1. 22 Aug, 2018 1 commit
  2. 10 Aug, 2018 1 commit
    • Antonio Nino Diaz's avatar
      xlat v2: Support the EL2 translation regime · 1a92a0e0
      Antonio Nino Diaz authored
      
      
      The translation library is useful elsewhere. Even though this repository
      doesn't exercise the EL2 support of the library, it is better to have it
      here as well to make it easier to maintain.
      
      enable_mmu_secure() and enable_mmu_direct() have been deprecated. The
      functions are still present, but they are behind ERROR_DEPRECATED and
      they call the new functions enable_mmu_svc_mon() and
      enable_mmu_direct_svc_mon().
      
      Change-Id: I13ad10cd048d9cc2d55e0fff9a5133671b67dcba
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      1a92a0e0
  3. 02 Aug, 2018 1 commit
  4. 30 Jul, 2018 1 commit
  5. 15 Jul, 2018 1 commit
  6. 27 Jun, 2018 1 commit
    • Jeenu Viswambharan's avatar
      xlat v2: Split MMU setup and enable · 0cc7aa89
      Jeenu Viswambharan authored
      
      
      At present, the function provided by the translation library to enable
      MMU constructs appropriate values for translation library, and programs
      them to the right registers. The construction of initial values,
      however, is only required once as both the primary and secondaries
      program the same values.
      
      Additionally, the MMU-enabling function is written in C, which means
      there's an active stack at the time of enabling MMU. On some systems,
      like Arm DynamIQ, having active stack while enabling MMU during warm
      boot might lead to coherency problems.
      
      This patch addresses both the above problems by:
      
        - Splitting the MMU-enabling function into two: one that sets up
          values to be programmed into the registers, and another one that
          takes the pre-computed values and writes to the appropriate
          registers. With this, the primary effectively calls both functions
          to have the MMU enabled, but secondaries only need to call the
          latter.
      
        - Rewriting the function that enables MMU in assembly so that it
          doesn't use stack.
      
      This patch fixes a bunch of MISRA issues on the way.
      
      Change-Id: I0faca97263a970ffe765f0e731a1417e43fbfc45
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      0cc7aa89
  7. 13 Jun, 2018 1 commit
    • Antonio Nino Diaz's avatar
      xlat v2: Introduce xlat granule size helpers · a0b9bb79
      Antonio Nino Diaz authored
      
      
      The function xlat_arch_is_granule_size_supported() can be used to check
      if a specific granule size is supported. In Armv8, AArch32 only supports
      4 KiB pages. AArch64 supports 4 KiB, 16 KiB or 64 KiB depending on the
      implementation, which is detected at runtime.
      
      The function xlat_arch_get_max_supported_granule_size() returns the max
      granule size supported by the implementation.
      
      Even though right now they are only used by SPM, they may be useful in
      other places in the future. This patch moves the code currently in SPM
      to the xlat tables lib so that it can be reused.
      
      Change-Id: If54624a5ecf20b9b9b7f38861b56383a03bbc8a4
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      a0b9bb79
  8. 27 Feb, 2018 1 commit
    • Antonio Nino Diaz's avatar
      Add comments about mismatched TCR_ELx and xlat tables · 883d1b5d
      Antonio Nino Diaz authored
      
      
      When the MMU is enabled and the translation tables are mapped, data
      read/writes to the translation tables are made using the attributes
      specified in the translation tables themselves. However, the MMU
      performs table walks with the attributes specified in TCR_ELx. They are
      completely independent, so special care has to be taken to make sure
      that they are the same.
      
      This has to be done manually because it is not practical to have a test
      in the code. Such a test would need to know the virtual memory region
      that contains the translation tables and check that for all of the
      tables the attributes match the ones in TCR_ELx. As the tables may not
      even be mapped at all, this isn't a test that can be made generic.
      
      The flags used by enable_mmu_xxx() have been moved to the same header
      where the functions are.
      
      Also, some comments in the linker scripts related to the translation
      tables have been fixed.
      
      Change-Id: I1754768bffdae75f53561b1c4a5baf043b45a304
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      883d1b5d
  9. 03 May, 2017 1 commit
  10. 08 Mar, 2017 1 commit
    • Antonio Nino Diaz's avatar
      Add version 2 of xlat tables library · 7bb01fb2
      Antonio Nino Diaz authored
      
      
      The folder lib/xlat_tables_v2 has been created to store a new version
      of the translation tables library for further modifications in patches
      to follow. At the moment it only contains a basic implementation that
      supports static regions.
      
