- 11 Jun, 2021 1 commit
-
-
johpow01 authored
This patch enables BL2 to run in root world (EL3) which is needed as per the security model of RME-enabled systems. Signed-off-by: John Powell <john.powell@arm.com> Change-Id: I53ace51e326fcdd44d44c791a7cb9ffaa20ed3f5
-
- 12 Dec, 2019 1 commit
-
-
Manish Pandey authored
When a Firmware is complied as Position Independent Executable it needs to request GDT fixup by passing size of the memory region to el3_entrypoint_common macro. The Global descriptor table fixup will be done early on during cold boot process of primary core. Currently only BL31 supports PIE, but in future when BL2_AT_EL3 will be compiled as PIE, it can simply pass fixup size to the common el3 entrypoint macro to fixup GDT. The reason for this patch was to overcome the bug introduced by SHA 330ead80 which called fixup routine for each core causing re-initializing of global pointers thus overwriting any changes done by the previous core. Change-Id: I55c792cc3ea9e7eef34c2e4653afd04572c4f055 Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
-
- 13 Sep, 2019 1 commit
-
-
Alexei Fedorov authored
This patch provides the following features and makes modifications listed below: - Individual APIAKey key generation for each CPU. - New key generation on every BL31 warm boot and TSP CPU On event. - Per-CPU storage of APIAKey added in percpu_data[] of cpu_data structure. - `plat_init_apiakey()` function replaced with `plat_init_apkey()` which returns 128-bit value and uses Generic timer physical counter value to increase the randomness of the generated key. The new function can be used for generation of all ARMv8.3-PAuth keys - ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`. - New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively; pauth_disable_el1()` and `pauth_disable_el3()` functions disable PAuth for EL1 and EL3 respectively; `pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from cpu-data structure. - Combined `save_gp_pauth_registers()` function replaces calls to `save_gp_registers()` and `pauth_context_save()`; `restore_gp_pauth_registers()` replaces `pauth_context_restore()` and `restore_gp_registers()` calls. - `restore_gp_registers_eret()` function removed with corresponding code placed in `el3_exit()`. - Fixed the issue when `pauth_t pauth_ctx` structure allocated space for 12 uint64_t PAuth registers instead of 10 by removal of macro CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h` and assigning its value to CTX_PAUTH_REGS_END. - Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions in `msr spsel` instruction instead of hard-coded values. - Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI. Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 27 Feb, 2019 1 commit
-
-
Antonio Nino Diaz authored
The size increase after enabling options related to ARMv8.3-PAuth is: +----------------------------+-------+-------+-------+--------+ | | text | bss | data | rodata | +----------------------------+-------+-------+-------+--------+ | CTX_INCLUDE_PAUTH_REGS = 1 | +108 | +192 | +0 | +0 | | | 0.5% | 0.8% | | | +----------------------------+-------+-------+-------+--------+ | ENABLE_PAUTH = 1 | +748 | +192 | +16 | +0 | | | 3.7% | 0.8% | 7.0% | | +----------------------------+-------+-------+-------+--------+ Results calculated with the following build configuration: make PLAT=fvp SPD=tspd DEBUG=1 \ SDEI_SUPPORT=1 \ EL3_EXCEPTION_HANDLING=1 \ TSP_NS_INTR_ASYNC_PREEMPT=1 \ CTX_INCLUDE_PAUTH_REGS=1 \ ENABLE_PAUTH=1 Change-Id: I3a7d02feb6a6d212be32a01432b0c7c1a261f567 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 21 Jun, 2017 1 commit
-
-
David Cunado authored
This patch updates the el3_arch_init_common macro so that it fully initialises essential control registers rather then relying on hardware to set the reset values. The context management functions are also updated to fully initialise the appropriate control registers when initialising the non-secure and secure context structures and when preparing to leave EL3 for a lower EL. This gives better alignement with the ARM ARM which states that software must initialise RES0 and RES1 fields with 0 / 1. This patch also corrects the following typos: "NASCR definitions" -> "NSACR definitions" Change-Id: Ia8940b8351dc27bc09e2138b011e249655041cfc Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 03 May, 2017 1 commit
