1. 16 Feb, 2016 1 commit
    • Vikram Kanigiri's avatar
      Make SCP_BL2(U) image loading configurable on CSS platforms · 7fb9a32d
      Vikram Kanigiri authored
      Current code mandates loading of SCP_BL2/SCP_BL2U images for all
      CSS platforms. On future ARM CSS platforms, the Application
      Processor (AP) might not need to load these images. So, these
      items can be removed from the FIP on those platforms.
      
      BL2 tries to load  SCP_BL2/SCP_BL2U images if their base
      addresses are defined causing boot error if the images are not
      found in FIP.
      
      This change adds a make flag `CSS_LOAD_SCP_IMAGES` which if set
      to `1` does:
      1. Adds SCP_BL2, SCP_BL2U images to FIP.
      2. Defines the base addresses of these images so that AP loads
         them.
      
      And vice-versa if it is set to `0`. The default value is set to
      `1`.
      
      Change-Id: I5abfe22d5dc1e9d80d7809acefc87b42a462204a
      7fb9a32d
  2. 08 Feb, 2016 1 commit
    • Sandrine Bailleux's avatar
      Disable non-temporal hint on Cortex-A53/57 · 54035fc4
      Sandrine Bailleux authored
      The LDNP/STNP instructions as implemented on Cortex-A53 and
      Cortex-A57 do not behave in a way most programmers expect, and will
      most probably result in a significant speed degradation to any code
      that employs them. The ARMv8-A architecture (see Document ARM DDI
      0487A.h, section D3.4.3) allows cores to ignore the non-temporal hint
      and treat LDNP/STNP as LDP/STP instead.
      
      This patch introduces 2 new build flags:
      A53_DISABLE_NON_TEMPORAL_HINT and A57_DISABLE_NON_TEMPORAL_HINT
      to enforce this behaviour on Cortex-A53 and Cortex-A57. They are
      enabled by default.
      
      The string printed in debug builds when a specific CPU errata
      workaround is compiled in but skipped at runtime has been
      generalised, so that it can be reused for the non-temporal hint use
      case as well.
      
      Change-Id: I3e354f4797fd5d3959872a678e160322b13867a1
      54035fc4
  3. 29 Jan, 2016 2 commits
    • Sandrine Bailleux's avatar
      Porting Guide: Clarify identity-mapping requirement · ef7fb9e4
      Sandrine Bailleux authored
      The memory translation library in Trusted Firmware supports
      non-identity mappings for Physical to Virtual addresses since commit
      f984ce84. However, the porting guide hasn't been updated
      accordingly and still mandates the platform ports to use
      identity-mapped page tables for all addresses.
      
      This patch removes this out-dated information from the Porting Guide
      and clarifies in which circumstances non-identity mapping may safely
      be used.
      
      Fixes ARM-software/tf-issues#258
      
      Change-Id: I84dab9f3cabfc43794951b1828bfecb13049f706
      ef7fb9e4
    • Sandrine Bailleux's avatar
      Clarify EL3 payload documentation · 143fbef4
      Sandrine Bailleux authored
      This patch reworks the section about booting an EL3 payload in the
      User Guide:
      
       - Centralize all EL3 payload related information in the same
         section.
      
       - Mention the possibility to program the EL3 payload in flash memory
         and execute it in place.
      
       - Provide model parameters for both the Base and Foundation FVPs.
      
       - Provide some guidance to boot an EL3 payload on Juno.
      
      Change-Id: I975c8de6b9b54ff4de01a1154cba63271d709912
      143fbef4
  4. 21 Jan, 2016 1 commit
    • Juan Castillo's avatar
      Disable PL011 UART before configuring it · 9400b40e
      Juan Castillo authored
      The PL011 TRM (ARM DDI 0183G) specifies that the UART must be
      disabled before any of the control registers are programmed. The
      PL011 driver included in TF does not disable the UART, so the
      initialization in BL2 and BL31 is violating this requirement
      (and potentially in BL1 if the UART is enabled after reset).
      
