GitLab

This patch adds AArch32 support for FVP and implements common platform APIs
like `plat_get_my_stack`, `plat_set_my_stack`, `plat_my_core_cos` for AArch32.
Only Multi Processor(MP) implementations of these functions are considered in
this patch. The ARM Standard platform layer helpers are implemented for
AArch32 and the common makefiles are modified to cater for both AArch64 and
AArch32 builds. Compatibility with the deprecated platform API is not
supported for AArch32.

Change-Id: Iad228400613eec91abf731b49e21a15bcf2833ea

This patch adds a minimal AArch32 secure payload SP_MIN. It relies on PSCI
library to initialize the normal world context. It runs in Monitor mode
and uses the runtime service framework to handle SMCs. It is added as
a BL32 component in the Trusted Firmware source tree.

Change-Id: Icc04fa6b242025a769c1f6c7022fde19459c43e9

This patch adds AArch32 support to PSCI library, as follows :

* The `psci_helpers.S` is implemented for AArch32.

* AArch32 version of internal helper function `psci_get_ns_ep_info()` is
  defined.

* The PSCI Library is responsible for the Non Secure context initialization.
  Hence a library interface `psci_prepare_next_non_secure_ctx()` is introduced
  to enable EL3 runtime firmware to initialize the non secure context without
  invoking context management library APIs.

Change-Id: I25595b0cc2dbfdf39dbf7c589b875cba33317b9d

This patch adds AArch32 support to cpu ops, context management,
per-cpu data and spinlock libraries. The `entrypoint_info`
structure is modified to add support for AArch32 register
arguments. The CPU operations for AEM generic cpu in AArch32
mode is also added.

Change-Id: I1e52e79f498661d8f31f1e7b3a29e222bc7a4483

This patch adds console drivers including the pl011 driver
for the AArch32 mode.

Change-Id: Ifd22520d370fca3e73dbbf6f2d97d6aee65b67dd

This patch modifies GICv3 and TZC drivers to add AArch32 support.
No modifications are required for the GICv2 driver for AArch32 support.
The TZC driver assumes that the secure world is running in Little-Endian
mode to do 64 bit manipulations. Assertions are present to validate the
assumption.

Note: The legacy GICv3 driver is not supported for AArch32.

Change-Id: Id1bc75a9f5dafb9715c9500ca77b4606eb1e2458

This patch defines a SMCC context to save and restore
registers during a SMC call. It also adds appropriate helpers
to save and restore from this context for use by AArch32
secure payload and BL stages.

Change-Id: I64c8d6fe1d6cac22e1f1f39ea1b54ee1b1b72248

This patch adds an API in runtime service framework to
invoke the registered handler corresponding to the SMC function
identifier. This is helpful for AArch32 because the number of
arguments required by the handler is more than registers
available as per AArch32 program calling conventions and
requires the use of stack. Hence this new API will do the
necessary argument setup and invoke the appropriate
handler. Although this API is primarily intended for AArch32,
it can be used for AArch64 as well.

Change-Id: Iefa15947fe5a1df55b0859886e677446a0fd7241

The tf_printf library uses 64 bit division to print numbers
in appropriate formats but AArch32 mode cannot do 64 bit division
natively. Hence this patch adds additional number printing routines
to handle AArch32 mode in tf_printf library. The decimal format
printing capability is limited to 32 bit integers whereas 64 bits
are supported in hexadecimal format. The library assumes that
secure world is running in Little-Endian mode to do bit
manipulations on 64 bit. Suitable assertions are present to
enforce this assumption.

Change-Id: I55a21e448cef4915d1834d76e48a84ccf0bec36d

This patch adds translation library supports for AArch32 platforms.
The library only supports long descriptor formats for AArch32.
The `enable_mmu_secure()` enables the MMU for secure world with
`TTBR0` pointing to the populated translation tables.

Change-Id: I061345b1779391d098e35e7fe0c76e3ebf850e08

This patch adds various assembly helpers for AArch32 like :

* cache management : Functions to flush, invalidate and clean
cache by MVA. Also helpers to do cache operations by set-way
are also added.

* stack management: Macros to declare stack and get the current
stack corresponding to current CPU.

* Misc: Macros to access co processor registers in AArch32,
macros to define functions in assembly, assert macros, generic
`do_panic()` implementation and function to zero block of memory.

Change-Id: I7b78ca3f922c0eda39beb9786b7150e9193425be

This patch adds the essential AArch32 architecture helpers
arch.h and arch_helpers.h and modifies `_types.h` to add AArch32
support.

A new build option `ARCH` is defined in the top level makefile to
enable the component makefiles to choose the right files based on the
Architecture it is being build for. Depending on this flag, either
`AARCH32` or `AARCH64` flag is defined by the Makefile. The default
value of `ARCH` flag is `aarch64`. The AArch32 build support will be
added in a later patch.

Change-Id: I405e5fac02db828a55cd25989b572b64cb005241

This patch moves the macro SIZE_FROM_LOG2_WORDS() defined in
`arch.h` to `utils.h` as it is utility macro.

