1. 20 Dec, 2019 6 commits
    • Paul Beesley's avatar
      spm-mm: Rename component makefile · 442e0928
      Paul Beesley authored
      
      
      Change-Id: Idcd2a35cd2b30d77a7ca031f7e0172814bdb8cab
      Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      442e0928
    • Paul Beesley's avatar
      spm-mm: Remove mm_svc.h header · 962c44e7
      Paul Beesley authored
      
      
      The contents of this header have been merged into the spm_mm_svc.h
      header file.
      
      Change-Id: I01530b2e4ec1b4c091ce339758025e2216e740a4
      Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      962c44e7
    • Paul Beesley's avatar
      spm-mm: Refactor spm_svc.h and its contents · 0bf9f567
      Paul Beesley authored
      
      
      Change-Id: I91c192924433226b54d33e57d56d146c1c6df81b
      Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      0bf9f567
    • Paul Beesley's avatar
      spm-mm: Refactor secure_partition.h and its contents · aeaa225c
      Paul Beesley authored
      
      
      Before adding any new SPM-related components we should first do
      some cleanup around the existing SPM-MM implementation. The aim
      is to make sure that any SPM-MM components have names that clearly
      indicate that they are MM-related. Otherwise, when adding new SPM
      code, it could quickly become confusing as it would be unclear to
      which component the code belongs.
      
      The secure_partition.h header is a clear example of this, as the
      name is generic so it could easily apply to any SPM-related code,
      when it is in fact SPM-MM specific.
      
      This patch renames the file and the two structures defined within
      it, and then modifies any references in files that use the header.
      
      Change-Id: I44bd95fab774c358178b3e81262a16da500fda26
      Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      aeaa225c
    • Paul Beesley's avatar
      spm: Remove SPM Alpha 1 prototype and support files · 538b0020
      Paul Beesley authored
      
      
      The Secure Partition Manager (SPM) prototype implementation is
      being removed. This is preparatory work for putting in place a
      dispatcher component that, in turn, enables partition managers
      at S-EL2 / S-EL1.
      
      This patch removes:
      
      - The core service files (std_svc/spm)
      - The Resource Descriptor headers (include/services)
      - SPRT protocol support and service definitions
      - SPCI protocol support and service definitions
      
      Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426
      Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      Signed-off-by: default avatarArtsem Artsemenka <artsem.artsemenka@arm.com>
      538b0020
    • Paul Beesley's avatar
      Remove dependency between SPM_MM and ENABLE_SPM build flags · 3f3c341a
      Paul Beesley authored
      
      
      There are two different implementations of Secure Partition
      management in TF-A. One is based on the "Management Mode" (MM)
      design, the other is based on the Secure Partition Client Interface
      (SPCI) specification. Currently there is a dependency between their
      build flags that shouldn't exist, making further development
      harder than it should be. This patch removes that
      dependency, making the two flags function independently.
      
      Before: ENABLE_SPM=1 is required for using either implementation.
              By default, the SPCI-based implementation is enabled and
              this is overridden if SPM_MM=1.
      
      After: ENABLE_SPM=1 enables the SPCI-based implementation.
             SPM_MM=1 enables the MM-based implementation.
             The two build flags are mutually exclusive.
      
      Note that the name of the ENABLE_SPM flag remains a bit
      ambiguous - this will be improved in a subsequent patch. For this
      patch the intention was to leave the name as-is so that it is
      easier to track the changes that were made.
      
      Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a
      Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      3f3c341a
  2. 19 Nov, 2019 1 commit
    • Justin Chadwell's avatar
      Enable -Wshadow always · b7f6525d
      Justin Chadwell authored
      
      
      Variable shadowing is, according to the C standard, permitted and valid
      behaviour. However, allowing a local variable to take the same name as a
      global one can cause confusion and can make refactoring and bug hunting
      more difficult.
      
      This patch moves -Wshadow from WARNING2 into the general warning group
      so it is always used. It also fixes all warnings that this introduces
      by simply renaming the local variable to a new name
      
      Change-Id: I6b71bdce6580c6e58b5e0b41e4704ab0aa38576e
      Signed-off-by: default avatarJustin Chadwell <justin.chadwell@arm.com>
      b7f6525d
  3. 06 Aug, 2019 1 commit
  4. 05 Aug, 2019 1 commit
  5. 01 Aug, 2019 2 commits
    • Julius Werner's avatar
      Switch AARCH32/AARCH64 to __aarch64__ · 402b3cf8
      Julius Werner authored
      
      
      NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__.
      