      This patch modifies the initialization function in the PL011
      console driver to disable the UART before programming the
      control registers.
      
      Register clobber list and documentation updated.
      
      Fixes ARM-software/tf-issues#300
      
      Change-Id: I839b2d681d48b03f821ac53663a6a78e8b30a1a1
      9400b40e
  5. 20 Jan, 2016 1 commit
    • Juan Castillo's avatar
      ARM plat: add build option to unlock access to non-secure timer · 0e5dcdd2
      Juan Castillo authored
      Currently, Trusted Firmware on ARM platforms unlocks access to the
      timer frame registers that will be used by the Non-Secure world. This
      unlock operation should be done by the Non-Secure software itself,
      instead of relying on secure firmware settings.
      
      This patch adds a new ARM specific build option 'ARM_CONFIG_CNTACR'
      to unlock access to the timer frame by setting the corresponding
      bits in the CNTACR<N> register. The frame id <N> is defined by
      'PLAT_ARM_NSTIMER_FRAME_ID'. Default value is true (unlock timer
      access).
      
      Documentation updated accordingly.
      
      Fixes ARM-software/tf-issues#170
      
      Change-Id: Id9d606efd781e43bc581868cd2e5f9c8905bdbf6
      0e5dcdd2
  6. 18 Jan, 2016 1 commit
  7. 15 Jan, 2016 1 commit
    • Sandrine Bailleux's avatar
      Doc: Update out-dated info about Juno's mailbox · 6e8bb1e3
      Sandrine Bailleux authored
      Since commit 804040d1, the Juno port has moved from per-CPU mailboxes
      to a single shared one. This patch updates an out-dated reference to
      the former per-CPU mailboxes mechanism in the Firmware Design.
      
      Change-Id: I355b54156b1ace1b3df4c4416e1e8625211677fc
      6e8bb1e3
  8. 14 Jan, 2016 1 commit
  9. 13 Jan, 2016 1 commit
  10. 12 Jan, 2016 1 commit
  11. 08 Jan, 2016 1 commit
    • Sandrine Bailleux's avatar
      Fixes in CPU specific operations framework doc · de849c8c
      Sandrine Bailleux authored
      This patch fixes a couple of issues in the "CPU specific operations
      framework" section in the Firmware Design document.
      
       * Fix broken link to the CPU Specific Build Macros document.
      
       * Fix the path to the cortex_a53.S file.
      
       * Fix power levels terminology.
      
      Change-Id: Ib610791eaba13dab2823b7699bb63534bcd1c8fb
      de849c8c
  12. 05 Jan, 2016 1 commit
    • Juan Castillo's avatar
      Apply TBBR naming convention to the fip_create options · 8f0617ef
      Juan Castillo authored
      The fip_create tool specifies images in the command line using the
      ARM TF naming convention (--bl2, --bl31, etc), while the cert_create
      tool uses the TBBR convention (--tb-fw, --soc-fw, etc). This double
      convention is confusing and should be aligned.
      
      This patch updates the fip_create command line options to follow the
      TBBR naming convention. Usage examples in the User Guide have been
      also updated.
      
      NOTE: users that build the FIP by calling the fip_create tool directly
      from the command line must update the command line options in their
      scripts. Users that build the FIP by invoking the main ARM TF Makefile
      should not notice any difference.
      
      Change-Id: I84d602630a2585e558d927b50dfde4dd2112496f
      8f0617ef
  13. 21 Dec, 2015 3 commits
  14. 17 Dec, 2015 3 commits
  15. 15 Dec, 2015 2 commits
    • Sandrine Bailleux's avatar
      Introduce the ARM TF reset design document · c2f0260c
      Sandrine Bailleux authored
      This patch introduces a new document presenting the ARM Trusted
      Firmware Reset Design. It shows the reset code flow, lists the
      different build options that affect it, in which case to use them
      and what their exact effect is.
      
