- 03 Jun, 2016 1 commit
-
-
Soby Mathew authored
The system registers that are saved and restored in CPU context include AArch32 systems registers like SPSR_ABT, SPSR_UND, SPSR_IRQ, SPSR_FIQ, DACR32_EL2, IFSR32_EL2 and FPEXC32_EL2. Accessing these registers on an AArch64-only (i.e. on hardware that does not implement AArch32, or at least not at EL1 and higher ELs) platform leads to an exception. This patch introduces the build option `CTX_INCLUDE_AARCH32_REGS` to specify whether to include these AArch32 systems registers in the cpu context or not. By default this build option is set to 1 to ensure compatibility. AArch64-only platforms must set it to 0. A runtime check is added in BL1 and BL31 cold boot path to verify this. Fixes ARM-software/tf-issues#386 Change-Id: I720cdbd7ed7f7d8516635a2ec80d025f478b95ee
-
- 14 Apr, 2016 1 commit
-
-
Sandrine Bailleux authored
The user can provide additional CFLAGS to use when building TF. However, these custom CFLAGS are currently prepended to the standard CFLAGS that are hardcoded in the TF build system. This is an issue because when providing conflicting compiler flags (e.g. different optimisations levels like -O1 and -O0), the last one on the command line usually takes precedence. This means that the user flags get overriden. To address this problem, this patch separates the TF CFLAGS from the user CFLAGS. The former are now stored in the TF_CFLAGS make variable, whereas the CFLAGS make variable is untouched and reserved for the user. The order of the 2 sets of flags is enforced when invoking the compiler. Fixes ARM-Software/tf-issues#350 Change-Id: Ib189f44555b885f1dffbec6015092f381600e560
-
- 08 Apr, 2016 4 commits
-
-
Antonio Nino Diaz authored
All markdown (.md) files in the root directory of the repository and all the files inside the 'docs' directory have been removed from ROOT_DIRS_TO_CHECK in the Makefile in order not to perform the coding style check on them. Change-Id: Iac397b44f95cbcdb9a52cc20bf69998c394ac00a
-
Antonio Nino Diaz authored
Removed an extra parentheses that produced an invalid list of files and directories to check by checkpatch.pl. Change-Id: Iefe2c1f8be6e7b7b58f6ffe3e16fe6336b9a8689
-
Antonio Nino Diaz authored
To avoid confusion the build option BL33_BASE has been renamed to PRELOADED_BL33_BASE, which is more descriptive of what it does and doesn't get mistaken by similar names like BL32_BASE that work in a completely different way. NOTE: PLATFORMS USING BUILD OPTION `BL33_BASE` MUST CHANGE TO THE NEW BUILD OPTION `PRELOADED_BL33_BASE`. Change-Id: I658925ebe95406edf0325f15aa1752e1782aa45b
-
Antonio Nino Diaz authored
Previously, when building TF without SPD support, BL2 tried to load a BL32 image from the FIP and fails to find one, which resulted on warning messages on the console. Even if there is a BL32 image in the FIP it shouldn't be loaded because there is no way to transfer control to the Secure Payload without SPD support. The Makefile has been modified to pass a define of the form SPD_${SPD} to the source code the same way it's done for PLAT. The define SPD_none is then used to undefine BL32_BASE when BL32 is not used to prevent BL2 from trying to load a BL32 image and failing, thus removing the warning messages mentioned above. Fixes ARM-software/tf-issues#287 Change-Id: Ifeb6f1c26935efb76afd353fea88e87ba09e9658
-
- 01 Apr, 2016 5 commits
-
-
Evan Lloyd authored
In some build environments executable programs have a specific file extension. The value of BIN_EXT is appended to the relevant tool file names to allow for this. The value of BIN_EXT is set, where appropriate, by the build environment specific make helper (to .exe for Windows build environments). .gitignore is updated to hide the new (.exe) files. Change-Id: Icc32f64b750e425265075ad4e0dea18129640b86
-
Evan Lloyd authored
Replace some "recursively expanded" make variables with "simply expanded" variables (i.e. replace = with :=). This has no functional impact but is more consistent and theoretically more efficient. Change-Id: Iaf33d7c8ad48464ae0d39923515d1e7f230c95c1
-
Evan Lloyd authored
Add make helper files to select the appropriate settings for the build environment. Selection is made in make_helpers/build_env.mk, which selects other files to include using generic build environment settings. The Trusted Firmware Makefile and supporting tool Makefiles are updated to include build_env.mk instead of unix.mk. NOTE: This change does not fully enable builds in other build environments. It facilitates this without compromising the existing build environments. Change-Id: Ic4064ffe6ce158bbd16d7cc9f27dd4655a3580f6
