1. 08 May, 2014 2 commits
    • Soby Mathew's avatar
      Preserve x19-x29 across world switch for exception handling · c3260f9b
      Soby Mathew authored
      Previously exception handlers in BL3-1, X19-X29 were not saved
      and restored on every SMC/trap into EL3. Instead these registers
      were 'saved as needed' as a side effect of the A64 ABI used by the C
      compiler.
      
      That approach failed when world switching but was not visible
      with the TSP/TSPD code because the TSP is 64-bit, did not
      clobber these registers when running and did not support pre-emption
      by normal world interrupts. These scenarios showed
      that the values in these registers can be passed through a world
      switch, which broke the normal and trusted world assumptions
      about these registers being preserved.
      
      The Ideal solution saves and restores these registers when a
      world switch occurs - but that type of implementation is more complex.
      So this patch always saves and restores these registers on entry and
      exit of EL3.
      
      Fixes ARM-software/tf-issues#141
      
      Change-Id: I9a727167bbc594454e81cf78a97ca899dfb11c27
      c3260f9b
    • Sandrine Bailleux's avatar
      Remove unused 'PL011_BASE' macro · 31bce47e
      Sandrine Bailleux authored
      'PL011_BASE' macro is no longer used because the right UART base
      address is now directly given to the 'console_init()' function.
      This patch removes it.
      
      Change-Id: I94759c99602df4876291a56f9f6a75de337a65ec
      31bce47e
  2. 07 May, 2014 4 commits
    • Andrew Thoelke's avatar
      Optimise data cache clean/invalidate operation · 5f6032a8
      Andrew Thoelke authored
      The data cache clean and invalidate operations dcsw_op_all()
      and dcsw_op_loius() were implemented to invoke a DSB and ISB
      barrier for every set/way operation. This adds a substantial
      performance penalty to an already expensive operation.
      
      These functions have been reworked to provide an optimised
      implementation derived from the code in section D3.4 of the
      ARMv8 ARM. The helper macro setup_dcsw_op_args has been moved
      and reworked alongside the implementation.
      
      Fixes ARM-software/tf-issues#146
      
      Change-Id: Icd5df57816a83f0a842fce935320a369f7465c7f
      5f6032a8
    • Andrew Thoelke's avatar
      Remove unused or invalid asm helper functions · 228a9f0b
      Andrew Thoelke authored
      There are a small number of non-EL specific helper functions
      which are no longer used, and also some unusable helper
      functions for non-existant registers.
      
      This change removes all of these functions.
      
      Change-Id: Idd656cef3b59cf5c46fe2be4029d72288b649c24
      228a9f0b
    • Andrew Thoelke's avatar
      Access system registers directly in assembler · 7935d0a5
      Andrew Thoelke authored
      Instead of using the system register helper functions to read
      or write system registers, assembler coded functions should
      use MRS/MSR instructions. This results in faster and more
      compact code.
      
      This change replaces all usage of the helper functions with
      direct register accesses.
      
      Change-Id: I791d5f11f257010bb3e6a72c6c5ab8779f1982b3
      7935d0a5
    • Andrew Thoelke's avatar
      Replace disable_mmu with assembler version · 2f5dcfef
      Andrew Thoelke authored
      disable_mmu() cannot work as a C function as there is no control
      over data accesses generated by the compiler between disabling and
      cleaning the data cache. This results in reading stale data from
      main memory.
      
      As assembler version is provided for EL3, and a variant that also
      disables the instruction cache which is now used by the BL1
      exception handling function.
      
      Fixes ARM-software/tf-issues#147
      
      Change-Id: I0cf394d2579a125a23c2f2989c2e92ace6ddb1a6
      2f5dcfef
  3. 06 May, 2014 10 commits
    • Dan Handley's avatar
      Remove variables from .data section · 625de1d4
      Dan Handley authored
      Update code base to remove variables from the .data section,
      mainly by using const static data where possible and adding
      the const specifier as required. Most changes are to the IO
      subsystem, including the framework APIs. The FVP power
      management code is also affected.
      
