1. 26 Feb, 2014 3 commits
  2. 20 Feb, 2014 16 commits
    • Jeenu Viswambharan's avatar
      Update .gitignore · d59a6c6d
      Jeenu Viswambharan authored
      This patch updates .gitignore file to ignore potential build products,
      tool object files and binaries
      
      Also fixes issue ARM-software/tf-issues#35
      
      Change-Id: I053dfba4ec8fecbcca081cad5b4bf94f8abfb15c
      d59a6c6d
    • Ryan Harkin's avatar
      Fix semihosting with latest toolchain · cd529320
      Ryan Harkin authored
      Fixes issues #10:
      
      https://github.com/ARM-software/tf-issues/issues/10
      
      
      
      This patch changes all/most variables of type int to be size_t or long
      to fix the sizing and alignment problems found when building with the
      newer toolchains such as Linaro GCC 13.12 or later.
      
      Change-Id: Idc9d48eb2ff9b8c5bbd5b227e6907263d1ea188b
      Signed-off-by: default avatarRyan Harkin <ryan.harkin@linaro.org>
      cd529320
    • Jeenu Viswambharan's avatar
      Cleanup FIP build targets and messages · 2f2cef46
      Jeenu Viswambharan authored
      At present the fip.bin depends on phony targets for BL images, resulting
      in unconditional remake of fip.bin. Also the build messages doesn't
      match with the rest of build system.
      
      This patch modifies the fip.bin dependencies to the actual BL binary
      images so that fip.bin is remade only when the component images are
      rebuilt/modified. The build messages and FIP Makefile are modified to
      match the style of rest of the build system.
      
      Change-Id: I8dd08666ff766d106820a5b4b037c2161bcf140f
      2f2cef46
    • Jeenu Viswambharan's avatar
      Report recoverable errors as warnings · 08c28d53
      Jeenu Viswambharan authored
      At present many recoverable failures are reported as errors. This patch
      modifies all such failures to be reported as warnings instead.
      
      Change-Id: I5141653c82498defcada9b90fdf7498ba496b2f2
      08c28d53
    • Achin Gupta's avatar
      Rework arithmetic operations in Test Secure Payload · 916a2c1e
      Achin Gupta authored
      
      
      This patch reworks the service provided by the TSP to perform common
      arithmetic operations on a set of arguments provided by the non-secure
      world. For a addition, division, subtraction & multiplication operation
      requested on two arguments in x0 and x1 the steps are:
      
      1. TSPD saves the non-secure context and passes the operation and its
         arguments to the TSP.
      
      2. TSP asks the TSPD to return the same arguments once again. This
         exercises an additional SMC path.
      
      3. TSP now has two copies of both x0 and x1. It performs the operation
         on the corresponding copies i.e. in case of addition it returns x0+x0
         and x1+x1.
      
      4. TSPD receives the result, saves the secure context, restores the
         non-secure context and passes the result back to the non-secure
         client.
      
      Change-Id: I6eebfa2ae0a6f28b1d2e11a31f575c7a4b96724b
      Co-authored-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      916a2c1e
    • Achin Gupta's avatar
      Add power management support in the SPD · 607084ee
      Achin Gupta authored
      This patch implements a set of handlers in the SPD which are called by
      the PSCI runtime service upon receiving a power management
      operation. These handlers in turn pass control to the Secure Payload
      image if required before returning control to PSCI. This ensures that
      the Secure Payload has complete visibility of all power transitions in
      the system and can prepare accordingly.
      
      Change-Id: I2d1dba5629b7cf2d53999d39fe807dfcf3f62fe2
      607084ee
    • Achin Gupta's avatar
      Add Test Secure Payload Dispatcher (TSPD) service · 375f538a
      Achin Gupta authored
      
      
      This patch adds the TSPD service which is responsible for managing
      communication between the non-secure state and the Test Secure Payload
      (TSP) executing in S-EL1.
      
      The TSPD does the following:
      
      1. Determines the location of the TSP (BL3-2) image and passes control
         to it for initialization. This is done by exporting the 'bl32_init()'
         function.
      