-
Evan Lloyd authored
Macros are inserted to replace direct invocations of commands that are problematic on some build environments. (e.g. Some environments expect \ in paths instead of /.) The changes take into account mismatched command mappings across environments. The new helper file unix.mk retains existing makefile behaviour on unix like build environments by providing the following macro definitions: SHELL_COPY cp -f SHELL_COPY_TREE cp -rf SHELL_DELETE rm -f SHELL_DELETE_ALL rm -rf MAKE_PREREQ_DIR mkdir -p (As make target) SHELL_REMOVE_DIR rm -rf Change-Id: I1b5ca5e1208e78230b15284c4af00c1c006cffcb
-
Evan Lloyd authored
As an initial stage of making Trusted Firmware build environment more portable, we remove most uses of the $(shell ) function and replace them with more portable make function based solutions. Note that the setting of BUILD_STRING still uses $(shell ) since it's not possible to reimplement this as a make function. Avoiding invocation of this on incompatible host platforms will be implemented separately. Change-Id: I768e2f9a265c78814a4adf2edee4cc46cda0f5b8
-
- 31 Mar, 2016 1 commit
-
-
Antonio Nino Diaz authored
lib/aarch64/xlat_helpers.c defines helper functions to build translation descriptors, but no common code or upstream platform port uses them. As the rest of the xlat_tables code evolves, there may be conflicts with these helpers, therefore this code should be removed. Change-Id: I9f5be99720f929264818af33db8dada785368711
-
- 02 Mar, 2016 1 commit
-
-
Antonio Nino Diaz authored
Enable alternative boot flow where BL2 does not load BL33 from non-volatile storage, and BL31 hands execution over to a preloaded BL33. The flag used to enable this bootflow is BL33_BASE, which must hold the entrypoint address of the BL33 image. The User Guide has been updated with an example of how to use this option with a bootwrapped kernel. Change-Id: I48087421a7b0636ac40dca7d457d745129da474f
-
- 26 Feb, 2016 1 commit
-
-
Antonio Nino Diaz authored
All C files of stdlib were included into std.c, which was the file that the Makefile actually compiled. This is a poor way of compiling all the files and, while it may work fine most times, it's discouraged. In this particular case, each C file included its own headers, which were later included into std.c. For example, this caused problems because a duplicated typedef of u_short in both subr_prf.c and types.h. While that may require an issue on its own, this kind of problems are avoided if all C files are as independent as possible. Change-Id: I9a7833fd2933003f19a5d7db921ed8542ea2d04a
-
- 08 Feb, 2016 1 commit
-
-
Sandrine Bailleux authored
The LDNP/STNP instructions as implemented on Cortex-A53 and Cortex-A57 do not behave in a way most programmers expect, and will most probably result in a significant speed degradation to any code that employs them. The ARMv8-A architecture (see Document ARM DDI 0487A.h, section D3.4.3) allows cores to ignore the non-temporal hint and treat LDNP/STNP as LDP/STP instead. This patch introduces 2 new build flags: A53_DISABLE_NON_TEMPORAL_HINT and A57_DISABLE_NON_TEMPORAL_HINT to enforce this behaviour on Cortex-A53 and Cortex-A57. They are enabled by default. The string printed in debug builds when a specific CPU errata workaround is compiled in but skipped at runtime has been generalised, so that it can be reused for the non-temporal hint use case as well. Change-Id: I3e354f4797fd5d3959872a678e160322b13867a1
-
- 05 Jan, 2016 1 commit
-
-
Juan Castillo authored
The fip_create tool specifies images in the command line using the ARM TF naming convention (--bl2, --bl31, etc), while the cert_create tool uses the TBBR convention (--tb-fw, --soc-fw, etc). This double convention is confusing and should be aligned. This patch updates the fip_create command line options to follow the TBBR naming convention. Usage examples in the User Guide have been also updated. NOTE: users that build the FIP by calling the fip_create tool directly from the command line must update the command line options in their scripts. Users that build the FIP by invoking the main ARM TF Makefile should not notice any difference. Change-Id: I84d602630a2585e558d927b50dfde4dd2112496f
-
- 22 Dec, 2015 1 commit
-
-
Dan Handley authored
Change-Id: I50cd383e480628bf750bcfb76cfdc9d597c2595b
-
- 21 Dec, 2015 1 commit
-
-
Sandrine Bailleux authored
