1. 14 Nov, 2019 1 commit
    • Sandrine Bailleux's avatar
      Refactor load_auth_image_internal(). · 9e7d6631
      Sandrine Bailleux authored
      
      
      The pre-processor directives make it hard to read the non-TBB version of
      this function. Refactor the code to improve readability. No functional
      change introduced.
      
      In particular, introduce a new helper function load_image_flush(),
      that simply loads an image and flushes it out to main memory. This is
      the only thing load_auth_image_internal() needs to do when TBB is
      disabled or when authentication is dynamically disabled.
      
      In other cases, we need to recursively authenticate the parent images up
      to the root of trust. To make this clearer, this code gets moved to a
      TBB-specific helper function called load_auth_image_recursive().
      
      As a result, load_auth_image_internal() now boils down to calling the
      right helper function (depending on TBB enablement and dynamic
      authentication status).
      
      Change-Id: I20a39a3b833810b97ecf4219358e7d2cac263890
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      9e7d6631
  2. 13 Sep, 2019 1 commit
    • Alexei Fedorov's avatar
      Refactor ARMv8.3 Pointer Authentication support code · ed108b56
      Alexei Fedorov authored
      
      
      This patch provides the following features and makes modifications
      listed below:
      - Individual APIAKey key generation for each CPU.
      - New key generation on every BL31 warm boot and TSP CPU On event.
      - Per-CPU storage of APIAKey added in percpu_data[]
        of cpu_data structure.
      - `plat_init_apiakey()` function replaced with `plat_init_apkey()`
        which returns 128-bit value and uses Generic timer physical counter
        value to increase the randomness of the generated key.
        The new function can be used for generation of all ARMv8.3-PAuth keys
      - ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`.
      - New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions
        generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively;
        pauth_disable_el1()` and `pauth_disable_el3()` functions disable
        PAuth for EL1 and EL3 respectively;
        `pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from
        cpu-data structure.
      - Combined `save_gp_pauth_registers()` function replaces calls to
        `save_gp_registers()` and `pauth_context_save()`;
        `restore_gp_pauth_registers()` replaces `pauth_context_restore()`
        and `restore_gp_registers()` calls.
      - `restore_gp_registers_eret()` function removed with corresponding
        code placed in `el3_exit()`.
      - Fixed the issue when `pauth_t pauth_ctx` structure allocated space
        for 12 uint64_t PAuth registers instead of 10 by removal of macro
        CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h`
        and assigning its value to CTX_PAUTH_REGS_END.
      - Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions
        in `msr	spsel`  instruction instead of hard-coded values.
      - Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI.
      
      Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      ed108b56
  3. 01 Aug, 2019 1 commit
    • Julius Werner's avatar
      Switch AARCH32/AARCH64 to __aarch64__ · 402b3cf8
      Julius Werner authored
      
      
      NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__.
      
      All common C compilers pre-define the same macros to signal which
      architecture the code is being compiled for: __arm__ for AArch32 (or
      earlier versions) and __aarch64__ for AArch64. There's no need for TF-A
      to define its own custom macros for this. In order to unify code with
      the export headers (which use __aarch64__ to avoid another dependency),
      let's deprecate the AARCH32 and AARCH64 macros and switch the code base
      over to the pre-defined standard macro. (Since it is somewhat
      unintuitive that __arm__ only means AArch32, let's standardize on only
      using __aarch64__.)
      
      Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      402b3cf8
  4. 01 Mar, 2019 1 commit
  5. 27 Feb, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Add support for pointer authentication · b86048c4
      Antonio Nino Diaz authored
      
      
      The previous commit added the infrastructure to load and save
      ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
      didn't actually enable pointer authentication in the firmware.
      
      This patch adds the functionality needed for platforms to provide
      authentication keys for the firmware, and a new option (ENABLE_PAUTH) to
      enable pointer authentication in the firmware itself. This option is
      disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be
      enabled.
      
      Change-Id: I35127ec271e1198d43209044de39fa712ef202a5
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      b86048c4
  6. 31 Jan, 2019 1 commit
  7. 04 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Sanitise includes across codebase · 09d40e0e
      Antonio Nino Diaz authored
      Enforce full include path for includes. Deprecate old paths.
      
