- 20 Dec, 2019 1 commit
-
-
Paul Beesley authored
There are two different implementations of Secure Partition management in TF-A. One is based on the "Management Mode" (MM) design, the other is based on the Secure Partition Client Interface (SPCI) specification. Currently there is a dependency between their build flags that shouldn't exist, making further development harder than it should be. This patch removes that dependency, making the two flags function independently. Before: ENABLE_SPM=1 is required for using either implementation. By default, the SPCI-based implementation is enabled and this is overridden if SPM_MM=1. After: ENABLE_SPM=1 enables the SPCI-based implementation. SPM_MM=1 enables the MM-based implementation. The two build flags are mutually exclusive. Note that the name of the ENABLE_SPM flag remains a bit ambiguous - this will be improved in a subsequent patch. For this patch the intention was to leave the name as-is so that it is easier to track the changes that were made. Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
- 17 Dec, 2019 2 commits
-
-
Bence Szépkúti authored
Ported the pmf asm macros and the asm code in the bl31 entrypoint necessary for the instrumentation to AArch32. Since smc dispatch is handled by the bl32 payload on AArch32, we provide this service only if AARCH32_SP=sp_min is set. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com> Change-Id: Id33b7e9762ae86a4f4b40d7f1b37a90e5130c8ac
-
Bence Szépkúti authored
Switching execution states is only possible if EL3 is AArch64. As such there is no need to validate the entrypoint on AArch32 builds. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com> Change-Id: I3c1eb25b5df296a492870641d274bf65213c6608
-
- 07 Nov, 2019 1 commit
-
-
Manish Pandey authored
Earlier PIE support was enabled for all arm platforms when RESET_TO_BL31=1, but later on it was restricted only to FVP with patch SHA d4580d17 because of n1sdp platform. Now it has been verified that PIE does work for n1sdp platform also, so enabling it again for all arm platforms. Change-Id: I05ad4f1775ef72e7cb578ec9245cde3fbce971a5 Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
-
- 13 Sep, 2019 1 commit
-
-
Alexei Fedorov authored
This patch provides the following features and makes modifications listed below: - Individual APIAKey key generation for each CPU. - New key generation on every BL31 warm boot and TSP CPU On event. - Per-CPU storage of APIAKey added in percpu_data[] of cpu_data structure. - `plat_init_apiakey()` function replaced with `plat_init_apkey()` which returns 128-bit value and uses Generic timer physical counter value to increase the randomness of the generated key. The new function can be used for generation of all ARMv8.3-PAuth keys - ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`. - New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively; pauth_disable_el1()` and `pauth_disable_el3()` functions disable PAuth for EL1 and EL3 respectively; `pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from cpu-data structure. - Combined `save_gp_pauth_registers()` function replaces calls to `save_gp_registers()` and `pauth_context_save()`; `restore_gp_pauth_registers()` replaces `pauth_context_restore()` and `restore_gp_registers()` calls. - `restore_gp_registers_eret()` function removed with corresponding code placed in `el3_exit()`. - Fixed the issue when `pauth_t pauth_ctx` structure allocated space for 12 uint64_t PAuth registers instead of 10 by removal of macro CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h` and assigning its value to CTX_PAUTH_REGS_END. - Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions in `msr spsel` instruction instead of hard-coded values. - Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI. Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 28 Jun, 2019 1 commit
-
-
Ambroise Vincent authored
The new API becomes the default one. Change-Id: Ic1d602da3dff4f4ebbcc158b885295c902a24fec Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
-
- 17 Apr, 2019 1 commit
-
-
Aditya Angadi authored
The BL1 stage setup code for ARM platforms sets up the SP805 watchdog controller as the secure watchdog. But not all ARM platforms use SP805 as the secure watchdog controller. So introduce two new ARM platform code specific wrapper functions to start and stop the secure watchdog. These functions then replace the calls to SP805 driver in common BL1 setup code. All the ARM platforms implement these wrapper functions by either calling into SP805 driver or the SBSA watchdog driver. Change-Id: I1a9a11b124cf3fac2a84f22ca40acd440a441257 Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