Change-Id: I6f49bd779f2a4d577c6443dd160290656cdbc59b
-
- 14 Dec, 2015 1 commit
-
-
Juan Castillo authored
This patch removes the dash character from the image name, to follow the image terminology in the Trusted Firmware Wiki page: https://github.com/ARM-software/arm-trusted-firmware/wiki Changes apply to output messages, comments and documentation. non-ARM platform files have been left unmodified. Change-Id: Ic2a99be4ed929d52afbeb27ac765ceffce46ed76
-
- 10 Dec, 2015 1 commit
-
-
Juan Castillo authored
The Server Base System Architecture document (ARM-DEN-0029) specifies a generic UART device. The programmer's view of this generic UART is a subset of the ARM PL011 UART. However, the current PL011 driver in Trusted Firmware uses some features that are outside the generic UART specification. This patch modifies the PL011 driver to exclude features outside the SBSA generic UART specification by setting the boolean build option 'PL011_GENERIC_UART=1'. Default value is 0 (use full PL011 features). User guide updated. Fixes ARM-software/tf-issues#216 Change-Id: I6e0eb86f9d69569bc3980fb57e70d6da5d91a737
-
- 09 Dec, 2015 3 commits
-
-
Yatharth Kochar authored
Firmware update feature needs a new FIP called `fwu_fip.bin` that includes Secure(SCP_BL2U, BL2U) and Normal world(NS_BL2U) images along with the FWU_CERT certificate in order for NS_BL1U to load the images and help the Firmware update process to complete. This patch adds the capability to support the new target `fwu_fip` which includes above mentioned FWU images in the make files. The new target of `fwu_fip` and its dependencies are included for compilation only when `TRUSTED_BOARD_BOOT` is defined. Change-Id: Ie780e3aac6cbd0edfaff3f9af96a2332bd69edbc
-
Yatharth Kochar authored
The Firmware Update (FWU) feature needs support for an optional secure world image, BL2U, to allow additional secure world initialization required by FWU, for example DDR initialization. This patch adds generic framework support to create BL2U. NOTE: A platform makefile must supply additional `BL2U_SOURCES` to build the bl2u target. A subsequent patch adds bl2u support for ARM platforms. Change-Id: If2ce036199bb40b39b7f91a9332106bcd4e25413
-
Yatharth Kochar authored
Firmware update(a.k.a FWU) feature is part of the TBB architecture. BL1 is responsible for carrying out the FWU process if platform specific code detects that it is needed. This patch adds support for FWU feature support in BL1 which is included by enabling `TRUSTED_BOARD_BOOT` compile time flag. This patch adds bl1_fwu.c which contains all the core operations of FWU, which are; SMC handler, image copy, authentication, execution and resumption. It also adds bl1.h introducing #defines for all BL1 SMCs. Following platform porting functions are introduced: int bl1_plat_mem_check(uintptr_t mem_base, unsigned int mem_size, unsigned int flags); This function can be used to add platform specific memory checks for the provided base/size for the given security state. The weak definition will invoke `assert()` and return -ENOMEM. __dead2 void bl1_plat_fwu_done(void *cookie, void *reserved); This function can be used to initiate platform specific procedure to mark completion of the FWU process. The weak definition waits forever calling `wfi()`. plat_bl1_common.c contains weak definitions for above functions. FWU process starts when platform detects it and return the image_id other than BL2_IMAGE_ID by using `bl1_plat_get_next_image_id()` in `bl1_main()`. NOTE: User MUST provide platform specific real definition for bl1_plat_mem_check() in order to use it for Firmware update. Change-Id: Ice189a0885d9722d9e1dd03f76cac1aceb0e25ed
-
- 26 Nov, 2015 3 commits
-
-
Sandrine Bailleux authored
This patch introduces a new build option named COLD_BOOT_SINGLE_CPU, which allows platforms that only release a single CPU out of reset to slightly optimise their cold boot code, both in terms of code size and performance. COLD_BOOT_SINGLE_CPU defaults to 0, which assumes that the platform may release several CPUs out of reset. In this case, the cold reset code needs to coordinate all CPUs via the usual primary/secondary CPU distinction. If a platform guarantees that only a single CPU will ever be released out of reset, there is no need to arbitrate execution ; the notion of primary and secondary CPUs itself no longer exists. Such platforms may set COLD_BOOT_SINGLE_CPU to 1 in order to compile out the primary/secondary CPU identification in the cold reset code. All ARM standard platforms can release several CPUs out of reset so they use COLD_BOOT_SINGLE_CPU=0. However, on CSS platforms like Juno, bringing up more than one CPU at reset should only be attempted when booting an EL3 payload, as it is not fully supported in the normal boot flow. For platforms using COLD_BOOT_SINGLE_CPU=1, the following 2 platform APIs become optional: - plat_secondary_cold_boot_setup(); - plat_is_my_cpu_primary(). The Porting Guide has been updated to reflect that. User Guide updated as well. Change-Id: Ic5b474e61b7aec1377d1e0b6925d17dfc376c46b
