Skip to content

GitLab

Switch branch/tag
  1. 25 May, 2021 1 commit
  3. 13 May, 2021 1 commit
    • Daniel Boulby's avatar
      feat(spmd): add support for FFA_SPM_ID_GET · 70c121a2
      Daniel Boulby authored 
      

Handle calls to the FFA_SPM_ID_GET interface. If FFA_SPM_ID_GET is
invoked from the non-secure physical FF-A instance, return the SPMC id
(defined in the SPMC manifest). If FFA_SPM_ID_GET is invoked from
the secure physical FF-A instance (e.g. the SPMC), return the SPMD id.

Change-Id: Id6d4e96b1da2510386d344e09c4553dba01227ec
Signed-off-by: default avatarDaniel Boulby <daniel.boulby@arm.com>
      70c121a2
  5. 15 Mar, 2021 1 commit
  7. 05 Feb, 2021 1 commit
  9. 20 Aug, 2020 2 commits
  11. 23 Jun, 2020 1 commit
    • J-Alves's avatar
      FFA Version interface update · 4388f28f
      J-Alves authored 
      

Change handler of FFA version interface:
- Return SPMD's version if the origin of the call is secure;
- Return SPMC's version if origin is non-secure.
Signed-off-by: default avatarJ-Alves <joao.alves@arm.com>
Change-Id: I0d1554da79b72b1e02da6cc363a2288119c32f44
      4388f28f
  13. 25 May, 2020 1 commit
    • J-Alves's avatar
      SPCI is now called PSA FF-A · 662af36d
      J-Alves authored 
      

SPCI is renamed as PSA FF-A which stands for Platform Security
Architecture Firmware Framework for A class processors.
This patch replaces the occurrence of SPCI with PSA FF-A(in documents)
or simply FFA(in code).

Change-Id: I4ab10adb9ffeef1ff784641dfafd99f515133760
Signed-off-by: default avatarJ-Alves <joao.alves@arm.com>
      662af36d
  15. 15 May, 2020 1 commit
  17. 13 May, 2020 1 commit
    • Olivier Deprez's avatar
      SPMD: code/comments cleanup · 52696946
      Olivier Deprez authored 
      As a follow-up to bdd2596d

, and related to SPM Dispatcher
EL3 component and SPM Core S-EL2/S-EL1 component: update
with cosmetic and coding rules changes. In addition:
-Add Armv8.4-SecEL2 arch detection helper.
-Add an SPMC context (on current core) get helper.
-Return more meaningful error return codes.
-Remove complexity in few spmd_smc_handler switch-cases.
-Remove unused defines and structures from spmd_private.h
Signed-off-by: default avatarOlivier Deprez <olivier.deprez@arm.com>
Change-Id: I99e642450b0dafb19d3218a2f0e2d3107e8ca3fe
      52696946
  19. 17 Mar, 2020 1 commit
  21. 12 Mar, 2020 1 commit
  23. 03 Mar, 2020 2 commits
  25. 20 Feb, 2020 1 commit
  27. 10 Feb, 2020 2 commits
  29. 05 Feb, 2020 1 commit
  31. 20 Dec, 2019 4 commits
    • Paul Beesley's avatar
      spm-mm: Remove mm_svc.h header · 962c44e7
      Paul Beesley authored 
      

The contents of this header have been merged into the spm_mm_svc.h
header file.

Change-Id: I01530b2e4ec1b4c091ce339758025e2216e740a4
Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      962c44e7
    • Paul Beesley's avatar
      spm-mm: Refactor spm_svc.h and its contents · 0bf9f567
      Paul Beesley authored 
      

Change-Id: I91c192924433226b54d33e57d56d146c1c6df81b
Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      0bf9f567
    • Paul Beesley's avatar
      spm-mm: Refactor secure_partition.h and its contents · aeaa225c
      Paul Beesley authored 
      

Before adding any new SPM-related components we should first do
some cleanup around the existing SPM-MM implementation. The aim
is to make sure that any SPM-MM components have names that clearly
indicate that they are MM-related. Otherwise, when adding new SPM
code, it could quickly become confusing as it would be unclear to
which component the code belongs.

The secure_partition.h header is a clear example of this, as the
name is generic so it could easily apply to any SPM-related code,
when it is in fact SPM-MM specific.

This patch renames the file and the two structures defined within
it, and then modifies any references in files that use the header.

Change-Id: I44bd95fab774c358178b3e81262a16da500fda26
Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      aeaa225c
    • Paul Beesley's avatar
      spm: Remove SPM Alpha 1 prototype and support files · 538b0020
      Paul Beesley authored 
      

The Secure Partition Manager (SPM) prototype implementation is
being removed. This is preparatory work for putting in place a
dispatcher component that, in turn, enables partition managers
at S-EL2 / S-EL1.

This patch removes:

- The core service files (std_svc/spm)
- The Resource Descriptor headers (include/services)
- SPRT protocol support and service definitions
- SPCI protocol support and service definitions

Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426
Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
Signed-off-by: default avatarArtsem Artsemenka <artsem.artsemenka@arm.com>
      538b0020
  33. 01 Aug, 2019 1 commit
    • Julius Werner's avatar
      Replace __ASSEMBLY__ with compiler-builtin __ASSEMBLER__ · d5dfdeb6
      Julius Werner authored 
      

NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__.

