1. 19 Dec, 2017 1 commit
  2. 06 Dec, 2017 1 commit
    • Antonio Nino Diaz's avatar
      SPM: Move S-EL1/S-EL0 xlat tables to TZC DRAM · 45d640f0
      Antonio Nino Diaz authored
      
      
      A new platform define, `PLAT_SP_IMAGE_XLAT_SECTION_NAME`, has been
      introduced to select the section where the translation tables used by
      the S-EL1/S-EL0 are placed.
      
      This define has been used to move the translation tables to DRAM secured
      by TrustZone.
      
      Most of the extra needed space in BL31 when SPM is enabled is due to the
      large size of the translation tables. By moving them to this memory
      region we can save 44 KiB.
      
      A new argument has been added to REGISTER_XLAT_CONTEXT2() to specify the
      region where the translation tables have to be placed by the linker.
      
      Change-Id: Ia81709b4227cb8c92601f0caf258f624c0467719
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      45d640f0
  3. 29 Nov, 2017 2 commits
    • Soby Mathew's avatar
      ARM platforms: Fixup AArch32 builds · 5744e874
      Soby Mathew authored
      
      
      This patch fixes a couple of issues for AArch32 builds on ARM reference
      platforms :
      
      1. The arm_def.h previously defined the same BL32_BASE value for AArch64 and
         AArch32 build. Since BL31 is not present in AArch32 mode, this meant that
         the BL31 memory is empty when built for AArch32. Hence this patch allocates
         BL32 to the memory region occupied by BL31 for AArch32 builds.
      
         As a side-effect of this change, the ARM_TSP_RAM_LOCATION macro cannot
         be used to control the load address of BL32 in AArch32 mode which was
         never the intention of the macro anyway.
      
      2. A static assert is added to sp_min linker script to check that the progbits
         are within the bounds expected when overlaid with other images.
      
      3. Fix specifying `SPD` when building Juno for AArch32 mode. Due to the quirks
         involved when building Juno for AArch32 mode, the build option SPD needed to
         specifed. This patch corrects this and also updates the documentation in the
         user-guide.
      
      4. Exclude BL31 from the build and FIP when building Juno for AArch32 mode. As
         a result the previous assumption that BL31 must be always present is removed
         and the certificates for BL31 is only generated if `NEED_BL31` is defined.
      
      Change-Id: I1c39bbc0abd2be8fbe9f2dea2e9cb4e3e3e436a8
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      5744e874
    • Antonio Nino Diaz's avatar
      Replace magic numbers in linkerscripts by PAGE_SIZE · a2aedac2
      Antonio Nino Diaz authored
      
      
      When defining different sections in linker scripts it is needed to align
      them to multiples of the page size. In most linker scripts this is done
      by aligning to the hardcoded value 4096 instead of PAGE_SIZE.
      
      This may be confusing when taking a look at all the codebase, as 4096
      is used in some parts that aren't meant to be a multiple of the page
      size.
      
      Change-Id: I36c6f461c7782437a58d13d37ec8b822a1663ec1
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      a2aedac2
  4. 20 Nov, 2017 1 commit
    • Dimitris Papastamos's avatar
      Refactor Statistical Profiling Extensions implementation · 281a08cc
      Dimitris Papastamos authored
      
      
      Factor out SPE operations in a separate file.  Use the publish
      subscribe framework to drain the SPE buffers before entering secure
      world.  Additionally, enable SPE before entering normal world.
      
      A side effect of this change is that the profiling buffers are now
      only drained when a transition from normal world to secure world
      happens.  Previously they were drained also on return from secure
      world, which is unnecessary as SPE is not supported in S-EL1.
      
      Change-Id: I17582c689b4b525770dbb6db098b3a0b5777b70a
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      281a08cc
  5. 13 Nov, 2017 3 commits
    • Jeenu Viswambharan's avatar
      ARM platforms: Enable SDEI · 0baec2ab
      Jeenu Viswambharan authored
      
      
      Support SDEI on ARM platforms using frameworks implemented in earlier
      patches by defining and exporting SDEI events: this patch defines the
      standard event 0, and a handful of shared and private dynamic events.
      
      Change-Id: I9d3d92a92cff646b8cc55eabda78e140deaa24e1
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      0baec2ab
    • Jeenu Viswambharan's avatar
      ARM platforms: Define exception macros · 0bef0edf
      Jeenu Viswambharan authored
      
      
      Define number of priority bits, and allocate priority levels for SDEI.
      
