- 28 Oct, 2020 1 commit
-
-
David Horstmann authored
Currently, when RECLAIM_INIT_CODE is set, the stacks are scaled to ensure that the entirety of the init section can be reclaimed as stack. This causes an issue in lib/psci/aarch64/psci_helpers.S, where the stack size is used for cache operations in psci_do_pwrdown_cache_maintenance(). If the stacks are scaled, then the PSCI code may fail to invalidate some of the stack memory before power down. Resizing stacks is also not good for stability in general, since code that works with a small number of cores may overflow the stack when the number of cores is increased. Change to make every stack be PLATFORM_STACK_SIZE big, and allow the total stack to be smaller than the init section. Any pages of the init section not reclaimed as stack will be set to read-only and execute-never, for security. Change-Id: I10b3884981006431f2fcbec3864c81d4a8c246e8 Signed-off-by:David Horstmann <david.horstmann@arm.com>
-
- 15 Sep, 2020 1 commit
-
-
Manish V Badarkhe authored
Implemented a parser which populates the properties of the CoT descriptors as per the binding document [1]. 'COT_DESC_IN_DTB' build option is disabled by default and can be enabled in future for all Arm platforms by making necessary changes in the memory map. Currently, this parser is tested only for FVP platform. [1]: https://trustedfirmware-a.readthedocs.io/en/latest/components/cot-binding.html Change-Id: I2f911206087a1a2942aa728de151d2ac269d27cc Signed-off-by:
Manish V Badarkhe <Manish.Badarkhe@arm.com>
-
- 10 Sep, 2020 1 commit
-
-
Ruari Phipps authored
UUID's in the device tree files were stored in little endian. So to keep all entries in these files RFC 4122 compliant, store them in big endian then convert it to little endian when they are read so they can be used in the UUID data structure. Signed-off-by:Ruari Phipps <ruari.phipps@arm.com> Change-Id: I5674159b82b245104381df10a4e3291160d9b3b5
-
- 02 Sep, 2020 1 commit
-
-
Alexei Fedorov authored
Trace analysis of FVP_Base_AEMv8A 0.0/6063 model running in Aarch32 mode with the build options listed below: TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_ecdsa KEY_ALG=ecdsa ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_ecdsa.pem shows that when auth_signature() gets called 71.99% of CPU execution time is spent in memset() function written in C using single byte write operations, see lib\libc\memset.c. This patch introduces new libc_asm.mk makefile which replaces C memset() implementation with assembler version giving the following results: - for Aarch32 in auth_signature() call memset() CPU time reduced to 20.56%. The number of CPU instructions (Inst) executed during TF-A boot stage before start of BL33 in RELEASE builds for different versions is presented in the tables below, where: - C TF-A: existing TF-A C code; - C musl: "lightweight code" C "implementation of the standard library for Linux-based systems" https://git.musl-libc.org/cgit/musl/tree/src/string/memset.c - Asm Opt: assemler version from "Arm Optimized Routines" project https://github.com/ARM-software/optimized-routines/blob/ master/string/arm/memset.S - Asm Linux: assembler version from Linux kernel https://github.com/torvalds/linux/blob/master/arch/arm/lib/memset.S - Asm TF-A: assembler version from this patch Aarch32: +-----------+------+------+--------------+----------+ | Variant | Set | Size | Inst | Ratio | +-----------+------+------+--------------+----------+ | C TF-A | T32 | 16 | 2122110003 | 1.000000 | | C musl | T32 | 156 | 1643917668 | 0.774662 | | Asm Opt | T32 | 84 | 1604810003 | 0.756233 | | Asm Linux | A32 | 168 | 1566255018 | 0.738065 | | Asm TF-A | A32 | 160 | 1525865101 | 0.719032 | +-----------+------+------+--------------+----------+ AArch64: +-----------+------+------------+----------+ | Variant | Size | Inst | Ratio | +-----------+------+------------+----------+ | C TF-A | 28 | 2732497518 | 1.000000 | | C musl | 212 | 1802999999 | 0.659836 | | Asm TF-A | 140 | 1680260003 | 0.614917 | +-----------+------+------------+----------+ This patch modifies 'plat\arm\common\arm_common.mk' by overriding libc.mk makefile with libc_asm.mk and does not effect other platforms. Change-Id: Ie89dd0b74ba1079420733a0d76b7366ad0157c2e Signed-off-by:
Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 28 Aug, 2020 2 commits
-
-
Manish V Badarkhe authored
