1. 13 Sep, 2019 1 commit
    • Alexei Fedorov's avatar
      Refactor ARMv8.3 Pointer Authentication support code · ed108b56
      Alexei Fedorov authored
      
      
      This patch provides the following features and makes modifications
      listed below:
      - Individual APIAKey key generation for each CPU.
      - New key generation on every BL31 warm boot and TSP CPU On event.
      - Per-CPU storage of APIAKey added in percpu_data[]
        of cpu_data structure.
      - `plat_init_apiakey()` function replaced with `plat_init_apkey()`
        which returns 128-bit value and uses Generic timer physical counter
        value to increase the randomness of the generated key.
        The new function can be used for generation of all ARMv8.3-PAuth keys
      - ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`.
      - New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions
        generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively;
        pauth_disable_el1()` and `pauth_disable_el3()` functions disable
        PAuth for EL1 and EL3 respectively;
        `pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from
        cpu-data structure.
      - Combined `save_gp_pauth_registers()` function replaces calls to
        `save_gp_registers()` and `pauth_context_save()`;
        `restore_gp_pauth_registers()` replaces `pauth_context_restore()`
        and `restore_gp_registers()` calls.
      - `restore_gp_registers_eret()` function removed with corresponding
        code placed in `el3_exit()`.
      - Fixed the issue when `pauth_t pauth_ctx` structure allocated space
        for 12 uint64_t PAuth registers instead of 10 by removal of macro
        CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h`
        and assigning its value to CTX_PAUTH_REGS_END.
      - Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions
        in `msr	spsel`  instruction instead of hard-coded values.
      - Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI.
      
      Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      ed108b56
  2. 09 Sep, 2019 1 commit
    • Justin Chadwell's avatar
      Enable MTE support in both secure and non-secure worlds · 9dd94382
      Justin Chadwell authored
      
      
      This patch adds support for the new Memory Tagging Extension arriving in
      ARMv8.5. MTE support is now enabled by default on systems that support
      at EL0. To enable it at ELx for both the non-secure and the secure
      world, the compiler flag CTX_INCLUDE_MTE_REGS includes register saving
      and restoring when necessary in order to prevent register leakage
      between the worlds.
      
      Change-Id: I2d4ea993d6b11654ea0d4757d00ca20d23acf36c
      Signed-off-by: default avatarJustin Chadwell <justin.chadwell@arm.com>
      9dd94382
  3. 21 Aug, 2019 1 commit
    • Alexei Fedorov's avatar
      AArch64: Disable Secure Cycle Counter · e290a8fc
      Alexei Fedorov authored
      
      
      This patch fixes an issue when secure world timing information
      can be leaked because Secure Cycle Counter is not disabled.
      For ARMv8.5 the counter gets disabled by setting MDCR_El3.SCCD
      bit on CPU cold/warm boot.
      For the earlier architectures PMCR_EL0 register is saved/restored
      on secure world entry/exit from/to Non-secure state, and cycle
      counting gets disabled by setting PMCR_EL0.DP bit.
      'include\aarch64\arch.h' header file was tided up and new
      ARMv8.5-PMU related definitions were added.
      
      Change-Id: I6f56db6bc77504634a352388990ad925a69ebbfa
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      e290a8fc
  4. 01 Aug, 2019 1 commit
    • Julius Werner's avatar
      Replace __ASSEMBLY__ with compiler-builtin __ASSEMBLER__ · d5dfdeb6
      Julius Werner authored
      
      
      NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__.
      
      All common C compilers predefine a macro called __ASSEMBLER__ when
      preprocessing a .S file. There is no reason for TF-A to define it's own
      __ASSEMBLY__ macro for this purpose instead. To unify code with the
      export headers (which use __ASSEMBLER__ to avoid one extra dependency),
      let's deprecate __ASSEMBLY__ and switch the code base over to the
      predefined standard.
      
      Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      d5dfdeb6
  5. 27 Feb, 2019 2 commits
    • Antonio Nino Diaz's avatar
      Add ARMv8.3-PAuth registers to CPU context · 5283962e
      Antonio Nino Diaz authored
      
      
      ARMv8.3-PAuth adds functionality that supports address authentication of
      the contents of a register before that register is used as the target of
      an indirect branch, or as a load.
      
