- 26 Jan, 2017 1 commit
-
-
David Cunado authored
With GCC 6.2 compiler, more C undefined behaviour is being flagged as warnings, which result in build errors in ARM TF build. The specific issue that this patch resolves is the use of (1 << 31), which is predominantly used in case statements, where 1 is represented as a signed int. When shifted to msb the behaviour is undefined. The resolution is to specify 1 as an unsigned int using a convenience macro ULL(). A duplicate macro MAKE_ULL() is replaced. Fixes ARM-software/tf-issues#438 Change-Id: I08e3053bbcf4c022ee2be33a75bd0056da4073e1 Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 24 Jan, 2017 5 commits
-
-
danh-arm authored
Import constant-time bcmp() and use it where necessary
-
Antonio Nino Diaz authored
To avoid timing side-channel attacks, it is needed to use a constant time memory comparison function when comparing hashes. The affected code only cheks for equality so it isn't needed to use any variant of memcmp(), bcmp() is enough. Also, timingsafe_bcmp() is as fast as memcmp() when the two compared regions are equal, so this change incurrs no performance hit in said case. In case they are unequal, the boot sequence wouldn't continue as normal, so performance is not an issue. Change-Id: I1c7c70ddfa4438e6031c8814411fef79fd3bb4df Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Some side-channel attacks involve an attacker inferring something from the time taken for a memory compare operation to complete, for example when comparing hashes during image authentication. To mitigate this, timingsafe_bcmp() must be used for such operations instead of the standard memcmp(). This function executes in constant time and so doesn't leak any timing information to the caller. Change-Id: I470a723dc3626a0ee6d5e3f7fd48d0a57b8aa5fd Signed-off-by: dp-arm <dimitris.papastamos@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
danh-arm authored
Add strnlen() to local C library
-
Sandrine Bailleux authored
This code has been imported and slightly adapted from FreeBSD: https://github.com/freebsd/freebsd/blob/6253393ad8df55730481bf2aafd76bdd6182e2f5/lib/libc/string/strnlen.c Change-Id: Ie5ef5f92e6e904adb88f8628077fdf1d27470eb3 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 23 Jan, 2017 9 commits
-
-
danh-arm authored
Correct preprocessor conditionals
-
danh-arm authored
drivers: add designware emmc driver
-
Masahiro Yamada authored
One nasty part of ATF is some of boolean macros are always defined as 1 or 0, and the rest of them are only defined under certain conditions. For the former group, "#if FOO" or "#if !FOO" must be used because "#ifdef FOO" is always true. (Options passed by $(call add_define,) are the cases.) For the latter, "#ifdef FOO" or "#ifndef FOO" should be used because checking the value of an undefined macro is strange. For AARCH32/AARCH64, these macros are defined in the top-level Makefile as follows: ifeq (${ARCH},aarch32) $(eval $(call add_define,AARCH32)) else $(eval $(call add_define,AARCH64)) endif This means only one of the two is defined. So, AARCH32/AARCH64 belongs to the latter group where we should use #ifdef or #ifndef. The conditionals are mostly coded correctly, but I see some mistakes. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
One nasty part of ATF is some of boolean macros are always defined as 1 or 0, and the rest of them are only defined under certain conditions. For the former group, "#if FOO" or "#if !FOO" must be used because "#ifdef FOO" is always true. (Options passed by $(call add_define,) are the cases.) For the latter, "#ifdef FOO" or "#ifndef FOO" should be used because checking the value of an undefined macro is strange. Here, IMAGE_BL* is handled by make_helpers/build_macro.mk like follows: $(eval IMAGE := IMAGE_BL$(call uppercase,$(3))) $(OBJ): $(2) @echo " CC $$<" $$(Q)$$(CC) $$(TF_CFLAGS) $$(CFLAGS) -D$(IMAGE) -c $$< -o $$@ This means, IMAGE_BL* is defined when building the corresponding image, but *undefined* for the other images. So, IMAGE_BL* belongs to the latter group where we should use #ifdef or #ifndef. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
danh-arm authored
Fix parallel building
-
Haojian Zhuang authored
Support Designware eMMC driver. It's based on both IO block and eMMC driver. Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
-
danh-arm authored
Fix fiptool bug introduced by recent rework
-
