- 06 Dec, 2017 2 commits
-
-
Antonio Nino Diaz authored
After returning from SYSTEM_SUSPEND state, BL31 reconfigures the TrustZone Controller during the boot sequence. If BL31 is placed in TZC-secured DRAM, it will try to change the permissions of the memory it is being executed from, causing an exception. The solution is to disable SYSTEM_SUSPEND when the Trusted Firmware has been compiled with ``ARM_BL31_IN_DRAM=1``. Change-Id: I96dc50decaacd469327c6b591d07964726e58db4 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Common code mustn't include ARM platforms headers. Change-Id: Ib6e4f5a77c2d095e6e8c3ad89c89cb1959cd3043 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 29 Nov, 2017 3 commits
-
-
Soby Mathew authored
The bl2_early_platform_setup() and bl2_platform_setup() were redefined for Juno AArch32 eventhough CSS platform layer had same definition for them. The CSS definitions definitions were previously restricted to EL3_PAYLOAD_BASE builds and this is now modified to include the Juno AArch32 builds as well thus allowing us to remove the duplicate definitions in Juno platform layer. Change-Id: Ibd1d8c1428cc1d51ac0ba90f19f5208ff3278ab5 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Soby Mathew authored
This patch fixes a couple of issues for AArch32 builds on ARM reference platforms : 1. The arm_def.h previously defined the same BL32_BASE value for AArch64 and AArch32 build. Since BL31 is not present in AArch32 mode, this meant that the BL31 memory is empty when built for AArch32. Hence this patch allocates BL32 to the memory region occupied by BL31 for AArch32 builds. As a side-effect of this change, the ARM_TSP_RAM_LOCATION macro cannot be used to control the load address of BL32 in AArch32 mode which was never the intention of the macro anyway. 2. A static assert is added to sp_min linker script to check that the progbits are within the bounds expected when overlaid with other images. 3. Fix specifying `SPD` when building Juno for AArch32 mode. Due to the quirks involved when building Juno for AArch32 mode, the build option SPD needed to specifed. This patch corrects this and also updates the documentation in the user-guide. 4. Exclude BL31 from the build and FIP when building Juno for AArch32 mode. As a result the previous assumption that BL31 must be always present is removed and the certificates for BL31 is only generated if `NEED_BL31` is defined. Change-Id: I1c39bbc0abd2be8fbe9f2dea2e9cb4e3e3e436a8 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Dimitris Papastamos authored
Change-Id: I96de88f44c36681ad8a70430af8e01016394bd14 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 20 Nov, 2017 1 commit
-
-
Dimitris Papastamos authored
Factor out SPE operations in a separate file. Use the publish subscribe framework to drain the SPE buffers before entering secure world. Additionally, enable SPE before entering normal world. A side effect of this change is that the profiling buffers are now only drained when a transition from normal world to secure world happens. Previously they were drained also on return from secure world, which is unnecessary as SPE is not supported in S-EL1. Change-Id: I17582c689b4b525770dbb6db098b3a0b5777b70a Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 13 Nov, 2017 7 commits
-
-
Jeenu Viswambharan authored
Support SDEI on ARM platforms using frameworks implemented in earlier patches by defining and exporting SDEI events: this patch defines the standard event 0, and a handful of shared and private dynamic events. Change-Id: I9d3d92a92cff646b8cc55eabda78e140deaa24e1 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
Define number of priority bits, and allocate priority levels for SDEI. Change-Id: Ib6bb6c5c09397f7caef950c4caed5a737b3d4112 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
Provide a strong definition for plat_sdei_validate_sdei_entrypoint() which translates client address to Physical Address, and then validating the address to be present in DRAM. Change-Id: Ib93eb66b413d638aa5524d1b3de36aa16d38ea11 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
The function arm_validate_ns_entrypoint() validates a given non-secure physical address. This function however specifically returns PSCI error codes. Non-secure physical address validation is potentially useful across ARM platforms, even for non-PSCI use cases. Therefore make this function common by returning 0 for success or -1 otherwise. Having made the function common, make arm_validate_psci_entrypoint() a wrapper around arm_validate_ns_entrypoint() which only translates return value into PSCI error codes. This wrapper is now used where arm_validate_ns_entrypoint() was currently used for PSCI entry point validation. Change-Id: Ic781fc3105d6d199fd8f53f01aba5baea0ebc310 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
