1. 11 Feb, 2020 1 commit
  2. 06 Feb, 2020 1 commit
    • Max Shvetsov's avatar
      Adds option to read ROTPK from registers for FVP · a6ffddec
      Max Shvetsov authored
      
      
      Enables usage of ARM_ROTPK_LOCATION=regs for FVP board.
      Removes hard-coded developer keys. Instead, setting
      ARM_ROTPK_LOCATION=devel_* takes keys from default directory.
      In case of ROT_KEY specified - generates a new hash and replaces the
      original.
      
      Note: Juno board was tested by original feature author and was not tested
      for this patch since we don't have access to the private key. Juno
      implementation was moved to board-specific file without changing
      functionality. It is not known whether byte-swapping is still needed
      for this platform.
      
      Change-Id: I0fdbaca0415cdcd78f3a388551c2e478c01ed986
      Signed-off-by: default avatarMax Shvetsov <maksims.svecovs@arm.com>
      a6ffddec
  3. 25 Jul, 2019 1 commit
    • Gilad Ben-Yossef's avatar
      cryptocell: move Cryptocell specific API into driver · 36ec2bb0
      Gilad Ben-Yossef authored
      
      
      Code using Cryptocell specific APIs was used as part of the
      arm common board ROT support, instead of being abstracted
      in Cryptocell specific driver code, creating two problems:
      - Any none arm board that uses Cryptocell wuld need to
        copy and paste the same code.
      - Inability to cleanly support multiple versions of Cryptocell
        API and products.
      
      Move over Cryptocell specific API calls into the Cryptocell
      driver, creating abstraction API where needed.
      Signed-off-by: default avatarGilad Ben-Yossef <gilad.benyossef@arm.com>
      Change-Id: I9e03ddce90fcc47cfdc747098bece86dbd11c58e
      36ec2bb0
  4. 25 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      plat/arm: Sanitise includes · bd9344f6
      Antonio Nino Diaz authored
      
      
      Use full include paths like it is done for common includes.
      
      This cleanup was started in commit d40e0e08283a ("Sanitise includes
      across codebase"), but it only cleaned common files and drivers. This
      patch does the same to Arm platforms.
      
      Change-Id: If982e6450bbe84dceb56d464e282bcf5d6d9ab9b
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      bd9344f6
  5. 15 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      plat/arm: Fix header dependencies · 234bc7f8
      Antonio Nino Diaz authored
      
      
      From now on, platform_def.h must include any header with definitions that
      are platform-specific (like arm_def.h) and the included headers mustn't
      include back platform_def.h, and shouldn't be used by other files. Only
      platform_def.h should be included in other files. This will ensure that all
      needed definitions are present, rather than needing to include all the
      headers in all the definitions' headers just in case.
      
      This also prevents problems like cyclic dependencies.
      
      Change-Id: I9d3cf4d1de4b956fa035c79545222697acdaf5ca
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      234bc7f8
  6. 04 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Sanitise includes across codebase · 09d40e0e
      Antonio Nino Diaz authored
      Enforce full include path for includes. Deprecate old paths.
      
      The following folders inside include/lib have been left unchanged:
      
      - include/lib/cpus/${ARCH}
      - include/lib/el3_runtime/${ARCH}
      
      The reason for this change is that having a global namespace for
      includes isn't a good idea. It defeats one of the advantages of having
      folders and it introduces problems that are sometimes subtle (because
      you may not know the header you are actually including if there are two
      of them).
      
      For example, this patch had to be created because two headers were
      called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform
      to avoid collision."). More recently, this patch has had similar
      problems: 46f9b2c3 ("drivers: add tzc380 support").
      
      This problem was introduced in commit 4ecca339
      
       ("Move include and
      source files to logical locations"). At that time, there weren't too
      many headers so it wasn't a real issue. However, time has shown that
      this creates problems.
      
      Platforms that want to preserve the way they include headers may add the
      removed paths to PLAT_INCLUDES, but this is discouraged.
      
      Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      09d40e0e
  7. 11 Oct, 2018 1 commit
  8. 10 Oct, 2018 1 commit
    • Antonio Nino Diaz's avatar
      plat/arm: Move norflash driver to drivers/ folder · aa7877c4
      Antonio Nino Diaz authored
      
      
      This way it can be reused by other platforms if needed.
      
      Note that this driver is designed to work with the Versatile Express NOR
      flash of Juno and FVP. In said platforms, the memory is organized as an
      interleaved memory of two chips with a 16 bit word.
      
      Any platform that wishes to reuse it with a different configuration will
      need to modify the driver so that it is more generic.
      
      Change-Id: Ic721758425864e0cf42b7b9b04bf0d9513b6022e
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      aa7877c4
  9. 02 Oct, 2018 1 commit
    • Antonio Nino Diaz's avatar
      plat/arm: Remove option ARM_BOARD_OPTIMISE_MEM · c0740e4f
      Antonio Nino Diaz authored
      
      
      This option makes it hard to optimize the memory definitions of all Arm
      platforms because any change in the common defines must work in all of
      them. The best thing to do is to remove it and move the definition to
      each platform's header.
      
      FVP, SGI and SGM were using the definitions in board_arm_def.h. The
      definitions have been copied to each platform's platform_def.h. Juno
      was already using the ones in platform_def.h, so there have been no
      changes.
      
      Change-Id: I9aecd11bbc72a3d0d7aad1ef9934d8df21dcfaf2
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      c0740e4f
  10. 21 Aug, 2018 1 commit
  11. 24 Jul, 2018 1 commit
  12. 01 May, 2018 1 commit
    • Roberto Vargas's avatar
      ARM platforms: Demonstrate mem_protect from el3_runtime · 638b034c
      Roberto Vargas authored
      
      
      Previously mem_protect used to be only supported from BL2. This is not
      helpful in the case when ARM TF-A BL2 is not used. This patch demonstrates
      mem_protect from el3_runtime firmware on ARM Platforms specifically
      when RESET_TO_BL31 or RESET_TO_SP_MIN flag is set as BL2 may be absent
      in these cases. The Non secure DRAM is dynamically mapped into EL3 mmap
      tables temporarily and then the protected regions are then cleared. This
      avoids the need to map the non secure DRAM permanently to BL31/sp_min.
      
      The stack size is also increased, because DYNAMIC_XLAT_TABLES require
      a bigger stack.
      
      Change-Id: Ia44c594192ed5c5adc596c0cff2c7cc18c001fde
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      638b034c
  13. 08 Mar, 2018 1 commit
    • Soby Mathew's avatar
      Juno: Change the Firmware update detect mechanism · 7b56928a
      Soby Mathew authored
      
      
      Previously, Juno used to depend on the SSC_GPRETN register to inform
      about the reset syndrome. This method was removed when SCP migrated
      to the SDS framework. But even the SDS framework doesn't report the
      reset syndrome correctly and hence Juno failed to enter Firmware
      update mode if BL2 authentication failed.
      
      In addition to that, the error code populated in V2M_SYS_NVFLAGS register
      does not seem to be retained any more on Juno across resets. This could
      be down to the motherboard firmware not doing the necessary to preserve
      the value.
      
      Hence this patch modifies the Juno platform to use the same mechanism to
      trigger firmware update as FVP which is to corrupt the FIP TOC on
      authentication failure. The implementation in `fvp_err.c` is made common
      for ARM platforms and is moved to the new `arm_err.c` file in
      plat/arm/common folder. The BL1 and BL2 mmap table entries for Juno
      are modified to allow write to the Flash memory address.
      
      Change-Id: Ica7d49a3e8a46a90efd4cf340f19fda3b549e945
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      7b56928a
  14. 25 Sep, 2017 2 commits
    • Roberto Vargas's avatar
      mem_protect: Add DRAM2 to the list of mem protected ranges · b09ba056
      Roberto Vargas authored
      
      
      On ARM platforms, the maximum size of the address space is limited
      to 32-bits as defined in arm_def.h. In order to access DRAM2, which
      is defined beyond the 32-bit address space, the maximum address space
      is increased to 36-bits in AArch64. It is possible to increase the
      virtual space for AArch32, but it is more difficult and not supported
      for now.
      
