- 20 Feb, 2020 1 commit
-
-
Manish Pandey authored
Till now TF-A allows limited number of external images to be made part of FIP. With SPM coming along, there may exist multiple SP packages which need to be inserted into FIP. To achieve this we need a more scalable approach to feed SP packages to FIP. This patch introduces changes in build system to generate and add SP packages into FIP based on information provided by platform. Platform provides information in form of JSON which contains layout description of available Secure Partitions. JSON parser script is invoked by build system early on and generates a makefile which updates FIP, SPTOOL and FDT arguments which will be used by build system later on for final packaging. "SP_LAYOUT_FILE" passed as a build argument and can be outside of TF-A tree. This option will be used only when SPD=spmd. For each SP, generated makefile will have following entries - FDT_SOURCES += sp1.dts - SPTOOL_ARGS += -i sp1.img:sp1.dtb -o sp1.pkg - FIP_ARGS += --blob uuid=XXXX-XXX...,file=SP1.pkg Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ib6a9c064400caa3cd825d9886008a3af67741af7
-
- 07 Feb, 2020 2 commits
-
-
Alexei Fedorov authored
At the moment, address demangling is only used by the backtrace functionality. However, at some point, other parts of the TF-A codebase may want to use it. The 'demangle_address' function is replaced with a single XPACI instruction which is also added in 'do_crash_reporting()'. Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com> Change-Id: I4424dcd54d5bf0a5f9b2a0a84c4e565eec7329ec
-
Louis Mayencourt authored
Use the firmware configuration framework to store the io_policies information inside the configuration device tree instead of the static structure in the code base. The io_policies required by BL1 can't be inside the dtb, as this one is loaded by BL1, and only available at BL2. This change currently only applies to FVP platform. Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 06 Feb, 2020 2 commits
-
-
Max Shvetsov authored
Enables usage of ARM_ROTPK_LOCATION=regs for FVP board. Removes hard-coded developer keys. Instead, setting ARM_ROTPK_LOCATION=devel_* takes keys from default directory. In case of ROT_KEY specified - generates a new hash and replaces the original. Note: Juno board was tested by original feature author and was not tested for this patch since we don't have access to the private key. Juno implementation was moved to board-specific file without changing functionality. It is not known whether byte-swapping is still needed for this platform. Change-Id: I0fdbaca0415cdcd78f3a388551c2e478c01ed986 Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
Paul Beesley authored
This patch expands the coding style documentation, splitting it into two documents: the core style rules and extended guidelines. Note that it does not redefine or change the coding style (aside from section 4.6.2) - generally, it is only documenting the existing style in more detail. The aim is for the coding style to be more readable and, in turn, for it to be followed by more people. We can use this as a more concrete reference when discussing the accepted style with external contributors. Change-Id: I87405ace9a879d7f81e6b0b91b93ca69535e50ff Signed-off-by: Paul Beesley <paul.beesley@arm.com> Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>
-
- 03 Feb, 2020 1 commit
-
-
Imre Kis authored
Since Sphinx 2.3.0 backquotes are replaced to \textasciigrave{} during building latexpdf. Using this element in a \sphinxhref{} breaks the build. In order to avoid this error backquotes must not be used in external hyperlinks. Signed-off-by: Imre Kis <imre.kis@arm.com> Change-Id: Ie3cf454427e3d5a7b7f9829b42be45aebda7f0dd
-
- 29 Jan, 2020 2 commits
-
-
Sandrine Bailleux authored
Allows to select the chain of trust to use when the Trusted Boot feature is enabled. This affects both the cert_create tool and the firmware itself. Right now, the only available CoT is TBBR. Change-Id: I7ab54e66508a1416cb3fcd3dfb0f055696763b3d Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Madhukar Pappireddy authored
Command to build HTML-formatted pages from docs: make doc Change-Id: I4103c804b3564fe67d8fc5a3373679daabf3f2e9 Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 28 Jan, 2020 1 commit