The implementation currently supports only interrupt-based SDEI events, and supports all interfaces as defined by SDEI specification version 1.0 [1]. Introduce the build option SDEI_SUPPORT to include SDEI dispatcher in BL31. Update user guide and porting guide. SDEI documentation to follow. [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0054a/ARM_DEN0054A_Software_Delegated_Exception_Interface.pdf Change-Id: I758b733084e4ea3b27ac77d0259705565842241a Co-authored-by: Yousuf A <yousuf.sait@arm.com> Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
Acknowledging interrupt shall return a raw value from the interrupt controller in which the actual interrupt ID may be encoded. Add a platform API to extract the actual interrupt ID from the raw value obtained from interrupt controller. Document the new function. Also clarify the semantics of interrupt acknowledge. Change-Id: I818dad7be47661658b16f9807877d259eb127405 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
This patch brings in the following fixes: - The per-PE target data initialized during power up needs to be flushed so as to be visible to other PEs. - Setup per-PE target data for the primary PE as well. At present, this was only setup for secondary PEs when they were powered on. Change-Id: Ibe3a57c14864e37b2326dd7ab321a5c7bf80e8af Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 09 Nov, 2017 1 commit
-
-
Antonio Nino Diaz authored
This initial port of the Secure Partitions Manager to FVP supports BL31 in both SRAM and Trusted DRAM. A document with instructions to build the SPM has been added. Change-Id: I4ea83ff0a659be77f2cd72eaf2302cdf8ba98b32 Co-authored-by: Douglas Raillard <douglas.raillard@arm.com> Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Co-authored-by: Achin Gupta <achin.gupta@arm.com> Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 08 Nov, 2017 1 commit
-
-
Etienne Carriere authored
Adds weak functions for plat_report_exception, bl1_plat_prepare_exit and plat_error_handler in AArch32 mode. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
-
- 06 Nov, 2017 2 commits
-
-
Masahiro Yamada authored
Building the UniPhier platform in parallel with TRUSTED_BOARD_BOOT=1 could fail due to non-existing directory. It might be difficult to reproduce, but here is an easier way to trigger the problem: $ make PLAT=uniphier TRUSTED_BOARD_BOOT=1 MBEDTLS_DIR=mbedtls certificates OPENSSL build/uniphier/release/rot_key.pem /bin/sh: 1: cannot create build/uniphier/release/rot_key.pem: Directory nonexistent make: *** [build/uniphier/release/rot_key.pem] Error 2 The $(ROT_KEY) must depend on $(BUILD_PLAT) so that the build directory is created before the key. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
Some platforms (for ex. UniPhier) want to create files in the very top of the build directory. Add ${BUILD_PLAT} so such files can depend on it. Make existing directory targets depend on ${BUILD_PLAT} because they are sub-directories of ${BUILD_PLAT}. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 03 Nov, 2017 1 commit
-
-
Soby Mathew authored
This patch includes various fixes for PSCI STAT functionality relating to timestamp collection: 1. The PSCI stat accounting for retention states for higher level power domains were done outside the locks which could lead to spurious values in some race conditions. This is moved inside the locks. Also, the call to start the stat accounting was redundant which is now removed. 2. The timestamp wrap-around case when calculating residency did not cater for AArch32. This is now fixed. 3. In the warm boot path, `plat_psci_stat_accounting_stop()` was getting invoked prior to population of target power states. This is now corrected. Change-Id: I851526455304fb74ff0a724f4d5318cd89e19589 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 02 Nov, 2017 1 commit
-
-
Etienne Carriere authored
Registered interrupts are configured in edge detection as the default previous configuration assumed in previous code. Not target mask required as Qemu BL31 will not send/route SGIs. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
-
- 01 Nov, 2017 2 commits
-
-
Roberto Vargas authored
These macros are only defined for corresponding image, and they are undefined for other images. It means that we have to use ifdef or defined() instead of relying on being 0 by default. Change-Id: Iad11efab9830ddf471599b46286e1c56581ef5a7 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
ARM_TSP_RAM_LOCATION_ID was defined only in AARCH64, but the macro was also used in AARCH32, and it meant that it was taking the value 0, which happened to equal ARM_TRUSTED_SRAM_ID. Change-Id: If9f4dbee1a2ba15e7806f2a03305b554bd327363 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 26 Oct, 2017 1 commit
-
-
Etienne Carriere authored
OP-TEE dedicates the end of the Qemu secure DRAM as specific out-of-TEE secure RAM. To support this configuration the trusted firmware should not load OP-TEE resources in this area. To overcome the issue, OP-TEE pageable image is now loaded 2MByte above the secure RAM base address. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
-
- 25 Oct, 2017 3 commits
-
-
Michalis Pappas authored