      The section about using BL31 entrypoint as the reset address has
      been moved from the general firmware design document to this one.
      It's also been improved to explain why the FVP port supports the
      RESET_TO_BL31 configuration, even though the reset vector address
      can't be programmed dynamically.
      
      This document includes some images, which have been generated using
      Dia version 0.97.2. This tool can be obtained from:
      https://wiki.gnome.org/Apps/Dia/Download
      This patch provides:
       - the image files describing the different reset flow diagrams;
       - the source '.dia' file;
       - a script automating the generation of the images from the '.dia'
         file.
      Note that the 2 latter files are not actually needed for the document
      and are provided for convenience only, in case the reset images need
      to be modified.
      
      Change-Id: Ib6302e8209d418a5b31c4e85e55fd9e83caf2ca2
      c2f0260c
    • Soby Mathew's avatar
      Documentation updates for the new GIC drivers · 81123e82
      Soby Mathew authored
      This patch updates the relevant documentation in ARM Trusted Firmware
      for the new GIC drivers. The user-guide.md and porting-guide.md have been
      updated as follows:
      
      *  The build option to compile Trusted Firmware with different GIC drivers
         for FVP has been explained in the user-guide.md.
      
      *  The implementation details of interrupt management framework porting
         APIs for GICv3 have been added in porting-guide.md.
      
      *  The Linaro tracking kernel release does not work OOB in GICv3 mode.
         The instructions for changing UEFI configuration in order to run with
         the new GICv3 driver in ARM TF have been added to user-guide.md.
      
      The interrupt-framework-design.md has been updated as follows:
      
      *  Describes support for registering and handling interrupts targeted to EL3
         e.g. Group 0 interrupts in GICv3.
      
      *  Describes the build option `TSP_NS_INTR_ASYNC_PREEMPT` in detail.
      
      *  Describes preemption of TSP in S-EL1 by non secure interrupts and
         also possibly by higher priority EL3 interrupts.
      
      *  Describes the normal world sequence for issuing `standard` SMC calls.
      
      *  Modifies the document to correspond to the current state of interrupt
         handling in TSPD and TSP.
      
      *  Modifies the various functions names in the document to reflect
         the current names used in code.
      
      Change-Id: I78c9514b5be834f193405aad3c1752a4a9e27a6c
      81123e82
  16. 14 Dec, 2015 3 commits
    • Juan Castillo's avatar
      Remove dashes from image names: 'BL3-x' --> 'BL3x' · d178637d
      Juan Castillo authored
      This patch removes the dash character from the image name, to
      follow the image terminology in the Trusted Firmware Wiki page:
      
          https://github.com/ARM-software/arm-trusted-firmware/wiki
      
      Changes apply to output messages, comments and documentation.
      
      non-ARM platform files have been left unmodified.
      
      Change-Id: Ic2a99be4ed929d52afbeb27ac765ceffce46ed76
      d178637d
    • Juan Castillo's avatar
      Replace all SCP FW (BL0, BL3-0) references · f59821d5
      Juan Castillo authored
      This patch replaces all references to the SCP Firmware (BL0, BL30,
      BL3-0, bl30) with the image terminology detailed in the TF wiki
      (https://github.com/ARM-software/arm-trusted-firmware/wiki):
      
          BL0          -->  SCP_BL1
          BL30, BL3-0  -->  SCP_BL2
          bl30         -->  scp_bl2
      
      This change affects code, documentation, build system, tools and
      platform ports that load SCP firmware. ARM plaforms have been
      updated to the new porting API.
      
