- 02 Aug, 2017 1 commit
-
-
Douglas Raillard authored
Replace the use of r12 by r10 to save the value of a parameter of bl2u_entrypoint to pass it to bl2u_early_platform_setup at the end of the function. r10 is a callee saved register so it will not become corrupted by C code, whereas r12 is the The Intra-Procedure-call scratch register potentially used by veneers. See the ARM AAPCS document (ARM IHI 0042F). Change-Id: I4f37e54a6b550719edb40bb24cd8f498827e2749 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 15 May, 2017 1 commit
-
-
Yatharth Kochar authored
Add support for firmware upgrade on AArch32. This patch has been tested on the FVP models. NOTE: Firmware upgrade on Juno AArch32 is not currently supported. Change-Id: I1ca8078214eaf86b46463edd14740120af930aec Signed-off-by: dp-arm <dimitris.papastamos@arm.com> Co-Authored-By: Yatharth Kochar <yatharth.kochar@arm.com>
-
- 03 May, 2017 1 commit
-
-
dp-arm authored
To make software license auditing simpler, use SPDX[0] license identifiers instead of duplicating the license text in every file. NOTE: Files that have been imported by FreeBSD have not been modified. [0]: https://spdx.org/ Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 31 Mar, 2017 1 commit
-
-
Douglas Raillard authored
Introduce new build option ENABLE_STACK_PROTECTOR. It enables compilation of all BL images with one of the GCC -fstack-protector-* options. A new platform function plat_get_stack_protector_canary() is introduced. It returns a value that is used to initialize the canary for stack corruption detection. Returning a random value will prevent an attacker from predicting the value and greatly increase the effectiveness of the protection. A message is printed at the ERROR level when a stack corruption is detected. To be effective, the global data must be stored at an address lower than the base of the stacks. Failure to do so would allow an attacker to overwrite the canary as part of an attack which would void the protection. FVP implementation of plat_get_stack_protector_canary is weak as there is no real source of entropy on the FVP. It therefore relies on a timer's value, which could be predictable. Change-Id: Icaaee96392733b721fa7c86a81d03660d3c1bc06 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 05 Dec, 2016 1 commit
-
-
Jeenu Viswambharan authored
There are many instances in ARM Trusted Firmware where control is transferred to functions from which return isn't expected. Such jumps are made using 'bl' instruction to provide the callee with the location from which it was jumped to. Additionally, debuggers infer the caller by examining where 'lr' register points to. If a 'bl' of the nature described above falls at the end of an assembly function, 'lr' will be left pointing to a location outside of the function range. This misleads the debugger back trace. This patch defines a 'no_ret' macro to be used when jumping to functions from which return isn't expected. The macro ensures to use 'bl' instruction for the jump, and also, for debug builds, places a 'nop' instruction immediately thereafter (unless instructed otherwise) so as to leave 'lr' pointing within the function range. Change-Id: Ib34c69fc09197cfd57bc06e147cc8252910e01b0 Co-authored-by: Douglas Raillard <douglas.raillard@arm.com> Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 21 Sep, 2016 1 commit
-
-
Yatharth Kochar authored
This patch adds generic changes in BL2 to support AArch32 state. New AArch32 specific assembly/C files are introduced and some files are moved to AArch32/64 specific folders. BL2 for AArch64 is refactored but functionally identical. BL2 executes in Secure SVC mode in AArch32 state. Change-Id: Ifaacbc2a91f8640876385b953adb24744d9dbde3
-
- 14 Mar, 2016 1 commit
-
-
Antonio Nino Diaz authored
Added a new platform porting function plat_panic_handler, to allow platforms to handle unexpected error situations. It must be implemented in assembly as it may be called before the C environment is initialized. A default implementation is provided, which simply spins. Corrected all dead loops in generic code to call this function instead. This includes the dead loop that occurs at the end of the call to panic(). All unnecesary wfis from bl32/tsp/aarch64/tsp_exceptions.S have been removed. Change-Id: I67cb85f6112fa8e77bd62f5718efcef4173d8134
