1. 20 Jul, 2017 1 commit
    • Soby Mathew's avatar
      CSS: Prevent SCP_BL2/2U from overwriting BL1 RW data · 1ea63d77
      Soby Mathew authored
      
      
      On ARM CSS platforms, the SCP_BL2/2U image is loaded below
      BL1 read-write data. This same memory is used to load BL31
      later on. But sufficient checks were not done to ensure that the
      SCP_BL2 would not overwrite BL1 rw data. This patch adds the
      required CASSERT checks to prevent overwrite into BL1 or BL2
      memory by load of SCP_BL2/2U. Also the size of BL31 is increased
      and SCP_BL2/2U size is decreased to accomodate it within the
      allocated region.
      
      Change-Id: I23b28b5e1589e91150852a06452bd52b273216ee
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      1ea63d77
  2. 12 Jul, 2017 1 commit
    • Isla Mitchell's avatar
      Fix order of #includes · 2a4b4b71
      Isla Mitchell authored
      
      
      This fix modifies the order of system includes to meet the ARM TF coding
      standard. There are some exceptions in order to retain header groupings,
      minimise changes to imported headers, and where there are headers within
      the #if and #ifndef statements.
      
      Change-Id: I65085a142ba6a83792b26efb47df1329153f1624
      Signed-off-by: default avatarIsla Mitchell <isla.mitchell@arm.com>
      2a4b4b71
  3. 28 Jun, 2017 2 commits
    • Soby Mathew's avatar
      ARM plat changes to enable CryptoCell integration · e60f2af9
      Soby Mathew authored
      
      
      This patch makes the necessary changes to enable ARM platform to
      successfully integrate CryptoCell during Trusted Board Boot. The
      changes are as follows:
      
      * A new build option `ARM_CRYPTOCELL_INTEG` is introduced to select
        the CryptoCell crypto driver for Trusted Board boot.
      
      * The TrustZone filter settings for Non Secure DRAM is modified
        to allow CryptoCell to read this memory. This is required to
        authenticate BL33 which is loaded into the Non Secure DDR.
      
      * The CSS platforms are modified to use coherent stacks in BL1 and BL2
        when CryptoCell crypto is selected. This is because CryptoCell makes
        use of DMA to transfer data and the CryptoCell SBROM library allocates
        buffers on the stack during signature/hash verification.
      
      Change-Id: I1e6f6dcd1899784f1edeabfa2a9f279bbfb90e31
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      e60f2af9
    • Soby Mathew's avatar
      Add headers to enable CryptoCell integration · bdd1cbf5
      Soby Mathew authored
      
      
      This patch adds header files with required declarations and
      macro definitions to enable integration with CryptoCell SBROM
      version `CC712 – Release 1.0.0.1061`. These headers enable ARM
      Trusted Firmware to build and link with CryptoCell SBROM
      library.
      
      Change-Id: I501eda7fe1429acb61db8e1cab78cc9aee9c1871
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      bdd1cbf5
  4. 23 Jun, 2017 2 commits
  5. 22 Jun, 2017 2 commits
    • Dimitris Papastamos's avatar
      aarch32: Apply workaround for errata 813419 of Cortex-A57 · 6f512a3d
      Dimitris Papastamos authored
      
      
      TLBI instructions for monitor mode won't have the desired effect under
      specific circumstances in Cortex-A57 r0p0. The workaround is to
      execute DSB and TLBI twice each time.
      
      Even though this errata is only needed in r0p0, the current errata
      framework is not prepared to apply run-time workarounds. The current one
      is always applied if compiled in, regardless of the CPU or its revision.
      
      The `DSB` instruction used when initializing the translation tables has
      been changed to `DSB ISH` as an optimization and to be consistent with
      the barriers used for the workaround.
      
      NOTE: This workaround is present in AArch64 TF and already enabled by
      default on Juno.
      
      Change-Id: I10b0baa304ed64b13b7b26ea766e61461e759dfa
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      6f512a3d
    • dp-arm's avatar
      aarch64: Enable Statistical Profiling Extensions for lower ELs · d832aee9
      dp-arm authored
      
      
      SPE is only supported in non-secure state.  Accesses to SPE specific
      registers from SEL1 will trap to EL3.  During a world switch, before
      `TTBR` is modified the SPE profiling buffers are drained.  This is to
      avoid a potential invalid memory access in SEL1.
      