      This feature is supported only in AArch64 state.
      
      This feature is mandatory in ARMv8.3 implementations.
      
      This feature adds several registers to EL1. A new option called
      CTX_INCLUDE_PAUTH_REGS has been added to select if the TF needs to save
      them during Non-secure <-> Secure world switches. This option must be
      enabled if the hardware has the registers or the values will be leaked
      during world switches.
      
      To prevent leaks, this patch also disables pointer authentication in the
      Secure world if CTX_INCLUDE_PAUTH_REGS is 0. Any attempt to use it will
      be trapped in EL3.
      
      Change-Id: I27beba9907b9a86c6df1d0c5bf6180c972830855
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      5283962e
    • Antonio Nino Diaz's avatar
      Cleanup context handling library · 4d1ccf0e
      Antonio Nino Diaz authored
      
      
      Minor style cleanup.
      
      Change-Id: Ief19dece41a989e2e8157859a265701549f6c585
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      4d1ccf0e
  6. 04 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Sanitise includes across codebase · 09d40e0e
      Antonio Nino Diaz authored
      Enforce full include path for includes. Deprecate old paths.
      
      The following folders inside include/lib have been left unchanged:
      
      - include/lib/cpus/${ARCH}
      - include/lib/el3_runtime/${ARCH}
      
      The reason for this change is that having a global namespace for
      includes isn't a good idea. It defeats one of the advantages of having
      folders and it introduces problems that are sometimes subtle (because
      you may not know the header you are actually including if there are two
      of them).
      
      For example, this patch had to be created because two headers were
      called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform
      to avoid collision."). More recently, this patch has had similar
      problems: 46f9b2c3 ("drivers: add tzc380 support").
      
      This problem was introduced in commit 4ecca339
      
       ("Move include and
      source files to logical locations"). At that time, there weren't too
      many headers so it wasn't a real issue. However, time has shown that
      this creates problems.
      
      Platforms that want to preserve the way they include headers may add the
      removed paths to PLAT_INCLUDES, but this is discouraged.
      
      Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      09d40e0e
  7. 01 Nov, 2018 1 commit
  8. 20 Aug, 2018 1 commit
  9. 08 Jun, 2018 1 commit
  10. 23 May, 2018 1 commit
    • Dimitris Papastamos's avatar
      Add support for dynamic mitigation for CVE-2018-3639 · fe007b2e
      Dimitris Papastamos authored
      
      
      Some CPUS may benefit from using a dynamic mitigation approach for
      CVE-2018-3639.  A new SMC interface is defined to allow software
      executing in lower ELs to enable or disable the mitigation for their
      execution context.
      
      It should be noted that regardless of the state of the mitigation for
      lower ELs, code executing in EL3 is always mitigated against
      CVE-2018-3639.
      
      NOTE: This change is a compatibility break for any platform using
      the declare_cpu_ops_workaround_cve_2017_5715 macro.  Migrate to
      the declare_cpu_ops_wa macro instead.
      
      Change-Id: I3509a9337ad217bbd96de9f380c4ff8bf7917013
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      fe007b2e
  11. 04 May, 2018 1 commit
    • Jeenu Viswambharan's avatar
      AArch64: Introduce External Abort handling · 76454abf
      Jeenu Viswambharan authored
      
      
      At present, any External Abort routed to EL3 is reported as an unhandled
      exception and cause a panic. This patch enables ARM Trusted Firmware to
      handle External Aborts routed to EL3.
      
      With this patch, when an External Abort is received at EL3, its handling
      is delegated to plat_ea_handler() function. Platforms can provide their
      own implementation of this function. This patch adds a weak definition
      of the said function that prints out a message and just panics.
      
      In order to support handling External Aborts at EL3, the build option
      HANDLE_EA_EL3_FIRST must be set to 1.
      
      Before this patch, HANDLE_EA_EL3_FIRST wasn't passed down to
      compilation; this patch fixes that too.
      
      Change-Id: I4d07b7e65eb191ff72d63b909ae9512478cd01a1
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      76454abf
  12. 29 Jan, 2018 1 commit
    • Dimitris Papastamos's avatar
      Optimize/cleanup BPIALL workaround · d9bd656c
      Dimitris Papastamos authored
      
      
      In the initial implementation of this workaround we used a dedicated
      workaround context to save/restore state.  This patch reduces the
      footprint as no additional context is needed.
      
