1. 14 Jun, 2017 2 commits
  2. 09 Jun, 2017 1 commit
  3. 07 Jun, 2017 2 commits
    • Haojian Zhuang's avatar
      stdlib: support AARCH32 in endian head file · e6a993d4
      Haojian Zhuang authored
      
      
      Add the support of AARCH32 in endian head file. The code is also
      imported from FreeBSD 11.0. It's based on commit in below.
      
      commit 4e3a5b429989b4ff621682ff1462f801237bd551
      Author: mmel <mmel@FreeBSD.org>
      Date:   Tue Nov 10 12:02:41 2015 +0000
      
          ARM: Remove trailing whitespace from sys/arm/include
          No functional changes.
      
          Approved by:    kib (mentor)
      Signed-off-by: default avatarHaojian Zhuang <haojian.zhuang@linaro.org>
      e6a993d4
    • Haojian Zhuang's avatar
      stdlib: import endian head file from freebsd · b15f31ac
      Haojian Zhuang authored
      Import endian head files from FreeBSD 11.0. The link of FreeBSD source code
      is https://github.com/freebsd/freebsd
      
      
      
      Import machine/endian.h from sys/arm64/include/endian.h in FreeBSD.
      commit d09ff72cef8e35dbf62f7363dcbf07b453f06243
      Author: andrew <andrew@FreeBSD.org>
      Date:   Mon Mar 23 11:54:56 2015 +0000
      
          Add the start of the arm64 machine headers. This is the subset needed to
          start getting userland libraries building.
      
          Reviewed by:        imp
          Sponsored by:       The FreeBSD Foundation
      
      Import sys/endian.h from sys/sys/endian.h in FreeBSD.
      commit 3c3fa2f5b0c7640373fcbcc3f667bf7794e8e609
      Author: phk <phk@FreeBSD.org>
      Date:   Thu May 20 06:16:13 2010 +0000
      
          Fix some way-past-brucification complaints from FlexeLint.
      Signed-off-by: default avatarHaojian Zhuang <haojian.zhuang@linaro.org>
      b15f31ac
  4. 05 Jun, 2017 3 commits
    • Soby Mathew's avatar
      Add SCMI support for Juno platform · 40111d44
      Soby Mathew authored
      
      
      This patch adds the memory map region for the SCMI payload memory
      and maps the Juno core indices to SCMI power domains via the
      `plat_css_core_pos_to_scmi_dmn_id_map` array.
      
      Change-Id: I0d2bb2a719ff5b6a9d8e22e91e1625ab14453665
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      40111d44
    • Soby Mathew's avatar
      CSS: Add SCMI driver for SCP · c04a3b6c
      Soby Mathew authored
      
      
      This patch adds the SCMI driver for communicating with SCP. The power
      domain management and system power management protocol of the SCMI
      specification[1] is implemented in the driver. The SCP power management
      abstraction layer for SCMI for CSS power management is also added.
      
      A new buid option `CSS_USE_SCMI_DRIVER` is introduced to select SCMI
      driver over SCPI.
      
      [1] ARM System Control and Management Interface v1.0 (SCMI)
      Document number: ARM DEN 0056A
      
      Change-Id: I67265615a17e679a2afe810b9b0043711ba09dbb
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      c04a3b6c
    • Soby Mathew's avatar
      Add support for RSASSAPSS algorithm in mbedtls crypto driver · 1001202d
      Soby Mathew authored
      
      
      This patch adds support for RSASSA-PSS Signature Algorithm for
      X509 certificates in mbedtls crypto driver. Now the driver supports
      RSA PKCS2_1 standard as mandated by TBBR.
      
      NOTE: With this patch, the PKCS1_5 standard compliant RSA signature
      is deprecated.
      
      Change-Id: I9cf6d073370b710cc36a7b374a55ec96c0496461
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      1001202d
  5. 01 Jun, 2017 2 commits
  6. 31 May, 2017 2 commits
  7. 24 May, 2017 4 commits
  8. 23 May, 2017 2 commits
    • Masahiro Yamada's avatar
      cert: move platform_oid.h to include/tools_share for all platforms · bb41eb7a
      Masahiro Yamada authored
      
      
      Platforms aligned with TBBR are supposed to use their own OIDs, but
      defining the same macros with different OIDs does not provide any
      value (at least technically).
      