      SPE is architecturally specified only for AArch64.
      
      Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      d832aee9
  6. 21 Jun, 2017 1 commit
    • David Cunado's avatar
      Fully initialise essential control registers · 18f2efd6
      David Cunado authored
      
      
      This patch updates the el3_arch_init_common macro so that it fully
      initialises essential control registers rather then relying on hardware
      to set the reset values.
      
      The context management functions are also updated to fully initialise
      the appropriate control registers when initialising the non-secure and
      secure context structures and when preparing to leave EL3 for a lower
      EL.
      
      This gives better alignement with the ARM ARM which states that software
      must initialise RES0 and RES1 fields with 0 / 1.
      
      This patch also corrects the following typos:
      
      "NASCR definitions" -> "NSACR definitions"
      
      Change-Id: Ia8940b8351dc27bc09e2138b011e249655041cfc
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      18f2efd6
  7. 20 Jun, 2017 3 commits
  8. 15 Jun, 2017 1 commit
  9. 14 Jun, 2017 2 commits
  10. 09 Jun, 2017 1 commit
  11. 07 Jun, 2017 2 commits
    • Haojian Zhuang's avatar
      stdlib: support AARCH32 in endian head file · e6a993d4
      Haojian Zhuang authored
      
      
      Add the support of AARCH32 in endian head file. The code is also
      imported from FreeBSD 11.0. It's based on commit in below.
      
      commit 4e3a5b429989b4ff621682ff1462f801237bd551
      Author: mmel <mmel@FreeBSD.org>
      Date:   Tue Nov 10 12:02:41 2015 +0000
      
          ARM: Remove trailing whitespace from sys/arm/include
          No functional changes.
      
          Approved by:    kib (mentor)
      Signed-off-by: default avatarHaojian Zhuang <haojian.zhuang@linaro.org>
      e6a993d4
    • Haojian Zhuang's avatar
      stdlib: import endian head file from freebsd · b15f31ac
      Haojian Zhuang authored
      Import endian head files from FreeBSD 11.0. The link of FreeBSD source code
      is https://github.com/freebsd/freebsd
      
      
      
      Import machine/endian.h from sys/arm64/include/endian.h in FreeBSD.
      commit d09ff72cef8e35dbf62f7363dcbf07b453f06243
      Author: andrew <andrew@FreeBSD.org>
      Date:   Mon Mar 23 11:54:56 2015 +0000
      
          Add the start of the arm64 machine headers. This is the subset needed to
          start getting userland libraries building.
      
          Reviewed by:        imp
          Sponsored by:       The FreeBSD Foundation
      
      Import sys/endian.h from sys/sys/endian.h in FreeBSD.
      commit 3c3fa2f5b0c7640373fcbcc3f667bf7794e8e609
      Author: phk <phk@FreeBSD.org>
      Date:   Thu May 20 06:16:13 2010 +0000
      
          Fix some way-past-brucification complaints from FlexeLint.
      Signed-off-by: default avatarHaojian Zhuang <haojian.zhuang@linaro.org>
      b15f31ac
  12. 05 Jun, 2017 3 commits
    • Soby Mathew's avatar
      Add SCMI support for Juno platform · 40111d44
      Soby Mathew authored
      
      
      This patch adds the memory map region for the SCMI payload memory
      and maps the Juno core indices to SCMI power domains via the
      `plat_css_core_pos_to_scmi_dmn_id_map` array.
      
      Change-Id: I0d2bb2a719ff5b6a9d8e22e91e1625ab14453665
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      40111d44
    • Soby Mathew's avatar
      CSS: Add SCMI driver for SCP · c04a3b6c
      Soby Mathew authored
      
      
      This patch adds the SCMI driver for communicating with SCP. The power
      domain management and system power management protocol of the SCMI
      specification[1] is implemented in the driver. The SCP power management
      abstraction layer for SCMI for CSS power management is also added.
      