      2. Receives a structure containing the various entry points into the TSP
         image as a response to being initialized. The TSPD uses this
         information to determine how the TSP should be entered depending on
         the type of operation.
      
      3. Implements a synchronous mechanism for entering into and returning
         from the TSP image. This mechanism saves the current C runtime
         context on top of the current stack and jumps to the TSP through an
         ERET instruction. The TSP issues an SMC to indicate completion of the
         previous request. The TSPD restores the saved C runtime context and
         resumes TSP execution.
      
      This patch also introduces a Make variable 'SPD' to choose the specific
      SPD to include in the build. By default, no SPDs are included in the
      build.
      
      Change-Id: I124da5695cdc510999b859a1bf007f4d049e04f3
      Co-authored-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      375f538a
    • Jeenu Viswambharan's avatar
      Fix FIP offset address when file not found · dd3dc32f
      Jeenu Viswambharan authored
      If there is a request to open a file from FIP, and that file is not
      found, the driver fails to reset the offset address. This causes
      subsequent file loads to fail.
      
      This patch resets the offset address to zero if a file is not found so
      that subsequent file loads are unaffected.
      
      Change-Id: I16418e35f92fb7c85fb12e2acc071990520cdef8
      dd3dc32f
    • Achin Gupta's avatar
      Add Test Secure Payload (BL3-2) image · 7c88f3f6
      Achin Gupta authored
      
      
      This patch adds a simple TSP as the BL3-2 image. The secure payload
      executes in S-EL1. It paves the way for the addition of the TSP
      dispatcher runtime service to BL3-1. The TSP and the dispatcher service
      will serve as an example of the runtime firmware's ability to toggle
      execution between the non-secure and secure states in response to SMC
      request from the non-secure state.  The TSP will be replaced by a
      Trusted OS in a real system.
      
      The TSP also exports a set of handlers which should be called in
      response to a PSCI power management event e.g a cpu being suspended or
      turned off. For now it runs out of Secure DRAM on the ARM FVP port and
      will be moved to Secure SRAM later. The default translation table setup
      code assumes that the caller is executing out of secure SRAM. Hence the
      TSP exports its own translation table setup function.
      
      The TSP only services Fast SMCs, is non-reentrant and non-interruptible.
      It does arithmetic operations on two sets of four operands, one set
      supplied by the non-secure client, and the other supplied by the TSP
      dispatcher in EL3. It returns the result according to the Secure Monitor
      Calling convention standard.
      
      This TSP has two functional entry points:
      
      - An initial, one-time entry point through which the TSP is initialized
        and prepares for receiving further requests from secure
        monitor/dispatcher
      
      - A fast SMC service entry point through which the TSP dispatcher
        requests secure services on behalf of the non-secure client
      
      Change-Id: I24377df53399307e2560a025eb2c82ce98ab3931
      Co-authored-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      7c88f3f6
    • Achin Gupta's avatar
      Move PSCI to runtime services directory · 0a9f7473
      Achin Gupta authored
      This patch creates a 'services' directory and moves the PSCI under
      it. Other runtime services e.g. the Secure Payload Dispatcher service
      will be placed under the same directory in the future.
      
      Also fixes issue ARM-software/tf-issues#12
      
      Change-Id: I187f83dcb660b728f82155d91882e961d2255068
      0a9f7473
    • Achin Gupta's avatar
      Specify address of UART device to use as a console · 8aa0cd43
      Achin Gupta authored
      This patch adds the ability to specify the base address of a UART
      device for initialising the console. This allows a boot loader stage
      to use a different UART device from UART0 (default) for the console.
      
      Change-Id: Ie60b927389ae26085cfc90d22a564ff83ba62955
      8aa0cd43
    • Achin Gupta's avatar
      Factor out translation table setup in ARM FVP port · a0cd989d
      Achin Gupta authored
      This patch factors out the ARM FVP specific code to create MMU
      translation tables so that it is possible for a boot loader stage to
      create a different set of tables instead of using the default ones.
      The default translation tables are created with the assumption that
      the calling boot loader stage executes out of secure SRAM. This might
      not be true for the BL3_2 stage in the future.
      
