1. 01 Feb, 2019 1 commit
  2. 31 Jan, 2019 1 commit
  3. 30 Jan, 2019 1 commit
  4. 23 Jan, 2019 1 commit
    • Sathees Balya's avatar
      plat/arm: Save BL2 descriptors to reserved memory. · 5b8d50e4
      Sathees Balya authored
      
      
      On ARM platforms, the BL2 memory can be overlaid by BL31/BL32. The memory
      descriptors describing the list of executable images are created in BL2
      R/W memory, which could be possibly corrupted later on by BL31/BL32 due
      to overlay. This patch creates a reserved location in SRAM for these
      descriptors and are copied over by BL2 before handing over to next BL
      image.
      
      Also this patch increases the PLAT_ARM_MAX_BL2_SIZE for juno when TBBR
      is enabled.
      
      Fixes ARM-Software/tf-issues#626
      
      Change-Id: I755735706fa702024b4032f51ed4895b3687377f
      Signed-off-by: default avatarSathees Balya <sathees.balya@arm.com>
      5b8d50e4
  5. 15 Jan, 2019 1 commit
  6. 04 Jan, 2019 2 commits
    • Antonio Nino Diaz's avatar
      Sanitise includes across codebase · 09d40e0e
      Antonio Nino Diaz authored
      Enforce full include path for includes. Deprecate old paths.
      
      The following folders inside include/lib have been left unchanged:
      
      - include/lib/cpus/${ARCH}
      - include/lib/el3_runtime/${ARCH}
      
      The reason for this change is that having a global namespace for
      includes isn't a good idea. It defeats one of the advantages of having
      folders and it introduces problems that are sometimes subtle (because
      you may not know the header you are actually including if there are two
      of them).
      
      For example, this patch had to be created because two headers were
      called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform
      to avoid collision."). More recently, this patch has had similar
      problems: 46f9b2c3 ("drivers: add tzc380 support").
      
      This problem was introduced in commit 4ecca339
      
       ("Move include and
      source files to logical locations"). At that time, there weren't too
      many headers so it wasn't a real issue. However, time has shown that
      this creates problems.
      
      Platforms that want to preserve the way they include headers may add the
      removed paths to PLAT_INCLUDES, but this is discouraged.
      
      Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      09d40e0e
    • Antonio Nino Diaz's avatar
      Reorganize architecture-dependent header files · f5478ded
      Antonio Nino Diaz authored
      
      
      The architecture dependant header files in include/lib/${ARCH} and
      include/common/${ARCH} have been moved to /include/arch/${ARCH}.
      
      Change-Id: I96f30fdb80b191a51448ddf11b1d4a0624c03394
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      f5478ded
  7. 03 Jan, 2019 1 commit
  8. 10 Dec, 2018 1 commit
    • Jeenu Viswambharan's avatar
      AArch64: Use SSBS for CVE_2018_3639 mitigation · 48e1d350
      Jeenu Viswambharan authored
      
      
      The Armv8.5 extensions introduces PSTATE.SSBS (Speculation Store Bypass
      Safe) bit to mitigate against Variant 4 vulnerabilities. Although an
      Armv8.5 feature, this can be implemented by CPUs implementing earlier
      version of the architecture.
      
      With this patch, when both PSTATE.SSBS is implemented and
      DYNAMIC_WORKAROUND_CVE_2018_3639 is active, querying for
      SMCCC_ARCH_WORKAROUND_2 via. SMCCC_ARCH_FEATURES call would return 1 to
      indicate that mitigation on the PE is either permanently enabled or not
      required.
      
      When SSBS is implemented, SCTLR_EL3.DSSBS is initialized to 0 at reset
      of every BL stage. This means that EL3 always executes with mitigation
      applied.
      
      For Cortex A76, if the PE implements SSBS, the existing mitigation (by
      using a different vector table, and tweaking CPU ACTLR2) is not used.
      