Change-Id: Ia8171a226978f053a1ee4037f80142c0a4d21430

This patch moves the assembly exclusive lock library code
`spinlock.S` into architecture specific folder `aarch64`.
A stub file which includes the file from new location is
retained at the original location for compatibility. The BL
makefiles are also modified to include the file from the new
location.

Change-Id: Ide0b601b79c439e390c3a017d93220a66be73543

This patch migrates the upstream platform makefiles to include the
console drivers from the new location in ARM Trusted Firmware code
base.

Change-Id: I866d6c4951e475de1f836ce8a8c1d5e6da9577e3

This patch moves the various assembly console drivers
into `aarch64` architecture specific folder. Stub files,
which include files from new location, are retained at the
original location for platform compatibility reasons.

Change-Id: I0069b6c1c0489ca47f5204d4e26e3bc3def533a8

This patch fixes the translation table library for wraparound cases. These
cases are not expected to occur on AArch64 platforms because only the
48 bits of the 64 bit address space are used. But it is a possibility for
AArch32 platforms.

Change-Id: Ie7735f7ba2977019381e1c124800381471381499

Replace fip_create with fiptool

fiptool provides a more consistent and intuitive interface compared to
the fip_create program.  It serves as a better base to build on more
features in the future.

fiptool supports various subcommands.  Below are the currently
supported subcommands:

1) info   - List the images contained in a FIP file.
2) create - Create a new FIP file with the given images.
3) update - Update an existing FIP with the given images.
4) unpack - Extract a selected set or all the images from a FIP file.
5) remove - Remove images from a FIP file.  This is a new command that
   was not present in fip_create.

To create a new FIP file, replace "fip_create" with "fiptool create".

To update a FIP file, replace "fip_create" with "fiptool update".

To dump the contents of a FIP file, replace "fip_create --dump" with
"fiptool info".

A compatibility script that emulates the basic functionality of
fip_create is provided.  Existing scripts might or might not work with
the compatibility script.  Users are strongly encouraged to migrate to
fiptool.

Fixes ARM-Software/tf-issues#87
Fixes ARM-Software/tf-issues#108
Fixes ARM-Software/tf-issues#361

Change-Id: I7ee4da7ac60179cc83cf46af890fd8bc61a53330

Documentation for SEPARATE_CODE_AND_RODATA build flag

This patch documents the effect, cost and benefits of the
SEPARATE_CODE_AND_RODATA build flag.

Change-Id: Ic8daf0563fa6335930ad6c70b9c35f678e84d39d

rockchip: fixes typo and some bugs for suspend/resume tests

Improve debug assertion for runtime svc number

GICv3: Fix the GICD_IROUTER offset

ARM platforms: Define common image sizes

1. Remove the AP_PWROFF in ATF, should configure it in kernel.
2. Save and restore the PWMs pin/regs for suspend/resume.
3. The pmusgrf reset-hold bits needs to be released. since the
   pmusgrf reset-hold bits needs to be held.
4. Configure the PMU power up/down cycles about delay 3ms.
5. With the MMIO register block as one big mapping.
6. Fix the build error with psci_entrypoint since PSCI lib updated.

Fixes the commit
9ec78bdf ("rockchip: support the suspend/resume for rk3399").

Change-Id: I112806700bf433c87763aac23d22fa7e6a7f5264

This patch fixes the offset of GICD_IROUTER register defined in gicv3.h.
Although the GICv3 documention mentions that the offset for this register
is 0x6100-0x7FD8, the offset calculation for an interrupt id `n` is :

   0x6000 + 8n, where n >= 32

This requires the offset for GICD_IROUTER to be defined as 0x6000.

Fixes ARM-software/tf-issues#410

Change-Id: If9e91e30d946afe7f1f60fea4f065c7567093fa8

This patch improves the debug assertion for runtime svc number
 - Remove useless comparison ensuring that the number of descriptors
   is a positive number. The variable is an unsigned integer so can't
   be negative.
 - Check that the end address of the descriptors is sane relative
   to the start address.

Change-Id: Iea7be6b34e33b8b1cbd394eb923cc834ea964831

Fix use of stale power states in PSCI standby finisher

Minor improvements to harden TF code

A PSCI CPU_SUSPEND request to place a CPU in retention states at power levels
higher than the CPU power level is subject to the same state coordination as a
power down state. A CPU could implement multiple retention states at a
particular power level. When exiting WFI, the non-CPU power levels may be in a
different retention state to what was initially requested, therefore each CPU
should refresh its view of the states of all power levels.

Previously, a CPU re-used the state of the power levels when it entered the
retention state. This patch fixes this issue by ensuring that a CPU upon exit
from retention reads the state of each power level afresh.

Change-Id: I93b5f5065c63400c6fd2598dbaafac385748f989

This patch adds some runtime checks to prevent some potential
pointer overflow issues in the is_mem_free() function. The overflow
could happen in the case where the end addresses, computed as the
sum of a base address and a size, results in a value large enough
to wrap around. This, in turn, could lead to unpredictable behaviour.