-
-
dp-arm authored
To make software license auditing simpler, use SPDX[0] license identifiers instead of duplicating the license text in every file. NOTE: Files that have been imported by FreeBSD have not been modified. [0]: https://spdx.org/ Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 09 Dec, 2015 1 commit
-
-
Yatharth Kochar authored
As of now BL1 loads and execute BL2 based on hard coded information provided in BL1. But due to addition of support for upcoming Firmware Update feature, BL1 now require more flexible approach to load and run different images using information provided by the platform. This patch adds new mechanism to load and execute images based on platform provided image id's. BL1 now queries the platform to fetch the image id of the next image to be loaded and executed. In order to achieve this, a new struct image_desc_t was added which holds the information about images, such as: ep_info and image_info. This patch introduces following platform porting functions: unsigned int bl1_plat_get_next_image_id(void); This is used to identify the next image to be loaded and executed by BL1. struct image_desc *bl1_plat_get_image_desc(unsigned int image_id); This is used to retrieve the image_desc for given image_id. void bl1_plat_set_ep_info(unsigned int image_id, struct entry_point_info *ep_info); This function allows platforms to update ep_info for given image_id. The plat_bl1_common.c file provides default weak implementations of all above functions, the `bl1_plat_get_image_desc()` always return BL2 image descriptor, the `bl1_plat_get_next_image_id()` always return BL2 image ID and `bl1_plat_set_ep_info()` is empty and just returns. These functions gets compiled into all BL1 platforms by default. Platform setup in BL1, using `bl1_platform_setup()`, is now done _after_ the initialization of authentication module. This change provides the opportunity to use authentication while doing the platform setup in BL1. In order to store secure/non-secure context, BL31 uses percpu_data[] to store context pointer for each core. In case of BL1 only the primary CPU will be active hence percpu_data[] is not required to store the context pointer. This patch introduce bl1_cpu_context[] and bl1_cpu_context_ptr[] to store the context and context pointers respectively. It also also re-defines cm_get_context() and cm_set_context() for BL1 in bl1/bl1_context_mgmt.c. BL1 now follows the BL31 pattern of using SP_EL0 for the C runtime environment, to support resuming execution from a previously saved context. NOTE: THE `bl1_plat_set_bl2_ep_info()` PLATFORM PORTING FUNCTION IS NO LONGER CALLED BY BL1 COMMON CODE. PLATFORMS THAT OVERRIDE THIS FUNCTION MAY NEED TO IMPLEMENT `bl1_plat_set_ep_info()` INSTEAD TO MAINTAIN EXISTING BEHAVIOUR. Change-Id: Ieee4c124b951c2e9bc1c1013fa2073221195d881
-
- 26 Nov, 2015 1 commit
-
-
Sandrine Bailleux authored
This patch introduces a new build option named COLD_BOOT_SINGLE_CPU, which allows platforms that only release a single CPU out of reset to slightly optimise their cold boot code, both in terms of code size and performance. COLD_BOOT_SINGLE_CPU defaults to 0, which assumes that the platform may release several CPUs out of reset. In this case, the cold reset code needs to coordinate all CPUs via the usual primary/secondary CPU distinction. If a platform guarantees that only a single CPU will ever be released out of reset, there is no need to arbitrate execution ; the notion of primary and secondary CPUs itself no longer exists. Such platforms may set COLD_BOOT_SINGLE_CPU to 1 in order to compile out the primary/secondary CPU identification in the cold reset code. All ARM standard platforms can release several CPUs out of reset so they use COLD_BOOT_SINGLE_CPU=0. However, on CSS platforms like Juno, bringing up more than one CPU at reset should only be attempted when booting an EL3 payload, as it is not fully supported in the normal boot flow. For platforms using COLD_BOOT_SINGLE_CPU=1, the following 2 platform APIs become optional: - plat_secondary_cold_boot_setup(); - plat_is_my_cpu_primary(). The Porting Guide has been updated to reflect that. User Guide updated as well. Change-Id: Ic5b474e61b7aec1377d1e0b6925d17dfc376c46b
