASSISTED_COHERENCY is introduced to enable various optimizations in ARM Trusted Software, when built for such systems. It's set to 0 by default. Change-Id: I638390da6e1718fe024dcf5b402e07084f1eb014 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Summer Qin authored
Now the TRUSTED_BOARD_BOOT is supported for AArch64 when LOAD_IMAGE_V2 is enabled. This patch updates the user-guide.md documentation for the same. Change-Id: I97de07435c81258c2a5f41a30a69736863a10bd1 Signed-off-by: Summer Qin <summer.qin@arm.com>
-
- 28 Feb, 2017 1 commit
-
-
Varun Wadekar authored
This patch enables L2 ECC and Parity Protection for ARM Cortex-A57 CPUs for Tegra SoCs. Change-Id: I038fcd529991d0201a4951ce2730ab71b1c980f9 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 23 Feb, 2017 1 commit
-
-
Douglas Raillard authored
The errata is enabled by default on r0p4, which is confusing given that we state we do not enable errata by default. This patch clarifies this sentence by saying it is enabled in hardware by default. Change-Id: I70a062d93e1da2416d5f6d5776a77a659da737aa Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 22 Feb, 2017 2 commits
-
-
Varun Wadekar authored
The BL2 fills in the UART controller ID to be used as the normal as well as the crash console on Tegra platforms. The controller ID to UART controller base address mapping is handled by each Tegra SoC the base addresses might change across Tegra chips. This patch adds the handler to parse the platform params to get the UART ID for the per-soc handlers. Change-Id: I4d167b20a59aaf52a31e2a8edf94d8d6f89598fa Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch adds another member, tzdram_base, to the plat_params_from_bl2 struct in order to store the TZDRAM carveout base address used to load the Trusted OS. The monitor programs the memory controller with the TZDRAM base and size in order to deny any accesses from the NS world. Change-Id: If39b8674d548175d7ccb6525c18d196ae8a8506c Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 14 Feb, 2017 1 commit
-
-
Jeenu Viswambharan authored
The ARMv8v.1 architecture extension has introduced support for far atomics, which includes compare-and-swap. Compare and Swap instruction is only available for AArch64. Introduce build options to choose the architecture versions to target ARM Trusted Firmware: - ARM_ARCH_MAJOR: selects the major version of target ARM Architecture. Default value is 8. - ARM_ARCH_MINOR: selects the minor version of target ARM Architecture. Default value is 0. When: (ARM_ARCH_MAJOR > 8) || ((ARM_ARCH_MAJOR == 8) && (ARM_ARCH_MINOR >= 1)), for AArch64, Compare and Swap instruction is used to implement spin locks. Otherwise, the implementation falls back to using load-/store-exclusive instructions. Update user guide, and introduce a section in Firmware Design guide to summarize support for features introduced in ARMv8 Architecture Extensions. Change-Id: I73096a0039502f7aef9ec6ab3ae36680da033f16 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-