- 08 Jul, 2016 7 commits
-
-
Sandrine Bailleux authored
At the moment, all BL images share a similar memory layout: they start with their code section, followed by their read-only data section. The two sections are contiguous in memory. Therefore, the end of the code section and the beginning of the read-only data one might share a memory page. This forces both to be mapped with the same memory attributes. As the code needs to be executable, this means that the read-only data stored on the same memory page as the code are executable as well. This could potentially be exploited as part of a security attack. This patch introduces a new build flag called SEPARATE_CODE_AND_RODATA, which isolates the code and read-only data on separate memory pages. This in turn allows independent control of the access permissions for the code and read-only data. This has an impact on memory footprint, as padding bytes need to be introduced between the code and read-only data to ensure the segragation of the two. To limit the memory cost, the memory layout of the read-only section has been changed in this case. - When SEPARATE_CODE_AND_RODATA=0, the layout is unchanged, i.e. the read-only section still looks like this (padding omitted): | ... | +-------------------+ | Exception vectors | +-------------------+ | Read-only data | +-------------------+ | Code | +-------------------+ BLx_BASE In this case, the linker script provides the limits of the whole read-only section. - When SEPARATE_CODE_AND_RODATA=1, the exception vectors and read-only data are swapped, such that the code and exception vectors are contiguous, followed by the read-only data. This gives the following new layout (padding omitted): | ... | +-------------------+ | Read-only data | +-------------------+ | Exception vectors | +-------------------+ | Code | +-------------------+ BLx_BASE In this case, the linker script now exports 2 sets of addresses instead: the limits of the code and the limits of the read-only data. Refer to the Firmware Design guide for more details. This provides platform code with a finer-grained view of the image layout and allows it to map these 2 regions with the appropriate access permissions. Note that SEPARATE_CODE_AND_RODATA applies to all BL images. Change-Id: I936cf80164f6b66b6ad52b8edacadc532c935a49
-
Sandrine Bailleux authored
This patch introduces the round_up() and round_down() macros, which round up (respectively down) a value to a given boundary. The boundary must be a power of two. Change-Id: I589dd1074aeb5ec730dd523b4ebf098d55a7e967
-
Sandrine Bailleux authored
This patch introduces a new header file: include/lib/utils.h. Its purpose is to provide generic macros and helper functions that are independent of any BL image, architecture, platform and even not specific to Trusted Firmware. For now, it contains only 2 macros: ARRAY_SIZE() and IS_POWER_OF_TWO(). These were previously defined in bl_common.h and xlat_tables.c respectively. bl_common.h includes utils.h to retain compatibility for platforms that relied on bl_common.h for the ARRAY_SIZE() macro. Upstream platform ports that use this macro have been updated to include utils.h. Change-Id: I960450f54134f25d1710bfbdc4184f12c049a9a9
-
Sandrine Bailleux authored
This patch adds a new linker symbol in BL1's linker script named '__BL1_ROM_END__', which marks the end of BL1's ROM content. This covers BL1's code, read-only data and read-write data to relocate in Trusted SRAM. The address of this new linker symbol is exported to C code through the 'BL1_ROM_END' macro. The section related to linker symbols in the Firmware Design guide has been updated and improved. Change-Id: I5c442ff497c78d865ffba1d7d044511c134e11c7
-
Sandrine Bailleux authored
This patch introduces the MT_EXECUTE/MT_EXECUTE_NEVER memory mapping attributes in the translation table library to specify the access permissions for instruction execution of a memory region. These new attributes should be used only for normal, read-only memory regions. For other types of memory, the translation table library still enforces the following rules, regardless of the MT_EXECUTE/MT_EXECUTE_NEVER attribute: - Device memory is always marked as execute-never. - Read-write normal memory is always marked as execute-never. Change-Id: I8bd27800a8c1d8ac1559910caf4a4840cf25b8b0
-
Sandrine Bailleux authored
This patch clarifies the mmap_desc() function by adding some comments and reorganising its code. No functional change has been introduced. Change-Id: I873493be17b4e60a89c1dc087dd908b425065401
