1. 11 Oct, 2017 1 commit
    • Soby Mathew's avatar
      ARM platforms: Add support for EL3 TZC memory region · a22dffc6
      Soby Mathew authored
      
      
      Some recent enhancements to EL3 runtime firmware like support for
      save and restoring GICv3 register context during system_suspend
      necessitates additional data memory for the firmware. This patch
      introduces support for creating a TZC secured DDR carveout for use
      by ARM reference platforms. A new linker section `el3_tzc_dram` is
      created using platform supplied linker script and data marked with
      the attribute `arm_el3_tzc_dram` will be placed in this section.
      The FVP makefile now defines the `PLAT_EXTRA_LD_SCRIPT` variable to
      allow inclusion of the platform linker script by the top level BL31
      linker script.
      
      Change-Id: I0e7f4a75a6ac51419c667875ff2677043df1585d
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      a22dffc6
  2. 05 Oct, 2017 1 commit
    • Soby Mathew's avatar
      GICv3: add functions for save and restore · ebf1ca10
      Soby Mathew authored
      
      
      During system suspend, the GICv3 Distributor and Redistributor context
      can be lost due to power gating of the system power domain. This means
      that the GICv3 context needs to be saved prior to system suspend and
      restored on wakeup. Currently the consensus is that the Firmware should
      be in charge of this. See tf-issues#464 for more details.
      
      This patch introduces helper APIs in the GICv3 driver to save and
      restore the Distributor and Redistributor contexts. The GICv3 ITS
      context is not considered in this patch because the specification says
      that the details of ITS power management is implementation-defined.
      These APIs are expected to be appropriately invoked by the platform
      layer during system suspend.
      
      Fixes ARM-software/tf-issues#464
      
      Change-Id: Iebb9c6770ab8c4d522546f161fa402d2fe02ec00
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      ebf1ca10
  3. 04 Oct, 2017 1 commit
    • Jeenu Viswambharan's avatar
      TSP: Support multi-threading CPUs on FVP · 5e4ca661
      Jeenu Viswambharan authored
      Commit 11ad8f20
      
       added supporting
      multi-threaded CPUs on FVP platform, including modifications for
      calculating CPU IDs. This patch imports the strong definition of the
      same CPU ID calculation on FVP platform for TSP.
      
      Without this patch, TSP on FVP was using the default CPU ID calculation,
      which would end up being wrong on CPUs with multi-threading.
      
      Change-Id: If67fd492dfce1f57224c9e693988c4b0f89a9a9a
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      5e4ca661
  4. 25 Sep, 2017 2 commits
    • Roberto Vargas's avatar
      mem_protect: Add DRAM2 to the list of mem protected ranges · b09ba056
      Roberto Vargas authored
      
      
      On ARM platforms, the maximum size of the address space is limited
      to 32-bits as defined in arm_def.h. In order to access DRAM2, which
      is defined beyond the 32-bit address space, the maximum address space
      is increased to 36-bits in AArch64. It is possible to increase the
      virtual space for AArch32, but it is more difficult and not supported
      for now.
      
      NOTE - the actual maximum memory address space is platform dependent
      and is checked at run-time by querying the PARange field in the
      ID_AA64MMFR0_EL1 register.
      
      Change-Id: I6cb05c78a63b1fed96db9a9773faca04a5b93d67
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      b09ba056
    • Roberto Vargas's avatar
      mem_protect: Add mem_protect support in Juno and FVP for DRAM1 · f145403c
      Roberto Vargas authored
      
      
      mem_protect needs some kind of non-volatile memory because it has
      to remember its state across reset and power down events.
      The most suitable electronic part for this feature is a NVRAM
      which should be only accesible from the secure world. Juno and
      FVP lack such hardware and for this reason the MEM_PROTECT
      functionality is implemented with Flash EEPROM memory on both
      boards, even though this memory is accesible from the non-secure
      world. This is done only to show a full implementation of
      these PSCI features, but an actual system shouldn't use a
      non-secure NVRAM to implement it.
      
      The EL3 runtime software will write the mem_protect flag and BL2
      will read and clear the memory ranges if enabled. It is done in
      BL2 because it reduces the time that TF needs access to the full
      non-secure memory.
      