-
- 04 Jun, 2015 2 commits
-
-
Sandrine Bailleux authored
This patch introduces a new platform build option, called PROGRAMMABLE_RESET_ADDRESS, which tells whether the platform has a programmable or fixed reset vector address. If the reset vector address is fixed then the code relies on the platform_get_entrypoint() mailbox mechanism to figure out where it is supposed to jump. On the other hand, if it is programmable then it is assumed that the platform code will program directly the right address into the RVBAR register (instead of using the mailbox redirection) so the mailbox is ignored in this case. Change-Id: If59c3b11fb1f692976e1d8b96c7e2da0ebfba308
-
Sandrine Bailleux authored
The attempt to run the CPU reset code as soon as possible after reset results in highly complex conditional code relating to the RESET_TO_BL31 option. This patch relaxes this requirement a little. In the BL1, BL3-1 and PSCI entrypoints code, the sequence of operations is now as follows: 1) Detect whether it is a cold or warm boot; 2) For cold boot, detect whether it is the primary or a secondary CPU. This is needed to handle multiple CPUs entering cold reset simultaneously; 3) Run the CPU init code. This patch also abstracts the EL3 registers initialisation done by the BL1, BL3-1 and PSCI entrypoints into common code. This improves code re-use and consolidates the code flows for different types of systems. NOTE: THE FUNCTION plat_secondary_cold_boot() IS NOW EXPECTED TO NEVER RETURN. THIS PATCH FORCES PLATFORM PORTS THAT RELIED ON THE FORMER RETRY LOOP AT THE CALL SITE TO MODIFY THEIR IMPLEMENTATION. OTHERWISE, SECONDARY CPUS WILL PANIC. Change-Id: If5ecd74d75bee700b1bd718d23d7556b8f863546
-
- 08 Apr, 2015 1 commit
-
-
Kévin Petit authored
In order for the symbol table in the ELF file to contain the size of functions written in assembly, it is necessary to report it to the assembler using the .size directive. To fulfil the above requirements, this patch introduces an 'endfunc' macro which contains the .endfunc and .size directives. It also adds a .func directive to the 'func' assembler macro. The .func/.endfunc have been used so the assembler can fail if endfunc is omitted. Fixes ARM-Software/tf-issues#295 Change-Id: If8cb331b03d7f38fe7e3694d4de26f1075b278fc Signed-off-by: Kévin Petit <kevin.petit@arm.com>
-
- 22 Jan, 2015 1 commit
-
-
Soby Mathew authored
This patch extends the build option `USE_COHERENT_MEMORY` to conditionally remove coherent memory from the memory maps of all boot loader stages. The patch also adds necessary documentation for coherent memory removal in firmware-design, porting and user guides. Fixes ARM-Software/tf-issues#106 Change-Id: I260e8768c6a5c2efc402f5804a80657d8ce38773
-
- 20 Aug, 2014 1 commit
-
-
Soby Mathew authored
This patch introduces a framework which will allow CPUs to perform implementation defined actions after a CPU reset, during a CPU or cluster power down, and when a crash occurs. CPU specific reset handlers have been implemented in this patch. Other handlers will be implemented in subsequent patches. Also moved cpu_helpers.S to the new directory lib/cpus/aarch64/. Change-Id: I1ca1bade4d101d11a898fb30fea2669f9b37b956
-
- 15 Aug, 2014 1 commit
-
-
Achin Gupta authored
This patch disables routing of external aborts from lower exception levels to EL3 and ensures that a SError interrupt generated as a result of execution in EL3 is taken locally instead of a lower exception level. The SError interrupt is enabled in the TSP code only when the operation has not been directly initiated by the normal world. This is to prevent the possibility of an asynchronous external abort which originated in normal world from being taken when execution is in S-EL1. Fixes ARM-software/tf-issues#153 Change-Id: I157b996c75996d12fd86d27e98bc73dd8bce6cd5