danh-arm authored
Update libfdt to version 1.4.2
-
danh-arm authored
Clear static variables in X509 parser on error
-
- 19 Jan, 2017 4 commits
-
-
Masahiro Yamada authored
Append . then strip /. seems clumsy. Just use $(patsubst %/,%, ). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
Soren reports build fails if -j option is given: $ make -j16 CROSS_COMPILE=aarch64-linux-gnu- Building fvp make: *** No rule to make target 'build/fvp/release/bl1/', needed by 'build/fvp/release/bl1/bl1.ld'. Stop. make: *** Waiting for unfinished jobs.... The cause of the failure is that $(dir ) leaves a trailing / on the directory names. It must be ripped off to let Make create the directory. There are some ways to fix the issue. Here, I chose to make MAKE_LD look like MAKE_C and MAKE_S because bl*_dirs seems the central place of making directories. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reported-by: Soren Brinkmann <soren.brinkmann@xilinx.com> Tested-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
-
Antonio Nino Diaz authored
In mbedtls_x509_parser.c there are some static arrays that are filled during the integrity check and then read whenever an authentication parameter is requested. However, they aren't cleared in case of an integrity check failure, which can be problematic from a security point of view. This patch clears these arrays in the case of failure. Change-Id: I9d48f5bc71fa13e5a75d6c45b5e34796ef13aaa2 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Fix the parameter type of the maintenance functions of data cache. Add missing declarations for AArch32 versions of dcsw_op_louis and dcsw_op_all to match the AAch64 ones. Change-Id: I4226e8ea4f8b2b5bc2972992c83de659ee0da52c
-
- 18 Jan, 2017 7 commits
-
-
davidcunado-arm authored
Macro cleanups
-
davidcunado-arm authored
Correct system include order
-
danh-arm authored
mt8173: Correct SPM MCDI firmware length
-
danh-arm authored
add utility macros to utils.h
-
Masahiro Yamada authored
I do not see any line that references BL32_SIZE. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
We have lots of duplicated defines (and comment blocks too). Move them to include/plat/common/common_def.h. While we are here, suffix the end address with _END instead of _LIMIT. The _END is a better fit to indicate the linker-derived real end address. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The usage of _LIMIT seems odd here, so rename as follows: BL_CODE_LIMIT --> BL_CODE_END BL_RO_DATA_LIMIT --> BL_RO_DATA_END BL1_CODE_LIMIT --> BL1_CODE_END BL1_RO_DATA_LIMIT --> BL1_RO_DATA_END Basically, we want to use _LIMIT and _END properly as follows: *_SIZE + *_MAX_SIZE = *_LIMIT *_SIZE + *_SIZE = *_END The _LIMIT is generally defined by platform_def.h to indicate the platform-dependent memory constraint. So, its typical usage is ASSERT(. <= BL31_LIMIT, "BL31 image has exceeded its limit.") in a linker script. On the other hand, _END is used to indicate the end address of the compiled image, i.e. we do not know it until the image is linked. Here, all of these macros belong to the latter, so should be suffixed with _END. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 17 Jan, 2017 1 commit
-
-
David Cunado authored
NOTE - this is patch does not address all occurrences of system includes not being in alphabetical order, just this one case. Change-Id: I3cd23702d69b1f60a4a9dd7fd4ae27418f15b7a3
-
- 16 Jan, 2017 4 commits
-
-
Antonio Nino Diaz authored
Delete old version of libfdt at lib/libfdt. Move new libfdt API headers to include/lib/libfdt and all other files to lib/libfdt. Change-Id: I32b7888f1f20d62205310e363accbef169ad7b1b Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
* Add libfdt.mk helper makefile * Remove unused libfdt files * Minor changes to fdt.h and libfdt.h to make them C99 compliant Adapted from 754d78b1 . Change-Id: I0847f1c2e6e11f0c899b0b7ecc522c0ad7de210c Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Import libfdt code from https://git.kernel.org/cgit/utils/dtc/dtc.git tag "v1.4.2" commit ec02b34c05be04f249ffaaca4b666f5246877dea. This version includes commit d0b3ab0a0f46ac929b4713da46f7fdcd893dd3bd, which fixes a buffer overflow in fdt_offset_ptr(). Change-Id: I05a30511ea68417ee7ff26477da3f99e0bd4e06b Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
