1. 12 Sep, 2016 1 commit
    • dp-arm's avatar
      fiptool: Add support for printing the sha256 digest with info command · 9df69ba3
      dp-arm authored
      This feature allows one to quickly verify that the expected
      image is contained in the FIP without extracting the image and
      running sha256sum(1) on it.
      
      The sha256 digest is only shown when the verbose flag is used.
      
      This change requires libssl-dev to be installed in order to build
      Trusted Firmware. Previously, libssl-dev was optionally needed only
      to support Trusted Board Boot configurations.
      
      Fixes ARM-Software/tf-issues#124
      
      Change-Id: Ifb1408d17f483d482bb270a589ee74add25ec5a6
      9df69ba3
  2. 16 Aug, 2016 1 commit
  3. 15 Aug, 2016 1 commit
    • Soby Mathew's avatar
      AArch32: Enable build at top level Makefile for FVP · 9d29c227
      Soby Mathew authored
      This patch enables the AArch32 build including SP_MIN in the
      top level Makefile. The build flag `ARCH` now can specify either
      `aarch64`(default) or `aarch32`. Currently only FVP AEM model is
      supported for AArch32 build. Another new build flag `AARCH32_SP`
      is introduced to specify the AArch32 secure payload to be built.
      
      Change-Id: Ie1198cb9e52d7da1b79b93243338fc3868b08faa
      9d29c227
  4. 29 Jul, 2016 1 commit
    • dp-arm's avatar
      Replace fip_create with fiptool · 819281ee
      dp-arm authored
      fiptool provides a more consistent and intuitive interface compared to
      the fip_create program.  It serves as a better base to build on more
      features in the future.
      
      fiptool supports various subcommands.  Below are the currently
      supported subcommands:
      
      1) info   - List the images contained in a FIP file.
      2) create - Create a new FIP file with the given images.
      3) update - Update an existing FIP with the given images.
      4) unpack - Extract a selected set or all the images from a FIP file.
      5) remove - Remove images from a FIP file.  This is a new command that
         was not present in fip_create.
      
      To create a new FIP file, replace "fip_create" with "fiptool create".
      
      To update a FIP file, replace "fip_create" with "fiptool update".
      
      To dump the contents of a FIP file, replace "fip_create --dump" with
      "fiptool info".
      
      A compatibility script that emulates the basic functionality of
      fip_create is provided.  Existing scripts might or might not work with
      the compatibility script.  Users are strongly encouraged to migrate to
      fiptool.
      
      Fixes ARM-Software/tf-issues#87
      Fixes ARM-Software/tf-issues#108
      Fixes ARM-Software/tf-issues#361
      
      Change-Id: I7ee4da7ac60179cc83cf46af890fd8bc61a53330
      819281ee
  5. 28 Jul, 2016 1 commit
  6. 25 Jul, 2016 1 commit
    • Antonio Nino Diaz's avatar
      ARM platforms: Define common image sizes · 0289970d
      Antonio Nino Diaz authored
      Compile option `ARM_BOARD_OPTIMISE_MMAP` has been renamed to
      `ARM_BOARD_OPTIMISE_MEM` because it now applies not only to defines
      related to the translation tables but to the image size as well.
      
      The defines `PLAT_ARM_MAX_BL1_RW_SIZE`, `PLAT_ARM_MAX_BL2_SIZE` and
      `PLAT_ARM_MAX_BL31_SIZE` have been moved to the file board_arm_def.h.
      This way, ARM platforms no longer have to set their own values if
      `ARM_BOARD_OPTIMISE_MEM=0` and they can specify optimized values
      otherwise. The common sizes have been set to the highest values used
      for any of the current build configurations.
      
      This is needed because in some build configurations some images are
      running out of space. This way there is a common set of values known
      to work for all of them and it can be optimized for each particular
      platform if needed.
      
      The space reserved for BL2 when `TRUSTED_BOARD_BOOT=0` has been
      increased. This is needed because when memory optimisations are
      disabled the values for Juno of `PLAT_ARM_MMAP_ENTRIES` and
      `MAX_XLAT_TABLES` are higher. If in this situation the code is
      compiled in debug mode and with "-O0", the code won't fit.
      