-
Sandrine Bailleux authored
This patch adds support for booting EL3 payloads on CSS platforms, for example Juno. In this scenario, the Trusted Firmware follows its normal boot flow up to the point where it would normally pass control to the BL31 image. At this point, it jumps to the EL3 payload entry point address instead. Before handing over to the EL3 payload, the data SCP writes for AP at the beginning of the Trusted SRAM is restored, i.e. we zero the first 128 bytes and restore the SCP Boot configuration. The latter is saved before transferring the BL30 image to SCP and is restored just after the transfer (in BL2). The goal is to make it appear that the EL3 payload is the first piece of software to run on the target. The BL31 entrypoint info structure is updated to make the primary CPU jump to the EL3 payload instead of the BL31 image. The mailbox is populated with the EL3 payload entrypoint address, which releases the secondary CPUs out of their holding pen (if the SCP has powered them on). The arm_program_trusted_mailbox() function has been exported for this purpose. The TZC-400 configuration in BL2 is simplified: it grants secure access only to the whole DRAM. Other security initialization is unchanged. This alternative boot flow is disabled by default. A new build option EL3_PAYLOAD_BASE has been introduced to enable it and provide the EL3 payload's entry point address. The build system has been modified such that BL31 and BL33 are not compiled and/or not put in the FIP in this case, as those images are not used in this boot flow. Change-Id: Id2e26fa57988bbc32323a0effd022ab42f5b5077
-
Sandrine Bailleux authored
This patch introduces a new build flag, SPIN_ON_BL1_EXIT, which puts an infinite loop in BL1. It is intended to help debugging the post-BL2 phase of the Trusted Firmware by stopping execution in BL1 just before handing over to BL31. At this point, the developer may take control of the target using a debugger. This feature is disabled by default and can be enabled by rebuilding BL1 with SPIN_ON_BL1_EXIT=1. User Guide updated accordingly. Change-Id: I6b6779d5949c9e5571dd371255520ef1ac39685c
-
- 24 Nov, 2015 1 commit
-
-
Soby Mathew authored
This patch changes the build time behaviour when using deprecated API within Trusted Firmware. Previously the use of deprecated APIs would only trigger a build warning (which was always treated as a build error), when WARN_DEPRECATED = 1. Now, the use of deprecated C declarations will always trigger a build time warning. Whether this warning is treated as error or not is determined by the build flag ERROR_DEPRECATED which is disabled by default. When the build flag ERROR_DEPRECATED=1, the invocation of deprecated API or inclusion of deprecated headers will result in a build error. Also the deprecated context management helpers in context_mgmt.c are now conditionally compiled depending on the value of ERROR_DEPRECATED flag so that the APIs themselves do not result in a build error when the ERROR_DEPRECATED flag is set. NOTE: Build systems that use the macro WARN_DEPRECATED must migrate to using ERROR_DEPRECATED, otherwise deprecated API usage will no longer trigger a build error. Change-Id: I843bceef6bde979af7e9b51dddf861035ec7965a
-
- 17 Nov, 2015 1 commit
-
-
Juan Castillo authored
If an SPD wants to use a prebuilt binary as BL32 image (for example, the OPTEE Dispatcher), it must point the `BL32` variable to the image file. This dependency should apply only to the `fip` target. However, it also applies to the `all` target at the moment. If the user tries to build all individual TF images using `make all` without setting BL32, the build fails. The following command will throw the error: make CROSS_COMPILE=aarch64-linux-gnu- SPD=opteed all ... ... aarch64-linux-gnu-gcc: fatal error: no input files compilation terminated. make: *** [build/fvp/release/bl32/bl32.ld] Error 1 The reason is that the build system checks if BL32 is defined, and if it is not, it will try to build BL32 from source. If the SPD makefile does not provide support for that (as is the case of the OPTEE Dispatcher, since OPTEE is provided as an external binary), the build will fail. This patch fixes the issue by checking if `BL32_SOURCES` has been defined by the SPD before attempting to build BL32 from source. If neither `BL32` nor `BL32_SOURCES` is defined when building the FIP, a warning message will be printed and the process aborted. Fixes ARM-software/tf-issues#333 Change-Id: I5e801ad333103ed9b042e5c4757424c8df2ff6e4
