- 06 Mar, 2020 1 commit
-
-
Sumit Garg authored
Add framework for autheticated decryption of data. Currently this patch optionally imports mbedtls library as a backend if build option "DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption using AES-GCM algorithm. Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271
-
- 03 Mar, 2020 1 commit
-
-
Max Shvetsov authored
Added SPMD_SPM_AT_SEL2 build command line parameter. Set to 1 to run SPM at S-EL2. Set to 0 to run SPM at S-EL1 (pre-v8.4 or S-EL2 is disabled). Removed runtime EL from SPM core manifest. Change-Id: Icb4f5ea4c800f266880db1d410d63fe27a1171c0 Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
- 02 Mar, 2020 1 commit
-
-
Max Shvetsov authored
NOTE: Not all EL-2 system registers are saved/restored. This subset includes registers recognized by ARMv8.0 Change-Id: I9993c7d78d8f5f8e72d1c6c8d6fd871283aa3ce0 Signed-off-by: Jose Marinho <jose.marinho@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
- 27 Feb, 2020 1 commit
-
-
Masahiro Yamada authored
The MAKE_BL macro is invoked for 1, 2, 2u, 31, 32. Fix the comments. Change-Id: I35dd25cc2ea13885c184fb9c8229a322b33f7e71 Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 24 Feb, 2020 1 commit
-
-
Petre-Ionut Tudor authored
This patch introduces a build flag which allows the xlat tables to be mapped in a read-only region within BL31 memory. It makes it much harder for someone who has acquired the ability to write to arbitrary secure memory addresses to gain control of the translation tables. The memory attributes of the descriptors describing the tables themselves are changed to read-only secure data. This change happens at the end of BL31 runtime setup. Until this point, the tables have read-write permissions. This gives a window of opportunity for changes to be made to the tables with the MMU on (e.g. reclaiming init code). No changes can be made to the tables with the MMU turned on from this point onwards. This change is also enabled for sp_min and tspd. To make all this possible, the base table was moved to .rodata. The penalty we pay is that now .rodata must be aligned to the size of the base table (512B alignment). Still, this is better than putting the base table with the higher level tables in the xlat_table section, as that would cost us a full 4KB page. Changing the tables from read-write to read-only cannot be done with the MMU on, as the break-before-make sequence would invalidate the descriptor which resolves the level 3 page table where that very descriptor is located. This would make the translation required for writing the changes impossible, generating an MMU fault. The caches are also flushed. Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com> Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
-
- 18 Feb, 2020 1 commit
-
-
Vijayenthiran Subramaniam authored
Add `CREATE_SEQ` function to generate sequence of numbers starting from 1 to allow easy comparison of a user defined macro with non-zero positive numbers. Change-Id: Ibcb336a223d958154b1007d08c428fbaf1e48664 Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
-
- 07 Feb, 2020 1 commit
-
-
Louis Mayencourt authored
Use the firmware configuration framework to store the io_policies information inside the configuration device tree instead of the static structure in the code base. The io_policies required by BL1 can't be inside the dtb, as this one is loaded by BL1, and only available at BL2. This change currently only applies to FVP platform. Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 29 Jan, 2020 1 commit
-
-
Sandrine Bailleux authored
Allows to select the chain of trust to use when the Trusted Boot feature is enabled. This affects both the cert_create tool and the firmware itself. Right now, the only available CoT is TBBR. Change-Id: I7ab54e66508a1416cb3fcd3dfb0f055696763b3d Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 28 Jan, 2020 1 commit
-
-
Alexei Fedorov authored
This patch adds 'calc_hash' function using Mbed TLS library required for Measured Boot support. Change-Id: Ifc5aee0162d04db58ec6391e0726a526f29a52bb Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 24 Jan, 2020 1 commit
-
-
Masahiro Yamada authored
