1. 06 Jul, 2021 2 commits
  2. 02 Jul, 2021 1 commit
  3. 29 Jun, 2021 2 commits
    • Sandrine Bailleux's avatar
      refactor(plat/fvp): tidy up list of images to measure · 64dd1dee
      Sandrine Bailleux authored
      
      
      We don't ever expect to load a binary with an STM32 header on the Arm
      FVP platform so remove this type of image from the list of
      measurements.
      
      Also remove the GPT image type from the list, as it does not get
      measured. GPT is a container, just like FIP is. We don't measure the FIP
      but rather the images inside it. It would seem logical to treat GPT the
      same way.
      
      Besides, only images that get loaded through load_auth_image() get
      measured right now. GPT processing happens before that and is handled in
      a different way (see partition_init()).
      
      Change-Id: Iac4de75380ed625b228e69ee4564cf9e67e19336
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      64dd1dee
    • Manish Pandey's avatar
      feat(plat/arm): enable PIE when RESET_TO_SP_MIN=1 · 7285fd5f
      Manish Pandey authored
      For Arm platforms PIE is enabled when RESET_TO_BL31=1 in aarch64 mode on
      the similar lines enable PIE when RESET_TO_SP_MIN=1 in aarch32 mode.
      The underlying changes for enabling PIE in aarch32 is submitted in
      commit 4324a14b
      
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: Ib8bb860198b3f97cdc91005503a3184d63e15469
      7285fd5f
  4. 03 Jun, 2021 1 commit
  5. 02 Jun, 2021 1 commit
  6. 28 May, 2021 1 commit
  7. 27 May, 2021 1 commit
  8. 29 Apr, 2021 1 commit
  9. 28 Apr, 2021 2 commits
    • David Horstmann's avatar
      refactor(plat/arm): store UUID as a string, rather than ints · 7d111d99
      David Horstmann authored
      
      
      NOTE: Breaking change to the way UUIDs are stored in the DT
      
      Currently, UUIDs are stored in the device tree as
      sequences of 4 integers. There is a mismatch in endianness
      between the way UUIDs are represented in memory and the way
      they are parsed from the device tree. As a result, we must either
      store the UUIDs in little-endian format in the DT (which means
      that they do not match up with their string representations)
      or perform endianness conversion after parsing them.
      
      Currently, TF-A chooses the second option, with unwieldy
      endianness-conversion taking place after reading a UUID.
      
      To fix this problem, and to make it convenient to copy and
      paste UUIDs from other tools, change to store UUIDs in string
      format, using a new wrapper function to parse them from the
      device tree.
      
      Change-Id: I38bd63c907be14e412f03ef0aab9dcabfba0eaa0
      Signed-off-by: default avatarDavid Horstmann <david.horstmann@arm.com>
      7d111d99
    • Manish V Badarkhe's avatar
      refactor(plat/arm): replace FIP base and size macro with a generic name · 49e9ac28
      Manish V Badarkhe authored
      
      
      Replaced PLAT_ARM_FIP_BASE and PLAT_ARM_FIP_MAX_SIZE macro with a
      generic name PLAT_ARM_FLASH_IMAGE_BASE and PLAT_ARM_FLASH_IMAGE_MAX_SIZE
      so that these macros can be reused in the subsequent GPT based support
      changes.
      
      Change-Id: I88fdbd53e1966578af4f1e8e9d5fef42c27b1173
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      49e9ac28
  10. 26 Apr, 2021 1 commit
  11. 20 Apr, 2021 1 commit
  12. 09 Apr, 2021 1 commit
    • Manish Pandey's avatar
      plat/arm: don't provide NT_FW_CONFIG when booting hafnium · 2b6fc535
      Manish Pandey authored
      
      
      NT_FW_CONFIG file is meant to be passed from BL31 to be consumed by
      BL33, fvp platforms use this to pass measured boot configuration and
      the x0 register is used to pass the base address of it.
      
      In case of hafnium used as hypervisor in normal world, hypervisor
      manifest is expected to be passed from BL31 and its base address is
      passed in x0 register.
      
