1. 11 Jun, 2021 1 commit
  2. 12 Dec, 2019 1 commit
    • Manish Pandey's avatar
      PIE: make call to GDT relocation fixup generalized · da90359b
      Manish Pandey authored
      When a Firmware is complied as Position Independent Executable it needs
      to request GDT fixup by passing size of the memory region to
      el3_entrypoint_common macro.
      The Global descriptor table fixup will be done early on during cold boot
      process of primary core.
      
      Currently only BL31 supports PIE, but in future when BL2_AT_EL3 will be
      compiled as PIE, it can simply pass fixup size to the common el3
      entrypoint macro to fixup GDT.
      
      The reason for this patch was to overcome the bug introduced by SHA
      330ead80
      
       which called fixup routine for each core causing
      re-initializing of global pointers thus overwriting any changes
      done by the previous core.
      
      Change-Id: I55c792cc3ea9e7eef34c2e4653afd04572c4f055
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      da90359b
  3. 13 Sep, 2019 1 commit
    • Alexei Fedorov's avatar
      Refactor ARMv8.3 Pointer Authentication support code · ed108b56
      Alexei Fedorov authored
      
      
      This patch provides the following features and makes modifications
      listed below:
      - Individual APIAKey key generation for each CPU.
      - New key generation on every BL31 warm boot and TSP CPU On event.
      - Per-CPU storage of APIAKey added in percpu_data[]
        of cpu_data structure.
      - `plat_init_apiakey()` function replaced with `plat_init_apkey()`
        which returns 128-bit value and uses Generic timer physical counter
        value to increase the randomness of the generated key.
        The new function can be used for generation of all ARMv8.3-PAuth keys
      - ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`.
      - New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions
        generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively;
        pauth_disable_el1()` and `pauth_disable_el3()` functions disable
        PAuth for EL1 and EL3 respectively;
        `pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from
        cpu-data structure.
      - Combined `save_gp_pauth_registers()` function replaces calls to
        `save_gp_registers()` and `pauth_context_save()`;
        `restore_gp_pauth_registers()` replaces `pauth_context_restore()`
        and `restore_gp_registers()` calls.
      - `restore_gp_registers_eret()` function removed with corresponding
        code placed in `el3_exit()`.
      - Fixed the issue when `pauth_t pauth_ctx` structure allocated space
        for 12 uint64_t PAuth registers instead of 10 by removal of macro
        CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h`
        and assigning its value to CTX_PAUTH_REGS_END.
      - Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions
        in `msr	spsel`  instruction instead of hard-coded values.
      - Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI.
      
      Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      ed108b56
  4. 27 Feb, 2019 1 commit
    • Antonio Nino Diaz's avatar
      BL1: Enable pointer authentication support · cd7d6b0e
      Antonio Nino Diaz authored
      
      
      The size increase after enabling options related to ARMv8.3-PAuth is:
      
      +----------------------------+-------+-------+-------+--------+
      |                            |  text |  bss  |  data | rodata |
      +----------------------------+-------+-------+-------+--------+
      | CTX_INCLUDE_PAUTH_REGS = 1 |  +108 |  +192 |   +0  |   +0   |
      |                            |  0.5% |  0.8% |       |        |
      +----------------------------+-------+-------+-------+--------+
      | ENABLE_PAUTH = 1           |  +748 |  +192 |  +16  |   +0   |
      |                            |  3.7% |  0.8% |  7.0% |        |
      +----------------------------+-------+-------+-------+--------+
      
      Results calculated with the following build configuration:
      
          make PLAT=fvp SPD=tspd DEBUG=1 \
          SDEI_SUPPORT=1                 \
          EL3_EXCEPTION_HANDLING=1       \
          TSP_NS_INTR_ASYNC_PREEMPT=1    \
          CTX_INCLUDE_PAUTH_REGS=1       \
          ENABLE_PAUTH=1
      
      Change-Id: I3a7d02feb6a6d212be32a01432b0c7c1a261f567
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      cd7d6b0e
  5. 21 Jun, 2017 1 commit
    • David Cunado's avatar
      Fully initialise essential control registers · 18f2efd6
      David Cunado authored
      
      
      This patch updates the el3_arch_init_common macro so that it fully
      initialises essential control registers rather then relying on hardware
      to set the reset values.
      
