- 26 Jan, 2015 1 commit
-
-
Juan Castillo authored
This patch allows the secure payload (BL3-2) to be loaded in the DRAM region secured by the TrustZone controller (top 16 MB of DRAM1). The location of BL3-2 can be selected at build time by setting the build flag FVP_TSP_RAM_LOCATION to one of the following options: - 'tsram' : Trusted SRAM (this is the default option) - 'tdram' : Trusted DRAM - 'dram' : Secure region in DRAM1 (top 16MB configured by the TrustZone controller) The number of MMU tables in BL3-2 depends on its location in memory: 3 in case it is loaded in DRAM, 2 otherwise. Documentation updated accordingly. Fixes ARM-software/tf-issues#212 Change-Id: I371eef3a4159f06a0c9e3c6c1f4c905b2f93803a
-
- 12 Jan, 2015 1 commit
-
-
Juan Castillo authored
Patch 20d51cad moved the shared data page from the top of the Trusted SRAM to the bottom, changing the load addresses of BL3-1 and BL3-2. This patch updates BL3-1 and BL3-2 addresses in the instructions to run the Trusted Firmware on FVP using BL3-1 as reset vector. This patch is similar to but distinct from bfb1dd51 and 7ea4c437. Change-Id: I6b467f9a82360a5e2181db99fea881487de52704
-
- 09 Jan, 2015 1 commit
-
-
Sandrine Bailleux authored
Previously, the User Guide recommended launching the Foundation FVP with the parameter --no-secure-memory, which disabled security control of the address map. This was due to missing support for secure memory regions in v1 of the Foundation FVP. This is no longer needed as secure memory is now supported on the Foundation FVP. This patch updates the User Guide to recommend enabling secure memory instead. Change-Id: Ifae53c10ff6e1c7c6724af20e05a3d3a88f6a5ad
-
- 07 Jan, 2015 1 commit
-
-
Joakim Bech authored
Fixes arm-software/tf-issues#276
-
- 06 Jan, 2015 1 commit
-
-
Juan Castillo authored
This patch allows to define the name of the FIP at build time by defining the FIP_NAME variable. If FIP_NAME is not defined, default name 'fip.bin' is used. Documentation updated accordingly. Change-Id: Ic41f42aac379b0c958b3dfd02863ba8ba7108710
-
- 22 Oct, 2014 1 commit
-
-
Juan Castillo authored
This patch deprecates the build option to relocate the shared data into Trusted DRAM in FVP. After this change, shared data is always located at the base of Trusted SRAM. This reduces the complexity of the memory map and the number of combinations in the build options. Fixes ARM-software/tf-issues#257 Change-Id: I68426472567b9d8c6d22d8884cb816f6b61bcbd3
-
- 14 Oct, 2014 1 commit
-
-
Juan Castillo authored
This patch configures the TrustZone Controller in Juno to split the 2GB DDR-DRAM memory at 0x80000000 into Secure and Non-Secure regions: - Secure DDR-DRAM: top 16 MB, except for the last 2 MB which are used by the SCP for DDR retraining - Non-Secure DDR-DRAM: remaining DRAM starting at base address Build option PLAT_TSP_LOCATION selects the location of the secure payload (BL3-2): - 'tsram' : Trusted SRAM (default option) - 'dram' : Secure region in the DDR-DRAM (set by the TrustZone controller) The MMU memory map has been updated to give BL2 permission to load BL3-2 into the DDR-DRAM secure region. Fixes ARM-software/tf-issues#233 Change-Id: I6843fc32ef90aadd3ea6ac4c7f314f8ecbd5d07b
-
- 16 Sep, 2014 1 commit
-
-
Soby Mathew authored
This patch adds support for supplying pre-built BL binaries for BL2, BL3-1 and BL3-2 during trusted firmware build. Specifying BLx = <path_to_BLx> in the build command line, where 'x' is any one of BL2, BL3-1 or BL3-2, will skip building that BL stage from source and include the specified binary in final fip image. This patch also makes BL3-3 binary for FIP optional depending on the value of 'NEED_BL33' flag which is defined by the platform. Fixes ARM-software/tf-issues#244 Fixes ARM-software/tf-issues#245 Change-Id: I3ebe1d4901f8b857e8bb51372290978a3323bfe7
-
- 28 Aug, 2014 1 commit
-
-
Dan Handley authored
* Fix broken link to SCP download. * Remove requirement to install `ia32-libs`. This package is no longer available in current versions of Ubuntu and is no longer required when using the Linaro toolchain. Change-Id: I9823d535a1d69136685754b7707b73e1eef0978d
-
- 27 Aug, 2014 3 commits
-
-
Sandrine Bailleux authored
