1. 03 May, 2017 1 commit
  2. 20 Apr, 2017 1 commit
    • Antonio Nino Diaz's avatar
      tspd:FWU:Fix usage of SMC_RET0 · 7a317a70
      Antonio Nino Diaz authored
      
      
      SMC_RET0 should only be used when the SMC code works as a function that
      returns void. If the code of the SMC uses SMC_RET1 to return a value to
      signify success and doesn't return anything in case of an error (or the
      other way around) SMC_RET1 should always be used to return clearly
      identifiable values.
      
      This patch fixes two cases in which the code used SMC_RET0 instead of
      SMC_RET1.
      
      It also introduces the define SMC_OK to use when an SMC must return a
      value to tell that it succeeded, the same way as SMC_UNK is used in case
      of failure.
      
      Change-Id: Ie4278b51559e4262aced13bbde4e844023270582
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      7a317a70
  3. 06 Mar, 2017 7 commits
  4. 23 Feb, 2017 2 commits
  5. 06 Feb, 2017 1 commit
    • Douglas Raillard's avatar
      Replace some memset call by zeromem · 32f0d3c6
      Douglas Raillard authored
      
      
      Replace all use of memset by zeromem when zeroing moderately-sized
      structure by applying the following transformation:
      memset(x, 0, sizeof(x)) => zeromem(x, sizeof(x))
      
      As the Trusted Firmware is compiled with -ffreestanding, it forbids the
      compiler from using __builtin_memset and forces it to generate calls to
      the slow memset implementation. Zeromem is a near drop in replacement
      for this use case, with a more efficient implementation on both AArch32
      and AArch64.
      
      Change-Id: Ia7f3a90e888b96d056881be09f0b4d65b41aa79e
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      32f0d3c6
  6. 26 Jan, 2017 1 commit
    • David Cunado's avatar
      Resolve build errors flagged by GCC 6.2 · 9edac047
      David Cunado authored
      
      
      With GCC 6.2 compiler, more C undefined behaviour is being flagged as
      warnings, which result in build errors in ARM TF build.
      
      The specific issue that this patch resolves is the use of (1 << 31),
      which is predominantly used in case statements, where 1 is represented
      as a signed int. When shifted to msb the behaviour is undefined.
      
      The resolution is to specify 1 as an unsigned int using a convenience
      macro ULL(). A duplicate macro MAKE_ULL() is replaced.
      
      Fixes ARM-software/tf-issues#438
      
      Change-Id: I08e3053bbcf4c022ee2be33a75bd0056da4073e1
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      9edac047
  7. 23 Dec, 2016 1 commit
    • Douglas Raillard's avatar
      Abort preempted TSP STD SMC after PSCI CPU suspend · 3df6012a
      Douglas Raillard authored
      
      
      Standard SMC requests that are handled in the secure-world by the Secure
      Payload can be preempted by interrupts that must be handled in the
      normal world. When the TSP is preempted the secure context is stored and
      control is passed to the normal world to handle the non-secure
      interrupt. Once completed the preempted secure context is restored. When
      restoring the preempted context, the dispatcher assumes that the TSP
      preempted context is still stored as the SECURE context by the context
      management library.
      
      However, PSCI power management operations causes synchronous entry into
      TSP. This overwrites the preempted SECURE context in the context
      management library. When restoring back the SECURE context, the Secure
      Payload crashes because this context is not the preempted context
      anymore.
      
      This patch avoids corruption of the preempted SECURE context by aborting
      any preempted SMC during PSCI power management calls. The
      abort_std_smc_entry hook of the TSP is called when aborting the SMC
      request.
      
      It also exposes this feature as a FAST SMC callable from normal world to
      abort preempted SMC with FID TSP_FID_ABORT.
      
      Change-Id: I7a70347e9293f47d87b5de20484b4ffefb56b770
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      3df6012a
  8. 30 Nov, 2016 1 commit
  9. 23 Nov, 2016 2 commits
    • Sandrine Bailleux's avatar
      Fix a coding style issue in trusty.c · 48c1c39f
      Sandrine Bailleux authored
      
      
      This patch fixes the following coding style error reported
      by the checkpatch.pl script:
      
        Bad function definition - void el3_exit() should probably
        be void el3_exit(void)
      
      There is another one but it's a false positive so there's no
      point in fixing it:
      
        space prohibited after that '&' (ctx:WxW)
        +#define SMC_NR(entity, fn, fastcall, smc64) ((((fastcall) & 0x1) << 31) | \
                                                                  ^
      Change-Id: I34de0337c7216dabd16395879f13845a60ee6df0
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      48c1c39f
    • Sandrine Bailleux's avatar
      Fix compilation warning in Trusty SPD · 696f41ec
      Sandrine Bailleux authored
      
      
      In release builds, the Trusty SPD fails to build because of an unused
      variable. Note that this warning message doesn't show in debug builds
      because INFO() messages are not compiled out like in release mode.
      