This patch adds support for TBB to qemu. An RSA ROT keypair is generated at build time and is included into BL1/BL2. The key and content certificates are read over semihosting. Fixes ARM-software/tf-issues#526 Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>
-
Qixiang Xu authored
For Trusted Board Boot, BL2 needs more space to support the ECDSA and ECDSA+RSA algorithms. Change-Id: Ie7eda9a1315ce836dbc6d18d6588f8d17891a92d Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
-
Qixiang Xu authored
On Arm standard platforms, it runs out of SRAM space when TBB is enabled, so the TSP default location is changed to dram when TBB is enabled. Change-Id: I516687013ad436ef454d2055d4e6fce06e467044 Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
-
- 24 Oct, 2017 2 commits
-
-
Roberto Vargas authored
These hooks are intended to allow one platform to try load images from alternative places. There is a hook to initialize the sequence of boot locations and a hook to pass to the next sequence. Change-Id: Ia0f84c415208dc4fa4f9d060d58476db23efa5b2 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Etienne Carriere authored
Before this change, plat_secondary_cold_boot_setup reads wake up mailbox as a byte array but through 64bit accesses on unaligned 64bit addresses. In the other hand qemu_pwr_domain_on wakes secondary cores by writing into a 64bit array. This change forces the 64bit mailbox format as PLAT_QEMU_HOLD_ENTRY_SIZE explicitly specifies it. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
-
- 18 Oct, 2017 3 commits
-
-
Masahiro Yamada authored
This is not executable code. It should be put into .rodata instead of .text section. This produces more correct BL1 image when SEPARATE_CODE_AND_RODATA is defined. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Haojian Zhuang authored
Make RTC out of reset mode since it may be used in UEFI. Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
-
Haojian Zhuang authored
Init EDMA controller with non secure mode. A lot of peripherals are depend on EDMA controller. But EDMA controller is in secure mode by default. And this operation has to be executed in secure mode. Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
-
- 17 Oct, 2017 3 commits
-
-
Jeenu Viswambharan authored
Change-Id: Ia8503d446cc8b4246013046f6294fea364c9c882 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
Change-Id: I1463a4f9b74d74d59ac1d37b7b9c8e53416ab904 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
Change-Id: Ibca6ea29be32783de666e0e0a0481668fc11860f Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 16 Oct, 2017 7 commits
-
-
Jeenu Viswambharan authored
Change-Id: I795ec540942130b5ddc0fa1fd7167f7e1d1ae967 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
An earlier patch added provision for the platform to provide secure interrupt properties. ARM platforms already has a list of interrupts that fall into different secure groups. This patch defines macros that enumerate interrupt properties in the same fashion, and points the driver driver data to a list of interrupt properties rather than list of secure interrupts on ARM platforms. The deprecated interrupt list definitions are however retained to support legacy builds. Configuration applied to individual interrupts remain unchanged, so no runtime behaviour change expected. NOTE: Platforms that use the arm/common function plat_arm_gic_driver_init() must replace their PLAT_ARM_G1S_IRQS and PLAT_ARM_G0_IRQS macro definitions with PLAT_ARM_G1S_IRQ_PROPS and PLAT_ARM_G0_IRQ_PROPS macros respectively, using the provided INTR_PROP_DESC macro. Change-Id: I24d643b83e3333753a3ba97d4b6fb71e16bb0952 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
API documentation updated. Change-Id: I40feec1fe67a960d035061b54dd55610bc34ce1d Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
API documentation updated. Change-Id: I14e33cfc7dfa93257c82d76fae186b17a1b6d266 Co-authored-by: Yousuf A <yousuf.sait@arm.com> Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
SPIs can be routed to either a specific PE, or to any one of all available PEs. API documentation updated. Change-Id: I28675f634568aaf4ea1aa8aa7ebf25b419a963ed Co-authored-by: Yousuf A <yousuf.sait@arm.com> Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
API documentation updated. Change-Id: I129725059299af6cc612bafa8d74817f779d7c4f Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
The back end GIC driver converts and assigns the interrupt type to suitable group. For GICv2, a build option GICV2_G0_FOR_EL3 is introduced, which determines to which type Group 0 interrupts maps to. - When the build option is set 0 (the default), Group 0 interrupts are meant for Secure EL1. This is presently the case. - Otherwise, Group 0 interrupts are meant for EL3. This means the SPD will have to synchronously hand over the interrupt to Secure EL1. The query API allows the platform to query whether the platform supports interrupts of a given type. API documentation updated. Change-Id: I60fdb4053ffe0bd006b3b20914914ebd311fc858 Co-authored-by: Yousuf A <yousuf.sait@arm.com> Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-