      The memory layout of both boards is defined using macros which
      take different values in Juno and FVP platforms. Generic platform
      helpers are added that use the platform specific macros to generate
      a mem_region_t that is valid for the platform.
      
      Change-Id: I2c6818ac091a2966fa07a52c5ddf8f6fde4941e9
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      f145403c
  5. 22 Sep, 2017 2 commits
  6. 21 Sep, 2017 1 commit
  7. 07 Sep, 2017 1 commit
  8. 06 Sep, 2017 4 commits
    • Soby Mathew's avatar
      CSS: Changes for SDS framework · 18e279eb
      Soby Mathew authored
      
      
      This patch does the required changes to enable CSS platforms
      to build and use the SDS framework. Since SDS is always coupled with
      SCMI protocol, the preexisting SCMI build flag is now renamed to
      `CSS_USE_SCMI_SDS_DRIVER` which will enable both SCMI and SDS on
      CSS platforms. Also some of the workarounds applied for SCMI are
      now removed with SDS in place.
      
      Change-Id: I94e8b93f05e3fe95e475c5501c25bec052588a9c
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      18e279eb
    • Soby Mathew's avatar
      SDS: Introduce the sds drivers · 9bedda4a
      Soby Mathew authored
      
      
      This patch introduces the driver for Shared-Data-Structure (SDS)
      framework which will be used for communication between SCP and AP
      CPU. The SDS framework is intended to replace the Boot-Over-MHU
      (BOM) protocol used currently for the communication
      
      Change-Id: Ic174291121f4e581b174cce3389d22d6435f7269
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      9bedda4a
    • Soby Mathew's avatar
      Split CSS makefile for sp_min on Juno · 0a04c69a
      Soby Mathew authored
      
      
      This patch factors out common files required for sp_min for all CSS
      platforms from the JUNO specific makefile to a the new `css_sp_min.mk`
      makefile. This also allows the common build options that affect CSS
      platforms to be configured in a central makefile for sp_min.
      
      Change-Id: Ida952d8833b1aa5eda77ae0a6664a4632aeab24c
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      0a04c69a
    • Roberto Vargas's avatar
      juno: Fix bug in plat_get_my_entrypoint · d9b7636e
      Roberto Vargas authored
      
      
      plat_get_my_entrypoint was branching to juno_do_reset_to_aarch_32_state,
      which is not supposed to return, and in case of returning it implemented
      an infinite loop. The problem was that plat_get_my_entrypoint was using
      "b" instead of "bl", so juno_do_reset_to_aarch_32_state was returning to
      the caller of plat_get_my_entrypoint instead of stop the system with a
      panic.
      
      To avoid this problem juno_do_reset_to_aarch_32_state was modified to
      call directly to plat_panic_handler if it tries to return.
      
      Change-Id: I591cf2dd78d27d8568fb15b91366e4b3dce027b5
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      d9b7636e
  9. 05 Sep, 2017 1 commit
  10. 31 Aug, 2017 3 commits
    • Soby Mathew's avatar
      Export KEY_ALG as a user build option · 2091755c
      Soby Mathew authored
      
      
      The `KEY_ALG` variable is used to select the algorithm for key
      generation by `cert_create` tool for signing the certificates. This
      variable was previously undocumented and did not have a global default
      value. This patch corrects this and also adds changes to derive the
      value of `TF_MBEDTLS_KEY_ALG` based on `KEY_ALG` if it not set by the
      platform. The corresponding assignment of these variables are also now
      removed from the `arm_common.mk` makefile.
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      Change-Id: I78e2d6f4fc04ed5ad35ce2266118afb63127a5a4
      2091755c
    • Sandrine Bailleux's avatar
      ARM platforms: Map TSP only when TSPD is included · 3eb2d672
      Sandrine Bailleux authored
      
      
      This patch ensures that the ARM_MAP_TSP_SEC_MEM memory region is mapped
      in BL2 only if the TSPD has been included in the build. This saves one
      entry in the plat_arm_mmap[] array and avoids to map extra memory when
      it's not needed.
      