      The following folders inside include/lib have been left unchanged:
      
      - include/lib/cpus/${ARCH}
      - include/lib/el3_runtime/${ARCH}
      
      The reason for this change is that having a global namespace for
      includes isn't a good idea. It defeats one of the advantages of having
      folders and it introduces problems that are sometimes subtle (because
      you may not know the header you are actually including if there are two
      of them).
      
      For example, this patch had to be created because two headers were
      called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform
      to avoid collision."). More recently, this patch has had similar
      problems: 46f9b2c3 ("drivers: add tzc380 support").
      
      This problem was introduced in commit 4ecca339
      
       ("Move include and
      source files to logical locations"). At that time, there weren't too
      many headers so it wasn't a real issue. However, time has shown that
      this creates problems.
      
      Platforms that want to preserve the way they include headers may add the
      removed paths to PLAT_INCLUDES, but this is discouraged.
      
      Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      09d40e0e
  8. 04 Oct, 2018 1 commit
  9. 28 Sep, 2018 1 commit
  10. 12 Jun, 2018 1 commit
    • Daniel Boulby's avatar
      Fix MISRA Rule 5.3 Part 1 · d3775d46
      Daniel Boulby authored
      
      
      Conflict with function name and variable name within that function.
      Change the name of the function from image_size to get_image_size
      to remove conflict and make the function fit the normal project
      naming convention.
      
      Rule 5.3:  An identifier declared in an inner scope shall not
                 hide an identifier declared in an outer scope
      
      Fixed For:
          make LOG_LEVEL=50 PLAT=fvp
      
      Change-Id: I1a63d2730113e2741fffa79730459c584b0224d7
      Signed-off-by: default avatarDaniel Boulby <daniel.boulby@arm.com>
      d3775d46
  11. 18 May, 2018 1 commit
  12. 05 Dec, 2017 1 commit
    • Soby Mathew's avatar
      Unify cache flush code path after image load · 76163b3a
      Soby Mathew authored
      
      
      Previously the cache flush happened in 2 different places in code
      depending on whether TRUSTED_BOARD_BOOT is enabled or not. This
      patch unifies this code path for both the cases. The `load_image()`
      function is now made an internal static function.
      
      Change-Id: I96a1da29d29236bbc34b1c95053e6a9a7fc98a54
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      76163b3a
  13. 24 Oct, 2017 1 commit
  14. 03 May, 2017 1 commit
  15. 08 Mar, 2017 1 commit
  16. 06 Feb, 2017 1 commit
    • Douglas Raillard's avatar
      Introduce unified API to zero memory · 308d359b
      Douglas Raillard authored
      
      
      Introduce zeromem_dczva function on AArch64 that can handle unaligned
      addresses and make use of DC ZVA instruction to zero a whole block at a
      time. This zeroing takes place directly in the cache to speed it up
      without doing external memory access.
      
      Remove the zeromem16 function on AArch64 and replace it with an alias to
      zeromem. This zeromem16 function is now deprecated.
      
      Remove the 16-bytes alignment constraint on __BSS_START__ in
      firmware-design.md as it is now not mandatory anymore (it used to comply
      with zeromem16 requirements).
      
      Change the 16-bytes alignment constraints in SP min's linker script to a
      8-bytes alignment constraint as the AArch32 zeromem implementation is now
      more efficient on 8-bytes aligned addresses.
      
      Introduce zero_normalmem and zeromem helpers in platform agnostic header
      that are implemented this way:
      * AArch32:
      	* zero_normalmem: zero using usual data access
      	* zeromem: alias for zero_normalmem
      * AArch64:
      	* zero_normalmem: zero normal memory  using DC ZVA instruction
      	                  (needs MMU enabled)
      	* zeromem: zero using usual data access
      
      Usage guidelines: in most cases, zero_normalmem should be preferred.
      
      There are 2 scenarios where zeromem (or memset) must be used instead:
      * Code that must run with MMU disabled (which means all memory is
        considered device memory for data accesses).
      * Code that fills device memory with null bytes.
      
