1. 24 Jun, 2020 1 commit
    • Manish V Badarkhe's avatar
      plat/arm: Rentroduce tb_fw_config device tree · 3cb84a54
      Manish V Badarkhe authored
      
      
      Moved BL2 configuration nodes from fw_config to newly
      created tb_fw_config device tree.
      
      fw_config device tree's main usage is to hold properties shared
      across all BLx images.
      An example is the "dtb-registry" node, which contains the
      information about the other device tree configurations
      (load-address, size).
      
      Also, Updated load-address of tb_fw_config which is now located
      after fw_config in SRAM.
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      Change-Id: Ic398c86a4d822dacd55b5e25fd41d4fe3888d79a
      3cb84a54
  2. 09 Jun, 2020 2 commits
    • Madhukar Pappireddy's avatar
      plat/fvp: Add support for dynamic description of secure interrupts · 452d5e5e
      Madhukar Pappireddy authored
      
      
      Using the fconf framework, the Group 0 and Group 1 secure interrupt
      descriptors are moved to device tree and retrieved in runtime. This
      feature is enabled by the build flag SEC_INT_DESC_IN_FCONF.
      
      Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      452d5e5e
    • Andre Przywara's avatar
      GICv3: GIC-600: Detect GIC-600 at runtime · b4ad365a
      Andre Przywara authored
      
      
      The only difference between GIC-500 and GIC-600 relevant to TF-A is the
      differing power management sequence.
      A certain GIC implementation is detectable at runtime, for instance by
      checking the IIDR register. Let's add that test before initiating the
      GIC-600 specific sequence, so the code can be used on both GIC-600 and
      GIC-500 chips alike, without deciding on a GIC chip at compile time.
      
      This means that the GIC-500 "driver" is now redundant. To allow minimal
      platform support, add a switch to disable GIC-600 support.
      
      Change-Id: I17ea97d9fb05874772ebaa13e6678b4ba3415557
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      b4ad365a
  3. 01 Jun, 2020 1 commit
  4. 21 May, 2020 1 commit
  5. 19 May, 2020 1 commit
  6. 07 Apr, 2020 1 commit
  7. 02 Apr, 2020 1 commit
  8. 31 Mar, 2020 1 commit
  9. 30 Mar, 2020 1 commit
    • Alexei Fedorov's avatar
      TF-A GICv3 driver: Introduce makefile · a6ea06f5
      Alexei Fedorov authored
      
      
      This patch moves all GICv3 driver files into new added
      'gicv3.mk' makefile for the benefit of the generic driver
      which can evolve in the future without affecting platforms.
      The patch adds GICv3 driver configuration flags
      'GICV3_IMPL', 'GICV3_IMPL_GIC600_MULTICHIP' and
      'GICV3_OVERRIDE_DISTIF_PWR_OPS' described in
      'GICv3 driver options' section of 'build-option.rst'
      document.
      
      NOTE: Platforms with GICv3 driver need to be modified to
      include 'drivers/arm/gic/v3/gicv3.mk' in their makefiles.
      
      Change-Id: If055f6770ff20f5dee5a3c99ae7ced7cdcac5c44
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      a6ea06f5
  10. 17 Mar, 2020 1 commit
    • Madhukar Pappireddy's avatar
      FVP: In BL31/SP_MIN, map only the needed DRAM region statically · 493545b3
      Madhukar Pappireddy authored
      
      
      Rather than creating entry in plat_arm_mmap array to map the
      entire DRAM region in BL31/SP_MIN, only map a smaller region holding
      HW_CONFIG DTB. Consequently, an increase in number of sub-translation
      tables(level-2 and level-3) i.e., MAX_XLAT_TABLES is necessary to map
      the new region in memory.
      
      In order to accommodate the increased code size in BL31 i.e.,
      PROGBITS, the max size of BL31 image is increased by 0x1000(4K).
      
      Change-Id: I540b8ee550588e22a3a9fb218183d2ab8061c851
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      493545b3
  11. 16 Mar, 2020 1 commit
    • Louis Mayencourt's avatar
      fconf: Clean Arm IO · a6de824f
      Louis Mayencourt authored
      
      
      Merge the previously introduced arm_fconf_io_storage into arm_io_storage. This
      removes the duplicate io_policies and functions definition.
      
      This patch:
      - replace arm_io_storage.c with the content of arm_fconf_io_storage.c
      - rename the USE_FCONF_BASED_IO option into ARM_IO_IN_DTB.
      - use the ARM_IO_IN_DTB option to compile out io_policies moved in dtb.
      - propagate DEFINES when parsing dts.
      - use ARM_IO_IN_DTB to include or not uuid nodes in fw_config dtb.
      - set the ARM_IO_IN_DTB to 0 by default for fvp. This ensure that the behavior
        of fvp stays the same as it was before the introduction of fconf.
      