      Change-Id: Ib6bb6c5c09397f7caef950c4caed5a737b3d4112
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      0bef0edf
    • Jeenu Viswambharan's avatar
      ARM platforms: Make arm_validate_ns_entrypoint() common · 71e7a4e5
      Jeenu Viswambharan authored
      
      
      The function arm_validate_ns_entrypoint() validates a given non-secure
      physical address. This function however specifically returns PSCI error
      codes.
      
      Non-secure physical address validation is potentially useful across ARM
      platforms, even for non-PSCI use cases. Therefore make this function
      common by returning 0 for success or -1 otherwise.
      
      Having made the function common, make arm_validate_psci_entrypoint() a
      wrapper around arm_validate_ns_entrypoint() which only translates return
      value into PSCI error codes. This wrapper is now used where
      arm_validate_ns_entrypoint() was currently used for PSCI entry point
      validation.
      
      Change-Id: Ic781fc3105d6d199fd8f53f01aba5baea0ebc310
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      71e7a4e5
  6. 09 Nov, 2017 1 commit
  7. 25 Oct, 2017 1 commit
  8. 16 Oct, 2017 1 commit
    • Jeenu Viswambharan's avatar
      ARM platforms: Migrate to using interrupt properties · b2c363b1
      Jeenu Viswambharan authored
      
      
      An earlier patch added provision for the platform to provide secure
      interrupt properties. ARM platforms already has a list of interrupts
      that fall into different secure groups.
      
      This patch defines macros that enumerate interrupt properties in the
      same fashion, and points the driver driver data to a list of interrupt
      properties rather than list of secure interrupts on ARM platforms.  The
      deprecated interrupt list definitions are however retained to support
      legacy builds.
      
      Configuration applied to individual interrupts remain unchanged, so no
      runtime behaviour change expected.
      
      NOTE: Platforms that use the arm/common function
      plat_arm_gic_driver_init() must replace their PLAT_ARM_G1S_IRQS and
      PLAT_ARM_G0_IRQS macro definitions with PLAT_ARM_G1S_IRQ_PROPS and
      PLAT_ARM_G0_IRQ_PROPS macros respectively, using the provided
      INTR_PROP_DESC macro.
      
      Change-Id: I24d643b83e3333753a3ba97d4b6fb71e16bb0952
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      b2c363b1
  9. 11 Oct, 2017 2 commits
    • Soby Mathew's avatar
      ARM platforms: enable GICv3 state save/restore · e35a3fb5
      Soby Mathew authored
      
      
      Provides GICv3 save/restore feature to arm_system_pwr_domain_resume and
      arm_system_pwr_domain_save functions.
      
      Introduce FVP PSCI power level 3 (System level) support. This is solely
      done to provide example code on how to use the GICv3 save and restore
      helpers.
      
      Also make CSS GICv3 platforms power off the Redistributor on SYSTEM
      SUSPEND as its state is saved and restored.
      
      Change-Id: I0d852f3af8824edee1a17c085cf593ddd33a4e77
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      Co-Authored-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      e35a3fb5
    • Soby Mathew's avatar
      ARM platforms: Add support for EL3 TZC memory region · a22dffc6
      Soby Mathew authored
      
      
      Some recent enhancements to EL3 runtime firmware like support for
      save and restoring GICv3 register context during system_suspend
      necessitates additional data memory for the firmware. This patch
      introduces support for creating a TZC secured DDR carveout for use
      by ARM reference platforms. A new linker section `el3_tzc_dram` is
      created using platform supplied linker script and data marked with
      the attribute `arm_el3_tzc_dram` will be placed in this section.
      The FVP makefile now defines the `PLAT_EXTRA_LD_SCRIPT` variable to
      allow inclusion of the platform linker script by the top level BL31
      linker script.
      
      Change-Id: I0e7f4a75a6ac51419c667875ff2677043df1585d
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      a22dffc6
  10. 06 Oct, 2017 1 commit
    • David Cunado's avatar
      Increase PLAT_ARM_MMAP_ENTRIES and MAX_XLAT_TABLES · 2e421ad2
      David Cunado authored
      
      
      The MEM_PROTECT support adds a MMAP region for DRAM2, which when
      building with TBBR support and OP-TEE tsp requires an additional
      entry in the MMAP region array in BL2 - PLAT_ARM_MMAP_ENTRIES is
      increased.
      
      The MEM_PROTECT support also adds a new region in BL31, and when
      BL31 is placed in DRAM, the memory mappings require an additional
      translation table - MAX_XLAT_TABLES is increased.
      
