- 27 Feb, 2019 1 commit
-
-
Antonio Nino Diaz authored
The size increase after enabling options related to ARMv8.3-PAuth is: +----------------------------+-------+-------+-------+--------+ | | text | bss | data | rodata | +----------------------------+-------+-------+-------+--------+ | CTX_INCLUDE_PAUTH_REGS = 1 | +40 | +0 | +0 | +0 | | | 0.4% | | | | +----------------------------+-------+-------+-------+--------+ | ENABLE_PAUTH = 1 | +352 | +0 | +16 | +0 | | | 3.1% | | 15.8% | | +----------------------------+-------+-------+-------+--------+ Results calculated with the following build configuration: make PLAT=fvp SPD=tspd DEBUG=1 \ SDEI_SUPPORT=1 \ EL3_EXCEPTION_HANDLING=1 \ TSP_NS_INTR_ASYNC_PREEMPT=1 \ CTX_INCLUDE_PAUTH_REGS=1 \ ENABLE_PAUTH=1 Change-Id: I6cc1fe0b2345c547dcef66f98758c4eb55fe5ee4 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 31 Jan, 2019 1 commit
-
-
Mihir Joshi authored
This patch adds support to handle following TLK SMCs: {TLK_SS_REGISTER_HANDLER, TLK_REGISTER_NS_DRAM_RANGES, TLK_SET_ROOT_OF_TRUST} These SMCs need to be supported in ATF in order to forward them to TLK. Otherwise, these functionalities won't work. Brief: TLK_SS_REGISTER_HANDLER: This SMC is issued by TLK Linux Driver to set up secure storage buffers. TLK_REGISTER_NS_DRAM_RANGES: Cboot performs this SMC during boot to pass NS memory ranges to TLK. TLK_SET_ROOT_OF_TRUST: Cboot performs this SMC during boot to pass Verified Boot parameters to TLK. Change-Id: I18af35f6dd6f510dfc22c1d1d1d07f643c7b82bc Reviewed-on: https://git-master.nvidia.com/r/1643851 Signed-off-by: Mihir Joshi <mihirj@nvidia.com>
-
- 04 Jan, 2019 1 commit
-
-
Antonio Nino Diaz authored
Enforce full include path for includes. Deprecate old paths. The following folders inside include/lib have been left unchanged: - include/lib/cpus/${ARCH} - include/lib/el3_runtime/${ARCH} The reason for this change is that having a global namespace for includes isn't a good idea. It defeats one of the advantages of having folders and it introduces problems that are sometimes subtle (because you may not know the header you are actually including if there are two of them). For example, this patch had to be created because two headers were called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform to avoid collision."). More recently, this patch has had similar problems: 46f9b2c3 ("drivers: add tzc380 support"). This problem was introduced in commit 4ecca339 ("Move include and source files to logical locations"). At that time, there weren't too many headers so it wasn't a real issue. However, time has shown that this creates problems. Platforms that want to preserve the way they include headers may add the removed paths to PLAT_INCLUDES, but this is discouraged. Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 08 Nov, 2018 1 commit
-
-
Antonio Nino Diaz authored
All identifiers, regardless of use, that start with two underscores are reserved. This means they can't be used in header guards. The style that this project is now to use the full name of the file in capital letters followed by 'H'. For example, for a file called "uart_example.h", the header guard is UART_EXAMPLE_H. The exceptions are files that are imported from other projects: - CryptoCell driver - dt-bindings folders - zlib headers Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 28 Sep, 2018 1 commit
-
-
Antonio Nino Diaz authored
The affected interfaces are bl31_early_platform_setup(), sp_min_early_platform_setup() and bl2_early_platform_setup(). Change-Id: I50c01ec68bcbe97fe4e5d101bcd0f763358b8e1e Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 26 Feb, 2018 1 commit
-
-
Soby Mathew authored
This patch introduces a new BL handover interface. It essentially allows passing 4 arguments between the different BL stages. Effort has been made so as to be compatible with the previous handover interface. The previous blx_early_platform_setup() platform API is now deprecated and the new blx_early_platform_setup2() variant is introduced. The weak compatiblity implementation for the new API is done in the `plat_bl_common.c` file. Some of the new arguments in the new API will be reserved for generic code use when dynamic configuration support is implemented. Otherwise the other registers are available for platform use. Change-Id: Ifddfe2ea8e32497fe1beb565cac155ad9d50d404 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 09 Jan, 2018 1 commit
-
-
Varun Wadekar authored
This patch adds support to receive function ID with NS world's memory ranges to provide the memory snapshot to TLK. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 09 Aug, 2017 1 commit
