- 03 Feb, 2015 1 commit
-
-
Achin Gupta authored
This patch updates the user-guide.md with the various build options related to Trusted Board Boot and steps to build a FIP image which includes this support. It also adds a trusted-board-boot.md which describes the scope and design of this feature. Change-Id: Ifb421268ebf7e06a135684c8ebb04c94835ce061
-
- 02 Feb, 2015 2 commits
-
-
Sandrine Bailleux authored
Move up the version numbers in the user guide of: * DS-5 (to v5.20) * EDK2 (to v2.1-rc0) * Linux Kernel (to 1.3-Juno) * Linaro file-system (to 14.12) * Juno SCP binary (to 1.5.0-rc0 within board recovery image 0.10.1). Also remove duplicate information that is available from the ARM Connected Community website. * Base FVP (to 6.2) * Foundation FVP (to 9.1). Also update the name of the Foundation FVP binary since it has changed since version 2.1. Co-Authored-By: Dan Handley <dan.handley@arm.com> Change-Id: I1cf2f2b1a3f1b997ac905a4ab440876d265698c0
-
Sandrine Bailleux authored
Change-Id: Iaf9d6305edc478d39cf1b37c8a70ccdf723e8ef9
-
- 30 Jan, 2015 1 commit
-
-
Soby Mathew authored
The CPU specific reset handlers no longer have the freedom of using any general purpose register because it is being invoked by the BL3-1 entry point in addition to BL1. The Cortex-A57 CPU specific reset handler was overwriting x20 register which was being used by the BL3-1 entry point to save the entry point information. This patch fixes this bug by reworking the register allocation in the Cortex-A57 reset handler to avoid using x20. The patch also explicitly mentions the register clobber list for each of the callee functions invoked by the reset handler Change-Id: I28fcff8e742aeed883eaec8f6c4ee2bd3fce30df
-
- 28 Jan, 2015 1 commit
-
-
Juan Castillo authored
This patch adds the function plat_match_rotpk() to the platform porting layer to provide a Root Of Trust Public key (ROTPK) verification mechanism. This function is called during the Trusted Board Boot process and receives a supposed valid copy of the ROTPK as a parameter, usually obtained from an external source (for instance, a certificate). It returns 0 (success) if that key matches the actual ROTPK stored in the system or any other value otherwise. The mechanism to access the actual ROTPK stored in the system is platform specific and should be implemented as part of this function. The format of the ROTPK is also platform specific (to save memory, some platforms might store a hash of the key instead of the whole key). TRUSTED_BOARD_BOOT build option has been added to allow the user to enable the Trusted Board Boot features. The implementation of the plat_match_rotpk() funtion is mandatory when Trusted Board Boot is enabled. For development purposes, FVP and Juno ports provide a dummy function that returns always success (valid key). A safe trusted boot implementation should provide a proper matching function. Documentation updated accordingly. Change-Id: I74ff12bc2b041556c48533375527d9e8c035b8c3
-
- 26 Jan, 2015 4 commits
-
-
Yatharth Kochar authored
This patch adds support to call the reset_handler() function in BL3-1 in the cold and warm boot paths when another Boot ROM reset_handler() has already run. This means the BL1 and BL3-1 versions of the CPU and platform specific reset handlers may execute different code to each other. This enables a developer to perform additional actions or undo actions already performed during the first call of the reset handlers e.g. apply additional errata workarounds. Typically, the reset handler will be first called from the BL1 Boot ROM. Any additional functionality can be added to the reset handler when it is called from BL3-1 resident in RW memory. The constant FIRST_RESET_HANDLER_CALL is used to identify whether this is the first version of the reset handler code to be executed or an overridden version of the code. The Cortex-A57 errata workarounds are applied only if they have not already been applied. Fixes ARM-software/tf-issue#275 Change-Id: Id295f106e4fda23d6736debdade2ac7f2a9a9053
-
Soby Mathew authored
