- 29 Jun, 2017 2 commits
-
-
Douglas Raillard authored
Due to recent issues in the rendering of the documentation on GitHub and some long-standing issues like the lack of automatic table of content in Markdown, the documentation has been converted to reStructuredText. Basic constructs looks pretty similar to Markdown. Automatically convert GitHub markdown documentation to reStructuredText using pandoc. Change-Id: If20b695acedc6d1b49c8d9fb64efd6b6ba23f4a9 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
Douglas Raillard authored
Change some hard-to-convert constructs to cleaner ones. Fix a broken link. Change-Id: Ida70aa1da0af7a107b0e05eb20b8d46669a0380b Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 28 Jun, 2017 5 commits
-
-
Soby Mathew authored
This patch makes the necessary changes to enable ARM platform to successfully integrate CryptoCell during Trusted Board Boot. The changes are as follows: * A new build option `ARM_CRYPTOCELL_INTEG` is introduced to select the CryptoCell crypto driver for Trusted Board boot. * The TrustZone filter settings for Non Secure DRAM is modified to allow CryptoCell to read this memory. This is required to authenticate BL33 which is loaded into the Non Secure DDR. * The CSS platforms are modified to use coherent stacks in BL1 and BL2 when CryptoCell crypto is selected. This is because CryptoCell makes use of DMA to transfer data and the CryptoCell SBROM library allocates buffers on the stack during signature/hash verification. Change-Id: I1e6f6dcd1899784f1edeabfa2a9f279bbfb90e31 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Douglas Raillard authored
CFLAGS content can be set on the command line to allow passing extra options to the compiler. Its content is appended after the options set by the Makefile (TF_CFLAGS). The Makefiles must use TF_CFLAGS instead of CFLAGS, as the latter can be completely overriden by setting it on the command line. Also tell about LDFLAGS in the "Debugging options" section. Change-Id: Iaf27b424002898ef3040133f78cb133983a37aee Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
Douglas Raillard authored
Use TF_LDFLAGS from the Makefiles, and still append LDFLAGS as well to the compiler's invocation. This allows passing extra options from the make command line using LDFLAGS. Document new LDFLAGS Makefile option. Change-Id: I88c5ac26ca12ac2b2d60a6f150ae027639991f27 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
Isla Mitchell authored
Updated section 6, building a FIP for Juno and FVP, adding instructions for AArch32 and AArch64. Updated section 4.1, summary of build options, to include a description of the `JUNO_AARCH32_EL3_RUNTIME` build flag. Change-Id: I4ed006522cab981371c382859063f088fbfcb8f7 Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
-
Roberto Vargas authored
Without the additional newlines all the text becomes a single paragraph and next newlines are ignored. Change-Id: I783198477f654e3923fcabb21248f2bc62c33e9d Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 27 Jun, 2017 1 commit
-
-
Douglas Raillard authored
Fix link in docs/firmware-update.md and docs/change-log.md: https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Image-Terminology Change-Id: I2d51d373fd0f7da59b548cd6bed52c47772014fd Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 22 Jun, 2017 1 commit
-
-
dp-arm authored
SPE is only supported in non-secure state. Accesses to SPE specific registers from SEL1 will trap to EL3. During a world switch, before `TTBR` is modified the SPE profiling buffers are drained. This is to avoid a potential invalid memory access in SEL1. SPE is architecturally specified only for AArch64. Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 21 Jun, 2017 1 commit
-
-
David Cunado authored
This patch updates the el3_arch_init_common macro so that it fully initialises essential control registers rather then relying on hardware to set the reset values. The context management functions are also updated to fully initialise the appropriate control registers when initialising the non-secure and secure context structures and when preparing to leave EL3 for a lower EL. This gives better alignement with the ARM ARM which states that software must initialise RES0 and RES1 fields with 0 / 1. This patch also corrects the following typos: "NASCR definitions" -> "NSACR definitions" Change-Id: Ia8940b8351dc27bc09e2138b011e249655041cfc Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 12 Jun, 2017 2 commits
-
-
Masahiro Yamada authored
Add TSP to test BL32 without relying on external projects. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
Initial commit for Socionext UniPhier SoC support. BL1, Bl2, and BL31 are supported. Refer to docs/plat/socionext-uniphier.md for more detais. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 07 Jun, 2017 1 commit
-
-
Haojian Zhuang authored
Add document on HiKey960 platform and how to build. Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
-
- 05 Jun, 2017 1 commit
-
-
Soby Mathew authored