      This patch fixes this issue by removing this variable and using its
      value in place directly in the INFO() macro call.
      
      Change-Id: I1f552421181a09412315eef4eaca586012022018
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      696f41ec
  10. 08 Nov, 2016 1 commit
  11. 13 Jun, 2016 1 commit
  12. 01 Apr, 2016 1 commit
  13. 21 Dec, 2015 1 commit
  14. 09 Dec, 2015 1 commit
    • Soby Mathew's avatar
      TSP: Allow preemption of synchronous S-EL1 interrupt handling · 63b8440f
      Soby Mathew authored
      Earlier the TSP only ever expected to be preempted during Standard SMC
      processing. If a S-EL1 interrupt triggered while in the normal world, it
      will routed to S-EL1 `synchronously` for handling. The `synchronous` S-EL1
      interrupt handler `tsp_sel1_intr_entry` used to panic if this S-EL1 interrupt
      was preempted by another higher priority pending interrupt which should be
      handled in EL3 e.g. Group0 interrupt in GICv3.
      
      With this patch, the `tsp_sel1_intr_entry` now expects `TSP_PREEMPTED` as the
      return code from the `tsp_common_int_handler` in addition to 0 (interrupt
      successfully handled) and in both cases it issues an SMC with id
      `TSP_HANDLED_S_EL1_INTR`. The TSPD switches the context and returns back
      to normal world. In case a higher priority EL3 interrupt was pending, the
      execution will be routed to EL3 where interrupt will be handled. On return
      back to normal world, the pending S-EL1 interrupt which was preempted will
      get routed to S-EL1 to be handled `synchronously` via `tsp_sel1_intr_entry`.
      
      Change-Id: I2087c7fedb37746fbd9200cdda9b6dba93e16201
      63b8440f
  15. 04 Dec, 2015 2 commits
    • Soby Mathew's avatar
      Enable use of FIQs and IRQs as TSP interrupts · 02446137
      Soby Mathew authored
      On a GICv2 system, interrupts that should be handled in the secure world are
      typically signalled as FIQs. On a GICv3 system, these interrupts are signalled
      as IRQs instead. The mechanism for handling both types of interrupts is the same
      in both cases. This patch enables the TSP to run on a GICv3 system by:
      
      1. adding support for handling IRQs in the exception handling code.
      2. removing use of "fiq" in the names of data structures, macros and functions.
      
      The build option TSPD_ROUTE_IRQ_TO_EL3 is deprecated and is replaced with a
      new build flag TSP_NS_INTR_ASYNC_PREEMPT. For compatibility reasons, if the
      former build flag is defined, it will be used to define the value for the
      new build flag. The documentation is also updated accordingly.
      
      Change-Id: I1807d371f41c3656322dd259340a57649833065e
      02446137
    • Soby Mathew's avatar
      Unify interrupt return paths from TSP into the TSPD · 404dba53
      Soby Mathew authored
      The TSP is expected to pass control back to EL3 if it gets preempted due to
      an interrupt while handling a Standard SMC in the following scenarios:
      
      1. An FIQ preempts Standard SMC execution and that FIQ is not a TSP Secure
         timer interrupt or is preempted by a higher priority interrupt by the time
         the TSP acknowledges it. In this case, the TSP issues an SMC with the ID
         as `TSP_EL3_FIQ`. Currently this case is never expected to happen as only
         the TSP Secure Timer is expected to generate FIQ.
      
      2. An IRQ preempts Standard SMC execution and in this case the TSP issues
         an SMC with the ID as `TSP_PREEMPTED`.
      
      In both the cases, the TSPD hands control back to the normal world and returns
      returns an error code to the normal world to indicate that the standard SMC it
      had issued has been preempted but not completed.
      
      This patch unifies the handling of these two cases in the TSPD and ensures that
      the TSP only uses TSP_PREEMPTED instead of separate SMC IDs. Also instead of 2
      separate error codes, SMC_PREEMPTED and TSP_EL3_FIQ, only SMC_PREEMPTED is
      returned as error code back to the normal world.
      
