- 25 Jun, 2015 2 commits
-
-
Juan Castillo authored
This patch extends the platform port by adding an API that returns either the Root of Trust public key (ROTPK) or its hash. This is usually stored in ROM or eFUSE memory. The ROTPK returned must be encoded in DER format according to the following ASN.1 structure: SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING } In case the platform returns a hash of the key: DigestInfo ::= SEQUENCE { digestAlgorithm AlgorithmIdentifier, keyDigest OCTET STRING } An implementation for ARM development platforms is provided in this patch. When TBB is enabled, the ROTPK hash location must be specified using the build option 'ARM_ROTPK_LOCATION'. Available options are: - 'regs' : return the ROTPK hash stored in the Trusted root-key storage registers. - 'devel_rsa' : return a ROTPK hash embedded in the BL1 and BL2 binaries. This hash has been obtained from the development RSA public key located in 'plat/arm/board/common/rotpk'. On FVP, the number of MMU tables has been increased to map and access the ROTPK registers. A new file 'board_common.mk' has been added to improve code sharing in the ARM develelopment platforms. Change-Id: Ib25862e5507d1438da10773e62bd338da8f360bf
-
Juan Castillo authored
The Trusted firmware code identifies BL images by name. The platform port defines a name for each image e.g. the IO framework uses this mechanism in the platform function plat_get_image_source(). For a given image name, it returns the handle to the image file which involves comparing images names. In addition, if the image is packaged in a FIP, a name comparison is required to find the UUID for the image. This method is not optimal. This patch changes the interface between the generic and platform code with regard to identifying images. The platform port must now allocate a unique number (ID) for every image. The generic code will use the image ID instead of the name to access its attributes. As a result, the plat_get_image_source() function now takes an image ID as an input parameter. The organisation of data structures within the IO framework has been rationalised to use an image ID as an index into an array which contains attributes of the image such as UUID and name. This prevents the name comparisons. A new type 'io_uuid_spec_t' has been introduced in the IO framework to specify images identified by UUID (i.e. when the image is contained in a FIP file). There is no longer need to maintain a look-up table [iname_name --> uuid] in the io_fip driver code. Because image names are no longer mandatory in the platform port, the debug messages in the generic code will show the image identifier instead of the file name. The platforms that support semihosting to load images (i.e. FVP) must provide the file names as definitions private to the platform. The ARM platform ports and documentation have been updated accordingly. All ARM platforms reuse the image IDs defined in the platform common code. These IDs will be used to access other attributes of an image in subsequent patches. IMPORTANT: applying this patch breaks compatibility for platforms that use TF BL1 or BL2 images or the image loading code. The platform port must be updated to match the new interface. Change-Id: I9c1b04cb1a0684c6ee65dee66146dd6731751ea5
-
- 04 Jun, 2015 2 commits
-
-
Sandrine Bailleux authored
The attempt to run the CPU reset code as soon as possible after reset results in highly complex conditional code relating to the RESET_TO_BL31 option. This patch relaxes this requirement a little. In the BL1, BL3-1 and PSCI entrypoints code, the sequence of operations is now as follows: 1) Detect whether it is a cold or warm boot; 2) For cold boot, detect whether it is the primary or a secondary CPU. This is needed to handle multiple CPUs entering cold reset simultaneously; 3) Run the CPU init code. This patch also abstracts the EL3 registers initialisation done by the BL1, BL3-1 and PSCI entrypoints into common code. This improves code re-use and consolidates the code flows for different types of systems. NOTE: THE FUNCTION plat_secondary_cold_boot() IS NOW EXPECTED TO NEVER RETURN. THIS PATCH FORCES PLATFORM PORTS THAT RELIED ON THE FORMER RETRY LOOP AT THE CALL SITE TO MODIFY THEIR IMPLEMENTATION. OTHERWISE, SECONDARY CPUS WILL PANIC. Change-Id: If5ecd74d75bee700b1bd718d23d7556b8f863546