      The context management functions are also updated to fully initialise
      the appropriate control registers when initialising the non-secure and
      secure context structures and when preparing to leave EL3 for a lower
      EL.
      
      This gives better alignement with the ARM ARM which states that software
      must initialise RES0 and RES1 fields with 0 / 1.
      
      This patch also corrects the following typos:
      
      "NASCR definitions" -> "NSACR definitions"
      
      Change-Id: Ia8940b8351dc27bc09e2138b011e249655041cfc
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      18f2efd6
  6. 03 May, 2017 1 commit
  7. 09 Dec, 2015 1 commit
    • Yatharth Kochar's avatar
      Add descriptor based image management support in BL1 · 7baff11f
      Yatharth Kochar authored
      As of now BL1 loads and execute BL2 based on hard coded information
      provided in BL1. But due to addition of support for upcoming Firmware
      Update feature, BL1 now require more flexible approach to load and
      run different images using information provided by the platform.
      
      This patch adds new mechanism to load and execute images based on
      platform provided image id's. BL1 now queries the platform to fetch
      the image id of the next image to be loaded and executed. In order
      to achieve this, a new struct image_desc_t was added which holds the
      information about images, such as: ep_info and image_info.
      
      This patch introduces following platform porting functions:
      
      unsigned int bl1_plat_get_next_image_id(void);
      	This is used to identify the next image to be loaded
      	and executed by BL1.
      
      struct image_desc *bl1_plat_get_image_desc(unsigned int image_id);
      	This is used to retrieve the image_desc for given image_id.
      
      void bl1_plat_set_ep_info(unsigned int image_id,
      struct entry_point_info *ep_info);
      	This function allows platforms to update ep_info for given
      	image_id.
      
      The plat_bl1_common.c file provides default weak implementations of
      all above functions, the `bl1_plat_get_image_desc()` always return
      BL2 image descriptor, the `bl1_plat_get_next_image_id()` always return
      BL2 image ID and `bl1_plat_set_ep_info()` is empty and just returns.
      These functions gets compiled into all BL1 platforms by default.
      
      Platform setup in BL1, using `bl1_platform_setup()`, is now done
      _after_ the initialization of authentication module. This change
      provides the opportunity to use authentication while doing the
      platform setup in BL1.
      
      In order to store secure/non-secure context, BL31 uses percpu_data[]
      to store context pointer for each core. In case of BL1 only the
      primary CPU will be active hence percpu_data[] is not required to
      store the context pointer.
      
      This patch introduce bl1_cpu_context[] and bl1_cpu_context_ptr[] to
      store the context and context pointers respectively. It also also
      re-defines cm_get_context() and cm_set_context() for BL1 in
      bl1/bl1_context_mgmt.c.
      
      BL1 now follows the BL31 pattern of using SP_EL0 for the C runtime
      environment, to support resuming execution from a previously saved
      context.
      
      NOTE: THE `bl1_plat_set_bl2_ep_info()` PLATFORM PORTING FUNCTION IS
            NO LONGER CALLED BY BL1 COMMON CODE. PLATFORMS THAT OVERRIDE
            THIS FUNCTION MAY NEED TO IMPLEMENT `bl1_plat_set_ep_info()`
            INSTEAD TO MAINTAIN EXISTING BEHAVIOUR.
      
      Change-Id: Ieee4c124b951c2e9bc1c1013fa2073221195d881
      7baff11f
  8. 26 Nov, 2015 1 commit
    • Sandrine Bailleux's avatar
      Introduce COLD_BOOT_SINGLE_CPU build option · a9bec67d
      Sandrine Bailleux authored
      This patch introduces a new build option named COLD_BOOT_SINGLE_CPU,
      which allows platforms that only release a single CPU out of reset to
      slightly optimise their cold boot code, both in terms of code size
      and performance.
      
