- 24 Jul, 2019 2 commits
-
-
Julius Werner authored
This patch adds a new include/export/ directory meant for inclusion in third-party code. This is useful for cases where third-party code needs to interact with TF-A interfaces and data structures (such as a custom BL2-implementation like coreboot handing off to BL31). Directly including headers from the TF-A repository avoids having to duplicate all these definitions (and risk them going stale), but with the current header structure this is not possible because handoff API definitions are too deeply intertwined with other TF code/headers and chain-include other headers that will not be available in the other environment. The new approach aims to solve this by separating only the parts that are really needed into these special headers that are self-contained and will not chain-include other (non-export) headers. TF-A code should never include them directly but should instead always include the respective wrapper header, which will include the required prerequisites (like <stdint.h>) before including the export header. Third-party code can include the export headers via its own wrappers that make sure the necessary definitions are available in whatever way that environment can provide them. Change-Id: Ifd769320ba51371439a8e5dd5b79c2516c3b43ab Signed-off-by: Julius Werner <jwerner@chromium.org>
-
Julius Werner authored
It's not a good idea to use u_register_t for the members of aapcs64_params_t and aapcs32_params_t, since the width of that type always depends on the current execution environment. This would cause problems if e.g. we used this structure to set up the entry point of an AArch32 program from within an AArch64 program. (It doesn't seem like any code is doing that today, but it's probably still a good idea to write this defensively. Also, it helps with my next patch.) Change-Id: I12c04a85611f2b6702589f3362bea3e6a7c9f776 Signed-off-by: Julius Werner <jwerner@chromium.org>
-
- 24 May, 2019 1 commit
-
-
Alexei Fedorov authored
This patch adds the functionality needed for platforms to provide Branch Target Identification (BTI) extension, introduced to AArch64 in Armv8.5-A by adding BTI instruction used to mark valid targets for indirect branches. The patch sets new GP bit [50] to the stage 1 Translation Table Block and Page entries to denote guarded EL3 code pages which will cause processor to trap instructions in protected pages trying to perform an indirect branch to any instruction other than BTI. BTI feature is selected by BRANCH_PROTECTION option which supersedes the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication and is disabled by default. Enabling BTI requires compiler support and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0. The assembly macros and helpers are modified to accommodate the BTI instruction. This is an experimental feature. Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3 is now made as an internal flag and BRANCH_PROTECTION flag should be used instead to enable Pointer Authentication. Note. USE_LIBROM=1 option is currently not supported. Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 27 Feb, 2019 2 commits
-
-
Varun Wadekar authored
This patch provides support for using the scatterfile format as the linker script with the 'armlink' linker for Tegra platforms. In order to enable the scatterfile usage the following changes have been made: * provide mapping for ld.S symbols in bl_common.h * include bl_common.h from all the affected files * update the makefile rules to use the scatterfile and armlink to compile BL31 * update pubsub.h to add sections to the scatterfile NOTE: THIS CHANGE HAS BEEN VERIFIED WITH TEGRA PLATFORMS ONLY. Change-Id: I7bb78b991c97d74a842e5635c74cb0b18e0fce67 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Antonio Nino Diaz authored
The previous commit added the infrastructure to load and save ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but didn't actually enable pointer authentication in the firmware. This patch adds the functionality needed for platforms to provide authentication keys for the firmware, and a new option (ENABLE_PAUTH) to enable pointer authentication in the firmware itself. This option is disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be enabled. Change-Id: I35127ec271e1198d43209044de39fa712ef202a5 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 01 Feb, 2019 1 commit
-
-
Antonio Nino Diaz authored
Many parts of the code were duplicating symbols that are defined in include/common/bl_common.h. It is better to only use the definitions in this header. As all the symbols refer to virtual addresses, they have to be uintptr_t, not unsigned long. This has also been fixed in bl_common.h. Change-Id: I204081af78326ced03fb05f69846f229d324c711 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 31 Jan, 2019 1 commit