This patch provides an option to specify a interrupt routing model where non-secure interrupts (IRQs) are routed to EL3 instead of S-EL1. When such an interrupt occurs, the TSPD arranges a return to the normal world after saving any necessary context. The interrupt routing model to route IRQs to EL3 is enabled only during STD SMC processing. Thus the pre-emption of S-EL1 is disabled during Fast SMC and Secure Interrupt processing. A new build option TSPD_ROUTE_NS_INT_EL3 is introduced to change the non secure interrupt target execution level to EL3. Fixes ARM-software/tf-issues#225 Change-Id: Ia1e779fbbb6d627091e665c73fa6315637cfdd32
-
Soby Mathew authored
This patch: * Bumps the PSCI VERSION to 1.0. This means that the PSCI_VERSION API will now return the value 0x00010000 to indicate the version as 1.0. The firmware remains compatible with PSCI v0.2 clients. * The firmware design guide is updated to document the APIs supported by the Trusted Firmware generic code. * The FVP Device Tree Sources (dts) and Blobs(dtb) are also updated to add "psci-1.0" and "psci-0.2" to the list of compatible PSCI versions. Change-Id: Iafc2f549c92651dcd65d7e24a8aae35790d00f8a
-
Juan Castillo authored
This patch allows the secure payload (BL3-2) to be loaded in the DRAM region secured by the TrustZone controller (top 16 MB of DRAM1). The location of BL3-2 can be selected at build time by setting the build flag FVP_TSP_RAM_LOCATION to one of the following options: - 'tsram' : Trusted SRAM (this is the default option) - 'tdram' : Trusted DRAM - 'dram' : Secure region in DRAM1 (top 16MB configured by the TrustZone controller) The number of MMU tables in BL3-2 depends on its location in memory: 3 in case it is loaded in DRAM, 2 otherwise. Documentation updated accordingly. Fixes ARM-software/tf-issues#212 Change-Id: I371eef3a4159f06a0c9e3c6c1f4c905b2f93803a
-
- 23 Jan, 2015 2 commits
-
-
Soby Mathew authored
This patch allows the platform to validate the power_state and entrypoint information from the normal world early on in PSCI calls so that we can return the error safely. New optional pm_ops hooks `validate_power_state` and `validate_ns_entrypoint` are introduced to do this. As a result of these changes, all the other pm_ops handlers except the PSCI_ON handler are expected to be successful. Also, the PSCI implementation will now assert if a PSCI API is invoked without the corresponding pm_ops handler being registered by the platform. NOTE : PLATFORM PORTS WILL BREAK ON MERGE OF THIS COMMIT. The pm hooks have 2 additional optional callbacks and the return type of the other hooks have changed. Fixes ARM-Software/tf-issues#229 Change-Id: I036bc0cff2349187c7b8b687b9ee0620aa7e24dc
-
Soby Mathew authored
This patch removes the non-secure entry point information being passed to the platform pm_ops which is not needed. Also, it removes the `mpidr` parameter for platform pm hooks which are meant to do power management operations only on the current cpu. NOTE: PLATFORM PORTS MUST BE UPDATED AFTER MERGING THIS COMMIT. Change-Id: If632376a990b7f3b355f910e78771884bf6b12e7
-
- 22 Jan, 2015 1 commit
-
-
Soby Mathew authored
This patch extends the build option `USE_COHERENT_MEMORY` to conditionally remove coherent memory from the memory maps of all boot loader stages. The patch also adds necessary documentation for coherent memory removal in firmware-design, porting and user guides. Fixes ARM-Software/tf-issues#106 Change-Id: I260e8768c6a5c2efc402f5804a80657d8ce38773
-
- 12 Jan, 2015 2 commits
-
-
Juan Castillo authored
Patch 20d51cad moved the shared data page from the top of the Trusted SRAM to the bottom, changing the load addresses of BL3-1 and BL3-2. This patch updates BL3-1 and BL3-2 addresses in the instructions to run the Trusted Firmware on FVP using BL3-1 as reset vector. This patch is similar to but distinct from bfb1dd51 and 7ea4c437. Change-Id: I6b467f9a82360a5e2181db99fea881487de52704
-
Juan Castillo authored
This patch allows the BL3-1 NOBITS section to overlap the BL1 R/W section since the former will always be used after the latter. Similarly, the BL3-2 NOBITS section can overlay the BL2 image when BL3-2 is loaded in Trusted SRAM. Due to the current size of the images, there is no actual overlap. Nevertheless, this reorganization may help to optimise the Trusted SRAM usage when the images size grows. Note that because BL3-1 NOBITS section is allowed to overlap the BL1 R/W section, BL1 global variables will remain valid only until execution reaches the BL3-1 entry point during a cold boot. Documentation updated accordingly. Fixes ARM-software/tf-issues#254 Change-Id: Id538f4d1c7f1f7858108280fd7b97e138572b879