      COLD_BOOT_SINGLE_CPU defaults to 0, which assumes that the platform
      may release several CPUs out of reset. In this case, the cold reset
      code needs to coordinate all CPUs via the usual primary/secondary
      CPU distinction.
      
      If a platform guarantees that only a single CPU will ever be released
      out of reset, there is no need to arbitrate execution ; the notion of
      primary and secondary CPUs itself no longer exists. Such platforms
      may set COLD_BOOT_SINGLE_CPU to 1 in order to compile out the
      primary/secondary CPU identification in the cold reset code.
      
      All ARM standard platforms can release several CPUs out of reset
      so they use COLD_BOOT_SINGLE_CPU=0. However, on CSS platforms like
      Juno, bringing up more than one CPU at reset should only be attempted
      when booting an EL3 payload, as it is not fully supported in the
      normal boot flow.
      
      For platforms using COLD_BOOT_SINGLE_CPU=1, the following 2 platform
      APIs become optional:
        - plat_secondary_cold_boot_setup();
        - plat_is_my_cpu_primary().
      The Porting Guide has been updated to reflect that.
      
      User Guide updated as well.
      
      Change-Id: Ic5b474e61b7aec1377d1e0b6925d17dfc376c46b
      a9bec67d
  9. 04 Jun, 2015 2 commits
    • Sandrine Bailleux's avatar
      Introduce PROGRAMMABLE_RESET_ADDRESS build option · bf031bba
      Sandrine Bailleux authored
      This patch introduces a new platform build option, called
      PROGRAMMABLE_RESET_ADDRESS, which tells whether the platform has
      a programmable or fixed reset vector address.
      
      If the reset vector address is fixed then the code relies on the
      platform_get_entrypoint() mailbox mechanism to figure out where
      it is supposed to jump. On the other hand, if it is programmable
      then it is assumed that the platform code will program directly
      the right address into the RVBAR register (instead of using the
      mailbox redirection) so the mailbox is ignored in this case.
      
      Change-Id: If59c3b11fb1f692976e1d8b96c7e2da0ebfba308
      bf031bba
    • Sandrine Bailleux's avatar
      Rationalize reset handling code · 52010cc7
      Sandrine Bailleux authored
      The attempt to run the CPU reset code as soon as possible after reset
      results in highly complex conditional code relating to the
      RESET_TO_BL31 option.
      
      This patch relaxes this requirement a little. In the BL1, BL3-1 and
      PSCI entrypoints code, the sequence of operations is now as follows:
       1) Detect whether it is a cold or warm boot;
       2) For cold boot, detect whether it is the primary or a secondary
          CPU. This is needed to handle multiple CPUs entering cold reset
          simultaneously;
       3) Run the CPU init code.
      
      This patch also abstracts the EL3 registers initialisation done by
      the BL1, BL3-1 and PSCI entrypoints into common code.
      
      This improves code re-use and consolidates the code flows for
      different types of systems.
      
      NOTE: THE FUNCTION plat_secondary_cold_boot() IS NOW EXPECTED TO
      NEVER RETURN. THIS PATCH FORCES PLATFORM PORTS THAT RELIED ON THE
      FORMER RETRY LOOP AT THE CALL SITE TO MODIFY THEIR IMPLEMENTATION.
      OTHERWISE, SECONDARY CPUS WILL PANIC.
      
      Change-Id: If5ecd74d75bee700b1bd718d23d7556b8f863546
      52010cc7
  10. 08 Apr, 2015 1 commit
    • Kévin Petit's avatar
      Add support to indicate size and end of assembly functions · 8b779620
      Kévin Petit authored
      
      
      In order for the symbol table in the ELF file to contain the size of
      functions written in assembly, it is necessary to report it to the
      assembler using the .size directive.
      
      To fulfil the above requirements, this patch introduces an 'endfunc'
      macro which contains the .endfunc and .size directives. It also adds
      a .func directive to the 'func' assembler macro.
      
      The .func/.endfunc have been used so the assembler can fail if
      endfunc is omitted.
      