      Change-Id: Ia774a96d1d3a2bccad29f7ce2e2b4c21b26c080e
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      a6de824f
  12. 11 Mar, 2020 1 commit
    • Madhukar Pappireddy's avatar
      fconf: necessary modifications to support fconf in BL31 & SP_MIN · 26d1e0c3
      Madhukar Pappireddy authored
      
      
      Necessary infrastructure added to integrate fconf framework in BL31 & SP_MIN.
      Created few populator() functions which parse HW_CONFIG device tree
      and registered them with fconf framework. Many of the changes are
      only applicable for fvp platform.
      
      This patch:
      1. Adds necessary symbols and sections in BL31, SP_MIN linker script
      2. Adds necessary memory map entry for translation in BL31, SP_MIN
      3. Creates an abstraction layer for hardware configuration based on
         fconf framework
      4. Adds necessary changes to build flow (makefiles)
      5. Minimal callback to read hw_config dtb for capturing properties
         related to GIC(interrupt-controller node)
      6. updates the fconf documentation
      
      Change-Id: Ib6292071f674ef093962b9e8ba0d322b7bf919af
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      26d1e0c3
  13. 10 Mar, 2020 1 commit
  14. 24 Feb, 2020 1 commit
    • Petre-Ionut Tudor's avatar
      Read-only xlat tables for BL31 memory · 60e8f3cf
      Petre-Ionut Tudor authored
      
      
      This patch introduces a build flag which allows the xlat tables
      to be mapped in a read-only region within BL31 memory. It makes it
      much harder for someone who has acquired the ability to write to
      arbitrary secure memory addresses to gain control of the
      translation tables.
      
      The memory attributes of the descriptors describing the tables
      themselves are changed to read-only secure data. This change
      happens at the end of BL31 runtime setup. Until this point, the
      tables have read-write permissions. This gives a window of
      opportunity for changes to be made to the tables with the MMU on
      (e.g. reclaiming init code). No changes can be made to the tables
      with the MMU turned on from this point onwards. This change is also
      enabled for sp_min and tspd.
      
      To make all this possible, the base table was moved to .rodata. The
      penalty we pay is that now .rodata must be aligned to the size of
      the base table (512B alignment). Still, this is better than putting
      the base table with the higher level tables in the xlat_table
      section, as that would cost us a full 4KB page.
      
      Changing the tables from read-write to read-only cannot be done with
      the MMU on, as the break-before-make sequence would invalidate the
      descriptor which resolves the level 3 page table where that very
      descriptor is located. This would make the translation required for
      writing the changes impossible, generating an MMU fault.
      
      The caches are also flushed.
      Signed-off-by: default avatarPetre-Ionut Tudor <petre-ionut.tudor@arm.com>
      Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
      60e8f3cf
  15. 18 Feb, 2020 2 commits
  16. 10 Feb, 2020 1 commit
  17. 07 Feb, 2020 2 commits
    • Louis Mayencourt's avatar
      fconf: Move platform io policies into fconf · 0a6e7e3b
      Louis Mayencourt authored
      
      
      Use the firmware configuration framework to store the io_policies
      information inside the configuration device tree instead of the static
      structure in the code base.
      
      The io_policies required by BL1 can't be inside the dtb, as this one is
      loaded by BL1, and only available at BL2.
      
      This change currently only applies to FVP platform.
      
      Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      0a6e7e3b
    • Louis Mayencourt's avatar
      fconf: Add dynamic config DTBs info as property · 25ac8794
      Louis Mayencourt authored
      
      
      This patch introduces a better separation between the trusted-boot
      related properties, and the dynamic configuration DTBs loading
      information.
      
      The dynamic configuration DTBs properties are moved to a new node:
      `dtb-registry`. All the sub-nodes present will be provided to the
      dynamic config framework to be loaded. The node currently only contains
      the already defined configuration DTBs, but can be extended for future
      features if necessary.
      The dynamic config framework is modified to use the abstraction provided
      by the fconf framework, instead of directly accessing the DTBs.
      
      The trusted-boot properties are kept under the "arm,tb_fw" compatible
      string, but in a separate `tb_fw-config` node.
      The `tb_fw-config` property of the `dtb-registry` node simply points
      to the load address of `fw_config`, as the `tb_fw-config` is currently
      part of the same DTB.
      
      Change-Id: Iceb6c4c2cb92b692b6e28dbdc9fb060f1c46de82
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      25ac8794
  18. 06 Feb, 2020 1 commit
    • Max Shvetsov's avatar
      Adds option to read ROTPK from registers for FVP · a6ffddec
      Max Shvetsov authored
      
      
      Enables usage of ARM_ROTPK_LOCATION=regs for FVP board.
      Removes hard-coded developer keys. Instead, setting
      ARM_ROTPK_LOCATION=devel_* takes keys from default directory.
      In case of ROT_KEY specified - generates a new hash and replaces the
      original.
      
