- 11 Jan, 2017 1 commit
-
-
danh-arm authored
Improve dependency file generation
-
- 10 Jan, 2017 3 commits
- 06 Jan, 2017 2 commits
-
-
Soren Brinkmann authored
Commit 0029624f ("Add PLAT_xxx_ADDR_SPACE_SIZE definition") deprecates 'ADDR_SPACE_SIZE' in favor of PLAT_(PHY|VIRT)_ADDRESS_SPACE_SIZE. Migrate the zynqmp platform to use the new interface. Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
-
Masahiro Yamada authored
This comment block says the default algorithm is ESDSA, while the code obviously sets the default to RSA: ifeq (${MBEDTLS_KEY_ALG},) MBEDTLS_KEY_ALG := rsa endif The git log of commit 7d37aa17 ("TBB: add mbedTLS authentication related libraries") states available options are: * 'rsa' (for RSA-2048) (default option) * 'ecdsa' (for ECDSA-SECP256R1) So, my best guess is the comment block is wrong. The mismatch between the code and the comment is confusing. Fix it. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 05 Jan, 2017 4 commits
-
-
Masahiro Yamada authored
This adds a phony target for each dependency other than the main file, causing each to depend on nothing. Without this, the incremental build will fail when a header file is removed. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
Currently, .d files are generated before any objects are built. So, IS_ANYTHING_TO_BUILD flag is needed to avoid such processing for non-build targets. There is a cleverer way; just create a .d file simultaneously when the corresponding object is created. No need to have separate rules for .d files. This commit will also fix a bug; -D$(IMAGE) is defined for $(OBJ), but not for $(PREREQUISITES). So, .d files are generated with different macro sets from those for .o files, then wrong .d files are generated. For example, in lib/cpus/aarch64/cpu_helpers.S #if IMAGE_BL31 #include <cpu_data.h> #endif <cpu_data.h> is parsed for the object when built for BL31, but the .d file does not pick up that dependency. With this commit, the compiler will generate .o and .d at the same time, guaranteeing they are generated under the same circumstances. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
Using AS for pre-processing looks a bit weird, and some assembly specific options are given for nothing. Rather, use CPP. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The -c flag should not be included in the global variable TF_CFLAGS; it should be specified in the build rule only when its target is a *.o file. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 04 Jan, 2017 1 commit
-
-
Patrick Georgi authored
Depending on the compiler used, it might try to link in libc even though it's not required. Stop it from doing that. Signed-off-by: Patrick Georgi <pgeorgi@google.com>
-
- 23 Dec, 2016 2 commits
-
-
davidcunado-arm authored
Abort preempted TSP STD SMC after PSCI CPU suspend
-
Douglas Raillard authored
Standard SMC requests that are handled in the secure-world by the Secure Payload can be preempted by interrupts that must be handled in the normal world. When the TSP is preempted the secure context is stored and control is passed to the normal world to handle the non-secure interrupt. Once completed the preempted secure context is restored. When restoring the preempted context, the dispatcher assumes that the TSP preempted context is still stored as the SECURE context by the context management library. However, PSCI power management operations causes synchronous entry into TSP. This overwrites the preempted SECURE context in the context management library. When restoring back the SECURE context, the Secure Payload crashes because this context is not the preempted context anymore. This patch avoids corruption of the preempted SECURE context by aborting any preempted SMC during PSCI power management calls. The abort_std_smc_entry hook of the TSP is called when aborting the SMC request. It also exposes this feature as a FAST SMC callable from normal world to abort preempted SMC with FID TSP_FID_ABORT. Change-Id: I7a70347e9293f47d87b5de20484b4ffefb56b770 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 21 Dec, 2016 1 commit
-
-
danh-arm authored
Fix TSP_STD_FID macro
-
- 20 Dec, 2016 14 commits
-
-
Douglas Raillard authored
Enforce valid FID input in TSP_STD_FID and TSP_FAST_FID macros. Also remove an undefined behavior by using unsigned literals. Change-Id: Id37e908da861980a4eaa3a70b37a729f416ce272 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
danh-arm authored
zynqmp: add "override" directive to mandatory options
-
danh-arm authored
AArch32: Print ASM_ASSERT and panic messages
-
Masahiro Yamada authored
The platform.mk sets build options required for ZynqMP, but users can still change them from the command line, like: make PLAT=zynqmp RESET_TO_BL31=0 CROSS_COMPILE=... Then, the makefile shows an error message in that case: Using BL31 as the reset vector is only one option supported on ZynqMP. Please set RESET_TO_BL31 to 1. If the option is not user-configurable, the makefile can specify "override" to prevent users from changing it. We do not need the error message for the case that never happens. Likewise, ENABLE_PLAT_COMPAT := 0 and PROGRAMMABLE_RESET_ADDRESS := 1 are mandatory to avoid build error. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Acked-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
-
danh-arm authored
Add provision to extend CPU operations at more levels
-
danh-arm authored
GIC driver changes for extended power management
-
Dan Handley authored
-
Sandrine Bailleux authored
- Clarify the documentation of the 'FWU_SMC_IMAGE_COPY' SMC in the Firmware Update guide. Also extend the list of pre-conditions to include the additional input validation implemented by previous patches. - Improve documentation of bl1_plat_mem_check() in the porting guide. It now specifies that the generic FWU code protects bl1_plat_mem_check() from integer overflows resulting from the addition of the base address and size passed in arguments. Change-Id: I07b47a3778df7b9c089529b2dd2135707640a91c Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Sandrine Bailleux authored