      Additionally, this patch reduces the memory loads and stores by 20%,
      reduces the instruction count and exploits static branch prediction to
      optimize the SMC path.
      
      Change-Id: Ia9f6bf06fbf8a9037cfe7f1f1fb32e8aec38ec7d
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      d9bd656c
  13. 11 Jan, 2018 1 commit
    • Dimitris Papastamos's avatar
      Workaround for CVE-2017-5715 on Cortex A73 and A75 · a1781a21
      Dimitris Papastamos authored
      
      
      Invalidate the Branch Target Buffer (BTB) on entry to EL3 by
      temporarily dropping into AArch32 Secure-EL1 and executing the
      `BPIALL` instruction.
      
      This is achieved by using 3 vector tables.  There is the runtime
      vector table which is used to handle exceptions and 2 additional
      tables which are required to implement this workaround.  The
      additional tables are `vbar0` and `vbar1`.
      
      The sequence of events for handling a single exception is
      as follows:
      
      1) Install vector table `vbar0` which saves the CPU context on entry
         to EL3 and sets up the Secure-EL1 context to execute in AArch32 mode
         with the MMU disabled and I$ enabled.  This is the default vector table.
      
      2) Before doing an ERET into Secure-EL1, switch vbar to point to
         another vector table `vbar1`.  This is required to restore EL3 state
         when returning from the workaround, before proceeding with normal EL3
         exception handling.
      
      3) While in Secure-EL1, the `BPIALL` instruction is executed and an
         SMC call back to EL3 is performed.
      
      4) On entry to EL3 from Secure-EL1, the saved context from step 1) is
         restored.  The vbar is switched to point to `vbar0` in preparation to
         handle further exceptions.  Finally a branch to the runtime vector
         table entry is taken to complete the handling of the original
         exception.
      
      This workaround is enabled by default on the affected CPUs.
      
      NOTE
      ====
      
      There are 4 different stubs in Secure-EL1.  Each stub corresponds to
      an exception type such as Sync/IRQ/FIQ/SError.  Each stub will move a
      different value in `R0` before doing an SMC call back into EL3.
      Without this piece of information it would not be possible to know
      what the original exception type was as we cannot use `ESR_EL3` to
      distinguish between IRQs and FIQs.
      
      Change-Id: I90b32d14a3735290b48685d43c70c99daaa4b434
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      a1781a21
  14. 20 Nov, 2017 1 commit
    • Dimitris Papastamos's avatar
      Refactor Statistical Profiling Extensions implementation · 281a08cc
      Dimitris Papastamos authored
      
      
      Factor out SPE operations in a separate file.  Use the publish
      subscribe framework to drain the SPE buffers before entering secure
      world.  Additionally, enable SPE before entering normal world.
      
      A side effect of this change is that the profiling buffers are now
      only drained when a transition from normal world to secure world
      happens.  Previously they were drained also on return from secure
      world, which is unnecessary as SPE is not supported in S-EL1.
      
      Change-Id: I17582c689b4b525770dbb6db098b3a0b5777b70a
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      281a08cc
  15. 15 Nov, 2017 1 commit
    • David Cunado's avatar
      Move FPEXC32_EL2 to FP Context · 91089f36
      David Cunado authored
      
      
      The FPEXC32_EL2 register controls SIMD and FP functionality when the
      lower ELs are executing in AArch32 mode. It is architecturally mapped
      to AArch32 system register FPEXC.
      
      This patch removes FPEXC32_EL2 register from the System Register context
      and adds it to the floating-point context. EL3 only saves / restores the
      floating-point context if the build option CTX_INCLUDE_FPREGS is set to 1.
      
      The rationale for this change is that if the Secure world is using FP
      functionality and EL3 is not managing the FP context, then the Secure
      world will save / restore the appropriate FP registers.
      