-
- 09 Dec, 2015 1 commit
-
-
Yatharth Kochar authored
The primary usage of `RUN_IMAGE` SMC function id, used by BL2 is to make a request to BL1 to execute BL31. But BL2 also uses it as opcode to check if it is allowed to execute which is not the intended usage of `RUN_IMAGE` SMC. This patch removes the usage of `RUN_IMAGE` as opcode passed to next EL to check if it is allowed to execute. Change-Id: I6aebe0415ade3f43401a4c8a323457f032673657
-
- 14 Sep, 2015 1 commit
-
-
Achin Gupta authored
On the ARMv8 architecture, cache maintenance operations by set/way on the last level of integrated cache do not affect the system cache. This means that such a flush or clean operation could result in the data being pushed out to the system cache rather than main memory. Another CPU could access this data before it enables its data cache or MMU. Such accesses could be serviced from the main memory instead of the system cache. If the data in the sysem cache has not yet been flushed or evicted to main memory then there could be a loss of coherency. The only mechanism to guarantee that the main memory will be updated is to use cache maintenance operations to the PoC by MVA(See section D3.4.11 (System level caches) of ARMv8-A Reference Manual (Issue A.g/ARM DDI0487A.G). This patch removes the reliance of Trusted Firmware on the flush by set/way operation to ensure visibility of data in the main memory. Cache maintenance operations by MVA are now used instead. The following are the broad category of changes: 1. The RW areas of BL2/BL31/BL32 are invalidated by MVA before the C runtime is initialised. This ensures that any stale cache lines at any level of cache are removed. 2. Updates to global data in runtime firmware (BL31) by the primary CPU are made visible to secondary CPUs using a cache clean operation by MVA. 3. Cache maintenance by set/way operations are only used prior to power down. NOTE: NON-UPSTREAM TRUSTED FIRMWARE CODE SHOULD MAKE EQUIVALENT CHANGES IN ORDER TO FUNCTION CORRECTLY ON PLATFORMS WITH SUPPORT FOR SYSTEM CACHES. Fixes ARM-software/tf-issues#205 Change-Id: I64f1b398de0432813a0e0881d70f8337681f6e9a
-
- 13 Aug, 2015 1 commit
-
-
Soby Mathew authored
This patch migrates the rest of Trusted Firmware excluding Secure Payload and the dispatchers to the new platform and context management API. The per-cpu data framework APIs which took MPIDRs as their arguments are deleted and only the ones which take core index as parameter are retained. Change-Id: I839d05ad995df34d2163a1cfed6baa768a5a595d
-
- 08 Apr, 2015 1 commit
-
-
Kévin Petit authored
In order for the symbol table in the ELF file to contain the size of functions written in assembly, it is necessary to report it to the assembler using the .size directive. To fulfil the above requirements, this patch introduces an 'endfunc' macro which contains the .endfunc and .size directives. It also adds a .func directive to the 'func' assembler macro. The .func/.endfunc have been used so the assembler can fail if endfunc is omitted. Fixes ARM-Software/tf-issues#295 Change-Id: If8cb331b03d7f38fe7e3694d4de26f1075b278fc Signed-off-by: Kévin Petit <kevin.petit@arm.com>
-
- 22 Jan, 2015 1 commit
-
-
Soby Mathew authored
This patch extends the build option `USE_COHERENT_MEMORY` to conditionally remove coherent memory from the memory maps of all boot loader stages. The patch also adds necessary documentation for coherent memory removal in firmware-design, porting and user guides. Fixes ARM-Software/tf-issues#106 Change-Id: I260e8768c6a5c2efc402f5804a80657d8ce38773
-
- 15 Aug, 2014 1 commit
-
-
Achin Gupta authored
