1. 13 Jun, 2019 1 commit
    • Sandrine Bailleux's avatar
      Fix type of cot_desc_ptr · 2efb7ddc
      Sandrine Bailleux authored
      
      
      The chain of trust description and the pointer pointing to its first
      element were incompatible, thus requiring an explicit type cast for
      the assignment.
      
      - cot_desc was an array of
        const pointers to const image descriptors.
      
      - cot_desc_ptr was a const pointer to
        (non-constant) pointers to const image descriptors.
      
      Thus, trying to assign cot_desc to cot_desc_ptr (with no cast) would
      generate the following compiler warning:
      
      drivers/auth/tbbr/tbbr_cot.c:826:14: warning: initialization discards
        ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
       REGISTER_COT(cot_desc);
                    ^~~~~~~~
      
      Change-Id: Iae62dd1bdb43fe379e3843d96461d47cc2f68a06
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      2efb7ddc
  2. 05 Jun, 2019 1 commit
    • James kung's avatar
      Prevent pending G1S interrupt become G0 interrupt · acc29852
      James kung authored
      
      
      According to Arm GIC spec(IHI0069E, section 4.6.1),
      when GICD_CTLR.DS == 0, Secure Group 1 interrupts
      are treated as Group 0 by a CPU interface if:
      - The PE does not implement EL3.
      - ICC_SRE_EL1(S).SRE == 0
      
      When a cpu enter suspend or deep idle, it might be
      powered off. When the cpu resume, according to
      the GIC spec(IHI0069E, section 9.2.15, 9.2.16 and
      9.2.22) the ICC_SRE_EL1.SRE reset value is 0 (if
      write is allowed) and G0/G1S/G1NS interrupt of the
      GIC cpu interface are all disabled.
      
      If a G1S SPI interrupt occurred and the target cpu
      of the SPI is assigned to a specific cpu which is
      in suspend and is powered off, when the cpu resume
      and start to initial the GIC cpu interface, the
      initial sequence might affect the interrupt group
      type of the pending interrupt on the cpu interface.
      
      Current initial sequence on the cpu interface is:
      1. Enable G0 interrupt
      2. Enable G1S interrupt
      3. Enable ICC_SRE_EL1(S).SRE
      
      It is possible to treat the pending G1S interrupt
      as G0 interrupt on the cpu interface if the G1S
      SPI interrupt occurred between step2 and step3.
      
      To prevent the above situation happend, the initial
      sequence should be changed as follows:
      1. Enable ICC_SRE_EL1(S).SRE
      2. Enable G0 interrupt
      3. Enable G1S interrupt
      
      Change-Id: Ie34f6e0b32eb9a1677ff72571fd4bfdb5cae25b0
      Signed-off-by: default avatarJames Kung <kong1191@gmail.com>
      acc29852
  3. 23 May, 2019 1 commit
  4. 21 May, 2019 1 commit
  5. 14 May, 2019 1 commit
  6. 10 May, 2019 1 commit
    • Alexei Fedorov's avatar
      SMMUv3: Abort DMA transactions · 1461ad9f
      Alexei Fedorov authored
      
      
      For security DMA should be blocked at the SMMU by default
      unless explicitly enabled for a device. SMMU is disabled
      after reset with all streams bypassing the SMMU, and
      abortion of all incoming transactions implements a default
      deny policy on reset.
      This patch also moves "bl1_platform_setup()" function from
      arm_bl1_setup.c to FVP platforms' fvp_bl1_setup.c and
      fvp_ve_bl1_setup.c files.
      
      Change-Id: Ie0ffedc10219b1b884eb8af625bd4b6753749b1a
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      1461ad9f
  7. 03 May, 2019 1 commit
    • Alexei Fedorov's avatar
      SMMUv3: refactor the driver code · ccd4d475
      Alexei Fedorov authored
      
      
      This patch is a preparation for the subsequent changes in
      SMMUv3 driver. It introduces a new "smmuv3_poll" function
      and replaces inline functions for accessing SMMU registers
      with mmio read/write operations. Also the infinite loop
      for the poll has been replaced with a counter based timeout.
      
      Change-Id: I7a0547beb1509601f253e126b1a7a6ab3b0307e7
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      ccd4d475
  8. 25 Apr, 2019 1 commit
  9. 24 Apr, 2019 1 commit
  10. 17 Apr, 2019 1 commit
  11. 12 Apr, 2019 1 commit
    • Ambroise Vincent's avatar
      Mbed TLS: Remove weak heap implementation · 2374ab17
      Ambroise Vincent authored
      
      
      The implementation of the heap function plat_get_mbedtls_heap() becomes
      mandatory for platforms supporting TRUSTED_BOARD_BOOT.
      
      The shared Mbed TLS heap default weak function implementation is
      converted to a helper function get_mbedtls_heap_helper() which can be
      used by the platforms for their own function implementation.
      