      For easier use of TBBR, this commit allows platforms to reuse the OIDs
      obtained by ARM Ltd.  This will be useful for non-ARM vendors that
      do not need their own extension fields in their certificate files.
      
      The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h
      
      Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by
      defining USE_TBBR_DEFS as 1.  USE_TBBR_DEFS is 0 by default to keep the
      backward compatibility.
      
      For clarification, I inserted a blank line between headers from the
      include/ directory (#include <...>) and ones from a local directory
      (#include "..." ).
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      bb41eb7a
    • Masahiro Yamada's avatar
      fip: move headers shared between TF and fiptool to include/tools_share · 2a6c1a8f
      Masahiro Yamada authored
      
      
      Some header files need to be shared between TF and host programs.
      For fiptool, two headers are copied to the tools/fiptool directory,
      but it looks clumsy.
      
      This commit introduces a new directory, include/tools_share, which
      collects headers that should be shared between TF and host programs.
      
      This will clarify the interface exposed to host tools.  We should
      add new headers to this directory only when we really need to do so.
      
      For clarification, I inserted a blank line between headers from the
      include/ directory (#include <...>) and ones from a local directory
      (#include "..." ).
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      2a6c1a8f
  9. 16 May, 2017 1 commit
    • Antonio Nino Diaz's avatar
      Simplify assert() to reduce memory usage · 0da2fe7e
      Antonio Nino Diaz authored
      
      
      The behaviour of assert() now depends on the value of the new optional
      platform define `PLAT_LOG_LEVEL_ASSERT`. This defaults to `LOG_LEVEL` if
      not defined by the platform.
      
      - If `PLAT_LOG_LEVEL_ASSERT` >= `LOG_LEVEL_VERBOSE`, it prints the file
        name, line and asserted expression.
      - If `PLAT_LOG_LEVEL_ASSERT` >= `LOG_LEVEL_INFO`, it prints the file
        name and line.
      - If not, it doesn't print anything.
      
      Note the old behaviour was to print the function name whereas now it
      prints the file name. This reduces memory usage because the file name is
      shared between all assert calls in a given file. Also, the default
      behaviour in debug builds is to no longer print the asserted expression,
      greatly reducing the string usage.
      
      For FVP debug builds this change saves approximately:
      
                    No TBBR    TBBR
              BL1    1.6 KB   2.2 KB
              BL2    1.7 KB   2.1 KB
              BL31   2.6 KB   3.3 KB
      
      Change-Id: I2947569d593df0b25611dc3c7a6096f42155c115
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      0da2fe7e
  10. 15 May, 2017 2 commits
  11. 12 May, 2017 2 commits
    • David Cunado's avatar
      mbedtls: Namespace for TF specific macros · b1883510
      David Cunado authored
      
      
      An earlier patch (arm-trusted-firmware#874) migrated MBEDTLS_ suffixed
      macros to have a TBBR_ suffix to avoid any potential clash with future
      mbedtls macros.
      
      But on reflection the TBBR_ suffix could be confusing as the macros
      are used to drive TF-specific configuration of mbedtls. As such
      this patch migrates these macros from TBBR_suffix to TF_MBEDTLS_
      suffix which more accurately conveys their use.
      
      Change-Id: Ic87642b653ceeaa03d62f724976abd5e12e867d4
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      b1883510
    • Soby Mathew's avatar
      AArch32: Rework SMC context save and restore mechanism · b6285d64
      Soby Mathew authored
      
      
      The current SMC context data structure `smc_ctx_t` and related helpers are
      optimized for case when SMC call does not result in world switch. This was
      the case for SP_MIN and BL1 cold boot flow. But the firmware update usecase
      requires world switch as a result of SMC and the current SMC context helpers
      were not helping very much in this regard. Therefore this patch does the
      following changes to improve this:
      
      1. Add monitor stack pointer, `spmon` to `smc_ctx_t`
      
      The C Runtime stack pointer in monitor mode, `sp_mon` is added to the
      SMC context, and the `smc_ctx_t` pointer is cached in `sp_mon` prior
      to exit from Monitor mode. This makes is easier to retrieve the
      context when the next SMC call happens. As a result of this change,
      the SMC context helpers no longer depend on the stack to save and
      restore the register.
      