-
Sandrine Bailleux authored
This patch removes the FIRST_RESET_HANDLER_CALL build flag and its use in ARM development platforms. If a different reset handling behavior is required between the first and subsequent invocations of the reset handling code, this should be detected at runtime. On Juno, the platform reset handler is now always compiled in. This means it is now executed twice on the cold boot path, first in BL1 then in BL3-1, and it has the same behavior in both cases. It is also executed twice on the warm boot path, first in BL1 then in the PSCI entrypoint code. Also update the documentation to reflect this change. NOTE: THIS PATCH MAY FORCE PLATFORM PORTS THAT USE THE FIRST_RESET_HANDLER_CALL BUILD OPTION TO FIX THEIR RESET HANDLER. Change-Id: Ie5c17dbbd0932f5fa3b446efc6e590798a5beae2
-
- 28 Apr, 2015 1 commit
-
-
Dan Handley authored
Update the User Guide, Porting Guide and Firmware Design documents to align them with the recent changes made to the FVP and Juno platform ports. Also fix some other historical inaccuracies. Change-Id: I37aba4805f9044b1a047996d3e396c75f4a09176
-
- 12 Feb, 2015 1 commit
-
-
Soby Mathew authored
This patch removes the plat_get_max_afflvl() platform API and instead replaces it with a platform macro PLATFORM_MAX_AFFLVL. This is done because the maximum affinity level for a platform is a static value and it is more efficient for it to be defined as a platform macro. NOTE: PLATFORM PORTS NEED TO BE UPDATED ON MERGE OF THIS COMMIT Fixes ARM-Software/tf-issues#265 Change-Id: I31d89b30c2ccda30d28271154d869060d50df7bf
-
- 03 Feb, 2015 1 commit
-
-
Achin Gupta authored
This patch updates the user-guide.md with the various build options related to Trusted Board Boot and steps to build a FIP image which includes this support. It also adds a trusted-board-boot.md which describes the scope and design of this feature. Change-Id: Ifb421268ebf7e06a135684c8ebb04c94835ce061
-
- 02 Feb, 2015 1 commit
-
-
Sandrine Bailleux authored
Change-Id: Iaf9d6305edc478d39cf1b37c8a70ccdf723e8ef9
-
- 30 Jan, 2015 1 commit
-
-
Soby Mathew authored
The CPU specific reset handlers no longer have the freedom of using any general purpose register because it is being invoked by the BL3-1 entry point in addition to BL1. The Cortex-A57 CPU specific reset handler was overwriting x20 register which was being used by the BL3-1 entry point to save the entry point information. This patch fixes this bug by reworking the register allocation in the Cortex-A57 reset handler to avoid using x20. The patch also explicitly mentions the register clobber list for each of the callee functions invoked by the reset handler Change-Id: I28fcff8e742aeed883eaec8f6c4ee2bd3fce30df
-
- 28 Jan, 2015 1 commit
-
-
Juan Castillo authored
This patch adds the function plat_match_rotpk() to the platform porting layer to provide a Root Of Trust Public key (ROTPK) verification mechanism. This function is called during the Trusted Board Boot process and receives a supposed valid copy of the ROTPK as a parameter, usually obtained from an external source (for instance, a certificate). It returns 0 (success) if that key matches the actual ROTPK stored in the system or any other value otherwise. The mechanism to access the actual ROTPK stored in the system is platform specific and should be implemented as part of this function. The format of the ROTPK is also platform specific (to save memory, some platforms might store a hash of the key instead of the whole key). TRUSTED_BOARD_BOOT build option has been added to allow the user to enable the Trusted Board Boot features. The implementation of the plat_match_rotpk() funtion is mandatory when Trusted Board Boot is enabled. For development purposes, FVP and Juno ports provide a dummy function that returns always success (valid key). A safe trusted boot implementation should provide a proper matching function. Documentation updated accordingly. Change-Id: I74ff12bc2b041556c48533375527d9e8c035b8c3