      Change-Id: I6ae60822ff8f0de198145925b0b0d45355179a94
      Signed-off-by: default avatarAchin Gupta <achin.gupta@arm.com>
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      3eb2d672
    • Soby Mathew's avatar
      Juno: Define PLAT_LOG_LEVEL_ASSERT to LOG_LEVEL_INFO · bea363ad
      Soby Mathew authored
      
      
      This patch fixes the PLAT_LOG_LEVEL_ASSERT to 40 which corresponds
      to LOG_LEVEL_INFO. Having this level of log for assertions means that the
      `assert()` will not generate the strings implied in the expression taken
      as parameter. This allows to save some memory when Juno is built for
      LOG_LEVEL = LOG_LEVEL_VERBOSE and DEBUG = 1.
      
      Fixes ARM-software/tf-issues#511
      
      Change-Id: Id84a40f803ab07a5a8f6e587167af96694a07d04
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      bea363ad
  11. 30 Aug, 2017 1 commit
  12. 29 Aug, 2017 1 commit
    • Jeenu Viswambharan's avatar
      plat/arm: Fix ARM_INSTANTIATE_LOCK syntax anomaly · 19583169
      Jeenu Viswambharan authored
      
      
      The current definition of ARM_INSTANTIATE_LOCK macro includes a
      semicolon, which means it's omitted where it's used. This is anomalous
      for a C statement in global scope.
      
      Fix this by removing semicolon from the definition; and where it's a
      NOP, declare a file-scoped variable explicitly tagged as unused to avoid
      compiler warning.
      
      No functional changes.
      
      Change-Id: I2c1d92ece4777e272a025011e03b8003f3543335
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      19583169
  13. 25 Aug, 2017 1 commit
  14. 23 Aug, 2017 2 commits
    • Isla Mitchell's avatar
      FVP: Always assume shifted affinity with MT bit · 8431635b
      Isla Mitchell authored
      
      
      At present, the MPIDR validation on FVP relies on MT bit set along
      with shifted affinities. This currently is additionally dependent
      on the FVP model being of variant C. This however should be based
      on the presence of MT bit alone.
      
      This patch makes the change to always assume that the affinities
      are shifted in the FVP model when MT bit is present.
      
      Change-Id: I09fcb0126e1b38d29124bdeaf3450a60b95d485d
      Signed-off-by: default avatarIsla Mitchell <isla.mitchell@arm.com>
      8431635b
    • Roberto Vargas's avatar
      norflash: Add full status check · 3bbe34e5
      Roberto Vargas authored
      
      
      The nor_XXXXX functions may fail due to different reasons, and it
      is convenient to do a full check to detect any failure. It is also
      a good idea to have a specific function to do a full status check,
      because new checks can be added to this function and they will be
      incorporated automatically to any function calling it.
      
      Change-Id: I54fed913e37ef574c1608e94139a519426348d12
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      3bbe34e5
  15. 22 Aug, 2017 4 commits
  16. 09 Aug, 2017 2 commits
    • Summer Qin's avatar
      Add Trusted OS extra image parsing support for ARM standard platforms · 54661cd2
      Summer Qin authored
      
      
      Trusted OS may have extra images to be loaded. Load them one by one
      and do the parsing. In this patch, ARM TF need to load up to 3 images
      for optee os: header, pager and paged images. Header image is the info
      about optee os and images. Pager image include pager code and data.
      Paged image include the paging parts using virtual memory.
      
      Change-Id: Ia3bcfa6d8a3ed7850deb5729654daca7b00be394
      Signed-off-by: default avatarSummer Qin <summer.qin@arm.com>
      54661cd2
    • Summer Qin's avatar
      Support Trusted OS firmware extra images in TF tools · 71fb3964
      Summer Qin authored
      
      
      Since Trusted OS firmware may have extra images, need to
      assign new uuid and image id for them.
      The TBBR chain of trust has been extended to add support
      for the new images within the existing Trusted OS firmware
      content certificate.
      