      IMPORTANT: build option to specify the SCP FW image has changed:
      
          BL30 --> SCP_BL2
      
      IMPORTANT: This patch breaks compatibility for platforms that use BL2
      to load SCP firmware. Affected platforms must be updated as follows:
      
          BL30_IMAGE_ID --> SCP_BL2_IMAGE_ID
          BL30_BASE --> SCP_BL2_BASE
          bl2_plat_get_bl30_meminfo() --> bl2_plat_get_scp_bl2_meminfo()
          bl2_plat_handle_bl30() --> bl2_plat_handle_scp_bl2()
      
      Change-Id: I24c4c1a4f0e4b9f17c9e4929da815c4069549e58
      f59821d5
    • Juan Castillo's avatar
      TBB: apply TBBR naming convention to certificates and extensions · 516beb58
      Juan Castillo authored
      This patch applies the TBBR naming convention to the certificates
      and the corresponding extensions defined by the CoT:
      
          * Certificate UUID names
          * Certificate identifier names
          * OID names
      
      Changes apply to:
      
          * Generic code (variables and defines)
          * The default certificate identifiers provided in the generic
            code
          * Build system
          * ARM platforms port
          * cert_create tool internal definitions
          * fip_create and cert_create tools command line options
          * Documentation
      
      IMPORTANT: this change breaks the compatibility with platforms
      that use TBBR. The platform will need to adapt the identifiers
      and OIDs to the TBBR naming convention introduced by this patch:
      
      Certificate UUIDs:
      
          UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT --> UUID_TRUSTED_BOOT_FW_CERT
          UUID_SCP_FIRMWARE_BL30_KEY_CERT --> UUID_SCP_FW_KEY_CERT
          UUID_SCP_FIRMWARE_BL30_CERT --> UUID_SCP_FW_CONTENT_CERT
          UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT --> UUID_SOC_FW_KEY_CERT
          UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT --> UUID_SOC_FW_CONTENT_CERT
          UUID_SECURE_PAYLOAD_BL32_KEY_CERT --> UUID_TRUSTED_OS_FW_KEY_CERT
          UUID_SECURE_PAYLOAD_BL32_CERT --> UUID_TRUSTED_OS_FW_CONTENT_CERT
          UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT --> UUID_NON_TRUSTED_FW_KEY_CERT
          UUID_NON_TRUSTED_FIRMWARE_BL33_CERT --> UUID_NON_TRUSTED_FW_CONTENT_CERT
      
      Certificate identifiers:
      
          BL2_CERT_ID --> TRUSTED_BOOT_FW_CERT_ID
          BL30_KEY_CERT_ID --> SCP_FW_KEY_CERT_ID
          BL30_CERT_ID --> SCP_FW_CONTENT_CERT_ID
          BL31_KEY_CERT_ID --> SOC_FW_KEY_CERT_ID
          BL31_CERT_ID --> SOC_FW_CONTENT_CERT_ID
          BL32_KEY_CERT_ID --> TRUSTED_OS_FW_KEY_CERT_ID
          BL32_CERT_ID --> TRUSTED_OS_FW_CONTENT_CERT_ID
          BL33_KEY_CERT_ID --> NON_TRUSTED_FW_KEY_CERT_ID
          BL33_CERT_ID --> NON_TRUSTED_FW_CONTENT_CERT_ID
      
      OIDs:
      
          TZ_FW_NVCOUNTER_OID --> TRUSTED_FW_NVCOUNTER_OID
          NTZ_FW_NVCOUNTER_OID --> NON_TRUSTED_FW_NVCOUNTER_OID
          BL2_HASH_OID --> TRUSTED_BOOT_FW_HASH_OID
          TZ_WORLD_PK_OID --> TRUSTED_WORLD_PK_OID
          NTZ_WORLD_PK_OID --> NON_TRUSTED_WORLD_PK_OID
          BL30_CONTENT_CERT_PK_OID --> SCP_FW_CONTENT_CERT_PK_OID
          BL30_HASH_OID --> SCP_FW_HASH_OID
          BL31_CONTENT_CERT_PK_OID --> SOC_FW_CONTENT_CERT_PK_OID
          BL31_HASH_OID --> SOC_AP_FW_HASH_OID
          BL32_CONTENT_CERT_PK_OID --> TRUSTED_OS_FW_CONTENT_CERT_PK_OID
          BL32_HASH_OID --> TRUSTED_OS_FW_HASH_OID
          BL33_CONTENT_CERT_PK_OID --> NON_TRUSTED_FW_CONTENT_CERT_PK_OID
          BL33_HASH_OID --> NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID
          BL2U_HASH_OID --> AP_FWU_CFG_HASH_OID
          SCP_BL2U_HASH_OID --> SCP_FWU_CFG_HASH_OID
          NS_BL2U_HASH_OID --> FWU_HASH_OID
      