      Delay initialization of the global static variable,
      next_image_type in bl31_main.c, until it is realy needed.
      Doing this moves the variable from the .data to the .bss
      section.
      
      Also review the IO interface for inconsistencies, using
      uintptr_t where possible instead of void *. Remove the
      io_handle and io_dev_handle typedefs, which were
      unnecessary, replacing instances with uintptr_t.
      
      Fixes ARM-software/tf-issues#107.
      
      Change-Id: I085a62197c82410b566e4698e5590063563ed304
      625de1d4
    • Dan Handley's avatar
      Reduce deep nesting of header files · 97043ac9
      Dan Handley authored
      Reduce the number of header files included from other header
      files as much as possible without splitting the files. Use forward
      declarations where possible. This allows removal of some unnecessary
      "#ifndef __ASSEMBLY__" statements.
      
      Also, review the .c and .S files for which header files really need
      including and reorder the #include statements alphabetically.
      
      Fixes ARM-software/tf-issues#31
      
      Change-Id: Iec92fb976334c77453e010b60bcf56f3be72bd3e
      97043ac9
    • Dan Handley's avatar
      Always use named structs in header files · fb037bfb
      Dan Handley authored
      Add tag names to all unnamed structs in header files. This
      allows forward declaration of structs, which is necessary to
      reduce header file nesting (to be implemented in a subsequent
      commit).
      
      Also change the typedef names across the codebase to use the _t
      suffix to be more conformant with the Linux coding style. The
      coding style actually prefers us not to use typedefs at all but
      this is considered a step too far for Trusted Firmware.
      
      Also change the IO framework structs defintions to use typedef'd
      structs to be consistent with the rest of the codebase.
      
      Change-Id: I722b2c86fc0d92e4da3b15e5cab20373dd26786f
      fb037bfb
    • Dan Handley's avatar
      Move PSCI global functions out of private header · c5945735
      Dan Handley authored
      Move the PSCI global functions out of psci_private.h and into
      psci.h to allow the standard service to only depend on psci.h.
      
      Change-Id: I8306924a3814b46e70c1dcc12524c7aefe06eed1
      c5945735
    • Dan Handley's avatar
      Separate BL functions out of arch.h · 5b827a8f
      Dan Handley authored
      Move the BL function prototypes out of arch.h and into the
      appropriate header files to allow more efficient header file
      inclusion. Create new BL private header files where there is no
      sensible existing header file.
      
      Change-Id: I45f3e10b72b5d835254a6f25a5e47cf4cfb274c3
      5b827a8f
    • Dan Handley's avatar
      Refactor GIC header files · 8a4fb6f6
      Dan Handley authored
      Move the function prototypes from gic.h into either gic_v2.h or
      gic_v3.h as appropriate. Update the source files to include the
      correct headers.
      
      Change-Id: I368cfda175cdcbd3a68f46e2332738ec49048e19
      8a4fb6f6
    • Dan Handley's avatar
      Separate out CASSERT macro into own header · bdbfc3c2
      Dan Handley authored
      Separate out the CASSERT macro out of bl_common.h into its own
      header to allow more efficient header inclusion.
      
      Change-Id: I291be0b6b8f9879645e839a8f0dd1ec9b3db9639
      bdbfc3c2
    • Dan Handley's avatar
      Make use of user/system includes more consistent · 35e98e55
      Dan Handley authored
      Make codebase consistent in its use of #include "" syntax for
      user includes and #include <> syntax for system includes.
      
      Fixes ARM-software/tf-issues#65
      
      Change-Id: If2f7c4885173b1fd05ac2cde5f1c8a07000c7a33
      35e98e55
    • Dan Handley's avatar
      Move FVP power driver to FVP platform · e8246c07
      Dan Handley authored
      Move the FVP power driver to a directory under the FVP platform
      port as this is not a generically usable driver.
      