-
-
Etienne Carriere authored
Add support for a minimal secure interrupt service in sp_min for the AArch32 implementation. Hard code that only FIQs are handled. Introduce bolean build directive SP_MIN_WITH_SECURE_FIQ to enable FIQ handling from SP_MIN. Configure SCR[FIQ] and SCR[FW] from generic code for both cold and warm boots to handle FIQ in secure state from monitor. Since SP_MIN architecture, FIQ are always trapped when system executes in non secure state. Hence discard relay of the secure/non-secure state in the FIQ handler. Change-Id: I1f7d1dc7b21f6f90011b7f3fcd921e455592f5e7 Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
-
- 20 Jun, 2017 1 commit
-
-
Dimitris Papastamos authored
On ARM platforms before exiting from SP_MIN ensure that the default console is switched to the runtime serial port. Change-Id: I0ca0d42cc47e345d56179eac16aa3d6712767c9b Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 04 May, 2017 1 commit
-
-
David Cunado authored
Since Issue B (November 2016) of the SMC Calling Convention document standard SMC calls are renamed to yielding SMC calls to help avoid confusion with the standard service SMC range, which remains unchanged. http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pd A previous patch introduced a new define for yielding SMC call type. This patch updates the secure payload dispatchers (except the TSPD) to use this new define and also migrates the code to use the new terminology. Change-Id: I3d2437c04e3b21fdbd32019f55c066c87679a5bf Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 03 May, 2017 1 commit
-
-
dp-arm authored
To make software license auditing simpler, use SPDX[0] license identifiers instead of duplicating the license text in every file. NOTE: Files that have been imported by FreeBSD have not been modified. [0]: https://spdx.org/ Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 29 Apr, 2017 1 commit
-
-
Scott Branden authored
utils.h is included in various header files for the defines in it. Some of the other header files only contain defines. This allows the header files to be shared between host and target builds for shared defines. Recently types.h has been included in utils.h as well as some function prototypes. Because of the inclusion of types.h conflicts exist building host tools abd these header files now. To solve this problem, move the defines to utils_def.h and have this included by utils.h and change header files to only include utils_def.h and not pick up the new types.h being introduced. Fixes ARM-software/tf-issues#461 Signed-off-by: Scott Branden <scott.branden@broadcom.com> Remove utils_def.h from utils.h This patch removes utils_def.h from utils.h as it is not required. And also makes a minor change to ensure Juno platform compiles. Change-Id: I10cf1fb51e44a8fa6dcec02980354eb9ecc9fa29
-
- 26 Apr, 2017 1 commit
-
-
David Cunado authored
Since Issue B (November 2016) of the SMC Calling Convention document standard SMC calls are renamed to yielding SMC calls to help avoid confusion with the standard service SMC range, which remains unchanged. http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf This patch adds a new define for yielding SMC call type and deprecates the current standard SMC call type. The tsp is migrated to use this new terminology and, additionally, the documentation and code comments are updated to use this new terminology. Change-Id: I0d7cc0224667ee6c050af976745f18c55906a793 Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 26 Jan, 2017 1 commit
-
-
David Cunado authored
With GCC 6.2 compiler, more C undefined behaviour is being flagged as warnings, which result in build errors in ARM TF build. The specific issue that this patch resolves is the use of (1 << 31), which is predominantly used in case statements, where 1 is represented as a signed int. When shifted to msb the behaviour is undefined. The resolution is to specify 1 as an unsigned int using a convenience macro ULL(). A duplicate macro MAKE_ULL() is replaced. Fixes ARM-software/tf-issues#438 Change-Id: I08e3053bbcf4c022ee2be33a75bd0056da4073e1 Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 23 Dec, 2016 1 commit
-
-
Douglas Raillard authored
