1. 24 Feb, 2020 1 commit
    • Petre-Ionut Tudor's avatar
      Read-only xlat tables for BL31 memory · 60e8f3cf
      Petre-Ionut Tudor authored
      
      
      This patch introduces a build flag which allows the xlat tables
      to be mapped in a read-only region within BL31 memory. It makes it
      much harder for someone who has acquired the ability to write to
      arbitrary secure memory addresses to gain control of the
      translation tables.
      
      The memory attributes of the descriptors describing the tables
      themselves are changed to read-only secure data. This change
      happens at the end of BL31 runtime setup. Until this point, the
      tables have read-write permissions. This gives a window of
      opportunity for changes to be made to the tables with the MMU on
      (e.g. reclaiming init code). No changes can be made to the tables
      with the MMU turned on from this point onwards. This change is also
      enabled for sp_min and tspd.
      
      To make all this possible, the base table was moved to .rodata. The
      penalty we pay is that now .rodata must be aligned to the size of
      the base table (512B alignment). Still, this is better than putting
      the base table with the higher level tables in the xlat_table
      section, as that would cost us a full 4KB page.
      
      Changing the tables from read-write to read-only cannot be done with
      the MMU on, as the break-before-make sequence would invalidate the
      descriptor which resolves the level 3 page table where that very
      descriptor is located. This would make the translation required for
      writing the changes impossible, generating an MMU fault.
      
      The caches are also flushed.
      Signed-off-by: default avatarPetre-Ionut Tudor <petre-ionut.tudor@arm.com>
      Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
      60e8f3cf
  2. 20 Feb, 2020 1 commit
    • Varun Wadekar's avatar
      cpus: higher performance non-cacheable load forwarding · cd0ea184
      Varun Wadekar authored
      
      
      The CPUACTLR_EL1 register on Cortex-A57 CPUs supports a bit to enable
      non-cacheable streaming enhancement. Platforms can set this bit only
      if their memory system meets the requirement that cache line fill
      requests from the Cortex-A57 processor are atomic.
      
      This patch adds support to enable higher performance non-cacheable load
      forwarding for such platforms. Platforms must enable this support by
      setting the 'A57_ENABLE_NONCACHEABLE_LOAD_FWD' flag from their
      makefiles. This flag is disabled by default.
      
      Change-Id: Ib27e55dd68d11a50962c0bbc5b89072208b4bac5
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      cd0ea184
  3. 18 Feb, 2020 3 commits
  4. 07 Feb, 2020 6 commits
    • Louis Mayencourt's avatar
      fconf: Add mbedtls shared heap as property · 6c972317
      Louis Mayencourt authored
      
      
      Use the firmware configuration framework in arm dynamic configuration
      to retrieve mbedtls heap information between bl1 and bl2.
      
      For this, a new fconf getter is added to expose the device tree base
      address and size.
      
      Change-Id: Ifa5ac9366ae100e2cdd1f4c8e85fc591b170f4b6
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      6c972317
    • Louis Mayencourt's avatar
      fconf: Add TBBR disable_authentication property · ce852841
      Louis Mayencourt authored
      
      
      Use fconf to retrieve the `disable_authentication` property.
      Move this access from arm dynamic configuration to bl common.
      
      Change-Id: Ibf184a5c6245d04839222f5457cf5e651f252b86
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      ce852841
    • Louis Mayencourt's avatar
      fconf: Add dynamic config DTBs info as property · 25ac8794
      Louis Mayencourt authored
      
      
      This patch introduces a better separation between the trusted-boot
      related properties, and the dynamic configuration DTBs loading
      information.
      
      The dynamic configuration DTBs properties are moved to a new node:
      `dtb-registry`. All the sub-nodes present will be provided to the
      dynamic config framework to be loaded. The node currently only contains
      the already defined configuration DTBs, but can be extended for future
      features if necessary.
      The dynamic config framework is modified to use the abstraction provided
      by the fconf framework, instead of directly accessing the DTBs.
      
      The trusted-boot properties are kept under the "arm,tb_fw" compatible
      string, but in a separate `tb_fw-config` node.
      The `tb_fw-config` property of the `dtb-registry` node simply points
      to the load address of `fw_config`, as the `tb_fw-config` is currently
      part of the same DTB.
      
      Change-Id: Iceb6c4c2cb92b692b6e28dbdc9fb060f1c46de82
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      25ac8794
    • Louis Mayencourt's avatar
      fconf: Populate properties from dtb during bl2 setup · 9814bfc1
      Louis Mayencourt authored
      
      
      Use the dtb provided by bl1 as configuration file for fconf.
      