      Change-Id: Ibc78bd88752eb3e3964336741488349ac345f4f0
      e8246c07
    • Dan Handley's avatar
      Move include and source files to logical locations · 4ecca339
      Dan Handley authored
      Move almost all system include files to a logical sub-directory
      under ./include. The only remaining system include directories
      not under ./include are specific to the platform. Move the
      corresponding source files to match the include directory
      structure.
      
      Also remove pm.h as it is no longer used.
      
      Change-Id: Ie5ea6368ec5fad459f3e8a802ad129135527f0b3
      4ecca339
  4. 29 Apr, 2014 1 commit
    • Vikram Kanigiri's avatar
      Preserve PSCI cpu_suspend 'power_state' parameter. · 759ec93b
      Vikram Kanigiri authored
      This patch saves the 'power_state' parameter prior to suspending
      a cpu and invalidates it upon its resumption. The 'affinity level'
      and 'state id' fields of this parameter can be read using a set of
      public and private apis. Validation of power state parameter is
      introduced which checks for SBZ bits are zero.
      This change also takes care of flushing the parameter from the cache
      to main memory. This ensures that it is available after cpu reset
      when the caches and mmu are turned off. The earlier support for
      saving only the 'affinity level' field of the 'power_state' parameter
      has also been reworked.
      
      Fixes ARM-Software/tf-issues#26
      Fixes ARM-Software/tf-issues#130
      
      Change-Id: Ic007ccb5e39bf01e0b67390565d3b4be33f5960a
      759ec93b
  5. 24 Apr, 2014 1 commit
    • Harry Liebel's avatar
      Add TrustZone (TZC-400) driver · cd116d17
      Harry Liebel authored
      The TZC-400 performs security checks on transactions to memory or
      peripherals. Separate regions can be created in the address space each
      with individual security settings.
      
      Limitations:
      This driver does not currently support raising an interrupt on access
      violation.
      
      Change-Id: Idf8ed64b4d8d218fc9b6f9d75acdb2cd441d2449
      cd116d17
  6. 15 Apr, 2014 1 commit
    • Andrew Thoelke's avatar
      Allocate single stacks for BL1 and BL2 · 2bf28e62
      Andrew Thoelke authored
      The BL images share common stack management code which provides
      one coherent and one cacheable stack for every CPU. BL1 and BL2
      just execute on the primary CPU during boot and do not require
      the additional CPU stacks. This patch provides separate stack
      support code for UP and MP images, substantially reducing the
      RAM usage for BL1 and BL2 for the FVP platform.
      
      This patch also provides macros for declaring stacks and
      calculating stack base addresses to improve consistency where
      this has to be done in the firmware.
      
      The stack allocation source files are now included via
      platform.mk rather than the common BLx makefiles. This allows
      each platform to select the appropriate MP/UP stack support
      for each BL image.
      
      Each platform makefile must be updated when including this
      commit.
      
      Fixes ARM-software/tf-issues#76
      
      Change-Id: Ia251f61b8148ffa73eae3f3711f57b1ffebfa632
      2bf28e62
  7. 08 Apr, 2014 1 commit
    • Sandrine Bailleux's avatar
      Define frequency of system counter in platform code · 9e86490f
      Sandrine Bailleux authored
      BL3-1 architecture setup code programs the system counter frequency
      into the CNTFRQ_EL0 register. This frequency is defined by the
      platform, though. This patch introduces a new platform hook that
      the architecture setup code can call to retrieve this information.
      In the ARM FVP port, this returns the first entry of the frequency
      modes table from the memory mapped generic timer.
      
      All system counter setup code has been removed from BL1 as some
      platforms may not have initialized the system counters at this stage.
      The platform specific settings done exclusively in BL1 have been moved
      to BL3-1. In the ARM FVP port, this consists in enabling and
      initializing the System level generic timer. Also, the frequency change
      request in the counter control register has been set to 0 to make it
      explicit it's using the base frequency. The CNTCR_FCREQ() macro has been
      fixed in this context to give an entry number rather than a bitmask.
      