This patch adds the SCMI driver for communicating with SCP. The power domain management and system power management protocol of the SCMI specification[1] is implemented in the driver. The SCP power management abstraction layer for SCMI for CSS power management is also added. A new buid option `CSS_USE_SCMI_DRIVER` is introduced to select SCMI driver over SCPI. [1] ARM System Control and Management Interface v1.0 (SCMI) Document number: ARM DEN 0056A Change-Id: I67265615a17e679a2afe810b9b0043711ba09dbb Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 02 Jun, 2017 1 commit
-
-
Summer Qin authored
Change-Id: Ic0a9b3c6d212e7171b37f944e11f079282dcce87 Signed-off-by: Summer Qin <summer.qin@arm.com>
-
- 01 Jun, 2017 4 commits
-
-
Antonio Nino Diaz authored
This SMC is as a means for the image loading state machine to go from COPYING, COPIED or AUTHENTICATED states to RESET state. Previously, this was only done when the authentication of an image failed or when the execution of the image finished. Documentation updated. Change-Id: Ida6d4c65017f83ae5e27465ec36f54499c6534d9 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Added checks to FWU_SMC_IMAGE_COPY to prevent loading data into a memory region where another image data is already loaded. Without this check, if two images are configured to be loaded in overlapping memory regions, one of them can be loaded and authenticated and the copy function is still able to load data from the second image on top of the first one. Since the first image is still in authenticated state, it can be executed, which could lead to the execution of unauthenticated arbitrary code of the second image. Firmware update documentation updated. Change-Id: Ib6871e569794c8e610a5ea59fe162ff5dcec526c Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
It doesn't make sense to use the `-pedantic` flag when building the Trusted Firmware as we use GNU extensions and so our code is not fully ISO C compliant. This flag only makes sense if the code intends to be ISO C compliant. Change-Id: I6273564112759ff57f03b273f5349733a5f38aef Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Jeenu Viswambharan authored
ARM GIC-600 IP complies with ARM GICv3 architecture, but among others, implements a power control register in the Redistributor frame. This register must be programmed to mark the frame as powered on, before accessing other registers in the frame. Rest of initialization sequence remains the same. The driver provides APIs for Redistributor power management, and overrides those in the generic GICv3 driver. The driver data is shared between generic GICv3 driver and that of GIC-600. For FVP platform, the GIC-600 driver is chosen when FVP_USE_GIC_DRIVER is set to FVP_GIC600. Also update user guide. Change-Id: I321b2360728d69f6d4b0a747b2cfcc3fe5a20d67 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 24 May, 2017 3 commits
-
-
Haojian Zhuang authored
Add the description on hikey and how to build. Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
-
dp-arm authored
Change-Id: I92fd2fb920fcfc31bfcdadae787d8c84c5ca463b Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
Antonio Nino Diaz authored
This options enables an implementation of SHA-256 that has a smaller code footprint (~1.6 KB less) but is also ~30% slower. For ARM platforms, code size is currently considered more important than execution speed in the mbed TLS crypto module. Added a small note about this option to the documentation of the authentication framework. Change-Id: I4c0b221ea5d3466465261316ba07b627fa01b233 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 23 May, 2017 1 commit
-
-
Masahiro Yamada authored
Platforms aligned with TBBR are supposed to use their own OIDs, but defining the same macros with different OIDs does not provide any value (at least technically). For easier use of TBBR, this commit allows platforms to reuse the OIDs obtained by ARM Ltd. This will be useful for non-ARM vendors that do not need their own extension fields in their certificate files. The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by defining USE_TBBR_DEFS as 1. USE_TBBR_DEFS is 0 by default to keep the backward compatibility. For clarification, I inserted a blank line between headers from the include/ directory (#include <...>) and ones from a local directory (#include "..." ). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 19 May, 2017 1 commit
-
-
David Cunado authored
This Linaro release updates just the binaries: Linaro binaries upgraded 16.12 --> 17.01 The toolchain remains at 5.3-2015.05 (gcc 5.3) for both AArch64 and AArch32. The ARM TF codebase has been tested against these new binaries. This patch updates the User Guide to reflect that the 17.01 release is now a supported Linaro Release. Change-Id: I83c579dabd3fa9861ba0d41507036efbd87abcb5 Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 16 May, 2017 1 commit
-
-
Antonio Nino Diaz authored