Standard SMC requests that are handled in the secure-world by the Secure Payload can be preempted by interrupts that must be handled in the normal world. When the TSP is preempted the secure context is stored and control is passed to the normal world to handle the non-secure interrupt. Once completed the preempted secure context is restored. When restoring the preempted context, the dispatcher assumes that the TSP preempted context is still stored as the SECURE context by the context management library. However, PSCI power management operations causes synchronous entry into TSP. This overwrites the preempted SECURE context in the context management library. When restoring back the SECURE context, the Secure Payload crashes because this context is not the preempted context anymore. This patch avoids corruption of the preempted SECURE context by aborting any preempted SMC during PSCI power management calls. The abort_std_smc_entry hook of the TSP is called when aborting the SMC request. It also exposes this feature as a FAST SMC callable from normal world to abort preempted SMC with FID TSP_FID_ABORT. Change-Id: I7a70347e9293f47d87b5de20484b4ffefb56b770 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 20 Dec, 2016 1 commit
-
-
Douglas Raillard authored
Enforce valid FID input in TSP_STD_FID and TSP_FAST_FID macros. Also remove an undefined behavior by using unsigned literals. Change-Id: Id37e908da861980a4eaa3a70b37a729f416ce272 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 21 Sep, 2016 1 commit
-
-
Yatharth Kochar authored
This patch adds support in SP_MIN to receive generic and platform specific arguments from BL2. The new signature is as following: void sp_min_early_platform_setup(void *from_bl2, void *plat_params_from_bl2); ARM platforms have been modified to use this support. Note: Platforms may break if using old signature. Default value for RESET_TO_SP_MIN is changed to 0. Change-Id: I008d4b09fd3803c7b6231587ebf02a047bdba8d0
-
- 10 Aug, 2016 1 commit
-
-
Soby Mathew authored
This patch adds a minimal AArch32 secure payload SP_MIN. It relies on PSCI library to initialize the normal world context. It runs in Monitor mode and uses the runtime service framework to handle SMCs. It is added as a BL32 component in the Trusted Firmware source tree. Change-Id: Icc04fa6b242025a769c1f6c7022fde19459c43e9
-
- 04 Dec, 2015 2 commits
-
-
Soby Mathew authored
On a GICv2 system, interrupts that should be handled in the secure world are typically signalled as FIQs. On a GICv3 system, these interrupts are signalled as IRQs instead. The mechanism for handling both types of interrupts is the same in both cases. This patch enables the TSP to run on a GICv3 system by: 1. adding support for handling IRQs in the exception handling code. 2. removing use of "fiq" in the names of data structures, macros and functions. The build option TSPD_ROUTE_IRQ_TO_EL3 is deprecated and is replaced with a new build flag TSP_NS_INTR_ASYNC_PREEMPT. For compatibility reasons, if the former build flag is defined, it will be used to define the value for the new build flag. The documentation is also updated accordingly. Change-Id: I1807d371f41c3656322dd259340a57649833065e
-
Soby Mathew authored
The TSP is expected to pass control back to EL3 if it gets preempted due to an interrupt while handling a Standard SMC in the following scenarios: 1. An FIQ preempts Standard SMC execution and that FIQ is not a TSP Secure timer interrupt or is preempted by a higher priority interrupt by the time the TSP acknowledges it. In this case, the TSP issues an SMC with the ID as `TSP_EL3_FIQ`. Currently this case is never expected to happen as only the TSP Secure Timer is expected to generate FIQ. 2. An IRQ preempts Standard SMC execution and in this case the TSP issues an SMC with the ID as `TSP_PREEMPTED`. In both the cases, the TSPD hands control back to the normal world and returns returns an error code to the normal world to indicate that the standard SMC it had issued has been preempted but not completed. This patch unifies the handling of these two cases in the TSPD and ensures that the TSP only uses TSP_PREEMPTED instead of separate SMC IDs. Also instead of 2 separate error codes, SMC_PREEMPTED and TSP_EL3_FIQ, only SMC_PREEMPTED is returned as error code back to the normal world. Background information: On a GICv3 system, when the secure world has affinity routing enabled, in 2. an FIQ will preempt TSP execution instead of an IRQ. The FIQ could be a result of a Group 0 or a Group 1 NS interrupt. In both case, the TSPD passes control back to the normal world upon receipt of the TSP_PREEMPTED SMC. A Group 0 interrupt will immediately preempt execution to EL3 where it will be handled. This allows for unified interrupt handling in TSP for both GICv3 and GICv2 systems. Change-Id: I9895344db74b188021e3f6a694701ad272fb40d4
-
- 30 Sep, 2015 1 commit
-
-
Varun Wadekar authored