      In future, when support for firmware update is implemented, there
      is a case where BL1 platform specific code will need to program
      the counter frequency. This should be implemented at that time.
      
      This patch also updates the relevant documentation.
      
      It properly fixes ARM-software/tf-issues#24
      
      Change-Id: If95639b279f75d66ac0576c48a6614b5ccb0e84b
      9e86490f
  8. 03 Apr, 2014 1 commit
  9. 26 Mar, 2014 2 commits
    • Andrew Thoelke's avatar
      Place assembler functions in separate sections · 0a30cf54
      Andrew Thoelke authored
      This extends the --gc-sections behaviour to the many assembler
      support functions in the firmware images by placing each function
      into its own code section. This is achieved by creating a 'func'
      macro used to declare each function label.
      
      Fixes ARM-software/tf-issues#80
      
      Change-Id: I301937b630add292d2dec6d2561a7fcfa6fec690
      0a30cf54
    • Vikram Kanigiri's avatar
      Add standby state support in PSCI cpu_suspend api · d118f9f8
      Vikram Kanigiri authored
      This patch adds support in the generic PSCI implementation to call a
      platform specific function to enter a standby state using an example
      implementation in ARM FVP port
      
      Fixes ARM-software/tf-issues#94
      Change-Id: Ic1263fcf25f28e09162ad29dca954125f9aa8cc9
      d118f9f8
  10. 21 Mar, 2014 1 commit
    • Vikram Kanigiri's avatar
      Remove partially qualified asm helper functions · 6ba0b6d6
      Vikram Kanigiri authored
      Each ARM Trusted Firmware image should know in which EL it is running
      and it should use the corresponding register directly instead of reading
      currentEL and knowing which asm register to read/write
      
      Change-Id: Ief35630190b6f07c8fbb7ba6cb20db308f002945
      6ba0b6d6
  11. 20 Mar, 2014 3 commits
    • Jeenu Viswambharan's avatar
      Rework bakery lock with WFE/SEV sequence · 82a0aca0
      Jeenu Viswambharan authored
      
      
      Current implementation of Bakery Lock does tight-loop waiting upon lock
      contention.
      
      This commit reworks the implementation to use WFE instruction for
      waiting, and SEV to signal lock availability. It also adds the rationale
      for choosing Bakery Locks instead of exclusion primitives, and more
      comments for the lock algorithm.
      
      Fixes ARM-software/tf-issue#67
      
      Change-Id: Ie351d3dbb27ec8e64dbc9507c84af07bd385a7df
      Co-authored-by: default avatarVikram Kanigiri <vikram.kanigiri@arm.com>
      82a0aca0
    • Jeenu Viswambharan's avatar
      Implement standard calls for TSP · 52538b9b
      Jeenu Viswambharan authored
      This patch adds call count, UID and version information SMC calls for
      the Trusted OS, as specified by the SMC calling convention.
      
      Change-Id: I9a3e84ac1bb046051db975d853dcbe9612aba6a9
      52538b9b
    • Jeenu Viswambharan's avatar
      Implement ARM Standard Service · 64f6ea9b
      Jeenu Viswambharan authored
      This patch implements ARM Standard Service as a runtime service and adds
      support for call count, UID and revision information SMCs. The existing
      PSCI implementation is subsumed by the Standard Service calls and all
      PSCI calls are therefore dispatched by the Standard Service to the PSCI
      handler.
      
      At present, PSCI is the only specification under Standard Service. Thus
      call count returns the number of PSCI calls implemented. As this is the
      initial implementation, a revision number of 0.1 is returned for call
      revision.
      
      Fixes ARM-software/tf-issues#62
      
      Change-Id: I6d4273f72ad6502636efa0f872e288b191a64bc1
      64f6ea9b
  12. 05 Mar, 2014 4 commits
  13. 26 Feb, 2014 1 commit
    • Jeenu Viswambharan's avatar
      Implement late binding for runtime hooks · 7f366605
      Jeenu Viswambharan authored
      At present SPD power management hooks and BL3-2 entry are implemented
      using weak references. This would have the handlers bound and registered
      with the core framework at build time, but leaves them dangling if a
      service fails to initialize at runtime.
      