When generating the list of files to check by checkpatch.pl, the list generated by `git ls-files` is filtered by a regular expression with grep. Due to a malformed regex, the dot of `.md` was considered a wildcard instead of a dot. This patch fixes this so that it matches only dots, thus allowing the two following files to be checked: * tools/cert_create/include/cmd_opt.h * tools/cert_create/src/cmd_opt.c Also extended the list of library directories to check by checkpatch to exclude any folder starting with libfdt. Change-Id: Ie7bf18efe4df29e364e5d67ba1118515304ed9a4 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 14 Jan, 2017 3 commits
-
-
Masahiro Yamada authored
The "make fip" shows the content of the generated FIP at the end of the build. (This is shown by "fiptool info" command.) Prior to commit e0f083a0 ("fiptool: Prepare ground for expanding the set of images at runtime"), the last part of the build log of make CROSS_COMPILE=aarch64-linux-gnu- BL33=../u-boot/u-boot.bin fip was like follows: Trusted Boot Firmware BL2: offset=0xB0, size=0x4188, cmdline="--tb-fw" EL3 Runtime Firmware BL31: offset=0x4238, size=0x6090, cmdline="--soc-fw" Non-Trusted Firmware BL33: offset=0xA2C8, size=0x58B51, cmdline="--nt-fw" With that commit, now it is displayed like follows: Non-Trusted Firmware BL33: offset=0xB0, size=0x58B51, cmdline="--nt-fw" EL3 Runtime Firmware BL31: offset=0x58C01, size=0x6090, cmdline="--soc-fw" Trusted Boot Firmware BL2: offset=0x5EC91, size=0x4188, cmdline="--tb-fw" You will notice two differences: - the contents are displayed in BL33, BL31, BL2 order - the offset values are wrong The latter is more serious, and means "fiptool info" is broken. Another interesting change is "fiptool update" every time reverses the image order. For example, if you input FIP with BL2, BL31, BL33 in this order, the command will pack BL33, BL31, BL2 into FIP, in this order. Of course, the order of components is not a big deal except that users will have poor impression about this. The root cause is in the implementation of add_image(); the image_head points to the last added image. For example, if you call add_image() for BL2, BL31, BL33 in this order, the resulted image chain is: image_head -> BL33 -> BL31 -> BL2 Then, they are processed from the image_head in "for" loops: for (image = image_head; image != NULL; image = image->next) { This means images are handled in Last-In First-Out manner. Interestingly, "fiptool create" is still correct because add_image_desc() also reverses the descriptor order and the command works as before due to the double reverse. The implementation of add_image() is efficient, but it made the situation too complicated. Let's make image_head point to the first added image. This will add_image() inefficient because every call of add_image() follows the ->next chain to get the tail. We can solve it by adopting a nicer linked list structure, but I am not doing as far as that because we handle only limited number of images anyway. Do likewise for add_image_desc(). Fixes: e0f083a0 ("fiptool: Prepare ground for expanding the set of images at runtime") Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Paul Kocialkowski authored
The actual length of the firmware is 1001 32 bit words. Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
-
Masahiro Yamada authored
We often want to zero out allocated memory. My main motivation for this commit is to set image::next and image_desc::next to NULL automatically in the next commit. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 13 Jan, 2017 2 commits
-
-
davidcunado-arm authored
uart: 16550: Fix getc
-
davidcunado-arm authored
fiptool: Add support for operating on binary blobs using the UUID
-
- 12 Jan, 2017 1 commit
-
-
Masahiro Yamada authored
We are duplicating this macro define, and it is useful enough to be placed in the common place. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 11 Jan, 2017 1 commit
-
-
danh-arm authored
Improve dependency file generation
-
- 10 Jan, 2017 2 commits
-
-
Nishanth Menon authored
tbz check for RDR status is to check for a bit being zero. Unfortunately, we are using a mask rather than the bit position. Further as per http://www.ti.com/lit/ds/symlink/pc16550d.pdf (page 17), LSR register bit 0 is Data ready status (RDR), not bit position 2. Update the same to match the specification. Reported-by: Sekhar Nori <nsekhar@ti.com> Signed-off-by: Nishanth Menon <nm@ti.com>
-
danh-arm authored
zynqmp: Migrate to new address space macros
-