-
- 27 Feb, 2019 1 commit
-
-
Antonio Nino Diaz authored
This feature is only supported on FVP. Change-Id: I4e265610211d92a84bd2773c34acfbe02a1a1826 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 25 Jan, 2019 1 commit
-
-
Antonio Nino Diaz authored
Use full include paths like it is done for common includes. This cleanup was started in commit d40e0e08283a ("Sanitise includes across codebase"), but it only cleaned common files and drivers. This patch does the same to Arm platforms. Change-Id: If982e6450bbe84dceb56d464e282bcf5d6d9ab9b Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 22 Jan, 2019 1 commit
-
-
Antonio Nino Diaz authored
The SPM implementation based on MM is going to be kept for the foreseeable future. Change-Id: I11e96778a4f52a1aa803e7e048d9a7cb24a53954 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Acked-by: Sumit Garg <sumit.garg@linaro.org>
-
- 07 Jan, 2019 1 commit
-
-
Soby Mathew authored
The patch SHA 55cf015c enabled PIE support when RESET_TO_BL31=1 for all ARM platforms. But it seems n1sdp platform doesn't work with PIE support yet. Hence restrict the ENABLE_PIE=1 to fvp platform. Change-Id: If44e42528e4b0b57c69084503f346576fe0748bd Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 19 Dec, 2018 1 commit
-
-
Antonio Nino Diaz authored
This option was removed in v2.0. Change-Id: I0c929fddb57d60c5eff9e45dd5ee8c636b28e6c3 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 11 Dec, 2018 1 commit
-
-
Antonio Nino Diaz authored
Load SP and RD from package instead of relying on RD being already loaded in memory and the SP being loaded as a BL32 image. Change-Id: I18d4fbf4597656c6a7e878e1d7c01a8a324f3f8a Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 10 Dec, 2018 1 commit
-
-
Antonio Nino Diaz authored
Introduce helpers to create resource description struct, as well as code to load the information from DTB files. Change-Id: I0f5bb94eb8b01c6cb53fe807a9db0c05a70d7a43 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 05 Nov, 2018 1 commit
-
-
Manish Pandey authored
This option allows the Trusted Firmware to directly jump to Linux kernel for aarch32 without the need of an intermediate loader such as U-Boot. Similar to AArch64 ARM_LINUX_KERNEL_AS_BL33 only available with RESET_TO_SP_MIN=1 as well as BL33 and DTB are preloaded in memory. Change-Id: I908bc1633696be1caad0ce2f099c34215c8e0633 Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
-
- 29 Oct, 2018 1 commit
-
-
Soby Mathew authored
This patch enabled PIE for FVP when RESET_TO_BL31=1. The references to BL31_BASE are replaced by BL31_START as being a symbol exported by the linker, will create a dynamic relocation entry in .rela.dyn and hence will be fixed up by dynamic linker at runtime. Also, we disable RECLAIM_INIT_CODE when PIE is enabled as the init section overlay creates some static relocations which cannot be handled by the dynamic linker currently. Change-Id: I86df1b0a8b2a8bbbe7c3f3c0b9a08c86c2963ec0 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 03 Oct, 2018 1 commit
-
-
Daniel Boulby authored
Map the initialization code for BL31 to overlap with the memory required for the secondary cores stack. Once BL31 has been initialized the memory can be remapped to RW data so that it can be used for secondary cores stacks. By moving code from .text to .text.init the size of the BL31 image is decreased by a page. Split arm_common.ld.S into two linker scripts, one for tzc_dram (arm_tzc_dram.ld.S) and one for reclaiming initialization code (arm_reclaim_init.ld.S) so that platforms can chose which memory regions they wish to include. Change-Id: I648e88f3eda1aa71765744cf34343ecda9320b32 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
-
- 28 Sep, 2018 1 commit
-
-
Antonio Nino Diaz authored
- Remove references to removed build options. - Remove support for legacy GIC driver. - Remove support for LOAD_IMAGE_V2=0. Change-Id: I72f8c05620bdf4a682765e6e53e2c04ca749a3d5 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 21 Sep, 2018 1 commit
-
-
Daniel Boulby authored
Set MULTI_CONSOLE_API=1 for both AArch64 and AArch32 by default. MULTI_CONSOLE_API=0 is still supported, but it has to be set from the command line. Change-Id: I4eeaa8e243a3fe93ed8a716e502666a26ad28f35 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