-
-
Alexei Fedorov authored
This patch adds 'calc_hash' function using Mbed TLS library required for Measured Boot support. Change-Id: Ifc5aee0162d04db58ec6391e0726a526f29a52bb Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 24 Jan, 2020 2 commits
-
-
Masahiro Yamada authored
This implementation simply mimics that of BL31. Change-Id: Ibbaa4ca012d38ac211c52b0b3e97449947160e07 Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
This implementation simply mimics that of BL31. I did not implement the ENABLE_PIE support for BL2_IN_XIP_MEM=1 case. It would make the linker script a bit uglier. Change-Id: If3215abd99f2758dfb232e44b50320d04eba808b Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 17 Jan, 2020 1 commit
-
-
Ambroise Vincent authored
The LLVM linker replaces the GNU linker as default for the link on Clang builds. It is possible to override the default linker by setting the LD build flag. The patch also updates the TF-A doc. Change-Id: Ic08552b9994d4fa8f0d4863e67a2726c1dce2e35 Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com> Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
-
- 10 Jan, 2020 2 commits
-
-
Madhukar Pappireddy authored
This toolchain provides multiple cross compilers and are publicly available on developer.arm.com We build TF-A in CI using: AArch32 bare-metal target (arm-none-eabi) AArch64 ELF bare-metal target (aarch64-none-elf) Change-Id: I910200174d5bad985504d1af4a1ae5819b524003 Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
Deepika Bhavnani authored
NOTE for platform integrators: API `plat_psci_stat_get_residency()` third argument `last_cpu_idx` is changed from "signed int" to the "unsigned int" type. Issue / Trouble points 1. cpu_idx is used as mix of `unsigned int` and `signed int` in code with typecasting at some places leading to coverity issues. 2. Underlying platform API's return cpu_idx as `unsigned int` and comparison is performed with platform specific defines `PLAFORM_xxx` which is not consistent Misra Rule 10.4: The value of a complex expression of integer type may only be cast to a type that is narrower and of the same signedness as the underlying type of the expression. Based on above points, cpu_idx is kept as `unsigned int` to match the API's and low-level functions and platform defines are updated where ever required Signed-off-by: Deepika Bhavnani <deepika.bhavnani@arm.com> Change-Id: Ib26fd16e420c35527204b126b9b91e8babcc3a5c
-
- 08 Jan, 2020 1 commit
-
-
Mark Dykes authored
This reverts commit de9bf1d8. Change-Id: Iebb6297ce290a10ee850bf6a9c71e7eb530b085f
-
- 03 Jan, 2020 1 commit
-
-
Madhukar Pappireddy authored
This toolchain provides multiple cross compilers and are publicly available on www.developer.arm.com We thoroughly test TF-A in CI using: AArch32 bare-metal target (arm-none-eabi) AArch64 ELF bare-metal target (aarch64-none-elf) Change-Id: I2360a3ac6705c68dca781b85e9894867df255b3e Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 29 Dec, 2019 1 commit
-
-
Samuel Holland authored
Some platforms are extremely memory constrained and must split BL31 between multiple non-contiguous areas in SRAM. Allow the NOBITS sections (.bss, stacks, page tables, and coherent memory) to be placed in a separate region of RAM from the loaded firmware image. Because the NOBITS region may be at a lower address than the rest of BL31, __RW_{START,END}__ and __BL31_{START,END}__ cannot include this region, or el3_entrypoint_common would attempt to invalidate the dcache for the entire address space. New symbols __NOBITS_{START,END}__ are added when SEPARATE_NOBITS_REGION is enabled, and the dcached for the NOBITS region is invalidated separately. Signed-off-by: Samuel Holland <samuel@sholland.org> Change-Id: Idedfec5e4dbee77e94f2fdd356e6ae6f4dc79d37
-
- 20 Dec, 2019 2 commits
-
-
Paul Beesley authored
The Secure Partition Manager (SPM) prototype implementation is being removed. This is preparatory work for putting in place a dispatcher component that, in turn, enables partition managers at S-EL2 / S-EL1. This patch removes: - The core service files (std_svc/spm) - The Resource Descriptor headers (include/services) - SPRT protocol support and service definitions - SPCI protocol support and service definitions Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426 Signed-off-by: Paul Beesley <paul.beesley@arm.com> Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