      A boot loader stage can define the `fill_xlation_tables()` function as
      per its requirements. It returns a reference to the level 1
      translation table which is used by the common platform code to setup
      the TTBR_EL3.
      
      This patch is a temporary solution before a larger rework of
      translation table creation logic is introduced.
      
      Change-Id: I09a075d5da16822ee32a411a9dbe284718fb4ff6
      a0cd989d
    • Achin Gupta's avatar
      Add support for BL3-2 in BL3-1 · 35ca3511
      Achin Gupta authored
      This patch adds the following support to the BL3-1 stage:
      
      1. BL3-1 allows runtime services to specify and determine the security
         state of the next image after BL3-1. This has been done by adding
         the `bl31_set_next_image_type()` & `bl31_get_next_image_type()`
         apis. The default security state is non-secure. The platform api
         `bl31_get_next_image_info()` has been modified to let the platform
         decide which is the next image in the desired security state.
      
      2. BL3-1 exports the `bl31_prepare_next_image_entry()` function to
         program entry into the target security state. It uses the apis
         introduced in 1. to do so.
      
      3. BL3-1 reads the information populated by BL2 about the BL3-2 image
         into its internal data structures.
      
      4. BL3-1 introduces a weakly defined reference `bl32_init()` to allow
         initialisation of a BL3-2 image. A runtime service like the Secure
         payload dispatcher will define this function if present.
      
      Change-Id: Icc46dcdb9e475ce6575dd3f9a5dc7a48a83d21d1
      35ca3511
    • Achin Gupta's avatar
      Add support for BL3-2 in BL2 · a3050ed5
      Achin Gupta authored
      
      
      This patch adds support for loading a BL3-2 image in BL2. In case a
      BL3-2 image is found, it also passes information to BL3-1 about where it
      is located and the extents of memory available to it. Information about
      memory extents is populated by platform specific code.
      
      The documentation has also been updated to reflect the above changes.
      
      Change-Id: I526b2efb80babebab1318f2b02e319a86d6758b0
      Co-authored-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      a3050ed5
    • Achin Gupta's avatar
      Rework BL2 to BL3-1 hand over interface · e4d084ea
      Achin Gupta authored
      This patch reworks BL2 to BL3-1 hand over interface by introducing a
      composite structure (bl31_args) that holds the superset of information
      that needs to be passed from BL2 to BL3-1.
      
        - The extents of secure memory available to BL3-1
        - The extents of memory available to BL3-2 (not yet implemented) and
          BL3-3
        - Information to execute BL3-2 (not yet implemented) and BL3-3 images
      
      This patch also introduces a new platform API (bl2_get_bl31_args_ptr)
      that needs to be implemented by the platform code to export reference to
      bl31_args structure which has been allocated in platform-defined memory.
      
      The platform will initialize the extents of memory available to BL3-3
      during early platform setup in bl31_args structure. This obviates the
      need for bl2_get_ns_mem_layout platform API.
      
      BL2 calls the bl2_get_bl31_args_ptr function to get a reference to
      bl31_args structure. It uses the 'bl33_meminfo' field of this structure
      to load the BL3-3 image. It sets the entry point information for the
      BL3-3 image in the 'bl33_image_info' field of this structure. The
      reference to this structure is passed to the BL3-1 image.
      
      Also fixes issue ARM-software/tf-issues#25
      
      Change-Id: Ic36426196dd5ebf89e60ff42643bed01b3500517
      e4d084ea
    • Jeenu Viswambharan's avatar
      Add exception vector guards · a7934d69
      Jeenu Viswambharan authored
      This patch adds guards so that an exception vector exceeding 32
      instructions will generate a compile-time error. This keeps the
      exception handlers in check from spilling over.
      