-
- 18 Sep, 2018 1 commit
-
-
Soby Mathew authored
The patch d323af9e removed the support for coherent memory in BL1 and BL2 for ARM platforms. But the CryptoCell SBROM integration depends on use of coherent buffers for passing data from the AP CPU to the CryptoCell. Hence this patch reintroduces support for coherent memory in BL1 and BL2 if ARM_CRYPTOCELL_INTEG=1. Change-Id: I011482dda7f7a3ec9e3e79bfb3f4fa03796f7e02 Signed-Off-by: Soby Mathew <soby.mathew@arm.com>
-
- 03 Aug, 2018 1 commit
-
-
Roberto Vargas authored
TF Makefile was linking all the objects files generated for the fdt library instead of creating a static library that could be used in the linking stage. Change-Id: If3705bba188ec39e1fbf2322a7f2a9a941e1b90d Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 12 Jul, 2018 1 commit
-
-
Dimitris Papastamos authored
Change-Id: Iaebbeac1a1d6fbd531e5694b95ed068b7a193e62 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 21 Jun, 2018 1 commit
-
-
Jeenu Viswambharan authored
The file arm_ras.c intended to provide common platform-specific RAS configuration for Arm platforms. Because this file has symbol definitions, it's proving difficult to provide a common definition. This patch therefore renames and makes the file specific to FVP. Other platforms shall provide their own configuration in similar fashion. Change-Id: I766fd238946e3e49cdb659680e1b45f41b237901 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 19 Jun, 2018 1 commit
-
-
Antonio Nino Diaz authored
The old API is deprecated and will eventually be removed. Arm platforms now use the multi console driver for boot and runtime consoles. However, the crash console uses the direct console API because it doesn't need any memory access to work. This makes it more robust during crashes. The AArch32 port of the Trusted Firmware doesn't support this new API yet, so it is only enabled in AArch64 builds. Because of this, the common code must maintain compatibility with both systems. SP_MIN doesn't have to be updated because it's only used in AArch32 builds. The TSP is only used in AArch64, so it only needs to support the new API without keeping support for the old one. Special care must be taken because of PSCI_SYSTEM_SUSPEND. In Juno, this causes the UARTs to reset (except for the one used by the TSP). This means that they must be unregistered when suspending and re-registered when resuming. This wasn't a problem with the old driver because it just restarted the UART, and there were no problems associated with registering and unregistering consoles. The size reserved for BL2 has been increased. Change-Id: Icefd117dd1eb9c498921181a21318c2d2435c441 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 18 May, 2018 1 commit
-
-
Soby Mathew authored
This patch adds capability to FVP to disable authentication dynamically via the `disable_auth` property in TB_FW_CONFIG. Both BL1 and BL2 parses the TB_FW_CONFIG for the `disable_auth` property and invokes the `load_dyn_disable_auth()` API to disable authentication if the property is set to 1. The DYN_DISABLE_AUTH is enabled by default for FVP as it is a development platform. Note that the TB_FW_CONFIG has to be authenticated by BL1 irrespective of these settings. The arm_bl2_dyn_cfg_init() is now earlier in bl2_plat_preload_setup() rather than in bl2_platform_setup() as we need to get the value of `disable_auth` property prior to authentication of any image by BL2. Change-Id: I734acd59572849793e5020ec44c6ac51f654a4d1 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 15 May, 2018 1 commit
-
-
Antonio Nino Diaz authored
This reverts commit 2f18aa1f . It is causing some tests to fail. Until the cause is found and fixed, it is needed to remove this commit from master. Change-Id: Ic5ff7a841903a15613e00379e87cbbd8a0e85152 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 11 May, 2018 2 commits
-
-
Antonio Nino Diaz authored