-
- 28 Jul, 2014 1 commit
-
-
Achin Gupta authored
This patch reworks the manner in which the M,A, C, SA, I, WXN & EE bits of SCTLR_EL3 & SCTLR_EL1 are managed. The EE bit is cleared immediately after reset in EL3. The I, A and SA bits are set next in EL3 and immediately upon entry in S-EL1. These bits are no longer managed in the blX_arch_setup() functions. They do not have to be saved and restored either. The M, WXN and optionally the C bit are set in the enable_mmu_elX() function. This is done during both the warm and cold boot paths. Fixes ARM-software/tf-issues#226 Change-Id: Ie894d1a07b8697c116960d858cd138c50bc7a069
-
- 19 Jul, 2014 1 commit
-
-
Achin Gupta authored
This patch reworks the cold boot path across the BL1, BL2, BL3-1 and BL3-2 boot loader stages to not use stacks allocated in coherent memory for early platform setup and enabling the MMU. Stacks allocated in normal memory are used instead. Attributes for stack memory change from nGnRnE when the MMU is disabled to Normal WBWA Inner-shareable when the MMU and data cache are enabled. It is possible for the CPU to read stale stack memory after the MMU is enabled from another CPUs cache. Hence, it is unsafe to turn on the MMU and data cache while using normal stacks when multiple CPUs are a part of the same coherency domain. It is safe to do so in the cold boot path as only the primary cpu executes it. The secondary cpus are in a quiescent state. This patch does not remove the allocation of coherent stack memory. That is done in a subsequent patch. Change-Id: I12c80b7c7ab23506d425c5b3a8a7de693498f830
-
- 24 Jun, 2014 1 commit
-
-
Vikram Kanigiri authored
This patch reworks FVP specific code responsible for determining the entry point information for BL3-2 and BL3-3 stages when BL3-1 is configured as the reset handler. Change-Id: Ia661ff0a6a44c7aabb0b6c1684b2e8d3642d11ec
-
- 22 May, 2014 1 commit
-
-
Vikram Kanigiri authored
This change adds optional reset vector support to BL3-1 which means BL3-1 entry point can detect cold/warm boot, initialise primary cpu, set up cci and mail box. When using BL3-1 as a reset vector it is assumed that the BL3-1 platform code can determine the location of the BL3-2 images, or load them as there are no parameters that can be passed to BL3-1 at reset. It also fixes the incorrect initialisation of mailbox registers on the FVP platform This feature can be enabled by building the code with make variable RESET_TO_BL31 set as 1 Fixes ARM-software/TF-issues#133 Fixes ARM-software/TF-issues#20 Change-Id: I4e23939b1c518614b899f549f1e8d412538ee570
-
- 07 May, 2014 3 commits
-
-
Andrew Thoelke authored
Instead of using the system register helper functions to read or write system registers, assembler coded functions should use MRS/MSR instructions. This results in faster and more compact code. This change replaces all usage of the helper functions with direct register accesses. Change-Id: I791d5f11f257010bb3e6a72c6c5ab8779f1982b3
-
Andrew Thoelke authored
The current code does not always use data and instruction barriers as required by the architecture and frequently uses barriers excessively due to their inclusion in all of the write_*() helper functions. Barriers should be used explicitly in assembler or C code when modifying processor state that requires the barriers in order to enable review of correctness of the code. This patch removes the barriers from the helper functions and introduces them as necessary elsewhere in the code. PORTING NOTE: check any port of Trusted Firmware for use of system register helper functions for reliance on the previous barrier behaviour and add explicit barriers as necessary. Fixes ARM-software/tf-issues#92 Change-Id: Ie63e187404ff10e0bdcb39292dd9066cb84c53bf
-
Andrew Thoelke authored
SCTLR_EL3.EE is being configured too late in bl1_arch_setup() and bl31_arch_setup() after data accesses have already occured on the cold and warm boot paths. This control bit must be configured immediately on CPU reset to match the endian state of the firmware (little endian). Fixes ARM-software/tf-issues#145 Change-Id: Ie12e46fbbed6baf024c30beb50751591bb8c8655