      Optionally, the following rule can be applied if performance is
      important:
      * Code zeroing small areas (few bytes) that are not secrets should use
        memset to take advantage of compiler optimizations.
      
        Note: Code zeroing security-related critical information should use
        zero_normalmem/zeromem instead of memset to avoid removal by
        compilers' optimizations in some cases or misbehaving versions of GCC.
      
      Fixes ARM-software/tf-issues#408
      
      Change-Id: Iafd9663fc1070413c3e1904e54091cf60effaa82
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      308d359b
  17. 20 Dec, 2016 1 commit
  18. 29 Nov, 2016 1 commit
  19. 20 Sep, 2016 1 commit
    • Yatharth Kochar's avatar
      Add new version of image loading. · 72600226
      Yatharth Kochar authored
      This patch adds capability to load BL images based on image
      descriptors instead of hard coded way of loading BL images.
      This framework is designed such that it can be readily adapted
      by any BL stage that needs to load images.
      
      In order to provide the above capability the following new
      platform functions are introduced:
      
        bl_load_info_t *plat_get_bl_image_load_info(void);
          This function returns pointer to the list of images that the
          platform has populated to load.
      
        bl_params_t *plat_get_next_bl_params(void);
          This function returns a pointer to the shared memory that the
          platform has kept aside to pass trusted firmware related
          information that next BL image needs.
      
        void plat_flush_next_bl_params(void);
          This function flushes to main memory all the params that
          are passed to next image.
      
        int bl2_plat_handle_post_image_load(unsigned int image_id)
          This function can be used by the platforms to update/use
          image information for given `image_id`.
      
      `desc_image_load.c` contains utility functions which can be used
      by the platforms to generate, load and executable, image list
      based on the registered image descriptors.
      
      This patch also adds new version of `load_image/load_auth_image`
      functions in-order to achieve the above capability.
      
      Following are the changes for the new version as compared to old:
        - Refactor the signature and only keep image_id and image_info_t
          arguments. Removed image_base argument as it is already passed
          through image_info_t. Given that the BL image base addresses and
          limit/size are already provided by the platforms, the meminfo_t
          and entry_point_info arguments are not needed to provide/reserve
          the extent of free memory for the given BL image.
      
        - Added check for the image size against the defined max size.
          This is needed because the image size could come from an
          unauthenticated source (e.g. the FIP header).
          To make this check, new member is added to the image_info_t
          struct for identifying the image maximum size.
      
      New flag `LOAD_IMAGE_V2` is added in the Makefile.
      Default value is 0.
      
      NOTE: `TRUSTED_BOARD_BOOT` is currently not supported when
            `LOAD_IMAGE_V2` is enabled.
      
      Change-Id: Ia7b643f4817a170d5a2fbf479b9bc12e63112e79
      72600226
  20. 31 Aug, 2016 1 commit
  21. 17 Aug, 2016 1 commit
    • Dan Handley's avatar
      Remove dcache invalidation after image authentication · ad4494dc
      Dan Handley authored
      At the end of successful image authentication in load_auth_image(),
      the data cache for the virtual address range corresponding to the
      image is invalidated (by a call to inv_dcache_range()). The intent
      seems to be to ensure the data caches do not contain any sensitive
      data used during authentication, which subsequent code can read.
      However, this same address range is already flushed (cleaned and
      invalidated by a call to flush_dcache_range()) at the end of
      load_image(), and the subsequent invalidate has no functional
      effect.
      
      This patch removes the redundant call to inv_dcache_range(). It
      also moves the flush_dcache_range() call from the end of load_image()
      to the end of load_auth_image(), so the image data will remain in
      the caches during authentication, improving performance.
      
      This also improves the comments that explain the rationale for
      calling flush_dcache_range() after image loading/authentication.
      
