- 25 Sep, 2017 2 commits
-
-
Roberto Vargas authored
On ARM platforms, the maximum size of the address space is limited to 32-bits as defined in arm_def.h. In order to access DRAM2, which is defined beyond the 32-bit address space, the maximum address space is increased to 36-bits in AArch64. It is possible to increase the virtual space for AArch32, but it is more difficult and not supported for now. NOTE - the actual maximum memory address space is platform dependent and is checked at run-time by querying the PARange field in the ID_AA64MMFR0_EL1 register. Change-Id: I6cb05c78a63b1fed96db9a9773faca04a5b93d67 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
mem_protect needs some kind of non-volatile memory because it has to remember its state across reset and power down events. The most suitable electronic part for this feature is a NVRAM which should be only accesible from the secure world. Juno and FVP lack such hardware and for this reason the MEM_PROTECT functionality is implemented with Flash EEPROM memory on both boards, even though this memory is accesible from the non-secure world. This is done only to show a full implementation of these PSCI features, but an actual system shouldn't use a non-secure NVRAM to implement it. The EL3 runtime software will write the mem_protect flag and BL2 will read and clear the memory ranges if enabled. It is done in BL2 because it reduces the time that TF needs access to the full non-secure memory. The memory layout of both boards is defined using macros which take different values in Juno and FVP platforms. Generic platform helpers are added that use the platform specific macros to generate a mem_region_t that is valid for the platform. Change-Id: I2c6818ac091a2966fa07a52c5ddf8f6fde4941e9 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 06 Sep, 2017 1 commit
-
-
Soby Mathew authored
This patch does the required changes to enable CSS platforms to build and use the SDS framework. Since SDS is always coupled with SCMI protocol, the preexisting SCMI build flag is now renamed to `CSS_USE_SCMI_SDS_DRIVER` which will enable both SCMI and SDS on CSS platforms. Also some of the workarounds applied for SCMI are now removed with SDS in place. Change-Id: I94e8b93f05e3fe95e475c5501c25bec052588a9c Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 31 Aug, 2017 1 commit
-
-
Soby Mathew authored
The `KEY_ALG` variable is used to select the algorithm for key generation by `cert_create` tool for signing the certificates. This variable was previously undocumented and did not have a global default value. This patch corrects this and also adds changes to derive the value of `TF_MBEDTLS_KEY_ALG` based on `KEY_ALG` if it not set by the platform. The corresponding assignment of these variables are also now removed from the `arm_common.mk` makefile. Signed-off-by: Soby Mathew <soby.mathew@arm.com> Change-Id: I78e2d6f4fc04ed5ad35ce2266118afb63127a5a4
-
- 09 Aug, 2017 2 commits
-
-
Summer Qin authored
Trusted OS may have extra images to be loaded. Load them one by one and do the parsing. In this patch, ARM TF need to load up to 3 images for optee os: header, pager and paged images. Header image is the info about optee os and images. Pager image include pager code and data. Paged image include the paging parts using virtual memory. Change-Id: Ia3bcfa6d8a3ed7850deb5729654daca7b00be394 Signed-off-by: Summer Qin <summer.qin@arm.com>
-
Summer Qin authored
Since Trusted OS firmware may have extra images, need to assign new uuid and image id for them. The TBBR chain of trust has been extended to add support for the new images within the existing Trusted OS firmware content certificate. Change-Id: I678dac7ba1137e85c5779b05e0c4331134c10e06 Signed-off-by: Summer Qin <summer.qin@arm.com>
-
- 01 Aug, 2017 1 commit
-
-
Jeenu Viswambharan authored
ARM CPUs with multi-threading implementation has more than one Processing Element in a single physical CPU. Such an implementation will reflect the following changes in the MPIDR register: - The MT bit set; - Affinity levels pertaining to cluster and CPUs occupy one level higher than in a single-threaded implementation, and the lowest affinity level pertains to hardware threads. MPIDR affinity level fields essentially appear shifted to left than otherwise. The FVP port henceforth assumes that both properties above to be concomitant on a given FVP platform. To accommodate for varied MPIDR formats at run time, this patch re-implements the FVP platform-specific functions that translates MPIDR values to a linear indices, along with required validation. The same treatment is applied for GICv3 MPIDR hashing function as well. An FVP-specific build option FVP_MAX_PE_PER_CPU is introduced which specifies the maximum number of threads implemented per CPU. For backwards compatibility, its value defaults to 1. Change-Id: I729b00d3e121d16ce9a03de4f9db36dfac580e3f Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 14 Jul, 2017 1 commit