      Change-Id: I1e047ae046299ca913911c39ac3a6e123bd41079
      516beb58
  17. 10 Dec, 2015 3 commits
    • Juan Castillo's avatar
      Move up to mbed TLS 2.x · 649dbf6f
      Juan Castillo authored
      The mbed TLS library has introduced some changes in the API from
      the 1.3.x to the 2.x releases. Using the 2.x releases requires
      some changes to the crypto and transport modules.
      
      This patch updates both modules to the mbed TLS 2.x API.
      
      All references to the mbed TLS library in the code or documentation
      have been updated to 'mbed TLS'. Old references to PolarSSL have
      been updated to 'mbed TLS'.
      
      User guide updated to use mbed TLS 2.2.0.
      
      NOTE: moving up to mbed TLS 2.x from 1.3.x is not backward compatible.
      Applying this patch will require an mbed TLS 2.x release to be used.
      Also note that the mbed TLS license changed to Apache version 2.0.
      
      Change-Id: Iba4584408653cf153091f2ca2ee23bc9add7fda4
      649dbf6f
    • Sandrine Bailleux's avatar
      Move up dependency versions in user guide · 92a0ac43
      Sandrine Bailleux authored
      Move up the version numbers in the user guide of:
      
       * DS-5 (to v5.22)
       * Base FVP (to 7.0)
       * Foundation FVP (to 9.4)
       * Linaro release (to 15.10)
      
      Note that, starting from Linaro release 15.10, the related release
      instructions have migrated from http://releases.linaro.org to the
      ARM Connected Community website. The URLs in the User Guide have
      been updated accordingly.
      
      The 'libssl-dev' package has been removed from the list of
      prerequisite tools, as it is already referenced on the ARM Connected
      Community page. Also, the 'device-tree-compiler' package has been
      marked as an optional dependency, since the Trusted Firmware
      repository provides the prebuilt DTB files. Hence, this tool is
      needed only when the user wants to rebuild the DTS files.
      
      Change-Id: I4a172ece60bf90437131c6b96e73a9f1e9b40117
      92a0ac43
    • Juan Castillo's avatar
      De-feature PL011 UART driver to match generic UART spec · 12f654b6
      Juan Castillo authored
      The Server Base System Architecture document (ARM-DEN-0029)
      specifies a generic UART device. The programmer's view of this
      generic UART is a subset of the ARM PL011 UART. However, the
      current PL011 driver in Trusted Firmware uses some features
      that are outside the generic UART specification.
      
      This patch modifies the PL011 driver to exclude features outside
      the SBSA generic UART specification by setting the boolean build
      option 'PL011_GENERIC_UART=1'. Default value is 0 (use full
      PL011 features).
      
      User guide updated.
      
      Fixes ARM-software/tf-issues#216
      
      Change-Id: I6e0eb86f9d69569bc3980fb57e70d6da5d91a737
      12f654b6
  18. 09 Dec, 2015 2 commits
    • Soby Mathew's avatar
      Specify BL31 runtime console for ARM Standard platforms · 080225da
      Soby Mathew authored
      This patch overrides the default weak definition of
      `bl31_plat_runtime_setup()` for ARM Standard platforms to
      specify a BL31 runtime console. ARM Standard platforms are
      now expected to define `PLAT_ARM_BL31_RUN_UART_BASE` and
      `PLAT_ARM_BL31_RUN_UART_CLK_IN_HZ` macros which is required
      by `arm_bl31_plat_runtime_setup()` to initialize the runtime
      console.
      
      The system suspend resume helper `arm_system_pwr_domain_resume()`
      is fixed to initialize the runtime console rather than the boot
      console on resumption from system suspend.
      
