- 20 Sep, 2016 1 commit
-
-
Yatharth Kochar authored
This patch adds capability to load BL images based on image descriptors instead of hard coded way of loading BL images. This framework is designed such that it can be readily adapted by any BL stage that needs to load images. In order to provide the above capability the following new platform functions are introduced: bl_load_info_t *plat_get_bl_image_load_info(void); This function returns pointer to the list of images that the platform has populated to load. bl_params_t *plat_get_next_bl_params(void); This function returns a pointer to the shared memory that the platform has kept aside to pass trusted firmware related information that next BL image needs. void plat_flush_next_bl_params(void); This function flushes to main memory all the params that are passed to next image. int bl2_plat_handle_post_image_load(unsigned int image_id) This function can be used by the platforms to update/use image information for given `image_id`. `desc_image_load.c` contains utility functions which can be used by the platforms to generate, load and executable, image list based on the registered image descriptors. This patch also adds new version of `load_image/load_auth_image` functions in-order to achieve the above capability. Following are the changes for the new version as compared to old: - Refactor the signature and only keep image_id and image_info_t arguments. Removed image_base argument as it is already passed through image_info_t. Given that the BL image base addresses and limit/size are already provided by the platforms, the meminfo_t and entry_point_info arguments are not needed to provide/reserve the extent of free memory for the given BL image. - Added check for the image size against the defined max size. This is needed because the image size could come from an unauthenticated source (e.g. the FIP header). To make this check, new member is added to the image_info_t struct for identifying the image maximum size. New flag `LOAD_IMAGE_V2` is added in the Makefile. Default value is 0. NOTE: `TRUSTED_BOARD_BOOT` is currently not supported when `LOAD_IMAGE_V2` is enabled. Change-Id: Ia7b643f4817a170d5a2fbf479b9bc12e63112e79
-
- 15 Sep, 2016 4 commits
-
-
Jeenu Viswambharan authored
This patch implements CSS platform hook to support NODE_HW_STATE PSCI API. The platform hook queries SCP to obtain CSS power state. Power states returned by SCP are then converted to expected PSCI return codes. Juno's PSCI operation structure is modified to use the CSS implementation. Change-Id: I4a5edac0e5895dd77b51398cbd78f934831dafc0
-
Jeenu Viswambharan authored
This patch adds support for NODE_HW_STATE PSCI API by introducing a new PSCI platform hook (get_node_hw_state). The implementation validates supplied arguments, and then invokes this platform-defined hook and returns its result to the caller. PSCI capabilities are updated accordingly. Also updates porting and firmware design guides. Change-Id: I808e55bdf0c157002a7c104b875779fe50a68a30
-
Sandrine Bailleux authored
This patch adds a couple of missing forward declarations in plat_arm.h so that all types it references are known within this header file, without relying on previous header inclusions. This concerns the meminfo and bl31_params structures, which are defined in bl_common.h. Other external types referenced from plat_arm.h (e.g. mmap_region_t) get declared through header files included by arm_plat.h so they don't need forward declarations. Change-Id: I471d5aa487919aff3fa979fc65e053f4f5b0ef32
-
Sandrine Bailleux authored
Commit e8719552 removed some definitions related to translation tables from the xlat_tables.h header file, based on the assumption that they weren't used by any platform. These are actually used by some partners so this patch restores them. Fixes ARM-software/tf-issues#425 Change-Id: Idafa5f00bb0bd9c2847b5ae6541cf8db93c7b89a
-
- 14 Sep, 2016 2 commits
-
-
dp-arm authored
When using more than a single service in PMF, it is necessary that the per-service timestamps begin on a cache line boundary. Previously it was possible that two services shared a cache line for their timestamps. This made it difficult to reason about cache maintenance operations within a single service and required a global understanding of how all services operate. Change-Id: Iacaae5154a7e19ad4107468e56df9ad082ee371c
-
dp-arm authored
The macro calculates an absolute address rather than an offset so rename it to avoid confusion. Change-Id: I351f73dfd809fd28c0c30d38928caf5c5cd1af04
-
- 12 Sep, 2016 1 commit
-
-
Leon Chen authored
This patch support single core to boot to Linux kernel through Trusted Firmware. It also support 32 bit kernel and 64 bit kernel booting.