      Change-Id: I70a3d8d3a0b0cad1d6b602c01a7ea334776e718e
      0289970d
  7. 19 Jul, 2016 1 commit
    • Soby Mathew's avatar
      Introduce PSCI Library Interface · cf0b1492
      Soby Mathew authored
      This patch introduces the PSCI Library interface. The major changes
      introduced are as follows:
      
      * Earlier BL31 was responsible for Architectural initialization during cold
      boot via bl31_arch_setup() whereas PSCI was responsible for the same during
      warm boot. This functionality is now consolidated by the PSCI library
      and it does Architectural initialization via psci_arch_setup() during both
      cold and warm boots.
      
      * Earlier the warm boot entry point was always `psci_entrypoint()`. This was
      not flexible enough as a library interface. Now PSCI expects the runtime
      firmware to provide the entry point via `psci_setup()`. A new function
      `bl31_warm_entrypoint` is introduced in BL31 and the previous
      `psci_entrypoint()` is deprecated.
      
      * The `smc_helpers.h` is reorganized to separate the SMC Calling Convention
      defines from the Trusted Firmware SMC helpers. The former is now in a new
      header file `smcc.h` and the SMC helpers are moved to Architecture specific
      header.
      
      * The CPU context is used by PSCI for context initialization and
      restoration after power down (PSCI Context). It is also used by BL31 for SMC
      handling and context management during Normal-Secure world switch (SMC
      Context). The `psci_smc_handler()` interface is redefined to not use SMC
      helper macros thus enabling to decouple the PSCI context from EL3 runtime
      firmware SMC context. This enables PSCI to be integrated with other runtime
      firmware using a different SMC context.
      
      NOTE: With this patch the architectural setup done in `bl31_arch_setup()`
      is done as part of `psci_setup()` and hence `bl31_platform_setup()` will be
      invoked prior to architectural setup. It is highly unlikely that the platform
      setup will depend on architectural setup and cause any failure. Please be
      be aware of this change in sequence.
      
      Change-Id: I7f497a08d33be234bbb822c28146250cb20dab73
      cf0b1492
  8. 18 Jul, 2016 2 commits
    • Soby Mathew's avatar
      Introduce `el3_runtime` and `PSCI` libraries · 532ed618
      Soby Mathew authored
      This patch moves the PSCI services and BL31 frameworks like context
      management and per-cpu data into new library components `PSCI` and
      `el3_runtime` respectively. This enables PSCI to be built independently from
      BL31. A new `psci_lib.mk` makefile is introduced which adds the relevant
      PSCI library sources and gets included by `bl31.mk`. Other changes which
      are done as part of this patch are:
      
      * The runtime services framework is now moved to the `common/` folder to
        enable reuse.
      * The `asm_macros.S` and `assert_macros.S` helpers are moved to architecture
        specific folder.
      * The `plat_psci_common.c` is moved from the `plat/common/aarch64/` folder
        to `plat/common` folder. The original file location now has a stub which
        just includes the file from new location to maintain platform compatibility.
      
      Most of the changes wouldn't affect platform builds as they just involve
      changes to the generic bl1.mk and bl31.mk makefiles.
      
      NOTE: THE `plat_psci_common.c` FILE HAS MOVED LOCATION AND THE STUB FILE AT
      THE ORIGINAL LOCATION IS NOW DEPRECATED. PLATFORMS SHOULD MODIFY THEIR
      MAKEFILES TO INCLUDE THE FILE FROM THE NEW LOCATION.
      
      Change-Id: I6bd87d5b59424995c6a65ef8076d4fda91ad5e86
      532ed618
    • Soby Mathew's avatar
      Rework type usage in Trusted Firmware · 4c0d0390
      Soby Mathew authored
      This patch reworks type usage in generic code, drivers and ARM platform files
      to make it more portable. The major changes done with respect to
      type usage are as listed below:
      
      * Use uintptr_t for storing address instead of uint64_t or unsigned long.
      * Review usage of unsigned long as it can no longer be assumed to be 64 bit.
      * Use u_register_t for register values whose width varies depending on
        whether AArch64 or AArch32.
      * Use generic C types where-ever possible.
      
      In addition to the above changes, this patch also modifies format specifiers
      in print invocations so that they are AArch64/AArch32 agnostic. Only files
      related to upcoming feature development have been reworked.
      