      As only one of NT_FW_CONFIG or hypervisor manifest base address can be
      passed in x0 register and also measured boot is not required for SPM so
      disable passing NT_FW_CONFIG.
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: Ifad9d3658f55ba7d70f468a88997d5272339e53e
      2b6fc535
  13. 31 Mar, 2021 1 commit
  14. 24 Mar, 2021 1 commit
  15. 15 Mar, 2021 1 commit
    • Olivier Deprez's avatar
      SPM: declare third cactus instance as UP SP · e96fc8e7
      Olivier Deprez authored
      
      
      The FF-A v1.0 spec allows two configurations for the number of EC/vCPU
      instantiated in a Secure Partition:
      -A MultiProcessor (MP) SP instantiates as many ECs as the number of PEs.
      An EC is pinned to a corresponding physical CPU.
      -An UniProcessor (UP) SP instantiates a single EC. The EC is migrated to
      the physical CPU from which the FF-A call is originating.
      This change permits exercising the latter case within the TF-A-tests
      framework.
      Signed-off-by: default avatarOlivier Deprez <olivier.deprez@arm.com>
      Change-Id: I7fae0e7b873f349b34e57de5cea496210123aea0
      e96fc8e7
  16. 01 Mar, 2021 1 commit
  17. 09 Feb, 2021 2 commits
    • Manish V Badarkhe's avatar
      plat/arm: fvp: Protect GICR frames for fused/unused cores · f98630fb
      Manish V Badarkhe authored
      
      
      Currently, BLs are mapping the GIC memory region as read-write
      for all cores on boot-up.
      
      This opens up the security hole where the active core can write
      the GICR frame of fused/inactive core. To avoid this issue, disable
      the GICR frame of all inactive cores as below:
      
      1. After primary CPU boots up, map GICR region of all cores as
         read-only.
      2. After primary CPU boots up, map its GICR region as read-write
         and initialize its redistributor interface.
      3. After secondary CPU boots up, map its GICR region as read-write
         and initialize its redistributor interface.
      4. All unused/fused core's redistributor regions remain read-only and
         write attempt to such protected regions results in an exception.
      
      As mentioned above, this patch offers only the GICR memory-mapped
      region protection considering there is no facility at the GIC IP
      level to avoid writing the redistributor area.
      
      These changes are currently done in BL31 of Arm FVP and guarded under
      the flag 'FVP_GICR_REGION_PROTECTION'.
      
      As of now, this patch is tested manually as below:
      1. Disable the FVP cores (core 1, 2, 3) with core 0 as an active core.
      2. Verify data abort triggered by manually updating the ‘GICR_CTLR’
         register of core 1’s(fused) redistributor from core 0(active).
      
      Change-Id: I86c99c7b41bae137b2011cf2ac17fad0a26e776d
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      f98630fb
    • Manish V Badarkhe's avatar
      plat/arm: fvp: Do not map GIC region in BL1 and BL2 · e0cea783
      Manish V Badarkhe authored
      
      
      GIC memory region is not getting used in BL1 and BL2.
      Hence avoid its mapping in BL1 and BL2 that freed some
      page table entries to map other memory regions in the
      future.
      
      Retains mapping of CCN interconnect region in BL1 and BL2
      overlapped with the GIC memory region.
      
      Change-Id: I880dd0690f94b140e59e4ff0c0d436961b9cb0a7
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      e0cea783
  18. 08 Dec, 2020 4 commits
  19. 30 Nov, 2020 1 commit
  20. 21 Oct, 2020 1 commit
  21. 20 Oct, 2020 1 commit
  22. 09 Oct, 2020 1 commit
    • Jimmy Brisson's avatar
      Don't return error information from console_flush · 831b0e98
      Jimmy Brisson authored
      
      
      And from crash_console_flush.
      
      We ignore the error information return by console_flush in _every_
      place where we call it, and casting the return type to void does not
      work around the MISRA violation that this causes. Instead, we collect
      the error information from the driver (to avoid changing that API), and
      don't return it to the caller.
      
      Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1
      Signed-off-by: default avatarJimmy Brisson <jimmy.brisson@arm.com>
      831b0e98
  23. 05 Oct, 2020 2 commits
  24. 15 Sep, 2020 2 commits
  25. 10 Sep, 2020 1 commit
  26. 02 Sep, 2020 1 commit
  27. 28 Aug, 2020 1 commit
  28. 20 Aug, 2020 1 commit
  29. 19 Aug, 2020 1 commit
  30. 18 Aug, 2020 1 commit
  31. 17 Aug, 2020 1 commit