- 13 Nov, 2017 2 commits
-
-
Jeenu Viswambharan authored
The function arm_validate_ns_entrypoint() validates a given non-secure physical address. This function however specifically returns PSCI error codes. Non-secure physical address validation is potentially useful across ARM platforms, even for non-PSCI use cases. Therefore make this function common by returning 0 for success or -1 otherwise. Having made the function common, make arm_validate_psci_entrypoint() a wrapper around arm_validate_ns_entrypoint() which only translates return value into PSCI error codes. This wrapper is now used where arm_validate_ns_entrypoint() was currently used for PSCI entry point validation. Change-Id: Ic781fc3105d6d199fd8f53f01aba5baea0ebc310 Signed-off-by:Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
This patch brings in the following fixes: - The per-PE target data initialized during power up needs to be flushed so as to be visible to other PEs. - Setup per-PE target data for the primary PE as well. At present, this was only setup for secondary PEs when they were powered on. Change-Id: Ibe3a57c14864e37b2326dd7ab321a5c7bf80e8af Signed-off-by:
-
- 09 Nov, 2017 1 commit
-
-
Antonio Nino Diaz authored
This initial port of the Secure Partitions Manager to FVP supports BL31 in both SRAM and Trusted DRAM. A document with instructions to build the SPM has been added. Change-Id: I4ea83ff0a659be77f2cd72eaf2302cdf8ba98b32 Co-authored-by:
Douglas Raillard <douglas.raillard@arm.com> Co-authored-by:
Sandrine Bailleux <sandrine.bailleux@arm.com> Co-authored-by:
Achin Gupta <achin.gupta@arm.com> Co-authored-by:
Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by:
-
- 01 Nov, 2017 1 commit
-
-
Roberto Vargas authored
ARM_TSP_RAM_LOCATION_ID was defined only in AARCH64, but the macro was also used in AARCH32, and it meant that it was taking the value 0, which happened to equal ARM_TRUSTED_SRAM_ID. Change-Id: If9f4dbee1a2ba15e7806f2a03305b554bd327363 Signed-off-by:Roberto Vargas <roberto.vargas@arm.com>
-
- 25 Oct, 2017 2 commits
-
-
Qixiang Xu authored
For Trusted Board Boot, BL2 needs more space to support the ECDSA and ECDSA+RSA algorithms. Change-Id: Ie7eda9a1315ce836dbc6d18d6588f8d17891a92d Signed-off-by:Qixiang Xu <qixiang.xu@arm.com>
-
Qixiang Xu authored
On Arm standard platforms, it runs out of SRAM space when TBB is enabled, so the TSP default location is changed to dram when TBB is enabled. Change-Id: I516687013ad436ef454d2055d4e6fce06e467044 Signed-off-by:
-
- 16 Oct, 2017 2 commits
-
-
Jeenu Viswambharan authored
An earlier patch added provision for the platform to provide secure interrupt properties. ARM platforms already has a list of interrupts that fall into different secure groups. This patch defines macros that enumerate interrupt properties in the same fashion, and points the driver driver data to a list of interrupt properties rather than list of secure interrupts on ARM platforms. The deprecated interrupt list definitions are however retained to support legacy builds. Configuration applied to individual interrupts remain unchanged, so no runtime behaviour change expected. NOTE: Platforms that use the arm/common function plat_arm_gic_driver_init() must replace their PLAT_ARM_G1S_IRQS and PLAT_ARM_G0_IRQS macro definitions with PLAT_ARM_G1S_IRQ_PROPS and PLAT_ARM_G0_IRQ_PROPS macros respectively, using the provided INTR_PROP_DESC macro. Change-Id: I24d643b83e3333753a3ba97d4b6fb71e16bb0952 Signed-off-by: -
Jeenu Viswambharan authored
Call the GICv2 driver API to initialise per-PE target mask. Change-Id: Idc7eb0d906a5379f4c05917af05c90613057ab97 Signed-off-by:
-
- 13 Oct, 2017 2 commits
-
-
Roberto Vargas authored
This function implements the platform dependant part of PSCI system reset2 for CSS platforms using SCMI. Change-Id: I724389decab484043cadf577aeed96b349c1466d Signed-off-by: -
Roberto Vargas authored
The common implementation of css_scp_sys_shutdown and css_scp_warm_reset is refactored into a new function, css_scp_system_off() that allows the desired power state to be specified. The css_scp_system_off can be used in the implementation of SYSTEM_RESET2 for PSCI v1.1. Change-Id: I161e62354d3d75f969b8436d794335237520a9a4 Signed-off-by:
-
- 11 Oct, 2017 2 commits
-
-
Soby Mathew authored
Provides GICv3 save/restore feature to arm_system_pwr_domain_resume and arm_system_pwr_domain_save functions. Introduce FVP PSCI power level 3 (System level) support. This is solely done to provide example code on how to use the GICv3 save and restore helpers. Also make CSS GICv3 platforms power off the Redistributor on SYSTEM SUSPEND as its state is saved and restored. Change-Id: I0d852f3af8824edee1a17c085cf593ddd33a4e77 Signed-off-by:
Soby Mathew <soby.mathew@arm.com> Co-Authored-by:
-
Soby Mathew authored
Some recent enhancements to EL3 runtime firmware like support for save and restoring GICv3 register context during system_suspend necessitates additional data memory for the firmware. This patch introduces support for creating a TZC secured DDR carveout for use by ARM reference platforms. A new linker section `el3_tzc_dram` is created using platform supplied linker script and data marked with the attribute `arm_el3_tzc_dram` will be placed in this section. The FVP makefile now defines the `PLAT_EXTRA_LD_SCRIPT` variable to allow inclusion of the platform linker script by the top level BL31 linker script. Change-Id: I0e7f4a75a6ac51419c667875ff2677043df1585d Signed-off-by:
-
- 05 Oct, 2017 1 commit
-
-
Soby Mathew authored
During system suspend, the GICv3 Distributor and Redistributor context can be lost due to power gating of the system power domain. This means that the GICv3 context needs to be saved prior to system suspend and restored on wakeup. Currently the consensus is that the Firmware should be in charge of this. See tf-issues#464 for more details. This patch introduces helper APIs in the GICv3 driver to save and restore the Distributor and Redistributor contexts. The GICv3 ITS context is not considered in this patch because the specification says that the details of ITS power management is implementation-defined. These APIs are expected to be appropriately invoked by the platform layer during system suspend. Fixes ARM-software/tf-issues#464 Change-Id: Iebb9c6770ab8c4d522546f161fa402d2fe02ec00 Signed-off-by:
-
- 04 Oct, 2017 1 commit
-
-
Jeenu Viswambharan authored
Commit 11ad8f20 added supporting multi-threaded CPUs on FVP platform, including modifications for calculating CPU IDs. This patch imports the strong definition of the same CPU ID calculation on FVP platform for TSP. Without this patch, TSP on FVP was using the default CPU ID calculation, which would end up being wrong on CPUs with multi-threading. Change-Id: If67fd492dfce1f57224c9e693988c4b0f89a9a9a Signed-off-by:
-
- 25 Sep, 2017 2 commits
-
-
Roberto Vargas authored
On ARM platforms, the maximum size of the address space is limited to 32-bits as defined in arm_def.h. In order to access DRAM2, which is defined beyond the 32-bit address space, the maximum address space is increased to 36-bits in AArch64. It is possible to increase the virtual space for AArch32, but it is more difficult and not supported for now. NOTE - the actual maximum memory address space is platform dependent and is checked at run-time by querying the PARange field in the ID_AA64MMFR0_EL1 register. Change-Id: I6cb05c78a63b1fed96db9a9773faca04a5b93d67 Signed-off-by: -
Roberto Vargas authored
mem_protect needs some kind of non-volatile memory because it has to remember its state across reset and power down events. The most suitable electronic part for this feature is a NVRAM which should be only accesible from the secure world. Juno and FVP lack such hardware and for this reason the MEM_PROTECT functionality is implemented with Flash EEPROM memory on both boards, even though this memory is accesible from the non-secure world. This is done only to show a full implementation of these PSCI features, but an actual system shouldn't use a non-secure NVRAM to implement it. The EL3 runtime software will write the mem_protect flag and BL2 will read and clear the memory ranges if enabled. It is done in BL2 because it reduces the time that TF needs access to the full non-secure memory. The memory layout of both boards is defined using macros which take different values in Juno and FVP platforms. Generic platform helpers are added that use the platform specific macros to generate a mem_region_t that is valid for the platform. Change-Id: I2c6818ac091a2966fa07a52c5ddf8f6fde4941e9 Signed-off-by:
-
- 22 Sep, 2017 2 commits
-
-
Qixiang Xu authored
- fixed compile error when KEY_ALG=ecdsa - add new option ecdsa for TF_MBEDTLS_KEY_ALG - add new option devel_ecdsa for ARM_ROTPK_LOCATION - add ecdsa key at plat/arm/board/common/rotpk/ - reduce the mbedtls heap memory size to 13k Change-Id: I3f7a6170af93fdbaaa7bf2fffb4680a9f6113c13 Signed-off-by: -
Qixiang Xu authored