      NOTE - the actual maximum memory address space is platform dependent
      and is checked at run-time by querying the PARange field in the
      ID_AA64MMFR0_EL1 register.
      
      Change-Id: I6cb05c78a63b1fed96db9a9773faca04a5b93d67
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      b09ba056
    • Roberto Vargas's avatar
      mem_protect: Add mem_protect support in Juno and FVP for DRAM1 · f145403c
      Roberto Vargas authored
      
      
      mem_protect needs some kind of non-volatile memory because it has
      to remember its state across reset and power down events.
      The most suitable electronic part for this feature is a NVRAM
      which should be only accesible from the secure world. Juno and
      FVP lack such hardware and for this reason the MEM_PROTECT
      functionality is implemented with Flash EEPROM memory on both
      boards, even though this memory is accesible from the non-secure
      world. This is done only to show a full implementation of
      these PSCI features, but an actual system shouldn't use a
      non-secure NVRAM to implement it.
      
      The EL3 runtime software will write the mem_protect flag and BL2
      will read and clear the memory ranges if enabled. It is done in
      BL2 because it reduces the time that TF needs access to the full
      non-secure memory.
      
      The memory layout of both boards is defined using macros which
      take different values in Juno and FVP platforms. Generic platform
      helpers are added that use the platform specific macros to generate
      a mem_region_t that is valid for the platform.
      
      Change-Id: I2c6818ac091a2966fa07a52c5ddf8f6fde4941e9
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      f145403c
  15. 22 Sep, 2017 1 commit
  16. 06 Sep, 2017 1 commit
    • Soby Mathew's avatar
      CSS: Changes for SDS framework · 18e279eb
      Soby Mathew authored
      
      
      This patch does the required changes to enable CSS platforms
      to build and use the SDS framework. Since SDS is always coupled with
      SCMI protocol, the preexisting SCMI build flag is now renamed to
      `CSS_USE_SCMI_SDS_DRIVER` which will enable both SCMI and SDS on
      CSS platforms. Also some of the workarounds applied for SCMI are
      now removed with SDS in place.
      
      Change-Id: I94e8b93f05e3fe95e475c5501c25bec052588a9c
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      18e279eb
  17. 05 Sep, 2017 1 commit
  18. 31 Aug, 2017 1 commit
  19. 23 Aug, 2017 1 commit
    • Roberto Vargas's avatar
      norflash: Add full status check · 3bbe34e5
      Roberto Vargas authored
      
      
      The nor_XXXXX functions may fail due to different reasons, and it
      is convenient to do a full check to detect any failure. It is also
      a good idea to have a specific function to do a full status check,
      because new checks can be added to this function and they will be
      incorporated automatically to any function calling it.
      
      Change-Id: I54fed913e37ef574c1608e94139a519426348d12
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      3bbe34e5
  20. 22 Aug, 2017 4 commits
  21. 09 Aug, 2017 1 commit
    • Summer Qin's avatar
      Add Trusted OS extra image parsing support for ARM standard platforms · 54661cd2
      Summer Qin authored
      
      
      Trusted OS may have extra images to be loaded. Load them one by one
      and do the parsing. In this patch, ARM TF need to load up to 3 images
      for optee os: header, pager and paged images. Header image is the info
      about optee os and images. Pager image include pager code and data.
      Paged image include the paging parts using virtual memory.
      
      Change-Id: Ia3bcfa6d8a3ed7850deb5729654daca7b00be394
      Signed-off-by: default avatarSummer Qin <summer.qin@arm.com>
      54661cd2
  22. 25 Jul, 2017 1 commit
  23. 28 Jun, 2017 1 commit
  24. 05 Jun, 2017 1 commit
  25. 24 May, 2017 1 commit
  26. 23 May, 2017 1 commit
  27. 03 May, 2017 1 commit
  28. 20 Apr, 2017 1 commit
  29. 23 Jan, 2017 1 commit
    • Masahiro Yamada's avatar
      Use #ifdef for IMAGE_BL* instead of #if · 3d8256b2
      Masahiro Yamada authored
      
      
      One nasty part of ATF is some of boolean macros are always defined
      as 1 or 0, and the rest of them are only defined under certain
      conditions.
      