      This patch replaces implementation by requiring runtime handlers to
      register power management and deferred initialization hooks with the
      core framework at runtime. The runtime services are to register the
      hooks only as the last step, after having all states successfully
      initialized.
      
      Change-Id: Ibe788a2a381ef39aec1d4af5ba02376e67269782
      7f366605
  14. 20 Feb, 2014 7 commits
    • Ryan Harkin's avatar
      Fix semihosting with latest toolchain · cd529320
      Ryan Harkin authored
      Fixes issues #10:
      
      https://github.com/ARM-software/tf-issues/issues/10
      
      
      
      This patch changes all/most variables of type int to be size_t or long
      to fix the sizing and alignment problems found when building with the
      newer toolchains such as Linaro GCC 13.12 or later.
      
      Change-Id: Idc9d48eb2ff9b8c5bbd5b227e6907263d1ea188b
      Signed-off-by: default avatarRyan Harkin <ryan.harkin@linaro.org>
      cd529320
    • Achin Gupta's avatar
      Add power management support in the SPD · 607084ee
      Achin Gupta authored
      This patch implements a set of handlers in the SPD which are called by
      the PSCI runtime service upon receiving a power management
      operation. These handlers in turn pass control to the Secure Payload
      image if required before returning control to PSCI. This ensures that
      the Secure Payload has complete visibility of all power transitions in
      the system and can prepare accordingly.
      
      Change-Id: I2d1dba5629b7cf2d53999d39fe807dfcf3f62fe2
      607084ee
    • Achin Gupta's avatar
      Add Test Secure Payload (BL3-2) image · 7c88f3f6
      Achin Gupta authored
      
      
      This patch adds a simple TSP as the BL3-2 image. The secure payload
      executes in S-EL1. It paves the way for the addition of the TSP
      dispatcher runtime service to BL3-1. The TSP and the dispatcher service
      will serve as an example of the runtime firmware's ability to toggle
      execution between the non-secure and secure states in response to SMC
      request from the non-secure state.  The TSP will be replaced by a
      Trusted OS in a real system.
      
      The TSP also exports a set of handlers which should be called in
      response to a PSCI power management event e.g a cpu being suspended or
      turned off. For now it runs out of Secure DRAM on the ARM FVP port and
      will be moved to Secure SRAM later. The default translation table setup
      code assumes that the caller is executing out of secure SRAM. Hence the
      TSP exports its own translation table setup function.
      
      The TSP only services Fast SMCs, is non-reentrant and non-interruptible.
      It does arithmetic operations on two sets of four operands, one set
      supplied by the non-secure client, and the other supplied by the TSP
      dispatcher in EL3. It returns the result according to the Secure Monitor
      Calling convention standard.
      
      This TSP has two functional entry points:
      
      - An initial, one-time entry point through which the TSP is initialized
        and prepares for receiving further requests from secure
        monitor/dispatcher
      
      - A fast SMC service entry point through which the TSP dispatcher
        requests secure services on behalf of the non-secure client
      
      Change-Id: I24377df53399307e2560a025eb2c82ce98ab3931
      Co-authored-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      7c88f3f6
    • Achin Gupta's avatar
      Factor out translation table setup in ARM FVP port · a0cd989d
      Achin Gupta authored
      This patch factors out the ARM FVP specific code to create MMU
      translation tables so that it is possible for a boot loader stage to
      create a different set of tables instead of using the default ones.
      The default translation tables are created with the assumption that
      the calling boot loader stage executes out of secure SRAM. This might
      not be true for the BL3_2 stage in the future.
      
      A boot loader stage can define the `fill_xlation_tables()` function as
      per its requirements. It returns a reference to the level 1
      translation table which is used by the common platform code to setup
      the TTBR_EL3.
      
      This patch is a temporary solution before a larger rework of
      translation table creation logic is introduced.
      