This patch adds PM handlers to TLKD for the system suspend/resume and system poweroff/reset cases. TLK expects all SMCs through a single handler, which then fork out into multiple handlers depending on the SMC. We tap into the same single entrypoint by restoring the S-EL1 context before passing the PM event via register 'x0'. On completion of the PM event, TLK sends a completion SMC and TLKD then moves on with the PM process. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 13 Apr, 2015 1 commit
-
-
Varun Wadekar authored
This patch removes the need for a shared buffer between the EL3 and S-EL1 levels. We now use the CPU registers, x0-x7, while passing data between the two levels. Since TLK is a 32-bit Trusted OS, tlkd has to unpack the arguments in the x0-x7 registers. TLK in turn gets these values via r0-r7. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 31 Mar, 2015 5 commits
-
-
Varun Wadekar authored
This patch adds support to open/close secure sessions with Trusted Apps and later send commands/events. Modify TLK_NUM_FID to indicate the total number of FIDs available to the NS world. Change-Id: I3f1153dfa5510bd44fc25f1fee85cae475b1abf1 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch allows servicing of the non-secure world IRQs when the CPU is in the secure world. Once the interrupt is handled, the non-secure world issues the Resume FID to allow the secure payload complete the preempted standard FID. Change-Id: Ia52c41adf45014ab51d8447bed6605ca2f935587 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch adds functionality to translate virtual addresses from secure or non-secure worlds. This functionality helps Trusted Apps to share virtual addresses directly and allows the NS world to pass virtual addresses to TLK directly. Change-Id: I77b0892963e0e839c448b5d0532920fb7e54dc8e Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch registers NS memory buffer with the secure payload using two different functions IDs - REGISTER_LOGBUF, REGISTER_REQBUF. a. The SP uses the log-buffer to store its activity logs, in a pre-decided format. This helps in debugging secure payload's issues. b. The SP uses the req-buffer to get the parameters required by sessions with Trusted Applications. Change-Id: I6b0247cf7790524132ee0da24f1f35b1fccec5d5 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
TLK Dispatcher (tlkd) is based on the tspd and is the glue required to run TLK as a Secure Payload with the Trusted Firmware. Change-Id: I69e573d26d52342eb049feef773dd7d2a506f4ab Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 19 Aug, 2014 2 commits
-
-
Juan Castillo authored
This patch adds support for SYSTEM_OFF and SYSTEM_RESET PSCI operations. A platform should export handlers to complete the requested operation. The FVP port exports fvp_system_off() and fvp_system_reset() as an example. If the SPD provides a power management hook for system off and system reset, then the SPD is notified about the corresponding operation so it can do some bookkeeping. The TSPD exports tspd_system_off() and tspd_system_reset() for that purpose. Versatile Express shutdown and reset methods have been removed from the FDT as new PSCI sys_poweroff and sys_reset services have been added. For those kernels that do not support yet these PSCI services (i.e. GICv3 kernel), the original dtsi files have been renamed to *-no_psci.dtsi. Fixes ARM-software/tf-issues#218 Change-Id: Ic8a3bf801db979099ab7029162af041c4e8330c8
-
Dan Handley authored
* Move TSP platform porting functions to new file: include/bl32/tsp/platform_tsp.h. * Create new TSP_IRQ_SEC_PHY_TIMER definition for use by the generic TSP interrupt handling code, instead of depending on the FVP specific definition IRQ_SEC_PHY_TIMER. * Rename TSP platform porting functions from bl32_* to tsp_*, and definitions from BL32_* to TSP_*. * Update generic TSP code to use new platform porting function names and definitions. * Update FVP port accordingly and move all TSP source files to: plat/fvp/tsp/. * Update porting guide with above changes. Note: THIS CHANGE REQUIRES ALL PLATFORM PORTS OF THE TSP TO BE UPDATED Fixes ARM-software/tf-issues#167 Change-Id: Ic0ff8caf72aebb378d378193d2f017599fc6b78f
-
- 14 Aug, 2014 1 commit
-
-
Dan Handley authored
Move the TSP private declarations out of tsp.h and into a new header, tsp_private.h. This clarifies the TSP interface to the TSPD. Change-Id: I39af346eeba3350cadcac56c02d97a5cb978c28b
-
- 23 May, 2014 5 commits
-
-
Dan Handley authored