      NOTE - this is a break in behaviour in the unlikely case that
      CTX_INCLUDE_FPREGS is set to 0 and the platform contains an AArch32
      Secure Payload that modifies FPEXC, but does not save and restore
      this register
      
      Change-Id: Iab80abcbfe302752d52b323b4abcc334b585c184
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      91089f36
  16. 13 Oct, 2017 1 commit
    • David Cunado's avatar
      Init and save / restore of PMCR_EL0 / PMCR · 3e61b2b5
      David Cunado authored
      
      
      Currently TF does not initialise the PMCR_EL0 register in
      the secure context or save/restore the register.
      
      In particular, the DP field may not be set to one to prohibit
      cycle counting in the secure state, even though event counting
      generally is prohibited via the default setting of MDCR_EL3.SMPE
      to 0.
      
      This patch initialises PMCR_EL0.DP to one in the secure state
      to prohibit cycle counting and also initialises other fields
      that have an architectually UNKNOWN reset value.
      
      Additionally, PMCR_EL0 is added to the list of registers that are
      saved and restored during a world switch.
      
      Similar changes are made for PMCR for the AArch32 execution state.
      
      NOTE: secure world code at lower ELs that assume other values in PMCR_EL0
      will be impacted.
      
      Change-Id: Iae40e8c0a196d74053accf97063ebc257b4d2f3a
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      3e61b2b5
  17. 22 Jun, 2017 1 commit
    • dp-arm's avatar
      aarch64: Enable Statistical Profiling Extensions for lower ELs · d832aee9
      dp-arm authored
      
      
      SPE is only supported in non-secure state.  Accesses to SPE specific
      registers from SEL1 will trap to EL3.  During a world switch, before
      `TTBR` is modified the SPE profiling buffers are drained.  This is to
      avoid a potential invalid memory access in SEL1.
      
      SPE is architecturally specified only for AArch64.
      
      Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      d832aee9
  18. 15 Jun, 2017 1 commit
  19. 03 May, 2017 1 commit
  20. 18 Jul, 2016 2 commits
    • Soby Mathew's avatar
      Introduce `el3_runtime` and `PSCI` libraries · 532ed618
      Soby Mathew authored
      This patch moves the PSCI services and BL31 frameworks like context
      management and per-cpu data into new library components `PSCI` and
      `el3_runtime` respectively. This enables PSCI to be built independently from
      BL31. A new `psci_lib.mk` makefile is introduced which adds the relevant
      PSCI library sources and gets included by `bl31.mk`. Other changes which
      are done as part of this patch are:
      
      * The runtime services framework is now moved to the `common/` folder to
        enable reuse.
      * The `asm_macros.S` and `assert_macros.S` helpers are moved to architecture
        specific folder.
      * The `plat_psci_common.c` is moved from the `plat/common/aarch64/` folder
        to `plat/common` folder. The original file location now has a stub which
        just includes the file from new location to maintain platform compatibility.
      
      Most of the changes wouldn't affect platform builds as they just involve
      changes to the generic bl1.mk and bl31.mk makefiles.
      
      NOTE: THE `plat_psci_common.c` FILE HAS MOVED LOCATION AND THE STUB FILE AT
      THE ORIGINAL LOCATION IS NOW DEPRECATED. PLATFORMS SHOULD MODIFY THEIR
      MAKEFILES TO INCLUDE THE FILE FROM THE NEW LOCATION.
      
      Change-Id: I6bd87d5b59424995c6a65ef8076d4fda91ad5e86
      532ed618
    • Soby Mathew's avatar
      Fix coding guideline warnings · da554d74
      Soby Mathew authored
      This patch fixes some coding guideline warnings reported by the checkpatch
      script. Only files related to upcoming feature development have been fixed.
      
      Change-Id: I26fbce75c02ed62f00493ed6c106fe7c863ddbc5
      da554d74
  21. 03 Jun, 2016 1 commit
    • Soby Mathew's avatar
      Build option to include AArch32 registers in cpu context · 8cd16e6b
      Soby Mathew authored
      The system registers that are saved and restored in CPU context include
      AArch32 systems registers like SPSR_ABT, SPSR_UND, SPSR_IRQ, SPSR_FIQ,
      DACR32_EL2, IFSR32_EL2 and FPEXC32_EL2. Accessing these registers on an
      AArch64-only (i.e. on hardware that does not implement AArch32, or at
      least not at EL1 and higher ELs) platform leads to an exception. This patch
      introduces the build option `CTX_INCLUDE_AARCH32_REGS` to specify whether to
      include these AArch32 systems registers in the cpu context or not. By default
      this build option is set to 1 to ensure compatibility. AArch64-only platforms
      must set it to 0. A runtime check is added in BL1 and BL31 cold boot path to
      verify this.
      