This patch disables routing of external aborts from lower exception levels to EL3 and ensures that a SError interrupt generated as a result of execution in EL3 is taken locally instead of a lower exception level. The SError interrupt is enabled in the TSP code only when the operation has not been directly initiated by the normal world. This is to prevent the possibility of an asynchronous external abort which originated in normal world from being taken when execution is in S-EL1. Fixes ARM-software/tf-issues#153 Change-Id: I157b996c75996d12fd86d27e98bc73dd8bce6cd5
-
- 01 Aug, 2014 1 commit
-
-
Juan Castillo authored
The purpose of platform_is_primary_cpu() is to determine after reset (BL1 or BL3-1 with reset handler) if the current CPU must follow the cold boot path (primary CPU), or wait in a safe state (secondary CPU) until the primary CPU has finished the system initialization. This patch removes redundant calls to platform_is_primary_cpu() in subsequent bootloader entrypoints since the reset handler already guarantees that code is executed exclusively on the primary CPU. Additionally, this patch removes the weak definition of platform_is_primary_cpu(), so the implementation of this function becomes mandatory. Removing the weak symbol avoids other bootloaders accidentally picking up an invalid definition in case the porting layer makes the real function available only to BL1. The define PRIMARY_CPU is no longer mandatory in the platform porting because platform_is_primary_cpu() hides the implementation details (for instance, there may be platforms that report the primary CPU in a system register). The primary CPU definition in FVP has been moved to fvp_def.h. The porting guide has been updated accordingly. Fixes ARM-software/tf-issues#219 Change-Id: If675a1de8e8d25122b7fef147cb238d939f90b5e
-
- 28 Jul, 2014 1 commit
-
-
Achin Gupta authored
This patch reworks the manner in which the M,A, C, SA, I, WXN & EE bits of SCTLR_EL3 & SCTLR_EL1 are managed. The EE bit is cleared immediately after reset in EL3. The I, A and SA bits are set next in EL3 and immediately upon entry in S-EL1. These bits are no longer managed in the blX_arch_setup() functions. They do not have to be saved and restored either. The M, WXN and optionally the C bit are set in the enable_mmu_elX() function. This is done during both the warm and cold boot paths. Fixes ARM-software/tf-issues#226 Change-Id: Ie894d1a07b8697c116960d858cd138c50bc7a069
-
- 19 Jul, 2014 1 commit
-
-
Achin Gupta authored
This patch reworks the cold boot path across the BL1, BL2, BL3-1 and BL3-2 boot loader stages to not use stacks allocated in coherent memory for early platform setup and enabling the MMU. Stacks allocated in normal memory are used instead. Attributes for stack memory change from nGnRnE when the MMU is disabled to Normal WBWA Inner-shareable when the MMU and data cache are enabled. It is possible for the CPU to read stale stack memory after the MMU is enabled from another CPUs cache. Hence, it is unsafe to turn on the MMU and data cache while using normal stacks when multiple CPUs are a part of the same coherency domain. It is safe to do so in the cold boot path as only the primary cpu executes it. The secondary cpus are in a quiescent state. This patch does not remove the allocation of coherent stack memory. That is done in a subsequent patch. Change-Id: I12c80b7c7ab23506d425c5b3a8a7de693498f830
-
- 22 May, 2014 1 commit
-
-
Vikram Kanigiri authored
This patch reworks the handover interface from: BL1 to BL2 and BL2 to BL3-1. It removes the raise_el(), change_el(), drop_el() and run_image() functions as they catered for code paths that were never exercised. BL1 calls bl1_run_bl2() to jump into BL2 instead of doing the same by calling run_image(). Similarly, BL2 issues the SMC to transfer execution to BL3-1 through BL1 directly. Only x0 and x1 are used to pass arguments to BL31. These arguments and parameters for running BL3-1 are passed through a reference to a 'el_change_info_t' structure. They were being passed value in general purpose registers earlier. Change-Id: Id4fd019a19a9595de063766d4a66295a2c9307e1
-
- 07 May, 2014 2 commits
-
-
Andrew Thoelke authored