      Change-Id: Ic8f2994e25e3d9fcd371a21ac459fdcafe07433e
      Signed-off-by: default avatarAmbroise Vincent <ambroise.vincent@arm.com>
      2374ab17
  12. 11 Apr, 2019 5 commits
  13. 09 Apr, 2019 1 commit
  14. 08 Apr, 2019 2 commits
    • Joel Hutton's avatar
      cot-desc: optimise memory further · 30070427
      Joel Hutton authored
      
      
      This changes the auth_img_desc_t struct to have pointers to struct
      arrays instead of struct arrays. This saves memory as many of these
      were never used, and can be NULL pointers. Note the memory savings are
      only when these arrays are not initialised, as it is assumed these
      arrays are fixed length. A possible future optimisation could allow for
      variable length.
      
      memory diff:
      bl1:        bl2:
          text        text
            -12         -12
          bss         bss
            -1463       0
          data        data
            -56         -48
          rodata      rodata
            -5688       -2592
          total       total
            -7419       -2652
      
      Change-Id: I8f9bdedf75048b8867f40c56381e3a6dc6402bcc
      Signed-off-by: default avatarJoel Hutton <Joel.Hutton@Arm.com>
      30070427
    • Joel Hutton's avatar
      Reduce memory needed for CoT description · 0b6377d1
      Joel Hutton authored
      
      
      When Trusted Board Boot is enabled, we need to specify the Chain of
      Trust (CoT) of the BL1 and BL2 images. A CoT consists of an array
      of image descriptors. The authentication module assumes that each
      image descriptor in this array is indexed by its unique image
      identifier. For example, the Trusted Boot Firmware Certificate has to
      be at index [TRUSTED_BOOT_FW_CERT_ID].
      
      Unique image identifiers may not necessarily be consecutive. Also,
      a given BL image might not use all image descriptors. For example, BL1
      does not need any of the descriptors related to BL31. As a result, the
      CoT array might contain holes, which unnecessarily takes up space in
      the BL binary.
      
      Using pointers to auth_img_desc_t structs (rather than structs
      themselves) means these unused elements only use 1 pointer worth of
      space, rather than one struct worth of space. This patch also changes
      the code which accesses this array to reflect the change to pointers.
      
      Image descriptors not needed in BL1 or BL2 respectively are also
      ifdef'd out in this patch. For example, verifying the BL31 image is
      the responsibility of BL2 so BL1 does not need any of the data
      structures describing BL31.
      
      memory diff:
      bl1:        bl2:
          text        text
            -20         -20
          bss         bss
            -1463       0
          data        data
            -256        -48
          rodata      rodata
            -5240       -1952
          total       total
            -6979       -2020
      
      Change-Id: I163668b174dc2b9bbb183acec817f2126864aaad
      Signed-off-by: default avatarJoel Hutton <Joel.Hutton@Arm.com>
      0b6377d1
  15. 03 Apr, 2019 3 commits
  16. 02 Apr, 2019 10 commits
  17. 01 Apr, 2019 2 commits
  18. 22 Mar, 2019 1 commit
  19. 13 Mar, 2019 2 commits
  20. 12 Mar, 2019 3 commits
    • Paul Beesley's avatar
      drivers: Remove TODO from io_fip.c · 7d721816
      Paul Beesley authored
      
      
      The comment suggests checking version numbers and
      a checksum but there doesn't seem to be any usable
      data for either of these.
      
      For example, fip_toc_header_t doesn't contain any
      version information and neither does fip_toc_entry_t.
      
      As the function name "is_valid_header" suggests, this
      function is not concerned with checksumming any of
      the table of contents entries.
      
      Change-Id: I8673ae5dd37793771760169f26b2f55c15fbf587
      Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      7d721816
    • Paul Beesley's avatar
      drivers: Remove TODO from io_storage · 9a2fffb8
      Paul Beesley authored
      
      
      This TODO was added five years ago so I assume that there is not
      going to be a shutdown API added after all.
      
      Change-Id: If0f4e2066454df773bd9bf41ed65d3a10248a2d3
      Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      9a2fffb8
    • Tien Hock, Loh's avatar
      drivers: synopsys: Fix synopsys MMC driver · 3d0f30bb
      Tien Hock, Loh authored
      
      
      There are some issues with synopsys MMC driver:
      - CMD8 should not expect data (for SD)
      - ACMD51 should expect data (Send SCR for SD)
      - dw_prepare should not dictate size to be MMC_BLOCK_SIZE, block size is
      now handled in the dw_prepare function
      - after the CMD completes, when doing dw_read, we need to invalidate cache
      and wait for the data transfer to complete
      - Need to set FIFO threshold, otherwise DMA might never get the interrupt
      to read or write
      Signed-off-by: default avatarTien Hock, Loh <tien.hock.loh@intel.com>
      3d0f30bb