      Change-Id: I14f17ad2935075ef6f3d1327361c5088bfb2d284
      ad4494dc
  22. 25 Jul, 2016 1 commit
    • Sandrine Bailleux's avatar
      Ensure addresses in is_mem_free() don't overflow · 7b6d330c
      Sandrine Bailleux authored
      This patch adds some runtime checks to prevent some potential
      pointer overflow issues in the is_mem_free() function. The overflow
      could happen in the case where the end addresses, computed as the
      sum of a base address and a size, results in a value large enough
      to wrap around. This, in turn, could lead to unpredictable behaviour.
      
      If such an overflow is detected, the is_mem_free() function will now
      declare the memory region as not free. The overflow is detected using
      a new macro, called check_uptr_overflow().
      
      This patch also modifies all other places in the 'bl_common.c' file
      where an end address was computed as the sum of a base address and a
      size and instead keeps the two values separate. This avoids the need
      to handle pointer overflows everywhere. The code doesn't actually need
      to compute any end address before the is_mem_free() function is called
      other than to print information message to the serial output.
      
      This patch also introduces 2 slight changes to the reserve_mem()
      function:
      
       - It fixes the end addresses passed to choose_mem_pos(). It was
         incorrectly passing (base + size) instead of (base + size - 1).
      
       - When the requested allocation size is 0, the function now exits
         straight away and says so using a warning message.
         Previously, it used to actually reserve some memory. A zero-byte
         allocation was not considered as a special case so the function
         was using the same top/bottom allocation mechanism as for any
         other allocation. As a result, the smallest area of memory starting
         from the requested base address within the free region was
         reserved.
      
      Change-Id: I0e695f961e24e56ffe000718014e0496dc6e1ec6
      7b6d330c
  23. 18 Jul, 2016 1 commit
    • Soby Mathew's avatar
      Rework type usage in Trusted Firmware · 4c0d0390
      Soby Mathew authored
      This patch reworks type usage in generic code, drivers and ARM platform files
      to make it more portable. The major changes done with respect to
      type usage are as listed below:
      
      * Use uintptr_t for storing address instead of uint64_t or unsigned long.
      * Review usage of unsigned long as it can no longer be assumed to be 64 bit.
      * Use u_register_t for register values whose width varies depending on
        whether AArch64 or AArch32.
      * Use generic C types where-ever possible.
      
      In addition to the above changes, this patch also modifies format specifiers
      in print invocations so that they are AArch64/AArch32 agnostic. Only files
      related to upcoming feature development have been reworked.
      
      Change-Id: I9f8c78347c5a52ba7027ff389791f1dad63ee5f8
      4c0d0390
  24. 07 Jun, 2016 1 commit
    • Sandrine Bailleux's avatar
      Update comments in load_image() · a6b995fb
      Sandrine Bailleux authored
      - Fix the function documentation.
        Since commit 16948ae1, load_image() uses image IDs rather than image
        names.
      
      - Clarify the consequences of a null entry point argument.
      
      - Slightly reorganize the code to remove an unnecessary 'if' statement.
      
      Change-Id: Iebea3149a37f23d3b847a37a206ed23f7e8ec717
      a6b995fb
  25. 13 Apr, 2016 1 commit
    • Soby Mathew's avatar
      Refactor the xlat_tables library code · 3ca9928d
      Soby Mathew authored
      The AArch32 long descriptor format and the AArch64 descriptor format
      correspond to each other which allows possible sharing of xlat_tables
      library code between AArch64 and AArch32. This patch refactors the
      xlat_tables library code to seperate the common functionality from
      architecture specific code. Prior to this patch, all of the xlat_tables
      library code were in `lib/aarch64/xlat_tables.c` file. The refactored code
      is now in `lib/xlat_tables/` directory. The AArch64 specific programming
      for xlat_tables is in `lib/xlat_tables/aarch64/xlat_tables.c` and the rest
      of the code common to AArch64 and AArch32 is in
      `lib/xlat_tables/xlat_tables_common.c`. Also the data types used in
      xlat_tables library APIs are reworked to make it compatible between AArch64
      and AArch32.
      
      The `lib/aarch64/xlat_tables.c` file now includes the new xlat_tables
      library files to retain compatibility for existing platform ports.
      The macros related to xlat_tables library are also moved from
      `include/lib/aarch64/arch.h` to the header `include/lib/xlat_tables.h`.
      