Normally, BL33 needs to contain a boot loader like U-Boot or UEFI that eventually gives control to the OS. However, in some cases, this boot sequence may be too slow. For example, when doing tests in a cycle-accurate emulator, the user may only be interested in the interaction between the Trusted Firmware and the OS, not in the boot process itself. The new option ARM_LINUX_KERNEL_AS_BL33 allows BL33 to contain the Linux kernel image by changing the value of registers x0-x3 to the values expected by the kernel. This option requires the device tree blob (DTB) to be present in memory. Its address must be specified in the newly introduced ARM_PRELOADED_DTB_BASE build option. For now, it only supports AArch64 kernels. This option is only available when RESET_TO_BL31=1. For this reason the BL33 binary must be preloaded in memory and PRELOADED_BL33_BASE must be used. For example, if the kernel is loaded at 0x80080000 and the DTB is loaded at address 0x82000000, the firmware could be built like this: CROSS_COMPILE=aarch64-linux-gnu- \ make PLAT=fvp DEBUG=1 \ RESET_TO_BL31=1 \ ARM_LINUX_KERNEL_AS_BL33=1 \ PRELOADED_BL33_BASE=0x80080000 \ ARM_PRELOADED_DTB_BASE=0x82000000 \ all fip Change-Id: If9dc847c65ae2d0c27b51f0fd44fc06b28497db9 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
The old API is deprecated and will eventually be removed. Arm platforms now use the multi console driver for boot and runtime consoles. However, the crash console uses the direct console API because it doesn't need any memory access to work. This makes it more robust during crashes. The AArch32 port of the Trusted Firmware doesn't support this new API yet, so it is only enabled in AArch64 builds. Because of this, the common code must maintain compatibility with both systems. SP_MIN doesn't have to be updated because it's only used in AArch32 builds. The TSP is only used in AArch64, so it only needs to support the new API without keeping support for the old one. Special care must be taken because of PSCI_SYSTEM_SUSPEND. In Juno, this causes the UARTs to reset (except for the one used by the TSP). This means that they must be unregistered when suspending and re-registered when resuming. This wasn't a problem with the old driver because it just restarted the UART, and there were no problems associated with registering and unregistering consoles. The size of BL31 has been increased in builds with SPM. Change-Id: Icefd117dd1eb9c498921181a21318c2d2435c441 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 04 May, 2018 1 commit
-
-
Jeenu Viswambharan authored
- Assign 0x10 for RAS exceptions on ARM platforms, and install EHF priority descriptor. - Call the common RAS initialisation from ARM BL31 setup. - Add empty definitions for platform error records and RAS interrupts. Change-Id: I0675f299b7840be4c83a9c7a81073a95c605dc90 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 08 Mar, 2018 1 commit
-
-
Soby Mathew authored
Previously, Juno used to depend on the SSC_GPRETN register to inform about the reset syndrome. This method was removed when SCP migrated to the SDS framework. But even the SDS framework doesn't report the reset syndrome correctly and hence Juno failed to enter Firmware update mode if BL2 authentication failed. In addition to that, the error code populated in V2M_SYS_NVFLAGS register does not seem to be retained any more on Juno across resets. This could be down to the motherboard firmware not doing the necessary to preserve the value. Hence this patch modifies the Juno platform to use the same mechanism to trigger firmware update as FVP which is to corrupt the FIP TOC on authentication failure. The implementation in `fvp_err.c` is made common for ARM platforms and is moved to the new `arm_err.c` file in plat/arm/common folder. The BL1 and BL2 mmap table entries for Juno are modified to allow write to the Flash memory address. Change-Id: Ica7d49a3e8a46a90efd4cf340f19fda3b549e945 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 26 Feb, 2018 2 commits
-
-
Soby Mathew authored
The patch adds the necessary changes to load HW_CONFIG in BL2 for ARM Platforms : 1. The load address of HW_CONFIG is specified via the `hw_config_addr` property in TB_FW_CONFIG is loaded by BL1. The `hw_config_max_size` property defines the maximum size to be expected for the HW_CONFIG. The `arm_dyn_cfg_helpers.c` and corresponding header implements utility functions to parse these DT properties defined. The `arm_dyn_cfg.c` implements wrappers to these helpers to enable them to be invoked from ARM platform layer. 2. `HW_CONFIG` is added to the `bl2_mem_params_descs[]` array which is the list of images to be loaded by BL2. 3. The `libfdt` sources are now included when BL2 is built 4. A new helper `populate_next_bl_params_config()` is introduced in desc_image_load.c to populate the subsequent executable BL images with the `hw_config` and the corresponding `fw_config` if available. The `plat_get_next_bl_params()` API for ARM platforms is modified to invoke this new helper. 5. The implementation of `bl2_early_platform_setup2()` is modified to consider `arg0` as well in addition to `arg1` passed from BL1. 6. Bump up the BL2 size for Juno to accommodate the inclusion of libfdt. Change-Id: I80f1554adec41753e0d179a5237364f04fe13a3f Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Soby Mathew authored