-
-
Sandrine Bailleux authored
Commit ed51b51f ("Remove build option LOAD_IMAGE_V2") intended to remove all code related to LOAD_IMAGE_V2=0 but missed a few things. Change-Id: I16aaf52779dd4af1e134e682731328c5f1e5d622 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 30 Jan, 2019 1 commit
-
-
Antonio Nino Diaz authored
This reverts commit 2f370465 ("Add support for the SMC Calling Convention 2.0"). SMCCC v2.0 is no longer required for SPM, and won't be needed in the future. Removing it makes the SMC handling code less complicated. The SPM implementation based on SPCI and SPRT was using it, but it has been adapted to SMCCC v1.0. Change-Id: I36795b91857b2b9c00437cfbfed04b3c1627f578 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 23 Jan, 2019 1 commit
-
-
Sathees Balya authored
On ARM platforms, the BL2 memory can be overlaid by BL31/BL32. The memory descriptors describing the list of executable images are created in BL2 R/W memory, which could be possibly corrupted later on by BL31/BL32 due to overlay. This patch creates a reserved location in SRAM for these descriptors and are copied over by BL2 before handing over to next BL image. Also this patch increases the PLAT_ARM_MAX_BL2_SIZE for juno when TBBR is enabled. Fixes ARM-Software/tf-issues#626 Change-Id: I755735706fa702024b4032f51ed4895b3687377f Signed-off-by: Sathees Balya <sathees.balya@arm.com>
-
- 15 Jan, 2019 1 commit
-
-
Antonio Nino Diaz authored
The definitions in bl1/bl1_private.h and bl2/bl2_private.h are useful for platforms that may need to access them. Change-Id: Ifd1880f855ddafcb3bfcaf1ed4a4e0f121eda174 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 04 Jan, 2019 2 commits
-
-
Antonio Nino Diaz authored
Enforce full include path for includes. Deprecate old paths. The following folders inside include/lib have been left unchanged: - include/lib/cpus/${ARCH} - include/lib/el3_runtime/${ARCH} The reason for this change is that having a global namespace for includes isn't a good idea. It defeats one of the advantages of having folders and it introduces problems that are sometimes subtle (because you may not know the header you are actually including if there are two of them). For example, this patch had to be created because two headers were called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform to avoid collision."). More recently, this patch has had similar problems: 46f9b2c3 ("drivers: add tzc380 support"). This problem was introduced in commit 4ecca339 ("Move include and source files to logical locations"). At that time, there weren't too many headers so it wasn't a real issue. However, time has shown that this creates problems. Platforms that want to preserve the way they include headers may add the removed paths to PLAT_INCLUDES, but this is discouraged. Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
The architecture dependant header files in include/lib/${ARCH} and include/common/${ARCH} have been moved to /include/arch/${ARCH}. Change-Id: I96f30fdb80b191a51448ddf11b1d4a0624c03394 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 03 Jan, 2019 1 commit
-
-
Sathees Balya authored
This patch enables the Data Independent Timing functionality (DIT) in EL3 if supported by the platform. Change-Id: Ia527d6aa2ee88a9a9fe1c941220404b9ff5567e5 Signed-off-by: Sathees Balya <sathees.balya@arm.com>
-
- 10 Dec, 2018 1 commit
-
-
Jeenu Viswambharan authored
The Armv8.5 extensions introduces PSTATE.SSBS (Speculation Store Bypass Safe) bit to mitigate against Variant 4 vulnerabilities. Although an Armv8.5 feature, this can be implemented by CPUs implementing earlier version of the architecture. With this patch, when both PSTATE.SSBS is implemented and DYNAMIC_WORKAROUND_CVE_2018_3639 is active, querying for SMCCC_ARCH_WORKAROUND_2 via. SMCCC_ARCH_FEATURES call would return 1 to indicate that mitigation on the PE is either permanently enabled or not required. When SSBS is implemented, SCTLR_EL3.DSSBS is initialized to 0 at reset of every BL stage. This means that EL3 always executes with mitigation applied. For Cortex A76, if the PE implements SSBS, the existing mitigation (by using a different vector table, and tweaking CPU ACTLR2) is not used. Change-Id: Ib0386c5714184144d4747951751c2fc6ba4242b6 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 08 Nov, 2018 1 commit
-
-
Antonio Nino Diaz authored
All identifiers, regardless of use, that start with two underscores are reserved. This means they can't be used in header guards. The style that this project is now to use the full name of the file in capital letters followed by 'H'. For example, for a file called "uart_example.h", the header guard is UART_EXAMPLE_H. The exceptions are files that are imported from other projects: - CryptoCell driver - dt-bindings folders - zlib headers Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 02 Nov, 2018 2 commits