      Fixes ARM-Software/tf-issues#295
      
      Change-Id: If8cb331b03d7f38fe7e3694d4de26f1075b278fc
      Signed-off-by: default avatarKévin Petit <kevin.petit@arm.com>
      8b779620
  11. 22 Jan, 2015 1 commit
    • Soby Mathew's avatar
      Remove coherent memory from the BL memory maps · ab8707e6
      Soby Mathew authored
      This patch extends the build option `USE_COHERENT_MEMORY` to
      conditionally remove coherent memory from the memory maps of
      all boot loader stages. The patch also adds necessary
      documentation for coherent memory removal in firmware-design,
      porting and user guides.
      
      Fixes ARM-Software/tf-issues#106
      
      Change-Id: I260e8768c6a5c2efc402f5804a80657d8ce38773
      ab8707e6
  12. 20 Aug, 2014 1 commit
    • Soby Mathew's avatar
      Introduce framework for CPU specific operations · 9b476841
      Soby Mathew authored
      This patch introduces a framework which will allow CPUs to perform
      implementation defined actions after a CPU reset, during a CPU or cluster power
      down, and when a crash occurs. CPU specific reset handlers have been implemented
      in this patch. Other handlers will be implemented in subsequent patches.
      
      Also moved cpu_helpers.S to the new directory lib/cpus/aarch64/.
      
      Change-Id: I1ca1bade4d101d11a898fb30fea2669f9b37b956
      9b476841
  13. 15 Aug, 2014 1 commit
    • Achin Gupta's avatar
      Unmask SError interrupt and clear SCR_EL3.EA bit · 0c8d4fef
      Achin Gupta authored
      This patch disables routing of external aborts from lower exception levels to
      EL3 and ensures that a SError interrupt generated as a result of execution in
      EL3 is taken locally instead of a lower exception level.
      
      The SError interrupt is enabled in the TSP code only when the operation has not
      been directly initiated by the normal world. This is to prevent the possibility
      of an asynchronous external abort which originated in normal world from being
      taken when execution is in S-EL1.
      
      Fixes ARM-software/tf-issues#153
      
      Change-Id: I157b996c75996d12fd86d27e98bc73dd8bce6cd5
      0c8d4fef
  14. 28 Jul, 2014 1 commit
    • Achin Gupta's avatar
      Simplify management of SCTLR_EL3 and SCTLR_EL1 · ec3c1003
      Achin Gupta authored
      This patch reworks the manner in which the M,A, C, SA, I, WXN & EE bits of
      SCTLR_EL3 & SCTLR_EL1 are managed. The EE bit is cleared immediately after reset
      in EL3. The I, A and SA bits are set next in EL3 and immediately upon entry in
      S-EL1. These bits are no longer managed in the blX_arch_setup() functions. They
      do not have to be saved and restored either. The M, WXN and optionally the C
      bit are set in the enable_mmu_elX() function. This is done during both the warm
      and cold boot paths.
      
      Fixes ARM-software/tf-issues#226
      
      Change-Id: Ie894d1a07b8697c116960d858cd138c50bc7a069
      ec3c1003
  15. 19 Jul, 2014 1 commit
    • Achin Gupta's avatar
      Remove coherent stack usage from the cold boot path · 754a2b7a
      Achin Gupta authored
      This patch reworks the cold boot path across the BL1, BL2, BL3-1 and BL3-2 boot
      loader stages to not use stacks allocated in coherent memory for early platform
      setup and enabling the MMU. Stacks allocated in normal memory are used instead.
      
      Attributes for stack memory change from nGnRnE when the MMU is disabled to
      Normal WBWA Inner-shareable when the MMU and data cache are enabled. It is
      possible for the CPU to read stale stack memory after the MMU is enabled from
      another CPUs cache. Hence, it is unsafe to turn on the MMU and data cache while
      using normal stacks when multiple CPUs are a part of the same coherency
      domain. It is safe to do so in the cold boot path as only the primary cpu
      executes it. The secondary cpus are in a quiescent state.
      