      Fixes ARM-software/tf-issues#220
      
      Change-Id: I80eafe5b6adcfc7f1fdf8b99659aca1c64d96975
      080225da
    • Soby Mathew's avatar
      Ensure BL31 does not print to boot console by default · 78e61613
      Soby Mathew authored
      It is not ideal for BL31 to continue to use boot console at
      runtime which could be potentially uninitialized. This patch
      introduces a new optional platform porting API
      `bl31_plat_runtime_setup()` which allows the platform to perform
      any BL31 runtime setup just prior to BL31 exit during cold boot.
      The default weak implementation of this function will invoke
      `console_uninit()` which will suppress any BL31 runtime logs.
      
      On the ARM Standard platforms, there is an anomaly that
      the boot console will be reinitialized on resumption from
      system suspend in `arm_system_pwr_domain_resume()`. This
      will be resolved in the following patch.
      
      NOTE: The default weak definition of `bl31_plat_runtime_setup()`
      disables the BL31 console. To print the BL31 runtime
      messages, platforms must override this API and initialize a
      runtime console.
      
      Fixes ARM-software/tf-issues#328
      
      Change-Id: Ibaf8346fcceb447fe1a5674094c9f8eb4c09ac4a
      78e61613
  19. 04 Dec, 2015 1 commit
    • Soby Mathew's avatar
      Enable use of FIQs and IRQs as TSP interrupts · 02446137
      Soby Mathew authored
      On a GICv2 system, interrupts that should be handled in the secure world are
      typically signalled as FIQs. On a GICv3 system, these interrupts are signalled
      as IRQs instead. The mechanism for handling both types of interrupts is the same
      in both cases. This patch enables the TSP to run on a GICv3 system by:
      
      1. adding support for handling IRQs in the exception handling code.
      2. removing use of "fiq" in the names of data structures, macros and functions.
      
      The build option TSPD_ROUTE_IRQ_TO_EL3 is deprecated and is replaced with a
      new build flag TSP_NS_INTR_ASYNC_PREEMPT. For compatibility reasons, if the
      former build flag is defined, it will be used to define the value for the
      new build flag. The documentation is also updated accordingly.
      
      Change-Id: I1807d371f41c3656322dd259340a57649833065e
      02446137
  20. 02 Dec, 2015 1 commit
    • Juan Castillo's avatar
      TBB: add Trusted Watchdog support on ARM platforms · 7b4c1405
      Juan Castillo authored
      This patch adds watchdog support on ARM platforms (FVP and Juno).
      A secure instance of SP805 is used as Trusted Watchdog. It is
      entirely managed in BL1, being enabled in the early platform setup
      hook and disabled in the exit hook. By default, the watchdog is
      enabled in every build (even when TBB is disabled).
      
      A new ARM platform specific build option `ARM_DISABLE_TRUSTED_WDOG`
      has been introduced to allow the user to disable the watchdog at
      build time. This feature may be used for testing or debugging
      purposes.
      
      Specific error handlers for Juno and FVP are also provided in this
      patch. These handlers will be called after an image load or
      authentication error. On FVP, the Table of Contents (ToC) in the FIP
      is erased. On Juno, the corresponding error code is stored in the
      V2M Non-Volatile flags register. In both cases, the CPU spins until
      a watchdog reset is generated after 256 seconds (as specified in
      the TBBR document).
      
      Change-Id: I9ca11dcb0fe15af5dbc5407ab3cf05add962f4b4
      7b4c1405
  21. 26 Nov, 2015 8 commits
    • Sandrine Bailleux's avatar
      User Guide: Remove reference to porting guide · dc2d4038
      Sandrine Bailleux authored
      The implications of the 'PROGRAMMABLE_RESET_ADDRESS' build option on
      the platform porting layer are simple enough to be described in the
      User Guide directly. This patch removes the reference to the Porting
      Guide.
      