-
-
Antonio Nino Diaz authored
fdtw_read_cells() can only read one or two cells, sometimes it may be needed to read more cells from one property. Change-Id: Ie70dc76d1540cd6a04787cde7cccb4d1bafc7282 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Introduced fdtw_read_string() to read string properties. Change-Id: I854eef0390632cf2eaddd2dce60cdb98c117de43 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 01 Nov, 2018 1 commit
-
-
Antonio Nino Diaz authored
The macro EL_IMPLEMENTED() has been deprecated in favour of the new function el_implemented(). Change-Id: Ic9b1b81480b5e019b50a050e8c1a199991bf0ca9 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 29 Oct, 2018 2 commits
-
-
Soby Mathew authored
This patch introduces Position Independant Executable(PIE) support in TF-A. As a initial prototype, only BL31 can support PIE. A trivial dynamic linker is implemented which supports fixing up Global Offset Table(GOT) and Dynamic relocations(.rela.dyn). The fixup_gdt_reloc() helper function implements this linker and this needs to be called early in the boot sequence prior to invoking C functions. The GOT is placed in the RO section of BL31 binary for improved security and the BL31 linker script is modified to export the appropriate symbols required for the dynamic linker. The C compiler always generates PC relative addresses to linker symbols and hence referencing symbols exporting constants are a problem when relocating the binary. Hence the reference to the `__PERCPU_TIMESTAMP_SIZE__` symbol in PMF is removed and is now calculated at runtime based on start and end addresses. Change-Id: I1228583ff92cf432963b7cef052e95d995cca93d Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Soby Mathew authored
This patch fixes up the AArch64 assembly code to use adrp/adr instructions instead of ldr instruction for reference to symbols. This allows these assembly sequences to be Position Independant. Note that the the reference to sizes have been replaced with calculation of size at runtime. This is because size is a constant value and does not depend on execution address and using PC relative instructions for loading them makes them relative to execution address. Also we cannot use `ldr` instruction to load size as it generates a dynamic relocation entry which must *not* be fixed up and it is difficult for a dynamic loader to differentiate which entries need to be skipped. Change-Id: I8bf4ed5c58a9703629e5498a27624500ef40a836 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 26 Oct, 2018 1 commit
-
-
Roberto Vargas authored
This function is not related to Arm platforms and can be reused by other platforms if needed. Change-Id: Ia9c328ce57ce7e917b825a9e09a42b0abb1a53e8 Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 19 Oct, 2018 1 commit
-
-
Soby Mathew authored
The `finish_console_register` macro is used by the multi console framework to register the `console_t` driver callbacks. It relied on weak references to the `ldr` instruction to populate 0 to the callback in case the driver has not defined the appropriate function. Use of `ldr` instruction to load absolute address to a reference makes the binary position dependant. These instructions should be replaced with adrp/adr instruction for position independant executable(PIE). But adrp/adr instructions don't work well with weak references as described in GNU ld bugzilla issue 22589. This patch defines a new version of `finish_console_register` macro which can spcify which driver callbacks are valid and deprecates the old one. If any of the argument is not specified, then the macro populates 0 for that callback. Hence the functionality of the previous deprecated macro is preserved. The USE_FINISH_CONSOLE_REG_2 define is used to select the new variant of the macro and will be removed once the deprecated variant is removed. All the upstream console drivers have been migrated to use the new macro in this patch. NOTE: Platforms be aware that the new variant of the `finish_console_register` should be used and the old variant is deprecated. Change-Id: Ia6a67aaf2aa3ba93932992d683587bbd0ad25259 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 16 Oct, 2018 1 commit
-
-
Jeenu Viswambharan authored
