1. 23 May, 2014 1 commit
    • Soby Mathew's avatar
      Non-Secure Interrupt support during Standard SMC processing in TSP · 239b04fa
      Soby Mathew authored
      Implements support for Non Secure Interrupts preempting the
      Standard SMC call in EL1. Whenever an IRQ is trapped in the
      Secure world we securely handover to the Normal world
      to process the interrupt. The normal world then issues
      "resume" smc call to resume the previous interrupted SMC call.
      Fixes ARM-software/tf-issues#105
      
      Change-Id: I72b760617dee27438754cdfc9fe9bcf4cc024858
      239b04fa
  2. 22 May, 2014 7 commits
    • Achin Gupta's avatar
      Enable secure timer to generate S-EL1 interrupts · a20a81e5
      Achin Gupta authored
      This patch enables secure physical timer during TSP initialisation and
      maintains it across power management operations so that a timer
      interrupt is generated every half second.
      
      Fixes ARM-software/tf-issues#104
      Fixes ARM-software/tf-issues#134
      
      Change-Id: I66c6cfd24bd5e6035ba75ebf0f047e568770a369
      a20a81e5
    • Achin Gupta's avatar
      Add support for asynchronous FIQ handling in TSP · 57356e90
      Achin Gupta authored
      This patch adds support in the TSP to handle FIQ interrupts that are
      generated when execution is in the TSP. S-EL1 interrupt are handled
      normally and execution resumes at the instruction where the exception
      was originally taken. S-EL3 interrupts i.e. any interrupt not
      recognized by the TSP are handed to the TSPD. Execution resumes
      normally once such an interrupt has been handled at EL3.
      
      Change-Id: Ia3ada9a4fb15670afcc12538a6456f21efe58a8f
      57356e90
    • Achin Gupta's avatar
      Add support for synchronous FIQ handling in TSP · 6cf89021
      Achin Gupta authored
      This patch adds support in the TSP for handling S-EL1 interrupts
      handed over by the TSPD. It includes GIC support in its platform port,
      updates various statistics related to FIQ handling, exports an entry
      point that the TSPD can use to hand over interrupts and defines the
      handover protocol w.r.t what context is the TSP expected to preserve
      and the state in which the entry point is invoked by the TSPD.
      
      Change-Id: I93b22e5a8133400e4da366f5fc862f871038df39
      6cf89021
    • Achin Gupta's avatar
      Use secure timer to generate S-EL1 interrupts · fa9c08b7
      Achin Gupta authored
      This patch adds support in the TSP to program the secure physical
      generic timer to generate a EL-1 interrupt every half second. It also
      adds support for maintaining the timer state across power management
      operations. The TSPD ensures that S-EL1 can access the timer by
      programming the SCR_EL3.ST bit.
      
      This patch does not actually enable the timer. This will be done in a
      subsequent patch once the complete framework for handling S-EL1
      interrupts is in place.
      
      Change-Id: I1b3985cfb50262f60824be3a51c6314ce90571bc
      fa9c08b7
    • Sandrine Bailleux's avatar
      fvp: Move TSP from Secure DRAM to Secure SRAM · 53514b29
      Sandrine Bailleux authored
      The TSP used to execute from secure DRAM on the FVPs because there was
      not enough space in Trusted SRAM to fit it in. Thanks to recent RAM
      usage enhancements being implemented, we have made enough savings for
      the TSP to execute in SRAM.
      
      However, there is no contiguous free chunk of SRAM big enough to hold
      the TSP. Therefore, the different bootloader images need to be moved
      around to reduce memory fragmentation. This patch keeps the overall
      memory layout (i.e. keeping BL1 R/W at the bottom, BL2 at the top and
      BL3-1 in between) but moves the base addresses of all the bootloader
      images in such a way that:
       - memory fragmentation is reduced enough to fit BL3-2 in;
       - new base addresses are suitable for release builds as well as debug
         ones;
       - each image has a few extra kilobytes for future growth.
         BL3-1 and BL3-2 are the images which received the biggest slice
         of the cake since they will most probably grow the most.
      