      This patch does not remove the allocation of coherent stack memory. That is done
      in a subsequent patch.
      
      Change-Id: I12c80b7c7ab23506d425c5b3a8a7de693498f830
      754a2b7a
  16. 24 Jun, 2014 1 commit
  17. 22 May, 2014 1 commit
    • Vikram Kanigiri's avatar
      Add support for BL3-1 as a reset vector · dbad1bac
      Vikram Kanigiri authored
      This change adds optional reset vector support to BL3-1
      which means BL3-1 entry point can detect cold/warm boot,
      initialise primary cpu, set up cci and mail box.
      
      When using BL3-1 as a reset vector it is assumed that
      the BL3-1 platform code can determine the location of
      the BL3-2 images, or load them as there are no parameters
      that can be passed to BL3-1 at reset.
      
      It also fixes the incorrect initialisation of mailbox
      registers on the FVP platform
      
      This feature can be enabled by building the code with
      make variable RESET_TO_BL31 set as 1
      
      Fixes ARM-software/TF-issues#133
      Fixes ARM-software/TF-issues#20
      
      Change-Id: I4e23939b1c518614b899f549f1e8d412538ee570
      dbad1bac
  18. 07 May, 2014 3 commits
    • Andrew Thoelke's avatar
      Access system registers directly in assembler · 7935d0a5
      Andrew Thoelke authored
      Instead of using the system register helper functions to read
      or write system registers, assembler coded functions should
      use MRS/MSR instructions. This results in faster and more
      compact code.
      
      This change replaces all usage of the helper functions with
      direct register accesses.
      
      Change-Id: I791d5f11f257010bb3e6a72c6c5ab8779f1982b3
      7935d0a5
    • Andrew Thoelke's avatar
      Correct usage of data and instruction barriers · 8cec598b
      Andrew Thoelke authored
      The current code does not always use data and instruction
      barriers as required by the architecture and frequently uses
      barriers excessively due to their inclusion in all of the
      write_*() helper functions.
      
      Barriers should be used explicitly in assembler or C code
      when modifying processor state that requires the barriers in
      order to enable review of correctness of the code.
      
      This patch removes the barriers from the helper functions and
      introduces them as necessary elsewhere in the code.
      
      PORTING NOTE: check any port of Trusted Firmware for use of
      system register helper functions for reliance on the previous
      barrier behaviour and add explicit barriers as necessary.
      
      Fixes ARM-software/tf-issues#92
      
      Change-Id: Ie63e187404ff10e0bdcb39292dd9066cb84c53bf
      8cec598b
    • Andrew Thoelke's avatar
      Set processor endianness immediately after RESET · 40fd0725
      Andrew Thoelke authored
      SCTLR_EL3.EE is being configured too late in bl1_arch_setup() and
      bl31_arch_setup() after data accesses have already occured on
      the cold and warm boot paths.
      
      This control bit must be configured immediately on CPU reset to
      match the endian state of the firmware (little endian).
      
      Fixes ARM-software/tf-issues#145
      
      Change-Id: Ie12e46fbbed6baf024c30beb50751591bb8c8655
      40fd0725
  19. 26 Mar, 2014 2 commits
    • Andrew Thoelke's avatar
      Place assembler functions in separate sections · 0a30cf54
      Andrew Thoelke authored
      This extends the --gc-sections behaviour to the many assembler
      support functions in the firmware images by placing each function
      into its own code section. This is achieved by creating a 'func'
      macro used to declare each function label.
      
      Fixes ARM-software/tf-issues#80
      
      Change-Id: I301937b630add292d2dec6d2561a7fcfa6fec690
      0a30cf54
    • Sandrine Bailleux's avatar
      Separate out BL2, BL3-1 and BL3-2 early exception vectors from BL1 · 6c595b3d
      Sandrine Bailleux authored
      bl1/aarch64/early_exceptions.S used to be re-used by BL2, BL3-1 and
      BL3-2.  There was some early SMC handling code in there that was not
      required by the other bootloader stages.  Therefore this patch
      introduces an even simpler exception vector source file for BL2,
      BL3-1 and BL3-2.
      