-
- 26 Jan, 2015 1 commit
-
-
Yatharth Kochar authored
This patch adds support to call the reset_handler() function in BL3-1 in the cold and warm boot paths when another Boot ROM reset_handler() has already run. This means the BL1 and BL3-1 versions of the CPU and platform specific reset handlers may execute different code to each other. This enables a developer to perform additional actions or undo actions already performed during the first call of the reset handlers e.g. apply additional errata workarounds. Typically, the reset handler will be first called from the BL1 Boot ROM. Any additional functionality can be added to the reset handler when it is called from BL3-1 resident in RW memory. The constant FIRST_RESET_HANDLER_CALL is used to identify whether this is the first version of the reset handler code to be executed or an overridden version of the code. The Cortex-A57 errata workarounds are applied only if they have not already been applied. Fixes ARM-software/tf-issue#275 Change-Id: Id295f106e4fda23d6736debdade2ac7f2a9a9053
-
- 23 Jan, 2015 2 commits
-
-
Soby Mathew authored
This patch allows the platform to validate the power_state and entrypoint information from the normal world early on in PSCI calls so that we can return the error safely. New optional pm_ops hooks `validate_power_state` and `validate_ns_entrypoint` are introduced to do this. As a result of these changes, all the other pm_ops handlers except the PSCI_ON handler are expected to be successful. Also, the PSCI implementation will now assert if a PSCI API is invoked without the corresponding pm_ops handler being registered by the platform. NOTE : PLATFORM PORTS WILL BREAK ON MERGE OF THIS COMMIT. The pm hooks have 2 additional optional callbacks and the return type of the other hooks have changed. Fixes ARM-Software/tf-issues#229 Change-Id: I036bc0cff2349187c7b8b687b9ee0620aa7e24dc
-
Soby Mathew authored
This patch removes the non-secure entry point information being passed to the platform pm_ops which is not needed. Also, it removes the `mpidr` parameter for platform pm hooks which are meant to do power management operations only on the current cpu. NOTE: PLATFORM PORTS MUST BE UPDATED AFTER MERGING THIS COMMIT. Change-Id: If632376a990b7f3b355f910e78771884bf6b12e7
-
- 22 Jan, 2015 1 commit
-
-
Soby Mathew authored
This patch extends the build option `USE_COHERENT_MEMORY` to conditionally remove coherent memory from the memory maps of all boot loader stages. The patch also adds necessary documentation for coherent memory removal in firmware-design, porting and user guides. Fixes ARM-Software/tf-issues#106 Change-Id: I260e8768c6a5c2efc402f5804a80657d8ce38773
-
- 07 Jan, 2015 1 commit
-
-
Joakim Bech authored
Fixes arm-software/tf-issues#276
-
- 16 Sep, 2014 1 commit
-
-
Soby Mathew authored
This patch adds support for supplying pre-built BL binaries for BL2, BL3-1 and BL3-2 during trusted firmware build. Specifying BLx = <path_to_BLx> in the build command line, where 'x' is any one of BL2, BL3-1 or BL3-2, will skip building that BL stage from source and include the specified binary in final fip image. This patch also makes BL3-3 binary for FIP optional depending on the value of 'NEED_BL33' flag which is defined by the platform. Fixes ARM-software/tf-issues#244 Fixes ARM-software/tf-issues#245 Change-Id: I3ebe1d4901f8b857e8bb51372290978a3323bfe7
-
- 27 Aug, 2014 1 commit
-
-
Sandrine Bailleux authored
This patch gathers miscellaneous minor fixes to the documentation, and comments in the source code. Change-Id: I631e3dda5abafa2d90f464edaee069a1e58b751b Co-Authored-By: Soby Mathew <soby.mathew@arm.com> Co-Authored-By: Dan Handley <dan.handley@arm.com>
-
- 20 Aug, 2014 2 commits
-
-
Soby Mathew authored
This patch adds CPU core and cluster power down sequences to the CPU specific operations framework introduced in a earlier patch. Cortex-A53, Cortex-A57 and generic AEM sequences have been added. The latter is suitable for the Foundation and Base AEM FVPs. A pointer to each CPU's operations structure is saved in the per-cpu data so that it can be easily accessed during power down seqeunces. An optional platform API has been introduced to allow a platform to disable the Accelerator Coherency Port (ACP) during a cluster power down sequence. The weak definition of this function (plat_disable_acp()) does not take any action. It should be overriden with a strong definition if the ACP is present on a platform. Change-Id: I8d09bd40d2f528a28d2d3f19b77101178778685d