      Change-Id: I09a075d5da16822ee32a411a9dbe284718fb4ff6
      a0cd989d
    • Achin Gupta's avatar
      Add support for BL3-2 in BL3-1 · 35ca3511
      Achin Gupta authored
      This patch adds the following support to the BL3-1 stage:
      
      1. BL3-1 allows runtime services to specify and determine the security
         state of the next image after BL3-1. This has been done by adding
         the `bl31_set_next_image_type()` & `bl31_get_next_image_type()`
         apis. The default security state is non-secure. The platform api
         `bl31_get_next_image_info()` has been modified to let the platform
         decide which is the next image in the desired security state.
      
      2. BL3-1 exports the `bl31_prepare_next_image_entry()` function to
         program entry into the target security state. It uses the apis
         introduced in 1. to do so.
      
      3. BL3-1 reads the information populated by BL2 about the BL3-2 image
         into its internal data structures.
      
      4. BL3-1 introduces a weakly defined reference `bl32_init()` to allow
         initialisation of a BL3-2 image. A runtime service like the Secure
         payload dispatcher will define this function if present.
      
      Change-Id: Icc46dcdb9e475ce6575dd3f9a5dc7a48a83d21d1
      35ca3511
    • Achin Gupta's avatar
      Rework BL2 to BL3-1 hand over interface · e4d084ea
      Achin Gupta authored
      This patch reworks BL2 to BL3-1 hand over interface by introducing a
      composite structure (bl31_args) that holds the superset of information
      that needs to be passed from BL2 to BL3-1.
      
        - The extents of secure memory available to BL3-1
        - The extents of memory available to BL3-2 (not yet implemented) and
          BL3-3
        - Information to execute BL3-2 (not yet implemented) and BL3-3 images
      
      This patch also introduces a new platform API (bl2_get_bl31_args_ptr)
      that needs to be implemented by the platform code to export reference to
      bl31_args structure which has been allocated in platform-defined memory.
      
      The platform will initialize the extents of memory available to BL3-3
      during early platform setup in bl31_args structure. This obviates the
      need for bl2_get_ns_mem_layout platform API.
      
      BL2 calls the bl2_get_bl31_args_ptr function to get a reference to
      bl31_args structure. It uses the 'bl33_meminfo' field of this structure
      to load the BL3-3 image. It sets the entry point information for the
      BL3-3 image in the 'bl33_image_info' field of this structure. The
      reference to this structure is passed to the BL3-1 image.
      
      Also fixes issue ARM-software/tf-issues#25
      
      Change-Id: Ic36426196dd5ebf89e60ff42643bed01b3500517
      e4d084ea
    • Jeenu Viswambharan's avatar
      Add exception vector guards · a7934d69
      Jeenu Viswambharan authored
      This patch adds guards so that an exception vector exceeding 32
      instructions will generate a compile-time error. This keeps the
      exception handlers in check from spilling over.
      
      Change-Id: I7aa56dd0071a333664e2814c656d3896032046fe
      a7934d69
  15. 17 Feb, 2014 1 commit
    • Jeenu Viswambharan's avatar
      Add support for handling runtime service requests · caa84939
      Jeenu Viswambharan authored
      
      
      This patch uses the reworked exception handling support to handle
      runtime service requests through SMCs following the SMC calling
      convention. This is a giant commit since all the changes are
      inter-related. It does the following:
      
      1. Replace the old exception handling mechanism with the new one
      2. Enforce that SP_EL0 is used C runtime stacks.
      3. Ensures that the cold and warm boot paths use the 'cpu_context'
         structure to program an ERET into the next lower EL.
      4. Ensures that SP_EL3 always points to the next 'cpu_context'
         structure prior to an ERET into the next lower EL
      5. Introduces a PSCI SMC handler which completes the use of PSCI as a
         runtime service
      
      Change-Id: I661797f834c0803d2c674d20f504df1b04c2b852
      Co-authored-by: default avatarAchin Gupta <achin.gupta@arm.com>
      caa84939