-
Paul Beesley authored
There are two different implementations of Secure Partition management in TF-A. One is based on the "Management Mode" (MM) design, the other is based on the Secure Partition Client Interface (SPCI) specification. Currently there is a dependency between their build flags that shouldn't exist, making further development harder than it should be. This patch removes that dependency, making the two flags function independently. Before: ENABLE_SPM=1 is required for using either implementation. By default, the SPCI-based implementation is enabled and this is overridden if SPM_MM=1. After: ENABLE_SPM=1 enables the SPCI-based implementation. SPM_MM=1 enables the MM-based implementation. The two build flags are mutually exclusive. Note that the name of the ENABLE_SPM flag remains a bit ambiguous - this will be improved in a subsequent patch. For this patch the intention was to leave the name as-is so that it is easier to track the changes that were made. Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
- 18 Dec, 2019 1 commit
-
-
Ambroise Vincent authored
Provide an SMC interface to the 9p filesystem. This permits accessing firmware drivers through a common interface, using standardized read/write/control operations. Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I9314662314bb060f6bc02714476574da158b2a7d
-
- 17 Dec, 2019 1 commit
-
-
Sandrine Bailleux authored
Sphinx was showing the following warning message: docs/getting_started/build-options.rst:200: WARNING: Bullet list ends without a blank line; unexpected unindent. Change-Id: Iad5d49c1e0d25dd623ad15bce1af31babf860c03 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 11 Dec, 2019 1 commit
-
-
Gilad Ben-Yossef authored
Add the support needed to enable using CryptoCell integration with with RSA 3K support. Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com> Change-Id: I95527cb0c41ae012109e8968dd20a4ae9fe67f17
-
- 02 Dec, 2019 1 commit
-
-
zelalem-aweke authored
This patch enables LTO for TF-A when compiled with GCC. LTO is disabled by default and is enabled by ENABLE_LTO=1 build option. LTO is enabled only for aarch64 as there seem to be a bug in the aarch32 compiler when LTO is enabled. The changes in the makefiles include: - Adding -flto and associated flags to enable LTO. - Using gcc as a wrapper at link time instead of ld. This is recommended when using LTO as gcc internally takes care of invoking the necessary plugins for LTO. - Adding switches to pass options to ld. - Adding a flag to disable fix for erratum cortex-a53-843419 unless explicitly enabled. This is needed because GCC seem to automatically add the erratum fix when used as a wrapper for LD. Additionally, this patch updates the TF-A user guide with the new build option. Signed-off-by: zelalem-aweke <zelalem.aweke@arm.com> Change-Id: I1188c11974da98434b7dc9344e058cd1eacf5468
-
- 27 Nov, 2019 1 commit
-
-
Paul Beesley authored
The User Guide document has grown organically over time and now covers a wide range of topics, making it difficult to skim read and extract information from. Currently, it covers these topics and maybe a couple more: - Requirements (hardware, tools, libs) - Checking out the repo - Basic build instructions - A comprehensive list of build flags - FIP packaging - Building specifically for Juno - Firmware update images - EL3 payloads - Preloaded BL33 boot flow - Running on FVPs - Running on Juno I have separated these out into a few groups that become new documents. Broadly speaking, build instructions for the tools, for TF-A generally, and for specific scenarios are separated. Content relating to specific platforms (Juno and the FVPs are Arm-specific platforms, essentially) has been moved into the documentation that is specific to those platforms, under docs/plat/arm. Change-Id: Ica87c52d8cd4f577332be0b0738998ea3ba3bbec Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
- 26 Nov, 2019 1 commit
-
-
Madhukar Pappireddy authored