      Fixes ARM-software/tf-issues#386
      
      Change-Id: I720cdbd7ed7f7d8516635a2ec80d025f478b95ee
      8cd16e6b
  22. 09 Dec, 2015 1 commit
    • Yatharth Kochar's avatar
      Move context management code to common location · bbf8f6f9
      Yatharth Kochar authored
      The upcoming Firmware Update feature needs transitioning across
      Secure/Normal worlds to complete the FWU process and hence requires
      context management code to perform this task.
      
      Currently context management code is part of BL31 stage only.
      This patch moves the code from (include)/bl31 to (include)/common.
      Some function declarations/definitions and macros have also moved
      to different files to help code sharing.
      
      Change-Id: I3858b08aecdb76d390765ab2b099f457873f7b0c
      bbf8f6f9
  23. 31 Jul, 2014 1 commit
    • Soby Mathew's avatar
      Optimize EL3 register state stored in cpu_context structure · fdfabec1
      Soby Mathew authored
      This patch further optimizes the EL3 register state stored in
      cpu_context. The 2 registers which are removed from cpu_context are:
      
        * cntfrq_el0 is the system timer register which is writable
          only in EL3 and it can be programmed during cold/warm boot. Hence
          it need not be saved to cpu_context.
      
        * cptr_el3 controls access to Trace, Floating-point, and Advanced
          SIMD functionality and it is programmed every time during cold
          and warm boot. The current BL3-1 implementation does not need to
          modify the access controls during normal execution and hence
          they are expected to remain static.
      
      Fixes ARM-software/tf-issues#197
      
      Change-Id: I599ceee3b73a7dcfd37069fd41b60e3d397a7b18
      fdfabec1
  24. 19 Jul, 2014 1 commit
    • Achin Gupta's avatar
      Remove coherent stack usage from the warm boot path · b51da821
      Achin Gupta authored
      This patch uses stacks allocated in normal memory to enable the MMU early in the
      warm boot path thus removing the dependency on stacks allocated in coherent
      memory. Necessary cache and stack maintenance is performed when a cpu is being
      powered down and up. This avoids any coherency issues that can arise from
      reading speculatively fetched stale stack memory from another CPUs cache. These
      changes affect the warm boot path in both BL3-1 and BL3-2.
      
      The EL3 system registers responsible for preserving the MMU state are not saved
      and restored any longer. Static values are used to program these system
      registers when a cpu is powered on or resumed from suspend.
      
      Change-Id: I8357e2eb5eb6c5f448492c5094b82b8927603784
      b51da821
  25. 10 Jul, 2014 1 commit
  26. 16 Jun, 2014 2 commits
    • Andrew Thoelke's avatar
      Move CPU context pointers into cpu_data · aaba4f28
      Andrew Thoelke authored
      Moving the context pointers for each CPU into the per-cpu data
      allows for much more efficient access to the contexts for the
      current CPU.
      
      Change-Id: Id784e210d63cbdcddb44ac1591617ce668dbc29f
      aaba4f28
    • Andrew Thoelke's avatar
      Per-cpu data cache restructuring · 5e910074
      Andrew Thoelke authored
      This patch prepares the per-cpu pointer cache for wider use by:
      * renaming the structure to cpu_data and placing in new header
      * providing accessors for this CPU, or other CPUs
      * splitting the initialization of the TPIDR pointer from the
        initialization of the cpu_data content
      * moving the crash stack initialization to a crash stack function
      * setting the TPIDR pointer very early during boot
      
      Change-Id: Icef9004ff88f8eb241d48c14be3158087d7e49a3
      5e910074
  27. 16 May, 2014 2 commits
    • Jeenu Viswambharan's avatar
      Add build configuration for timer save/restore · 2da8d8bf
      Jeenu Viswambharan authored
      At present, non-secure timer register contents are saved and restored as
      part of world switch by BL3-1. This effectively means that the
      non-secure timer stops, and non-secure timer interrupts are prevented
      from asserting until BL3-1 switches back, introducing latency for
      non-secure services. Often, secure world might depend on alternate
      sources for secure interrupts (secure timer or platform timer) instead
      of non-secure timers, in which case this save and restore is
      unnecessary.
      