The behaviour of assert() now depends on the value of the new optional platform define `PLAT_LOG_LEVEL_ASSERT`. This defaults to `LOG_LEVEL` if not defined by the platform. - If `PLAT_LOG_LEVEL_ASSERT` >= `LOG_LEVEL_VERBOSE`, it prints the file name, line and asserted expression. - If `PLAT_LOG_LEVEL_ASSERT` >= `LOG_LEVEL_INFO`, it prints the file name and line. - If not, it doesn't print anything. Note the old behaviour was to print the function name whereas now it prints the file name. This reduces memory usage because the file name is shared between all assert calls in a given file. Also, the default behaviour in debug builds is to no longer print the asserted expression, greatly reducing the string usage. For FVP debug builds this change saves approximately: No TBBR TBBR BL1 1.6 KB 2.2 KB BL2 1.7 KB 2.1 KB BL31 2.6 KB 3.3 KB Change-Id: I2947569d593df0b25611dc3c7a6096f42155c115 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 05 May, 2017 1 commit
-
-
David Cunado authored
AEMv8-A Model release v8.4 has been made available and Trusted Firmware has been tested against these versions as part of its CI system. This patch updates the user guide documentation to reflect the version of AEM and Cortex Models that Trusted Firmware has been tested against. Additionally, ARM FVPs FVP_Base_Cortex-A57x1-A53x1 and FVP_Base_Cortex-A57x2-A53x4 are removed from the list of tested FVPs as they are currently not being tested with the latest version of ARM Trusted Firmware. Also, documentation and links to Linaro pages have been updated to reflect the changes in the ARM community document hosting. Change-Id: Idae97303ce0929c82b137017de84ce94678f6f2b Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 04 May, 2017 1 commit
-
-
Jeenu Viswambharan authored
In AArch64, privileged exception levels control the execution state (a.k.a. register width) of the immediate lower Exception Level; i.e. whether the lower exception level executes in AArch64 or AArch32 state. For an exception level to have its execution state changed at run time, it must request the change by raising a synchronous exception to the higher exception level. This patch implements and adds such a provision to the ARM SiP service, by which an immediate lower exception level can request to switch its execution state. The execution state is switched if the request is: - raised from non-secure world; - raised on the primary CPU, before any secondaries are brought online with CPU_ON PSCI call; - raised from an exception level immediately below EL3: EL2, if implemented; otherwise NS EL1. If successful, the SMC doesn't return to the caller, but to the entry point supplied with the call. Otherwise, the caller will observe the SMC returning with STATE_SW_E_DENIED code. If ARM Trusted Firmware is built for AArch32, the feature is not supported, and the call will always fail. For the ARM SiP service: - Add SMC function IDs for both AArch32 and AArch64; - Increment the SiP service minor version to 2; - Adjust the number of supported SiP service calls. Add documentation for ARM SiP service. Fixes ARM-software/tf-issues#436 Change-Id: I4347f2d6232e69fbfbe333b340fcd0caed0a4cea Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 26 Apr, 2017 1 commit
-
-
David Cunado authored
Since Issue B (November 2016) of the SMC Calling Convention document standard SMC calls are renamed to yielding SMC calls to help avoid confusion with the standard service SMC range, which remains unchanged. http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf This patch adds a new define for yielding SMC call type and deprecates the current standard SMC call type. The tsp is migrated to use this new terminology and, additionally, the documentation and code comments are updated to use this new terminology. Change-Id: I0d7cc0224667ee6c050af976745f18c55906a793 Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 20 Apr, 2017 1 commit
-
-
Antonio Nino Diaz authored
The build option `ENABLE_ASSERTIONS` should be used instead. That way both C and ASM assertions can be enabled or disabled together. All occurrences of `ASM_ASSERTION` in common code and ARM platforms have been replaced by `ENABLE_ASSERTIONS`. ASM_ASSERTION has been removed from the user guide. Change-Id: I51f1991f11b9b7ff83e787c9a3270c274748ec6f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 19 Apr, 2017 3 commits
-
-
Antonio Nino Diaz authored
Add the new build option `ENABLE_ASSERTIONS` that controls whether or not assert functions are compiled out. It defaults to 1 for debug builds and to 0 for release builds. Additionally, a following patch will be done to allow this build option to hide auxiliary code used for the checks done in an `assert()`. This code is is currently under the DEBUG build flag. Assert messages are now only printed if LOG_LEVEL >= LOG_LEVEL_INFO, which is the default for debug builds. This patch also updates the User Guide. Change-Id: I1401530b56bab25561bb0f274529f1d12c5263bc Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Soby Mathew authored
This patch introduces a build option to enable D-cache early on the CPU after warm boot. This is applicable for platforms which do not require interconnect programming to enable cache coherency (eg: single cluster platforms). If this option is enabled, then warm boot path enables D-caches immediately after enabling MMU. Fixes ARM-Software/tf-issues#456 Change-Id: I44c8787d116d7217837ced3bcf0b1d3441c8d80e Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Antonio Nino Diaz authored