-
- 26 Aug, 2016 2 commits
-
-
dp-arm authored
Given the service name and timestamp id, this assembler macro calculates the offset into a memory region where the per-cpu timestamp value is located. Change-Id: I47f6dfa2a17be182675e2ca0489d6eed42433209
-
dp-arm authored
More headers will be needed soon so better to move these to their own directory to avoid cluttering include/lib. Change-Id: I6a72dc5b602d6f51954cf60aadd1beb52a268670
-
- 23 Aug, 2016 1 commit
-
-
Antonio Nino Diaz authored
Instead of hardcoding a level 1 table as the base translation level table, let the code decide which level is the most appropriate given the virtual address space size. As the table granularity is 4 KB, this allows the code to select level 0, 1 or 2 as base level for AArch64. This way, instead of limiting the virtual address space width to 39-31 bits, widths of 48-25 bit can be used. For AArch32, this change allows the code to select level 1 or 2 as the base translation level table and use virtual address space width of 32-25 bits. Also removed some unused definitions related to translation tables. Fixes ARM-software/tf-issues#362 Change-Id: Ie3bb5d6d1a4730a26700b09827c79f37ca3cdb65
-
- 12 Aug, 2016 1 commit
-
-
Haojian Zhuang authored
Support CMD23. When CMD23 is used, CMD12 could be avoided. Two scenarios: 1. CMD17 for single block, CMD18 + CMD12 for multiple blocks. 2. CMD23 + CMD18 for both single block and multiple blocks. The emmc_init() should initialize whether CMD23 is supported or not. Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
-
- 10 Aug, 2016 10 commits
-
-
Soby Mathew authored
This patch implements the support for SP_MIN in FVP. The SP_MIN platform APIs are implemented and the required makefile support is added for FVP. Change-Id: Id50bd6093eccbd5e38894e3fd2b20d5baeac5452
-
Soby Mathew authored
This patch adds AArch32 support for FVP and implements common platform APIs like `plat_get_my_stack`, `plat_set_my_stack`, `plat_my_core_cos` for AArch32. Only Multi Processor(MP) implementations of these functions are considered in this patch. The ARM Standard platform layer helpers are implemented for AArch32 and the common makefiles are modified to cater for both AArch64 and AArch32 builds. Compatibility with the deprecated platform API is not supported for AArch32. Change-Id: Iad228400613eec91abf731b49e21a15bcf2833ea
-
Soby Mathew authored
This patch adds a minimal AArch32 secure payload SP_MIN. It relies on PSCI library to initialize the normal world context. It runs in Monitor mode and uses the runtime service framework to handle SMCs. It is added as a BL32 component in the Trusted Firmware source tree. Change-Id: Icc04fa6b242025a769c1f6c7022fde19459c43e9
-
Soby Mathew authored
This patch adds AArch32 support to PSCI library, as follows : * The `psci_helpers.S` is implemented for AArch32. * AArch32 version of internal helper function `psci_get_ns_ep_info()` is defined. * The PSCI Library is responsible for the Non Secure context initialization. Hence a library interface `psci_prepare_next_non_secure_ctx()` is introduced to enable EL3 runtime firmware to initialize the non secure context without invoking context management library APIs. Change-Id: I25595b0cc2dbfdf39dbf7c589b875cba33317b9d
-
Soby Mathew authored
This patch adds AArch32 support to cpu ops, context management, per-cpu data and spinlock libraries. The `entrypoint_info` structure is modified to add support for AArch32 register arguments. The CPU operations for AEM generic cpu in AArch32 mode is also added. Change-Id: I1e52e79f498661d8f31f1e7b3a29e222bc7a4483
-
Soby Mathew authored
This patch defines a SMCC context to save and restore registers during a SMC call. It also adds appropriate helpers to save and restore from this context for use by AArch32 secure payload and BL stages. Change-Id: I64c8d6fe1d6cac22e1f1f39ea1b54ee1b1b72248
-
Soby Mathew authored
This patch adds an API in runtime service framework to invoke the registered handler corresponding to the SMC function identifier. This is helpful for AArch32 because the number of arguments required by the handler is more than registers available as per AArch32 program calling conventions and requires the use of stack. Hence this new API will do the necessary argument setup and invoke the appropriate handler. Although this API is primarily intended for AArch32, it can be used for AArch64 as well. Change-Id: Iefa15947fe5a1df55b0859886e677446a0fd7241