      Change-Id: I9f8c78347c5a52ba7027ff389791f1dad63ee5f8
      4c0d0390
  9. 08 Jul, 2016 2 commits
    • Sandrine Bailleux's avatar
      Introduce SEPARATE_CODE_AND_RODATA build flag · 5d1c104f
      Sandrine Bailleux authored
      At the moment, all BL images share a similar memory layout: they start
      with their code section, followed by their read-only data section.
      The two sections are contiguous in memory. Therefore, the end of the
      code section and the beginning of the read-only data one might share
      a memory page. This forces both to be mapped with the same memory
      attributes. As the code needs to be executable, this means that the
      read-only data stored on the same memory page as the code are
      executable as well. This could potentially be exploited as part of
      a security attack.
      
      This patch introduces a new build flag called
      SEPARATE_CODE_AND_RODATA, which isolates the code and read-only data
      on separate memory pages. This in turn allows independent control of
      the access permissions for the code and read-only data.
      
      This has an impact on memory footprint, as padding bytes need to be
      introduced between the code and read-only data to ensure the
      segragation of the two. To limit the memory cost, the memory layout
      of the read-only section has been changed in this case.
      
       - When SEPARATE_CODE_AND_RODATA=0, the layout is unchanged, i.e.
         the read-only section still looks like this (padding omitted):
      
         |        ...        |
         +-------------------+
         | Exception vectors |
         +-------------------+
         |  Read-only data   |
         +-------------------+
         |       Code        |
         +-------------------+ BLx_BASE
      
         In this case, the linker script provides the limits of the whole
         read-only section.
      
       - When SEPARATE_CODE_AND_RODATA=1, the exception vectors and
         read-only data are swapped, such that the code and exception
         vectors are contiguous, followed by the read-only data. This
         gives the following new layout (padding omitted):
      
         |        ...        |
         +-------------------+
         |  Read-only data   |
         +-------------------+
         | Exception vectors |
         +-------------------+
         |       Code        |
         +-------------------+ BLx_BASE
      
         In this case, the linker script now exports 2 sets of addresses
         instead: the limits of the code and the limits of the read-only
         data. Refer to the Firmware Design guide for more details. This
         provides platform code with a finer-grained view of the image
         layout and allows it to map these 2 regions with the appropriate
         access permissions.
      
      Note that SEPARATE_CODE_AND_RODATA applies to all BL images.
      
      Change-Id: I936cf80164f6b66b6ad52b8edacadc532c935a49
      5d1c104f
    • Sandrine Bailleux's avatar
      BL1: Add linker symbol identifying end of ROM content · c02fcc4a
      Sandrine Bailleux authored
      This patch adds a new linker symbol in BL1's linker script named
      '__BL1_ROM_END__', which marks the end of BL1's ROM content. This
      covers BL1's code, read-only data and read-write data to relocate
      in Trusted SRAM. The address of this new linker symbol is exported
      to C code through the 'BL1_ROM_END' macro.
      
      The section related to linker symbols in the Firmware Design guide
      has been updated and improved.
      
      Change-Id: I5c442ff497c78d865ffba1d7d044511c134e11c7
      c02fcc4a
  10. 16 Jun, 2016 2 commits
    • Yatharth Kochar's avatar
      Add optional PSCI STAT residency & count functions · 170fb93d
      Yatharth Kochar authored
      This patch adds following optional PSCI STAT functions:
      
      - PSCI_STAT_RESIDENCY: This call returns the amount of time spent
        in power_state in microseconds, by the node represented by the
        `target_cpu` and the highest level of `power_state`.
      
      - PSCI_STAT_COUNT: This call returns the number of times a
        `power_state` has been used by the node represented by the
        `target_cpu` and the highest power level of `power_state`.
      
      These APIs provides residency statistics for power states that has
      been used by the platform. They are implemented according to v1.0
      of the PSCI specification.
      
      By default this optional feature is disabled in the PSCI
      implementation. To enable it, set the boolean flag
      `ENABLE_PSCI_STAT` to 1. This also sets `ENABLE_PMF` to 1.
      