      Change-Id: I3f466ad9b7047e1a361d94e71ac6d693e31496d9
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      9814bfc1
    • Louis Mayencourt's avatar
      fconf: Load config dtb from bl1 · 3b5ea741
      Louis Mayencourt authored
      
      
      Move the loading of the dtb from arm_dym_cfg to fconf. The new loading
      function is not associated to arm platform anymore, and can be moved
      to bl_main if wanted.
      
      Change-Id: I847d07eaba36d31d9d3ed9eba8e58666ea1ba563
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      3b5ea741
    • Louis Mayencourt's avatar
      fconf: initial commit · ab1981db
      Louis Mayencourt authored
      
      
      Introduce the Firmware CONfiguration Framework (fconf).
      
      The fconf is an abstraction layer for platform specific data, allowing
      a "property" to be queried and a value retrieved without the requesting
      entity knowing what backing store is being used to hold the data.
      
      The default backing store used is C structure. If another backing store
      has to be used, the platform integrator needs to provide a "populate()"
      function to fill the corresponding C structure.
      The "populate()" function must be registered to the fconf framework with
      the "FCONF_REGISTER_POPULATOR()". This ensures that the function would
      be called inside the "fconf_populate()" function.
      
      A two level macro is used as getter:
      - the first macro takes 3 parameters and converts it to a function
        call: FCONF_GET_PROPERTY(a,b,c) -> a__b_getter(c).
      - the second level defines a__b_getter(c) to the matching C structure,
        variable, array, function, etc..
      
      Ex: Get a Chain of trust property:
          1) FCONF_GET_PROPERY(tbbr, cot, BL2_id) -> tbbr__cot_getter(BL2_id)
          2) tbbr__cot_getter(BL2_id) -> cot_desc_ptr[BL2_id]
      
      Change-Id: Id394001353ed295bc680c3f543af0cf8da549469
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      ab1981db
  5. 05 Feb, 2020 1 commit
  6. 04 Feb, 2020 2 commits
  7. 03 Feb, 2020 1 commit
  8. 29 Jan, 2020 1 commit
  9. 28 Jan, 2020 1 commit
  10. 27 Jan, 2020 3 commits
    • Madhukar Pappireddy's avatar
      Changes necessary to support SEPARATE_NOBITS_REGION feature · c367b75e
      Madhukar Pappireddy authored
      
      
      Since BL31 PROGBITS and BL31 NOBITS sections are going to be
      in non-adjacent memory regions, potentially far from each other,
      some fixes are needed to support it completely.
      
      1. adr instruction only allows computing the effective address
      of a location only within 1MB range of the PC. However, adrp
      instruction together with an add permits position independent
      address of any location with 4GB range of PC.
      
      2. Since BL31 _RW_END_ marks the end of BL31 image, care must be
      taken that it is aligned to page size since we map this memory
      region in BL31 using xlat_v2 lib utils which mandate alignment of
      image size to page granularity.
      
      Change-Id: I3451cc030d03cb2032db3cc088f0c0e2c84bffda
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      c367b75e
    • Raghu Krishnamurthy's avatar
      T589: Fix insufficient ordering guarantees in bakery lock · c0018913
      Raghu Krishnamurthy authored
      
      
      bakery_lock_get() uses DMB LD after lock acquisition and
      bakery_lock_release() uses DMB ST before releasing the lock. This is
      insufficient in both cases. With just DMB LD, stores in the critical
      section can be reordered before the DMB LD which could mean writes in
      the critical section completing before the lock has been acquired
      successfully. Similarly, with just DMB ST, a load in the critical section
      could be reordered after the the DMB ST. DMB is the least expensive
      barrier that can provide the required ordering.
      Signed-off-by: default avatarRaghu Krishnamurthy <raghu.ncstate@icloud.com>
      Change-Id: Ieb74cbf5b76b09e1789331b71f37f7c660221b0e
      c0018913
    • Manish Pandey's avatar
      Neovers N1: added support to update presence of External LLC · f2d6b4ee
      Manish Pandey authored
      
      
      CPUECTLR_EL1.EXTLLC bit indicates the presense of internal or external
      last level cache(LLC) in the system, the reset value is internal LLC.
      