      Background information: On a GICv3 system, when the secure world has affinity
      routing enabled, in 2. an FIQ will preempt TSP execution instead of an IRQ. The
      FIQ could be a result of a Group 0 or a Group 1 NS interrupt. In both case, the
      TSPD passes control back to the normal world upon receipt of the TSP_PREEMPTED
      SMC. A Group 0 interrupt will immediately preempt execution to EL3 where it
      will be handled. This allows for unified interrupt handling in TSP for both
      GICv3 and GICv2 systems.
      
      Change-Id: I9895344db74b188021e3f6a694701ad272fb40d4
      404dba53
  16. 26 Nov, 2015 1 commit
    • Soby Mathew's avatar
      Remove the IMF_READ_INTERRUPT_ID build option · 54718418
      Soby Mathew authored
      The IMF_READ_INTERRUPT_ID build option enables a feature where the interrupt
      ID of the highest priority pending interrupt is passed as a parameter to the
      interrupt handler registered for that type of interrupt. This additional read
      of highest pending interrupt id from GIC is problematic as it is possible that
      the original interrupt may get deasserted and another interrupt of different
      type maybe become the highest pending interrupt. Hence it is safer to prevent
      such behaviour by removing the IMF_READ_INTERRUPT_ID build option.
      
      The `id` parameter of the interrupt handler `interrupt_type_handler_t` is
      now made a reserved parameter with this patch. It will always contain
      INTR_ID_UNAVAILABLE.
      
      Fixes ARM-software/tf-issues#307
      
      Change-Id: I2173aae1dd37edad7ba6bdfb1a99868635fa34de
      54718418
  17. 09 Oct, 2015 1 commit
    • Varun Wadekar's avatar
      TLKD: pass results with TLK_RESUME_FID function ID · ca15d9bc
      Varun Wadekar authored
      
      
      TLK sends the "preempted" event to the NS world along with an
      identifier for certain use cases. The NS world driver is then
      expected to take appropriate action depending on the identifier
      value. Upon completion, the NS world driver then sends the
      results to TLK (via x1-x3) with the TLK_RESUME_FID function ID.
      
      This patch uses the already present code to pass the results
      from the NS world to TLK for the TLK_RESUME_FID function ID.
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      ca15d9bc
  18. 30 Sep, 2015 1 commit
    • Varun Wadekar's avatar
      Send power management events to the Trusted OS (TLK) · cb790c5e
      Varun Wadekar authored
      
      
      This patch adds PM handlers to TLKD for the system suspend/resume and
      system poweroff/reset cases. TLK expects all SMCs through a single
      handler, which then fork out into multiple handlers depending on the
      SMC. We tap into the same single entrypoint by restoring the S-EL1
      context before passing the PM event via register 'x0'. On completion
      of the PM event, TLK sends a completion SMC and TLKD then moves on
      with the PM process.
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      cb790c5e
  19. 10 Sep, 2015 1 commit
    • Achin Gupta's avatar
      Pass the target suspend level to SPD suspend hooks · f1054c93
      Achin Gupta authored
      In certain Trusted OS implementations it is a requirement to pass them the
      highest power level which will enter a power down state during a PSCI
      CPU_SUSPEND or SYSTEM_SUSPEND API invocation. This patch passes this power level
      to the SPD in the "max_off_pwrlvl" parameter of the svc_suspend() hook.
      
      Currently, the highest power level which was requested to be placed in a low
      power state (retention or power down) is passed to the SPD svc_suspend_finish()
      hook. This hook is called after emerging from the low power state. It is more
      useful to pass the highest power level which was powered down instead. This
      patch does this by changing the semantics of the parameter passed to an SPD's
      svc_suspend_finish() hook. The name of the parameter has been changed from
      "suspend_level" to "max_off_pwrlvl" as well. Same changes have been made to the
      parameter passed to the tsp_cpu_resume_main() function.
      
      NOTE: THIS PATCH CHANGES THE SEMANTICS OF THE EXISTING "svc_suspend_finish()"
            API BETWEEN THE PSCI AND SPD/SP IMPLEMENTATIONS. THE LATTER MIGHT NEED
            UPDATES TO ENSURE CORRECT BEHAVIOUR.
      