-
- 10 Nov, 2015 1 commit
-
-
Juan Castillo authored
ARMv8 architecture allows unaligned memory accesses. However, Trusted Firmware disables such feature by setting the SCTLR_A_BIT and SCTLR_SA_BIT in the SCTLR_EL3 register (it enables alignment checks). This patch adds -mstrict-align to the gcc build options. Although there are not explicit unaligned memory accesses in Trusted Firmware, this flag will tell the compiler not to use them. Fixes ARM-software/tf-issues#294 Change-Id: I69748c6cf28504be9ca3dc975a331d14459c9ef1
-
- 07 Nov, 2015 1 commit
-
-
Achin Gupta authored
Commit #73c99d4e had refactored the top level Makefile. This commit also broke platform ports that still rely on an enabled ENABLE_PLAT_COMPAT build option since the evaluation of this option was also accidentally removed from the Makefile. This patch fixes this break by re-introducing the necessary support to ensure that this build option is enabled by default if a platform port does not disable it explicitly. Fixes ARM-software/tf-issues#332 Change-Id: I2217595d2e0bccae7de98cc6c0ea448b5bf3dae2
-
- 27 Oct, 2015 2 commits
-
-
Juan Castillo authored
Currently, if no make goal is specified in the command line, 'all' is assumed by default, but the dependency files are not generated. This might lead to a successful but inconsistent build. This patch provides a fix to the problem. Change-Id: I0148719e114dbdbe46f8a57c7d05da7cbc212c92
-
Juan Castillo authored
This patch is a complete rework of the main Makefile. Functionality remains the same but the code has been reorganized in sections in order to improve readability and facilitate adding future extensions. A new file 'build_macros.mk' has been created and will contain common definitions (variables, macros, etc) that may be used from the main Makefile and other platform specific makefiles. A new macro 'FIP_ADD_IMG' has been introduced and it will allow the platform to specify binary images and the necessary checks for a successful build. Platforms that require a BL30 image no longer need to specify the NEED_BL30 option. The main Makefile is now completely unaware of additional images not built as part of Trusted Firmware, like BL30. It is the platform responsibility to specify images using the macro 'FIP_ADD_IMG'. Juno uses this macro to include the BL30 image in the build. BL33 image is specified in the main Makefile to preserve backward compatibility with the NEED_BL33 option. Otherwise, platform ports that rely on the definition of NEED_BL33 might break. All Trusted Board Boot related definitions have been moved to a separate file 'tbbr_tools.mk'. The main Makefile will include this file unless the platform indicates otherwise by setting the variable 'INCLUDE_TBBR_MK := 0' in the corresponding platform.mk file. This will keep backward compatibility but ideally each platform should include the corresponding TBB .mk file in platform.mk. Change-Id: I35e7bc9930d38132412e950e20aa2a01e2b26801
-
- 13 Aug, 2015 4 commits
-
-
Soby Mathew authored
This patch defines deprecated platform APIs to enable Trusted Firmware components like Secure Payload and their dispatchers(SPD) to continue to build and run when platform compatibility is disabled. This decouples the migration of platform ports to the new platform API from SPD and enables them to be migrated independently. The deprecated platform APIs defined in this patch are : platform_get_core_pos(), platform_get_stack() and platform_set_stack(). The patch also deprecates MPIDR based context management helpers like cm_get_context_by_mpidr(), cm_set_context_by_mpidr() and cm_init_context(). A mechanism to deprecate APIs and identify callers of these APIs during build is introduced, which is controlled by the build flag WARN_DEPRECATED. If WARN_DEPRECATED is defined to 1, the users of the deprecated APIs will be flagged either as a link error for assembly files or compile time warning for C files during build. Change-Id: Ib72c7d5dc956e1a74d2294a939205b200f055613