      Note: Juno board was tested by original feature author and was not tested
      for this patch since we don't have access to the private key. Juno
      implementation was moved to board-specific file without changing
      functionality. It is not known whether byte-swapping is still needed
      for this platform.
      
      Change-Id: I0fdbaca0415cdcd78f3a388551c2e478c01ed986
      Signed-off-by: default avatarMax Shvetsov <maksims.svecovs@arm.com>
      a6ffddec
  19. 07 Jan, 2020 1 commit
  20. 20 Dec, 2019 2 commits
    • Paul Beesley's avatar
      spm: Remove SPM Alpha 1 prototype and support files · 538b0020
      Paul Beesley authored
      
      
      The Secure Partition Manager (SPM) prototype implementation is
      being removed. This is preparatory work for putting in place a
      dispatcher component that, in turn, enables partition managers
      at S-EL2 / S-EL1.
      
      This patch removes:
      
      - The core service files (std_svc/spm)
      - The Resource Descriptor headers (include/services)
      - SPRT protocol support and service definitions
      - SPCI protocol support and service definitions
      
      Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426
      Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      Signed-off-by: default avatarArtsem Artsemenka <artsem.artsemenka@arm.com>
      538b0020
    • Paul Beesley's avatar
      Remove dependency between SPM_MM and ENABLE_SPM build flags · 3f3c341a
      Paul Beesley authored
      
      
      There are two different implementations of Secure Partition
      management in TF-A. One is based on the "Management Mode" (MM)
      design, the other is based on the Secure Partition Client Interface
      (SPCI) specification. Currently there is a dependency between their
      build flags that shouldn't exist, making further development
      harder than it should be. This patch removes that
      dependency, making the two flags function independently.
      
      Before: ENABLE_SPM=1 is required for using either implementation.
              By default, the SPCI-based implementation is enabled and
              this is overridden if SPM_MM=1.
      
      After: ENABLE_SPM=1 enables the SPCI-based implementation.
             SPM_MM=1 enables the MM-based implementation.
             The two build flags are mutually exclusive.
      
      Note that the name of the ENABLE_SPM flag remains a bit
      ambiguous - this will be improved in a subsequent patch. For this
      patch the intention was to leave the name as-is so that it is
      easier to track the changes that were made.
      
      Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a
      Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      3f3c341a
  21. 18 Dec, 2019 1 commit
  22. 07 Nov, 2019 1 commit
  23. 03 Oct, 2019 1 commit
  24. 02 Oct, 2019 1 commit
  25. 30 Sep, 2019 1 commit
  26. 11 Sep, 2019 1 commit
    • John Tsichritzis's avatar
      Modify FVP makefile for cores that support both AArch64/32 · cd3c5b4c
      John Tsichritzis authored
      
      
      Some cores support only AArch64 from EL1 and above, e.g. A76, N1 etc. If
      TF-A is compiled with CTX_INCLUDE_AARCH32_REGS=0 so as to properly
      handle those cores, only the AArch64 cores' assembly is included in the
      TF-A binary. In other words, for FVP, TF-A assumes that AArch64 only
      cores will never exist in the same cluster with cores that also support
      AArch32.
      
      However, A55 and A75 can be used as AArch64 only cores, despite
      supporting AArch32, too. This patch enables A55 and A75 to exist in
      clusters together with AArch64 cores.
      
      Change-Id: I58750ad6c3d76ce77eb354784c2a42f2c179031d
      Signed-off-by: default avatarJohn Tsichritzis <john.tsichritzis@arm.com>
      cd3c5b4c
  27. 16 Aug, 2019 1 commit
    • Alexei Fedorov's avatar
      FVP: Add Delay Timer driver to BL1 and BL31 · 1b597c22
      Alexei Fedorov authored
      
      
      SMMUv3 driver functions which are called from BL1 and BL31
      currently use counter-based poll method for testing status
      bits. Adding Delay Timer driver to BL1 and BL31 is required
      for timeout-based implementation using timer delay functions
      for SMMU and other drivers.
      This patch adds new function `fvp_timer_init()` which
      initialises either System level generic or SP804 timer based on
      FVP_USE_SP804_TIMER build flag.
      In BL2U `bl2u_early_platform_setup()` function the call to
      `arm_bl2u_early_platform_setup()` (which calls
      `generic_delay_timer_init()` ignoring FVP_USE_SP804_TIMER flag),
      is replaced with `arm_console_boot_init()` and `fvp_timer_init()`.
      
      Change-Id: Ifd8dcebf4019e877b9bc5641551deef77a44c0d1
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      1b597c22
  28. 23 Jul, 2019 1 commit
    • Ambroise Vincent's avatar
      arm: Shorten the Firmware Update (FWU) process · 37b70031
      Ambroise Vincent authored
      
      
      The watchdog is configured with a default value of 256 seconds in order
      to implement the Trusted Board Boot Requirements.
      