      To cater for the platforms(like N1SDP) which has external LLC present
      introduce a new build option 'NEOVERSE_N1_EXTERNAL_LLC' which can be
      enabled by platform port.
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: Ibf475fcd6fd44401897a71600f4eafe989921363
      f2d6b4ee
  11. 23 Jan, 2020 2 commits
  12. 22 Jan, 2020 4 commits
  13. 20 Jan, 2020 1 commit
  14. 10 Jan, 2020 1 commit
    • Deepika Bhavnani's avatar
      Unify type of "cpu_idx" across PSCI module. · 5b33ad17
      Deepika Bhavnani authored
      
      
      NOTE for platform integrators:
         API `plat_psci_stat_get_residency()` third argument
         `last_cpu_idx` is changed from "signed int" to the
         "unsigned int" type.
      
      Issue / Trouble points
      1. cpu_idx is used as mix of `unsigned int` and `signed int` in code
      with typecasting at some places leading to coverity issues.
      
      2. Underlying platform API's return cpu_idx as `unsigned int`
      and comparison is performed with platform specific defines
      `PLAFORM_xxx` which is not consistent
      
      Misra Rule 10.4:
      The value of a complex expression of integer type may only be cast to
      a type that is narrower and of the same signedness as the underlying
      type of the expression.
      
      Based on above points, cpu_idx is kept as `unsigned int` to match
      the API's and low-level functions and platform defines are updated
      where ever required
      Signed-off-by: default avatarDeepika Bhavnani <deepika.bhavnani@arm.com>
      Change-Id: Ib26fd16e420c35527204b126b9b91e8babcc3a5c
      5b33ad17
  15. 02 Jan, 2020 1 commit
  16. 23 Dec, 2019 1 commit
  17. 20 Dec, 2019 1 commit
    • Paul Beesley's avatar
      spm: Remove SPM Alpha 1 prototype and support files · 538b0020
      Paul Beesley authored
      
      
      The Secure Partition Manager (SPM) prototype implementation is
      being removed. This is preparatory work for putting in place a
      dispatcher component that, in turn, enables partition managers
      at S-EL2 / S-EL1.
      
      This patch removes:
      
      - The core service files (std_svc/spm)
      - The Resource Descriptor headers (include/services)
      - SPRT protocol support and service definitions
      - SPCI protocol support and service definitions
      
      Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426
      Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      Signed-off-by: default avatarArtsem Artsemenka <artsem.artsemenka@arm.com>
      538b0020
  18. 18 Dec, 2019 2 commits
  19. 17 Dec, 2019 2 commits
  20. 11 Dec, 2019 1 commit
  21. 06 Dec, 2019 2 commits
  22. 26 Nov, 2019 1 commit
    • Pankaj Gupta's avatar
      adding support to enable different personality of the same soc. · ab4df50c
      Pankaj Gupta authored
      
      
      Same SoC has different personality by creating different number of:
      - cores
      - clusters.
      
      As a result, the platform specific power domain tree will be created
      after identify the personality of the SoC.
      Hence, platform specific power domain tree may not be same for all the
      personality of the soc.
      
      Thus, psci library code will deduce the 'plat_core_count', while
      populating the power domain tree topology and return the number of
      cores.
      
      PLATFORM_CORE_COUNT will still be valid for a SoC, such that
      psci_plat_core_count <= PLATFORM_CORE_COUNT.
      
      PLATFORM_CORE_COUNT will continued to be defined by platform to create
      the data structures.
      Signed-off-by: default avatarPankaj Gupta <pankaj.gupta@nxp.com>
      Change-Id: I1f5c47647631cae2dcdad540d64cf09757db7185
      ab4df50c
  23. 12 Nov, 2019 1 commit
    • Deepika Bhavnani's avatar
      Coding guideline suggest not to use unsigned long · 9afe8cdc
      Deepika Bhavnani authored
      
      
      `unsigned long` should be replaced to
      1. `unsigned int` or `unsigned long long` - If fixed,
      based on the architecture AArch32 or AArch64
      2. `u_register_t` - If it is supposed to be 32-bit
      wide in AArch32 and 64-bit wide in AArch64.
      
      Translation descriptors are always 32-bit wide, here
      `uint32_t` is used to describe the `exact size` of
      translation descriptors instead of `unsigned int` which
      guarantees minimum 32-bits
      Signed-off-by: default avatarDeepika Bhavnani <deepika.bhavnani@arm.com>
      Change-Id: I6a2af2e8b3c71170e2634044e0b887f07a41677e
      9afe8cdc