      Change-Id: Ie62e9d37d6d416ccb1813acd7f616d1ddd3e8aff
      170fb93d
    • Yatharth Kochar's avatar
      Add Performance Measurement Framework(PMF) · a31d8983
      Yatharth Kochar authored
      This patch adds Performance Measurement Framework(PMF) in the
      ARM Trusted Firmware. PMF is implemented as a library and the
      SMC interface is provided through ARM SiP service.
      
      The PMF provides capturing, storing, dumping and retrieving the
      time-stamps, by enabling the development of services by different
      providers, that can be easily integrated into ARM Trusted Firmware.
      The PMF capture and retrieval APIs can also do appropriate cache
      maintenance operations to the timestamp memory when the caller
      indicates so.
      
      `pmf_main.c` consists of core functions that implement service
      registration, initialization, storing, dumping and retrieving
      the time-stamp.
      `pmf_smc.c` consists SMC handling for registered PMF services.
      `pmf.h` consists of the macros that can be used by the PMF service
      providers to register service and declare time-stamp functions.
      `pmf_helpers.h` consists of internal macros that are used by `pmf.h`
      
      By default this feature is disabled in the ARM trusted firmware.
      To enable it set the boolean flag `ENABLE_PMF` to 1.
      
      NOTE: The caller is responsible for specifying the appropriate cache
      maintenance flags and for acquiring/releasing appropriate locks
      before/after capturing/retrieving the time-stamps.
      
      Change-Id: Ib45219ac07c2a81b9726ef6bd9c190cc55e81854
      a31d8983
  11. 15 Jun, 2016 1 commit
  12. 09 Jun, 2016 1 commit
  13. 03 Jun, 2016 3 commits
    • Soby Mathew's avatar
      Allow dynamic overriding of ROTPK verification · 04943d33
      Soby Mathew authored
      A production ROM with TBB enabled must have the ability to boot test software
      before a real ROTPK is deployed (e.g. manufacturing mode). Previously the
      function plat_get_rotpk_info() must return a valid ROTPK for TBB to succeed.
      This patch adds an additional bit `ROTPK_NOT_DEPLOYED` in the output `flags`
      parameter from plat_get_rotpk_info(). If this bit is set, then the ROTPK
      in certificate is used without verifying against the platform value.
      
      Fixes ARM-software/tf-issues#381
      
      Change-Id: Icbbffab6bff8ed76b72431ee21337f550d8fdbbb
      04943d33
    • Dan Handley's avatar
      Move stdlib header files to include/lib/stdlib · f0b489c1
      Dan Handley authored
      * Move stdlib header files from include/stdlib to include/lib/stdlib for
        consistency with other library headers.
      * Fix checkpatch paths to continue excluding stdlib files.
      * Create stdlib.mk to define the stdlib source files and include directories.
      * Include stdlib.mk from the top level Makefile.
      * Update stdlib header path in the fip_create Makefile.
      * Update porting-guide.md with the new paths.
      
      Change-Id: Ia92c2dc572e9efb54a783e306b5ceb2ce24d27fa
      f0b489c1
    • Soby Mathew's avatar
      Build option to include AArch32 registers in cpu context · 8cd16e6b
      Soby Mathew authored
      The system registers that are saved and restored in CPU context include
      AArch32 systems registers like SPSR_ABT, SPSR_UND, SPSR_IRQ, SPSR_FIQ,
      DACR32_EL2, IFSR32_EL2 and FPEXC32_EL2. Accessing these registers on an
      AArch64-only (i.e. on hardware that does not implement AArch32, or at
      least not at EL1 and higher ELs) platform leads to an exception. This patch
      introduces the build option `CTX_INCLUDE_AARCH32_REGS` to specify whether to
      include these AArch32 systems registers in the cpu context or not. By default
      this build option is set to 1 to ensure compatibility. AArch64-only platforms
      must set it to 0. A runtime check is added in BL1 and BL31 cold boot path to
      verify this.
      