-
Soby Mathew authored
This patch adds translation library supports for AArch32 platforms. The library only supports long descriptor formats for AArch32. The `enable_mmu_secure()` enables the MMU for secure world with `TTBR0` pointing to the populated translation tables. Change-Id: I061345b1779391d098e35e7fe0c76e3ebf850e08
-
Soby Mathew authored
This patch adds various assembly helpers for AArch32 like : * cache management : Functions to flush, invalidate and clean cache by MVA. Also helpers to do cache operations by set-way are also added. * stack management: Macros to declare stack and get the current stack corresponding to current CPU. * Misc: Macros to access co processor registers in AArch32, macros to define functions in assembly, assert macros, generic `do_panic()` implementation and function to zero block of memory. Change-Id: I7b78ca3f922c0eda39beb9786b7150e9193425be
-
Soby Mathew authored
This patch adds the essential AArch32 architecture helpers arch.h and arch_helpers.h and modifies `_types.h` to add AArch32 support. A new build option `ARCH` is defined in the top level makefile to enable the component makefiles to choose the right files based on the Architecture it is being build for. Depending on this flag, either `AARCH32` or `AARCH64` flag is defined by the Makefile. The default value of `ARCH` flag is `aarch64`. The AArch32 build support will be added in a later patch. Change-Id: I405e5fac02db828a55cd25989b572b64cb005241
-
- 09 Aug, 2016 1 commit
-
-
Soby Mathew authored
This patch moves the macro SIZE_FROM_LOG2_WORDS() defined in `arch.h` to `utils.h` as it is utility macro. Change-Id: Ia8171a226978f053a1ee4037f80142c0a4d21430
-
- 27 Jul, 2016 1 commit
-
-
Soby Mathew authored
This patch fixes the offset of GICD_IROUTER register defined in gicv3.h. Although the GICv3 documention mentions that the offset for this register is 0x6100-0x7FD8, the offset calculation for an interrupt id `n` is : 0x6000 + 8n, where n >= 32 This requires the offset for GICD_IROUTER to be defined as 0x6000. Fixes ARM-software/tf-issues#410 Change-Id: If9e91e30d946afe7f1f60fea4f065c7567093fa8
-
- 25 Jul, 2016 2 commits
-
-
Sandrine Bailleux authored
This patch adds some runtime checks to prevent some potential pointer overflow issues in the is_mem_free() function. The overflow could happen in the case where the end addresses, computed as the sum of a base address and a size, results in a value large enough to wrap around. This, in turn, could lead to unpredictable behaviour. If such an overflow is detected, the is_mem_free() function will now declare the memory region as not free. The overflow is detected using a new macro, called check_uptr_overflow(). This patch also modifies all other places in the 'bl_common.c' file where an end address was computed as the sum of a base address and a size and instead keeps the two values separate. This avoids the need to handle pointer overflows everywhere. The code doesn't actually need to compute any end address before the is_mem_free() function is called other than to print information message to the serial output. This patch also introduces 2 slight changes to the reserve_mem() function: - It fixes the end addresses passed to choose_mem_pos(). It was incorrectly passing (base + size) instead of (base + size - 1). - When the requested allocation size is 0, the function now exits straight away and says so using a warning message. Previously, it used to actually reserve some memory. A zero-byte allocation was not considered as a special case so the function was using the same top/bottom allocation mechanism as for any other allocation. As a result, the smallest area of memory starting from the requested base address within the free region was reserved. Change-Id: I0e695f961e24e56ffe000718014e0496dc6e1ec6
-
Antonio Nino Diaz authored