-
-
Isla Mitchell authored
This fix modifies the order of #includes in ARM standard platforms to meet the ARM TF coding standard. Change-Id: Ide19aad6233babda4eea2d17d49e523645fed1b2 Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
-
- 28 Jun, 2017 1 commit
-
-
Soby Mathew authored
This patch makes the necessary changes to enable ARM platform to successfully integrate CryptoCell during Trusted Board Boot. The changes are as follows: * A new build option `ARM_CRYPTOCELL_INTEG` is introduced to select the CryptoCell crypto driver for Trusted Board boot. * The TrustZone filter settings for Non Secure DRAM is modified to allow CryptoCell to read this memory. This is required to authenticate BL33 which is loaded into the Non Secure DDR. * The CSS platforms are modified to use coherent stacks in BL1 and BL2 when CryptoCell crypto is selected. This is because CryptoCell makes use of DMA to transfer data and the CryptoCell SBROM library allocates buffers on the stack during signature/hash verification. Change-Id: I1e6f6dcd1899784f1edeabfa2a9f279bbfb90e31 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 22 Jun, 2017 1 commit
-
-
dp-arm authored
SPE is only supported in non-secure state. Accesses to SPE specific registers from SEL1 will trap to EL3. During a world switch, before `TTBR` is modified the SPE profiling buffers are drained. This is to avoid a potential invalid memory access in SEL1. SPE is architecturally specified only for AArch64. Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 20 Jun, 2017 1 commit
-
-
Dimitris Papastamos authored
On ARM platforms before exiting from SP_MIN ensure that the default console is switched to the runtime serial port. Change-Id: I0ca0d42cc47e345d56179eac16aa3d6712767c9b Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 24 May, 2017 3 commits
-
-
dp-arm authored
Since ARM_DRAM2_BASE is above the 32-bit limit, the condition is always false. Wrap this condition in an ifndef to avoid warnings during compilation. Change-Id: Ideabb6c65de6c62474ed03eb29df4b049d5316be Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
dp-arm authored
Change-Id: I4108ce8d1fe7d3fd51a5a96d43b9134c23b8399b Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
Antonio Nino Diaz authored
This options enables an implementation of SHA-256 that has a smaller code footprint (~1.6 KB less) but is also ~30% slower. For ARM platforms, code size is currently considered more important than execution speed in the mbed TLS crypto module. Added a small note about this option to the documentation of the authentication framework. Change-Id: I4c0b221ea5d3466465261316ba07b627fa01b233 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 23 May, 2017 1 commit
-
-
Masahiro Yamada authored
The header tbbr_oid.h contains OIDs obtained by ARM Ltd. so there is no good reason to use platform_oid.h Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 15 May, 2017 1 commit
-
-
Yatharth Kochar authored
Add support for firmware upgrade on AArch32. This patch has been tested on the FVP models. NOTE: Firmware upgrade on Juno AArch32 is not currently supported. Change-Id: I1ca8078214eaf86b46463edd14740120af930aec Signed-off-by: dp-arm <dimitris.papastamos@arm.com> Co-Authored-By: Yatharth Kochar <yatharth.kochar@arm.com>
-
- 12 May, 2017 1 commit
-
-
David Cunado authored
A previous patch superseded the MBEDTLS_KEY_ALG. This patch updates the ARM platforms to use the new TF_MBEDTLS_KEY_ALG define. Change-Id: Ie0e1bc272e127e879ac58e7cfcbe268751d7688e Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 11 May, 2017 1 commit
-
-
David Cunado authored
A new file added as part of arm-trusted-firmware#927 was missing the SPDX license identifier - this patch adds the missing identifier. Change-Id: Id1355f2bdca930b7e65bb54eff7e6c764ebb0d96 Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 04 May, 2017 1 commit
-
-
Jeenu Viswambharan authored