      Change-Id: I0b76260da817dcfd0b8f73a7193c36efda977625
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      2e421ad2
  11. 25 Sep, 2017 2 commits
    • Roberto Vargas's avatar
      mem_protect: Add DRAM2 to the list of mem protected ranges · b09ba056
      Roberto Vargas authored
      
      
      On ARM platforms, the maximum size of the address space is limited
      to 32-bits as defined in arm_def.h. In order to access DRAM2, which
      is defined beyond the 32-bit address space, the maximum address space
      is increased to 36-bits in AArch64. It is possible to increase the
      virtual space for AArch32, but it is more difficult and not supported
      for now.
      
      NOTE - the actual maximum memory address space is platform dependent
      and is checked at run-time by querying the PARange field in the
      ID_AA64MMFR0_EL1 register.
      
      Change-Id: I6cb05c78a63b1fed96db9a9773faca04a5b93d67
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      b09ba056
    • Roberto Vargas's avatar
      mem_protect: Add mem_protect support in Juno and FVP for DRAM1 · f145403c
      Roberto Vargas authored
      
      
      mem_protect needs some kind of non-volatile memory because it has
      to remember its state across reset and power down events.
      The most suitable electronic part for this feature is a NVRAM
      which should be only accesible from the secure world. Juno and
      FVP lack such hardware and for this reason the MEM_PROTECT
      functionality is implemented with Flash EEPROM memory on both
      boards, even though this memory is accesible from the non-secure
      world. This is done only to show a full implementation of
      these PSCI features, but an actual system shouldn't use a
      non-secure NVRAM to implement it.
      
      The EL3 runtime software will write the mem_protect flag and BL2
      will read and clear the memory ranges if enabled. It is done in
      BL2 because it reduces the time that TF needs access to the full
      non-secure memory.
      
      The memory layout of both boards is defined using macros which
      take different values in Juno and FVP platforms. Generic platform
      helpers are added that use the platform specific macros to generate
      a mem_region_t that is valid for the platform.
      
      Change-Id: I2c6818ac091a2966fa07a52c5ddf8f6fde4941e9
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      f145403c
  12. 22 Sep, 2017 1 commit
  13. 12 Sep, 2017 1 commit
    • Qixiang Xu's avatar
      plat/arm: Fix BL31_BASE when RESET_TO_BL31=1 · fd5763ea
      Qixiang Xu authored
      
      
      The value of BL31_BASE currently depends on the size of BL31. This
      causes problems in the RESET_TO_BL31 case because the value of
      BL31_BASE is used in the model launch parameters, which often changes.
      
      Therefore, this patch fixes BL31_BASE to the middle of Trusted SRAM,
      to avoid further model parameter changes in future.
      
      Change-Id: I6d7fa4fe293717d84768974679539c0e0cb6d935
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      fd5763ea
  14. 06 Sep, 2017 2 commits
    • Soby Mathew's avatar
      CSS: Changes for SDS framework · 18e279eb
      Soby Mathew authored
      
      
      This patch does the required changes to enable CSS platforms
      to build and use the SDS framework. Since SDS is always coupled with
      SCMI protocol, the preexisting SCMI build flag is now renamed to
      `CSS_USE_SCMI_SDS_DRIVER` which will enable both SCMI and SDS on
      CSS platforms. Also some of the workarounds applied for SCMI are
      now removed with SDS in place.
      
      Change-Id: I94e8b93f05e3fe95e475c5501c25bec052588a9c
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      18e279eb
    • Soby Mathew's avatar
      Fix JUNO AArch32 build · ba6c31da
      Soby Mathew authored
      
      
      This patch fixes the inconsistency with regards as to how
      BL2_BASE/BL2U_BASE and BL2_LIMIT/BL2U_LIMIT macros are defined
      when building Juno to run in AArch32 mode at EL3. In this case,
      BL32 is compiled for AArch32 whereas BL1 and BL2 are compiled
      for AArch64. This resulted in BL32 conditionally compiling a
      different definition of the above mentioned macros from BL1/BL2.
      This is fixed by taking into consideration the
      JUNO_AARCH32_EL3_RUNTIME build flag as well in the conditional
      compilation check.
      
      Change-Id: I27ac68aa4df0502089c1739c05366a9c509eb5be
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      ba6c31da
  15. 05 Sep, 2017 1 commit
  16. 31 Aug, 2017 1 commit
  17. 29 Aug, 2017 1 commit
    • Jeenu Viswambharan's avatar
      plat/arm: Fix ARM_INSTANTIATE_LOCK syntax anomaly · 19583169
      Jeenu Viswambharan authored
      
      
      The current definition of ARM_INSTANTIATE_LOCK macro includes a
      semicolon, which means it's omitted where it's used. This is anomalous
      for a C statement in global scope.
      