Before adding a base address and a size to compute the end address of an image to copy or authenticate, check this won't result in an integer overflow. If it does then consider the input arguments are invalid. As a result, bl1_plat_mem_check() can now safely assume the end address (computed as the sum of the base address and size of the memory region) doesn't overflow, as the validation is done upfront in bl1_fwu_image_copy/auth(). A debug assertion has been added nonetheless in the ARM implementation in order to help catching such problems, should bl1_plat_mem_check() be called in a different context in the future. Fixes TFV-1: Malformed Firmware Update SMC can result in copy of unexpectedly large data into secure memory Change-Id: I8b8f8dd4c8777705722c7bd0e8b57addcba07e25 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Signed-off-by: Dan Handley <dan.handley@arm.com>
-
Sandrine Bailleux authored
These debug assertions sanity check the state of the internal FWU state machine data when resuming an incomplete image copy operation. Change-Id: I38a125b0073658c3e2b4b1bdc623ec221741f43e Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Sandrine Bailleux authored
This patch refactors the code of the function handling a FWU_AUTH_COPY SMC in BL1. All input validation has been moved upfront so it is now shared between the RESET and COPYING states. Change-Id: I6a86576b9ce3243c401c2474fe06f06687a70e2f Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Signed-off-by: Dan Handley <dan.handley@arm.com>
-
Sandrine Bailleux authored
This patch introduces no functional change, it just changes the serial console output. - Improve accuracy of error messages by decoupling some error cases; - Improve comments; - Move declaration of 'mem_layout' local variable closer to where it is used and make it const; - Rename a local variable to clarify whether it is a source or a destination address (base_addr -> dest_addr). Change-Id: I349fcf053e233f316310892211d49e35ef2c39d9 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Signed-off-by: Dan Handley <dan.handley@arm.com>
-
Sandrine Bailleux authored
The is_mem_free() function used to be local to bl_common.c. This patch exports it so that it can be used outside of bl_common.c. Change-Id: I01dcb4229f3a36f56a4724b567c5e6c416dc5e98 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Dan Handley authored
-
- 19 Dec, 2016 4 commits
-
-
danh-arm authored
Enable TRUSTED_BOARD_BOOT support for LOAD_IMAGE_V2=1
-
danh-arm authored
Add two timestamps to measure PSCI cache flush overhead
-
danh-arm authored
Fixes and improvements to translation tables library
-
Jeenu Viswambharan authored
ASM_ASSERT failure and panic messages are suppressed at present. This patch enables printing the PC location for panic messages, and file name and line number upon assembly assert failure. Change-Id: I80cb715988e7ce766f64da1e1d7065a74a096a0c Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 15 Dec, 2016 8 commits
-
-
danh-arm authored
Update Foundation Model version
-
danh-arm authored
Fix incorrect copyright notices
-
David Cunado authored
Foundation Model release 10.2 has been made available and Trusted Firmware has been tested against that it as part of its CI system. This patch updates the user guide documentation to reflect the version of Foundation Model that Trusted Firmware has been tested against. Change-Id: I8571e1027b24892b41d04b93b24245a371ca2cae Signed-off-by: David Cunado <david.cunado@arm.com>
-
Jeenu Viswambharan authored
Various CPU drivers in ARM Trusted Firmware register functions to handle power-down operations. At present, separate functions are registered to power down individual cores and clusters. This scheme operates on the basis of core and cluster, and doesn't cater for extending the hierarchy for power-down operations. For example, future CPUs might support multiple threads which might need powering down individually. This patch therefore reworks the CPU operations framework to allow for registering power down handlers on specific level basis. Henceforth: - Generic code invokes CPU power down operations by the level required. - CPU drivers explicitly mention CPU_NO_RESET_FUNC when the CPU has no reset function. - CPU drivers register power down handlers as a list: a mandatory handler for level 0, and optional handlers for higher levels. All existing CPU drivers are adapted to the new CPU operations framework without needing any functional changes within. Also update firmware design guide. Change-Id: I1826842d37a9e60a9e85fdcee7b4b8f6bc1ad043 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
dp-arm authored
The previous code required that a certificate be signed with the ROT key before the platform's NV counter could be updated with the value in the certificate. This implies that the Non-Trusted NV counter was not being updated for Non-Trusted content certificates, as they cannot be signed with the ROT key in the TBBR CoT scheme. The code is reworked to only allow updating the platform's Trusted NV counter when a certificate protected by the Trusted NV counter is signed with the ROT key. Content certificates protected by the Non-Trusted NV counter are allowed to update the platform's Non-Trusted NV counter, assuming that the certificate value is higher than the platform's value. A new optional platform API has been introduced, named plat_set_nv_ctr2(). Platforms may choose to implement it and perform additional checks based on the authentication image descriptor before modifying the NV counters. A default weak implementation is available that just calls into plat_set_nv_ctr(). Fixes ARM-software/tf-issues#426 Change-Id: I4fc978fd28a3007bc0cef972ff1f69ad0413b79c Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
Jeenu Viswambharan authored
Earlier patches introduced GIC Redistributor power management for ARM platforms. This patch modifies FVP power management to power down Redistributor during CPU power on/off. Change-Id: I2adb9c50a7dd750019fe3b4e576b5d5fc364bffb Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
As with other ARM platform GIC APIs, these directly invoke the GICv3 driver APIs for Redistributor power management. For the sake of uniform GIC API, empty stubs are placed for those GIC drivers that lack Redistributor component. Change-Id: Iad0d760d4dbca790998f7768cda621ff3b15a864 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
Some GICv3 implementations have provision for power management operations at Redistributor level. This patch introduces and provides place-holders for Redistributor power management. The default implementations are empty stubs, but are weakly bound so as to enable implementation-specific drivers to override them. Change-Id: I4fec1358693d3603ca5dce242a2f7f0e730516d8 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-