-
- 09 Jan, 2015 1 commit
-
-
Sandrine Bailleux authored
Previously, the User Guide recommended launching the Foundation FVP with the parameter --no-secure-memory, which disabled security control of the address map. This was due to missing support for secure memory regions in v1 of the Foundation FVP. This is no longer needed as secure memory is now supported on the Foundation FVP. This patch updates the User Guide to recommend enabling secure memory instead. Change-Id: Ifae53c10ff6e1c7c6724af20e05a3d3a88f6a5ad
-
- 07 Jan, 2015 1 commit
-
-
Joakim Bech authored
Fixes arm-software/tf-issues#276
-
- 06 Jan, 2015 1 commit
-
-
Juan Castillo authored
This patch allows to define the name of the FIP at build time by defining the FIP_NAME variable. If FIP_NAME is not defined, default name 'fip.bin' is used. Documentation updated accordingly. Change-Id: Ic41f42aac379b0c958b3dfd02863ba8ba7108710
-
- 29 Oct, 2014 2 commits
-
-
Soby Mathew authored
This patch optimizes the Cortex-A57 cluster power down sequence by not flushing the Level1 data cache. The L1 data cache and the L2 unified cache are inclusive. A flush of the L2 by set/way flushes any dirty lines from the L1 as well. This is a known safe deviation from the Cortex-A57 TRM defined power down sequence. This optimization can be enabled by the platform through the 'SKIP_A57_L1_FLUSH_PWR_DWN' build flag. Each Cortex-A57 based platform must make its own decision on whether to use the optimization. This patch also renames the cpu-errata-workarounds.md to cpu-specific-build-macros.md as this facilitates documentation of both CPU Specific errata and CPU Specific Optimization build macros. Change-Id: I299b9fe79e9a7e08e8a0dffb7d345f9a00a71480
-
Soby Mathew authored
Prior to this patch, the errata workarounds were applied for any version of the CPU in the release build and in the debug build an assert failure resulted when the revision did not match. This patch applies errata workarounds in the Cortex-A57 reset handler only if the 'variant' and 'revision' fields read from the MIDR_EL1 match. In the debug build, a warning message is printed for each errata workaround which is not applied. The patch modifies the register usage in 'reset_handler` so as to adhere to ARM procedure calling standards. Fixes ARM-software/tf-issues#242 Change-Id: I51b1f876474599db885afa03346e38a476f84c29
-
- 22 Oct, 2014 1 commit
-
-
Juan Castillo authored
This patch deprecates the build option to relocate the shared data into Trusted DRAM in FVP. After this change, shared data is always located at the base of Trusted SRAM. This reduces the complexity of the memory map and the number of combinations in the build options. Fixes ARM-software/tf-issues#257 Change-Id: I68426472567b9d8c6d22d8884cb816f6b61bcbd3
-
- 14 Oct, 2014 1 commit
-
-
Juan Castillo authored
This patch configures the TrustZone Controller in Juno to split the 2GB DDR-DRAM memory at 0x80000000 into Secure and Non-Secure regions: - Secure DDR-DRAM: top 16 MB, except for the last 2 MB which are used by the SCP for DDR retraining - Non-Secure DDR-DRAM: remaining DRAM starting at base address Build option PLAT_TSP_LOCATION selects the location of the secure payload (BL3-2): - 'tsram' : Trusted SRAM (default option) - 'dram' : Secure region in the DDR-DRAM (set by the TrustZone controller) The MMU memory map has been updated to give BL2 permission to load BL3-2 into the DDR-DRAM secure region. Fixes ARM-software/tf-issues#233 Change-Id: I6843fc32ef90aadd3ea6ac4c7f314f8ecbd5d07b
-
- 16 Sep, 2014 2 commits
-
-
Jens Wiklander authored
Adds a dispatcher for OP-TEE based on the test secure payload dispatcher. Fixes arm-software/tf-issues#239
-
Soby Mathew authored
This patch adds support for supplying pre-built BL binaries for BL2, BL3-1 and BL3-2 during trusted firmware build. Specifying BLx = <path_to_BLx> in the build command line, where 'x' is any one of BL2, BL3-1 or BL3-2, will skip building that BL stage from source and include the specified binary in final fip image. This patch also makes BL3-3 binary for FIP optional depending on the value of 'NEED_BL33' flag which is defined by the platform. Fixes ARM-software/tf-issues#244 Fixes ARM-software/tf-issues#245 Change-Id: I3ebe1d4901f8b857e8bb51372290978a3323bfe7