This patch gathers miscellaneous minor fixes to the documentation, and comments in the source code. Change-Id: I631e3dda5abafa2d90f464edaee069a1e58b751b Co-Authored-By: Soby Mathew <soby.mathew@arm.com> Co-Authored-By: Dan Handley <dan.handley@arm.com>
-
Juan Castillo authored
This patch makes the Trusted Firmware build instructions in the user guide platform independent. FVP specific instructions have been grouped together under a new section dedicated to FVP. Juno specific instructions to build and run the Trusted Firmware, UEFI and Linux have been added. Change-Id: I9bfb1b9d732b1f73abbe29f68ac931e1773a4fd5
-
Dan Handley authored
Fix the instructions for resetting to the BL3-1 entrypoint in the user guide. The BL3-1 and BL3-2 image locations changed in the fix to ARM-software/tf-issues#100 (commit 186c1d4b). This is distinct from the similar issue fixed in commit bfb1dd51. Also clarify the dependence on the FVP_SHARED_DATA_LOCATION and FVP_TSP_RAM_LOCATION build options, and tidy up the "Notes regarding Base FVP configuration options" section. Change-Id: I6b03452a71f0c69efa169852712bcb184242696e
-
- 21 Aug, 2014 1 commit
-
-
Dan Handley authored
Move up the version numbers of the following Trusted Firmware dependencies in the user guide: * Foundation and Base FVPs (latest publically available versions). * EDK2 implementation. The guide now uses the latest version from https://github.com/ARM-software/edk2.git. This requires the `iasl` package to also be installed. * Linux kernel. The guide now uses the latest version from https://github.com/ARM-software/linux.git. * Linaro OpenEmbedded file system. * ARM Development Studio 5. Change-Id: I95bb863a61e47b9ef8be3d110f7087375ee78add
-
- 14 Aug, 2014 1 commit
-
-
Juan Castillo authored
This patch groups the current contents of the Trusted DRAM region at address 0x00_0600_0000 (entrypoint mailboxes and BL3-1 parameters) in a single shared memory area that may be allocated to Trusted SRAM (default) or Trusted DRAM at build time by setting the FVP_SHARED_DATA_LOCATION make variable. The size of this shared memory is 4096 bytes. The combination 'Shared data in Trusted SRAM + TSP in Trusted DRAM' is not currently supported due to restrictions in the maximum number of mmu tables that can be created. Documentation has been updated to reflect these changes. Fixes ARM-software/tf-issues#100 Change-Id: I26ff04d33ce4cacf8d770d1a1e24132b4fc53ff0
-
- 13 Aug, 2014 1 commit
-
-
Dan Handley authored
Fix the instructions for resetting to the BL3-1 entrypoint in the user guide. The BL3-1 and BL3-2 image locations changed in the fix to ARM-software/tf-issues#117 (commit a1b6db6c). Fixes ARM-software/tf-issues#237 Change-Id: I764eb17c66034511efb984c0e7cfda29bd99198f
-
- 12 Aug, 2014 2 commits
-
-
Dan Handley authored
Create new LOG_LEVEL build option, which controls the amount of console output compiled into the build. This should be one of the following: 0 (LOG_LEVEL_NONE) 10 (LOG_LEVEL_NOTICE) 20 (LOG_LEVEL_ERROR) 30 (LOG_LEVEL_WARNING) 40 (LOG_LEVEL_INFO) 50 (LOG_LEVEL_VERBOSE) All log output up to and including the log level is compiled into the build. The default value is 40 in debug builds and 20 in release builds. Complement the existing INFO, WARN and ERROR console output macros with NOTICE and VERBOSE macros, which are conditionally compiled in depending on the value of LOG_LEVEL. Fixes ARM-software/tf-issues#232 Change-Id: I951e2f333e7b90fc4b1060741d9a6db699d5aa72
-
Juan Castillo authored
Secure ROM at address 0x0000_0000 is defined as FVP_TRUSTED_ROM Secure RAM at address 0x0400_0000 is defined as FVP_TRUSTED_SRAM Secure RAM at address 0x0600_0000 is defined as FVP_TRUSTED_DRAM BLn_BASE and BLn_LIMIT definitions have been updated and are based on these new memory regions. The available memory for each bootloader in the linker script is defined by BLn_BASE and BLn_LIMIT, instead of the complete memory region. TZROM_BASE/SIZE and TZRAM_BASE/SIZE are no longer required as part of the platform porting. FVP common definitions are defined in fvp_def.h while platform_def.h contains exclusively (with a few exceptions) the definitions that are mandatory in the porting guide. Therefore, platform_def.h now includes fvp_def.h instead of the other way around. Porting guide has been updated to reflect these changes. Change-Id: I39a6088eb611fc4a347db0db4b8f1f0417dbab05