      Change-Id: I678dac7ba1137e85c5779b05e0c4331134c10e06
      Signed-off-by: default avatarSummer Qin <summer.qin@arm.com>
      71fb3964
  17. 02 Aug, 2017 1 commit
    • Jeenu Viswambharan's avatar
      FVP: Support Base FVP RevC · 955242d8
      Jeenu Viswambharan authored
      
      
      Revision C of the Base FVP has the same memory map as earlier revisions,
      but has the following differences:
      
        - Implements CCI550 instead of CCI400,
        - Has a single instantiation of SMMUv3,
        - CPU MPIDs are shifted left by one level, and has MT bit set in them.
      
      The correct interconnect to program is chosen at run time based on the
      FVP revision. Therefore, this patch implements FVP functions for
      interconnect programming, rather than depending on ARM generic ones. The
      macros used have been renamed to reflect this change.
      
      Additionally, this patch initializes SMMUv3 as part of FVP early
      platform setup.
      
      New ARM config flags are introduced for feature queries at run time.
      
      Change-Id: Ic7b7f080953a51fceaf62ce7daa6de0573801f09
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      955242d8
  18. 01 Aug, 2017 2 commits
    • Jeenu Viswambharan's avatar
      FVP: Remove CCI registers from crash dump · eeb9ff99
      Jeenu Viswambharan authored
      
      
      The CCI crash dump macros assumes CCI base at build time. Since this
      can't be the case for CCI on FVP, choose not to register dump CCI
      registers for FVP.
      
      Change-Id: I7374a037e7fd0a85b138e84b3cf0aa044262da97
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      eeb9ff99
    • Jeenu Viswambharan's avatar
      FVP: Add support for multi-threaded CPUs · 11ad8f20
      Jeenu Viswambharan authored
      
      
      ARM CPUs with multi-threading implementation has more than one
      Processing Element in a single physical CPU. Such an implementation will
      reflect the following changes in the MPIDR register:
      
        - The MT bit set;
      
        - Affinity levels pertaining to cluster and CPUs occupy one level
          higher than in a single-threaded implementation, and the lowest
          affinity level pertains to hardware threads. MPIDR affinity level
          fields essentially appear shifted to left than otherwise.
      
      The FVP port henceforth assumes that both properties above to be
      concomitant on a given FVP platform.
      
      To accommodate for varied MPIDR formats at run time, this patch
      re-implements the FVP platform-specific functions that translates MPIDR
      values to a linear indices, along with required validation. The same
      treatment is applied for GICv3 MPIDR hashing function as well.
      
      An FVP-specific build option FVP_MAX_PE_PER_CPU is introduced which
      specifies the maximum number of threads implemented per CPU. For
      backwards compatibility, its value defaults to 1.
      
      Change-Id: I729b00d3e121d16ce9a03de4f9db36dfac580e3f
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      11ad8f20
  19. 25 Jul, 2017 1 commit
  20. 20 Jul, 2017 3 commits
    • Soby Mathew's avatar
      CSS: Prevent SCP_BL2/2U from overwriting BL1 RW data · 1ea63d77
      Soby Mathew authored
      
      
      On ARM CSS platforms, the SCP_BL2/2U image is loaded below
      BL1 read-write data. This same memory is used to load BL31
      later on. But sufficient checks were not done to ensure that the
      SCP_BL2 would not overwrite BL1 rw data. This patch adds the
      required CASSERT checks to prevent overwrite into BL1 or BL2
      memory by load of SCP_BL2/2U. Also the size of BL31 is increased
      and SCP_BL2/2U size is decreased to accomodate it within the
      allocated region.
      
      Change-Id: I23b28b5e1589e91150852a06452bd52b273216ee
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      1ea63d77
    • Soby Mathew's avatar
      CSS: Reorganize the SCP Image transfer functionality · 74d44a49
      Soby Mathew authored
      
      
      The SCP_BL2 is transferred to SCP during BL2 image load and authenticate
      sequence. The Boot-Over-MHU (BOM) protocol is used as transport for this. After
      the SCP boots using the transferred image, the AP CPU waits till the `READY`
      message is received from SCP. This patch separates the API for transport of
      image from the wait for `READY` message and also moves the related files to
      the `css/drivers` folder. The previous API `scp_bootloader_transfer` is
      renamed to `css_scp_boot_image_xfer` to reflect the css naming convention.
      This reorganisation also allows easier switch to a different transport
      (eg: Shared Data Structure based transfer) in future
      