      A few useful numbers for reference (valid at the time of this patch):
              |-----------------------|-------------------------------
              |  image size (debug)   |  extra space for the future
      --------|-----------------------|-------------------------------
      BL1 R/W |         20 KB         |            4 KB
      BL2     |         44 KB         |            4 KB
      BL3-1   |        108 KB         |           12 KB
      BL3-2   |         56 KB         |            8 KB
      --------|-----------------------|-------------------------------
      Total   |        228 KB         |           28 KB       = 256 KB
      --------|-----------------------|-------------------------------
      
      Although on FVPs the TSP now executes from Trusted SRAM by default,
      this patch keeps the option to execute it from Trusted DRAM. This is
      controlled by the build configuration 'TSP_RAM_LOCATION'.
      
      Fixes ARM-Software/tf-issues#81
      
      Change-Id: Ifb9ef2befa9a2d5ac0813f7f79834df7af992b94
      53514b29
    • Sandrine Bailleux's avatar
      TSP: Let the platform decide which secure memory to use · 2467f70f
      Sandrine Bailleux authored
      The TSP's linker script used to assume that the TSP would
      execute from secure DRAM. Although it is currently the case
      on FVPs, platforms are free to use any secure memory they wish.
      
      This patch introduces the flexibility to load the TSP into any
      secure memory. The platform code gets to specify the extents of
      this memory in the platform header file, as well as the BL3-2 image
      limit address. The latter definition allows to check in a generic way
      that the BL3-2 image fits in its bounds.
      
      Change-Id: I9450f2d8b32d74bd00b6ce57a0a1542716ab449c
      2467f70f
    • Vikram Kanigiri's avatar
      Rework memory information passing to BL3-x images · 6871c5d3
      Vikram Kanigiri authored
      The issues addressed in this patch are:
      
      1. Remove meminfo_t from the common interfaces in BL3-x,
      expecting that platform code will find a suitable mechanism
      to determine the memory extents in these images and provide
      it to the BL3-x images.
      
      2. Remove meminfo_t and bl31_plat_params_t from all FVP BL3-x
      code as the images use link-time information to determine
      memory extents.
      
      meminfo_t is still used by common interface in BL1/BL2 for
      loading images
      
      Change-Id: I4e825ebf6f515b59d84dc2bdddf6edbf15e2d60f
      6871c5d3
  3. 13 May, 2014 1 commit
    • Sandrine Bailleux's avatar
      fvp: Use the right implem. of plat_report_exception() in BL3-2 · db8989d5
      Sandrine Bailleux authored
      On FVP, the file 'plat/fvp/aarch64/plat_helpers.S' contains an
      FVP-specific implementation of the function 'plat_report_exception()',
      which is meant to override the default implementation. However, this
      file was not included into the BL3-2 image, meaning it was still
      using the default implementation. This patch fixes the FVP makefile
      to compile this file in.
      
      Change-Id: I3d44b9ec3a9de7e2762e0887d3599b185d3e28d2
      db8989d5
  4. 09 May, 2014 1 commit
    • Sandrine Bailleux's avatar
      fvp: Provide per-EL MMU setup functions · b793e431
      Sandrine Bailleux authored
      Instead of having a single version of the MMU setup functions for all
      bootloader images that can execute either in EL3 or in EL1, provide
      separate functions for EL1 and EL3. Each bootloader image can then
      call the appropriate version of these functions. The aim is to reduce
      the amount of code compiled in each BL image by embedding only what's
      needed (e.g. BL1 to embed only EL3 variants).
      
      Change-Id: Ib86831d5450cf778ae78c9c1f7553fe91274c2fa
      b793e431
  5. 06 May, 2014 4 commits
    • Dan Handley's avatar
      Reduce deep nesting of header files · 97043ac9
      Dan Handley authored
      Reduce the number of header files included from other header
      files as much as possible without splitting the files. Use forward
      declarations where possible. This allows removal of some unnecessary
      "#ifndef __ASSEMBLY__" statements.
      