      This patch introduces a boolean build-time configuration NS_TIMER_SWITCH
      to choose whether or not to save and restore non-secure timer registers
      upon world switch. The default choice is made not to save and restore
      them.
      
      Fixes ARM-software/tf-issues#148
      
      Change-Id: I1b9d623606acb9797c3e0b02fb5ec7c0a414f37e
      2da8d8bf
    • Soby Mathew's avatar
      Rework BL3-1 unhandled exception handling and reporting · a43d431b
      Soby Mathew authored
      This patch implements the register reporting when unhandled exceptions are
      taken in BL3-1. Unhandled exceptions will result in a dump of registers
      to the console, before halting execution by that CPU. The Crash Stack,
      previously called the Exception Stack, is used for this activity.
      This stack is used to preserve the CPU context and runtime stack
      contents for debugging and analysis.
      
      This also introduces the per_cpu_ptr_cache, referenced by tpidr_el3,
      to provide easy access to some of BL3-1 per-cpu data structures.
      Initially, this is used to provide a pointer to the Crash stack.
      
      panic() now prints the the error file and line number in Debug mode
      and prints the PC value in release mode.
      
      The Exception Stack is renamed to Crash Stack with this patch.
      The original intention of exception stack is no longer valid
      since we intend to support several valid exceptions like IRQ
      and FIQ in the trusted firmware context. This stack is now
      utilized for dumping and reporting the system state when a
      crash happens and hence the rename.
      
      Fixes ARM-software/tf-issues#79 Improve reporting of unhandled exception
      
      Change-Id: I260791dc05536b78547412d147193cdccae7811a
      a43d431b
  28. 08 May, 2014 1 commit
    • Soby Mathew's avatar
      Preserve x19-x29 across world switch for exception handling · c3260f9b
      Soby Mathew authored
      Previously exception handlers in BL3-1, X19-X29 were not saved
      and restored on every SMC/trap into EL3. Instead these registers
      were 'saved as needed' as a side effect of the A64 ABI used by the C
      compiler.
      
      That approach failed when world switching but was not visible
      with the TSP/TSPD code because the TSP is 64-bit, did not
      clobber these registers when running and did not support pre-emption
      by normal world interrupts. These scenarios showed
      that the values in these registers can be passed through a world
      switch, which broke the normal and trusted world assumptions
      about these registers being preserved.
      
      The Ideal solution saves and restores these registers when a
      world switch occurs - but that type of implementation is more complex.
      So this patch always saves and restores these registers on entry and
      exit of EL3.
      
      Fixes ARM-software/tf-issues#141
      
      Change-Id: I9a727167bbc594454e81cf78a97ca899dfb11c27
      c3260f9b
  29. 06 May, 2014 4 commits
    • Dan Handley's avatar
      Reduce deep nesting of header files · 97043ac9
      Dan Handley authored
      Reduce the number of header files included from other header
      files as much as possible without splitting the files. Use forward
      declarations where possible. This allows removal of some unnecessary
      "#ifndef __ASSEMBLY__" statements.
      
      Also, review the .c and .S files for which header files really need
      including and reorder the #include statements alphabetically.
      
      Fixes ARM-software/tf-issues#31
      
      Change-Id: Iec92fb976334c77453e010b60bcf56f3be72bd3e
      97043ac9
    • Dan Handley's avatar
      Always use named structs in header files · fb037bfb
      Dan Handley authored
      Add tag names to all unnamed structs in header files. This
      allows forward declaration of structs, which is necessary to
      reduce header file nesting (to be implemented in a subsequent
      commit).
      
      Also change the typedef names across the codebase to use the _t
      suffix to be more conformant with the Linux coding style. The
      coding style actually prefers us not to use typedefs at all but
      this is considered a step too far for Trusted Firmware.
      
      Also change the IO framework structs defintions to use typedef'd
      structs to be consistent with the rest of the codebase.
      
