1. 07 Apr, 2016 4 commits
  2. 06 Apr, 2016 1 commit
  3. 05 Apr, 2016 1 commit
    • Tony Xie's avatar
      Support for Rockchip's family SoCs · 6fba6e04
      Tony Xie authored
      
      
      This patch adds to support the RK3368 and RK3399 SoCs.
      
      RK3368/RK3399 is one of the Rockchip family SoCs, which is an
      multi-cores ARM SoCs.
      
      This patch adds support to boot the Trusted Firmware on RK3368/RK3399
      SoCs, and adds support to boot secondary CPUs, enter/exit core
      power states for all CPUs in the slow/fast clusters.
      
      This is the initial version for rockchip SoCs.(RK3368/RK3399 and next SoCs)
      * Support arm gicv2 & gicv3.
      * Boot up multi-cores CPU.
      * Add generic CPU helper functions.
      * Support suspend/resume.
      * Add system_off & system_reset implementation.
      * Add delay timer platform implementation.
      * Support the new porting interface for the PSCI implementation.
      
      Change-Id: I704bb3532d65e8c70dbd99b512c5e6e440ea6f43
      Signed-off-by: default avatarTony Xie <tony.xie@rock-chips.com>
      Signed-off-by: default avatarCaesar Wang <wxt@rock-chips.com>
      Signed-off-by: default avatarShengfei xu <xsf@rock-chips.com>
      6fba6e04
  4. 04 Apr, 2016 1 commit
  5. 01 Apr, 2016 14 commits
    • Soby Mathew's avatar
      Modify return type of plat_get_ns_image_entrypoint() · a0ad6019
      Soby Mathew authored
      This patch modifies the return type of the platform API
      `plat_get_ns_image_entrypoint()` from `unsigned long` to
      `uintptr_t` in accordance with the coding guidelines.
      
      Change-Id: Icb4510ca98b706aa4d535fe27e203394184fb4ca
      a0ad6019
    • danh-arm's avatar
      Merge pull request #577 from antonio-nino-diaz-arm/an/remove-xlat-helpers · c2916417
      danh-arm authored
      Remove xlat_helpers.c
      c2916417
    • danh-arm's avatar
      Merge pull request #576 from mtk09422/bl31-security · f5017125
      danh-arm authored
      mt8173: Protect BL31 memory from non-secure access
      f5017125
    • Evan Lloyd's avatar
      Make:Improve version string generation portability · 414ab853
      Evan Lloyd authored
      To get round problems encountered when building in a DOS build
      environment the generation of the .o file containing build identifier
      strings is modified.
      The problems encounterred were:
         1. DOS echo doesn't strip ' characters from the output text.
         2. git is not available from CMD.EXE so the BUILD_STRING value needs
            some other origin.
      
      A BUILD_STRING value of "development build" is used for now.
      
      MAKE_BUILD_STRINGS is used to customise build string generation in a DOS
      environment. This variable is not defined in the UNIX build environment
      make file helper, and so the existing build string generation behaviour
      is retained in these build environments.
      
      NOTE: This commit completes a cumulative series aimed at improving
            build portability across development environments.
            This enables the build to run on several new build environments,
            if the relevant tools are available.
            At this point the build is tested on Windows 7 Enterprise SP1,
            using CMD.EXE, Cygwin and Msys (MinGW),as well as a native
            Linux envionment".  The Windows platform builds used
            aarch64-none-elf-gcc.exe 4.9.1.  CMD.EXE and Msys used Gnu
            Make 3.81, cygwin used Gnu Make 4.1.
      
      CAVEAT: The cert_create tool build is not tested on the Windows
              platforms (openssl-for-windows has a GPL license).
      
      Change-Id: Iaa4fc89dbe2a9ebae87e2600c9eef10a6af30251
      414ab853
    • Evan Lloyd's avatar
      Make:Improve directory generation portability. · 51b27702
      Evan Lloyd authored
      Because of command differences in some build environments the "inline"
      method of generating the build directory structure is not portable.
      (e.g. in DOS environments the mkdir shell command fails if a directory
      already exists, whereas in UNIX environments it succeeds.)
      