      Fix this by removing semicolon from the definition; and where it's a
      NOP, declare a file-scoped variable explicitly tagged as unused to avoid
      compiler warning.
      
      No functional changes.
      
      Change-Id: I2c1d92ece4777e272a025011e03b8003f3543335
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      19583169
  18. 25 Aug, 2017 1 commit
    • Jens Wiklander's avatar
      ARM plat: change OP-TEE pageable load base · 04f72bae
      Jens Wiklander authored
      
      
      Changes ARM_OPTEE_PAGEABLE_LOAD_BASE to end of ARM_AP_TZC_DRAM1.
      ARM_OPTEE_PAGEABLE_LOAD_SIZE is also increased to 4MB to optimize
      translation table usage.
      
      This change makes loading of paged part easier inside OP-TEE OS as the
      previous location of ARM_OPTEE_PAGEABLE_LOAD_BASE normally isn't mapped
      if paging is enabled.
      Signed-off-by: default avatarJens Wiklander <jens.wiklander@linaro.org>
      04f72bae
  19. 22 Aug, 2017 2 commits
  20. 09 Aug, 2017 1 commit
    • Summer Qin's avatar
      Add Trusted OS extra image parsing support for ARM standard platforms · 54661cd2
      Summer Qin authored
      
      
      Trusted OS may have extra images to be loaded. Load them one by one
      and do the parsing. In this patch, ARM TF need to load up to 3 images
      for optee os: header, pager and paged images. Header image is the info
      about optee os and images. Pager image include pager code and data.
      Paged image include the paging parts using virtual memory.
      
      Change-Id: Ia3bcfa6d8a3ed7850deb5729654daca7b00be394
      Signed-off-by: default avatarSummer Qin <summer.qin@arm.com>
      54661cd2
  21. 02 Aug, 2017 1 commit
    • Jeenu Viswambharan's avatar
      FVP: Support Base FVP RevC · 955242d8
      Jeenu Viswambharan authored
      
      
      Revision C of the Base FVP has the same memory map as earlier revisions,
      but has the following differences:
      
        - Implements CCI550 instead of CCI400,
        - Has a single instantiation of SMMUv3,
        - CPU MPIDs are shifted left by one level, and has MT bit set in them.
      
      The correct interconnect to program is chosen at run time based on the
      FVP revision. Therefore, this patch implements FVP functions for
      interconnect programming, rather than depending on ARM generic ones. The
      macros used have been renamed to reflect this change.
      
      Additionally, this patch initializes SMMUv3 as part of FVP early
      platform setup.
      
      New ARM config flags are introduced for feature queries at run time.
      
      Change-Id: Ic7b7f080953a51fceaf62ce7daa6de0573801f09
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      955242d8
  22. 25 Jul, 2017 1 commit
  23. 20 Jul, 2017 1 commit
    • Soby Mathew's avatar
      CSS: Prevent SCP_BL2/2U from overwriting BL1 RW data · 1ea63d77
      Soby Mathew authored
      
      
      On ARM CSS platforms, the SCP_BL2/2U image is loaded below
      BL1 read-write data. This same memory is used to load BL31
      later on. But sufficient checks were not done to ensure that the
      SCP_BL2 would not overwrite BL1 rw data. This patch adds the
      required CASSERT checks to prevent overwrite into BL1 or BL2
      memory by load of SCP_BL2/2U. Also the size of BL31 is increased
      and SCP_BL2/2U size is decreased to accomodate it within the
      allocated region.
      
      Change-Id: I23b28b5e1589e91150852a06452bd52b273216ee
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      1ea63d77
  24. 28 Jun, 2017 1 commit
    • Soby Mathew's avatar
      ARM plat changes to enable CryptoCell integration · e60f2af9
      Soby Mathew authored
      
      
      This patch makes the necessary changes to enable ARM platform to
      successfully integrate CryptoCell during Trusted Board Boot. The
      changes are as follows:
      
      * A new build option `ARM_CRYPTOCELL_INTEG` is introduced to select
        the CryptoCell crypto driver for Trusted Board boot.
      
      * The TrustZone filter settings for Non Secure DRAM is modified
        to allow CryptoCell to read this memory. This is required to
        authenticate BL33 which is loaded into the Non Secure DDR.
      
      * The CSS platforms are modified to use coherent stacks in BL1 and BL2
        when CryptoCell crypto is selected. This is because CryptoCell makes
        use of DMA to transfer data and the CryptoCell SBROM library allocates
        buffers on the stack during signature/hash verification.
      