All common C compilers predefine a macro called __ASSEMBLER__ when
preprocessing a .S file. There is no reason for TF-A to define it's own
__ASSEMBLY__ macro for this purpose instead. To unify code with the
export headers (which use __ASSEMBLER__ to avoid one extra dependency),
let's deprecate __ASSEMBLY__ and switch the code base over to the
predefined standard.

Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417
Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      d5dfdeb6
  35. 30 Jan, 2019 1 commit
  37. 22 Jan, 2019 1 commit
  39. 04 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Sanitise includes across codebase · 09d40e0e
      Antonio Nino Diaz authored 
      Enforce full include path for includes. Deprecate old paths.

The following folders inside include/lib have been left unchanged:

- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}

The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).

For example, this patch had to be created because two headers were
called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3 ("drivers: add tzc380 support").

This problem was introduced in commit 4ecca339

 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.

Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.

Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      09d40e0e
  41. 11 Dec, 2018 4 commits
  43. 10 Dec, 2018 2 commits
  45. 08 Nov, 2018 1 commit
    • Antonio Nino Diaz's avatar
      Standardise header guards across codebase · c3cf06f1
      Antonio Nino Diaz authored 
      

All identifiers, regardless of use, that start with two underscores are
reserved. This means they can't be used in header guards.

The style that this project is now to use the full name of the file in
capital letters followed by 'H'. For example, for a file called
"uart_example.h", the header guard is UART_EXAMPLE_H.

The exceptions are files that are imported from other projects:

- CryptoCell driver
- dt-bindings folders
- zlib headers

Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      c3cf06f1
  47. 22 Aug, 2018 1 commit
  49. 20 Aug, 2018 1 commit
  51. 21 Jun, 2018 2 commits
    • Jeenu Viswambharan's avatar
      SDEI: Make dispatches synchronous · cdb6ac94
      Jeenu Viswambharan authored 
      

SDEI event dispatches currently only sets up the Non-secure context
before returning to the caller. The actual dispatch only happens upon
exiting EL3 next time.

However, for various error handling scenarios, it's beneficial to have
the dispatch happen synchronously. I.e. when receiving SDEI interrupt,
or for a successful sdei_dispatch_event() call, the event handler is
executed; and upon the event completion, dispatcher execution resumes
after the point of dispatch. The jump primitives introduced in the
earlier patch facilitates this feature.

With this patch:

  - SDEI interrupts and calls to sdei_dispatch_event prepares the NS
    context for event dispatch, then sets a jump point, and immediately
    exits EL3. This results in the client handler executing in
    Non-secure.

  - When the SDEI client completes the dispatched event, the SDEI
    dispatcher does a longjmp to the jump pointer created earlier. For
    the caller of the sdei_dispatch_event() in particular, this would
    appear as if call returned successfully.

The dynamic workaround for CVE_2018_3639 is slightly shifted around as
part of related minor refactoring. It doesn't affect the workaround
functionality.

Documentation updated.

NOTE: This breaks the semantics of the explicit dispatch API, and any
exiting usages should be carefully reviewed.

Change-Id: Ib9c876d27ea2af7fb22de49832e55a0da83da3f9
Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      cdb6ac94
    • Jeenu Viswambharan's avatar
      SDEI: Allow platforms to define explicit events · af2c9ecd
      Jeenu Viswambharan authored 
      

The current macros only allow to define dynamic and statically-bound
SDEI events. However, there ought be a mechanism to define SDEI events
that are explicitly dispatched; i.e., events that are dispatched as a
result of a previous secure interrupt or other exception

This patch introduces SDEI_EXPLICIT_EVENT() macro to define an explicit
event. They must be placed under private mappings. Only the priority
flags are allowed to be additionally specified.

Documentation updated.

Change-Id: I2e12f5571381195d6234c9dfbd5904608ad41db3
Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      af2c9ecd
  53. 20 Jun, 2018 1 commit
  55. 13 Jun, 2018 1 commit
    • Sandrine Bailleux's avatar
      SPM: Treat SP xlat tables the same as others · d801a1d0
      Sandrine Bailleux authored 
      The translation tables allocated for the Secure Partition do not need
to be treated as a special case. They can be put amongst the other
tables mapping BL31's general purpose memory. They will be mapped with
the same attributes as them, which is fine.

The explicit alignment constraint in BL31's linker script to pad the
last page of memory allocated to the Secure Partition's translation
tables is useless too, as page tables are per se pages, thus their
end address is naturally aligned on a page-boundary.

In fact, this patch does not change the existing behaviour. Since
patch 22282bb6

 ("SPM: Move all SP-related info to SP context
struct"), the secure_partition.c file has been renamed into sp_xlat.c
but the linker script has not been properly updated. As a result, the
SP translation tables are not specifically put at the start of the
xlat_table linker section, the __SP_IMAGE_XLAT_TABLES_START__/_END__
symbols have the same value, the size of the resulting mmap_region
covering these xlat tables is 0 and so it is ignored.

Change-Id: I4cf0a4cc090298811cca53fc9cee74df0f2b1512
Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      d801a1d0
  57. 23 May, 2018 1 commit