      A new buid option `CSS_USE_SCMI_DRIVER` is introduced to select SCMI
      driver over SCPI.
      
      [1] ARM System Control and Management Interface v1.0 (SCMI)
      Document number: ARM DEN 0056A
      
      Change-Id: I67265615a17e679a2afe810b9b0043711ba09dbb
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      c04a3b6c
    • Soby Mathew's avatar
      Add support for RSASSAPSS algorithm in mbedtls crypto driver · 1001202d
      Soby Mathew authored
      
      
      This patch adds support for RSASSA-PSS Signature Algorithm for
      X509 certificates in mbedtls crypto driver. Now the driver supports
      RSA PKCS2_1 standard as mandated by TBBR.
      
      NOTE: With this patch, the PKCS1_5 standard compliant RSA signature
      is deprecated.
      
      Change-Id: I9cf6d073370b710cc36a7b374a55ec96c0496461
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      1001202d
  13. 01 Jun, 2017 2 commits
  14. 31 May, 2017 2 commits
  15. 24 May, 2017 4 commits
  16. 23 May, 2017 2 commits
    • Masahiro Yamada's avatar
      cert: move platform_oid.h to include/tools_share for all platforms · bb41eb7a
      Masahiro Yamada authored
      
      
      Platforms aligned with TBBR are supposed to use their own OIDs, but
      defining the same macros with different OIDs does not provide any
      value (at least technically).
      
      For easier use of TBBR, this commit allows platforms to reuse the OIDs
      obtained by ARM Ltd.  This will be useful for non-ARM vendors that
      do not need their own extension fields in their certificate files.
      
      The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h
      
      Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by
      defining USE_TBBR_DEFS as 1.  USE_TBBR_DEFS is 0 by default to keep the
      backward compatibility.
      
      For clarification, I inserted a blank line between headers from the
      include/ directory (#include <...>) and ones from a local directory
      (#include "..." ).
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      bb41eb7a
    • Masahiro Yamada's avatar
      fip: move headers shared between TF and fiptool to include/tools_share · 2a6c1a8f
      Masahiro Yamada authored
      
      
      Some header files need to be shared between TF and host programs.
      For fiptool, two headers are copied to the tools/fiptool directory,
      but it looks clumsy.
      
      This commit introduces a new directory, include/tools_share, which
      collects headers that should be shared between TF and host programs.
      
      This will clarify the interface exposed to host tools.  We should
      add new headers to this directory only when we really need to do so.
      
      For clarification, I inserted a blank line between headers from the
      include/ directory (#include <...>) and ones from a local directory
      (#include "..." ).
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      2a6c1a8f
  17. 16 May, 2017 1 commit
    • Antonio Nino Diaz's avatar
      Simplify assert() to reduce memory usage · 0da2fe7e
      Antonio Nino Diaz authored
      
      
      The behaviour of assert() now depends on the value of the new optional
      platform define `PLAT_LOG_LEVEL_ASSERT`. This defaults to `LOG_LEVEL` if
      not defined by the platform.
      
      - If `PLAT_LOG_LEVEL_ASSERT` >= `LOG_LEVEL_VERBOSE`, it prints the file
        name, line and asserted expression.
      - If `PLAT_LOG_LEVEL_ASSERT` >= `LOG_LEVEL_INFO`, it prints the file
        name and line.
      - If not, it doesn't print anything.
      
      Note the old behaviour was to print the function name whereas now it
      prints the file name. This reduces memory usage because the file name is
      shared between all assert calls in a given file. Also, the default
      behaviour in debug builds is to no longer print the asserted expression,
      greatly reducing the string usage.
      
      For FVP debug builds this change saves approximately:
      
                    No TBBR    TBBR
              BL1    1.6 KB   2.2 KB
              BL2    1.7 KB   2.1 KB
              BL31   2.6 KB   3.3 KB
      
      Change-Id: I2947569d593df0b25611dc3c7a6096f42155c115
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      0da2fe7e
  18. 15 May, 2017 2 commits
  19. 12 May, 2017 2 commits
    • David Cunado's avatar
      mbedtls: Namespace for TF specific macros · b1883510
      David Cunado authored
      
      
      An earlier patch (arm-trusted-firmware#874) migrated MBEDTLS_ suffixed
      macros to have a TBBR_ suffix to avoid any potential clash with future
      mbedtls macros.
      