      Change-Id: I7f753b18abd20effc4fd30836609e1fd51d9221d
      dc2d4038
    • Sandrine Bailleux's avatar
      Introduce COLD_BOOT_SINGLE_CPU build option · a9bec67d
      Sandrine Bailleux authored
      This patch introduces a new build option named COLD_BOOT_SINGLE_CPU,
      which allows platforms that only release a single CPU out of reset to
      slightly optimise their cold boot code, both in terms of code size
      and performance.
      
      COLD_BOOT_SINGLE_CPU defaults to 0, which assumes that the platform
      may release several CPUs out of reset. In this case, the cold reset
      code needs to coordinate all CPUs via the usual primary/secondary
      CPU distinction.
      
      If a platform guarantees that only a single CPU will ever be released
      out of reset, there is no need to arbitrate execution ; the notion of
      primary and secondary CPUs itself no longer exists. Such platforms
      may set COLD_BOOT_SINGLE_CPU to 1 in order to compile out the
      primary/secondary CPU identification in the cold reset code.
      
      All ARM standard platforms can release several CPUs out of reset
      so they use COLD_BOOT_SINGLE_CPU=0. However, on CSS platforms like
      Juno, bringing up more than one CPU at reset should only be attempted
      when booting an EL3 payload, as it is not fully supported in the
      normal boot flow.
      
      For platforms using COLD_BOOT_SINGLE_CPU=1, the following 2 platform
      APIs become optional:
        - plat_secondary_cold_boot_setup();
        - plat_is_my_cpu_primary().
      The Porting Guide has been updated to reflect that.
      
      User Guide updated as well.
      
      Change-Id: Ic5b474e61b7aec1377d1e0b6925d17dfc376c46b
      a9bec67d
    • Sandrine Bailleux's avatar
      Document the EL3 payload support · aba2f1e0
      Sandrine Bailleux authored
       - Document the new build option EL3_PAYLOAD_BASE
      
       - Document the EL3 payload boot flow
      
       - Document the FVP model parameters to boot an EL3 payload
      
      Change-Id: Ie6535914a9a68626e4401659bee4fcfd53d4bd37
      aba2f1e0
    • Sandrine Bailleux's avatar
      FVP: Do not power off secondary CPUs when booting an EL3 payload · cdf14088
      Sandrine Bailleux authored
      Normally, in the FVP port, secondary CPUs are immediately powered
      down if they are powered on at reset. However, when booting an EL3
      payload, we need to keep them powered on as the requirement is for
      all CPUs to enter the EL3 payload image. This patch puts them in a
      holding pen instead of powering them off.
      
      Change-Id: I6526a88b907a0ddb820bead72f1d350a99b1692c
      cdf14088
    • Sandrine Bailleux's avatar
      CSS: Enable booting of EL3 payloads · 4c117f6c
      Sandrine Bailleux authored
      This patch adds support for booting EL3 payloads on CSS platforms,
      for example Juno. In this scenario, the Trusted Firmware follows
      its normal boot flow up to the point where it would normally pass
      control to the BL31 image. At this point, it jumps to the EL3
      payload entry point address instead.
      
      Before handing over to the EL3 payload, the data SCP writes for AP
      at the beginning of the Trusted SRAM is restored, i.e. we zero the
      first 128 bytes and restore the SCP Boot configuration. The latter
      is saved before transferring the BL30 image to SCP and is restored
      just after the transfer (in BL2). The goal is to make it appear that
      the EL3 payload is the first piece of software to run on the target.
      
      The BL31 entrypoint info structure is updated to make the primary
      CPU jump to the EL3 payload instead of the BL31 image.
      
      The mailbox is populated with the EL3 payload entrypoint address,
      which releases the secondary CPUs out of their holding pen (if the
      SCP has powered them on). The arm_program_trusted_mailbox() function
      has been exported for this purpose.
      
      The TZC-400 configuration in BL2 is simplified: it grants secure
      access only to the whole DRAM. Other security initialization is
      unchanged.
      
      This alternative boot flow is disabled by default. A new build option
      EL3_PAYLOAD_BASE has been introduced to enable it and provide the EL3
      payload's entry point address. The build system has been modified
      such that BL31 and BL33 are not compiled and/or not put in the FIP in
      this case, as those images are not used in this boot flow.
      