      Change-Id: I7aa56dd0071a333664e2814c656d3896032046fe
      a7934d69
  3. 17 Feb, 2014 17 commits
    • Achin Gupta's avatar
      Increase coherent stack sizes · ca823d2c
      Achin Gupta authored
      This patch increases coherent stack size for both debug and release
      builds in order to accommodate stack-heavy printf() and extended EL3
      functionality
      
      Change-Id: I30ef30530a01517a97e63d703873374828c09f20
      ca823d2c
    • Jeenu Viswambharan's avatar
      Add support for handling runtime service requests · caa84939
      Jeenu Viswambharan authored
      
      
      This patch uses the reworked exception handling support to handle
      runtime service requests through SMCs following the SMC calling
      convention. This is a giant commit since all the changes are
      inter-related. It does the following:
      
      1. Replace the old exception handling mechanism with the new one
      2. Enforce that SP_EL0 is used C runtime stacks.
      3. Ensures that the cold and warm boot paths use the 'cpu_context'
         structure to program an ERET into the next lower EL.
      4. Ensures that SP_EL3 always points to the next 'cpu_context'
         structure prior to an ERET into the next lower EL
      5. Introduces a PSCI SMC handler which completes the use of PSCI as a
         runtime service
      
      Change-Id: I661797f834c0803d2c674d20f504df1b04c2b852
      Co-authored-by: default avatarAchin Gupta <achin.gupta@arm.com>
      caa84939
    • Achin Gupta's avatar
      Introduce new exception handling framework · 07f4e078
      Achin Gupta authored
      This patch introduces the reworked exception handling logic which lays
      the foundation for accessing runtime services in later patches. The
      type of an exception has a greater say in the way it is
      handled. SP_EL3 is used as the stack pointer for:
      
      1. Determining the type of exception and handling the unexpected ones
         on the exception stack
      
      2. Saving and restoring the essential general purpose and system
         register state after exception entry and prior to exception exit.
      
      SP_EL0 is used as the stack pointer for handling runtime service
      requests e.g. SMCs. A new structure for preserving general purpose
      register state has been added to the 'cpu_context' structure. All
      assembler ensures that it does not use callee saved registers
      (x19-x29). The C runtime preserves them across functions calls. Hence
      EL3 code does not have to save and restore them explicitly.
      
      Since the exception handling framework has undergone substantial change,
      the changes have been kept in separate files to aid readability. These
      files will replace the existing ones in subsequent patches.
      
      Change-Id: Ice418686592990ff7a4260771e8d6676e6c8c5ef
      07f4e078
    • Achin Gupta's avatar
      Add runtime services framework · 7421b465
      Achin Gupta authored
      This patch introduces the framework to enable registration and
      initialisation of runtime services. PSCI is registered and initialised
      as a runtime service. Handling of runtime service requests will be
      implemented in subsequent patches.
      
      Change-Id: Id21e7ddc5a33d42b7d6e455b41155fc5441a9547
      7421b465
    • Achin Gupta's avatar
      psci: Use context library for preserving EL3 state · ef7a28c9
      Achin Gupta authored
      This patch uses the context library to save and restore EL3 state on
      the 'cpu_context' data structures allocated by PSCI for managing
      non-secure state context on each cpu.
      
      Change-Id: I19c1f26578204a7cd9e0a6c582ced0d97ee4cf80
      ef7a28c9
    • Achin Gupta's avatar
      Add context management library · 7aea9087
      Achin Gupta authored
      This patch adds support for a cpu context management library. This
      library will be used to:
      
      1. Share pointers to secure and non-secure state cpu contexts between
         runtime services e.g. PSCI and Secure Payload Dispatcher services
      2. Set SP_EL3 to a context structure which will be used for
         programming an ERET into a lower EL
      3. Provide wrapper functions to save and restore EL3 & EL1
         state. These functions will in turn use the helper functions in
         context.S
      
      Change-Id: I655eeef83dcd2a0c6f2eb2ac23efab866ac83ca0
      7aea9087
    • Achin Gupta's avatar
      Add helper library for cpu context management · 9ac63c59
      Achin Gupta authored
      This patch introduces functions for saving and restoring shared system
      registers between secure and non-secure EL1 exception levels, VFP
      registers and essential EL3 system register and other state. It also
      defines the 'cpu_context' data structure which will used for saving and
      restoring execution context for a given security state. These functions
      will allow runtime services like PSCI and Secure payload dispatcher to
      implement logic for switching between the secure and non-secure states.
      
      The save and restore functions follow AArch64 PCS and only use
      caller-saved temporary registers.
      
