- 05 Feb, 2018 2 commits
-
-
Etienne Carriere authored
Define Qemu AArch32 implementation for some platform functions (core position, secondary boot cores, crash console). These are derived from the AArch64 implementation. BL31 on Qemu is needed only for ARMv8 and later. On ARMv7, BL32 is the first executable image after BL2. Support SP_MIN and OP-TEE as BL32: create a sp_min make script target in Qemu, define mapping for IMAGE_BL32 Minor fix Qemu return value type for plat_get_ns_image_entrypoint(). Qemu model for the Cortex-A15 does not support the virtualization extension although the core expects it. To overcome the issue, Qemu ARMv7 configuration set ARCH_SUPPORTS_VIRTUALIZATION to 0. Add missing AArch32 assembly macro arm_print_gic_regs from ARM platform used by the Qemu platform. Qemu Cortex-A15 model integrates a single cluster with up to 4 cores. Change-Id: I65b44399071d6f5aa40d5183be11422b9ee9ca15 Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
-
Etienne Carriere authored
AArch32 only platforms can boot the OP-TEE secure firmware as a BL32 secure payload. Such configuration can be defined through AARCH32_SP=optee. The source files can rely on AARCH32_SP_OPTEE to condition OP-TEE boot specific instruction sequences. OP-TEE does not expect ARM Trusted Firmware formatted structure as boot argument. Load sequence is expected to have already loaded to OP-TEE boot arguments into the bl32 entrypoint info structure. Last, AArch32 platform can only boot AArch32 OP-TEE images. Change-Id: Ic28eec5004315fc9111051add6bb1a1d607fc815 Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
-
- 02 Feb, 2018 1 commit
-
-
Etienne Carriere authored
Add 'lr_svc' as a boot parameter in AArch32 bl1. This is used by Optee and Trusty to get the non-secure entry point on AArch32 platforms. This change is not ported in AArch64 mode where the BL31, not BL32, is in charge of booting the non secure image (BL33). Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
-
- 01 Feb, 2018 4 commits
-
-
davidcunado-arm authored
rockchip/rk3399: Fix memory corruptions or illegal memory access
-
davidcunado-arm authored
Analyze coding style of patches individually
-
davidcunado-arm authored
Implement support for SMCCC v1.1 and optimize security mitigations for CVE-2017-5715 on AArch64
-
davidcunado-arm authored
RK3399 GIC save/restore
-
- 30 Jan, 2018 5 commits
-
-
davidcunado-arm authored
fiptool: Fix use after free
-
davidcunado-arm authored
Makefile: Use ld.bfd linker if available
-
davidcunado-arm authored
Correct the Makefile logic for disabling PIE
-
davidcunado-arm authored
Fix udelay issues that can make duration slightly too short
-
Caesar Wang authored
Coverity scan done for the coreboot project found the issue: Coverity (*** CID 1385418: Memory - illegal accesses (OVERRUN)) Coverity (*** CID 1385419: Memory - corruptions (OVERRUN)) Fix the Converity error issue with store_cru[] loop needs to be one element bigger. Fixes: ARM-software/tf-issues#544 Change-Id: I420f0a660b24baaa5fc5e78fca242cf750c9bbc7 Signed-off-by: Caesar Wang <wxt@rock-chips.com>
-
- 29 Jan, 2018 15 commits
-
-
davidcunado-arm authored
SPM: Map devices in the 1st GB
-
davidcunado-arm authored
Fix documentation for CnP bit
-
davidcunado-arm authored
docs: hikey: Fix typo
-
Julius Werner authored
Some toolchain distributions install both the BFD and GOLD linkers under the names <target>-ld.bfd and <target>-ld.gold. <target>-ld will then be a symlink that may point to either one of these. Trusted Firmware should always be linked with the BFD linker, since GOLD is meant primarily for userspace programs and doesn't support many of the more obscure linker script features that may be needed for firmware. With this patch the Makefile will auto-detect if ld.bfd is available and use it explicitly in that case. Change-Id: I7017055f67db3bd57d191d20a7af06ca646937d7 Signed-off-by: Julius Werner <jwerner@chromium.org>
-
Sandrine Bailleux authored
The CnP bit documentation in the Firmware Design Guide incorrectly used the term "Page Entries" instead of "Processing Elements". Fix that. Change-Id: Ie44ee99c281b7b1a9ad90fba2c7d109f12425507 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Antonio Nino Diaz authored
With the old system `checkpatch.pl` gets one sole input that consists of the commit message and commit diff of each commit between BASE_COMMIT and HEAD. It also filters out changes in some files, which makes `git format-patch` completely ignore that commit, even the commit message. With the new system the commit message and commit diff are analyzed separately. This means that, even if all the files modified by a commit are filtered out, the commit message will still be analyzed. Also, all commits are analyzed individually. This way it's easier to know which commit caused the problem, and there are no warnings about repeated "Signed-off-by" lines. Change-Id: Ic676a0b76801bb2607141a8d73dc3a942dc01c0e Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Dimitris Papastamos authored
This patch implements a fast path for this SMC call on affected PEs by detecting and returning immediately after executing the workaround. NOTE: The MMU disable/enable workaround now assumes that the MMU was enabled on entry to EL3. This is a valid assumption as the code turns on the MMU after reset and leaves it on until the core powers off. Change-Id: I13c336d06a52297620a9760fb2461b4d606a30b3 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
In the initial implementation of this workaround we used a dedicated workaround context to save/restore state. This patch reduces the footprint as no additional context is needed. Additionally, this patch reduces the memory loads and stores by 20%, reduces the instruction count and exploits static branch prediction to optimize the SMC path. Change-Id: Ia9f6bf06fbf8a9037cfe7f1f1fb32e8aec38ec7d Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