make_helpers/build_macros.mk supports per-BL CFLAGS. For example, you can pass compiler flags only to BL31 by using BL31_CFLAGS. This commit adds per-BL LDFLAGS support, which is useful as well. My main motivation of this addition is to use it for ENABLE_PIE. When ENABLE_PIE is enabled, some linker flags are added to TF_LDFLAGS, which affects all the TF images. It will make more sense to pass the relevant options only to BL images that support it. Change-Id: I203acaab0091db5ae0ea6e66460ee7dc8d9c4d75 Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 14 Jan, 2020 1 commit
-
-
Balint Dobszay authored
Using the /include/ syntax, the include was evaluated by dtc, only after running the preprocessor, therefore the .dtsi files were not preprocessed. This patch adds the #include syntax instead. Evaluating this and preprocessing the files now happens in a single step, done by the C preprocessor. Change-Id: I6d0104b6274316fc736e84973502a4d6c2c9d6e0 Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
-
- 29 Dec, 2019 1 commit
-
-
Samuel Holland authored
Some platforms are extremely memory constrained and must split BL31 between multiple non-contiguous areas in SRAM. Allow the NOBITS sections (.bss, stacks, page tables, and coherent memory) to be placed in a separate region of RAM from the loaded firmware image. Because the NOBITS region may be at a lower address than the rest of BL31, __RW_{START,END}__ and __BL31_{START,END}__ cannot include this region, or el3_entrypoint_common would attempt to invalidate the dcache for the entire address space. New symbols __NOBITS_{START,END}__ are added when SEPARATE_NOBITS_REGION is enabled, and the dcached for the NOBITS region is invalidated separately. Signed-off-by: Samuel Holland <samuel@sholland.org> Change-Id: Idedfec5e4dbee77e94f2fdd356e6ae6f4dc79d37
-
- 20 Dec, 2019 2 commits
-
-
Paul Beesley authored
The Secure Partition Manager (SPM) prototype implementation is being removed. This is preparatory work for putting in place a dispatcher component that, in turn, enables partition managers at S-EL2 / S-EL1. This patch removes: - The core service files (std_svc/spm) - The Resource Descriptor headers (include/services) - SPRT protocol support and service definitions - SPCI protocol support and service definitions Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426 Signed-off-by: Paul Beesley <paul.beesley@arm.com> Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
-
Paul Beesley authored
There are two different implementations of Secure Partition management in TF-A. One is based on the "Management Mode" (MM) design, the other is based on the Secure Partition Client Interface (SPCI) specification. Currently there is a dependency between their build flags that shouldn't exist, making further development harder than it should be. This patch removes that dependency, making the two flags function independently. Before: ENABLE_SPM=1 is required for using either implementation. By default, the SPCI-based implementation is enabled and this is overridden if SPM_MM=1. After: ENABLE_SPM=1 enables the SPCI-based implementation. SPM_MM=1 enables the MM-based implementation. The two build flags are mutually exclusive. Note that the name of the ENABLE_SPM flag remains a bit ambiguous - this will be improved in a subsequent patch. For this patch the intention was to leave the name as-is so that it is easier to track the changes that were made. Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
- 17 Dec, 2019 1 commit
-
-
Olivier Deprez authored
The 9p interface provides abstraction layers allowing the software that uses devices to be independent from the hardware. This patch provides a file system abstraction to link drivers to their devices and propose a common interface to expose driver operations to higher layers. This file system can be used to access and configure a device by doing read/write operations. Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: Ia9662393baf489855dc0c8f389fe4a0afbc9c255
-
- 02 Dec, 2019 1 commit
-
-
zelalem-aweke authored