      All common C compilers pre-define the same macros to signal which
      architecture the code is being compiled for: __arm__ for AArch32 (or
      earlier versions) and __aarch64__ for AArch64. There's no need for TF-A
      to define its own custom macros for this. In order to unify code with
      the export headers (which use __aarch64__ to avoid another dependency),
      let's deprecate the AARCH32 and AARCH64 macros and switch the code base
      over to the pre-defined standard macro. (Since it is somewhat
      unintuitive that __arm__ only means AArch32, let's standardize on only
      using __aarch64__.)
      
      Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      402b3cf8
    • Julius Werner's avatar
      Replace __ASSEMBLY__ with compiler-builtin __ASSEMBLER__ · d5dfdeb6
      Julius Werner authored
      
      
      NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__.
      
      All common C compilers predefine a macro called __ASSEMBLER__ when
      preprocessing a .S file. There is no reason for TF-A to define it's own
      __ASSEMBLY__ macro for this purpose instead. To unify code with the
      export headers (which use __ASSEMBLER__ to avoid one extra dependency),
      let's deprecate __ASSEMBLY__ and switch the code base over to the
      predefined standard.
      
      Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      d5dfdeb6
  6. 10 Jul, 2019 1 commit
  7. 09 Apr, 2019 1 commit
    • Paul Beesley's avatar
      services/spm: Fix service UUID lookup · 00e51ca3
      Paul Beesley authored
      
      
      The spm_sp_get_by_uuid() function is used to look up the secure
      partition that provides a given service.
      
      Within this function, memcmp() is used to compare the service
      UUIDs but it uses the size of the rdsvc->uuid pointer instead of
      the size of its content (missing dereference). This means that only
      a partial comparison is performed as UUIDs are 128 bits in length and
      rdsvc->uuid is a uint32_t typed pointer.
      
      Instead, use the size of the array pointed to by the svc_uuid parameter,
      which will be the full 128 bits, for the comparison.
      
      Change-Id: I258fb0cca3bf19f97b8f2a4c133981647cd050e4
      Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      00e51ca3
  8. 03 Apr, 2019 4 commits
    • Ambroise Vincent's avatar
      Makefile: remove extra include paths in INCLUDES · 6e756f6d
      Ambroise Vincent authored
      Now it is needed to use the full path of the common header files.
      
      Commit 09d40e0e
      
       ("Sanitise includes across codebase") provides more
      information.
      
      Change-Id: Ifedc79d9f664d208ba565f5736612a3edd94c647
      Signed-off-by: default avatarAmbroise Vincent <ambroise.vincent@arm.com>
      6e756f6d
    • Antonio Nino Diaz's avatar
      SPM: Adjust size of virtual address space per partition · 75f364b3
      Antonio Nino Diaz authored
      
      
      Rather than using a fixed virtual address space size, read all regions
      in the resource description of each partition and restrict the virtual
      address space size to the one the partition actually needs.
      
      This also allows SPM to take advantage of the extension ARMv8.4-TTST if
      the virtual address space size is small enough.
      
      Change-Id: I8646aa95e659136b58b44b040364cdee631f7e82
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      75f364b3
    • Antonio Nino Diaz's avatar
      SPM: Refactor xlat context creation · 014df18b
      Antonio Nino Diaz authored
      
      
      Right now the virtual address space is fixed to
      PLAT_VIRT_ADDR_SPACE_SIZE, so all base translation tables are the same
      size and need the same alignment. The current code allocates the exact
      space needed by this initial table.
      
      However, a following patch is going to allow each partition to choose
      the size of its address space based on the memory regions defined in
      their resource description, so it isn't possible to determine this at
      build time. As this optimization no longer applies, it has to be
      removed.
      
      Change-Id: Ia8d19f4981e1017e4ffe0ba136de73d701044cb0
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      014df18b
    • Antonio Nino Diaz's avatar
      SPM: Move shim layer to TTBR1_EL1 · 6de6965b
      Antonio Nino Diaz authored
      
      
      This gives each Secure Partition complete freedom on its address space.
      Previously, the memory used by the exception vectors was reserved and
      couldn't be used. Also, it always had to be mapped, forcing SPM to
      generate translation tables that included the exception vectors as well
      as the Partition memory regions. With this change, partitions can reduce
      their address space size easily.
      