      This library allows different translation tables to be modified by
      using different 'contexts'. For now, the implementation defaults to
      the translation tables used by the current image, but it is possible
      to modify other tables than the ones in use.
      
      Added a new API to print debug information for the current state of
      the translation tables, rather than printing the information while
      the tables are being created. This allows subsequent debug printing
      of the xlat tables after they have been changed, which will be useful
      when dynamic regions are implemented in a patch to follow.
      
      The common definitions stored in `xlat_tables.h` header have been moved
      to a new file common to both versions, `xlat_tables_defs.h`.
      
      All headers related to the translation tables library have been moved to
      a the subfolder `xlat_tables`.
      
      Change-Id: Ia55962c33e0b781831d43a548e505206dffc5ea9
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      7bb01fb2
  11. 31 Mar, 2016 1 commit
    • Vikram Kanigiri's avatar
      Refactor the ARM CoreLink TZC-400 driver · 6b477063
      Vikram Kanigiri authored
      TrustZone protection can be programmed by both memory and TrustZone
      address space controllers like DMC-500 and TZC-400. These peripherals
      share a similar programmer's view.
      
      Furthermore, it is possible to have multiple instances of each type of
      peripheral in a system resulting in multiple programmer's views.
      For example, on the TZC-400 each of the 4 filter units can be enabled
      or disabled for each region. There is a single set of registers to
      program the region attributes. On the DMC-500, each filter unit has its
      own programmer's view resulting in multiple sets of registers to program
      the region attributes. The layout of the registers is almost the same
      across all these variations.
      
      Hence the existing driver in `tzc400\tzc400.c` is refactored into the
      new driver in `tzc\tzc400.c`. The previous driver file is still maintained
      for compatibility and it is now deprecated.
      
      Change-Id: Ieabd0528e244582875bc7e65029a00517671216d
      6b477063
  12. 08 Dec, 2015 1 commit
  13. 27 Nov, 2015 1 commit
    • Vikram Kanigiri's avatar
      Fix TZC-400 peripheral detection · 609ebce4
      Vikram Kanigiri authored
      The TZC-400 driver implementation incorrectly uses the component
      ID registers to detect the TZC-400 peripheral. As all ARM
      peripherals share the same component ID, it doesn't allow to
      uniquely identify the TZC-400 peripheral. This patch fixes the
      TZC-400 driver by relying on the `part_number_0` and
      `part_number_1` fields in the `PID` registers instead.
      The `tzc_read_component_id` function has been replaced by
      `tzc_read_peripheral_id`, which reads the 'part_number' values
      and compares them with the TZC-400 peripheral ID.
      
      Also, it adds a debug assertion to detect when the TZC driver
      initialisation function is called multiple times.
      
      Change-Id: I35949f6501a51c0a794144cd1c3a6db62440dce6
      609ebce4
  14. 09 Jul, 2015 1 commit
    • Juan Castillo's avatar
      Use uintptr_t as base address type in ARM driver APIs · 02462972
      Juan Castillo authored
      This patch changes the type of the base address parameter in the
      ARM device driver APIs to uintptr_t (GIC, CCI, TZC400, PL011). The
      uintptr_t type allows coverage of the whole memory space and to
      perform arithmetic operations on the addresses. ARM platform code
      has also been updated to use uintptr_t as GIC base address in the
      configuration.
      
      Fixes ARM-software/tf-issues#214
      
      Change-Id: I1b87daedadcc8b63e8f113477979675e07d788f1
      02462972
  15. 27 Apr, 2015 1 commit
    • Dan Handley's avatar
      Add TZC function to configure region 0 · 71a84445
      Dan Handley authored
      Region 0 is special in TZC-400. It is possible to set the access
      permissions for this but not the address range or filters to which
      the permissions apply. Add a function for setting the region 0
      access permissions.
      
      Also add some VERBOSE logging and allow assembly files to include
      the TZC header.
      
      Change-Id: I4389261ba10a6e5e2e43ee93d55318dc507b6648
      71a84445
  16. 14 Oct, 2014 1 commit
    • Juan Castillo's avatar
      Juno: Reserve some DDR-DRAM for secure use · 740134e6
      Juan Castillo authored
      This patch configures the TrustZone Controller in Juno to split
      the 2GB DDR-DRAM memory at 0x80000000 into Secure and Non-Secure
      regions:
      
      - Secure DDR-DRAM: top 16 MB, except for the last 2 MB which are
        used by the SCP for DDR retraining
      - Non-Secure DDR-DRAM: remaining DRAM starting at base address
      
      Build option PLAT_TSP_LOCATION selects the location of the secure
      payload (BL3-2):
      
      - 'tsram' : Trusted SRAM (default option)
      - 'dram'  : Secure region in the DDR-DRAM (set by the TrustZone
                  controller)
      
      The MMU memory map has been updated to give BL2 permission to load
      BL3-2 into the DDR-DRAM secure region.
      