      Change-Id: I8ee3aaa061d3caaedb28ae2c5becb9a206b6fd74
      9ac63c59
    • Achin Gupta's avatar
      Setup VBAR_EL3 incrementally · b739f22a
      Achin Gupta authored
      This patch ensures that VBAR_EL3 points to the simple stack-less
      'early_exceptions' when the C runtime stack is not correctly setup to
      use the more complex 'runtime_exceptions'. It is initialised to
      'runtime_exceptions' once this is done.
      
      This patch also moves all exception vectors into a '.vectors' section
      and modifies linker scripts to place all such sections together. This
      will minimize space wastage from alignment restrictions.
      
      Change-Id: I8c3e596ea3412c8bd582af9e8d622bb1cb2e049d
      b739f22a
    • Jeenu Viswambharan's avatar
      Fix spilled-over BL1 exception vector · 65f0730b
      Jeenu Viswambharan authored
      The SynchronousExceptionA64 vector has gone beyond the 32-instruction
      limit for individual exception vector. This patch splits and relocates
      the exception handler so that it fits into the 32-instruction window.
      
      Change-Id: Ic60c4fc3f09a1cb071d63ff0e58353ecaecbb62f
      65f0730b
    • Jeenu Viswambharan's avatar
      Move translation tables into separate section · 74cbb839
      Jeenu Viswambharan authored
      This patch moves the translation tables into their own section. This
      saves space that would otherwise have been lost in padding due to page
      table alignment constraints. The BL31 and BL32 bases have been
      consequently adjusted.
      
      Change-Id: Ibd65ae8a5ce4c4ea9a71a794c95bbff40dc63e65
      74cbb839
    • Harry Liebel's avatar
      Add Firmware Image Package (FIP) documentation · d265bd7c
      Harry Liebel authored
      This fixes ARM-software/tf-issues#9
      
      Change-Id: Id57037115b8762efc9eaf5ff41887b71d6494c5d
      d265bd7c
    • Harry Liebel's avatar
      Add Firmware Image Package (FIP) driver · 561cd33e
      Harry Liebel authored
      The Firmware Image Package (FIP) driver allows for data to be loaded
      from a FIP on platform storage. The FVP supports loading bootloader
      images from a FIP located in NOR FLASH.
      
      The implemented FVP policy states that bootloader images will be
      loaded from a FIP in NOR FLASH if available and fall back to loading
      individual images from semi-hosting.
      
      NOTE:
      - BL3-3(e.g. UEFI) is loaded into DRAM and needs to be configured
        to run from the BL33_BASE address. This is currently set to
        DRAM_BASE+128MB for the FVP.
      
      Change-Id: I2e4821748e3376b5f9e467cf3ec09509e43579a0
      561cd33e
    • Harry Liebel's avatar
      Add Firmware Image Package creation tool · f58ad36f
      Harry Liebel authored
      This tool can be used to create a Firmware Image Packages (FIP). These
      FIPs store a combined set of firmware images with a Table of Contents
      (ToC) that can be loaded by the firmware from platform storage.
      
      - Add uuid.h from FreeBSD.
      - Use symbolic links to shared headers otherwise unwanted headers and
        definitions are pulled in.
      - A FIP is created as part of the default FVP build.
      - A BL3-3 image(e.g. UEFI) must be provided.
      
      Change-Id: Ib73feee181df2dba68bf6abec115a83cfa5e26cb
      f58ad36f
    • James Morrissey's avatar
      Implement load_image in terms of IO abstraction · 9d72b4ea
      James Morrissey authored
      The modified implementation uses the IO abstraction rather than
      making direct semi-hosting calls.  The semi-hosting driver is now
      registered for the FVP platform during initialisation of each boot
      stage where it is used.  Additionally, the FVP platform includes a
      straightforward implementation of 'plat_get_image_source' which
      provides a generic means for the 'load_image' function to determine
      how to access the image data.
      