This patch enables LTO for TF-A when compiled with GCC. LTO is disabled by default and is enabled by ENABLE_LTO=1 build option. LTO is enabled only for aarch64 as there seem to be a bug in the aarch32 compiler when LTO is enabled. The changes in the makefiles include: - Adding -flto and associated flags to enable LTO. - Using gcc as a wrapper at link time instead of ld. This is recommended when using LTO as gcc internally takes care of invoking the necessary plugins for LTO. - Adding switches to pass options to ld. - Adding a flag to disable fix for erratum cortex-a53-843419 unless explicitly enabled. This is needed because GCC seem to automatically add the erratum fix when used as a wrapper for LD. Additionally, this patch updates the TF-A user guide with the new build option. Signed-off-by: zelalem-aweke <zelalem.aweke@arm.com> Change-Id: I1188c11974da98434b7dc9344e058cd1eacf5468
-
- 04 Oct, 2019 1 commit
-
-
Soby Mathew authored
Make the spinlock implementation use ARMv8.1-LSE CAS instruction based on a platform build option. The CAS-based implementation used to be unconditionally selected for all ARM8.1+ platforms. The previous CAS spinlock implementation had a bug wherein the spin_unlock() implementation had an `sev` after `stlr` which is not sufficient. A dsb is needed to ensure that the stlr completes prior to the sev. Having a dsb is heavyweight and a better solution would be to use load exclusive semantics to monitor the lock and wake up from wfe when a store happens to the lock. The patch implements the same. Change-Id: I5283ce4a889376e4cc01d1b9d09afa8229a2e522 Signed-off-by: Soby Mathew <soby.mathew@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
-
- 12 Sep, 2019 2 commits
-
-
Justin Chadwell authored
cert_tool is now able to accept a command line option for specifying the key size. It now supports the following options: 1024, 2048 (default), 3072 and 4096. This is also modifiable by TFA using the build flag KEY_SIZE. Change-Id: Ifadecf84ade3763249ee8cc7123a8178f606f0e5 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
Hadi Asyrafi authored
Some of the platform (ie. Agilex) make use of CCU IPs which will only be initialized during bl2_el3_early_platform_setup. Any operation to the cache beforehand will crash the platform. Hence, this will provide an option to skip the data cache invalidation upon bl2 entry at EL3 Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com> Change-Id: I2c924ed0589a72d0034714c31be8fe57237d1f06
-
- 11 Sep, 2019 1 commit
-
-
Justin Chadwell authored
This patch adds support for the Undefined Behaviour sanitizer. There are two types of support offered - minimalistic trapping support which essentially immediately crashes on undefined behaviour and full support with full debug messages. The full support relies on ubsan.c which has been adapted from code used by OPTEE. Change-Id: I417c810f4fc43dcb56db6a6a555bfd0b38440727 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
- 09 Sep, 2019 1 commit
-
-
Justin Chadwell authored
This patch adds support for the new Memory Tagging Extension arriving in ARMv8.5. MTE support is now enabled by default on systems that support at EL0. To enable it at ELx for both the non-secure and the secure world, the compiler flag CTX_INCLUDE_MTE_REGS includes register saving and restoring when necessary in order to prevent register leakage between the worlds. Change-Id: I2d4ea993d6b11654ea0d4757d00ca20d23acf36c Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
- 01 Aug, 2019 2 commits
-
-
Julius Werner authored
NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__. All common C compilers pre-define the same macros to signal which architecture the code is being compiled for: __arm__ for AArch32 (or earlier versions) and __aarch64__ for AArch64. There's no need for TF-A to define its own custom macros for this. In order to unify code with the export headers (which use __aarch64__ to avoid another dependency), let's deprecate the AARCH32 and AARCH64 macros and switch the code base over to the pre-defined standard macro. (Since it is somewhat unintuitive that __arm__ only means AArch32, let's standardize on only using __aarch64__.) Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200 Signed-off-by: Julius Werner <jwerner@chromium.org>
-
Julius Werner authored
NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__. All common C compilers predefine a macro called __ASSEMBLER__ when preprocessing a .S file. There is no reason for TF-A to define it's own __ASSEMBLY__ macro for this purpose instead. To unify code with the export headers (which use __ASSEMBLER__ to avoid one extra dependency), let's deprecate __ASSEMBLY__ and switch the code base over to the predefined standard. Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417 Signed-off-by: Julius Werner <jwerner@chromium.org>