      Also, review the .c and .S files for which header files really need
      including and reorder the #include statements alphabetically.
      
      Fixes ARM-software/tf-issues#31
      
      Change-Id: Iec92fb976334c77453e010b60bcf56f3be72bd3e
      97043ac9
    • Dan Handley's avatar
      Always use named structs in header files · fb037bfb
      Dan Handley authored
      Add tag names to all unnamed structs in header files. This
      allows forward declaration of structs, which is necessary to
      reduce header file nesting (to be implemented in a subsequent
      commit).
      
      Also change the typedef names across the codebase to use the _t
      suffix to be more conformant with the Linux coding style. The
      coding style actually prefers us not to use typedefs at all but
      this is considered a step too far for Trusted Firmware.
      
      Also change the IO framework structs defintions to use typedef'd
      structs to be consistent with the rest of the codebase.
      
      Change-Id: I722b2c86fc0d92e4da3b15e5cab20373dd26786f
      fb037bfb
    • Dan Handley's avatar
      Remove vpath usage in makefiles · bee82417
      Dan Handley authored
      Remove all usage of the vpath keyword in makefiles as it was prone
      to mistakes. Specify the relative paths to source files instead.
      
      Also reorder source files in makefiles alphabetically.
      
      Fixes ARM-software/tf-issues#121
      
      Change-Id: Id15f60655444bae60e0e2165259efac71a50928b
      bee82417
    • Dan Handley's avatar
      Move include and source files to logical locations · 4ecca339
      Dan Handley authored
      Move almost all system include files to a logical sub-directory
      under ./include. The only remaining system include directories
      not under ./include are specific to the platform. Move the
      corresponding source files to match the include directory
      structure.
      
      Also remove pm.h as it is no longer used.
      
      Change-Id: Ie5ea6368ec5fad459f3e8a802ad129135527f0b3
      4ecca339
  6. 15 Apr, 2014 1 commit
    • Andrew Thoelke's avatar
      Allocate single stacks for BL1 and BL2 · 2bf28e62
      Andrew Thoelke authored
      The BL images share common stack management code which provides
      one coherent and one cacheable stack for every CPU. BL1 and BL2
      just execute on the primary CPU during boot and do not require
      the additional CPU stacks. This patch provides separate stack
      support code for UP and MP images, substantially reducing the
      RAM usage for BL1 and BL2 for the FVP platform.
      
      This patch also provides macros for declaring stacks and
      calculating stack base addresses to improve consistency where
      this has to be done in the firmware.
      
      The stack allocation source files are now included via
      platform.mk rather than the common BLx makefiles. This allows
      each platform to select the appropriate MP/UP stack support
      for each BL image.
      
      Each platform makefile must be updated when including this
      commit.
      
      Fixes ARM-software/tf-issues#76
      
      Change-Id: Ia251f61b8148ffa73eae3f3711f57b1ffebfa632
      2bf28e62
  7. 26 Mar, 2014 3 commits
    • Andrew Thoelke's avatar
      Place assembler functions in separate sections · 0a30cf54
      Andrew Thoelke authored
      This extends the --gc-sections behaviour to the many assembler
      support functions in the firmware images by placing each function
      into its own code section. This is achieved by creating a 'func'
      macro used to declare each function label.
      
      Fixes ARM-software/tf-issues#80
      
      Change-Id: I301937b630add292d2dec6d2561a7fcfa6fec690
      0a30cf54
    • Andrew Thoelke's avatar
      Use --gc-sections during link · dccc537a
      Andrew Thoelke authored
      All common functions are being built into all binary images,
      whether or not they are actually used. This change enables the
      use of -ffunction-sections, -fdata-sections and --gc-sections
      in the compiler and linker to remove unused code and data from
      the images.
      