Instead of using the system register helper functions to read or write system registers, assembler coded functions should use MRS/MSR instructions. This results in faster and more compact code. This change replaces all usage of the helper functions with direct register accesses. Change-Id: I791d5f11f257010bb3e6a72c6c5ab8779f1982b3
-
Andrew Thoelke authored
The current code does not always use data and instruction barriers as required by the architecture and frequently uses barriers excessively due to their inclusion in all of the write_*() helper functions. Barriers should be used explicitly in assembler or C code when modifying processor state that requires the barriers in order to enable review of correctness of the code. This patch removes the barriers from the helper functions and introduces them as necessary elsewhere in the code. PORTING NOTE: check any port of Trusted Firmware for use of system register helper functions for reliance on the previous barrier behaviour and add explicit barriers as necessary. Fixes ARM-software/tf-issues#92 Change-Id: Ie63e187404ff10e0bdcb39292dd9066cb84c53bf
-
- 06 May, 2014 1 commit
-
-
Dan Handley authored
Reduce the number of header files included from other header files as much as possible without splitting the files. Use forward declarations where possible. This allows removal of some unnecessary "#ifndef __ASSEMBLY__" statements. Also, review the .c and .S files for which header files really need including and reorder the #include statements alphabetically. Fixes ARM-software/tf-issues#31 Change-Id: Iec92fb976334c77453e010b60bcf56f3be72bd3e
-
- 26 Mar, 2014 1 commit
-
-
Andrew Thoelke authored
This extends the --gc-sections behaviour to the many assembler support functions in the firmware images by placing each function into its own code section. This is achieved by creating a 'func' macro used to declare each function label. Fixes ARM-software/tf-issues#80 Change-Id: I301937b630add292d2dec6d2561a7fcfa6fec690
-
- 17 Jan, 2014 2 commits
-
-
Jeenu Viswambharan authored
Ctags seem to have a problem with generating tags for assembler symbols when a comment immediately follows an assembly label. This patch inserts a single space character between the label definition and the following comments to help ctags. The patch is generated by the command: git ls-files -- \*.S | xargs sed -i 's/^\([^:]\+\):;/\1: ;/1' Change-Id: If7a3c9d0f51207ea033cc8b8e1b34acaa0926475
-
Dan Handley authored
Change-Id: Ic7fb61aabae1d515b9e6baf3dd003807ff42da60
-
- 12 Dec, 2013 1 commit
-
-
Sandrine Bailleux authored
Change-Id: Icef68e314e6ba0f3694189b57f4b1dbbea5ba255
-
- 05 Dec, 2013 3 commits
-
-
Dan Handley authored
- Add instructions for contributing to ARM Trusted Firmware. - Update copyright text in all files to acknowledge contributors. Change-Id: I9311aac81b00c6c167d2f8c889aea403b84450e5
-
Sandrine Bailleux authored
This patch makes sure the C runtime environment is properly initialised before executing any C code. - Zero-initialise NOBITS sections (e.g. the bss section). - Relocate BL1 data from ROM to RAM. Change-Id: I0da81b417b2f0d1f7ef667cc5131b1e47e22571f
-
Sandrine Bailleux authored
- Check at link-time that bootloader images will fit in memory at run time and that they won't overlap each other. - Remove text and rodata orphan sections. - Define new linker symbols to remove the need for platform setup code to know the order of sections. - Reduce the size of the raw binary images by cutting some sections out of the disk image and allocating them at load time, whenever possible. - Rework alignment constraints on sections. - Remove unused linker symbols. - Homogenize linker symbols names across all BLs. - Add some comments in the linker scripts. Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
-
- 27 Nov, 2013 1 commit
-
-
Sandrine Bailleux authored
blx_plat_arch_setup() should only perform platform-specific architectural setup, e.g. enabling the MMU. This patch moves generic architectural setup code out of blx_plat_arch_setup(). Change-Id: I4ccf56b8c4a2fa84909817779a2d97a14aaafab6
-
- 25 Oct, 2013 1 commit
-
-
Achin Gupta authored
-