      Change-Id: Ib0386c5714184144d4747951751c2fc6ba4242b6
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      48e1d350
  9. 08 Nov, 2018 1 commit
    • Antonio Nino Diaz's avatar
      Standardise header guards across codebase · c3cf06f1
      Antonio Nino Diaz authored
      
      
      All identifiers, regardless of use, that start with two underscores are
      reserved. This means they can't be used in header guards.
      
      The style that this project is now to use the full name of the file in
      capital letters followed by 'H'. For example, for a file called
      "uart_example.h", the header guard is UART_EXAMPLE_H.
      
      The exceptions are files that are imported from other projects:
      
      - CryptoCell driver
      - dt-bindings folders
      - zlib headers
      
      Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      c3cf06f1
  10. 02 Nov, 2018 2 commits
  11. 01 Nov, 2018 1 commit
  12. 29 Oct, 2018 2 commits
    • Soby Mathew's avatar
      PIE: Position Independant Executable support for BL31 · 931f7c61
      Soby Mathew authored
      
      
      This patch introduces Position Independant Executable(PIE) support
      in TF-A. As a initial prototype, only BL31 can support PIE. A trivial
      dynamic linker is implemented which supports fixing up Global Offset
      Table(GOT) and Dynamic relocations(.rela.dyn). The fixup_gdt_reloc()
      helper function implements this linker and this needs to be called
      early in the boot sequence prior to invoking C functions. The GOT is
      placed in the RO section of BL31 binary for improved security and the
      BL31 linker script is modified to export the appropriate symbols
      required for the dynamic linker.
      
      The C compiler always generates PC relative addresses to linker symbols
      and hence referencing symbols exporting constants are a problem when
      relocating the binary. Hence the reference to the
      `__PERCPU_TIMESTAMP_SIZE__` symbol in PMF is removed and is now calculated
      at runtime based on start and end addresses.
      
      Change-Id: I1228583ff92cf432963b7cef052e95d995cca93d
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      931f7c61
    • Soby Mathew's avatar
      PIE: Use PC relative adrp/adr for symbol reference · f1722b69
      Soby Mathew authored
      
      
      This patch fixes up the AArch64 assembly code to use
      adrp/adr instructions instead of ldr instruction for
      reference to symbols. This allows these assembly
      sequences to be Position Independant. Note that the
      the reference to sizes have been replaced with
      calculation of size at runtime. This is because size
      is a constant value and does not depend on execution
      address and using PC relative instructions for loading
      them makes them relative to execution address. Also
      we cannot use `ldr` instruction to load size as it
      generates a dynamic relocation entry which must *not*
      be fixed up and it is difficult for a dynamic loader
      to differentiate which entries need to be skipped.
      
      Change-Id: I8bf4ed5c58a9703629e5498a27624500ef40a836
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      f1722b69
  13. 26 Oct, 2018 1 commit
  14. 19 Oct, 2018 1 commit
    • Soby Mathew's avatar
      Multi-console: Deprecate the `finish_console_register` macro · cc5859ca
      Soby Mathew authored
      
      
      The `finish_console_register` macro is used by the multi console
      framework to register the `console_t` driver callbacks. It relied
      on weak references to the `ldr` instruction to populate 0 to the
      callback in case the driver has not defined the appropriate
      function. Use of `ldr` instruction to load absolute address to a
      reference makes the binary position dependant. These instructions
      should be replaced with adrp/adr instruction for position independant
      executable(PIE). But adrp/adr instructions don't work well with weak
      references as described in GNU ld bugzilla issue 22589.
      
      This patch defines a new version of `finish_console_register` macro
      which can spcify which driver callbacks are valid and deprecates the
      old one. If any of the argument is not specified, then the macro
      populates 0 for that callback. Hence the functionality of the previous
      deprecated macro is preserved. The USE_FINISH_CONSOLE_REG_2 define
      is used to select the new variant of the macro and will be removed
      once the deprecated variant is removed.
      
      All the upstream console drivers have been migrated to use the new
      macro in this patch.
      