For Trusted Board Boot, BL1 RW section and BL2 need more space to support the ECDSA algorithm. Specifically, PLAT_ARM_MAX_BL1_RW_SIZE is increased on ARM platforms. And on the Juno platform: - BL2 size, PLAT_ARM_MAX_BL2_SIZE is increased. - SCP_BL2 is loaded into the space defined by BL31_BASE -> BL31_RW_BASE. In order to maintain the same size space for SCP_BL2,PLAT_ARM_MAX_BL31_SIZE is increased. Change-Id: I379083f918b40ab1c765da4e71780d89f0058040 Co-Authored-By:David Cunado <david.cunado@arm.com> Signed-off-by:
-
- 21 Sep, 2017 1 commit
-
-
Sandrine Bailleux authored
platform_def.h doesn't need all the definitions in utils.h, the ones in utils_def.h are enough. This patch is related to the changes introduced by commit 53d9c9c8 . Change-Id: I4b2ff237a2d7fe07a7230e0e49b44b3fc2ca8abe Signed-off-by:
-
- 07 Sep, 2017 1 commit
-
-
Eleanor Bonnici authored
Earlier patches added errata workarounds 859972 for Cortex-A72, and 859972 for Cortex-A57 CPUs. Explicitly disable the workaround for Juno. Also reorganize errata workaround flags. No functional changes. Change-Id: I3fe3745de57d77e5bf52012826d3969fe5d4844e Signed-off-by:
Eleanor Bonnici <Eleanor.bonnici@arm.com> Signed-off-by:
-
- 06 Sep, 2017 4 commits
-
-
Soby Mathew authored
This patch does the required changes to enable CSS platforms to build and use the SDS framework. Since SDS is always coupled with SCMI protocol, the preexisting SCMI build flag is now renamed to `CSS_USE_SCMI_SDS_DRIVER` which will enable both SCMI and SDS on CSS platforms. Also some of the workarounds applied for SCMI are now removed with SDS in place. Change-Id: I94e8b93f05e3fe95e475c5501c25bec052588a9c Signed-off-by: -
Soby Mathew authored
This patch introduces the driver for Shared-Data-Structure (SDS) framework which will be used for communication between SCP and AP CPU. The SDS framework is intended to replace the Boot-Over-MHU (BOM) protocol used currently for the communication Change-Id: Ic174291121f4e581b174cce3389d22d6435f7269 Signed-off-by: -
Soby Mathew authored
This patch factors out common files required for sp_min for all CSS platforms from the JUNO specific makefile to a the new `css_sp_min.mk` makefile. This also allows the common build options that affect CSS platforms to be configured in a central makefile for sp_min. Change-Id: Ida952d8833b1aa5eda77ae0a6664a4632aeab24c Signed-off-by: -
Roberto Vargas authored
plat_get_my_entrypoint was branching to juno_do_reset_to_aarch_32_state, which is not supposed to return, and in case of returning it implemented an infinite loop. The problem was that plat_get_my_entrypoint was using "b" instead of "bl", so juno_do_reset_to_aarch_32_state was returning to the caller of plat_get_my_entrypoint instead of stop the system with a panic. To avoid this problem juno_do_reset_to_aarch_32_state was modified to call directly to plat_panic_handler if it tries to return. Change-Id: I591cf2dd78d27d8568fb15b91366e4b3dce027b5 Signed-off-by:
-
- 05 Sep, 2017 1 commit
-
-
Soby Mathew authored
The commit 3eb2d672 optimizes the memory map for BL2 when TSP is not present. But this also broke OP-TEE as it was reusing the TSP mapping. This patch fixes this problem by adding a separate mapping for OP-TEE in the BL2 memory map table. Change-Id: I130a2ea552b7b62d8478081feb1f4ddf5292a118 Signed-off-by:
-
- 31 Aug, 2017 3 commits
-
-
Soby Mathew authored
The `KEY_ALG` variable is used to select the algorithm for key generation by `cert_create` tool for signing the certificates. This variable was previously undocumented and did not have a global default value. This patch corrects this and also adds changes to derive the value of `TF_MBEDTLS_KEY_ALG` based on `KEY_ALG` if it not set by the platform. The corresponding assignment of these variables are also now removed from the `arm_common.mk` makefile. Signed-off-by: -
Sandrine Bailleux authored
This patch ensures that the ARM_MAP_TSP_SEC_MEM memory region is mapped in BL2 only if the TSPD has been included in the build. This saves one entry in the plat_arm_mmap[] array and avoids to map extra memory when it's not needed. Change-Id: I6ae60822ff8f0de198145925b0b0d45355179a94 Signed-off-by:
-
Soby Mathew authored
This patch fixes the PLAT_LOG_LEVEL_ASSERT to 40 which corresponds to LOG_LEVEL_INFO. Having this level of log for assertions means that the `assert()` will not generate the strings implied in the expression taken as parameter. This allows to save some memory when Juno is built for LOG_LEVEL = LOG_LEVEL_VERBOSE and DEBUG = 1. Fixes ARM-software/tf-issues#511 Change-Id: Id84a40f803ab07a5a8f6e587167af96694a07d04 Signed-off-by:
-
- 30 Aug, 2017 1 commit
-
-
Roberto Vargas authored