      NOTE: THE `lib/aarch64/xlat_tables.c` FILE IS DEPRECATED AND PLATFORM PORTS
      ARE EXPECTED TO INCLUDE THE NEW XLAT_TABLES LIBRARY FILES IN THEIR MAKEFILES.
      
      Change-Id: I3d17217d24aaf3a05a4685d642a31d4d56255a0f
      3ca9928d
  26. 18 Feb, 2016 1 commit
    • Antonio Nino Diaz's avatar
      Add support for %p in tf_printf() · f0dd061a
      Antonio Nino Diaz authored
      This patch adds support for the `%p` format specifier in tf_printf()
      following the example of the printf implementation of the stdlib used
      in the trusted firmware.
      
      Fixes ARM-software/tf-issues#292
      
      Change-Id: I0b3230c783f735d3e039be25a9405f00023420da
      f0dd061a
  27. 02 Nov, 2015 2 commits
    • Juan Castillo's avatar
      Remove deprecated IO return definitions · e098e244
      Juan Castillo authored
      Patch 7e26fe1f deprecates IO specific return definitions in favour
      of standard errno codes. This patch removes those definitions
      and its usage from the IO framework, IO drivers and IO platform
      layer. Following this patch, standard errno codes must be used
      when checking the return value of an IO function.
      
      Change-Id: Id6e0e9d0a7daf15a81ec598cf74de83d5768650f
      e098e244
    • Sandrine Bailleux's avatar
      Introduce print_entry_point_info() function · 68a68c92
      Sandrine Bailleux authored
      This patch introduces a new function called 'print_entry_point_info'
      that prints an entry_point_t structure for debugging purposes.
      As such, it can be used to display the entry point address, SPSR and
      arguments passed from a firmware image to the next one.
      
      This function is now called in the following images transitions:
       - BL1 to BL2
       - BL1 to BL31
       - BL31 to the next image (typically BL32 or BL33)
      
      The following changes have been introduced:
      
       - Fix the output format of the SPSR value : SPSR is a 32-bit value,
         not a 64-bit one.
      
       - Print all arguments values.
         The entry_point_info_t structure allows to pass up to 8 arguments.
         In most cases, only the first 2 arguments were printed.
         print_entry_point_info() now prints all of them as 'VERBOSE'
         traces.
      
      Change-Id: Ieb384bffaa7849e6cb95a01a47c0b7fc2308653a
      68a68c92
  28. 23 Oct, 2015 1 commit
    • Juan Castillo's avatar
      Use standard errno definitions in load_auth_image() · 78460a05
      Juan Castillo authored
      This patch replaces custom definitions used as return values for
      the load_auth_image() function with standard error codes defined
      in errno.h. The custom definitions have been removed.
      
      It also replaces the usage of IO framework error custom definitions,
      which have been deprecated. Standard errno definitions are used
      instead.
      
      Change-Id: I1228477346d3876151c05b470d9669c37fd231be
      78460a05
  29. 02 Sep, 2015 1 commit
    • Vikram Kanigiri's avatar
      Ensure BL2 security state is secure · a2f8b166
      Vikram Kanigiri authored
      BL2 loads secure runtime code(BL3-1, BL3-2) and hence it has to
      run in secure world otherwise BL3-1/BL3-2 have to execute from
      non-secure memory. Hence, This patch removes the change_security_state()
      call in bl1_run_bl2() and replaces it with an assert to confirm
      the BL2 as secure.
      
      Fixes ARM-software/tf-issues#314
      
      Change-Id: I611b83f5c4090e58a76a2e950b0d797b46df3c29
      a2f8b166
  30. 20 Aug, 2015 1 commit
    • Juan Castillo's avatar
      TBB: abort boot if BL3-2 cannot be authenticated · fedbc049
      Juan Castillo authored
      BL3-2 image (Secure Payload) is optional. If the image cannot be
      loaded a warning message is printed and the boot process continues.
      According to the TBBR document, this behaviour should not apply in
      case of an authentication error, where the boot process should be
      aborted.
      