      But on reflection the TBBR_ suffix could be confusing as the macros
      are used to drive TF-specific configuration of mbedtls. As such
      this patch migrates these macros from TBBR_suffix to TF_MBEDTLS_
      suffix which more accurately conveys their use.
      
      Change-Id: Ic87642b653ceeaa03d62f724976abd5e12e867d4
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      b1883510
    • Soby Mathew's avatar
      AArch32: Rework SMC context save and restore mechanism · b6285d64
      Soby Mathew authored
      
      
      The current SMC context data structure `smc_ctx_t` and related helpers are
      optimized for case when SMC call does not result in world switch. This was
      the case for SP_MIN and BL1 cold boot flow. But the firmware update usecase
      requires world switch as a result of SMC and the current SMC context helpers
      were not helping very much in this regard. Therefore this patch does the
      following changes to improve this:
      
      1. Add monitor stack pointer, `spmon` to `smc_ctx_t`
      
      The C Runtime stack pointer in monitor mode, `sp_mon` is added to the
      SMC context, and the `smc_ctx_t` pointer is cached in `sp_mon` prior
      to exit from Monitor mode. This makes is easier to retrieve the
      context when the next SMC call happens. As a result of this change,
      the SMC context helpers no longer depend on the stack to save and
      restore the register.
      
      This aligns it with the context save and restore mechanism in AArch64.
      
      2. Add SCR in `smc_ctx_t`
      
      Adding the SCR register to `smc_ctx_t` makes it easier to manage this
      register state when switching between non secure and secure world as a
      result of an SMC call.
      
      Change-Id: I5e12a7056107c1701b457b8f7363fdbf892230bf
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      b6285d64
  20. 09 May, 2017 1 commit
  21. 04 May, 2017 2 commits
    • David Cunado's avatar
      Migrate secure payload dispatchers to new SMC terminology · bbbbcdae
      David Cunado authored
      Since Issue B (November 2016) of the SMC Calling Convention document
      standard SMC calls are renamed to yielding SMC calls to help avoid
      confusion with the standard service SMC range, which remains unchanged.
      
      http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pd
      
      
      
      A previous patch introduced a new define for yielding SMC call type.
      This patch updates the secure payload dispatchers (except the TSPD) to
      use this new define and also migrates the code to use the new
      terminology.
      
      Change-Id: I3d2437c04e3b21fdbd32019f55c066c87679a5bf
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      bbbbcdae
    • Jeenu Viswambharan's avatar
      Introduce ARM SiP service to switch execution state · b10d4499
      Jeenu Viswambharan authored
      
      
      In AArch64, privileged exception levels control the execution state
      (a.k.a. register width) of the immediate lower Exception Level; i.e.
      whether the lower exception level executes in AArch64 or AArch32 state.
      For an exception level to have its execution state changed at run time,
      it must request the change by raising a synchronous exception to the
      higher exception level.
      
      This patch implements and adds such a provision to the ARM SiP service,
      by which an immediate lower exception level can request to switch its
      execution state. The execution state is switched if the request is:
      
        - raised from non-secure world;
      
        - raised on the primary CPU, before any secondaries are brought online
          with CPU_ON PSCI call;
      
        - raised from an exception level immediately below EL3: EL2, if
          implemented; otherwise NS EL1.
      
      If successful, the SMC doesn't return to the caller, but to the entry
      point supplied with the call. Otherwise, the caller will observe the SMC
      returning with STATE_SW_E_DENIED code. If ARM Trusted Firmware is built
      for AArch32, the feature is not supported, and the call will always
      fail.
      
      For the ARM SiP service:
      
        - Add SMC function IDs for both AArch32 and AArch64;
        - Increment the SiP service minor version to 2;
        - Adjust the number of supported SiP service calls.
      
      Add documentation for ARM SiP service.
      
      Fixes ARM-software/tf-issues#436
      
      Change-Id: I4347f2d6232e69fbfbe333b340fcd0caed0a4cea
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      b10d4499
  22. 03 May, 2017 1 commit