-
Soby Mathew authored
This commit does the switch to the new PSCI framework implementation replacing the existing files in PSCI folder with the ones in PSCI1.0 folder. The corresponding makefiles are modified as required for the new implementation. The platform.h header file is also is switched to the new one as required by the new frameworks. The build flag ENABLE_PLAT_COMPAT defaults to 1 to enable compatibility layer which let the existing platform ports to continue to build and run with minimal changes. The default weak implementation of platform_get_core_pos() is now removed from platform_helpers.S and is provided by the compatibility layer. Note: The Secure Payloads and their dispatchers still use the old platform and framework APIs and hence it is expected that the ENABLE_PLAT_COMPAT build flag will remain enabled in subsequent patch. The compatibility for SPDs using the older APIs on platforms migrated to the new APIs will be added in the following patch. Change-Id: I18c51b3a085b564aa05fdd98d11c9f3335712719
-
Soby Mathew authored
The new PSCI topology framework and PSCI extended State framework introduces a breaking change in the platform port APIs. To ease the migration of the platform ports to the new porting interface, a compatibility layer is introduced which essentially defines the new platform API in terms of the old API. The old PSCI helpers to retrieve the power-state, its associated fields and the highest coordinated physical OFF affinity level of a core are also implemented for compatibility. This allows the existing platform ports to work with the new PSCI framework without significant rework. This layer will be enabled by default once the switch to the new PSCI framework is done and is controlled by the build flag ENABLE_PLAT_COMPAT. Change-Id: I4b17cac3a4f3375910a36dba6b03d8f1700d07e3
-
Soby Mathew authored
The state-id field in the power-state parameter of a CPU_SUSPEND call can be used to describe composite power states specific to a platform. The current PSCI implementation does not interpret the state-id field. It relies on the target power level and the state type fields in the power-state parameter to perform state coordination and power management operations. The framework introduced in this patch allows the PSCI implementation to intepret generic global states like RUN, RETENTION or OFF from the State-ID to make global state coordination decisions and reduce the complexity of platform ports. It adds support to involve the platform in state coordination which facilitates the use of composite power states and improves the support for entering standby states at multiple power domains. The patch also includes support for extended state-id format for the power state parameter as specified by PSCIv1.0. The PSCI implementation now defines a generic representation of the power-state parameter. It depends on the platform port to convert the power-state parameter (possibly encoding a composite power state) passed in a CPU_SUSPEND call to this representation via the `validate_power_state()` plat_psci_ops handler. It is an array where each index corresponds to a power level. Each entry contains the local power state the power domain at that power level could enter. The meaning of the local power state values is platform defined, and may vary between levels in a single platform. The PSCI implementation constrains the values only so that it can classify the state as RUN, RETENTION or OFF as required by the specification: * zero means RUN * all OFF state values at all levels must be higher than all RETENTION state values at all levels * the platform provides PLAT_MAX_RET_STATE and PLAT_MAX_OFF_STATE values to the framework The platform also must define the macros PLAT_MAX_RET_STATE and PLAT_MAX_OFF_STATE which lets the PSCI implementation find out which power domains have been requested to enter a retention or power down state. The PSCI implementation does not interpret the local power states defined by the platform. The only constraint is that the PLAT_MAX_RET_STATE < PLAT_MAX_OFF_STATE. For a power domain tree, the generic implementation maintains an array of local power states. These are the states requested for each power domain by all the cores contained within the domain. During a request to place multiple power domains in a low power state, the platform is passed an array of requested power-states for each power domain through