-
- 28 Aug, 2014 2 commits
-
-
Dan Handley authored
Final updates to readme.md and change-log.md for ARM Trusted Firmware version 1.0. Also increment the version in the Makefile. Change-Id: I00fe1016c8b936834bbf7bbba7aab07f51261bbb
-
Dan Handley authored
* Fix broken link to SCP download. * Remove requirement to install `ia32-libs`. This package is no longer available in current versions of Ubuntu and is no longer required when using the Linaro toolchain. Change-Id: I9823d535a1d69136685754b7707b73e1eef0978d
-
- 27 Aug, 2014 4 commits
-
-
Sandrine Bailleux authored
This patch gathers miscellaneous minor fixes to the documentation, and comments in the source code. Change-Id: I631e3dda5abafa2d90f464edaee069a1e58b751b Co-Authored-By: Soby Mathew <soby.mathew@arm.com> Co-Authored-By: Dan Handley <dan.handley@arm.com>
-
Juan Castillo authored
This patch reorganizes the firmware design guide to add information about the port of the ARM Trusted Firmware to the Juno ARM development platform. Change-Id: I0b80e2e7a35ccad1af2e971506cfb7fe505f8b84
-
Juan Castillo authored
This patch makes the Trusted Firmware build instructions in the user guide platform independent. FVP specific instructions have been grouped together under a new section dedicated to FVP. Juno specific instructions to build and run the Trusted Firmware, UEFI and Linux have been added. Change-Id: I9bfb1b9d732b1f73abbe29f68ac931e1773a4fd5
-
Dan Handley authored
Fix the instructions for resetting to the BL3-1 entrypoint in the user guide. The BL3-1 and BL3-2 image locations changed in the fix to ARM-software/tf-issues#100 (commit 186c1d4b). This is distinct from the similar issue fixed in commit bfb1dd51. Also clarify the dependence on the FVP_SHARED_DATA_LOCATION and FVP_TSP_RAM_LOCATION build options, and tidy up the "Notes regarding Base FVP configuration options" section. Change-Id: I6b03452a71f0c69efa169852712bcb184242696e
-
- 21 Aug, 2014 1 commit
-
-
Dan Handley authored
Move up the version numbers of the following Trusted Firmware dependencies in the user guide: * Foundation and Base FVPs (latest publically available versions). * EDK2 implementation. The guide now uses the latest version from https://github.com/ARM-software/edk2.git. This requires the `iasl` package to also be installed. * Linux kernel. The guide now uses the latest version from https://github.com/ARM-software/linux.git. * Linaro OpenEmbedded file system. * ARM Development Studio 5. Change-Id: I95bb863a61e47b9ef8be3d110f7087375ee78add
-
- 20 Aug, 2014 3 commits
-
-
Soby Mathew authored
This patch adds documentation for CPU specific abstraction in the firmware- design.md and adds a new document cpu-errata-workarounds.md to describe the cpu errata workaround build flags. Change-Id: Ia08c2fec0b868a0a107d0264e87a60182797a1bd
-
Soby Mathew authored
This patch adds CPU core and cluster power down sequences to the CPU specific operations framework introduced in a earlier patch. Cortex-A53, Cortex-A57 and generic AEM sequences have been added. The latter is suitable for the Foundation and Base AEM FVPs. A pointer to each CPU's operations structure is saved in the per-cpu data so that it can be easily accessed during power down seqeunces. An optional platform API has been introduced to allow a platform to disable the Accelerator Coherency Port (ACP) during a cluster power down sequence. The weak definition of this function (plat_disable_acp()) does not take any action. It should be overriden with a strong definition if the ACP is present on a platform. Change-Id: I8d09bd40d2f528a28d2d3f19b77101178778685d
-
Soby Mathew authored
This patch adds an optional platform API (plat_reset_handler) which allows the platform to perform any actions immediately after a cold or warm reset e.g. implement errata workarounds. The function is called with MMU and caches turned off. This API is weakly defined and does nothing by default but can be overriden by a platform with a strong definition. Change-Id: Ib0acdccbd24bc756528a8bd647df21e8d59707ff
-
- 19 Aug, 2014 1 commit
-
-
Dan Handley authored