      Change-Id: Ia9f78c01054ac4fa15d145af38b88a0d6fb7d409
      dccc537a
    • Sandrine Bailleux's avatar
      Separate out BL2, BL3-1 and BL3-2 early exception vectors from BL1 · 6c595b3d
      Sandrine Bailleux authored
      bl1/aarch64/early_exceptions.S used to be re-used by BL2, BL3-1 and
      BL3-2.  There was some early SMC handling code in there that was not
      required by the other bootloader stages.  Therefore this patch
      introduces an even simpler exception vector source file for BL2,
      BL3-1 and BL3-2.
      
      Fixes ARM-software/tf-issues#38
      
      Change-Id: I0244b80e9930b0f8035156a0bf91cc3e9a8f995d
      6c595b3d
  8. 21 Mar, 2014 1 commit
    • Sandrine Bailleux's avatar
      TSP: Make the platform-specific makefile mandatory · d1466a2e
      Sandrine Bailleux authored
      The Test Secure-EL1 Payload implementation should always have a
      platform-specific component.  Therefore, there should always
      be a platform-specific sub-makefile for the TSP.  If there is
      none then assume TSP is not supported on this specific platform
      and throw an error at build time if the user tries to compile it.
      
      Change-Id: Ibfbe6e4861cc7786a29f2fc0341035b852925193
      d1466a2e
  9. 20 Mar, 2014 1 commit
    • Jeenu Viswambharan's avatar
      Specify image entry in linker script · 9f98aa1a
      Jeenu Viswambharan authored
      At present, the entry point for each BL image is specified via the
      Makefiles and provided on the command line to the linker. When using a
      link script the entry point should rather be specified via the ENTRY()
      directive in the link script.
      
      This patch updates linker scripts of all BL images to specify the entry
      point using the ENTRY() directive. It also removes the --entry flag
      passed to the linker through Makefile.
      
      Fixes issue ARM-software/tf-issues#66
      
      Change-Id: I1369493ebbacea31885b51185441f6b628cf8da0
      9f98aa1a
  10. 05 Mar, 2014 3 commits
    • Jon Medhurst's avatar
      Generate build time and date message at link time. · fb052462
      Jon Medhurst authored
      
      
      So it updates each time a bootloader changes, not just when bl*_main.c
      files are recompiled.
      
      Fixes ARM-software/tf-issues#33
      
      Change-Id: Ie8e1a7bd7e1913d2e96ac268606284f76af8c5ab
      Signed-off-by: default avatarJon Medhurst <tixy@linaro.org>
      fb052462
    • Jon Medhurst's avatar
      fvp: Make use of the generic MMU translation table setup code · 38aa76a8
      Jon Medhurst authored
      
      
      Change-Id: I559c5a4d86cad55ce3f6ad71285b538d3cfd76dc
      Signed-off-by: default avatarJon Medhurst <tixy@linaro.org>
      38aa76a8
    • Jon Medhurst's avatar
      Update Makefiles to get proper dependency checking working. · 6d55d109
      Jon Medhurst authored
      
      
      This change requires all platforms to now specify a list of source files
      rather than object files.
      
      New source files should preferably be specified by using the path as
      well and we should add this in the future for all files so we can remove
      use of vpath. This is desirable because vpath hides issues like the fact
      that BL2 currently pulls in a BL1 file bl1/aarch64/early_exceptions.S
      and if in the future we added bl2/aarch64/early_exceptions.S then it's
      likely only one of the two version would be used for both bootloaders.
      
      This change also removes the 'dump' build target and simply gets
      bootloaders to always generate a dump file. At the same time the -x
      option is added so the section headers and symbols table are listed.
      
      Fixes ARM-software/tf-issues#11
      
      Change-Id: Ie38f7be76fed95756c8576cf3f3ea3b7015a18dc
      Signed-off-by: default avatarJon Medhurst <tixy@linaro.org>
      6d55d109
  11. 20 Feb, 2014 4 commits
    • Achin Gupta's avatar
      Rework arithmetic operations in Test Secure Payload · 916a2c1e
      Achin Gupta authored
      
      
      This patch reworks the service provided by the TSP to perform common
      arithmetic operations on a set of arguments provided by the non-secure
      world. For a addition, division, subtraction & multiplication operation
      requested on two arguments in x0 and x1 the steps are:
      
      1. TSPD saves the non-secure context and passes the operation and its
         arguments to the TSP.
      
      2. TSP asks the TSPD to return the same arguments once again. This
         exercises an additional SMC path.
      
      3. TSP now has two copies of both x0 and x1. It performs the operation
         on the corresponding copies i.e. in case of addition it returns x0+x0
         and x1+x1.
      