      For the former group, "#if FOO" or "#if !FOO" must be used because
      "#ifdef FOO" is always true.  (Options passed by $(call add_define,)
      are the cases.)
      
      For the latter, "#ifdef FOO" or "#ifndef FOO" should be used because
      checking the value of an undefined macro is strange.
      
      Here, IMAGE_BL* is handled by make_helpers/build_macro.mk like
      follows:
      
        $(eval IMAGE := IMAGE_BL$(call uppercase,$(3)))
      
        $(OBJ): $(2)
                @echo "  CC      $$<"
                $$(Q)$$(CC) $$(TF_CFLAGS) $$(CFLAGS) -D$(IMAGE) -c $$< -o $$@
      
      This means, IMAGE_BL* is defined when building the corresponding
      image, but *undefined* for the other images.
      
      So, IMAGE_BL* belongs to the latter group where we should use #ifdef
      or #ifndef.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      3d8256b2
  30. 21 Sep, 2016 1 commit
    • Yatharth Kochar's avatar
      AArch32: Common changes needed for BL1/BL2 · 1a0a3f06
      Yatharth Kochar authored
      This patch adds common changes to support AArch32 state in
      BL1 and BL2. Following are the changes:
      
      * Added functions for disabling MMU from Secure state.
      * Added AArch32 specific SMC function.
      * Added semihosting support.
      * Added reporting of unhandled exceptions.
      * Added uniprocessor stack support.
      * Added `el3_entrypoint_common` macro that can be
        shared by BL1 and BL32 (SP_MIN) BL stages. The
        `el3_entrypoint_common` is similar to the AArch64
        counterpart with the main difference in the assembly
        instructions and the registers that are relevant to
        AArch32 execution state.
      * Enabled `LOAD_IMAGE_V2` flag in Makefile for
        `ARCH=aarch32` and added check to make sure that
        platform has not overridden to disable it.
      
      Change-Id: I33c6d8dfefb2e5d142fdfd06a0f4a7332962e1a3
      1a0a3f06
  31. 10 Aug, 2016 1 commit
    • Soby Mathew's avatar
      AArch32: Add essential ARM platform and FVP support · 877cf3ff
      Soby Mathew authored
      This patch adds AArch32 support for FVP and implements common platform APIs
      like `plat_get_my_stack`, `plat_set_my_stack`, `plat_my_core_cos` for AArch32.
      Only Multi Processor(MP) implementations of these functions are considered in
      this patch. The ARM Standard platform layer helpers are implemented for
      AArch32 and the common makefiles are modified to cater for both AArch64 and
      AArch32 builds. Compatibility with the deprecated platform API is not
      supported for AArch32.
      
      Change-Id: Iad228400613eec91abf731b49e21a15bcf2833ea
      877cf3ff
  32. 09 Aug, 2016 1 commit
  33. 25 Jul, 2016 1 commit
    • Antonio Nino Diaz's avatar
      ARM platforms: Define common image sizes · 0289970d
      Antonio Nino Diaz authored
      Compile option `ARM_BOARD_OPTIMISE_MMAP` has been renamed to
      `ARM_BOARD_OPTIMISE_MEM` because it now applies not only to defines
      related to the translation tables but to the image size as well.
      
      The defines `PLAT_ARM_MAX_BL1_RW_SIZE`, `PLAT_ARM_MAX_BL2_SIZE` and
      `PLAT_ARM_MAX_BL31_SIZE` have been moved to the file board_arm_def.h.
      This way, ARM platforms no longer have to set their own values if
      `ARM_BOARD_OPTIMISE_MEM=0` and they can specify optimized values
      otherwise. The common sizes have been set to the highest values used
      for any of the current build configurations.
      