-
Soby Mathew authored
This patch adds an optional platform API (plat_reset_handler) which allows the platform to perform any actions immediately after a cold or warm reset e.g. implement errata workarounds. The function is called with MMU and caches turned off. This API is weakly defined and does nothing by default but can be overriden by a platform with a strong definition. Change-Id: Ib0acdccbd24bc756528a8bd647df21e8d59707ff
-
- 19 Aug, 2014 1 commit
-
-
Dan Handley authored
* Move TSP platform porting functions to new file: include/bl32/tsp/platform_tsp.h. * Create new TSP_IRQ_SEC_PHY_TIMER definition for use by the generic TSP interrupt handling code, instead of depending on the FVP specific definition IRQ_SEC_PHY_TIMER. * Rename TSP platform porting functions from bl32_* to tsp_*, and definitions from BL32_* to TSP_*. * Update generic TSP code to use new platform porting function names and definitions. * Update FVP port accordingly and move all TSP source files to: plat/fvp/tsp/. * Update porting guide with above changes. Note: THIS CHANGE REQUIRES ALL PLATFORM PORTS OF THE TSP TO BE UPDATED Fixes ARM-software/tf-issues#167 Change-Id: Ic0ff8caf72aebb378d378193d2f017599fc6b78f
-
- 14 Aug, 2014 1 commit
-
-
Dan Handley authored
The intent of io_init() was to allow platform ports to provide a data object (io_plat_data_t) to the IO storage framework to allocate into. The abstraction was incomplete because io_plat_data_t uses a platform defined constant and the IO storage framework internally allocates other arrays using platform defined constants. This change simplifies the implementation by instantiating the supporting objects in the IO storage framework itself. There is now no need for the platform to call io_init(). The FVP port has been updated accordingly. THIS CHANGE REQUIRES ALL PLATFORM PORTS THAT USE THE IO STORAGE FRAMEWORK TO BE UDPATED. Change-Id: Ib48ac334de9e538064734334c773f8b43df3a7dc
-
- 12 Aug, 2014 1 commit
-
-
Juan Castillo authored
Secure ROM at address 0x0000_0000 is defined as FVP_TRUSTED_ROM Secure RAM at address 0x0400_0000 is defined as FVP_TRUSTED_SRAM Secure RAM at address 0x0600_0000 is defined as FVP_TRUSTED_DRAM BLn_BASE and BLn_LIMIT definitions have been updated and are based on these new memory regions. The available memory for each bootloader in the linker script is defined by BLn_BASE and BLn_LIMIT, instead of the complete memory region. TZROM_BASE/SIZE and TZRAM_BASE/SIZE are no longer required as part of the platform porting. FVP common definitions are defined in fvp_def.h while platform_def.h contains exclusively (with a few exceptions) the definitions that are mandatory in the porting guide. Therefore, platform_def.h now includes fvp_def.h instead of the other way around. Porting guide has been updated to reflect these changes. Change-Id: I39a6088eb611fc4a347db0db4b8f1f0417dbab05
-
- 01 Aug, 2014 1 commit
-
-
Juan Castillo authored
The purpose of platform_is_primary_cpu() is to determine after reset (BL1 or BL3-1 with reset handler) if the current CPU must follow the cold boot path (primary CPU), or wait in a safe state (secondary CPU) until the primary CPU has finished the system initialization. This patch removes redundant calls to platform_is_primary_cpu() in subsequent bootloader entrypoints since the reset handler already guarantees that code is executed exclusively on the primary CPU. Additionally, this patch removes the weak definition of platform_is_primary_cpu(), so the implementation of this function becomes mandatory. Removing the weak symbol avoids other bootloaders accidentally picking up an invalid definition in case the porting layer makes the real function available only to BL1. The define PRIMARY_CPU is no longer mandatory in the platform porting because platform_is_primary_cpu() hides the implementation details (for instance, there may be platforms that report the primary CPU in a system register). The primary CPU definition in FVP has been moved to fvp_def.h. The porting guide has been updated accordingly. Fixes ARM-software/tf-issues#219 Change-Id: If675a1de8e8d25122b7fef147cb238d939f90b5e