zero_normalmem only can zero memory when caches are enabled and the target memory is a normal memory, otherwise an abort is generated. In the case of EL3_PAYLOAD_BASE bl2_platform_setup was calling zero_normalmem with device memory and it generated an abort. Change-Id: If013603f209a12af488a9c54481f97a8f395b26a Signed-off-by:
-
- 29 Aug, 2017 1 commit
-
-
Jeenu Viswambharan authored
The current definition of ARM_INSTANTIATE_LOCK macro includes a semicolon, which means it's omitted where it's used. This is anomalous for a C statement in global scope. Fix this by removing semicolon from the definition; and where it's a NOP, declare a file-scoped variable explicitly tagged as unused to avoid compiler warning. No functional changes. Change-Id: I2c1d92ece4777e272a025011e03b8003f3543335 Signed-off-by:
-
- 25 Aug, 2017 1 commit
-
-
Jens Wiklander authored
If SPD_opteed is defined map ARM_OPTEE_PAGEABLE_LOAD_MEM in bl2 to allow loading of OP-TEE paged part. Signed-off-by:Jens Wiklander <jens.wiklander@linaro.org>
-
- 23 Aug, 2017 2 commits
-
-
Isla Mitchell authored
At present, the MPIDR validation on FVP relies on MT bit set along with shifted affinities. This currently is additionally dependent on the FVP model being of variant C. This however should be based on the presence of MT bit alone. This patch makes the change to always assume that the affinities are shifted in the FVP model when MT bit is present. Change-Id: I09fcb0126e1b38d29124bdeaf3450a60b95d485d Signed-off-by:Isla Mitchell <isla.mitchell@arm.com>
-
Roberto Vargas authored
The nor_XXXXX functions may fail due to different reasons, and it is convenient to do a full check to detect any failure. It is also a good idea to have a specific function to do a full status check, because new checks can be added to this function and they will be incorporated automatically to any function calling it. Change-Id: I54fed913e37ef574c1608e94139a519426348d12 Signed-off-by:
-
- 22 Aug, 2017 4 commits
-
-
Roberto Vargas authored
NOR memory only supports setting bits to 1. To clear a bit, set to zero, the NOR memory needs to be erased. Change-Id: Ia82eb15a5af9a6d4fc7e5ea2b58e6db87226b351 Signed-off-by: -
Roberto Vargas authored
The status register bits remain until explicitly cleared, which means that a command can be incorrectly considered to have generated an error - for example, after reset the status register contents may be unknown or if a previous command had failed. This patch clears the status register before beginning any command to be sure that the status register only represents information about the current operation. Change-Id: I9e98110ee24179937215461c00b6543a3467b350 Signed-off-by: -
Roberto Vargas authored
lock/unlock operation must wait until WSM bit is set. Since we do not allow to loop forever then these functions must return an error if WSM bit isn't enabled after a number of tries. Change-Id: I21c9e292b514b28786ff4a225128bcd8c1bfa999 Signed-off-by: -
Roberto Vargas authored
- Add comments to all the functions - Simplify nor_poll_dws - Simplify nor_word_program Change-Id: I29c0199d2908a4fceb1ac3430fcfdd699be22bb3 Signed-off-by:
-
- 09 Aug, 2017 2 commits
-
-
Summer Qin authored
Trusted OS may have extra images to be loaded. Load them one by one and do the parsing. In this patch, ARM TF need to load up to 3 images for optee os: header, pager and paged images. Header image is the info about optee os and images. Pager image include pager code and data. Paged image include the paging parts using virtual memory. Change-Id: Ia3bcfa6d8a3ed7850deb5729654daca7b00be394 Signed-off-by:Summer Qin <summer.qin@arm.com>
-
Summer Qin authored
Since Trusted OS firmware may have extra images, need to assign new uuid and image id for them. The TBBR chain of trust has been extended to add support for the new images within the existing Trusted OS firmware content certificate. Change-Id: I678dac7ba1137e85c5779b05e0c4331134c10e06 Signed-off-by:
-
- 02 Aug, 2017 1 commit
-
-
Jeenu Viswambharan authored
Revision C of the Base FVP has the same memory map as earlier revisions, but has the following differences: - Implements CCI550 instead of CCI400, - Has a single instantiation of SMMUv3, - CPU MPIDs are shifted left by one level, and has MT bit set in them. The correct interconnect to program is chosen at run time based on the FVP revision. Therefore, this patch implements FVP functions for interconnect programming, rather than depending on ARM generic ones. The macros used have been renamed to reflect this change. Additionally, this patch initializes SMMUv3 as part of FVP early platform setup. New ARM config flags are introduced for feature queries at run time. Change-Id: Ic7b7f080953a51fceaf62ce7daa6de0573801f09 Signed-off-by:
-