      This patch modifies the load_auth_image() function to distinguish
      between a load error and an authentication error. The caller uses
      the return value to abort the boot process or continue.
      
      In case of authentication error, the memory region used to store
      the image is wiped clean.
      
      Change-Id: I534391d526d514b2a85981c3dda00de67e0e7992
      fedbc049
  31. 25 Jun, 2015 2 commits
    • Juan Castillo's avatar
      TBB: switch to the new authentication framework · 1779ba6b
      Juan Castillo authored
      This patch modifies the Trusted Board Boot implementation to use
      the new authentication framework, making use of the authentication
      module, the cryto module and the image parser module to
      authenticate the images in the Chain of Trust.
      
      A new function 'load_auth_image()' has been implemented. When TBB
      is enabled, this function will call the authentication module to
      authenticate parent images following the CoT up to the root of
      trust to finally load and authenticate the requested image.
      
      The platform is responsible for picking up the right makefiles to
      build the corresponding cryptographic and image parser libraries.
      ARM platforms use the mbedTLS based libraries.
      
      The platform may also specify what key algorithm should be used
      to sign the certificates. This is done by declaring the 'KEY_ALG'
      variable in the platform makefile. FVP and Juno use ECDSA keys.
      
      On ARM platforms, BL2 and BL1-RW regions have been increased 4KB
      each to accommodate the ECDSA code.
      
      REMOVED BUILD OPTIONS:
      
        * 'AUTH_MOD'
      
      Change-Id: I47d436589fc213a39edf5f5297bbd955f15ae867
      1779ba6b
    • Juan Castillo's avatar
      Use numbers to identify images instead of names · 16948ae1
      Juan Castillo authored
      The Trusted firmware code identifies BL images by name. The platform
      port defines a name for each image e.g. the IO framework uses this
      mechanism in the platform function plat_get_image_source(). For
      a given image name, it returns the handle to the image file which
      involves comparing images names. In addition, if the image is
      packaged in a FIP, a name comparison is required to find the UUID
      for the image. This method is not optimal.
      
      This patch changes the interface between the generic and platform
      code with regard to identifying images. The platform port must now
      allocate a unique number (ID) for every image. The generic code will
      use the image ID instead of the name to access its attributes.
      
      As a result, the plat_get_image_source() function now takes an image
      ID as an input parameter. The organisation of data structures within
      the IO framework has been rationalised to use an image ID as an index
      into an array which contains attributes of the image such as UUID and
      name. This prevents the name comparisons.
      
      A new type 'io_uuid_spec_t' has been introduced in the IO framework
      to specify images identified by UUID (i.e. when the image is contained
      in a FIP file). There is no longer need to maintain a look-up table
      [iname_name --> uuid] in the io_fip driver code.
      
      Because image names are no longer mandatory in the platform port, the
      debug messages in the generic code will show the image identifier
      instead of the file name. The platforms that support semihosting to
      load images (i.e. FVP) must provide the file names as definitions
      private to the platform.
      
      The ARM platform ports and documentation have been updated accordingly.
      All ARM platforms reuse the image IDs defined in the platform common
      code. These IDs will be used to access other attributes of an image in
      subsequent patches.
      
      IMPORTANT: applying this patch breaks compatibility for platforms that
      use TF BL1 or BL2 images or the image loading code. The platform port
      must be updated to match the new interface.
      
      Change-Id: I9c1b04cb1a0684c6ee65dee66146dd6731751ea5
      16948ae1
  32. 27 Apr, 2015 1 commit
    • Dan Handley's avatar
      Fix type mismatches in verbose logging · 1b70db06
      Dan Handley authored
      Commit dad25049 adds support for type checking in printf-like
      functions. Some of the VERBOSE logging statements were not updated
      at that time.
      
      Fix the type mismatches in the verbose logging statements.
      
