1. 06 Jun, 2019 4 commits
  2. 05 Jun, 2019 3 commits
    • John Tsichritzis's avatar
    • John Tsichritzis's avatar
    • James kung's avatar
      Prevent pending G1S interrupt become G0 interrupt · acc29852
      James kung authored
      
      
      According to Arm GIC spec(IHI0069E, section 4.6.1),
      when GICD_CTLR.DS == 0, Secure Group 1 interrupts
      are treated as Group 0 by a CPU interface if:
      - The PE does not implement EL3.
      - ICC_SRE_EL1(S).SRE == 0
      
      When a cpu enter suspend or deep idle, it might be
      powered off. When the cpu resume, according to
      the GIC spec(IHI0069E, section 9.2.15, 9.2.16 and
      9.2.22) the ICC_SRE_EL1.SRE reset value is 0 (if
      write is allowed) and G0/G1S/G1NS interrupt of the
      GIC cpu interface are all disabled.
      
      If a G1S SPI interrupt occurred and the target cpu
      of the SPI is assigned to a specific cpu which is
      in suspend and is powered off, when the cpu resume
      and start to initial the GIC cpu interface, the
      initial sequence might affect the interrupt group
      type of the pending interrupt on the cpu interface.
      
      Current initial sequence on the cpu interface is:
      1. Enable G0 interrupt
      2. Enable G1S interrupt
      3. Enable ICC_SRE_EL1(S).SRE
      
      It is possible to treat the pending G1S interrupt
      as G0 interrupt on the cpu interface if the G1S
      SPI interrupt occurred between step2 and step3.
      
      To prevent the above situation happend, the initial
      sequence should be changed as follows:
      1. Enable ICC_SRE_EL1(S).SRE
      2. Enable G0 interrupt
      3. Enable G1S interrupt
      
      Change-Id: Ie34f6e0b32eb9a1677ff72571fd4bfdb5cae25b0
      Signed-off-by: default avatarJames Kung <kong1191@gmail.com>
      acc29852
  3. 04 Jun, 2019 1 commit
    • John Tsichritzis's avatar
      Apply compile-time check for AArch64-only cores · 629d04f5
      John Tsichritzis authored
      
      
      Some cores support only AArch64 mode. In those cores, only a limited
      subset of the AArch32 system registers are implemented. Hence, if TF-A
      is supposed to run on AArch64-only cores, it must be compiled with
      CTX_INCLUDE_AARCH32_REGS=0.
      
      Currently, the default settings for compiling TF-A are with the AArch32
      system registers included. So, if we compile TF-A the default way and
      attempt to run it on an AArch64-only core, we only get a runtime panic.
      
      Now a compile-time check has been added to ensure that this flag has the
      appropriate value when AArch64-only cores are included in the build.
      
      Change-Id: I298ec550037fafc9347baafb056926d149197d4c
      Signed-off-by: default avatarJohn Tsichritzis <john.tsichritzis@arm.com>
      629d04f5
  4. 03 Jun, 2019 3 commits
  5. 31 May, 2019 2 commits
  6. 30 May, 2019 3 commits
  7. 29 May, 2019 4 commits
  8. 28 May, 2019 5 commits
  9. 24 May, 2019 8 commits
    • Paul Beesley's avatar
    • Paul Beesley's avatar
      Merge changes from topic "jts/docs" into integration · c0e9d433
      Paul Beesley authored
      * changes:
        Docs fixes
        Update security documentation
      c0e9d433
    • Alexei Fedorov's avatar
      Add support for Branch Target Identification · 9fc59639
      Alexei Fedorov authored
      
      
      This patch adds the functionality needed for platforms to provide
      Branch Target Identification (BTI) extension, introduced to AArch64
      in Armv8.5-A by adding BTI instruction used to mark valid targets
      for indirect branches. The patch sets new GP bit [50] to the stage 1
      Translation Table Block and Page entries to denote guarded EL3 code
      pages which will cause processor to trap instructions in protected
      pages trying to perform an indirect branch to any instruction other
      than BTI.
      BTI feature is selected by BRANCH_PROTECTION option which supersedes
      the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication
      and is disabled by default. Enabling BTI requires compiler support
      and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0.
      The assembly macros and helpers are modified to accommodate the BTI
      instruction.
      This is an experimental feature.
      Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3
      is now made as an internal flag and BRANCH_PROTECTION flag should be
      used instead to enable Pointer Authentication.
      Note. USE_LIBROM=1 option is currently not supported.
      
      Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      9fc59639
    • Ambroise Vincent's avatar
      Makefile: Add default warning flags · 00296576
      Ambroise Vincent authored
      
      
      The flags are taken from the different warning levels of the build
      system when they do not generate any error with the current upstreamed
      platforms.
      
      Change-Id: Ia70cff83bedefb6d2f0dd266394ef77fe47e7f65
      Signed-off-by: default avatarAmbroise Vincent <ambroise.vincent@arm.com>
      00296576
    • John Tsichritzis's avatar
      Docs fixes · a16fd37f
      John Tsichritzis authored
      
      
      1) Fix links in "about" page
      2) Put back the "contents" page with adjusted links
      
      Change-Id: Id09140b91df5cf0a275149801d05d8cfeeda1c6e
      Signed-off-by: default avatarJohn Tsichritzis <john.tsichritzis@arm.com>
      a16fd37f
    • John Tsichritzis's avatar
      Update security documentation · 55f14059
      John Tsichritzis authored
      
      
      1) Replace references to "Arm Trusted Firmware" with "TF-A"
      2) Update issue tracker link
      
      Change-Id: I12d827d49f6cc34e46936d7f7ccf44e32b26a0bd
      Signed-off-by: default avatarJohn Tsichritzis <john.tsichritzis@arm.com>
      55f14059
    • John Tsichritzis's avatar
      Introduce BTI support in ROMLIB · bbb24f61
      John Tsichritzis authored
      
      
      When TF-A is compiled with BTI enabled, the branches in the ROMLIB
      jumptable must be preceded by a "bti j" instruction.
      
      Moreover, when the additional "bti" instruction is inserted, the
      jumptable entries have a distance of 8 bytes between them instead of 4.
      Hence, the wrappers are also modified accordinly.
      
      If TF-A is compiled without BTI enabled, the ROMLIB jumptable and
      wrappers are generated as before.
      
      Change-Id: Iaa59897668f8e59888d39046233300c2241d8de7
      Signed-off-by: default avatarJohn Tsichritzis <john.tsichritzis@arm.com>
      bbb24f61
    • John Tsichritzis's avatar
      Beautify "make help" · 7c23126c
      John Tsichritzis authored
      
      
      Changes to make the help text a bit more readable:
      1) The "usage" part is now a one-liner
      2) The supported platforms list is printed separately
      
      Change-Id: I93e48a6cf1d28f0ef9f3db16ce17725e4dff33c9
      Signed-off-by: default avatarJohn Tsichritzis <john.tsichritzis@arm.com>
      7c23126c
  10. 23 May, 2019 4 commits
  11. 22 May, 2019 3 commits