-
- 07 Aug, 2014 1 commit
-
-
Juan Castillo authored
Tests show a slight reduction in code size compared to 13.11. User guide updated. Fixes ARM-software/tf-issues#207 Change-Id: I9b80a5d7820cdfd443cac4d4b63f925b74a8c3a3
-
- 01 Aug, 2014 1 commit
-
-
Vikram Kanigiri authored
This patch adds support for BL3-2 initialization by asynchronous method where BL3-1 transfers control to BL3-2 using world switch. After BL3-2 initialization, it transfers control to BL3-3 via SPD service handler. The SPD service handler initializes the CPU context to BL3-3 entrypoint depending on the return function indentifier from TSP initialization. Fixes ARM-software/TF-issues#184 Change-Id: I7b135c2ceeb356d3bb5b6a287932e96ac67c7a34
-
- 28 Jul, 2014 1 commit
-
-
Soby Mathew authored
The patch implements a macro ASM_ASSERT() which can be invoked from assembly code. When assertion happens, file name and line number of the check is written to the crash console. Fixes ARM-software/tf-issues#95 Change-Id: I6f905a068e1c0fa4f746d723f18df60daaa00a86
-
- 10 Jul, 2014 1 commit
-
-
Sandrine Bailleux authored
- Add support for loading a BL3-0 image in BL2. Information about memory extents is populated by platform-specific code. Subsequent handling of BL3-0 is also platform specific. The BL2 main function has been broken down to improve readability. The BL3-2 image is now loaded before the BL3-3 image to align with the boot flow. - Build system: Add support for specifying a BL3-0 image that will be included into the FIP image. - IO FIP driver: Add support for identifying a BL3-0 image inside a FIP image. - Update the documentation to reflect the above changes. Change-Id: I067c184afd52ccaa86569f13664757570c86fc48
-
- 09 Jul, 2014 1 commit
-
-
Dan Handley authored
Refactor the FVP gic code in plat/fvp/fvp_gic.c to be a generic ARM GIC driver in drivers/arm/gic/arm_gic.c. Provide the platform specific inputs in the arm_gic_setup() function so that the driver has no explicit dependency on platform code. Provide weak implementations of the platform interrupt controller API in a new file, plat/common/plat_gic.c. These simply call through to the ARM GIC driver. Move the only remaining FVP GIC function, fvp_gic_init() to plat/fvp/aarch64/fvp_common.c and remove plat/fvp/fvp_gic.c Fixes ARM-software/tf-issues#182 Change-Id: Iea82fe095fad62dd33ba9efbddd48c57717edd21
-
- 11 Jun, 2014 1 commit
-
-
Andrew Thoelke authored
This patch makes the console crash dump of processor register state optional based on the CRASH_REPORTING make variable. This defaults to only being enabled for DEBUG builds. This can be overridden by setting a different value in the platform makefile or on the make command line. Change-Id: Icfa1b2d7ff0145cf0a85e8ad732f9cee7e7e993f
-
- 03 Jun, 2014 2 commits
-
-
Vikram Kanigiri authored
Update documentation with BL3-1 hardening interface changes and for using BL3-1 as a reset vector feature Change-Id: Iafdd05e7a8e66503409f2acc934372efef5bc51b
-
Dan Handley authored
Update the Linux kernel, Linaro file system, FVP and DS-5 versions used for the v0.4 release in user-guide.md. Change-Id: I2265fc17c229d4b8cc52165d6583a4a579cdcee3
-
- 22 May, 2014 4 commits
-
-
Achin Gupta authored
This patch adds a common handler for FIQ and IRQ exceptions in the BL3-1 runtime exception vector table. This function determines the interrupt type and calls its handler. A crash is reported if an inconsistency in the interrupt management framework is detected. In the event of a spurious interrupt, execution resumes from the instruction where the interrupt was generated. This patch also removes 'cm_macros.S' as its contents have been moved to 'runtime_exceptions.S' Change-Id: I3c85ecf8eaf43a3fac429b119ed0bd706d2e2093
-
Achin Gupta authored