-
- 28 Jun, 2019 1 commit
-
-
Ambroise Vincent authored
The new API becomes the default one. Change-Id: Ic1d602da3dff4f4ebbcc158b885295c902a24fec Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
-
- 26 Jun, 2019 1 commit
-
-
Ambroise Vincent authored
This interface has been deprecated in favour of MULTI_CONSOLE_API. Change-Id: I6170c1c8c74a890e5bd6d05396743fe62024a08a Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
-
- 24 May, 2019 1 commit
-
-
Alexei Fedorov authored
This patch adds the functionality needed for platforms to provide Branch Target Identification (BTI) extension, introduced to AArch64 in Armv8.5-A by adding BTI instruction used to mark valid targets for indirect branches. The patch sets new GP bit [50] to the stage 1 Translation Table Block and Page entries to denote guarded EL3 code pages which will cause processor to trap instructions in protected pages trying to perform an indirect branch to any instruction other than BTI. BTI feature is selected by BRANCH_PROTECTION option which supersedes the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication and is disabled by default. Enabling BTI requires compiler support and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0. The assembly macros and helpers are modified to accommodate the BTI instruction. This is an experimental feature. Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3 is now made as an internal flag and BRANCH_PROTECTION flag should be used instead to enable Pointer Authentication. Note. USE_LIBROM=1 option is currently not supported. Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 02 May, 2019 1 commit
-
-
Christoph Müllner authored
On certain platforms it does not make sense to generate TF-A binary images. For example a platform could make use of serveral memory areas, which are non-continuous and the resulting binary therefore would suffer from the padding-bytes. Typically these platforms use the ELF image. This patch introduces a variable DISABLE_BIN_GENERATION, which can be set to '1' in the platform makefile to prevent the binary generation. Signed-off-by: Christoph Müllner <christophm30@gmail.com> Change-Id: I62948e88bab685bb055fe6167d9660d14e604462
-
- 28 Feb, 2019 1 commit
-
-
Antonio Nino Diaz authored
Fix some typos and clarify some sentences. Change-Id: Id276d1ced9a991b4eddc5c47ad9a825e6b29ef74 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 27 Feb, 2019 3 commits
-
-
Varun Wadekar authored
This patch provides support for using the scatterfile format as the linker script with the 'armlink' linker for Tegra platforms. In order to enable the scatterfile usage the following changes have been made: * provide mapping for ld.S symbols in bl_common.h * include bl_common.h from all the affected files * update the makefile rules to use the scatterfile and armlink to compile BL31 * update pubsub.h to add sections to the scatterfile NOTE: THIS CHANGE HAS BEEN VERIFIED WITH TEGRA PLATFORMS ONLY. Change-Id: I7bb78b991c97d74a842e5635c74cb0b18e0fce67 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Antonio Nino Diaz authored
The previous commit added the infrastructure to load and save ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but didn't actually enable pointer authentication in the firmware. This patch adds the functionality needed for platforms to provide authentication keys for the firmware, and a new option (ENABLE_PAUTH) to enable pointer authentication in the firmware itself. This option is disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be enabled. Change-Id: I35127ec271e1198d43209044de39fa712ef202a5 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
ARMv8.3-PAuth adds functionality that supports address authentication of the contents of a register before that register is used as the target of an indirect branch, or as a load. This feature is supported only in AArch64 state. This feature is mandatory in ARMv8.3 implementations. This feature adds several registers to EL1. A new option called CTX_INCLUDE_PAUTH_REGS has been added to select if the TF needs to save them during Non-secure <-> Secure world switches. This option must be enabled if the hardware has the registers or the values will be leaked during world switches. To prevent leaks, this patch also disables pointer authentication in the Secure world if CTX_INCLUDE_PAUTH_REGS is 0. Any attempt to use it will be trapped in EL3. Change-Id: I27beba9907b9a86c6df1d0c5bf6180c972830855 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 19 Feb, 2019 1 commit