-
- 28 Jul, 2014 3 commits
-
-
Soby Mathew authored
This patch adds the CPUECTLR_EL1 register and the CCI Snoop Control register to the list of registers being reported when an unhandled exception occurs. Change-Id: I2d997f2d6ef3d7fa1fad5efe3364dc9058f9f22c
-
Soby Mathew authored
This patch introduces platform APIs to initialise and print a character on a designated crash console. For the FVP platform, PL011_UART0 is the designated crash console. The platform porting guide is also updated to document the new APIs. Change-Id: I5e97d8762082e0c88c8c9bbb479353eac8f11a66
-
Achin Gupta authored
This patch removes the allocation of memory for coherent stacks, associated accessor function and some dead code which called the accessor function. It also updates the porting guide to remove the concept and the motivation behind using stacks allocated in coherent memory. Fixes ARM-software/tf-issues#198 Change-Id: I00ff9a04f693a03df3627ba39727e3497263fc38
-
- 11 Jul, 2014 1 commit
-
-
Sandrine Bailleux authored
Update the "Memory layout on FVP platforms" section in the Firmware Design document to reflect the overlaying of BL1 and BL2 images by BL3-1 and BL3-2. Also update the Porting Guide document to mention the BL31_PROGBITS_LIMIT and BL32_PROGBITS_LIMIT constants. Change-Id: I0b23dae5b5b4490a01be7ff7aa80567cff34bda8
-
- 10 Jul, 2014 1 commit
-
-
Sandrine Bailleux authored
- Add support for loading a BL3-0 image in BL2. Information about memory extents is populated by platform-specific code. Subsequent handling of BL3-0 is also platform specific. The BL2 main function has been broken down to improve readability. The BL3-2 image is now loaded before the BL3-3 image to align with the boot flow. - Build system: Add support for specifying a BL3-0 image that will be included into the FIP image. - IO FIP driver: Add support for identifying a BL3-0 image inside a FIP image. - Update the documentation to reflect the above changes. Change-Id: I067c184afd52ccaa86569f13664757570c86fc48
-
- 01 Jul, 2014 1 commit
-
-
Sandrine Bailleux authored
This concept is no longer required since we now support loading of images at fixed addresses only. The image loader now automatically detects the position of the image inside the current memory layout and updates the layout such that memory fragmentation is minimised. The 'attr' field of the meminfo data structure, which used to hold the bottom/top loading information, has been removed. Also the 'next' field has been removed as it wasn't used anywhere. The 'init_bl2_mem_layout()' function has been moved out of common code and put in BL1-specific code. It has also been renamed into 'bl1_init_bl2_mem_layout'. Fixes ARM-software/tf-issues#109 Change-Id: I3f54642ce7b763d5ee3b047ad0ab59eabbcf916d
-
- 23 Jun, 2014 1 commit
-
-
Andrew Thoelke authored
The array of affinity nodes is currently allocated for 32 entries with the PSCI_NUM_AFFS value defined in psci.h. This is not enough for large systems, and will substantially over allocate the array for small systems. This patch introduces an optional platform definition PLATFORM_NUM_AFFS to platform_def.h. If defined this value is used for PSCI_NUM_AFFS, otherwise a value of two times the number of CPU cores is used. The FVP port defines PLATFORM_NUM_AFFS to be 10 which saves nearly 1.5KB of memory. Fixes ARM-software/tf-issues#192 Change-Id: I68e30ac950de88cfbd02982ba882a18fb69c1445
-
- 03 Jun, 2014 2 commits
-
-
Achin Gupta authored
This patch adds documentation that describes the design of the Interrupt management framework in the ARM Trusted Firmware. The porting-guide.md has also been updated to describe the interface that should be implemented by each platform to support this framework. Change-Id: I3eda48e5c9456e6a9516956bee16a29e366633b7 Co-Authored-By: Soby Mathew <soby.mathew@arm.com>
-