From AArch64 state, arguments are passed in registers W0-W7(X0-X7) and results are returned in W0-W7(X0-X7) for SMC32(SMC64) calls. From AArch32 state, arguments are passed in registers R0-R7 and results are returned in registers R0-R7 for SMC32 calls. Most of the functions and macros already existed to support using upto 8 registers for passing/returning parameters/results. Added few helper macros for SMC calls from AArch32 state. Link to the specification: https://developer.arm.com/docs/den0028/c Change-Id: I87976b42454dc3fc45c8343e9640aa78210e9741 Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 22 Oct, 2019 1 commit
-
-
Paul Beesley authored
A small set of misc changes to ensure correctness before the v2.2 release tagging. Change-Id: I888840b9483ea1a1633d204fbbc0f9594072101e Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
- 15 Oct, 2019 1 commit
-
-
Artsem Artsemenka authored
User guide: 1. Remove obsolete note saying only FVP is supported with AArch32 2. Switch compiler for Juno AArch32 to arm-eabi 3. Mention SOFTWARE folder in Juno Linaro release Index.rst: 1. Switch default FVP model to Version 11.6 Build 45 Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Change-Id: Ib47a2ea314e2b8394a20189bf91796de0e17de53
-
- 11 Oct, 2019 1 commit
-
-
Paul Beesley authored
Tidying up a few Sphinx warnings that had built-up over time. None of these are critical but it cleans up the Sphinx output. At the same time, fixing some spelling errors that were detected. Change-Id: I38209e235481eed287f8008c6de9dedd6b12ab2e Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
- 09 Oct, 2019 1 commit
-
-
Paul Beesley authored
This new page contains instructions for doing a local build of the documentation, plus information on the environment setup that needs to be done beforehand. Change-Id: If563145ab40639cabbe25d0f62759981a33692c6 Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
- 08 Oct, 2019 1 commit
-
-
Paul Beesley authored
Currently links between documents are using the format: <path/to/><filename>.rst This was required for services like GitHub because they render each document in isolation - linking to another document is like linking to any other file, just provide the full path. However, with the new approach, the .rst files are only the raw source for the documents. Once the documents have been rendered the output is now in another format (HTML in our case) and so, when linking to another document, the link must point to the rendered version and not the .rst file. The RST spec provides a few methods for linking between content. The parent of this patch enabled the automatic creation of anchors for document titles - we will use these anchors as the targets for our links. Additional anchors can be added by hand if needed, on section and sub-section titles, for example. An example of this new format, for a document with the title "Firmware Design" is :ref:`Firmware Design`. One big advantage of this is that anchors are not dependent on paths. We can then move documents around, even between directories, without breaking any links between documents. Links will need to be updated only if the title of a document changes. Change-Id: I9e2340a61dd424cbd8fd1ecc2dc166f460d81703 Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
- 04 Oct, 2019 1 commit
-
-
Soby Mathew authored
Make the spinlock implementation use ARMv8.1-LSE CAS instruction based on a platform build option. The CAS-based implementation used to be unconditionally selected for all ARM8.1+ platforms. The previous CAS spinlock implementation had a bug wherein the spin_unlock() implementation had an `sev` after `stlr` which is not sufficient. A dsb is needed to ensure that the stlr completes prior to the sev. Having a dsb is heavyweight and a better solution would be to use load exclusive semantics to monitor the lock and wake up from wfe when a store happens to the lock. The patch implements the same. Change-Id: I5283ce4a889376e4cc01d1b9d09afa8229a2e522 Signed-off-by: Soby Mathew <soby.mathew@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
-
- 02 Oct, 2019 1 commit
-
-
Louis Mayencourt authored
Change-Id: I3b866e927d93f4b690aa4891940fc8afabf4146e Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 30 Sep, 2019 1 commit
-
-
zelalem-aweke authored
- Updated Linaro release version number to 19.06 - Updated links to Linaro instructions and releases - Removed the Linaro old releases link Signed-off-by: zelalem-aweke <zelalem.aweke@arm.com> Change-Id: Ib786728106961e89182b42183e7b889f6fc74190