      This aligns it with the context save and restore mechanism in AArch64.
      
      2. Add SCR in `smc_ctx_t`
      
      Adding the SCR register to `smc_ctx_t` makes it easier to manage this
      register state when switching between non secure and secure world as a
      result of an SMC call.
      
      Change-Id: I5e12a7056107c1701b457b8f7363fdbf892230bf
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      b6285d64
  12. 09 May, 2017 1 commit
  13. 04 May, 2017 2 commits
    • David Cunado's avatar
      Migrate secure payload dispatchers to new SMC terminology · bbbbcdae
      David Cunado authored
      Since Issue B (November 2016) of the SMC Calling Convention document
      standard SMC calls are renamed to yielding SMC calls to help avoid
      confusion with the standard service SMC range, which remains unchanged.
      
      http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pd
      
      
      
      A previous patch introduced a new define for yielding SMC call type.
      This patch updates the secure payload dispatchers (except the TSPD) to
      use this new define and also migrates the code to use the new
      terminology.
      
      Change-Id: I3d2437c04e3b21fdbd32019f55c066c87679a5bf
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      bbbbcdae
    • Jeenu Viswambharan's avatar
      Introduce ARM SiP service to switch execution state · b10d4499
      Jeenu Viswambharan authored
      
      
      In AArch64, privileged exception levels control the execution state
      (a.k.a. register width) of the immediate lower Exception Level; i.e.
      whether the lower exception level executes in AArch64 or AArch32 state.
      For an exception level to have its execution state changed at run time,
      it must request the change by raising a synchronous exception to the
      higher exception level.
      
      This patch implements and adds such a provision to the ARM SiP service,
      by which an immediate lower exception level can request to switch its
      execution state. The execution state is switched if the request is:
      
        - raised from non-secure world;
      
        - raised on the primary CPU, before any secondaries are brought online
          with CPU_ON PSCI call;
      
        - raised from an exception level immediately below EL3: EL2, if
          implemented; otherwise NS EL1.
      
      If successful, the SMC doesn't return to the caller, but to the entry
      point supplied with the call. Otherwise, the caller will observe the SMC
      returning with STATE_SW_E_DENIED code. If ARM Trusted Firmware is built
      for AArch32, the feature is not supported, and the call will always
      fail.
      
      For the ARM SiP service:
      
        - Add SMC function IDs for both AArch32 and AArch64;
        - Increment the SiP service minor version to 2;
        - Adjust the number of supported SiP service calls.
      
      Add documentation for ARM SiP service.
      
      Fixes ARM-software/tf-issues#436
      
      Change-Id: I4347f2d6232e69fbfbe333b340fcd0caed0a4cea
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      b10d4499
  14. 03 May, 2017 1 commit
  15. 02 May, 2017 2 commits
    • Jeenu Viswambharan's avatar
      Add macro to check whether the CPU implements an EL · f4c8aa90
      Jeenu Viswambharan authored
      
      
      Replace all instances of checks with the new macro.
      
      Change-Id: I0eec39b9376475a1a9707a3115de9d36f88f8a2a
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      f4c8aa90
    • Antonio Nino Diaz's avatar
      Fix execute-never permissions in xlat tables libs · a5640252
      Antonio Nino Diaz authored
      
      
      Translation regimes that only support one virtual address space (such as
      the ones for EL2 and EL3) can flag memory regions as execute-never by
      setting to 1 the XN bit in the Upper Attributes field in the translation
      tables descriptors. Translation regimes that support two different
      virtual address spaces (such as the one shared by EL1 and EL0) use bits
      PXN and UXN instead.
      
      The Trusted Firmware runs at EL3 and EL1, it has to handle translation
      tables of both translation regimes, but the previous code handled both
      regimes the same way, as if both had only 1 VA range.
      
      When trying to set a descriptor as execute-never it would set the XN
      bit correctly in EL3, but it would set the XN bit in EL1 as well. XN is
      at the same bit position as UXN, which means that EL0 was being
      prevented from executing code at this region, not EL1 as the code
      intended. Therefore, the PXN bit was unset to 0 all the time. The result
      is that, in AArch64 mode, read-only data sections of BL2 weren't
      protected from being executed.
      