      Change-Id: I1e6f6dcd1899784f1edeabfa2a9f279bbfb90e31
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      e60f2af9
  25. 22 Jun, 2017 1 commit
    • dp-arm's avatar
      aarch64: Enable Statistical Profiling Extensions for lower ELs · d832aee9
      dp-arm authored
      
      
      SPE is only supported in non-secure state.  Accesses to SPE specific
      registers from SEL1 will trap to EL3.  During a world switch, before
      `TTBR` is modified the SPE profiling buffers are drained.  This is to
      avoid a potential invalid memory access in SEL1.
      
      SPE is architecturally specified only for AArch64.
      
      Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      d832aee9
  26. 20 Jun, 2017 1 commit
  27. 05 Jun, 2017 2 commits
    • Soby Mathew's avatar
      Add SCMI support for Juno platform · 40111d44
      Soby Mathew authored
      
      
      This patch adds the memory map region for the SCMI payload memory
      and maps the Juno core indices to SCMI power domains via the
      `plat_css_core_pos_to_scmi_dmn_id_map` array.
      
      Change-Id: I0d2bb2a719ff5b6a9d8e22e91e1625ab14453665
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      40111d44
    • Soby Mathew's avatar
      CSS: Add SCMI driver for SCP · c04a3b6c
      Soby Mathew authored
      
      
      This patch adds the SCMI driver for communicating with SCP. The power
      domain management and system power management protocol of the SCMI
      specification[1] is implemented in the driver. The SCP power management
      abstraction layer for SCMI for CSS power management is also added.
      
      A new buid option `CSS_USE_SCMI_DRIVER` is introduced to select SCMI
      driver over SCPI.
      
      [1] ARM System Control and Management Interface v1.0 (SCMI)
      Document number: ARM DEN 0056A
      
      Change-Id: I67265615a17e679a2afe810b9b0043711ba09dbb
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      c04a3b6c
  28. 23 May, 2017 1 commit
    • Masahiro Yamada's avatar
      cert: move platform_oid.h to include/tools_share for all platforms · bb41eb7a
      Masahiro Yamada authored
      
      
      Platforms aligned with TBBR are supposed to use their own OIDs, but
      defining the same macros with different OIDs does not provide any
      value (at least technically).
      
      For easier use of TBBR, this commit allows platforms to reuse the OIDs
      obtained by ARM Ltd.  This will be useful for non-ARM vendors that
      do not need their own extension fields in their certificate files.
      
      The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h
      
      Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by
      defining USE_TBBR_DEFS as 1.  USE_TBBR_DEFS is 0 by default to keep the
      backward compatibility.
      
      For clarification, I inserted a blank line between headers from the
      include/ directory (#include <...>) and ones from a local directory
      (#include "..." ).
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      bb41eb7a
  29. 15 May, 2017 2 commits
  30. 04 May, 2017 1 commit
    • Jeenu Viswambharan's avatar
      Introduce ARM SiP service to switch execution state · b10d4499
      Jeenu Viswambharan authored
      
      
      In AArch64, privileged exception levels control the execution state
      (a.k.a. register width) of the immediate lower Exception Level; i.e.
      whether the lower exception level executes in AArch64 or AArch32 state.
      For an exception level to have its execution state changed at run time,
      it must request the change by raising a synchronous exception to the
      higher exception level.
      
      This patch implements and adds such a provision to the ARM SiP service,
      by which an immediate lower exception level can request to switch its
      execution state. The execution state is switched if the request is:
      
        - raised from non-secure world;
      
        - raised on the primary CPU, before any secondaries are brought online
          with CPU_ON PSCI call;
      
        - raised from an exception level immediately below EL3: EL2, if
          implemented; otherwise NS EL1.
      
      If successful, the SMC doesn't return to the caller, but to the entry
      point supplied with the call. Otherwise, the caller will observe the SMC
      returning with STATE_SW_E_DENIED code. If ARM Trusted Firmware is built
      for AArch32, the feature is not supported, and the call will always
      fail.
      
      For the ARM SiP service:
      
        - Add SMC function IDs for both AArch32 and AArch64;
        - Increment the SiP service minor version to 2;
        - Adjust the number of supported SiP service calls.
      
      Add documentation for ARM SiP service.
      
      Fixes ARM-software/tf-issues#436
      
      Change-Id: I4347f2d6232e69fbfbe333b340fcd0caed0a4cea
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      b10d4499
  31. 03 May, 2017 1 commit