      Change-Id: If3a9d39b13119bbb6281f508a91f78a2f46a8b90
      f1054c93
  20. 13 Aug, 2015 1 commit
    • Soby Mathew's avatar
      PSCI: Migrate SPDs and TSP to the new platform and framework API · fd650ff6
      Soby Mathew authored
      The new PSCI frameworks mandates that the platform APIs and the various
      frameworks in Trusted Firmware migrate away from MPIDR based core
      identification to one based on core index. Deprecated versions of the old
      APIs are still present to provide compatibility but their implementations
      are not optimal. This patch migrates the various SPDs exisiting within
      Trusted Firmware tree and TSP to the new APIs.
      
      Change-Id: Ifc37e7071c5769b5ded21d0b6a071c8c4cab7836
      fd650ff6
  21. 24 Jul, 2015 1 commit
    • Varun Wadekar's avatar
      tlkd: delete 'NEED_BL32' build variable · 458c3c13
      Varun Wadekar authored
      
      
      Remove the 'NEED_BL32' flag from the makefile. TLK compiles using a
      completely different build system and is present on the device as a
      binary blob. The NEED_BL32 flag does not influence the TLK load/boot
      sequence at all. Moreover, it expects that TLK binary be present on
      the host before we can compile BL31 support for Tegra.
      
      This patch removes the flag from the makefile and thus decouples both
      the build systems.
      
      Tested by booting TLK without the NEED_BL32 flag.
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      458c3c13
  22. 13 Apr, 2015 1 commit
  23. 08 Apr, 2015 1 commit
    • Kévin Petit's avatar
      Add support to indicate size and end of assembly functions · 8b779620
      Kévin Petit authored
      
      
      In order for the symbol table in the ELF file to contain the size of
      functions written in assembly, it is necessary to report it to the
      assembler using the .size directive.
      
      To fulfil the above requirements, this patch introduces an 'endfunc'
      macro which contains the .endfunc and .size directives. It also adds
      a .func directive to the 'func' assembler macro.
      
      The .func/.endfunc have been used so the assembler can fail if
      endfunc is omitted.
      
      Fixes ARM-Software/tf-issues#295
      
      Change-Id: If8cb331b03d7f38fe7e3694d4de26f1075b278fc
      Signed-off-by: default avatarKévin Petit <kevin.petit@arm.com>
      8b779620
  24. 31 Mar, 2015 5 commits
  25. 26 Jan, 2015 1 commit
    • Soby Mathew's avatar
      Demonstrate model for routing IRQs to EL3 · f4f1ae77
      Soby Mathew authored
      This patch provides an option to specify a interrupt routing model
      where non-secure interrupts (IRQs) are routed to EL3 instead of S-EL1.
      When such an interrupt occurs, the TSPD arranges a return to
      the normal world after saving any necessary context. The interrupt
      routing model to route IRQs to EL3 is enabled only during STD SMC
      processing. Thus the pre-emption of S-EL1 is disabled during Fast SMC
      and Secure Interrupt processing.
      
      A new build option TSPD_ROUTE_NS_INT_EL3 is introduced to change
      the non secure interrupt target execution level to EL3.
      
      Fixes ARM-software/tf-issues#225
      
      Change-Id: Ia1e779fbbb6d627091e665c73fa6315637cfdd32
      f4f1ae77
  26. 23 Jan, 2015 1 commit
    • Soby Mathew's avatar
      Save 'power_state' early in PSCI CPU_SUSPEND call · 31244d74
      Soby Mathew authored
      This patch adds support to save the "power state" parameter before the
      affinity level specific handlers are called in a CPU_SUSPEND call.
      This avoids the need to pass the power_state as a parameter to the
      handlers and Secure Payload Dispatcher (SPD) suspend spd_pm_ops.
      The power_state arguments in the spd_pm_ops operations are now reserved
      and must not be used. The SPD can query the relevant power_state fields
      by using the psci_get_suspend_afflvl() & psci_get_suspend_stateid() APIs.
      
      NOTE: THIS PATCH WILL BREAK THE SPD_PM_OPS INTERFACE. HENCE THE SECURE
      PAYLOAD DISPATCHERS WILL NEED TO BE REWORKED TO USE THE NEW INTERFACE.
      
      Change-Id: I1293d7dc8cf29cfa6a086a009eee41bcbf2f238e
      31244d74
  27. 16 Sep, 2014 1 commit
    • Jens Wiklander's avatar
      Add opteed based on tspd · aa5da461
      Jens Wiklander authored
      Adds a dispatcher for OP-TEE based on the test secure payload
      dispatcher.
      
      Fixes arm-software/tf-issues#239
      aa5da461