      Change-Id: I722b2c86fc0d92e4da3b15e5cab20373dd26786f
      fb037bfb
    • Dan Handley's avatar
      Separate out CASSERT macro into own header · bdbfc3c2
      Dan Handley authored
      Separate out the CASSERT macro out of bl_common.h into its own
      header to allow more efficient header inclusion.
      
      Change-Id: I291be0b6b8f9879645e839a8f0dd1ec9b3db9639
      bdbfc3c2
    • Dan Handley's avatar
      Move include and source files to logical locations · 4ecca339
      Dan Handley authored
      Move almost all system include files to a logical sub-directory
      under ./include. The only remaining system include directories
      not under ./include are specific to the platform. Move the
      corresponding source files to match the include directory
      structure.
      
      Also remove pm.h as it is no longer used.
      
      Change-Id: Ie5ea6368ec5fad459f3e8a802ad129135527f0b3
      4ecca339
  30. 20 Feb, 2014 1 commit
    • Achin Gupta's avatar
      Add power management support in the SPD · 607084ee
      Achin Gupta authored
      This patch implements a set of handlers in the SPD which are called by
      the PSCI runtime service upon receiving a power management
      operation. These handlers in turn pass control to the Secure Payload
      image if required before returning control to PSCI. This ensures that
      the Secure Payload has complete visibility of all power transitions in
      the system and can prepare accordingly.
      
      Change-Id: I2d1dba5629b7cf2d53999d39fe807dfcf3f62fe2
      607084ee
  31. 17 Feb, 2014 3 commits
    • Jeenu Viswambharan's avatar
      Add support for handling runtime service requests · caa84939
      Jeenu Viswambharan authored
      
      
      This patch uses the reworked exception handling support to handle
      runtime service requests through SMCs following the SMC calling
      convention. This is a giant commit since all the changes are
      inter-related. It does the following:
      
      1. Replace the old exception handling mechanism with the new one
      2. Enforce that SP_EL0 is used C runtime stacks.
      3. Ensures that the cold and warm boot paths use the 'cpu_context'
         structure to program an ERET into the next lower EL.
      4. Ensures that SP_EL3 always points to the next 'cpu_context'
         structure prior to an ERET into the next lower EL
      5. Introduces a PSCI SMC handler which completes the use of PSCI as a
         runtime service
      
      Change-Id: I661797f834c0803d2c674d20f504df1b04c2b852
      Co-authored-by: default avatarAchin Gupta <achin.gupta@arm.com>
      caa84939
    • Achin Gupta's avatar
      Introduce new exception handling framework · 07f4e078
      Achin Gupta authored
      This patch introduces the reworked exception handling logic which lays
      the foundation for accessing runtime services in later patches. The
      type of an exception has a greater say in the way it is
      handled. SP_EL3 is used as the stack pointer for:
      
      1. Determining the type of exception and handling the unexpected ones
         on the exception stack
      
      2. Saving and restoring the essential general purpose and system
         register state after exception entry and prior to exception exit.
      
      SP_EL0 is used as the stack pointer for handling runtime service
      requests e.g. SMCs. A new structure for preserving general purpose
      register state has been added to the 'cpu_context' structure. All
      assembler ensures that it does not use callee saved registers
      (x19-x29). The C runtime preserves them across functions calls. Hence
      EL3 code does not have to save and restore them explicitly.
      
      Since the exception handling framework has undergone substantial change,
      the changes have been kept in separate files to aid readability. These
      files will replace the existing ones in subsequent patches.
      
      Change-Id: Ice418686592990ff7a4260771e8d6676e6c8c5ef
      07f4e078
    • Achin Gupta's avatar
      Add helper library for cpu context management · 9ac63c59
      Achin Gupta authored
      This patch introduces functions for saving and restoring shared system
      registers between secure and non-secure EL1 exception levels, VFP
      registers and essential EL3 system register and other state. It also
      defines the 'cpu_context' data structure which will used for saving and
      restoring execution context for a given security state. These functions
      will allow runtime services like PSCI and Secure payload dispatcher to
      implement logic for switching between the secure and non-secure states.
      
      The save and restore functions follow AArch64 PCS and only use
      caller-saved temporary registers.
      
      Change-Id: I8ee3aaa061d3caaedb28ae2c5becb9a206b6fd74
      9ac63c59