In the case of Juno AArch32, platform security configuration gets done from both BL2 and SP_MIN(BL32) components when JUNO_AARCH32_EL3_RUNTIME and RESET_TO_SP_MIN build options are set. Fix is provided to avoid Platform security configuration from SP_MIN when it is already done in BL2. Signed-off-by: -
Manish V Badarkhe authored
Using the Fconf, register base address of the various nv-counters (currently, trusted, non-trusted nv-counters) are moved to the device tree and retrieved during run-time. This feature is enabled using the build option COT_DESC_IN_DTB. Signed-off-by:
-
- 26 Aug, 2020 1 commit
-
-
Sandeep Tripathy authored
'EHF' is used by RAS, SDEI, SPM_MM common frameworks. If platform needs to plug-in specific handlers then 'PLAT_EHF_DESC' can be used to populate platform specific priority levels. Signed-off-by:Sandeep Tripathy <sandeep.tripathy@broadcom.com> Change-Id: I37af7e0e48111f87b6982604bf5c15db3e05755d
-
- 18 Aug, 2020 2 commits
-
-
Manish V Badarkhe authored
In case of AT speculative workaround applied, page table walk is disabled for lower ELs (EL1 and EL0) in EL3. Hence added a wrapper function which temporarily enables page table walk to execute AT instruction for lower ELs and then disables page table walk. Execute AT instructions directly for lower ELs (EL1 and EL0) assuming page table walk is enabled always when AT speculative workaround is not applied. Change-Id: I4ad4c0bcbb761448af257e9f72ae979473c0dde8 Signed-off-by: -
Manish V Badarkhe authored
Removed common code for soc-id feature which is applicable for all arm platforms. In subsequent patches, added a platform based functions for FVP and Juno to retrieve the soc-id information. Change-Id: Idb632a935758a6caff2ca03a6eab8f663da8a93a Signed-off-by:
-
- 14 Aug, 2020 2 commits
-
-
Manish Pandey authored
For Arm platforms SPs are loaded by parsing tb_fw_config.dts and adding them to SP structure sequentially, which in-turn is appended to loadable image list. With recently introduced dualroot CoT for SPs where they are owned either by SiP or by Platform. SiP owned SPs index starts at SP_PKG1_ID and Plat owned SPs index starts at SP_PKG5_ID. As the start index of SP depends on the owner, there should be a mechanism to parse owner of a SP and put it at the correct index in SP structure. This patch adds support for parsing a new optional field "owner" and based on it put SP details(UUID & Load-address) at the correct index in SP structure. Change-Id: Ibd255b60d5c45023cc7fdb10971bef6626cb560b Signed-off-by:Manish Pandey <manish.pandey2@arm.com>
-
Jimmy Brisson authored
There was a collision between the name of the typedef in the CASSERT and something else, so we make the name of the typedef unique to the invocation of DEFFINE_SVC_UUID2 by appending the name that's passed into the macro. This eliminates the following MISRA violation: bl1/bl1_main.c:233:[MISRA C-2012 Rule 5.6 (required)] Identifier "invalid_svc_uuid" is already used to represent a typedef. This also resolves MISRA rule 5.9. These renamings are as follows: * tzram -> secram. This matches the function call name as it has sec_mem in it's name * fw_config_base -> config_base. This file does not mess with hw_conig, so there's little chance of confusion Change-Id: I8734ba0956140c8e29b89d0596d10d61a6ef351e Signed-off-by:Jimmy Brisson <jimmy.brisson@arm.com>
-
- 10 Aug, 2020 1 commit
-
-
Alexei Fedorov authored
BL31 binary size is aligned to 4KB because of the code in include\plat\arm\common\arm_reclaim_init.ld.S: __INIT_CODE_UNALIGNED__ = .; . = ALIGN(PAGE_SIZE); __INIT_CODE_END__ = .; with all the zero data after the last instruction of BL31 code to the end of the page. This causes increase in size of BL31 binary stored in FIP and its loading time by BL2. This patch reduces the size of BL31 image by moving page alignment from __INIT_CODE_END__ to __STACKS_END__ which also increases the stack size for secondary CPUs. Change-Id: Ie2ec503fc774c22c12ec506d74fd3ef2b0b183a9 Signed-off-by:
-
- 31 Jul, 2020 1 commit
-
-
Manish Pandey authored
Currently only single signing domain is supported for SP packages but there is plan to support dual signing domains if CoT is dualroot. SP_CONTENT_CERT_ID is the certificate file which is currently generated and signed with trusted world key which in-turn is derived from Silicon provider RoT key. To allow dual signing domain for SP packages, other certificate file will be derived from Platform owned RoT key. This patch renames "SP_CONTENT_CERT_ID" to "SIP_SP_CONTENT_CERT_ID" and does other related changes. Signed-off-by:
-
- 30 Jul, 2020 1 commit
-
-
Manish Pandey authored
This patch fixes a bug where wrong panic was caused when the number of SP was same as max limit. Signed-off-by:
-
- 26 Jul, 2020 1 commit
-
-
Manish V Badarkhe authored
Currently, soc-revision information is not available for arm platforms hence disabled 'SMCCC_ARCH_SOC_ID' feature for all arm platforms. Change-Id: I1ab878c6a4c8fecfff63bc6dde83e3ecefe20279 Signed-off-by:
-
- 24 Jul, 2020 1 commit
-
-
Manish Pandey authored
SPM(BL32) and hafnium(BL33) expect their manifest base address in x0 register, which is updated during BL2 stage by parsing fw_config. In case of RESET_TO_BL31 it has to be updated while populating entry point information. Signed-off-by:
-
- 23 Jul, 2020 4 commits
-
-
Manish V Badarkhe authored
In BL2, fw_config's population happened before the cache gets enabled. Hence to boost the performance, moved fw_config's population after cache gets enabled (i.e. after MMU gets enabled). Signed-off-by: -
Manish V Badarkhe authored
Updated the function 'set_fw_config_info' to make it generic by doing below changes: 1. Rename function name from 'set_fw_config_info' to 'set_config_info' 2. Take image_id as an argument so that this function can set any config information. Signed-off-by: -
Manish V Badarkhe authored
Update the data type of the member 'config_max_size' present in the structure 'dyn_cfg_dtb_info_t' to uint32_t. This change is being done so that dyn_cfg_dtb_info_t and image_info structure should use same data type for maximum size. Change-Id: I9b5927a47eb8351bbf3664b8b1e047ae1ae5a260 Signed-off-by: -
Manish V Badarkhe authored
Currently, the need for firmware update is being checked twice in the code hence modifications are done to do this check only once and set the global variable. Then this global variable helps to decide whether to go for normal boot or firmware update flow. Change-Id: I8469284555a8039786f34670f9dc4830f87aecc1 Signed-off-by:
-
- 21 Jul, 2020 2 commits
-
-
Alexei Fedorov authored
This patch adds support for Event Log generation required for Measured Boot functionality. Change-Id: I34f05a33565e6659e78499d62cc6fb00b7d6c2dc Signed-off-by: -
Alexei Fedorov authored
This patch adds support for Measured Boot driver functionality in common Arm platform code. Change-Id: If049dcf8d847c39023b77c0d805a8cf5b8bcaa3e Signed-off-by:
-
- 29 Jun, 2020 1 commit
-
-
Manish V Badarkhe authored
Added assert in the code to check valid address of dtb information structure retrieved from fw_config device tree. This patch fixes coverity defect:360213. Also, removed conditional calling of "fconf_populate" as "fconf_populate" function already checks the validity of the device tree address received and go to panic in case of address is NULL. Signed-off-by:
-
- 25 Jun, 2020 1 commit
-
-
Manish V Badarkhe authored
Modified the code to do below changes: 1. Load tb_fw_config along with fw_config by BL1. 2. Populate fw_config device tree information in the BL1 to load tb_fw_config. 3. In BL2, populate fw_config information to retrieve the address of tb_fw_config and then tb_fw_config gets populated using retrieved address. 4. Avoid processing of configuration file in case of error value returned from "fw_config_load" function. 5. Updated entrypoint information for BL2 image so that it's arg0 should point to fw_config address. Signed-off-by:
Louis Mayencourt <louis.mayencourt@arm.com> Change-Id: Ife6f7b673a074e7f544ee3d1bda7645fd5b2886c
-
- 24 Jun, 2020 3 commits
-
-
Manish V Badarkhe authored
Modified the code to do below changes: 1. Migrates the Arm platforms to the API changes introduced in the previous patches by fixing the fconf_load_config() call. 2. Retrieve dynamically the address of tb_fw_config using fconf getter api which is subsequently used to write mbedTLS heap address and BL2 hash data in the tb_fw_config DTB. Signed-off-by:
-
Manish V Badarkhe authored
Cleaned up confused naming between TB_FW and FW_CONFIG. Signed-off-by:
-
Louis Mayencourt authored