      Fixes ARM-software/tf-issues#386
      
      Change-Id: I720cdbd7ed7f7d8516635a2ec80d025f478b95ee
      8cd16e6b
  14. 25 May, 2016 2 commits
    • Soby Mathew's avatar
      PSCI: Add pwr_domain_pwr_down_wfi() hook in plat_psci_ops · ac1cc8eb
      Soby Mathew authored
      This patch adds a new optional platform hook `pwr_domain_pwr_down_wfi()` in
      the plat_psci_ops structure. This hook allows the platform to perform platform
      specific actions including the wfi invocation to enter powerdown. This hook
      is invoked by both psci_do_cpu_off() and psci_cpu_suspend_start() functions.
      The porting-guide.md is also updated for the same.
      
      This patch also modifies the `psci_power_down_wfi()` function to invoke
      `plat_panic_handler` incase of panic instead of the busy while loop.
      
      Fixes ARM-Software/tf-issues#375
      
      Change-Id: Iba104469a1445ee8d59fb3a6fdd0a98e7f24dfa3
      ac1cc8eb
    • Soby Mathew's avatar
      Add CCN support to FVP platform port · 71237876
      Soby Mathew authored
      This patch adds support to select CCN driver for FVP during build.
      A new build option `FVP_INTERCONNECT_DRIVER` is added to allow
      selection between the CCI and CCN driver. Currently only the CCN-502
      variant is supported on FVP.
      
      The common ARM CCN platform helper file now verifies the cluster
      count declared by platform is equal to the number of root node
      masters exported by the ARM Standard platform.
      
      Change-Id: I71d7b4785f8925ed499c153b2e9b9925fcefd57a
      71237876
  15. 20 May, 2016 2 commits
    • Antonio Nino Diaz's avatar
      Replace SP804 timer by generic delay timer on FVP · 32cd95f0
      Antonio Nino Diaz authored
      Added a build flag to select the generic delay timer on FVP instead
      of the SP804 timer. By default, the generic one will be selected. The
      user guide has been updated.
      
      Change-Id: Ica34425c6d4ed95a187b529c612f6d3b26b78bc6
      32cd95f0
    • Antonio Nino Diaz's avatar
      Add 32 bit version of plat_get_syscnt_freq · d4486391
      Antonio Nino Diaz authored
      Added plat_get_syscnt_freq2, which is a 32 bit variant of the 64 bit
      plat_get_syscnt_freq. The old one has been flagged as deprecated.
      Common code has been updated to use this new version. Porting guide
      has been updated.
      
      Change-Id: I9e913544926c418970972bfe7d81ee88b4da837e
      d4486391
  16. 28 Apr, 2016 1 commit
    • Soby Mathew's avatar
      Change the default driver to GICv3 in FVP · a8af6a4d
      Soby Mathew authored
      This patch changes the default driver for FVP platform from the deprecated
      GICv3 legacy to the GICv3 only driver. This means that the default build of
      Trusted Firmware will not be able boot Linux kernel with GICv2 FDT blob. The
      user guide is also updated to reflect this change of default GIC driver for
      FVP.
      
      Change-Id: Id6fc8c1ac16ad633dabb3cd189b690415a047764
      a8af6a4d
  17. 27 Apr, 2016 3 commits
  18. 25 Apr, 2016 2 commits
    • Michal Simek's avatar
      zynqmp: FSBL->ATF handover · b96f77c6
      Michal Simek authored
      
      
      Parse the parameter structure the FSBL populates, to populate the bl32
      and bl33 image structures.
      
      Cc: Sarat Chand Savitala <saratcha@xilinx.com>
      Cc: petalinux-dev@xilinx.com
      Signed-off-by: default avatarMichal Simek <michal.simek@xilinx.com>
      [ SB
       - pass pointers to structs instead of structs
       - handle execution state parameter
       - populate bl32 SPSR
       - add documentation
       - query bootmode and consider missing handoff parameters an error when
         not in JTAG boot mode
      ]
      Signed-off-by: default avatarSoren Brinkmann <soren.brinkmann@xilinx.com>
      b96f77c6
    • Soren Brinkmann's avatar
      zynqmp: Revise memory configuration options · 01555332
      Soren Brinkmann authored
      
      
      Drop the current configuration options for selecting the location of
      the ATF and TSP (ZYNQMP_ATF_LOCATION, ZYNQMP_TSP_RAM_LOCATION).
      The new configuration provides one default setup (ATF in OCM,
      BL32 in DRAM). Additionally, the new configuration options
       - ZYNQMP_ATF_MEM_BASE
       - ZYNQMP_ATF_MEM_SIZE
       - ZYNQMP_BL32_MEM_BASE
       - ZYNQMP_BL32_MEM_SIZE
      can be used to freely configure the memory locations used for ATF and
      secure payload.
      