      To improve portability we generate the directories needed using make,
      but use the "order-only prerequisites" feature of make to prevent writes
      of files into the directories generating re-builds, as suggested in the
      GNU make Manual (Version 4.1 September 2014).
      
      Change-Id: Ic9af475831063c7fe6f8bccffef184d79e799419
      51b27702
    • Evan Lloyd's avatar
      Make:Allow for extension in tool names. · 42a45b51
      Evan Lloyd authored
      In some build environments executable programs have a specific file
      extension.  The value of BIN_EXT is appended to the relevant tool file
      names to allow for this.
      The value of BIN_EXT is set, where appropriate, by the build environment
      specific make helper (to .exe for Windows build environments).
      
      .gitignore is updated to hide the new (.exe) files.
      
      Change-Id: Icc32f64b750e425265075ad4e0dea18129640b86
      42a45b51
    • Evan Lloyd's avatar
      Make:Use "simply expanded" make variables. · b169f6a9
      Evan Lloyd authored
      Replace some "recursively expanded" make variables with "simply
      expanded" variables (i.e. replace = with :=). This has no functional
      impact but is more consistent and theoretically more efficient.
      
      Change-Id: Iaf33d7c8ad48464ae0d39923515d1e7f230c95c1
      b169f6a9
    • Evan Lloyd's avatar
      Build:Replace soft links with file copy. · bb5a762c
      Evan Lloyd authored
      Some build environments do not support symbolic links. This patch
      removes the symlinks previously used to build fip_create and instead
      copies the relevant header files.
      The original motivation for using symlinks was to avoid Trusted Firmware
      library headers conflicting with headers in the compiler standard
      include path. Copying the header files instead has the same effect.
      
      Like other build artefacts, the copied files are listed in .gitignore.
      
      The distclean targets have also been updated to remove the copies.
      
      Change-Id: Ie8b67bcb133f7f1d660ae93b857950aa15e42b1e
      bb5a762c
    • Evan Lloyd's avatar
      Make:Use environment variables for OS detection. · e7f54dbd
      Evan Lloyd authored
      Add make helper files to select the appropriate settings for the build
      environment. Selection is made in make_helpers/build_env.mk, which
      selects other files to include using generic build environment settings.
      The Trusted Firmware Makefile and supporting tool Makefiles are updated
      to include build_env.mk instead of unix.mk.
      
      NOTE: This change does not fully enable builds in other build
            environments. It facilitates this without compromising the
            existing build environments.
      
      Change-Id: Ic4064ffe6ce158bbd16d7cc9f27dd4655a3580f6
      e7f54dbd
    • Evan Lloyd's avatar
      Make:Diagnostic fail if no eval · 1670d9df
      Evan Lloyd authored
      To help diagnose make problems, we report an error if the make
      program used does not provide the $(eval ) make functionality.
      This will detect early versions of GNU make and other make programs.
      
      Change-Id: I0ebb0f63694cf0b04eaeb7ea1e9e172fb9770ce0
      1670d9df
    • Evan Lloyd's avatar
      Make:Make shell commands more portable · f1477d4a
      Evan Lloyd authored
      Macros are inserted to replace direct invocations of commands that are
      problematic on some build environments. (e.g. Some environments expect
      \ in paths instead of /.)
      The changes take into account mismatched command mappings across
      environments.
      The new helper file unix.mk retains existing makefile behaviour on unix
      like build environments by providing the following macro definitions:
        SHELL_COPY        cp -f
        SHELL_COPY_TREE   cp -rf
        SHELL_DELETE      rm -f
        SHELL_DELETE_ALL  rm -rf
        MAKE_PREREQ_DIR   mkdir -p  (As make target)
        SHELL_REMOVE_DIR  rm -rf
      
      Change-Id: I1b5ca5e1208e78230b15284c4af00c1c006cffcb
      f1477d4a
    • Evan Lloyd's avatar
      Make:Add realclean to .PHONY list · aeb25668
      Evan Lloyd authored
      Update the cert_create Makefile to list realclean as .PHONY
      (like clean)
      
      Change-Id: I9dc8a61a11574a044372e0952b5b12b74e133747
      aeb25668
    • Evan Lloyd's avatar
      Make:Remove calls to shell from makefiles. · 231c1470
      Evan Lloyd authored
      As an initial stage of making Trusted Firmware build environment more
      portable, we remove most uses of the $(shell ) function and replace them
      with more portable make function based solutions.
      