If such an overflow is detected, the is_mem_free() function will now
declare the memory region as not free. The overflow is detected using
a new macro, called check_uptr_overflow().

This patch also modifies all other places in the 'bl_common.c' file
where an end address was computed as the sum of a base address and a
size and instead keeps the two values separate. This avoids the need
to handle pointer overflows everywhere. The code doesn't actually need
to compute any end address before the is_mem_free() function is called
other than to print information message to the serial output.

This patch also introduces 2 slight changes to the reserve_mem()
function:

 - It fixes the end addresses passed to choose_mem_pos(). It was
   incorrectly passing (base + size) instead of (base + size - 1).

 - When the requested allocation size is 0, the function now exits
   straight away and says so using a warning message.
   Previously, it used to actually reserve some memory. A zero-byte
   allocation was not considered as a special case so the function
   was using the same top/bottom allocation mechanism as for any
   other allocation. As a result, the smallest area of memory starting
   from the requested base address within the free region was
   reserved.

Change-Id: I0e695f961e24e56ffe000718014e0496dc6e1ec6

 - Added some debug assertions checking that the runtime services
   indexes computed by get_unique_oen() are sane.

 - Do not print the name of the service when its descriptor is
   invalid. If the descriptor is corrupted then its name field
   could be corrupted as well and we would end up reading an
   arbitrary amount of invalid memory.

Change-Id: I16f61065277d01fe1555d5a9cf743f7b52ccaa60

Light refactoring of the code in runtime_svc.c file.

 - Declare validate_rt_svc_desc()'s argument as const.

 - Remove 'goto' path in runtime_svc_init(). It was used in one
   place only.

 - Improve code readability by declaring a local variable holding the
   service pointer.

Change-Id: I3b15c5adb9f37b786b5b993a9be70ea9dd017a83

This patch adds a runtime check that psci_find_target_suspend_lvl()
returns a valid value back to psci_cpu_suspend() and psci_get_stat().
If it is invalid, BL31 will now panic.

Note that on the PSCI CPU suspend path there is already a debug
assertion checking the validity of the target composite power state,
which effectively also checks the validity of the target suspend level.
Therefore, the error condition would already be caught in debug builds,
but in a release build this assertion would be compiled out.

On the PSCI stat path, there is currently no debug assertion checking
the validity of the power state before using it as an index into
the power domain state array.

Although BL31 platforms ports are responsible for validating the
power state parameter, the security impact (i.e. an out-of-bounds
array access) of a potential platform port bug in this code would
be quite high, given that this parameter comes from an untrusted
source. The cost of checking this in runtime generic code is low.

Change-Id: Icea85b8020e39928ac03ec0cd49805b5857b3906

Introduce PSCI library

Compile option `ARM_BOARD_OPTIMISE_MMAP` has been renamed to
`ARM_BOARD_OPTIMISE_MEM` because it now applies not only to defines
related to the translation tables but to the image size as well.

The defines `PLAT_ARM_MAX_BL1_RW_SIZE`, `PLAT_ARM_MAX_BL2_SIZE` and
`PLAT_ARM_MAX_BL31_SIZE` have been moved to the file board_arm_def.h.
This way, ARM platforms no longer have to set their own values if
`ARM_BOARD_OPTIMISE_MEM=0` and they can specify optimized values
otherwise. The common sizes have been set to the highest values used
for any of the current build configurations.

This is needed because in some build configurations some images are
running out of space. This way there is a common set of values known
to work for all of them and it can be optimized for each particular
platform if needed.

The space reserved for BL2 when `TRUSTED_BOARD_BOOT=0` has been
increased. This is needed because when memory optimisations are
disabled the values for Juno of `PLAT_ARM_MMAP_ENTRIES` and
`MAX_XLAT_TABLES` are higher. If in this situation the code is
compiled in debug mode and with "-O0", the code won't fit.

Change-Id: I70a3d8d3a0b0cad1d6b602c01a7ea334776e718e

This patch moves assembler macros which are not architecture specific
to a new file `asm_macros_common.S` and moves the `el3_common_macros.S`
into `aarch64` specific folder.

Change-Id: I444a1ee3346597bf26a8b827480cd9640b38c826

Previously the definition of `plat_get_syscnt_freq2()` in `arm_common.c` was
conditionally defined based on the ERROR_DEPRECATED flag. This patch makes
this function available irrespective of the flag and removes the deprecated
`plat_get_syscnt_freq()` definition.

Change-Id: I250ca787ca1b5e867096c6ba8f2bb444db44c97b

The PRELOADED_BL33_BASE build option allows to preload a BL33 and bypass its
loading by BL2. In ARM standard platforms, the conditional behaviour of
PRELOADED_BL33_BASE is moved within the implementation of
`plat_get_ns_image_entrypoint()` so that all callers may benefit from this
feature.

Change-Id: Iea060e204ec72f8081087837854535c4e320da4e