Compile option `ARM_BOARD_OPTIMISE_MMAP` has been renamed to `ARM_BOARD_OPTIMISE_MEM` because it now applies not only to defines related to the translation tables but to the image size as well. The defines `PLAT_ARM_MAX_BL1_RW_SIZE`, `PLAT_ARM_MAX_BL2_SIZE` and `PLAT_ARM_MAX_BL31_SIZE` have been moved to the file board_arm_def.h. This way, ARM platforms no longer have to set their own values if `ARM_BOARD_OPTIMISE_MEM=0` and they can specify optimized values otherwise. The common sizes have been set to the highest values used for any of the current build configurations. This is needed because in some build configurations some images are running out of space. This way there is a common set of values known to work for all of them and it can be optimized for each particular platform if needed. The space reserved for BL2 when `TRUSTED_BOARD_BOOT=0` has been increased. This is needed because when memory optimisations are disabled the values for Juno of `PLAT_ARM_MMAP_ENTRIES` and `MAX_XLAT_TABLES` are higher. If in this situation the code is compiled in debug mode and with "-O0", the code won't fit. Change-Id: I70a3d8d3a0b0cad1d6b602c01a7ea334776e718e
-
- 19 Jul, 2016 2 commits
-
-
Soby Mathew authored
This patch moves assembler macros which are not architecture specific to a new file `asm_macros_common.S` and moves the `el3_common_macros.S` into `aarch64` specific folder. Change-Id: I444a1ee3346597bf26a8b827480cd9640b38c826
-
Soby Mathew authored
This patch introduces the PSCI Library interface. The major changes introduced are as follows: * Earlier BL31 was responsible for Architectural initialization during cold boot via bl31_arch_setup() whereas PSCI was responsible for the same during warm boot. This functionality is now consolidated by the PSCI library and it does Architectural initialization via psci_arch_setup() during both cold and warm boots. * Earlier the warm boot entry point was always `psci_entrypoint()`. This was not flexible enough as a library interface. Now PSCI expects the runtime firmware to provide the entry point via `psci_setup()`. A new function `bl31_warm_entrypoint` is introduced in BL31 and the previous `psci_entrypoint()` is deprecated. * The `smc_helpers.h` is reorganized to separate the SMC Calling Convention defines from the Trusted Firmware SMC helpers. The former is now in a new header file `smcc.h` and the SMC helpers are moved to Architecture specific header. * The CPU context is used by PSCI for context initialization and restoration after power down (PSCI Context). It is also used by BL31 for SMC handling and context management during Normal-Secure world switch (SMC Context). The `psci_smc_handler()` interface is redefined to not use SMC helper macros thus enabling to decouple the PSCI context from EL3 runtime firmware SMC context. This enables PSCI to be integrated with other runtime firmware using a different SMC context. NOTE: With this patch the architectural setup done in `bl31_arch_setup()` is done as part of `psci_setup()` and hence `bl31_platform_setup()` will be invoked prior to architectural setup. It is highly unlikely that the platform setup will depend on architectural setup and cause any failure. Please be be aware of this change in sequence. Change-Id: I7f497a08d33be234bbb822c28146250cb20dab73
-
- 18 Jul, 2016 3 commits
-
-
Soby Mathew authored
This patch moves the PSCI services and BL31 frameworks like context management and per-cpu data into new library components `PSCI` and `el3_runtime` respectively. This enables PSCI to be built independently from BL31. A new `psci_lib.mk` makefile is introduced which adds the relevant PSCI library sources and gets included by `bl31.mk`. Other changes which are done as part of this patch are: * The runtime services framework is now moved to the `common/` folder to enable reuse. * The `asm_macros.S` and `assert_macros.S` helpers are moved to architecture specific folder. * The `plat_psci_common.c` is moved from the `plat/common/aarch64/` folder to `plat/common` folder. The original file location now has a stub which just includes the file from new location to maintain platform compatibility. Most of the changes wouldn't affect platform builds as they just involve changes to the generic bl1.mk and bl31.mk makefiles. NOTE: THE `plat_psci_common.c` FILE HAS MOVED LOCATION AND THE STUB FILE AT THE ORIGINAL LOCATION IS NOW DEPRECATED. PLATFORMS SHOULD MODIFY THEIR MAKEFILES TO INCLUDE THE FILE FROM THE NEW LOCATION. Change-Id: I6bd87d5b59424995c6a65ef8076d4fda91ad5e86