      Note that the setting of BUILD_STRING still uses $(shell ) since it's
      not possible to reimplement this as a make function. Avoiding invocation
      of this on incompatible host platforms will be implemented separately.
      
      Change-Id: I768e2f9a265c78814a4adf2edee4cc46cda0f5b8
      231c1470
    • Jimmy Huang's avatar
      mt8173: Protect BL31 memory from non-secure access · a1e0c01f
      Jimmy Huang authored
      
      
      BL31 usually handles confidential stuff, its memory must not be
      read/write accessible from non-secure world. This patch protects
      the BL31 memory range from non-secure read/write access.
      
      Change-Id: I442fb92b667bb2f9a62d471a90508b1ba4489911
      Signed-off-by: default avatarJimmy Huang <jimmy.huang@mediatek.com>
      a1e0c01f
  6. 31 Mar, 2016 9 commits
    • Vikram Kanigiri's avatar
      Add support to program a DMC-500 TZC on ARM platforms · 618f0fee
      Vikram Kanigiri authored
      This patch adds support to program TrustZone protection on ARM platforms that
      implement a DMC-500. arm_dmc_500.c has been added which implements the
      arm_dmc_tzc_setup() function. This function relies on constants related to TZC
      programming that are exported by each platform to program TrustZone protection
      using the DMC-500 TrustZone controller driver. This function should be called
      from plat_arm_security_setup() which is implemented by each platform.
      
      Change-Id: I5400bdee9e4b29155fd11296a40693d512312f29
      618f0fee
    • Vikram Kanigiri's avatar
      Add ARM CoreLink DMC-500 driver to program TrustZone protection · f568604b
      Vikram Kanigiri authored
      The ARM CoreLink DMC-500 Dynamic Memory Controller provides the
      programmable address region control of a TrustZone Address Space
      Controller. The access permissions can be defined for eight
      separate address regions plus a background or default region.
      This patch adds a DMC-500 driver to define address regions and
      program their access permissions as per ARM 100131_0000_02_en
      (r0p0) document.
      
      Change-Id: I9d33120f9480d742bcf7937e4b876f9d40c727e6
      f568604b
    • Soby Mathew's avatar
      Migrate ARM standard platforms to the refactored TZC driver · 57f78201
      Soby Mathew authored
      This patch migrates ARM Standard platforms to the refactored TZC driver.
      
      Change-Id: I2a2f60b645f73e14d8f416740c4551cec87cb1fb
      57f78201
    • Vikram Kanigiri's avatar
      Refactor the ARM CoreLink TZC-400 driver · 6b477063
      Vikram Kanigiri authored
      TrustZone protection can be programmed by both memory and TrustZone
      address space controllers like DMC-500 and TZC-400. These peripherals
      share a similar programmer's view.
      
      Furthermore, it is possible to have multiple instances of each type of
      peripheral in a system resulting in multiple programmer's views.
      For example, on the TZC-400 each of the 4 filter units can be enabled
      or disabled for each region. There is a single set of registers to
      program the region attributes. On the DMC-500, each filter unit has its
      own programmer's view resulting in multiple sets of registers to program
      the region attributes. The layout of the registers is almost the same
      across all these variations.
      
      Hence the existing driver in `tzc400\tzc400.c` is refactored into the
      new driver in `tzc\tzc400.c`. The previous driver file is still maintained
      for compatibility and it is now deprecated.
      
      Change-Id: Ieabd0528e244582875bc7e65029a00517671216d
      6b477063
    • Antonio Nino Diaz's avatar
      Remove xlat_helpers.c · f33fbb2f
      Antonio Nino Diaz authored
      lib/aarch64/xlat_helpers.c defines helper functions to build
      translation descriptors, but no common code or upstream platform
      port uses them. As the rest of the xlat_tables code evolves, there
      may be conflicts with these helpers, therefore this code should be
      removed.
      