Vikram Kanigiri authored
Update documentation with BL3-1 hardening interface changes and for using BL3-1 as a reset vector feature Change-Id: Iafdd05e7a8e66503409f2acc934372efef5bc51b
-
- 02 Jun, 2014 1 commit
-
-
Soby Mathew authored
This patch modifies and adds to the existing documentation for the crash reporting implementation in BL3-1. Change-Id: I2cfbfeeeb64996ec7d19a9ddf95295482899b4bd
-
- 30 May, 2014 1 commit
-
-
Dan Handley authored
Following recent refactoring changes to platform.h, this commit updates porting-guide.md to correctly refer to platform.h and platform_def.h where appropriate. Change-Id: Idf1e77503c24358696f8f3c14caa0cc1d579deb4
-
- 23 May, 2014 1 commit
-
-
Sandrine Bailleux authored
Rework the "Memory layout on FVP platforms" section in the Firmware Design document. Add information about where the TSP image fits in the memory layout when present. Add documentation for the base addresses of each bootloader image in the porting guide. Change-Id: I4afb2605e008a1cb28c44a697804f2cb6bb4c9aa
-
- 22 May, 2014 2 commits
-
-
Dan Handley authored
The generic image loading and IO FIP code no longer forces the platform to create BL3-2 (Secure-EL1 Payload) specific definitions. The BL3-2 loading code in bl2/bl2main.c is wrapped by a #ifdef BL32_BASE blocks, allowing the BL3-2 definitions to be optional. Similarly for the name_uuid array defintion in drivers/io/io_fip.c. Also update the porting guide to reflect this change. The BL3-2 platform definitions remain non-configurably present in the FVP port. Fixes ARM-software/tf-issues#68 Change-Id: Iea28b4e94d87a31f5522f271e290919a8a955460
-
Sandrine Bailleux authored
The TSP's linker script used to assume that the TSP would execute from secure DRAM. Although it is currently the case on FVPs, platforms are free to use any secure memory they wish. This patch introduces the flexibility to load the TSP into any secure memory. The platform code gets to specify the extents of this memory in the platform header file, as well as the BL3-2 image limit address. The latter definition allows to check in a generic way that the BL3-2 image fits in its bounds. Change-Id: I9450f2d8b32d74bd00b6ce57a0a1542716ab449c
-
- 16 May, 2014 1 commit
-
-
Soby Mathew authored
This patch implements the register reporting when unhandled exceptions are taken in BL3-1. Unhandled exceptions will result in a dump of registers to the console, before halting execution by that CPU. The Crash Stack, previously called the Exception Stack, is used for this activity. This stack is used to preserve the CPU context and runtime stack contents for debugging and analysis. This also introduces the per_cpu_ptr_cache, referenced by tpidr_el3, to provide easy access to some of BL3-1 per-cpu data structures. Initially, this is used to provide a pointer to the Crash stack. panic() now prints the the error file and line number in Debug mode and prints the PC value in release mode. The Exception Stack is renamed to Crash Stack with this patch. The original intention of exception stack is no longer valid since we intend to support several valid exceptions like IRQ and FIQ in the trusted firmware context. This stack is now utilized for dumping and reporting the system state when a crash happens and hence the rename. Fixes ARM-software/tf-issues#79 Improve reporting of unhandled exception Change-Id: I260791dc05536b78547412d147193cdccae7811a
-
- 12 May, 2014 1 commit
-
-
Andrew Thoelke authored
The TZC configuration on FVP was incorrectly allowing both secure and non-secure accesses to the DRAM, which can cause aliasing problems for software. It was also not enabling virtio access on some models. This patch fixes both of those issues. The patch also enabless non-secure access to the DDR RAM for all devices with defined IDs. The third region of DDR RAM has been removed from the configuration as this is not used in any of the FVP models. Fixes ARM-software/tf-issues#150 Fixes ARM-software/tf-issues#151 Change-Id: I60ad5daaf55e14f178affb8afd95d17e7537abd7
-
- 24 Apr, 2014 1 commit
-
-
Harry Liebel authored
Fixes ARM-software/tf-issues#64 Change-Id: I4e56c25f9dc7f486fbf6fa2f7d8253874119b989
-