Some platform porting functions were in BL specific header files. These have been moved to platform.h so that all porting functions are in the same place. The functions are now grouped by BL. Obsolete BL headers files have been removed. Also, the weak declaration of the init_bl2_mem_layout() function has been moved out the header file and into the source file (bl_common.c) using the more succinct #pragma syntax. This mitigates the risk of 2 weak definitions being created and the wrong one being picked up by the compiler. Change-Id: Ib19934939fd755f3e5a5a5bceec88da684308a83
-
Dan Handley authored
Previously, platform.h contained many declarations and definitions used for different purposes. This file has been split so that: * Platform definitions used by common code that must be defined by the platform are now in platform_def.h. The exact include path is exported through $PLAT_INCLUDES in the platform makefile. * Platform definitions specific to the FVP platform are now in /plat/fvp/fvp_def.h. * Platform API declarations specific to the FVP platform are now in /plat/fvp/fvp_private.h. * The remaining platform API declarations that must be ported by each platform are still in platform.h but this file has been moved to /include/plat/common since this can be shared by all platforms. Change-Id: Ieb3bb22fbab3ee8027413c6b39a783534aee474a
-
Dan Handley authored
Function declarations implicitly have external linkage so do not need the extern keyword. Change-Id: Ia0549786796d8bf5956487e8996450a0b3d79f32
-
Andrew Thoelke authored
The TSP has a number of entrypoints used by the TSP on different occasions. These were provided to the TSPD as a table of function pointers, and required the TSPD to read the entry in the table, which is in TSP memory, in order to program the exception return address. Ideally, the TSPD has no access to the TSP memory. This patch changes the table of function pointers into a vector table of single instruction entrypoints. This allows the TSPD to calculate the entrypoint address instead of read it. Fixes ARM-software/tf-issues#160 Change-Id: Iec6e055d537ade78a45799fbc6f43765a4725ad3
-
Soby Mathew authored
Implements support for Non Secure Interrupts preempting the Standard SMC call in EL1. Whenever an IRQ is trapped in the Secure world we securely handover to the Normal world to process the interrupt. The normal world then issues "resume" smc call to resume the previous interrupted SMC call. Fixes ARM-software/tf-issues#105 Change-Id: I72b760617dee27438754cdfc9fe9bcf4cc024858
-
- 22 May, 2014 2 commits
-
-
Achin Gupta authored
This patch adds support in the TSP for handling S-EL1 interrupts handed over by the TSPD. It includes GIC support in its platform port, updates various statistics related to FIQ handling, exports an entry point that the TSPD can use to hand over interrupts and defines the handover protocol w.r.t what context is the TSP expected to preserve and the state in which the entry point is invoked by the TSPD. Change-Id: I93b22e5a8133400e4da366f5fc862f871038df39
-
Achin Gupta authored
This patch adds support in the TSP to program the secure physical generic timer to generate a EL-1 interrupt every half second. It also adds support for maintaining the timer state across power management operations. The TSPD ensures that S-EL1 can access the timer by programming the SCR_EL3.ST bit. This patch does not actually enable the timer. This will be done in a subsequent patch once the complete framework for handling S-EL1 interrupts is in place. Change-Id: I1b3985cfb50262f60824be3a51c6314ce90571bc
-
- 06 May, 2014 3 commits
-
-
Dan Handley authored
Reduce the number of header files included from other header files as much as possible without splitting the files. Use forward declarations where possible. This allows removal of some unnecessary "#ifndef __ASSEMBLY__" statements. Also, review the .c and .S files for which header files really need including and reorder the #include statements alphabetically. Fixes ARM-software/tf-issues#31 Change-Id: Iec92fb976334c77453e010b60bcf56f3be72bd3e
-
Dan Handley authored
Add tag names to all unnamed structs in header files. This allows forward declaration of structs, which is necessary to reduce header file nesting (to be implemented in a subsequent commit). Also change the typedef names across the codebase to use the _t suffix to be more conformant with the Linux coding style. The coding style actually prefers us not to use typedefs at all but this is considered a step too far for Trusted Firmware. Also change the IO framework structs defintions to use typedef'd structs to be consistent with the rest of the codebase. Change-Id: I722b2c86fc0d92e4da3b15e5cab20373dd26786f
-
Dan Handley authored
Separate out the CASSERT macro out of bl_common.h into its own header to allow more efficient header inclusion. Change-Id: I291be0b6b8f9879645e839a8f0dd1ec9b3db9639
-