      This patch adds support of translation regimes with two virtual address
      spaces to both versions of the translation tables library, fixing the
      execute-never permissions for translation tables in EL1.
      
      The library currently does not support initializing translation tables
      for EL0 software, therefore it does not set/unset the UXN bit. If EL1
      software needs to initialize translation tables for EL0 software, it
      should use a different library instead.
      
      Change-Id: If27588f9820ff42988851d90dc92801c8ecbe0c9
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      a5640252
  16. 29 Apr, 2017 1 commit
    • Scott Branden's avatar
      Move defines in utils.h to utils_def.h to fix shared header compile issues · 53d9c9c8
      Scott Branden authored
      
      
      utils.h is included in various header files for the defines in it.
      Some of the other header files only contain defines.  This allows the
      header files to be shared between host and target builds for shared defines.
      
      Recently types.h has been included in utils.h as well as some function
      prototypes.
      
      Because of the inclusion of types.h conflicts exist building host tools
      abd these header files now.  To solve this problem,
      move the defines to utils_def.h and have this included by utils.h and
      change header files to only include utils_def.h and not pick up the new
      types.h being introduced.
      
      Fixes ARM-software/tf-issues#461
      Signed-off-by: default avatarScott Branden <scott.branden@broadcom.com>
      
      Remove utils_def.h from utils.h
      
      This patch removes utils_def.h from utils.h as it is not required.
      And also makes a minor change to ensure Juno platform compiles.
      
      Change-Id: I10cf1fb51e44a8fa6dcec02980354eb9ecc9fa29
      53d9c9c8
  17. 26 Apr, 2017 1 commit
  18. 24 Apr, 2017 1 commit
    • Soby Mathew's avatar
      CSS: Allow system suspend only via PSCI SYSTEM_SUSPEND API · abd2aba9
      Soby Mathew authored
      
      
      The CSS power management layer previously allowed to suspend system
      power domain level via both PSCI CPU_SUSPEND and PSCI SYSTEM_SUSPEND
      APIs. System suspend via PSCI CPU_SUSPEND was always problematic to
      support because of issues with targeting wakeup interrupts to
      suspended cores before the per-cpu GIC initialization is done. This
      is not the case for PSCI SYSTEM_SUSPEND API because all the other
      cores are expected to be offlined prior to issuing system suspend and
      PSCI CPU_ON explicit calls will be made to power them on. Hence the Juno
      platform used to downgrade the PSCI CPU_SUSPEND request for system
      power domain level to cluster level by overriding the default
      `plat_psci_pm_ops` exported by CSS layer.
      
      Given the direction the new CSS platforms are evolving, it is best to
      limit the system suspend only via PSCI SYSTEM_SUSPEND API for all
      CSS platforms. This patch makes changes to allow system suspend
      only via PSCI SYSTEM_SUSPEND API. The override of `plat_psci_ops`
      for Juno is removed.
      
      Change-Id: Idb30eaad04890dd46074e9e888caeedc50a4b533
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      abd2aba9
  19. 20 Apr, 2017 7 commits
    • Yatharth Kochar's avatar
      AArch32: Add SP_MIN support for JUNO · 6f249345
      Yatharth Kochar authored
      
      
      This patch adds support for SP_MIN on JUNO platform.
      The changes include addition of AArch32 assembly files,
      JUNO specific SP_MIN make file and miscellaneous changes
      in ARM platform files to enable support for SP_MIN.
      
      Change-Id: Id1303f422fc9b98b9362c757b1a4225a16fffc0b
      Signed-off-by: default avatarYatharth Kochar <yatharth.kochar@arm.com>
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      6f249345
    • Yatharth Kochar's avatar
      Changes to support execution in AArch32 state for JUNO · 07570d59
      Yatharth Kochar authored
      
      
      Following steps are required to boot JUNO in AArch32 state:
      1> BL1, in AArch64 state, loads BL2.
      2> BL2, in AArch64 state, initializes DDR.
        Loads SP_MIN & BL33 (AArch32 executable)images.
        Calls RUN_IMAGE SMC to go back to BL1.
      3> BL1 writes AArch32 executable opcodes, to load and branch
        at the entrypoint address of SP_MIN, at HI-VECTOR address and
        then request for warm reset in AArch32 state using RMR_EL3.
      