      Fixes ARM-software/tf-issues#38
      
      Change-Id: I0244b80e9930b0f8035156a0bf91cc3e9a8f995d
      6c595b3d
  20. 20 Mar, 2014 1 commit
    • Jeenu Viswambharan's avatar
      Specify image entry in linker script · 9f98aa1a
      Jeenu Viswambharan authored
      At present, the entry point for each BL image is specified via the
      Makefiles and provided on the command line to the linker. When using a
      link script the entry point should rather be specified via the ENTRY()
      directive in the link script.
      
      This patch updates linker scripts of all BL images to specify the entry
      point using the ENTRY() directive. It also removes the --entry flag
      passed to the linker through Makefile.
      
      Fixes issue ARM-software/tf-issues#66
      
      Change-Id: I1369493ebbacea31885b51185441f6b628cf8da0
      9f98aa1a
  21. 17 Jan, 2014 3 commits
    • Jeenu Viswambharan's avatar
      Change comments in assembler files to help ctags · 3a4cae05
      Jeenu Viswambharan authored
      Ctags seem to have a problem with generating tags for assembler symbols
      when a comment immediately follows an assembly label.
      
      This patch inserts a single space character between the label
      definition and the following comments to help ctags.
      
      The patch is generated by the command:
      
        git ls-files -- \*.S | xargs sed -i 's/^\([^:]\+\):;/\1: ;/1'
      
      Change-Id: If7a3c9d0f51207ea033cc8b8e1b34acaa0926475
      3a4cae05
    • Harry Liebel's avatar
      Do not trap access to floating point registers · 4f603683
      Harry Liebel authored
      Traps when accessing architectural features are disabled by clearing bits
      in CPTR_EL3 during early boot, including accesses to floating point
      registers. The value of this register was previously undetermined, causing
      unwanted traps to EL3. Future EL3 code (for example, context save/restore
      code) may use floating point registers, although they are not used by current
      code.
      
      Also, the '-mgeneral-regs-only' flag is enabled in the GCC settings to
      prevent generation of code that uses floating point registers.
      
      Change-Id: I9a03675f6387bbbee81a6f2c9ccf81150db03747
      4f603683
    • Dan Handley's avatar
      Update year in copyright text to 2014 · e83b0cad
      Dan Handley authored
      Change-Id: Ic7fb61aabae1d515b9e6baf3dd003807ff42da60
      e83b0cad
  22. 05 Dec, 2013 3 commits
    • Dan Handley's avatar
      Enable third party contributions · ab2d31ed
      Dan Handley authored
      - Add instructions for contributing to ARM Trusted Firmware.
      
      - Update copyright text in all files to acknowledge contributors.
      
      Change-Id: I9311aac81b00c6c167d2f8c889aea403b84450e5
      ab2d31ed
    • Sandrine Bailleux's avatar
      Properly initialise the C runtime environment · 65f546a1
      Sandrine Bailleux authored
      This patch makes sure the C runtime environment is properly
      initialised before executing any C code.
      
        - Zero-initialise NOBITS sections (e.g. the bss section).
        - Relocate BL1 data from ROM to RAM.
      
      Change-Id: I0da81b417b2f0d1f7ef667cc5131b1e47e22571f
      65f546a1
    • Sandrine Bailleux's avatar
      Various improvements/cleanups on the linker scripts · 8d69a03f
      Sandrine Bailleux authored
        - Check at link-time that bootloader images will fit in memory
          at run time and that they won't overlap each other.
        - Remove text and rodata orphan sections.
        - Define new linker symbols to remove the need for platform setup
          code to know the order of sections.
        - Reduce the size of the raw binary images by cutting some sections
          out of the disk image and allocating them at load time, whenever
          possible.
        - Rework alignment constraints on sections.
        - Remove unused linker symbols.
        - Homogenize linker symbols names across all BLs.
        - Add some comments in the linker scripts.
      
      Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
      8d69a03f
  23. 27 Nov, 2013 1 commit
  24. 25 Oct, 2013 1 commit