      4. TSPD receives the result, saves the secure context, restores the
         non-secure context and passes the result back to the non-secure
         client.
      
      Change-Id: I6eebfa2ae0a6f28b1d2e11a31f575c7a4b96724b
      Co-authored-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      916a2c1e
    • Achin Gupta's avatar
      Add power management support in the SPD · 607084ee
      Achin Gupta authored
      This patch implements a set of handlers in the SPD which are called by
      the PSCI runtime service upon receiving a power management
      operation. These handlers in turn pass control to the Secure Payload
      image if required before returning control to PSCI. This ensures that
      the Secure Payload has complete visibility of all power transitions in
      the system and can prepare accordingly.
      
      Change-Id: I2d1dba5629b7cf2d53999d39fe807dfcf3f62fe2
      607084ee
    • Achin Gupta's avatar
      Add Test Secure Payload Dispatcher (TSPD) service · 375f538a
      Achin Gupta authored
      
      
      This patch adds the TSPD service which is responsible for managing
      communication between the non-secure state and the Test Secure Payload
      (TSP) executing in S-EL1.
      
      The TSPD does the following:
      
      1. Determines the location of the TSP (BL3-2) image and passes control
         to it for initialization. This is done by exporting the 'bl32_init()'
         function.
      
      2. Receives a structure containing the various entry points into the TSP
         image as a response to being initialized. The TSPD uses this
         information to determine how the TSP should be entered depending on
         the type of operation.
      
      3. Implements a synchronous mechanism for entering into and returning
         from the TSP image. This mechanism saves the current C runtime
         context on top of the current stack and jumps to the TSP through an
         ERET instruction. The TSP issues an SMC to indicate completion of the
         previous request. The TSPD restores the saved C runtime context and
         resumes TSP execution.
      
      This patch also introduces a Make variable 'SPD' to choose the specific
      SPD to include in the build. By default, no SPDs are included in the
      build.
      
      Change-Id: I124da5695cdc510999b859a1bf007f4d049e04f3
      Co-authored-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      375f538a
    • Achin Gupta's avatar
      Add Test Secure Payload (BL3-2) image · 7c88f3f6
      Achin Gupta authored
      
      
      This patch adds a simple TSP as the BL3-2 image. The secure payload
      executes in S-EL1. It paves the way for the addition of the TSP
      dispatcher runtime service to BL3-1. The TSP and the dispatcher service
      will serve as an example of the runtime firmware's ability to toggle
      execution between the non-secure and secure states in response to SMC
      request from the non-secure state.  The TSP will be replaced by a
      Trusted OS in a real system.
      
      The TSP also exports a set of handlers which should be called in
      response to a PSCI power management event e.g a cpu being suspended or
      turned off. For now it runs out of Secure DRAM on the ARM FVP port and
      will be moved to Secure SRAM later. The default translation table setup
      code assumes that the caller is executing out of secure SRAM. Hence the
      TSP exports its own translation table setup function.
      
      The TSP only services Fast SMCs, is non-reentrant and non-interruptible.
      It does arithmetic operations on two sets of four operands, one set
      supplied by the non-secure client, and the other supplied by the TSP
      dispatcher in EL3. It returns the result according to the Secure Monitor
      Calling convention standard.
      
      This TSP has two functional entry points:
      
      - An initial, one-time entry point through which the TSP is initialized
        and prepares for receiving further requests from secure
        monitor/dispatcher
      
      - A fast SMC service entry point through which the TSP dispatcher
        requests secure services on behalf of the non-secure client
      
      Change-Id: I24377df53399307e2560a025eb2c82ce98ab3931
      Co-authored-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      7c88f3f6