the plat_get_target_pwr_state() API. It coordinates amongst these states to determine a target local power state for the power domain. A default weak implementation of this API is provided in the platform layer which returns the minimum of the requested power-states back to the PSCI state coordination. Finally, the plat_psci_ops power management handlers are passed the target local power states for each affected power domain using the generic representation described above. The platform executes operations specific to these target states. The platform power management handler for placing a power domain in a standby state (plat_pm_ops_t.pwr_domain_standby()) is now only used as a fast path for placing a core power domain into a standby or retention state should now be used to only place the core power domain in a standby or retention state. The extended state-id power state format can be enabled by setting the build flag PSCI_EXTENDED_STATE_ID=1 and it is disabled by default. Change-Id: I9d4123d97e179529802c1f589baaa4101759d80c
-
- 25 Jun, 2015 3 commits
-
-
Juan Castillo authored
This patch modifies the Trusted Board Boot implementation to use the new authentication framework, making use of the authentication module, the cryto module and the image parser module to authenticate the images in the Chain of Trust. A new function 'load_auth_image()' has been implemented. When TBB is enabled, this function will call the authentication module to authenticate parent images following the CoT up to the root of trust to finally load and authenticate the requested image. The platform is responsible for picking up the right makefiles to build the corresponding cryptographic and image parser libraries. ARM platforms use the mbedTLS based libraries. The platform may also specify what key algorithm should be used to sign the certificates. This is done by declaring the 'KEY_ALG' variable in the platform makefile. FVP and Juno use ECDSA keys. On ARM platforms, BL2 and BL1-RW regions have been increased 4KB each to accommodate the ECDSA code. REMOVED BUILD OPTIONS: * 'AUTH_MOD' Change-Id: I47d436589fc213a39edf5f5297bbd955f15ae867
-
Juan Castillo authored
This patch extends the 'cert_create' tool to support ECDSA keys to sign the certificates. The '--key-alg' command line option can be used to specify the key algorithm when invoking the tool. Available options are: * 'rsa': create RSA-2048 keys (default option) * 'ecdsa': create ECDSA-SECP256R1 keys The TF Makefile has been updated to allow the platform to specify the key algorithm by declaring the 'KEY_ALG' variable in the platform makefile. The behaviour regarding key management has changed. After applying this patch, the tool will try first to open the keys from disk. If one key does not exist or no key is specified, and the command line option to create keys has been specified, new keys will be created. Otherwise an error will be generated and the tool will exit. This way, the user may specify certain keys while the tool will create the remaining ones. This feature is useful for testing purposes and CI infrastructures. The OpenSSL directory may be specified using the build option 'OPENSSL_DIR' when building the certificate generation tool. Default is '/usr'. Change-Id: I98bcc2bfab28dd7179f17f1177ea7a65698df4e7
-
Juan Castillo authored
This patch adds a boolean build option 'SAVE_KEYS' to indicate the certificate generation tool that it must save the private keys used to establish the chain of trust. This option depends on 'CREATE_KEYS' to be enabled. Default is '0' (do not save). Because the same filenames are used as outputs to save the keys, they are no longer a dependency to the cert_tool. This dependency has been removed from the Makefile. Documentation updated accordingly. Change-Id: I67ab1c2b1f8a25793f0de95e8620ce7596a6bc3b
-
- 04 Jun, 2015 1 commit
-
-
Sandrine Bailleux authored
This patch introduces a new platform build option, called PROGRAMMABLE_RESET_ADDRESS, which tells whether the platform has a programmable or fixed reset vector address. If the reset vector address is fixed then the code relies on the platform_get_entrypoint() mailbox mechanism to figure out where it is supposed to jump. On the other hand, if it is programmable then it is assumed that the platform code will program directly the right address into the RVBAR register (instead of using the mailbox redirection) so the mailbox is ignored in this case. Change-Id: If59c3b11fb1f692976e1d8b96c7e2da0ebfba308
-