In AArch64, privileged exception levels control the execution state (a.k.a. register width) of the immediate lower Exception Level; i.e. whether the lower exception level executes in AArch64 or AArch32 state. For an exception level to have its execution state changed at run time, it must request the change by raising a synchronous exception to the higher exception level. This patch implements and adds such a provision to the ARM SiP service, by which an immediate lower exception level can request to switch its execution state. The execution state is switched if the request is: - raised from non-secure world; - raised on the primary CPU, before any secondaries are brought online with CPU_ON PSCI call; - raised from an exception level immediately below EL3: EL2, if implemented; otherwise NS EL1. If successful, the SMC doesn't return to the caller, but to the entry point supplied with the call. Otherwise, the caller will observe the SMC returning with STATE_SW_E_DENIED code. If ARM Trusted Firmware is built for AArch32, the feature is not supported, and the call will always fail. For the ARM SiP service: - Add SMC function IDs for both AArch32 and AArch64; - Increment the SiP service minor version to 2; - Adjust the number of supported SiP service calls. Add documentation for ARM SiP service. Fixes ARM-software/tf-issues#436 Change-Id: I4347f2d6232e69fbfbe333b340fcd0caed0a4cea Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 03 May, 2017 1 commit
-
-
dp-arm authored
To make software license auditing simpler, use SPDX[0] license identifiers instead of duplicating the license text in every file. NOTE: Files that have been imported by FreeBSD have not been modified. [0]: https://spdx.org/ Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 02 May, 2017 1 commit
-
-
Jeenu Viswambharan authored
Replace all instances of checks with the new macro. Change-Id: I0eec39b9376475a1a9707a3115de9d36f88f8a2a Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 20 Apr, 2017 1 commit
-
-
Yatharth Kochar authored
Following steps are required to boot JUNO in AArch32 state: 1> BL1, in AArch64 state, loads BL2. 2> BL2, in AArch64 state, initializes DDR. Loads SP_MIN & BL33 (AArch32 executable)images. Calls RUN_IMAGE SMC to go back to BL1. 3> BL1 writes AArch32 executable opcodes, to load and branch at the entrypoint address of SP_MIN, at HI-VECTOR address and then request for warm reset in AArch32 state using RMR_EL3. This patch makes following changes to facilitate above steps: * Added assembly function to carry out step 3 above. * Added region in TZC that enables Secure access to the HI-VECTOR(0xFFFF0000) address space. * AArch32 image descriptor is used, in BL2, to load SP_MIN and BL33 AArch32 executable images. A new flag `JUNO_AARCH32_EL3_RUNTIME` is introduced that controls above changes. By default this flag is disabled. NOTE: BL1 and BL2 are not supported in AArch32 state for JUNO. Change-Id: I091d56a0e6d36663e6d9d2bb53c92c672195d1ec Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com> Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 19 Apr, 2017 1 commit
-
-
Antonio Nino Diaz authored
ARM platforms have migrated to the translation tables library v2. However, for testing purposes, it can be useful to temporarily switch back to the old version. This patch introduces the option `ARM_XLAT_TABLES_LIB_V1`, that switches to v1 of the library when is set to 1. By default, it is 0, so that ARM platforms use the new version unless specifically stated. Updated User Guide. Change-Id: I53d3c8dd97706f6af9c6fca0364a88ef341efd31 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 31 Mar, 2017 1 commit
-
-
Antonio Nino Diaz authored
This API makes sure that all the characters sent to the crash console are output before returning from it. Porting guide updated. Change-Id: I1785f970a40f6aacfbe592b6a911b1f249bb2735 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 27 Mar, 2017 1 commit
-
-
Summer Qin authored
This patch modifies some of the functions in ARM platform layer to cater for the case when multi-threading `MT` is set in MPIDR. A new build flag `ARM_PLAT_MT` is added, and when enabled, the functions accessing MPIDR now assume that the `MT` bit is set for the platform and access the bit fields accordingly. Also, a new API plat_arm_get_cpu_pe_count is added when `ARM_PLAT_MT` is enabled, returning the PE count within the physical cpu corresponding to `mpidr`. Change-Id: I04ccf212ac3054a60882761f4087bae299af13cb Signed-off-by: Summer Qin <summer.qin@arm.com>
-
- 20 Mar, 2017 1 commit
-
-
dp-arm authored
These source file definitions should be defined in generic Makefiles so that all platforms can benefit. Ensure that the symbols are properly marked as weak so they can be overridden by platforms. NOTE: This change is a potential compatibility break for non-upstream platforms. Change-Id: I7b892efa9f2d6d216931360dc6c436e1d10cffed Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 08 Mar, 2017 1 commit
-
-
Antonio Nino Diaz authored
Modify ARM common makefile to use version 2 of the translation tables library and include the new header in C files. Simplify header dependencies related to this library to simplify the change. The following table contains information about the size increase in bytes for BL1 after applying this patch. The code has been compiled for different configurations of FVP in AArch64 mode with compiler GCC 4.9.3 20150413. The sizes have been calculated with the output of `nm` by adding the size of all regions and comparing the total size before and after the change. They are sumarized in the table below: text bss data total Release +660 -20 +88 +728 Debug +740 -20 +242 +962 Debug (LOG_LEVEL=50) +1120 -20 +317 +1417 Change-Id: I539e307f158ab71e3a8b771640001fc1bf431b29 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 13 Feb, 2017 1 commit