      Change-Id: Id2e26fa57988bbc32323a0effd022ab42f5b5077
      4c117f6c
    • Sandrine Bailleux's avatar
      Pass the entry point info to bl1_plat_prepare_exit() · 862b5dc2
      Sandrine Bailleux authored
      This patch modifies the prototype of the bl1_plat_prepare_exit()
      platform API to pass the address of the entry point info structure
      received from BL2. The structure contains information that can be
      useful, depending on the kind of clean up or bookkeeping operations
      to perform.
      
      The weak implementation of this function ignores this argument to
      preserve platform backwards compatibility.
      
      NOTE: THIS PATCH MAY BREAK PLATFORM PORTS THAT ARE RELYING ON THE
      FORMER PROTOTYPE OF THE BL1_PLAT_PREPARE_EXIT() API.
      
      Change-Id: I3fc18f637de06c85719c4ee84c85d6a4572a0fdb
      862b5dc2
    • Sandrine Bailleux's avatar
      Introduce SPIN_ON_BL1_EXIT build flag · 35e8c766
      Sandrine Bailleux authored
      This patch introduces a new build flag, SPIN_ON_BL1_EXIT, which
      puts an infinite loop in BL1. It is intended to help debugging
      the post-BL2 phase of the Trusted Firmware by stopping execution
      in BL1 just before handing over to BL31. At this point, the
      developer may take control of the target using a debugger.
      
      This feature is disabled by default and can be enabled by
      rebuilding BL1 with SPIN_ON_BL1_EXIT=1.
      
      User Guide updated accordingly.
      
      Change-Id: I6b6779d5949c9e5571dd371255520ef1ac39685c
      35e8c766
    • Soby Mathew's avatar
      Remove the IMF_READ_INTERRUPT_ID build option · 54718418
      Soby Mathew authored
      The IMF_READ_INTERRUPT_ID build option enables a feature where the interrupt
      ID of the highest priority pending interrupt is passed as a parameter to the
      interrupt handler registered for that type of interrupt. This additional read
      of highest pending interrupt id from GIC is problematic as it is possible that
      the original interrupt may get deasserted and another interrupt of different
      type maybe become the highest pending interrupt. Hence it is safer to prevent
      such behaviour by removing the IMF_READ_INTERRUPT_ID build option.
      
      The `id` parameter of the interrupt handler `interrupt_type_handler_t` is
      now made a reserved parameter with this patch. It will always contain
      INTR_ID_UNAVAILABLE.
      
      Fixes ARM-software/tf-issues#307
      
      Change-Id: I2173aae1dd37edad7ba6bdfb1a99868635fa34de
      54718418
  22. 24 Nov, 2015 1 commit
    • Soby Mathew's avatar
      Replace build macro WARN_DEPRECATED with ERROR_DEPRECATED · 7a24cba5
      Soby Mathew authored
      This patch changes the build time behaviour when using deprecated API within
      Trusted Firmware. Previously the use of deprecated APIs would only trigger a
      build warning (which was always treated as a build error), when
      WARN_DEPRECATED = 1. Now, the use of deprecated C declarations will always
      trigger a build time warning. Whether this warning is treated as error or not
      is determined by the build flag ERROR_DEPRECATED which is disabled by default.
      When the build flag ERROR_DEPRECATED=1, the invocation of deprecated API or
      inclusion of deprecated headers will result in a build error.
      
      Also the deprecated context management helpers in context_mgmt.c are now
      conditionally compiled depending on the value of ERROR_DEPRECATED flag
      so that the APIs themselves do not result in a build error when the
      ERROR_DEPRECATED flag is set.
      
      NOTE: Build systems that use the macro WARN_DEPRECATED must migrate to
      using ERROR_DEPRECATED, otherwise deprecated API usage will no longer
      trigger a build error.
      
      Change-Id: I843bceef6bde979af7e9b51dddf861035ec7965a
      7a24cba5