      This patch makes following changes to facilitate above steps:
      * Added assembly function to carry out step 3 above.
      * Added region in TZC that enables Secure access to the
        HI-VECTOR(0xFFFF0000) address space.
      * AArch32 image descriptor is used, in BL2, to load
        SP_MIN and BL33 AArch32 executable images.
      
      A new flag `JUNO_AARCH32_EL3_RUNTIME` is introduced that
      controls above changes. By default this flag is disabled.
      
      NOTE: BL1 and BL2 are not supported in AArch32 state for JUNO.
      
      Change-Id: I091d56a0e6d36663e6d9d2bb53c92c672195d1ec
      Signed-off-by: default avatarYatharth Kochar <yatharth.kochar@arm.com>
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      07570d59
    • Yatharth Kochar's avatar
      AArch32: Add support for ARM Cortex-A53/57/72 MPCore Processor · dc787588
      Yatharth Kochar authored
      
      
      This patch adds AArch32 state support for ARM Cortex-A53,
      Cortex-A57 and Cortex-A72 MPCore Processor in the CPU specific
      operations framework.
      
      NOTE: CPU errata handling code is not present in this patch.
      
      Change-Id: I01eb3e028e40dde37565707ebc99e06e7a0c113d
      Signed-off-by: default avatarYatharth Kochar <yatharth.kochar@arm.com>
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      dc787588
    • Sandrine Bailleux's avatar
      xlat lib: Use mmap_attr_t type consistently · 28fa2e9e
      Sandrine Bailleux authored
      
      
      This patch modifies both versions of the translation table library
      to use the mmap_attr_t type consistently wherever it is manipulating
      MT_* attributes variables. It used to use mmap_attr_t or plain integer
      types interchangeably, which compiles fine because an enumeration type
      can be silently converted to an integer, but which is semantically
      incorrect.
      
      This patch removes this assumption by using the abstract type
      'mmap_attr_t' all the time.
      
      Change-Id: Id1f099025d2cb962b275bb7e39ad2c4dbb4e366c
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      28fa2e9e
    • Antonio Nino Diaz's avatar
      Control inclusion of helper code used for asserts · aa61368e
      Antonio Nino Diaz authored
      
      
      Many asserts depend on code that is conditionally compiled based on the
      DEBUG define. This patch modifies the conditional inclusion of such code
      so that it is based on the ENABLE_ASSERTIONS build option.
      
      Change-Id: I6406674788aa7e1ad7c23d86ce94482ad3c382bd
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      aa61368e
    • Antonio Nino Diaz's avatar
      Remove build option `ASM_ASSERTION` · 044bb2fa
      Antonio Nino Diaz authored
      
      
      The build option `ENABLE_ASSERTIONS` should be used instead. That way
      both C and ASM assertions can be enabled or disabled together.
      
      All occurrences of `ASM_ASSERTION` in common code and ARM platforms have
      been replaced by `ENABLE_ASSERTIONS`.
      
      ASM_ASSERTION has been removed from the user guide.
      
      Change-Id: I51f1991f11b9b7ff83e787c9a3270c274748ec6f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      044bb2fa
    • Antonio Nino Diaz's avatar
      tspd:FWU:Fix usage of SMC_RET0 · 7a317a70
      Antonio Nino Diaz authored
      
      
      SMC_RET0 should only be used when the SMC code works as a function that
      returns void. If the code of the SMC uses SMC_RET1 to return a value to
      signify success and doesn't return anything in case of an error (or the
      other way around) SMC_RET1 should always be used to return clearly
      identifiable values.
      
      This patch fixes two cases in which the code used SMC_RET0 instead of
      SMC_RET1.
      
      It also introduces the define SMC_OK to use when an SMC must return a
      value to tell that it succeeded, the same way as SMC_UNK is used in case
      of failure.
      
      Change-Id: Ie4278b51559e4262aced13bbde4e844023270582
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      7a317a70
  20. 19 Apr, 2017 1 commit