-
Soby Mathew authored
This patch fixes some coding guideline warnings reported by the checkpatch script. Only files related to upcoming feature development have been fixed. Change-Id: I26fbce75c02ed62f00493ed6c106fe7c863ddbc5
-
Soby Mathew authored
This patch reworks type usage in generic code, drivers and ARM platform files to make it more portable. The major changes done with respect to type usage are as listed below: * Use uintptr_t for storing address instead of uint64_t or unsigned long. * Review usage of unsigned long as it can no longer be assumed to be 64 bit. * Use u_register_t for register values whose width varies depending on whether AArch64 or AArch32. * Use generic C types where-ever possible. In addition to the above changes, this patch also modifies format specifiers in print invocations so that they are AArch64/AArch32 agnostic. Only files related to upcoming feature development have been reworked. Change-Id: I9f8c78347c5a52ba7027ff389791f1dad63ee5f8
-
- 12 Jul, 2016 1 commit
-
-
Naga Sureshkumar Relli authored
This patch adds cpumerrsr_el1 and l2merrsr_el1 to the register dump on error for applicable CPUs. These registers hold the ECC errors on L1 and L2 caches. This patch updates the A53, A57, A72, A73 (l2merrsr_el1 only) CPU libraries. Signed-off-by: Naga Sureshkumar Relli <nagasure@xilinx.com>
-
- 08 Jul, 2016 8 commits
-
-
Sandrine Bailleux authored
On ARM CSS platforms, the whole flash used to be mapped as executable. This is not required, given that the flash is used to store the BL1 and FIP images and: - The FIP is not executed in place, its images are copied to RAM and executed from there. - BL1 is executed in place from flash but only its code needs to be mapped as executable and platform code takes care of re-mapping BL1's read-only section as executable. Therefore, this patch now maps the flash as non-executable by default on these platforms. This increases security by restricting the executable region to what is strictly needed. This patch also adds some comments to clarify the memory mapping attributes on these platforms. Change-Id: I4db3c145508bea1f43fbe0f6dcd551e1aec1ecd3
-
Sandrine Bailleux authored
The arm_setup_page_tables() function used to expect a single set of addresses defining the extents of the whole read-only section, code and read-only data mixed up, which was mapped as executable. This patch changes this behaviour. arm_setup_page_tables() now expects 2 separate sets of addresses: - the extents of the code section; - the extents of the read-only data section. The code is mapped as executable, whereas the data is mapped as execute-never. New #defines have been introduced to identify the extents of the code and the read-only data section. Given that all BL images except BL1 share the same memory layout and linker script structure, these #defines are common across these images. The slight memory layout differences in BL1 have been handled by providing values specific to BL1. Note that this patch also affects the Xilinx platform port, which uses the arm_setup_page_tables() function. It has been updated accordingly, such that the memory mappings on this platform are unchanged. This is achieved by passing null values as the extents of the read-only data section so that it is ignored. As a result, the whole read-only section is still mapped as executable. Fixes ARM-software/tf-issues#85 Change-Id: I1f95865c53ce6e253a01286ff56e0aa1161abac5
-
Sandrine Bailleux authored
At the moment, all BL images share a similar memory layout: they start with their code section, followed by their read-only data section. The two sections are contiguous in memory. Therefore, the end of the code section and the beginning of the read-only data one might share a memory page. This forces both to be mapped with the same memory attributes. As the code needs to be executable, this means that the read-only data stored on the same memory page as the code are executable as well. This could potentially be exploited as part of a security attack. This patch introduces a new build flag called SEPARATE_CODE_AND_RODATA, which isolates the code and read-only data on separate memory pages. This in