Pointer authentication is an Armv8.3 feature that introduces instructions that can be used to authenticate and verify pointers. Pointer authentication instructions are allowed to be accessed from all ELs but only when EL3 explicitly allows for it; otherwise, their usage will trap to EL3. Since EL3 doesn't have trap handling in place, this patch unconditionally disables all related traps to EL3 to avoid potential misconfiguration leading to an unhandled EL3 exception. Fixes ARM-software/tf-issues#629 Change-Id: I9bd2efe0dc714196f503713b721ffbf05672c14d Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 15 Oct, 2018 1 commit
-
-
Yann Gautier authored
To boot on eMMC or SD-cards, STM32MP1 platform needs: - GPT_IMAGE_ID to read GPT table on those devices - STM32_IMAGE_ID and IO_TYPE_STM32IMAGE to read images with STM32 header - IO_TYPE_MMC to have a IO for MMC devices Signed-off-by: Yann Gautier <yann.gautier@st.com>
-
- 11 Oct, 2018 1 commit
-
-
Sathees Balya authored
Change-Id: Ica944acc474a099219d50b041cfaeabd4f3d362f Signed-off-by: Sathees Balya <sathees.balya@arm.com>
-
- 10 Oct, 2018 1 commit
-
-
John Tsichritzis authored
The definitions of the logging macros are reordered to be consistent with the definitions of the log levels. Change-Id: I6ff07b93eb64786ff147d39014d1c8e15db28444 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 09 Oct, 2018 1 commit
-
-
Sathees Balya authored
Change-Id: Ia00eba2b18804e6498d935d33ec104953e0e5e03 Signed-off-by: Sathees Balya <sathees.balya@arm.com>
-
- 04 Oct, 2018 1 commit
-
-
Antonio Nino Diaz authored
No functional changes. Change-Id: I9638e02acb9b22eb794ebf45aad84348a710287e Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 28 Sep, 2018 3 commits
-
-
Antonio Nino Diaz authored
Change-Id: Icd1cdd42afdc78895a9be6c46b414b0a155cfa63 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Roberto Vargas authored
The code of LOAD_IMAGE_V2=0 has been removed. Change-Id: Iea03e5bebb90c66889bdb23f85c07d0c9717fffe Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Roberto Vargas authored
Change-Id: I40d040aa05bcbf11536a96ce59827711456b93a8 Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 21 Sep, 2018 1 commit
-
-
Daniel Boulby authored
Allow AArch32 to use the multi console driver by adding the required functions Change-Id: I9e69f18965f320074cf75442d6b0de891aef7936 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
-
- 30 Aug, 2018 4 commits
-
-
Antonio Nino Diaz authored
No functional changes. Change-Id: I850f08718abb69d5d58856b0e3de036266d8c2f4 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Change-Id: I8fbb4c785e7e07c7241e0c399a9b65161985c9df Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
When any of these functions is called the backtrace will be printed to the console. Change-Id: Id60842df824b320c485a9323ed6b80600f4ebe35 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Douglas Raillard authored
This function diplays the backtrace, the current EL and security state to allow a post-processing tool to choose the right binary to interpret the dump. The output can be fed to GNU addr2line to resolve function names given an ELF binary compiled with debug information. The "-i" flag is recommended to improve display in case of inlined functions. The *.dump files generated during the build process can also be used. The function works in AArch64 and AArch32. In AArch32 it only works in A32 mode (without T32 interworking), which is enforced in the Makefile. Sample output of a backtrace at EL3: BACKTRACE: START: function_name 0: EL3: 0x798 1: EL3: 0x538 2: EL3: 0x550 3: EL3: 0x55c 4: EL3: 0x568 5: EL3: 0x5a8 6: EL3: 0xf4 BACKTRACE: END: function_name In order to enable it the new option ENABLE_BACKTRACE must be set to 1. This option is set to 1 by default only in AArch64 debug builds. As usual, it can be overridden by the platform makefile and in the build command line. Change-Id: Icaff39b0e5188329728be2f3c72b868b2368e794 Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 22 Aug, 2018 3 commits
-
-
Antonio Nino Diaz authored
Change their names to printf and snprintf. They are much smaller than the previous versions we had, which makes them better suited for the Trusted Firmware. Change-Id: Ia872af91b7b967c47fce012eccecede7873a3daf Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
The C standard says that printf() has to return the number of characters it has printed. Change-Id: I0ef50b1d6766d140724ac0a2fa2c5d023431f984 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
The codebase was using non-standard headers. It is needed to replace them by the correct ones so that we can use the new libc headers. Change-Id: I530f71d9510cb036e69fe79823c8230afe890b9d Acked-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 20 Aug, 2018 1 commit
-
-
Jeenu Viswambharan authored
These changes address most of the required MISRA rules. In the process, some from generic code is also fixed. No functional changes. Change-Id: I707dbec9b34b802397e99da2f5ae738165d6feba Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-