      Change-Id: I9f5be99720f929264818af33db8dada785368711
      f33fbb2f
    • Juan Castillo's avatar
      TBB: add non-volatile counter support · 48279d52
      Juan Castillo authored
      This patch adds support for non-volatile counter authentication to
      the Authentication Module. This method consists of matching the
      counter values provided in the certificates with the ones stored
      in the platform. If the value from the certificate is lower than
      the platform, the boot process is aborted. This mechanism protects
      the system against rollback.
      
      The TBBR CoT has been updated to include this method as part of the
      authentication process. Two counters are used: one for the trusted
      world images and another for the non trusted world images.
      
      ** NEW PLATFORM APIs (mandatory when TBB is enabled) **
      
      int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr);
      
          This API returns the non-volatile counter value stored
          in the platform. The cookie in the first argument may be
          used to select the counter in case the platform provides
          more than one (i.e. TBSA compliant platforms must provide
          trusted and non-trusted counters). This cookie is specified
          in the CoT.
      
      int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr);
      
          This API sets a new counter value. The cookie may be
          used to select the counter to be updated.
      
      An implementation of these new APIs for ARM platforms is also
      provided. The values are obtained from the Trusted Non-Volatile
      Counters peripheral. The cookie is used to pass the extension OID.
      This OID may be interpreted by the platform to know which counter
      must return. On Juno, The trusted and non-trusted counter values
      have been tied to 31 and 223, respectively, and cannot be modified.
      
      ** IMPORTANT **
      
      THIS PATCH BREAKS THE BUILD WHEN TRUSTED_BOARD_BOOT IS ENABLED. THE
      NEW PLATFORM APIs INTRODUCED IN THIS PATCH MUST BE IMPLEMENTED IN
      ORDER TO SUCCESSFULLY BUILD TF.
      
      Change-Id: Ic943b76b25f2a37f490eaaab6d87b4a8b3cbc89a
      48279d52
    • danh-arm's avatar
      Merge pull request #570 from davwan01/bl31-in-dram · 4c51badf
      danh-arm authored
      Add support to load BL31 in DRAM
      4c51badf
    • danh-arm's avatar
      Merge pull request #554 from ljerry/tf_issue_368_ter · aaa416a4
      danh-arm authored
      Enable asynchronous abort exceptions during boot
      aaa416a4
    • David Wang's avatar
      Add support to load BL31 in DRAM · 4518dd9a
      David Wang authored
      This patch adds an option to the ARM common platforms to load BL31 in the
      TZC secured DRAM instead of the default secure SRAM.
      
      To enable this feature, set `ARM_BL31_IN_DRAM` to 1 in build options.
      If TSP is present, then setting this option also sets the TSP location
      to DRAM and ignores the `ARM_TSP_RAM_LOCATION` build flag.
      
      To use this feature, BL2 platform code must map in the DRAM used by
      BL31. The macro ARM_MAP_BL31_SEC_DRAM is provided for this purpose.
      Currently, only the FVP BL2 platform code maps in this DRAM.
      
      Change-Id: If5f7cc9deb569cfe68353a174d4caa48acd78d67
      4518dd9a
  7. 30 Mar, 2016 4 commits
    • Gerald Lejeune's avatar
      Add ISR_EL1 to crash report · 6b836cf9
      Gerald Lejeune authored
      
      
      Bring ISR bits definition as a mnemonic for troublershooters as well.
      Signed-off-by: default avatarGerald Lejeune <gerald.lejeune@st.com>
      6b836cf9
    • Gerald Lejeune's avatar
      Remove DAIF bits handling macros · 4ca57535
      Gerald Lejeune authored
      
      
      These macros are unused and redundant with other CPU system registers
      functions.
      
      Moreover enable_serror() function implementation may not reach its purpose
      because it does not handle the value of SCR_EL3.EA.
      Signed-off-by: default avatarGerald Lejeune <gerald.lejeune@st.com>
      4ca57535
    • Gerald Lejeune's avatar
      Enable asynchronous abort exceptions during boot · adb4fcfb
      Gerald Lejeune authored
      
      
      Asynchronous abort exceptions generated by the platform during cold boot are
      not taken in EL3 unless SCR_EL3.EA is set.
      