      This is needed because in some build configurations some images are
      running out of space. This way there is a common set of values known
      to work for all of them and it can be optimized for each particular
      platform if needed.
      
      The space reserved for BL2 when `TRUSTED_BOARD_BOOT=0` has been
      increased. This is needed because when memory optimisations are
      disabled the values for Juno of `PLAT_ARM_MMAP_ENTRIES` and
      `MAX_XLAT_TABLES` are higher. If in this situation the code is
      compiled in debug mode and with "-O0", the code won't fit.
      
      Change-Id: I70a3d8d3a0b0cad1d6b602c01a7ea334776e718e
      0289970d
  34. 08 Jul, 2016 1 commit
    • Sandrine Bailleux's avatar
      Introduce arm_setup_page_tables() function · b5fa6563
      Sandrine Bailleux authored
      This patch introduces the arm_setup_page_tables() function to
      set up page tables on ARM platforms. It replaces the
      arm_configure_mmu_elx() functions and does the same thing except
      that it doesn't enable the MMU at the end. The idea is to reduce
      the amount of per-EL code that is generated by the C preprocessor
      by splitting the memory regions definitions and page tables creation
      (which is generic) from the MMU enablement (which is the only per-EL
      configuration).
      
      As a consequence, the call to the enable_mmu_elx() function has been
      moved up into the plat_arch_setup() hook. Any other ARM standard
      platforms that use the functions `arm_configure_mmu_elx()` must be
      updated.
      
      Change-Id: I6f12a20ce4e5187b3849a8574aac841a136de83d
      b5fa6563
  35. 03 Jun, 2016 1 commit
    • Antonio Nino Diaz's avatar
      Implement plat_set_nv_ctr for FVP platforms · fe7de035
      Antonio Nino Diaz authored
      Replaced placeholder implementation of plat_set_nv_ctr for FVP
      platforms by a working one.
      
      On FVP, the mapping of region DEVICE2 has been changed from RO to RW
      to prevent exceptions when writing to the NV counter, which is
      contained in this region.
      
      Change-Id: I56a49631432ce13905572378cbdf106f69c82f57
      fe7de035
  36. 31 Mar, 2016 1 commit
    • Juan Castillo's avatar
      TBB: add non-volatile counter support · 48279d52
      Juan Castillo authored
      This patch adds support for non-volatile counter authentication to
      the Authentication Module. This method consists of matching the
      counter values provided in the certificates with the ones stored
      in the platform. If the value from the certificate is lower than
      the platform, the boot process is aborted. This mechanism protects
      the system against rollback.
      
      The TBBR CoT has been updated to include this method as part of the
      authentication process. Two counters are used: one for the trusted
      world images and another for the non trusted world images.
      
      ** NEW PLATFORM APIs (mandatory when TBB is enabled) **
      
      int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr);
      
          This API returns the non-volatile counter value stored
          in the platform. The cookie in the first argument may be
          used to select the counter in case the platform provides
          more than one (i.e. TBSA compliant platforms must provide
          trusted and non-trusted counters). This cookie is specified
          in the CoT.
      
      int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr);
      
          This API sets a new counter value. The cookie may be
          used to select the counter to be updated.
      
      An implementation of these new APIs for ARM platforms is also
      provided. The values are obtained from the Trusted Non-Volatile
      Counters peripheral. The cookie is used to pass the extension OID.
      This OID may be interpreted by the platform to know which counter
      must return. On Juno, The trusted and non-trusted counter values
      have been tied to 31 and 223, respectively, and cannot be modified.
      
      ** IMPORTANT **
      
      THIS PATCH BREAKS THE BUILD WHEN TRUSTED_BOARD_BOOT IS ENABLED. THE
      NEW PLATFORM APIs INTRODUCED IN THIS PATCH MUST BE IMPLEMENTED IN
      ORDER TO SUCCESSFULLY BUILD TF.
      
      Change-Id: Ic943b76b25f2a37f490eaaab6d87b4a8b3cbc89a
      48279d52