1. 08 Jul, 2016 7 commits
    • Sandrine Bailleux's avatar
      ARM CSS platforms: Map flash as execute-never by default · 91fad655
      Sandrine Bailleux authored
      On ARM CSS platforms, the whole flash used to be mapped as executable.
      This is not required, given that the flash is used to store the BL1
      and FIP images and:
      
       - The FIP is not executed in place, its images are copied to RAM
         and executed from there.
      
       - BL1 is executed in place from flash but only its code needs to be
         mapped as executable and platform code takes care of re-mapping
         BL1's read-only section as executable.
      
      Therefore, this patch now maps the flash as non-executable by default
      on these platforms. This increases security by restricting the
      executable region to what is strictly needed.
      
      This patch also adds some comments to clarify the memory mapping
      attributes on these platforms.
      
      Change-Id: I4db3c145508bea1f43fbe0f6dcd551e1aec1ecd3
      91fad655
    • Sandrine Bailleux's avatar
      Add some verbose traces in arm_setup_page_tables() · 84aaf559
      Sandrine Bailleux authored
      This patch adds some verbose traces in the arm_setup_page_tables()
      function to print the extents of the different memory regions it maps.
      
      Change-Id: Ia3ae1053e7ebf3579601ff9238b0e3791eb1e9e4
      84aaf559
    • Sandrine Bailleux's avatar
      ARM platforms: Add support for SEPARATE_CODE_AND_RODATA · 0af559a8
      Sandrine Bailleux authored
      The arm_setup_page_tables() function used to expect a single set of
      addresses defining the extents of the whole read-only section, code
      and read-only data mixed up, which was mapped as executable.
      
      This patch changes this behaviour. arm_setup_page_tables() now
      expects 2 separate sets of addresses:
      
       - the extents of the code section;
       - the extents of the read-only data section.
      
      The code is mapped as executable, whereas the data is mapped as
      execute-never. New #defines have been introduced to identify the
      extents of the code and the read-only data section. Given that
      all BL images except BL1 share the same memory layout and linker
      script structure, these #defines are common across these images.
      The slight memory layout differences in BL1 have been handled by
      providing values specific to BL1.
      
      Note that this patch also affects the Xilinx platform port, which
      uses the arm_setup_page_tables() function. It has been updated
      accordingly, such that the memory mappings on this platform are
      unchanged. This is achieved by passing null values as the extents
      of the read-only data section so that it is ignored. As a result,
      the whole read-only section is still mapped as executable.
      
      Fixes ARM-software/tf-issues#85
      
      Change-Id: I1f95865c53ce6e253a01286ff56e0aa1161abac5
      0af559a8
    • Sandrine Bailleux's avatar
      ARM platforms: Include BL2U's RO section in total memory region · b2c96eed
      Sandrine Bailleux authored
      This patch changes the base address of the "total" Trusted SRAM region
      seen by the BL2U image. It used to start just after BL2U's read-only
      section (i.e. at address BL2U_RO_LIMIT), it now starts from the base
      address of the BL2U image (i.e. at address BL2U_BASE). In other words,
      the "total" memory region now includes BL2U's own read-only section.
      
      This does not change BL2U's resulting memory mappings because the
      read-only section was already mapped in BL2U, it just wasn't part of
      this total memory region.
      
      Change-Id: I2da16ac842469023b41904eaa8d13ed678d65671
      b2c96eed
    • Sandrine Bailleux's avatar
      ARM platforms: Restrict mapping of Trusted ROM in BL1 · af419dd6
      Sandrine Bailleux authored
      At the moment, on ARM platforms, BL1 maps everything from BL1_RO_BASE
      to BL1_RO_LIMIT. BL1_RO_LIMIT, as defined in the porting guide, is
      the maximum address in Trusted ROM that BL1's actual content _can_
      occupy. The actual portion of ROM occupied by BL1 can be less than
      that, which means that BL1 might map more Trusted ROM than it actually
      needs to.
      
      This patch changes BL1's memory mappings on ARM platforms to restrict
      the region of Trusted ROM it maps. It uses the symbols exported by
      the linker to figure out the actual extents of BL1's ROM footprint.
      
      This change increases the number of page tables used on FVP by 1.
      On FVP, we used to map the whole Trusted ROM. As it is 64MB large,
      we used to map it as blocks of 2MB using level-2 translation table
      entries. We now need a finer-grained mapping, which requires an
      additional level-3 translation table.
      
      On ARM CSS platforms, the number of translation tables is unchanged.
      The BL1 image resides in flash at address 0x0BEC0000. This address is
      not aligned on a 2MB-boundary so a level-3 translation table was
      already required to map this memory.
      
      Change-Id: I317a93fd99c40e70d0f13cc3d7a570f05c6c61eb
      af419dd6
    • Sandrine Bailleux's avatar
      Introduce utils.h header file · ed81f3eb
      Sandrine Bailleux authored
      This patch introduces a new header file: include/lib/utils.h.
      Its purpose is to provide generic macros and helper functions that
      are independent of any BL image, architecture, platform and even
      not specific to Trusted Firmware.
      
      For now, it contains only 2 macros: ARRAY_SIZE() and
      IS_POWER_OF_TWO(). These were previously defined in bl_common.h and
      xlat_tables.c respectively.
      
      bl_common.h includes utils.h to retain compatibility for platforms
      that relied on bl_common.h for the ARRAY_SIZE() macro. Upstream
      platform ports that use this macro have been updated to include
      utils.h.
      