      For the FVP and Juno platforms, the FWU process relies on a watchdog
      reset. In order to automate the test of FWU, the length of this process
      needs to be as short as possible. Instead of waiting for those 4 minutes
      to have a reset by the watchdog, tell it to reset immediately.
      
      There are no side effects as the value of the watchdog's load register
      resets to 0xFFFFFFFF.
      
      Tested on Juno.
      
      Change-Id: Ib1aea80ceddc18ff1e0813a5b98dd141ba8a3ff2
      Signed-off-by: default avatarAmbroise Vincent <ambroise.vincent@arm.com>
      37b70031
  29. 16 Jul, 2019 1 commit
  30. 10 Jul, 2019 1 commit
  31. 04 Jun, 2019 1 commit
    • John Tsichritzis's avatar
      Apply compile-time check for AArch64-only cores · 629d04f5
      John Tsichritzis authored
      
      
      Some cores support only AArch64 mode. In those cores, only a limited
      subset of the AArch32 system registers are implemented. Hence, if TF-A
      is supposed to run on AArch64-only cores, it must be compiled with
      CTX_INCLUDE_AARCH32_REGS=0.
      
      Currently, the default settings for compiling TF-A are with the AArch32
      system registers included. So, if we compile TF-A the default way and
      attempt to run it on an AArch64-only core, we only get a runtime panic.
      
      Now a compile-time check has been added to ensure that this flag has the
      appropriate value when AArch64-only cores are included in the build.
      
      Change-Id: I298ec550037fafc9347baafb056926d149197d4c
      Signed-off-by: default avatarJohn Tsichritzis <john.tsichritzis@arm.com>
      629d04f5
  32. 10 May, 2019 1 commit
    • Alexei Fedorov's avatar
      SMMUv3: Abort DMA transactions · 1461ad9f
      Alexei Fedorov authored
      
      
      For security DMA should be blocked at the SMMU by default
      unless explicitly enabled for a device. SMMU is disabled
      after reset with all streams bypassing the SMMU, and
      abortion of all incoming transactions implements a default
      deny policy on reset.
      This patch also moves "bl1_platform_setup()" function from
      arm_bl1_setup.c to FVP platforms' fvp_bl1_setup.c and
      fvp_ve_bl1_setup.c files.
      
      Change-Id: Ie0ffedc10219b1b884eb8af625bd4b6753749b1a
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      1461ad9f
  33. 03 May, 2019 1 commit
    • John Tsichritzis's avatar
      Add compile-time errors for HW_ASSISTED_COHERENCY flag · 076b5f02
      John Tsichritzis authored
      This patch fixes this issue:
      https://github.com/ARM-software/tf-issues/issues/660
      
      
      
      The introduced changes are the following:
      
      1) Some cores implement cache coherency maintenance operation on the
      hardware level. For those cores, such as - but not only - the DynamIQ
      cores, it is mandatory that TF-A is compiled with the
      HW_ASSISTED_COHERENCY flag. If not, the core behaviour at runtime is
      unpredictable. To prevent this, compile time checks have been added and
      compilation errors are generated, if needed.
      
      2) To enable this change for FVP, a logical separation has been done for
      the core libraries. A system cannot contain cores of both groups, i.e.
      cores that manage coherency on hardware and cores that don't do it. As
      such, depending on the HW_ASSISTED_COHERENCY flag, FVP includes the
      libraries only of the relevant cores.
      
      3) The neoverse_e1.S file has been added to the FVP sources.
      
      Change-Id: I787d15819b2add4ec0d238249e04bf0497dc12f3
      Signed-off-by: default avatarJohn Tsichritzis <john.tsichritzis@arm.com>
      076b5f02
  34. 17 Apr, 2019 1 commit
    • Aditya Angadi's avatar
      plat/arm: introduce wrapper functions to setup secure watchdog · b0c97daf
      Aditya Angadi authored
      
      
      The BL1 stage setup code for ARM platforms sets up the SP805 watchdog
      controller as the secure watchdog. But not all ARM platforms use SP805
      as the secure watchdog controller.
      
      So introduce two new ARM platform code specific wrapper functions to
      start and stop the secure watchdog. These functions then replace the
      calls to SP805 driver in common BL1 setup code. All the ARM platforms
      implement these wrapper functions by either calling into SP805 driver
      or the SBSA watchdog driver.
      
      Change-Id: I1a9a11b124cf3fac2a84f22ca40acd440a441257
      Signed-off-by: default avatarAditya Angadi <aditya.angadi@arm.com>
      b0c97daf
  35. 08 Apr, 2019 1 commit
  36. 14 Mar, 2019 1 commit