      Also, allow setting the BL33 entry point via PRELOADED_BL33_BASE.
      
      Cc: petalinux-dev@xilinx.com
      Signed-off-by: default avatarSoren Brinkmann <soren.brinkmann@xilinx.com>
      Acked-by: default avatarAlistair Francis <alistair.francis@xilinx.com>
      01555332
  19. 21 Apr, 2016 6 commits
  20. 14 Apr, 2016 2 commits
    • Gerald Lejeune's avatar
      Dump platform-defined regs in crash reporting · 9ff67fa6
      Gerald Lejeune authored
      
      
      It is up to the platform to implement the new plat_crash_print_regs macro to
      report all relevant platform registers helpful for troubleshooting.
      
      plat_crash_print_regs merges or calls previously defined plat_print_gic_regs
      and plat_print_interconnect_regs macros for each existing platforms.
      
      NOTE: THIS COMMIT REQUIRES ALL PLATFORMS THAT ENABLE THE `CRASH_REPORTING`
      BUILD FLAG TO MIGRATE TO USE THE NEW `plat_crash_print_regs()` MACRO. BY
      DEFAULT, `CRASH_REPORTING` IS ENABLED IN DEBUG BUILDS FOR ALL PLATFORMS.
      
      Fixes: arm-software/tf-issues#373
      Signed-off-by: default avatarGerald Lejeune <gerald.lejeune@st.com>
      9ff67fa6
    • Juan Castillo's avatar
      Update User Guide and move up to Linaro 16.02 · ec0a975f
      Juan Castillo authored
      This patch updates the TF User Guide, simplifying some of the steps
      to build and run TF and trying to avoid duplicated information that
      is already available on the ARM Connected Community or the Linaro
      website.
      
      The recommended Linaro release is now 16.02.
      
      Change-Id: I21db486d56a07bb10f5ee9a33014ccc59ca12986
      ec0a975f
  21. 08 Apr, 2016 1 commit
    • Antonio Nino Diaz's avatar
      Rename BL33_BASE option to PRELOADED_BL33_BASE · 68450a6d
      Antonio Nino Diaz authored
      To avoid confusion the build option BL33_BASE has been renamed to
      PRELOADED_BL33_BASE, which is more descriptive of what it does and
      doesn't get mistaken by similar names like BL32_BASE that work in a
      completely different way.
      
      NOTE: PLATFORMS USING BUILD OPTION `BL33_BASE` MUST CHANGE TO THE NEW
      BUILD OPTION `PRELOADED_BL33_BASE`.
      
      Change-Id: I658925ebe95406edf0325f15aa1752e1782aa45b
      68450a6d
  22. 07 Apr, 2016 1 commit
    • Soby Mathew's avatar
      Enable SCR_EL3.SIF bit · 99e58f9e
      Soby Mathew authored
      This patch enables the SCR_EL3.SIF (Secure Instruction Fetch) bit in BL1 and
      BL31 common architectural setup code. When in secure state, this disables
      instruction fetches from Non-secure memory.
      
      NOTE: THIS COULD BREAK PLATFORMS THAT HAVE SECURE WORLD CODE EXECUTING FROM
      NON-SECURE MEMORY, BUT THIS IS CONSIDERED UNLIKELY AND IS A SERIOUS SECURITY
      RISK.
      
      Fixes ARM-Software/tf-issues#372
      
      Change-Id: I684e84b8d523c3b246e9a5fabfa085b6405df319
      99e58f9e
  23. 06 Apr, 2016 1 commit
  24. 01 Apr, 2016 1 commit
    • Soby Mathew's avatar
      Modify return type of plat_get_ns_image_entrypoint() · a0ad6019
      Soby Mathew authored
      This patch modifies the return type of the platform API
      `plat_get_ns_image_entrypoint()` from `unsigned long` to
      `uintptr_t` in accordance with the coding guidelines.
      
      Change-Id: Icb4510ca98b706aa4d535fe27e203394184fb4ca
      a0ad6019