-
- 26 Sep, 2019 1 commit
-
-
Madhukar Pappireddy authored
This PSCI hook is similar to pwr_domain_on_finish but is guaranteed to be invoked with the respective core and cluster are participating in coherency. This will be necessary to safely invoke the new GICv3 API which modifies shared GIC data structures concurrently. Change-Id: I8e54f05c9d4ef5712184c9c18ba45ac97a29eb7a Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 18 Sep, 2019 1 commit
-
-
Haojian Zhuang authored
The block size of some storage device is 4096-byte long, such as UFS. But PARTITION_BLOCK_SIZE is defined as 512-byte long. So replace it by PLAT_PARTITION_BLOCK_SIZE. Make it configurable in platform. Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org> Change-Id: Iada05f7c646d0a0f2c0d3b8545540b3cb7153de3
-
- 13 Sep, 2019 1 commit
-
-
Alexei Fedorov authored
This patch provides the following features and makes modifications listed below: - Individual APIAKey key generation for each CPU. - New key generation on every BL31 warm boot and TSP CPU On event. - Per-CPU storage of APIAKey added in percpu_data[] of cpu_data structure. - `plat_init_apiakey()` function replaced with `plat_init_apkey()` which returns 128-bit value and uses Generic timer physical counter value to increase the randomness of the generated key. The new function can be used for generation of all ARMv8.3-PAuth keys - ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`. - New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively; pauth_disable_el1()` and `pauth_disable_el3()` functions disable PAuth for EL1 and EL3 respectively; `pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from cpu-data structure. - Combined `save_gp_pauth_registers()` function replaces calls to `save_gp_registers()` and `pauth_context_save()`; `restore_gp_pauth_registers()` replaces `pauth_context_restore()` and `restore_gp_registers()` calls. - `restore_gp_registers_eret()` function removed with corresponding code placed in `el3_exit()`. - Fixed the issue when `pauth_t pauth_ctx` structure allocated space for 12 uint64_t PAuth registers instead of 10 by removal of macro CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h` and assigning its value to CTX_PAUTH_REGS_END. - Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions in `msr spsel` instruction instead of hard-coded values. - Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI. Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 12 Sep, 2019 3 commits
-
-
Justin Chadwell authored
Support for PKCS#1 v1.5 was deprecated in SHA 1001202d and fully removed in SHA fe199e3b , however, cert_tool is still able to generate certificates in that form. This patch fully removes the ability for cert_tool to generate these certificates. Additionally, this patch also fixes a bug where the issuing certificate was a RSA and the issued certificate was EcDSA. In this case, the issued certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now that PKCS#1 v1.5 support is removed, all certificates that are signed with RSA now use the more modern padding scheme. Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
Justin Chadwell authored
This patch adds documentation for the new KEY_SIZE build option that is exposed by cert_create, and instructions on how to use it. Change-Id: I09b9b052bfdeeaca837e0f0026e2b01144f2472c Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
Hadi Asyrafi authored
Some of the platform (ie. Agilex) make use of CCU IPs which will only be initialized during bl2_el3_early_platform_setup. Any operation to the cache beforehand will crash the platform. Hence, this will provide an option to skip the data cache invalidation upon bl2 entry at EL3 Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com> Change-Id: I2c924ed0589a72d0034714c31be8fe57237d1f06
-
- 11 Sep, 2019 1 commit
-
-
Justin Chadwell authored
This patch adds support for the Undefined Behaviour sanitizer. There are two types of support offered - minimalistic trapping support which essentially immediately crashes on undefined behaviour and full support with full debug messages. The full support relies on ubsan.c which has been adapted from code used by OPTEE. Change-Id: I417c810f4fc43dcb56db6a6a555bfd0b38440727 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-