      Change-Id: I960450f54134f25d1710bfbdc4184f12c049a9a9
      ed81f3eb
    • Sandrine Bailleux's avatar
      Introduce arm_setup_page_tables() function · b5fa6563
      Sandrine Bailleux authored
      This patch introduces the arm_setup_page_tables() function to
      set up page tables on ARM platforms. It replaces the
      arm_configure_mmu_elx() functions and does the same thing except
      that it doesn't enable the MMU at the end. The idea is to reduce
      the amount of per-EL code that is generated by the C preprocessor
      by splitting the memory regions definitions and page tables creation
      (which is generic) from the MMU enablement (which is the only per-EL
      configuration).
      
      As a consequence, the call to the enable_mmu_elx() function has been
      moved up into the plat_arch_setup() hook. Any other ARM standard
      platforms that use the functions `arm_configure_mmu_elx()` must be
      updated.
      
      Change-Id: I6f12a20ce4e5187b3849a8574aac841a136de83d
      b5fa6563
  2. 16 Jun, 2016 1 commit
    • Soby Mathew's avatar
      Enable PSCI_STAT_COUNT/RESIDENCY for ARM standard platforms · d75f2578
      Soby Mathew authored
      This patch enables optional PSCI functions `PSCI_STAT_COUNT` and
      `PSCI_STAT_RESIDENCY` for ARM standard platforms. The optional platform
      API 'translate_power_state_by_mpidr()' is implemented for the Juno
      platform. 'validate_power_state()' on Juno downgrades PSCI CPU_SUSPEND
      requests for the system power level to the cluster power level.
      Hence, it is not suitable for validating the 'power_state' parameter
      passed in a PSCI_STAT_COUNT/RESIDENCY call.
      
      Change-Id: I9548322676fa468d22912392f2325c2a9f96e4d2
      d75f2578
  3. 15 Jun, 2016 1 commit
  4. 09 Jun, 2016 1 commit
  5. 08 Jun, 2016 1 commit
    • David Wang's avatar
      CSS: Add support to wake up the core from wfi in GICv3 · 68b105ae
      David Wang authored
      In GICv3 mode, the non secure group1 interrupts are signalled via the
      FIQ line in EL3. To support waking up from CPU_SUSPEND to standby on
      these systems, EL3 should route FIQ to EL3 temporarily before wfi and
      restore the original setting after resume. This patch makes this change
      for the CSS platforms in the `css_cpu_standby` psci pm ops hook.
      
      Change-Id: Ibf3295d16e2f08da490847c1457bc839e1bac144
      68b105ae
  6. 07 Jun, 2016 1 commit
  7. 03 Jun, 2016 2 commits
    • Sandrine Bailleux's avatar
      Fix a syntax error · b4127c1f
      Sandrine Bailleux authored
      Building TF with ERROR_DEPRECATED=1 fails because of a missing
      semi-column. This patch fixes this syntax error.
      
      Change-Id: I98515840ce74245b0a0215805f85c8e399094f68
      b4127c1f
    • Antonio Nino Diaz's avatar
      Implement plat_set_nv_ctr for FVP platforms · fe7de035
      Antonio Nino Diaz authored
      Replaced placeholder implementation of plat_set_nv_ctr for FVP
      platforms by a working one.
      
      On FVP, the mapping of region DEVICE2 has been changed from RO to RW
      to prevent exceptions when writing to the NV counter, which is
      contained in this region.
      
      Change-Id: I56a49631432ce13905572378cbdf106f69c82f57
      fe7de035
  8. 01 Jun, 2016 1 commit
    • Yatharth Kochar's avatar
      Add support for ARM Cortex-A73 MPCore Processor · 2460ac18
      Yatharth Kochar authored
      This patch adds ARM Cortex-A73 MPCore Processor support
      in the CPU specific operations framework. It also includes
      this support for the Base FVP port.
      
      Change-Id: I0e26b594f2ec1d28eb815db9810c682e3885716d
      2460ac18
  9. 29 May, 2016 2 commits
  10. 27 May, 2016 4 commits
    • Caesar Wang's avatar
      rockchip: support system off function for rk3399 · 86c253e4
      Caesar Wang authored
      if define power off gpio, BL31 will do system power off through
      gpio control.
      86c253e4
    • Caesar Wang's avatar
      rockchip: support reset SoC through gpio for rk3399 · 8867299f
      Caesar Wang authored
      If define a reset gpio, BL31 will use gpio to reset SOC,
      otherwise use CRU reset.
      8867299f
    • Caesar Wang's avatar
      rockchip: add reset or power off gpio configuration for rk3399 · 68ff45f4
      Caesar Wang authored
      We add plat parameter structs to support BL2 to pass variable-length,
      variable-type parameters to BL31. The parameters are structured as a
      link list. During bl31 setup time, we travse the list to process each
      parameter. throuth this way, we can get the reset or power off gpio
      parameter, and do hardware control in BL31. This structure also can
      pass other parameter to BL31 in future.
      68ff45f4
    • Caesar Wang's avatar
      rockchip: support rk3399 gpio driver · 9901dcf6
      Caesar Wang authored
      There are 5 groups of GPIO (GPIO0~GPIO4), totally have 122 GPIOs
      on rk3399 platform.
      The pull direction(pullup or pulldown) for all of GPIOs are
      software-programmable.
      At the moment, we add the gpio basic driver since reset or power off
      the devices from gpio configuration for BL31.
      9901dcf6
  11. 25 May, 2016 3 commits
  12. 24 May, 2016 6 commits
  13. 20 May, 2016 5 commits
  14. 12 May, 2016 2 commits
  15. 05 May, 2016 1 commit
  16. 04 May, 2016 2 commits