-
-
dp-arm authored
This patch introduces the following three platform interfaces: * void plat_psci_stat_accounting_start(const psci_power_state_t *state_info) This is an optional hook that platforms can implement in order to perform accounting before entering a low power state. This typically involves capturing a timestamp. * void plat_psci_stat_accounting_stop(const psci_power_state_t *state_info) This is an optional hook that platforms can implement in order to perform accounting after exiting from a low power state. This typically involves capturing a timestamp. * u_register_t plat_psci_stat_get_residency(unsigned int lvl, const psci_power_state_t *state_info, unsigned int last_cpu_index) This is an optional hook that platforms can implement in order to calculate the PSCI stat residency. If any of these interfaces are overridden by the platform, it is recommended that all of them are. By default `ENABLE_PSCI_STAT` is disabled. If `ENABLE_PSCI_STAT` is set but `ENABLE_PMF` is not set then an alternative PSCI stat collection backend must be provided. If both are set, then default weak definitions of these functions are provided, using PMF to calculate the residency. NOTE: Previously, platforms did not have to explicitly set `ENABLE_PMF` since this was automatically done by the top-level Makefile. Change-Id: I17b47804dea68c77bc284df15ee1ccd66bc4b79b Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 06 Feb, 2017 1 commit
-
-
Douglas Raillard authored
Replace all use of memset by zeromem when zeroing moderately-sized structure by applying the following transformation: memset(x, 0, sizeof(x)) => zeromem(x, sizeof(x)) As the Trusted Firmware is compiled with -ffreestanding, it forbids the compiler from using __builtin_memset and forces it to generate calls to the slow memset implementation. Zeromem is a near drop in replacement for this use case, with a more efficient implementation on both AArch32 and AArch64. Change-Id: Ia7f3a90e888b96d056881be09f0b4d65b41aa79e Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 23 Jan, 2017 2 commits
-
-
Masahiro Yamada authored
One nasty part of ATF is some of boolean macros are always defined as 1 or 0, and the rest of them are only defined under certain conditions. For the former group, "#if FOO" or "#if !FOO" must be used because "#ifdef FOO" is always true. (Options passed by $(call add_define,) are the cases.) For the latter, "#ifdef FOO" or "#ifndef FOO" should be used because checking the value of an undefined macro is strange. For AARCH32/AARCH64, these macros are defined in the top-level Makefile as follows: ifeq (${ARCH},aarch32) $(eval $(call add_define,AARCH32)) else $(eval $(call add_define,AARCH64)) endif This means only one of the two is defined. So, AARCH32/AARCH64 belongs to the latter group where we should use #ifdef or #ifndef. The conditionals are mostly coded correctly, but I see some mistakes. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
One nasty part of ATF is some of boolean macros are always defined as 1 or 0, and the rest of them are only defined under certain conditions. For the former group, "#if FOO" or "#if !FOO" must be used because "#ifdef FOO" is always true. (Options passed by $(call add_define,) are the cases.) For the latter, "#ifdef FOO" or "#ifndef FOO" should be used because checking the value of an undefined macro is strange. Here, IMAGE_BL* is handled by make_helpers/build_macro.mk like follows: $(eval IMAGE := IMAGE_BL$(call uppercase,$(3))) $(OBJ): $(2) @echo " CC $$<" $$(Q)$$(CC) $$(TF_CFLAGS) $$(CFLAGS) -D$(IMAGE) -c $$< -o $$@ This means, IMAGE_BL* is defined when building the corresponding image, but *undefined* for the other images. So, IMAGE_BL* belongs to the latter group where we should use #ifdef or #ifndef. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 18 Jan, 2017 2 commits
-
-
Masahiro Yamada authored