-
Sandrine Bailleux authored
This patch introduces the arm_setup_page_tables() function to set up page tables on ARM platforms. It replaces the arm_configure_mmu_elx() functions and does the same thing except that it doesn't enable the MMU at the end. The idea is to reduce the amount of per-EL code that is generated by the C preprocessor by splitting the memory regions definitions and page tables creation (which is generic) from the MMU enablement (which is the only per-EL configuration). As a consequence, the call to the enable_mmu_elx() function has been moved up into the plat_arch_setup() hook. Any other ARM standard platforms that use the functions `arm_configure_mmu_elx()` must be updated. Change-Id: I6f12a20ce4e5187b3849a8574aac841a136de83d
-
- 04 Jul, 2016 2 commits
- 16 Jun, 2016 3 commits
-
-
Soby Mathew authored
This patch enables optional PSCI functions `PSCI_STAT_COUNT` and `PSCI_STAT_RESIDENCY` for ARM standard platforms. The optional platform API 'translate_power_state_by_mpidr()' is implemented for the Juno platform. 'validate_power_state()' on Juno downgrades PSCI CPU_SUSPEND requests for the system power level to the cluster power level. Hence, it is not suitable for validating the 'power_state' parameter passed in a PSCI_STAT_COUNT/RESIDENCY call. Change-Id: I9548322676fa468d22912392f2325c2a9f96e4d2
-
Yatharth Kochar authored
This patch adds following optional PSCI STAT functions: - PSCI_STAT_RESIDENCY: This call returns the amount of time spent in power_state in microseconds, by the node represented by the `target_cpu` and the highest level of `power_state`. - PSCI_STAT_COUNT: This call returns the number of times a `power_state` has been used by the node represented by the `target_cpu` and the highest power level of `power_state`. These APIs provides residency statistics for power states that has been used by the platform. They are implemented according to v1.0 of the PSCI specification. By default this optional feature is disabled in the PSCI implementation. To enable it, set the boolean flag `ENABLE_PSCI_STAT` to 1. This also sets `ENABLE_PMF` to 1. Change-Id: Ie62e9d37d6d416ccb1813acd7f616d1ddd3e8aff
-
Yatharth Kochar authored
This patch adds Performance Measurement Framework(PMF) in the ARM Trusted Firmware. PMF is implemented as a library and the SMC interface is provided through ARM SiP service. The PMF provides capturing, storing, dumping and retrieving the time-stamps, by enabling the development of services by different providers, that can be easily integrated into ARM Trusted Firmware. The PMF capture and retrieval APIs can also do appropriate cache maintenance operations to the timestamp memory when the caller indicates so. `pmf_main.c` consists of core functions that implement service registration, initialization, storing, dumping and retrieving the time-stamp. `pmf_smc.c` consists SMC handling for registered PMF services. `pmf.h` consists of the macros that can be used by the PMF service providers to register service and declare time-stamp functions. `pmf_helpers.h` consists of internal macros that are used by `pmf.h` By default this feature is disabled in the ARM trusted firmware. To enable it set the boolean flag `ENABLE_PMF` to 1. NOTE: The caller is responsible for specifying the appropriate cache maintenance flags and for acquiring/releasing appropriate locks before/after capturing/retrieving the time-stamps. Change-Id: Ib45219ac07c2a81b9726ef6bd9c190cc55e81854
-
- 15 Jun, 2016 2 commits
-
-
Soren Brinkmann authored
Add build time option 'cadence1' for ZYNQMP_CONSOLE to select the 2nd UART available in the SoC. Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com> Acked-by: Michal Simek <michal.simek@xilinx.com>
-
danh-arm authored
Zynqmp updates
-
- 13 Jun, 2016 6 commits
-
-
Soren Brinkmann authored
Add a convenience macro to add a build definition with a value. Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
-
danh-arm authored
Bring IO storage dummy driver
-
danh-arm authored
opteed: assume aarch64 for optee
-
danh-arm authored
CSS: Add support to wake up the core from wfi in GICv3
-
danh-arm authored
Add support for QEMU virt ARMv8-A
-
Ashutosh Singh authored
OPTEE to execute in aarch64 bit mode, set it accordingly when execution transitions from EL3 to EL1 Change-Id: I59f2f940bdc1aac10543045b006a137d107ec95f Signed-off-by: Ashutosh Singh <ashutosh.singh@arm.com>
-
- 09 Jun, 2016 1 commit
-
-
Jens Wiklander authored