      Change-Id: I67fb5e9bdf2870b73347f23bff702fab0a8f8711
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      6de6965b
  9. 02 Apr, 2019 1 commit
  10. 01 Apr, 2019 3 commits
  11. 04 Mar, 2019 1 commit
  12. 27 Feb, 2019 1 commit
  13. 14 Feb, 2019 1 commit
  14. 12 Feb, 2019 2 commits
  15. 08 Feb, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Make setjmp.h prototypes comply with the C standard · e0566305
      Antonio Nino Diaz authored
      
      
      Instead of having a custom implementation of setjmp() and longjmp() it
      is better to follow the C standard.
      
      The comments in setjmp.h are no longer needed as there are no deviations
      from the expected one, so they have been removed.
      
      All SDEI code that relied on them has been fixed to use the new function
      prototypes and structs.
      
      Change-Id: I6cd2e21cb5a5bcf81ba12283f2e4c067bd5172ca
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      e0566305
  16. 06 Feb, 2019 1 commit
  17. 05 Feb, 2019 1 commit
  18. 31 Jan, 2019 3 commits
    • Stephen Wolfe's avatar
      spd: trusty: pass max affinity level to Trusty · 1ffaaec9
      Stephen Wolfe authored
      
      
      During System Suspend, the entire system loses its state. To allow Trusty
      to save/restore its context and allow its TAs to participate in the suspend
      process, it needs to look at the max affinity level being suspended. This
      patch passes the max affinity level to Trusty to enable to do so.
      
      Change-Id: If7838dae10c3f5a694baedb15ec56fbad41f2b36
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      1ffaaec9
    • Mihir Joshi's avatar
      spd: tlkd: remove unwanted assert on System Suspend entry · 278d599c
      Mihir Joshi authored
      
      
      c_rt_ctx is used to store current SP before the system goes
      into suspend. The assert for its value being zero is not
      really necessary as the value gets over-written eventually.
      
      This patch removes assert(tlk_ctx->c_rt_ctx == 0) from the
      System Suspend path, as a result.
      
      Change-Id: If41f15e74ebbbfd82958d8e179114899b2ffb0a7
      Signed-off-by: default avatarMihir Joshi <mihirj@nvidia.com>
      278d599c
    • Mihir Joshi's avatar
      tlkd: support new TLK SMCs · 7bc05f52
      Mihir Joshi authored
      This patch adds support to handle following TLK SMCs:
      {TLK_SS_REGISTER_HANDLER, TLK_REGISTER_NS_DRAM_RANGES, TLK_SET_ROOT_OF_TRUST}
      
      These SMCs need to be supported in ATF in order to forward them to
      TLK. Otherwise, these functionalities won't work.
      
      Brief:
      TLK_SS_REGISTER_HANDLER: This SMC is issued by TLK Linux Driver to
      set up secure storage buffers.
      
      TLK_REGISTER_NS_DRAM_RANGES: Cboot performs this SMC during boot to
      pass NS memory ranges to TLK.
      
      TLK_SET_ROOT_OF_TRUST: Cboot performs this SMC during boot to pass
      Verified Boot parameters to TLK.
      
      Change-Id: I18af35f6dd6f510dfc22c1d1d1d07f643c7b82bc
      Reviewed-on: https://git-master.nvidia.com/r/1643851
      
      Signed-off-by: default avatarMihir Joshi <mihirj@nvidia.com>
      7bc05f52
  19. 30 Jan, 2019 1 commit
  20. 24 Jan, 2019 1 commit
  21. 23 Jan, 2019 1 commit
    • Anthony Zhou's avatar
      spd: trusty : fix defects flagged by MISRA scan · 591054a3
      Anthony Zhou authored
      
      
      Main Fixes:
      
      Use int32_t replace int [Rule 4.6]
      
      Added explicit casts (e.g. 0U) to integers in order for them to be
        compatible with whatever operation they're used in [Rule 10.1]
      
      Force operands of an operator to the same type category [Rule 10.4]
      
      Fixed if statement conditional to be essentially boolean [Rule 14.4]
      
      Voided non c-library functions whose return types are not used
      [Rule 17.7]
      
      Change-Id: I98caa330c371757eb2dfb9438448cb99115ed907
      Signed-off-by: default avatarAnthony Zhou <anzhou@nvidia.com>
      591054a3
  22. 22 Jan, 2019 2 commits
  23. 15 Jan, 2019 3 commits