This patch introduces a framework for registering interrupts routed to EL3. The interrupt routing model is governed by the SCR_EL3.IRQ and FIQ bits and the security state an interrupt is generated in. The framework recognizes three type of interrupts depending upon which exception level and security state they should be handled in i.e. Secure EL1 interrupts, Non-secure interrupts and EL3 interrupts. It provides an API and macros that allow a runtime service to register an handler for a type of interrupt and specify the routing model. The framework validates the routing model and uses the context management framework to ensure that it is applied to the SCR_EL3 prior to entry into the target security state. It saves the handler in internal data structures. An API is provided to retrieve the handler when an interrupt of a particular type is asserted. Registration is expected to be done once by the primary CPU. The same handler and routing model is used for all CPUs. Support for EL3 interrupts will be added to the framework in the future. A makefile flag has been added to allow the FVP port choose between ARM GIC v2 and v3 support in EL3. The latter version is currently unsupported. A framework for handling interrupts in BL3-1 will be introduced in subsequent patches. The default routing model in the absence of any handlers expects no interrupts to be routed to EL3. Change-Id: Idf7c023b34fcd4800a5980f2bef85e4b5c29e649
-
Sandrine Bailleux authored
Add a section in the user guide explaining how to compile the TSP image and include it into the FIP. This includes instructions to make the TSP run from Trusted DRAM (rather than Trusted SRAM) on FVP. Change-Id: I04780757a149eeb5482a12a61e821be947b882c0
-
Juan Castillo authored
TZC-400 is configured to set the last 16MB of DRAM1 as secure memory and the rest of DRAM as non-secure. Non-secure software must not attempt to access the 16MB secure area. Device tree files (sources and binaries) have been updated to match this configuration, removing that memory from the Linux physical memory map. To use UEFI and Linux with this patch, the latest version of UEFI and the updated device tree files are required. Check the user guide in the documentation for more details. Replaced magic numbers with #define for memory region definition in the platform security initialization function. Fixes ARM-software/tf-issues#149 Change-Id: Ia5d070244aae6c5288ea0e6c8e89d92859522bfe
-
- 16 May, 2014 2 commits
-
-
Jeenu Viswambharan authored
At present, non-secure timer register contents are saved and restored as part of world switch by BL3-1. This effectively means that the non-secure timer stops, and non-secure timer interrupts are prevented from asserting until BL3-1 switches back, introducing latency for non-secure services. Often, secure world might depend on alternate sources for secure interrupts (secure timer or platform timer) instead of non-secure timers, in which case this save and restore is unnecessary. This patch introduces a boolean build-time configuration NS_TIMER_SWITCH to choose whether or not to save and restore non-secure timer registers upon world switch. The default choice is made not to save and restore them. Fixes ARM-software/tf-issues#148 Change-Id: I1b9d623606acb9797c3e0b02fb5ec7c0a414f37e
-
Jeenu Viswambharan authored
Change-Id: I6bd077955bf3780168a874705974bbe72ea0f5f1
-
- 24 Apr, 2014 1 commit
-
-
Harry Liebel authored
Fixes ARM-software/tf-issues#64 Change-Id: I4e56c25f9dc7f486fbf6fa2f7d8253874119b989
-
- 05 Mar, 2014 1 commit
-
-
Jon Medhurst authored
If a platform doesn't specify a BLx_SOURCE variable, then building of the corresponding bootloader isn't attempted. Also allow BL3-3 to be omitted from the FIP. Note, this change also removes support for PLAT=all and the 'fip' target from the 'all' recipe. Fixes ARM-software/tf-issues#30 Change-Id: Ibdfead0440256eaf364617ecff65290ca6fe6240 Signed-off-by: Jon Medhurst <tixy@linaro.org>
-
- 28 Feb, 2014 2 commits
-
-
Dan Handley authored
Move the firmware design documentation out of user-guide.md and into a new file - firmware-design.md. Reformat the section headers. Change-Id: I664815dd47011c7c1cf2202aa4472a8fd78ebb92
-
Dan Handley authored
1. Update user-guide.md with the latest versions of dependent components required by the tested configurations of ARM Trusted Firmware. This includes the tested versions of Fixed Virtual Platforms (FVPs), toolchain, EFI Development Kit 2(EDK2), Linux kernel and Linux file system. 2. Remove the instructions to configure the Cortex Base FVP with the legacy GICv2 memory map as this is no longer supported since version 5.3 of the Base FVPs. 3. General tidyup of "Using the software" section. Change-Id: If8264cd29036b59dc5ff435b5f8b1d072dd36ef0