ARM platforms have migrated to the translation tables library v2. However, for testing purposes, it can be useful to temporarily switch back to the old version. This patch introduces the option `ARM_XLAT_TABLES_LIB_V1`, that switches to v1 of the library when is set to 1. By default, it is 0, so that ARM platforms use the new version unless specifically stated. Updated User Guide. Change-Id: I53d3c8dd97706f6af9c6fca0364a88ef341efd31 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 31 Mar, 2017 2 commits
-
-
Douglas Raillard authored
Introduce new build option ENABLE_STACK_PROTECTOR. It enables compilation of all BL images with one of the GCC -fstack-protector-* options. A new platform function plat_get_stack_protector_canary() is introduced. It returns a value that is used to initialize the canary for stack corruption detection. Returning a random value will prevent an attacker from predicting the value and greatly increase the effectiveness of the protection. A message is printed at the ERROR level when a stack corruption is detected. To be effective, the global data must be stored at an address lower than the base of the stacks. Failure to do so would allow an attacker to overwrite the canary as part of an attack which would void the protection. FVP implementation of plat_get_stack_protector_canary is weak as there is no real source of entropy on the FVP. It therefore relies on a timer's value, which could be predictable. Change-Id: Icaaee96392733b721fa7c86a81d03660d3c1bc06 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
Antonio Nino Diaz authored
This API makes sure that all the characters sent to the crash console are output before returning from it. Porting guide updated. Change-Id: I1785f970a40f6aacfbe592b6a911b1f249bb2735 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 29 Mar, 2017 1 commit
-
-
David Cunado authored
This patch updates the User Guide to recommend the latest version of mbed TLS library to use with ARM Trusted Firmware. - Upgrade mbed TLS library: 2.2.1 -> 2.4.2 Change-Id: Ifb5386fec0673d6dbfdaa474233e397afc279c85
-
- 27 Mar, 2017 1 commit
-
-
Summer Qin authored
This patch modifies some of the functions in ARM platform layer to cater for the case when multi-threading `MT` is set in MPIDR. A new build flag `ARM_PLAT_MT` is added, and when enabled, the functions accessing MPIDR now assume that the `MT` bit is set for the platform and access the bit fields accordingly. Also, a new API plat_arm_get_cpu_pe_count is added when `ARM_PLAT_MT` is enabled, returning the PE count within the physical cpu corresponding to `mpidr`. Change-Id: I04ccf212ac3054a60882761f4087bae299af13cb Signed-off-by: Summer Qin <summer.qin@arm.com>
-
- 20 Mar, 2017 2 commits
-
-
dp-arm authored
Fixes ARM-software/tf-issues#463 Change-Id: I73e0c5fbd87004953df8b1fa19319ad562ecc867 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
Andre Przywara authored
ARM erratum 855873 applies to all Cortex-A53 CPUs. The recommended workaround is to promote "data cache clean" instructions to "data cache clean and invalidate" instructions. For core revisions of r0p3 and later this can be done by setting a bit in the CPUACTLR_EL1 register, so that hardware takes care of the promotion. As CPUACTLR_EL1 is both IMPLEMENTATION DEFINED and can be trapped to EL3, we set the bit in firmware. Also we dump this register upon crashing to provide more debug information. Enable the workaround for the Juno boards. Change-Id: I3840114291958a406574ab6c49b01a9d9847fec8 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
- 08 Mar, 2017 2 commits
-
-
Antonio Nino Diaz authored
TLBI instructions for EL3 won't have the desired effect under specific circumstances in Cortex-A57 r0p0. The workaround is to execute DSB and TLBI twice each time. Even though this errata is only needed in r0p0, the current errata framework is not prepared to apply run-time workarounds. The current one is always applied if compiled in, regardless of the CPU or its revision. This errata has been enabled for Juno. The `DSB` instruction used when initializing the translation tables has been changed to `DSB ISH` as an optimization and to be consistent with the barriers used for the workaround. Change-Id: Ifc1d70b79cb5e0d87e90d88d376a59385667d338 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Added APIs to add and remove regions to the translation tables dynamically while the MMU is enabled. Only static regions are allowed to overlap other static ones (for backwards compatibility). A new private attribute (MT_DYNAMIC / MT_STATIC) has been added to flag each region as such. The dynamic mapping functionality can be enabled or disabled when compiling by setting the build option PLAT_XLAT_TABLES_DYNAMIC to 1 or 0. This can be done per-image. TLB maintenance code during dynamic table mapping and unmapping has also been added. Fixes ARM-software/tf-issues#310 Change-Id: I19e8992005c4292297a382824394490c5387aa3b Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-