On some platforms it may be necessary to discover the SMCCC version via a PSCI features call. Change-Id: I95281ac2263ca9aefda1809eb03464fbdb8ac24d Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
SMCCC v1.1 comes with a relaxed calling convention for AArch64 callers. The caller only needs to save x0-x3 before doing an SMC call. This patch adds support for SMCCC_VERSION and SMCCC_ARCH_FEATURES. Refer to "Firmware Interfaces for mitigating CVE_2017_5715 System Software on Arm Systems"[0] for more information. [0] https://developer.arm.com/-/media/developer/pdf/ARM%20DEN%200070A%20Firmware%20interfaces%20for%20mitigating%20CVE-2017-5715_V1.0.pdf Change-Id: If5b1c55c17d6c5c7cb9c2c3ed355d3a91cdad0a9 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
In preparation for SMCCC v1.1 support, save x4 to x29 unconditionally. Previously we expected callers coming from AArch64 mode to preserve x8-x17. This is no longer the case with SMCCC v1.1 as AArch64 callers only need to save x0-x3. Change-Id: Ie62d620776533969ff4a02c635422f1b9208be9c Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
Change-Id: Ib67b841ab621ca1ace3280e44cf3e1d83052cb73 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
davidcunado-arm authored
hikey: fix assert in sec_protect()
-
Sandrine Bailleux authored
This patch maps the devices in the first GB of the system address map on the FVP into the S-EL1&0 translation regime when SPM support is enabled. This grants the Secure Partition access to the devices in this region, for example the memory-mapped Generic Timer device. Change-Id: I3aeea65f859ecbe83efde2acee20c55500c451bc Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Andreas Färber authored
The correct name of the manufacturer is LeMaker. Signed-off-by: Andreas Färber <afaerber@suse.de>
-
- 27 Jan, 2018 2 commits
-
-
Andreas Färber authored
Commit 880b9e8b (Add padding at the end of the last entry) added code using toc_entry pointer, whose memory is already freed via variable buf. This causes enormous padding on openSUSE. Free the memory buffer only after padding is done. Signed-off-by: Andreas Färber <afaerber@suse.de>
-
Victor Chong authored
`assert(e)` was used in place of `if (e) ERROR()` when sec_protect() was ported from hikey fork so the logic should have been reversed. Fixes: 3d5d9f5a ("hikey: configure the top 16MB of DRAM as secure") Fixes: 52988b38 ("hikey: configure 4 MB of secure DRAM for OP-TEE Secure Data Path") Signed-off-by: Victor Chong <victor.chong@linaro.org> Tested-by: Victor Chong <victor.chong@linaro.org>
-
- 26 Jan, 2018 2 commits
-
-
davidcunado-arm authored
Hikey protect optee / sdp memory
-
Derek Basehore authored
This disables the redistributor before either of the pwr_dm_suspend functions are called. This is because the rdist save code in the rk3399 rockchip_soc_sys_pwr_dm_suspend function requires that each redistributor be disabled before saving state. Signed-off-by: Derek Basehore <dbasehore@chromium.org>
-
- 25 Jan, 2018 5 commits
-
-
Julius Werner authored
Delay functions like udelay() are often used to ensure that the necessary time passed to allow some asynchronous event to finish, such as the stabilization delay for a power rail. For these use cases it is not very problematic if the delay is slightly longer than requested, but it is critical that the delay must never be shorter. The current udelay() implementation contains two hazards that may cause the delay to be slightly shorter than intended: Firstly, the amount of ticks to wait is calculated with an integer division, which may cut off the last fraction of ticks needed. Secondly, the delay may be short by a fraction of a tick because we do not know whether the initial ("start") sample of the timer was near the start or near the end of the current tick. Thus, if the code intends to wait for one tick, it might read the timer value close to the end of the current tick and then read it again right after the start of the next tick, concluding that the duration of a full tick has passed when it in fact was just a fraction of it. This patch rounds up the division and always adds one extra tick to counteract both problems and ensure that delays will always be larger but never smaller than requested. Change-Id: Ic5fe5f858b5cdf3c0dbf3e488d4d5702d9569433 Signed-off-by: Julius Werner <jwerner@chromium.org>
-
davidcunado-arm authored
uniphier: migrate to BL2-AT-EL3
-
davidcunado-arm authored
SPM: Declare explicit width based types in secure_partition_boot_info…
-
davidcunado-arm authored
Hikey960: Enable invalid FIQ handling
-
davidcunado-arm authored
Workarounds for CVE-2017-5715 on A9/A15 and A17 + serial console reporting
-
- 24 Jan, 2018 4 commits
-
-
davidcunado-arm authored
poplar: Enable emmc and recovery build support
-
davidcunado-arm authored
New console API and coreboot support [v4]
-
Masahiro Yamada authored
UniPhier platform implements non-TF boot ROM. Prior to the BL2-AT-EL3 support, BL1 (worked as a pseudo ROM) was needed just for ensuring BL2 is entered at EL1-S. Now, this platform is able to avoid this waste. Enable the BL2_AT_EL3 option, and remove BL1. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The warm boot mailbox code is compiled if PROGRAMMABLE_RESET_ADDRESS is disabled. The warm boot mailbox is useless for UniPhier SoC family because BL1 is not the first image. The UniPhier platform implements non-TF ROM, then BL1 works as a pseudo ROM, so it is never executed in the warm boot. The reset vector address is not actually programmable for UniPhier platform, but it should not hurt to enable PROGRAMMABLE_RESET_ADDRESS to disable the mailbox and remove pointless plat_get_my_entrypoint. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-