      Change-Id: I8a96f9c4616ffde6dbfdf7c18f6f6f8bfa40bbf0
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      74d44a49
    • Soby Mathew's avatar
      Resize the BL2 size limit for Juno · 6c401f31
      Soby Mathew authored
      
      
      Recent patches to reduce the memory footprint of BL images have
      resulted in saving several pages of memory. This patch reduces
      the BL2 size limit by 20KB for Juno when ARM_BOARD_OPTIMISE_MEM=1
      so that more free space can be freed up for Trusted OS (BL32). Also
      SCP_BL2/SCP_BL2U size is now restricted to 80K.
      
      Change-Id: I1573d7a34e24d15e4abce8a14da40dbb5dc81e37
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      6c401f31
  21. 14 Jul, 2017 1 commit
  22. 28 Jun, 2017 2 commits
    • Soby Mathew's avatar
      Use CryptoCell to set/get NVcounters and ROTPK · f143cafe
      Soby Mathew authored
      
      
      This patch implements the platform APIs plat_get_rotpk_info,
      plat_get_nv_ctr, plat_set_nv_ctr to invoke CryptoCell SBROM
      APIs when ARM_CRYPTOCELL_INT is set.
      
      Change-Id: I693556b3c7f42eceddd527abbe6111e499f55c45
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      f143cafe
    • Soby Mathew's avatar
      ARM plat changes to enable CryptoCell integration · e60f2af9
      Soby Mathew authored
      
      
      This patch makes the necessary changes to enable ARM platform to
      successfully integrate CryptoCell during Trusted Board Boot. The
      changes are as follows:
      
      * A new build option `ARM_CRYPTOCELL_INTEG` is introduced to select
        the CryptoCell crypto driver for Trusted Board boot.
      
      * The TrustZone filter settings for Non Secure DRAM is modified
        to allow CryptoCell to read this memory. This is required to
        authenticate BL33 which is loaded into the Non Secure DDR.
      
      * The CSS platforms are modified to use coherent stacks in BL1 and BL2
        when CryptoCell crypto is selected. This is because CryptoCell makes
        use of DMA to transfer data and the CryptoCell SBROM library allocates
        buffers on the stack during signature/hash verification.
      
      Change-Id: I1e6f6dcd1899784f1edeabfa2a9f279bbfb90e31
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      e60f2af9
  23. 26 Jun, 2017 2 commits
    • Dimitris Papastamos's avatar
      juno: Invalidate all caches before warm reset to AArch32 state. · 35bd2dda
      Dimitris Papastamos authored
      
      
      On Juno AArch32, the L2 cache may contain garbage after the warm reset
      from AArch64 to AArch32.  This is all fine until the MMU is configured
      and the data caches enabled.  To avoid fetching stale data from the L2
      unified cache, invalidate it before the warm reset to AArch32 state.
      
      Change-Id: I7d27e810692c02c3e83c9f31de67f6bae59a960a
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      35bd2dda
    • Dimitris Papastamos's avatar
      juno/aarch32: Restore `SCP_BOOT_CFG_ADDR` to the cold boot value · cc47e1ad
      Dimitris Papastamos authored
      
      
      Before BL2 loads the SCP ram firmware, `SCP_BOOT_CFG_ADDR` specifies
      the primary core.  After the SCP ram firmware has started executing,
      `SCP_BOOT_CFG_ADDR` is modified.  This is not normally an issue but
      the Juno AArch32 boot flow is a special case.  BL1 does a warm reset
      into AArch32 and the core jumps to the `sp_min` entrypoint.  This is
      effectively a `RESET_TO_SP_MIN` configuration.  `sp_min` has to be
      able to determine the primary core and hence we need to restore
      `SCP_BOOT_CFG_ADDR` to the cold boot value before `sp_min` runs.
      
      This magically worked when booting on A53 because the core index was
      zero and it just so happened to match with the new value in
      `SCP_BOOT_CFG_ADDR`.
      
      Change-Id: I105425c680cf6238948625c1d1017b01d3517c01
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      cc47e1ad