-
- 20 Feb, 2014 3 commits
-
-
Achin Gupta authored
This patch adds the following support to the BL3-1 stage: 1. BL3-1 allows runtime services to specify and determine the security state of the next image after BL3-1. This has been done by adding the `bl31_set_next_image_type()` & `bl31_get_next_image_type()` apis. The default security state is non-secure. The platform api `bl31_get_next_image_info()` has been modified to let the platform decide which is the next image in the desired security state. 2. BL3-1 exports the `bl31_prepare_next_image_entry()` function to program entry into the target security state. It uses the apis introduced in 1. to do so. 3. BL3-1 reads the information populated by BL2 about the BL3-2 image into its internal data structures. 4. BL3-1 introduces a weakly defined reference `bl32_init()` to allow initialisation of a BL3-2 image. A runtime service like the Secure payload dispatcher will define this function if present. Change-Id: Icc46dcdb9e475ce6575dd3f9a5dc7a48a83d21d1
-
Achin Gupta authored
This patch adds support for loading a BL3-2 image in BL2. In case a BL3-2 image is found, it also passes information to BL3-1 about where it is located and the extents of memory available to it. Information about memory extents is populated by platform specific code. The documentation has also been updated to reflect the above changes. Change-Id: I526b2efb80babebab1318f2b02e319a86d6758b0 Co-authored-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Achin Gupta authored
This patch reworks BL2 to BL3-1 hand over interface by introducing a composite structure (bl31_args) that holds the superset of information that needs to be passed from BL2 to BL3-1. - The extents of secure memory available to BL3-1 - The extents of memory available to BL3-2 (not yet implemented) and BL3-3 - Information to execute BL3-2 (not yet implemented) and BL3-3 images This patch also introduces a new platform API (bl2_get_bl31_args_ptr) that needs to be implemented by the platform code to export reference to bl31_args structure which has been allocated in platform-defined memory. The platform will initialize the extents of memory available to BL3-3 during early platform setup in bl31_args structure. This obviates the need for bl2_get_ns_mem_layout platform API. BL2 calls the bl2_get_bl31_args_ptr function to get a reference to bl31_args structure. It uses the 'bl33_meminfo' field of this structure to load the BL3-3 image. It sets the entry point information for the BL3-3 image in the 'bl33_image_info' field of this structure. The reference to this structure is passed to the BL3-1 image. Also fixes issue ARM-software/tf-issues#25 Change-Id: Ic36426196dd5ebf89e60ff42643bed01b3500517
-
- 17 Feb, 2014 1 commit
-
-
Harry Liebel authored
This fixes ARM-software/tf-issues#9 Change-Id: Id57037115b8762efc9eaf5ff41887b71d6494c5d
-
- 30 Jan, 2014 1 commit
-
-
Ian Spray authored
New phony Makefile targets have been added: * checkcodebase * checkpatch The checkcodebase target will run a Linux style compliance check over the entire codebase, and honours the V=1 Makefile verbose setting and so will show more information when this is enabled. If the local directory is a git checkout then the output of git ls-files is used to decide which files to test for compliance. If the local directory is not under git control then a 'best attempt' is made, but in this case it should be noted that it is possible for additional non-codebase files to be tested, so care should be taken when parsing the output. The checkpatch target will compare local changes against the git origin/master to allow issues with the last set of changes to be identified. To override the change comparision location, set the BASE_COMMIT variable to your desired git branch. Both targets rely on the Linux source tree script checkpatch.pl to do the syntax checking, and expects that the CHECKPATCH environment variable points to the location of this file. Notes on the usage of these targets have been added to the contributing.md and docs/user-guide.md text files. Change-Id: I6d73c97af578e24a34226d972afadab9d30f1d8d
-