We have lots of duplicated defines (and comment blocks too). Move them to include/plat/common/common_def.h. While we are here, suffix the end address with _END instead of _LIMIT. The _END is a better fit to indicate the linker-derived real end address. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The usage of _LIMIT seems odd here, so rename as follows: BL_CODE_LIMIT --> BL_CODE_END BL_RO_DATA_LIMIT --> BL_RO_DATA_END BL1_CODE_LIMIT --> BL1_CODE_END BL1_RO_DATA_LIMIT --> BL1_RO_DATA_END Basically, we want to use _LIMIT and _END properly as follows: *_SIZE + *_MAX_SIZE = *_LIMIT *_SIZE + *_SIZE = *_END The _LIMIT is generally defined by platform_def.h to indicate the platform-dependent memory constraint. So, its typical usage is ASSERT(. <= BL31_LIMIT, "BL31 image has exceeded its limit.") in a linker script. On the other hand, _END is used to indicate the end address of the compiled image, i.e. we do not know it until the image is linked. Here, all of these macros belong to the latter, so should be suffixed with _END. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 20 Dec, 2016 1 commit
-
-
Sandrine Bailleux authored
Before adding a base address and a size to compute the end address of an image to copy or authenticate, check this won't result in an integer overflow. If it does then consider the input arguments are invalid. As a result, bl1_plat_mem_check() can now safely assume the end address (computed as the sum of the base address and size of the memory region) doesn't overflow, as the validation is done upfront in bl1_fwu_image_copy/auth(). A debug assertion has been added nonetheless in the ARM implementation in order to help catching such problems, should bl1_plat_mem_check() be called in a different context in the future. Fixes TFV-1: Malformed Firmware Update SMC can result in copy of unexpectedly large data into secure memory Change-Id: I8b8f8dd4c8777705722c7bd0e8b57addcba07e25 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Signed-off-by: Dan Handley <dan.handley@arm.com>
-
- 19 Dec, 2016 1 commit
-
-
Jeenu Viswambharan authored
ASM_ASSERT failure and panic messages are suppressed at present. This patch enables printing the PC location for panic messages, and file name and line number upon assembly assert failure. Change-Id: I80cb715988e7ce766f64da1e1d7065a74a096a0c Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 15 Dec, 2016 2 commits
-
-
dp-arm authored
The previous code required that a certificate be signed with the ROT key before the platform's NV counter could be updated with the value in the certificate. This implies that the Non-Trusted NV counter was not being updated for Non-Trusted content certificates, as they cannot be signed with the ROT key in the TBBR CoT scheme. The code is reworked to only allow updating the platform's Trusted NV counter when a certificate protected by the Trusted NV counter is signed with the ROT key. Content certificates protected by the Non-Trusted NV counter are allowed to update the platform's Non-Trusted NV counter, assuming that the certificate value is higher than the platform's value. A new optional platform API has been introduced, named plat_set_nv_ctr2(). Platforms may choose to implement it and perform additional checks based on the authentication image descriptor before modifying the NV counters. A default weak implementation is available that just calls into plat_set_nv_ctr(). Fixes ARM-software/tf-issues#426 Change-Id: I4fc978fd28a3007bc0cef972ff1f69ad0413b79c Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
Jeenu Viswambharan authored
As with other ARM platform GIC APIs, these directly invoke the GICv3 driver APIs for Redistributor power management. For the sake of uniform GIC API, empty stubs are placed for those GIC drivers that lack Redistributor component. Change-Id: Iad0d760d4dbca790998f7768cda621ff3b15a864 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 14 Dec, 2016 1 commit
-
-
Yatharth Kochar authored
This patch enables TRUSTED_BOARD_BOOT (Authentication and FWU) support, for AArch64, when LOAD_IMAGE_V2 is enabled. This patch also enables LOAD_IMAGE_V2 for ARM platforms. Change-Id: I294a2eebce7a30b6784c80c9d4ac7752808ee3ad Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>
-
- 07 Dec, 2016 1 commit
-
-
Soby Mathew authored
The capabilities exposed by the PSCI generic layer depends on the hooks populated by the platform in `plat_arm_psci_pm_ops`. Currently ARM Standard platforms statically define this structure. However, some platforms may want to modify the hooks at runtime before registering them with the generic layer. This patch introduces a new ARM platform layer API `plat_arm_psci_override_pm_ops` which allows the platform to probe the power controller and modify `plat_arm_psci_pm_ops` if required. Consequently, 'plat_arm_psci_pm_ops' is no longer qualified as `const` on ARM Standard platforms. Change-Id: I7dbb44b7bd36c20ec14ded5ee45a96816ca2ab9d Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 22 Nov, 2016 1 commit
-
-
Douglas Raillard authored
Add dependency information in the user guide for ARM_RECOM_STATE_ID_ENC that needs to be set when using PSCI_EXTENDED_STATE_ID on ARM platforms. Also clarify the build error message. Change-Id: Id125a0299b179f5f222bca4e2503204bf89a3c59 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-