This patch modifies the bl1_platform_setup() API to load and authenticate TB_FW_CONFIG in BL1. The load address of the same is passed on to BL2 in `arg0` of entrypoint info. The fvp_io_storage.c and arm_io_storage.c also adds entries corresponding to TB_FW_CONFIG. A helper function `arm_load_tb_fw_config()` is added to load and authenticate TB_FW_CONFIG if present. Change-Id: Ie7bce667b3fad2b1a083bbcbc0a773f9f04254b1 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 01 Feb, 2018 3 commits
-
-
Masahiro Yamada authored
In the next commit, I need the image name in lowercase because output files are generally named in lowercase. Unfortunately, TOOL_ADD_IMG takes the first argument in uppercase since we generally use uppercase Make variables. make_helpers/build_macros.mk provides 'uppercase' macro to convert a string into uppercase, but 'lowercase' does not exist. We can implement it if we like, but it would be more straightforward to change the argument of TOOL_ADD_IMG. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
Now FIP_ADD_IMG takes care of both fiptool and cert_create symmetrically. Rename it so that it matches the behavior. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The build system supports generating two FIP images, fip and fwu_fip. Accordingly, we have similar build macros. FIP_ADD_PAYLOAD <--> FWU_FIP_ADD_PAYLOAD CERT_ADD_CMD_OPT <--> FWU_CERT_ADD_CMD_OPT FIP_ADD_IMG <--> FWU_FIP_ADD_IMG The duplicated code increases the maintenance burden. Also, the build rule of BL2U looks clumsy - we want to call MAKE_BL to compile it from source files, but we want to put it in fwu_fip. We can not do it in a single macro call since the current MAKE_BL does not support fwu_fip. To refactor those in a clean way is to support one more argument to specify the FIP prefix. If it is empty, the images are targeted to fip, whereas if the argument is "FWU_", targeted to fwu_fip. The build macros prefixed with FWU_ go away. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 18 Jan, 2018 1 commit
-
-
Roberto Vargas authored
This patch add supports for the new API added for BL2 at EL3 for FVP. We don't have a non-TF Boot ROM for FVP, but this option can be tested setting specific parameters in the model. The bl2 image is loaded directly in memory instead of being loaded by a non-TF Boot ROM and the reset address is changed: --data cluster0.cpu0=bl2.bin@0x4001000 -C cluster0.cpu0.RVBAR=0x4001000 These parameters mean that in the cold boot path the processor will jump to BL2 again. For this reason, BL2 is loaded in dram in this case, to avoid other images reclaiming BL2 memory. Change-Id: Ieb2ff8535a9e67ccebcd8c2212cad366e7776422 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 03 Jan, 2018 1 commit
-
-
Dimitris Papastamos authored
To allow BL31 to grow in SRAM, move TSP in TZC secured DRAM by default. Increase the BL31 max limit by one page. Change-Id: Idd3479be02f0f9bafac2f275376d7db0c2015431 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 13 Nov, 2017 2 commits
-
-
Jeenu Viswambharan authored
Support SDEI on ARM platforms using frameworks implemented in earlier patches by defining and exporting SDEI events: this patch defines the standard event 0, and a handful of shared and private dynamic events. Change-Id: I9d3d92a92cff646b8cc55eabda78e140deaa24e1 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
Define number of priority bits, and allocate priority levels for SDEI. Change-Id: Ib6bb6c5c09397f7caef950c4caed5a737b3d4112 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 01 Nov, 2017 1 commit
-
-
Roberto Vargas authored
ARM_TSP_RAM_LOCATION_ID was defined only in AARCH64, but the macro was also used in AARCH32, and it meant that it was taking the value 0, which happened to equal ARM_TRUSTED_SRAM_ID. Change-Id: If9f4dbee1a2ba15e7806f2a03305b554bd327363 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-