      Change-Id: Ia34457b471dbee990c7b3c79de7aee4ceea51aa6
      9d72b4ea
    • James Morrissey's avatar
      Add IO abstraction framework · f2f9bb5e
      James Morrissey authored
      This is intended primarily for use as a storage abstraction.
      It allows operations such as image-loading to be implemented
      in a platform-independent fashion.  Each platform registers
      a set of IO drivers during initialisation.  The platform must
      also provide a function that will return a device and a specifier
      that can be used to access specified content.
      
      Clients of the API will primarily use device and entity handles.
      The term "entity" is deliberately vague, to allow for different
      representations of content accessed using different types of
      specifier, but will often be interpreted as a "file" where the
      specifier will normally be its path.
      
      This commit builds, but is intended to be paired with a sample
      implementation of "load_image" using a semi-hosting driver on FVP.
      
      Change-Id: Id3b52f1c0eb9ce76b44b99fc6b6460803668cc86
      f2f9bb5e
    • James Morrissey's avatar
      Fix asserts appearing in release builds · 40a6f647
      James Morrissey authored
      Also fix warnings generated in release builds when assert code
      is absent.
      
      Change-Id: I45b9173d3888f9e93e98eb5b4fdc06727ba5cbf4
      40a6f647
    • Sandrine Bailleux's avatar
      Compile assembly files with -DDEBUG flag · df64a55b
      Sandrine Bailleux authored
      Change-Id: Ic6cf19402a0936161baf6b91bf75d64d95269a3c
      df64a55b
  4. 30 Jan, 2014 3 commits
    • Jon Medhurst's avatar
      Fix memmove and memcpy · c3810c83
      Jon Medhurst authored
      
      
      memmove needs to allow for overlapping memory regions and, together
      with memcpy, should return the input destination pointer, not the
      address after the end of the copied data.
      
      fixes ARM-software/tf-issues#18
      Signed-off-by: default avatarJon Medhurst <tixy@linaro.org>
      c3810c83
    • Ian Spray's avatar
      Allow style checking of tree and local changes · 36eaaf37
      Ian Spray authored
      New phony Makefile targets have been added:
      
       * checkcodebase
       * checkpatch
      
      The checkcodebase target will run a Linux style compliance check over the
      entire codebase, and honours the V=1 Makefile verbose setting and so will
      show more information when this is enabled.
      
      If the local directory is a git checkout then the output of git ls-files is
      used to decide which files to test for compliance.  If the local directory
      is not under git control then a 'best attempt' is made, but in this case it
      should be noted that it is possible for additional non-codebase files to be
      tested, so care should be taken when parsing the output.
      
      The checkpatch target will compare local changes against the git origin/master
      to allow issues with the last set of changes to be identified.  To override
      the change comparision location, set the BASE_COMMIT variable to your
      desired git branch.
      
      Both targets rely on the Linux source tree script checkpatch.pl to do the
      syntax checking, and expects that the CHECKPATCH environment variable points
      to the location of this file.
      
      Notes on the usage of these targets have been added to the contributing.md
      and docs/user-guide.md text files.
      
      Change-Id: I6d73c97af578e24a34226d972afadab9d30f1d8d
      36eaaf37
    • Joakim Bech's avatar
      Build system: Add cscope target to the Makefile · 35fab8c9
      Joakim Bech authored
      
      
      Fixes arm-software/tf-issues#15
      Signed-off-by: default avatarJoakim Bech <joakim.bech@linaro.org>
      35fab8c9
  5. 23 Jan, 2014 1 commit
    • Achin Gupta's avatar
      fvp: clear a pending cluster power off request · b2187ab9
      Achin Gupta authored
      The last CPU in a cluster is responsible for issuing the cluster power
      down request to the FVP power controller. If another CPU in this
      cluster wakes up before the last CPU enters WFI then the cluster power
      down request remains pending. If this request is not cancelled and the
      newly woken up CPU enters a simple WFI later, the power controller
      powers the cluster down. This leads to unpredictable behaviour.
      
      This patch fixes this issue by ensuring that the first CPU to wake up
      in a cluster writes its MPIDR to the power controller's PPONR. This
      cancels any pending cluster power down request.
      
      Change-Id: I7e787adfd6c9a0bd7308390e3309d46f35c01086
      b2187ab9