-
- 26 Mar, 2014 2 commits
-
-
Andrew Thoelke authored
This extends the --gc-sections behaviour to the many assembler support functions in the firmware images by placing each function into its own code section. This is achieved by creating a 'func' macro used to declare each function label. Fixes ARM-software/tf-issues#80 Change-Id: I301937b630add292d2dec6d2561a7fcfa6fec690
-
Sandrine Bailleux authored
bl1/aarch64/early_exceptions.S used to be re-used by BL2, BL3-1 and BL3-2. There was some early SMC handling code in there that was not required by the other bootloader stages. Therefore this patch introduces an even simpler exception vector source file for BL2, BL3-1 and BL3-2. Fixes ARM-software/tf-issues#38 Change-Id: I0244b80e9930b0f8035156a0bf91cc3e9a8f995d
-
- 20 Mar, 2014 1 commit
-
-
Jeenu Viswambharan authored
At present, the entry point for each BL image is specified via the Makefiles and provided on the command line to the linker. When using a link script the entry point should rather be specified via the ENTRY() directive in the link script. This patch updates linker scripts of all BL images to specify the entry point using the ENTRY() directive. It also removes the --entry flag passed to the linker through Makefile. Fixes issue ARM-software/tf-issues#66 Change-Id: I1369493ebbacea31885b51185441f6b628cf8da0
-
- 17 Jan, 2014 3 commits
-
-
Jeenu Viswambharan authored
Ctags seem to have a problem with generating tags for assembler symbols when a comment immediately follows an assembly label. This patch inserts a single space character between the label definition and the following comments to help ctags. The patch is generated by the command: git ls-files -- \*.S | xargs sed -i 's/^\([^:]\+\):;/\1: ;/1' Change-Id: If7a3c9d0f51207ea033cc8b8e1b34acaa0926475
-
Harry Liebel authored
Traps when accessing architectural features are disabled by clearing bits in CPTR_EL3 during early boot, including accesses to floating point registers. The value of this register was previously undetermined, causing unwanted traps to EL3. Future EL3 code (for example, context save/restore code) may use floating point registers, although they are not used by current code. Also, the '-mgeneral-regs-only' flag is enabled in the GCC settings to prevent generation of code that uses floating point registers. Change-Id: I9a03675f6387bbbee81a6f2c9ccf81150db03747
-
Dan Handley authored
Change-Id: Ic7fb61aabae1d515b9e6baf3dd003807ff42da60
-
- 05 Dec, 2013 3 commits
-
-
Dan Handley authored
- Add instructions for contributing to ARM Trusted Firmware. - Update copyright text in all files to acknowledge contributors. Change-Id: I9311aac81b00c6c167d2f8c889aea403b84450e5
-
Sandrine Bailleux authored
This patch makes sure the C runtime environment is properly initialised before executing any C code. - Zero-initialise NOBITS sections (e.g. the bss section). - Relocate BL1 data from ROM to RAM. Change-Id: I0da81b417b2f0d1f7ef667cc5131b1e47e22571f
-
Sandrine Bailleux authored
- Check at link-time that bootloader images will fit in memory at run time and that they won't overlap each other. - Remove text and rodata orphan sections. - Define new linker symbols to remove the need for platform setup code to know the order of sections. - Reduce the size of the raw binary images by cutting some sections out of the disk image and allocating them at load time, whenever possible. - Rework alignment constraints on sections. - Remove unused linker symbols. - Homogenize linker symbols names across all BLs. - Add some comments in the linker scripts. Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
-
- 27 Nov, 2013 1 commit
-
-
Sandrine Bailleux authored
blx_plat_arch_setup() should only perform platform-specific architectural setup, e.g. enabling the MMU. This patch moves generic architectural setup code out of blx_plat_arch_setup(). Change-Id: I4ccf56b8c4a2fa84909817779a2d97a14aaafab6
-
- 25 Oct, 2013 1 commit
-
-
Achin Gupta authored
-