fw_config image is authenticated using secure boot framework by adding it into the single root and dual root chain of trust. The COT for fw_config image looks as below: +------------------+ +-------------------+ | ROTPK/ROTPK Hash |------>| Trusted Boot fw | +------------------+ | Certificate | | (Auth Image) | /+-------------------+ / | / | / | / | L v +------------------+ +-------------------+ | fw_config hash |------>| fw_config | | | | (Data Image) | +------------------+ +-------------------+ Signed-off-by:
-
- 09 Jun, 2020 2 commits
-
-
Madhukar Pappireddy authored
Using the fconf framework, the Group 0 and Group 1 secure interrupt descriptors are moved to device tree and retrieved in runtime. This feature is enabled by the build flag SEC_INT_DESC_IN_FCONF. Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c Signed-off-by:Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
Manish Pandey authored
A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP) owned Secure Partitions(SP). A similar support for Platform owned SP can be added in future. The certificate is also protected against anti- rollback using the trusted Non-Volatile counter. To avoid deviating from TBBR spec, support for SP CoT is only provided in dualroot. Secure Partition content certificate is assigned image ID 31 and SP images follows after it. The CoT for secure partition look like below. +------------------+ +-------------------+ | ROTPK/ROTPK Hash |------>| Trusted Key | +------------------+ | Certificate | | (Auth Image) | /+-------------------+ / | / | / | / | L v +------------------+ +-------------------+ | Trusted World |------>| SiP owned SPs | | Public Key | | Content Cert | +------------------+ | (Auth Image) | / +-------------------+ / | / v| +------------------+ L +-------------------+ | SP_PKG1 Hash |------>| SP_PKG1 | | | | (Data Image) | +------------------+ +-------------------+ . . . . . . +------------------+ +-------------------+ | SP_PKG8 Hash |------>| SP_PKG8 | | | | (Data Image) | +------------------+ +-------------------+ Signed-off-by:
-
- 27 May, 2020 1 commit
-
-
Manish V Badarkhe authored
Fixed build error for dualroot chain of trust. Build error were thrown as below while compiling the code for dualroot chain of trust: aarch64-none-elf-ld.bfd: ./build/fvp/debug/bl1/tbbr_cot_bl1.o: (.bss.auth_img_flags+0x0): multiple definition of `auth_img_flags'; ./build/fvp/debug/bl1/cot.o:(.bss.auth_img_flags+0x0): first defined here aarch64-none-elf-ld.bfd: ./build/fvp/debug/bl1/tbbr_cot_bl1.o: (.rodata.cot_desc_size+0x0): multiple definition of `cot_desc_size'; ./build/fvp/debug/bl1/cot.o:(.rodata.cot_desc_size+0x0): first defined here aarch64-none-elf-ld.bfd: ./build/fvp/debug/bl1/tbbr_cot_bl1.o: (.rodata.cot_desc_ptr+0x0): multiple definition of `cot_desc_ptr'; ./build/fvp/debug/bl1/cot.o:(.rodata.cot_desc_ptr+0x0): first defined here Signed-off-by:
-
- 21 May, 2020 1 commit
-
-
Madhukar Pappireddy authored
We query the UART base address and clk frequency in runtime using fconf getter APIs. Change-Id: I5f4e84953be5f384472bf90720b706d45cb86260 Signed-off-by:
-
- 19 May, 2020 1 commit
-
-
Manish V Badarkhe authored
CoT used for BL1 and BL2 are moved to tbbr_cot_bl1.c and tbbr_cot_bl2.c respectively. Common CoT used across BL1 and BL2 are moved to tbbr_cot_common.c. Signed-off-by:
-
- 15 May, 2020 1 commit
-
-
Balint Dobszay authored
This patch introduces dynamic configuration for SDEI setup and is supported when the new build flag SDEI_IN_FCONF is enabled. Instead of using C arrays and processing the configuration at compile time, the config is moved to dts files. It will be retrieved at runtime during SDEI init, using the fconf layer. Change-Id: If5c35a7517ba00a9f258d7f3e7c8c20cee169a31 Signed-off-by:
Balint Dobszay <balint.dobszay@arm.com> Co-authored-by:
-
- 29 Apr, 2020 1 commit
-
-
Andre Przywara authored
Our fdtw_read_cells() implementation goes to great lengths to sanity-check every parameter and result, but leaves a big hole open: The size of the storage the value pointer points at needs to match the number of cells given. This can't be easily checked at compile time, since we lose the size information by using a void pointer. Regardless the current usage of this function is somewhat wrong anyways, since we use it on single-element, fixed-length properties only, for which the DT binding specifies the size. Typically we use those functions dealing with a number of cells in DT context to deal with *dynamically* sized properties, which depend on other properties (#size-cells, #clock-cells, ...), to specify the number of cells needed. Another problem with the current implementation is the use of ambiguously sized types (uintptr_t, size_t) together with a certain expectation about their size. In general there is no relation between the length of a DT property and the bitness of the code that parses the DTB: AArch64 code could encounter 32-bit addresses (where the physical address space is limited to 4GB [1]), while AArch32 code could read 64-bit sized properties (/memory nodes on LPAE systems, [2]). To make this more clear, fix the potential issues and also align more with other DT users (Linux and U-Boot), introduce functions to explicitly read uint32 and uint64 properties. As the other DT consumers, we do this based on the generic "read array" function. Convert all users to use either of those two new functions, and make sure we never use a pointer to anything other than uint32_t or uint64_t variables directly. This reveals (and fixes) a bug in plat_spmd_manifest.c, where we write 4 bytes into a uint16_t variable (passed via a void pointer). Also we change the implementation of the function to better align with other libfdt users, by using the right types (fdt32_t) and common variable names (*prop, prop_names). [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi#n874 [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/boot/dts/ecx-2000.dts Change-Id: I718de960515117ac7a3331a1b177d2ec224a3890 Signed-off-by:
Andre Przywara <andre.przywara@arm.com>
-
- 28 Apr, 2020 1 commit
-
-
Andre Przywara authored
Currently our fdtw_read_array() implementation requires the length of the property to exactly match the requested size, which makes it less flexible for parsing generic device trees. Also the name is slightly misleading, since we treat the cells of the array as 32 bit unsigned integers, performing the endianess conversion. To fix those issues and align the code more with other DT users (Linux kernel or U-Boot), rename the function to "fdt_read_uint32_array", and relax the length check to only check if the property covers at least the number of cells we request. This also changes the variable names to be more in-line with other DT users, and switches to the proper data types. This makes this function more useful in later patches. Change-Id: Id86f4f588ffcb5106d4476763ecdfe35a735fa6c Signed-off-by:
-
- 02 Apr, 2020 1 commit
-
-
Sandrine Bailleux authored
The platform io policies array is now always accessed through a fconf getter. This gives us an ideal spot to check for out-of-bound accesses. Remove the assertion in plat_get_image_source(), which is now redundant. Change-Id: Iefe808d530229073b68cbd164d927b8b6662a217 Signed-off-by:Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 25 Mar, 2020 1 commit
-
-
Alexei Fedorov authored
This patch provides support for measured boot by adding calculation of BL2 image hash in BL1 and writing these data in TB_FW_CONFIG DTB. Change-Id: Ic074a7ed19b14956719c271c805b35d147b7cec1 Signed-off-by:
-
- 23 Mar, 2020 1 commit
-
-
Olivier Deprez authored
When SPD=spmd and SPMD_SPM_AT_SEL2=0, that is SPMC sits at S-EL1 then there is no need for TF-A to load secure partitions individually. In this configuration, SPMC handles secure partition loading at S-EL1/EL0 levels. Signed-off-by:
Olivier Deprez <olivier.deprez@arm.com> Signed-off-by:
-
- 17 Mar, 2020 1 commit
-
-
Manish V Badarkhe authored
Implemented SMCCC_ARCH_SOC_ID call in order to get below SOC information: 1. SOC revision 2. SOC version Implementation done using below SMCCC specification document: https://developer.arm.com/docs/den0028/c Signed-off-by:
-
- 16 Mar, 2020 1 commit
-
-
Louis Mayencourt authored
Merge the previously introduced arm_fconf_io_storage into arm_io_storage. This removes the duplicate io_policies and functions definition. This patch: - replace arm_io_storage.c with the content of arm_fconf_io_storage.c - rename the USE_FCONF_BASED_IO option into ARM_IO_IN_DTB. - use the ARM_IO_IN_DTB option to compile out io_policies moved in dtb. - propagate DEFINES when parsing dts. - use ARM_IO_IN_DTB to include or not uuid nodes in fw_config dtb. - set the ARM_IO_IN_DTB to 0 by default for fvp. This ensure that the behavior of fvp stays the same as it was before the introduction of fconf. Change-Id: Ia774a96d1d3a2bccad29f7ce2e2b4c21b26c080e Signed-off-by:
-