-
-
Usama Arif authored
Cortex A5 doesnt support VFP, Large Page addressing and generic timer which are addressed in this patch. The device tree for Cortex a5 is also included. Change-Id: I0722345721b145dfcc80bebd36a1afbdc44bb678 Signed-off-by: Usama Arif <usama.arif@arm.com>
-
- 08 Feb, 2019 1 commit
-
-
Antonio Nino Diaz authored
Now that setjmp() and longjmp() are compliant with the standard they can be moved with the other libc files. Change-Id: Iea3b91c34eb353ace5e171e72f331602d57774d5 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 05 Feb, 2019 1 commit
-
-
Varun Wadekar authored
This patch introduces a build option 'OVERRIDE_LIBC' that platforms can set to override libc from the BL image. The default value is '0' to keep the library. Change-Id: I10a0b247f6a782eeea4a0359e30a8d79b1e9e4e1 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 30 Jan, 2019 1 commit
-
-
Antonio Nino Diaz authored
This reverts commit 2f370465 ("Add support for the SMC Calling Convention 2.0"). SMCCC v2.0 is no longer required for SPM, and won't be needed in the future. Removing it makes the SMC handling code less complicated. The SPM implementation based on SPCI and SPRT was using it, but it has been adapted to SMCCC v1.0. Change-Id: I36795b91857b2b9c00437cfbfed04b3c1627f578 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 24 Jan, 2019 1 commit
-
-
Manish Pandey authored
Following changes are done to make DT pre-processing similar to that of U-boot/Linux kernel. 1. Creating seperate CPPFLAGS for DT preprocessing so that compiler options specific to it can be accommodated. e.g: "-undef" compiler option avoids replacing "linux" string(used in device trees) with "1" as "linux" is a pre-defined macro in gnu99 standard. 2. Replace CPP with PP for DT pre-processing, as CPP in U-boot/Linux is exported as "${CROSS_COMPILE}gcc -E" while in TF-A it is exported as "${CROSS_COMPILE}cpp". Change-Id: If4c61a249d51614d9f53ae30b602036d50c02349 Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
-
- 22 Jan, 2019 1 commit
-
-
Antonio Nino Diaz authored
The SPM implementation based on MM is going to be kept for the foreseeable future. Change-Id: I11e96778a4f52a1aa803e7e048d9a7cb24a53954 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Acked-by: Sumit Garg <sumit.garg@linaro.org>
-
- 10 Jan, 2019 1 commit
-
-
Jeenu Viswambharan authored
With this patch, each BL image can have its own compiler flags. Change-Id: Ic9075a20bc6f6dc8a277587b9bee5e062306c090 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 10 Dec, 2018 1 commit
-
-
Antonio Nino Diaz authored
The current SPM is a prototype that only supports one secure partition in EL0. The objective of SPM is to have multiple partitions. The current MM interface isn't adequate for this, so it is needed to modify heavily the code to add proper support for it. However, there are platforms which are already using this (like SGI) and removing the code would break it. For this reason, the current SPM code has been duplicated in order to temporarily preserve compatibility. All new improvements/changes to SPM will be done in the non-deprecated copy, that may change without notice. The new build option SPM_DEPRECATED has been introduced to select the SPM implementation. It defaults to 1, that selects the deprecated SPM. Change-Id: Ic9f80b53b450e97b4d3f47e4ef4a138ee8d87443 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 22 Nov, 2018 1 commit
-
-
Sathees Balya authored
This change allows patching of functions in the romlib. This can be done by adding "patch" at the end of the jump table entry for the function that needs to be patched in the file jmptbl.i. Functions patched in the jump table list will be built as part of the BL image and the romlib version will not be used Change-Id: Iefb200cb86e2a4b61ad3ee6180d3ecc39bad537f Signed-off-by: Sathees Balya <sathees.balya@arm.com>
-