This patch adds support for the QEMU virt ARMv8-A target. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
-
- 08 Jun, 2016 4 commits
-
-
danh-arm authored
Allow dynamic overriding of ROTPK verification
-
danh-arm authored
Move checkpatch options in a configuration file
-
danh-arm authored
Import libfdt v1.4.1 and related changes
-
David Wang authored
In GICv3 mode, the non secure group1 interrupts are signalled via the FIQ line in EL3. To support waking up from CPU_SUSPEND to standby on these systems, EL3 should route FIQ to EL3 temporarily before wfi and restore the original setting after resume. This patch makes this change for the CSS platforms in the `css_cpu_standby` psci pm ops hook. Change-Id: Ibf3295d16e2f08da490847c1457bc839e1bac144
-
- 07 Jun, 2016 3 commits
-
-
Mirela Simonovic authored
NODE_IPI_APU is the node ID of APU's IPI device. If APU should be woken-up on an IPI from FPD power down, this node shall be set as the wake-up source upon suspend. Signed-off-by: Mirela Simonovic <mirela.simonovic@aggios.com>
-
danh-arm authored
Update comments in load_image()
-
Sandrine Bailleux authored
- Fix the function documentation. Since commit 16948ae1, load_image() uses image IDs rather than image names. - Clarify the consequences of a null entry point argument. - Slightly reorganize the code to remove an unnecessary 'if' statement. Change-Id: Iebea3149a37f23d3b847a37a206ed23f7e8ec717
-
- 06 Jun, 2016 2 commits
-
-
danh-arm authored
xlat lib: Remove out-dated comment
-
Sandrine Bailleux authored
At the moment, the top Makefile specifies the options to pass to the checkpatch script in order to check the coding style. The checkpatch script also supports reading its options from a configuration file rather than from the command line. This patch makes use of this feature and moves the checkpatch options out of the Makefile. This simplifies the Makefile and makes things clearer. This patch also adds some more checkpatch options: --showfile --ignore FILE_PATH_CHANGES --ignore AVOID_EXTERNS --ignore NEW_TYPEDEFS --ignore VOLATILE The rationale behind each of these options has been documented in the configuration file. Change-Id: I423e1abe5670c0f57046cbf705f89a8463898676
-
- 03 Jun, 2016 10 commits
-
-
Soby Mathew authored
A production ROM with TBB enabled must have the ability to boot test software before a real ROTPK is deployed (e.g. manufacturing mode). Previously the function plat_get_rotpk_info() must return a valid ROTPK for TBB to succeed. This patch adds an additional bit `ROTPK_NOT_DEPLOYED` in the output `flags` parameter from plat_get_rotpk_info(). If this bit is set, then the ROTPK in certificate is used without verifying against the platform value. Fixes ARM-software/tf-issues#381 Change-Id: Icbbffab6bff8ed76b72431ee21337f550d8fdbbb
-
danh-arm authored
Implement plat_set_nv_ctr for FVP platforms
-
danh-arm authored
Fix a syntax error in plat/arm/common/aarch64/arm_common.c
-
danh-arm authored
Add support for ARM Cortex-A73 MPCore Processor
-
danh-arm authored
Build option to include AArch32 registers in cpu context
-
Sandrine Bailleux authored
Building TF with ERROR_DEPRECATED=1 fails because of a missing semi-column. This patch fixes this syntax error. Change-Id: I98515840ce74245b0a0215805f85c8e399094f68
-
Dan Handley authored
* Move libfdt API headers to include/lib/libfdt * Add libfdt.mk helper makefile * Remove unused libfdt files * Minor changes to fdt.h and libfdt.h to make them C99 compliant Co-Authored-By: Jens Wiklander <jens.wiklander@linaro.org> Change-Id: I425842c2b111dcd5fb6908cc698064de4f77220e
-
Dan Handley authored
Imports libfdt code from https://git.kernel.org/cgit/utils/dtc/dtc.git tag "v1.4.1" commit 302fca9f4c283e1994cf0a5a9ce1cf43ca15e6d2. Change-Id: Ia0d966058beee55a9047e80d8a05bbe4f71d8446
-
Dan Handley authored
Exclude documentation files from the `make checkcodebase` target (these files were already excluded from checkpatch). Also exclude libfdt files to prepare for import of this library. Change-Id: Iee597ed66494de2b11cf84096f771f1f04472d5b
-
Dan Handley authored
* Move stdlib header files from include/stdlib to include/lib/stdlib for consistency with other library headers. * Fix checkpatch paths to continue excluding stdlib files. * Create stdlib.mk to define the stdlib source files and include directories. * Include stdlib.mk from the top level Makefile. * Update stdlib header path in the fip_create Makefile. * Update porting-guide.md with the new paths. Change-Id: Ia92c2dc572e9efb54a783e306b5ceb2ce24d27fa
-