      Fixes ARM-software/tf-issues#233
      
      Change-Id: I6843fc32ef90aadd3ea6ac4c7f314f8ecbd5d07b
      740134e6
  17. 14 Aug, 2014 1 commit
    • Dan Handley's avatar
      Simplify interface to TZC-400 driver · 3279f625
      Dan Handley authored
      The TZC-400 driver previously allowed the possibility of multiple
      controller instances to be present in the same executable. This
      was unnecessary since there will only ever be one instance.
      
      This change simplifies the tzc_init() function to only take the
      base address argument needed by implementation, conforming to the
      driver initialization model of other drivers. It also hides some
      of the implementation details that were previously exposed by the
      API.
      
      The FVP port has been updated accordingly.
      
      THIS CHANGE REQUIRES ALL PLATFORM PORTS THAT USE THE TZC-400
      DRIVER TO BE UPDATED
      
      Fixes ARM-software/tf-issues#181
      
      Change-Id: I7b721edf947064989958d8f457d6462d92e742c8
      3279f625
  18. 28 Jul, 2014 1 commit
    • Juan Castillo's avatar
      Rework incorrect use of assert() and panic() in codebase · d3280beb
      Juan Castillo authored
      Assert a valid security state using the macro sec_state_is_valid().
      Replace assert() with panic() in those cases that might arise
      because of runtime errors and not programming errors.
      Replace panic() with assert() in those cases that might arise
      because of programming errors.
      
      Fixes ARM-software/tf-issues#96
      
      Change-Id: I51e9ef0439fd5ff5e0edfef49050b69804bf14d5
      d3280beb
  19. 06 May, 2014 4 commits
    • Dan Handley's avatar
      Reduce deep nesting of header files · 97043ac9
      Dan Handley authored
      Reduce the number of header files included from other header
      files as much as possible without splitting the files. Use forward
      declarations where possible. This allows removal of some unnecessary
      "#ifndef __ASSEMBLY__" statements.
      
      Also, review the .c and .S files for which header files really need
      including and reorder the #include statements alphabetically.
      
      Fixes ARM-software/tf-issues#31
      
      Change-Id: Iec92fb976334c77453e010b60bcf56f3be72bd3e
      97043ac9
    • Dan Handley's avatar
      Always use named structs in header files · fb037bfb
      Dan Handley authored
      Add tag names to all unnamed structs in header files. This
      allows forward declaration of structs, which is necessary to
      reduce header file nesting (to be implemented in a subsequent
      commit).
      
      Also change the typedef names across the codebase to use the _t
      suffix to be more conformant with the Linux coding style. The
      coding style actually prefers us not to use typedefs at all but
      this is considered a step too far for Trusted Firmware.
      
      Also change the IO framework structs defintions to use typedef'd
      structs to be consistent with the rest of the codebase.
      
      Change-Id: I722b2c86fc0d92e4da3b15e5cab20373dd26786f
      fb037bfb
    • Dan Handley's avatar
      Make use of user/system includes more consistent · 35e98e55
      Dan Handley authored
      Make codebase consistent in its use of #include "" syntax for
      user includes and #include <> syntax for system includes.
      
      Fixes ARM-software/tf-issues#65
      
      Change-Id: If2f7c4885173b1fd05ac2cde5f1c8a07000c7a33
      35e98e55
    • Dan Handley's avatar
      Move include and source files to logical locations · 4ecca339
      Dan Handley authored
      Move almost all system include files to a logical sub-directory
      under ./include. The only remaining system include directories
      not under ./include are specific to the platform. Move the
      corresponding source files to match the include directory
      structure.
      
      Also remove pm.h as it is no longer used.
      
      Change-Id: Ie5ea6368ec5fad459f3e8a802ad129135527f0b3
      4ecca339
  20. 24 Apr, 2014 1 commit
    • Harry Liebel's avatar
      Add TrustZone (TZC-400) driver · cd116d17
      Harry Liebel authored
      The TZC-400 performs security checks on transactions to memory or
      peripherals. Separate regions can be created in the address space each
      with individual security settings.
      
      Limitations:
      This driver does not currently support raising an interrupt on access
      violation.
      
      Change-Id: Idf8ed64b4d8d218fc9b6f9d75acdb2cd441d2449
      cd116d17