* Move TSP platform porting functions to new file: include/bl32/tsp/platform_tsp.h. * Create new TSP_IRQ_SEC_PHY_TIMER definition for use by the generic TSP interrupt handling code, instead of depending on the FVP specific definition IRQ_SEC_PHY_TIMER. * Rename TSP platform porting functions from bl32_* to tsp_*, and definitions from BL32_* to TSP_*. * Update generic TSP code to use new platform porting function names and definitions. * Update FVP port accordingly and move all TSP source files to: plat/fvp/tsp/. * Update porting guide with above changes. Note: THIS CHANGE REQUIRES ALL PLATFORM PORTS OF THE TSP TO BE UPDATED Fixes ARM-software/tf-issues#167 Change-Id: Ic0ff8caf72aebb378d378193d2f017599fc6b78f
-
- 14 Aug, 2014 2 commits
-
-
Dan Handley authored
The intent of io_init() was to allow platform ports to provide a data object (io_plat_data_t) to the IO storage framework to allocate into. The abstraction was incomplete because io_plat_data_t uses a platform defined constant and the IO storage framework internally allocates other arrays using platform defined constants. This change simplifies the implementation by instantiating the supporting objects in the IO storage framework itself. There is now no need for the platform to call io_init(). The FVP port has been updated accordingly. THIS CHANGE REQUIRES ALL PLATFORM PORTS THAT USE THE IO STORAGE FRAMEWORK TO BE UDPATED. Change-Id: Ib48ac334de9e538064734334c773f8b43df3a7dc
-
Juan Castillo authored
This patch groups the current contents of the Trusted DRAM region at address 0x00_0600_0000 (entrypoint mailboxes and BL3-1 parameters) in a single shared memory area that may be allocated to Trusted SRAM (default) or Trusted DRAM at build time by setting the FVP_SHARED_DATA_LOCATION make variable. The size of this shared memory is 4096 bytes. The combination 'Shared data in Trusted SRAM + TSP in Trusted DRAM' is not currently supported due to restrictions in the maximum number of mmu tables that can be created. Documentation has been updated to reflect these changes. Fixes ARM-software/tf-issues#100 Change-Id: I26ff04d33ce4cacf8d770d1a1e24132b4fc53ff0
-
- 13 Aug, 2014 1 commit
-
-
Dan Handley authored
Fix the instructions for resetting to the BL3-1 entrypoint in the user guide. The BL3-1 and BL3-2 image locations changed in the fix to ARM-software/tf-issues#117 (commit a1b6db6c). Fixes ARM-software/tf-issues#237 Change-Id: I764eb17c66034511efb984c0e7cfda29bd99198f
-
- 12 Aug, 2014 2 commits
-
-
Dan Handley authored
Create new LOG_LEVEL build option, which controls the amount of console output compiled into the build. This should be one of the following: 0 (LOG_LEVEL_NONE) 10 (LOG_LEVEL_NOTICE) 20 (LOG_LEVEL_ERROR) 30 (LOG_LEVEL_WARNING) 40 (LOG_LEVEL_INFO) 50 (LOG_LEVEL_VERBOSE) All log output up to and including the log level is compiled into the build. The default value is 40 in debug builds and 20 in release builds. Complement the existing INFO, WARN and ERROR console output macros with NOTICE and VERBOSE macros, which are conditionally compiled in depending on the value of LOG_LEVEL. Fixes ARM-software/tf-issues#232 Change-Id: I951e2f333e7b90fc4b1060741d9a6db699d5aa72
-
Juan Castillo authored
Secure ROM at address 0x0000_0000 is defined as FVP_TRUSTED_ROM Secure RAM at address 0x0400_0000 is defined as FVP_TRUSTED_SRAM Secure RAM at address 0x0600_0000 is defined as FVP_TRUSTED_DRAM BLn_BASE and BLn_LIMIT definitions have been updated and are based on these new memory regions. The available memory for each bootloader in the linker script is defined by BLn_BASE and BLn_LIMIT, instead of the complete memory region. TZROM_BASE/SIZE and TZRAM_BASE/SIZE are no longer required as part of the platform porting. FVP common definitions are defined in fvp_def.h while platform_def.h contains exclusively (with a few exceptions) the definitions that are mandatory in the porting guide. Therefore, platform_def.h now includes fvp_def.h instead of the other way around. Porting guide has been updated to reflect these changes. Change-Id: I39a6088eb611fc4a347db0db4b8f1f0417dbab05
-
- 11 Aug, 2014 1 commit
-
-
Soby Mathew authored
This patch defines a compile time macro for each boot loader stage which allows compilation of code only for a specific stage. Change-Id: I3a4068404cd3dc26d652556ca9ca7afea8dd28ef
-