      Change-Id: Idd9a49e41cc0dc31f7698e220819d934e3d2d10e
      1b70db06
  33. 28 Jan, 2015 1 commit
    • Juan Castillo's avatar
      Skip reserving memory for non-executable and BL3-0 images · c5fb47c3
      Juan Castillo authored
      This patch adds support to not reserve the memory where an image is
      loaded if the image is:
      
        1. A non-executable image e.g. a certificate
        2. An executable image which is not meant to run on the
           application CPU (e.g. BL3-0)
      
      Both types of images are characterized by a NULL entrypoint argument
      to the load_image() function. It is used to distinguish them from
      other type of images.
      
      Important: Use this feature carefully. The caller is responsible for
      providing a valid entrypoint while loading images which will execute
      on the application CPU to prevent a potential overwrite of the
      corresponding memory region.
      
      Change-Id: Ied482280d9db714c529ec12c33a6c1d918d77a4e
      c5fb47c3
  34. 12 Aug, 2014 1 commit
    • Dan Handley's avatar
      Rationalize console log output · 6ad2e461
      Dan Handley authored
      Fix the following issues with the console log output:
      
      * Make sure the welcome string is the first thing in the log output
      (during normal boot).
      * Prefix each message with the BL image name so it's clear which
      BL the output is coming from.
      * Ensure all output is wrapped in one of the log output macros so it can
      be easily compiled out if necessary. Change some of the INFO() messages
      to VERBOSE(), especially in the TSP.
      * Create some extra NOTICE() and INFO() messages during cold boot.
      * Remove all usage of \r in log output.
      
      Fixes ARM-software/tf-issues#231
      
      Change-Id: Ib24f7acb36ce64bbba549f204b9cde2dbb46c8a3
      6ad2e461
  35. 28 Jul, 2014 1 commit
    • Juan Castillo's avatar
      Rework incorrect use of assert() and panic() in codebase · d3280beb
      Juan Castillo authored
      Assert a valid security state using the macro sec_state_is_valid().
      Replace assert() with panic() in those cases that might arise
      because of runtime errors and not programming errors.
      Replace panic() with assert() in those cases that might arise
      because of programming errors.
      
      Fixes ARM-software/tf-issues#96
      
      Change-Id: I51e9ef0439fd5ff5e0edfef49050b69804bf14d5
      d3280beb
  36. 25 Jul, 2014 1 commit
    • Soby Mathew's avatar
      Implement a leaner printf for Trusted Firmware · b79af934
      Soby Mathew authored
      This patch implements a "tf_printf" which supports only the commonly
      used format specifiers in Trusted Firmware, which uses a lot less
      stack space than the stdlib printf function.
      
      Fixes ARM-software/tf-issues#116
      
      Change-Id: I7dfa1944f4c1e634b3e2d571f49afe02d109a351
      b79af934
  37. 01 Jul, 2014 1 commit
    • Sandrine Bailleux's avatar
      Remove concept of top/bottom image loading · 8f55dfb4
      Sandrine Bailleux authored
      This concept is no longer required since we now support loading of
      images at fixed addresses only.
      
      The image loader now automatically detects the position of the image
      inside the current memory layout and updates the layout such that
      memory fragmentation is minimised.
      
      The 'attr' field of the meminfo data structure, which used to hold
      the bottom/top loading information, has been removed. Also the 'next'
      field has been removed as it wasn't used anywhere.
      
      The 'init_bl2_mem_layout()' function has been moved out of common
      code and put in BL1-specific code. It has also been renamed into
      'bl1_init_bl2_mem_layout'.
      
      Fixes ARM-software/tf-issues#109
      
      Change-Id: I3f54642ce7b763d5ee3b047ad0ab59eabbcf916d
      8f55dfb4
  38. 05 Jun, 2014 1 commit
    • Sandrine Bailleux's avatar
      Make the entry point argument optional in load_image() · 63db7ba2
      Sandrine Bailleux authored
      There are cases where the entry point information is useless to the
      caller, e.g. when an image just needs to be loaded in memory but won't
      ever be executed.
      
      This patch allows load_image() function to take a NULL pointer as the
      entry point argument. In this case, it won't be populated.
      
      Change-Id: Ie9394b054457706c6699926c5e0206e0c3851c56
      63db7ba2