      Therefore EA bit is set along with RES1 bits in early BL1 and BL31 architecture
      initialisation. Further write accesses to SCR_EL3 preserve these bits during
      cold boot.
      
      A build flag controls SCR_EL3.EA value to keep asynchronous abort exceptions
      being trapped by EL3 after cold boot or not.
      
      For further reference SError Interrupts are also known as asynchronous external
      aborts.
      
      On Cortex-A53 revisions below r0p2, asynchronous abort exceptions are taken in
      EL3 whatever the SCR_EL3.EA value is.
      
      Fixes arm-software/tf-issues#368
      Signed-off-by: default avatarGerald Lejeune <gerald.lejeune@st.com>
      adb4fcfb
    • Juan Castillo's avatar
      cert_create: add non-volatile counter support · 96103d5a
      Juan Castillo authored
      This patch adds non-volatile counter support to the Certificate
      Generation tool. The TBBR Chain of Trust definition in the tool
      has been extended to include the counters as certificate extensions.
      The counter values can be specified in the command line.
      
      The following default counter values are specified in the build
      system:
      
        * Trusted FW Non-Volatile counter = 0
        * Non-Trusted FW Non-Volatile counter = 0
      
      These values can be overridden by the platform at build time.
      
      Change-Id: I7ea10ee78d72748d181df4ee78a7169b3ef2720c
      96103d5a
  8. 29 Mar, 2016 3 commits
  9. 23 Mar, 2016 1 commit
    • Scott Branden's avatar
      Add support for %z in tf_print() · bda77010
      Scott Branden authored
      Add support for %z format specific in tf_printf() to support
      printing data of type size_t
      
      Fixes ARM-software/tf-issues#380
      
      Signed-off-by Scott Branden <scott.branden@broadcom.com>
      bda77010
  10. 22 Mar, 2016 2 commits
    • Sandrine Bailleux's avatar
      Simplify Firmware Design document · eaefdecd
      Sandrine Bailleux authored
      The Firmware Design document is meant to provide a general overview
      of the Trusted Firmware code. Although it is useful to provide some
      guidance around the responsibilities of the platform layer, it should
      not provide too much platform specific implementation details. Right
      now, some sections are too tied to the implementation on ARM
      platforms. This makes the Firmware Design document harder to digest.
      
      This patch simplifies this aspect of the Firmware Design document.
      The sections relating the platform initialisations performed by the
      different BL stages have been simplified and the extra details about
      the ARM platforms implementation have been moved to the Porting Guide
      when appropriate.
      
      This patch also provides various documentation fixes and additions
      in the Firmware Design and Platform Porting Guide. In particular:
      
       - Update list of SMCs supported by BL1.
      
       - Remove MMU setup from architectural inits, as it is actually
         performed by platform code.
      
       - Similarly, move runtime services initialisation, BL2 image
         initialization and BL33 execution out of the platform
         initialisation paragraph.
      
       - List SError interrupt unmasking as part of BL1 architectural
         initialization.
      
       - Mention Trusted Watchdog enabling in BL1 on ARM platforms.
      
       - Fix order of steps in "BL2 image load and execution" section.
      
       - Refresh section about GICv3/GICv2 drivers initialisation on
         ARM platforms.
      
      Change-Id: I32113c4ffdc26687042629cd8bbdbb34d91e3c14
      eaefdecd
    • Soby Mathew's avatar
      Make cpu operations warning a VERBOSE print · 1319e7b1
      Soby Mathew authored
      The assembler helper function `print_revision_warning` is used when a
      CPU specific operation is enabled in the debug build (e.g. an errata
      workaround) but doesn't apply to the executing CPU's revision/part number.
      However, in some cases the system integrator may want a single binary to
      support multiple platforms with different IP versions, only some of which
      contain a specific erratum.  In this case, the warning can be emitted very
      frequently when CPUs are being powered on/off.
      
      This patch modifies this warning print behaviour so that it is emitted only
      when LOG_LEVEL >= LOG_LEVEL_VERBOSE. The `debug.h` header file now contains
      guard macros so that it can be included in assembly code.
      
      Change-Id: Ic6e7a07f128dcdb8498a5bfdae920a8feeea1345
      1319e7b1