turn allows independent control of the access permissions for the code and read-only data. This has an impact on memory footprint, as padding bytes need to be introduced between the code and read-only data to ensure the segragation of the two. To limit the memory cost, the memory layout of the read-only section has been changed in this case. - When SEPARATE_CODE_AND_RODATA=0, the layout is unchanged, i.e. the read-only section still looks like this (padding omitted): | ... | +-------------------+ | Exception vectors | +-------------------+ | Read-only data | +-------------------+ | Code | +-------------------+ BLx_BASE In this case, the linker script provides the limits of the whole read-only section. - When SEPARATE_CODE_AND_RODATA=1, the exception vectors and read-only data are swapped, such that the code and exception vectors are contiguous, followed by the read-only data. This gives the following new layout (padding omitted): | ... | +-------------------+ | Read-only data | +-------------------+ | Exception vectors | +-------------------+ | Code | +-------------------+ BLx_BASE In this case, the linker script now exports 2 sets of addresses instead: the limits of the code and the limits of the read-only data. Refer to the Firmware Design guide for more details. This provides platform code with a finer-grained view of the image layout and allows it to map these 2 regions with the appropriate access permissions. Note that SEPARATE_CODE_AND_RODATA applies to all BL images. Change-Id: I936cf80164f6b66b6ad52b8edacadc532c935a49
-
Sandrine Bailleux authored
This patch introduces the round_up() and round_down() macros, which round up (respectively down) a value to a given boundary. The boundary must be a power of two. Change-Id: I589dd1074aeb5ec730dd523b4ebf098d55a7e967
-
Sandrine Bailleux authored
This patch introduces a new header file: include/lib/utils.h. Its purpose is to provide generic macros and helper functions that are independent of any BL image, architecture, platform and even not specific to Trusted Firmware. For now, it contains only 2 macros: ARRAY_SIZE() and IS_POWER_OF_TWO(). These were previously defined in bl_common.h and xlat_tables.c respectively. bl_common.h includes utils.h to retain compatibility for platforms that relied on bl_common.h for the ARRAY_SIZE() macro. Upstream platform ports that use this macro have been updated to include utils.h. Change-Id: I960450f54134f25d1710bfbdc4184f12c049a9a9
-
Sandrine Bailleux authored
This patch introduces the MT_EXECUTE/MT_EXECUTE_NEVER memory mapping attributes in the translation table library to specify the access permissions for instruction execution of a memory region. These new attributes should be used only for normal, read-only memory regions. For other types of memory, the translation table library still enforces the following rules, regardless of the MT_EXECUTE/MT_EXECUTE_NEVER attribute: - Device memory is always marked as execute-never. - Read-write normal memory is always marked as execute-never. Change-Id: I8bd27800a8c1d8ac1559910caf4a4840cf25b8b0
-
Sandrine Bailleux authored
This patch introduces the arm_setup_page_tables() function to set up page tables on ARM platforms. It replaces the arm_configure_mmu_elx() functions and does the same thing except that it doesn't enable the MMU at the end. The idea is to reduce the amount of per-EL code that is generated by the C preprocessor by splitting the memory regions definitions and page tables creation (which is generic) from the MMU enablement (which is the only per-EL configuration). As a consequence, the call to the enable_mmu_elx() function has been moved up into the plat_arch_setup() hook. Any other ARM standard platforms that use the functions `arm_configure_mmu_elx()` must be updated. Change-Id: I6f12a20ce4e5187b3849a8574aac841a136de83d
-
Soby Mathew authored
The per-cpu stacks should be aligned to the cache-line size and the `declare_stack` helper in asm_macros.S macro assumed a cache-line size of 64 bytes. The platform defines the cache-line size via CACHE_WRITEBACK_GRANULE macro. This patch modifies `declare_stack` helper macro to derive stack alignment from the platform defined macro. Change-Id: I1e1b00fc8806ecc88190ed169f4c8d3dd25fe95b
-