      NOTE: Platforms be aware that the new variant of the
      `finish_console_register` should be used and the old variant is
      deprecated.
      
      Change-Id: Ia6a67aaf2aa3ba93932992d683587bbd0ad25259
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      cc5859ca
  15. 16 Oct, 2018 1 commit
    • Jeenu Viswambharan's avatar
      AArch64: Enable lower ELs to use pointer authentication · 3ff4aaac
      Jeenu Viswambharan authored
      
      
      Pointer authentication is an Armv8.3 feature that introduces
      instructions that can be used to authenticate and verify pointers.
      
      Pointer authentication instructions are allowed to be accessed from all
      ELs but only when EL3 explicitly allows for it; otherwise, their usage
      will trap to EL3. Since EL3 doesn't have trap handling in place, this
      patch unconditionally disables all related traps to EL3 to avoid
      potential misconfiguration leading to an unhandled EL3 exception.
      
      Fixes ARM-software/tf-issues#629
      
      Change-Id: I9bd2efe0dc714196f503713b721ffbf05672c14d
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      3ff4aaac
  16. 15 Oct, 2018 1 commit
  17. 11 Oct, 2018 1 commit
  18. 10 Oct, 2018 1 commit
  19. 09 Oct, 2018 1 commit
  20. 04 Oct, 2018 1 commit
  21. 28 Sep, 2018 3 commits
  22. 21 Sep, 2018 1 commit
  23. 30 Aug, 2018 4 commits
  24. 22 Aug, 2018 3 commits
  25. 20 Aug, 2018 1 commit
  26. 03 Aug, 2018 1 commit
    • Roberto Vargas's avatar
      Add support for romlib in the build system · 5accce5b
      Roberto Vargas authored
      
      
      Romlib is a new image that is stored in ROM and contains the code of
      several libraries that can be shared between different images. All
      the functions within in the library are accessed using a jump table
      which allows to update the romlib image whithout changing the binary
      compatibility. This jump table can be also stored in RAM and it can
      allow to patch a romlib with potential bugs fixes..
      
      Change-Id: If980ccdaca24b7aaca900e32acc68baf6f94ab35
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      5accce5b
  27. 13 Jul, 2018 1 commit
    • Sandrine Bailleux's avatar
      Run compiler on debug macros for type checking · cf24229e
      Sandrine Bailleux authored
      
      
      Even if the log output is too low for a message to be printed out on
      the console by the debug macros, it should still be evaluated by the
      compiler to get some type checking and validation of the format
      specifiers. To do so, introduce the no_tf_log() macro that encloses
      the call to tf_log() in an always-false condition.
      
      This avoids the problem of discovering build issues only when we build
      the firmware with the right LOG_LEVEL value.
      
      Change-Id: Ic0fd252ab691d0187fd925756a4837aca1cbfd7b
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      cf24229e
  28. 11 Jul, 2018 2 commits
    • Roberto Vargas's avatar
      Add end_vector_entry assembler macro · a9203eda
      Roberto Vargas authored
      
      
      Check_vector_size checks if the size of the vector fits
      in the size reserved for it. This check creates problems in
      the Clang assembler. A new macro, end_vector_entry, is added
      and check_vector_size is deprecated.
      
      This new macro fills the current exception vector until the next
      exception vector. If the size of the current vector is bigger
      than 32 instructions then it gives an error.
      
      Change-Id: Ie8545cf1003a1e31656a1018dd6b4c28a4eaf671
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      a9203eda
    • Roberto Vargas's avatar
      Remove .func and .endfunc assembler directives · b2805dab
      Roberto Vargas authored
      
      
      These directives are only used when stabs debugging information
      is used, but we use ELF which uses DWARF debugging information.
      Clang assembler doesn't support these directives, and removing
      them makes the code more compatible with clang.
      
      Change-Id: I2803f22ebd24c0fe248e04ef1b17de9cec5f89c4
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      b2805dab
  29. 27 Jun, 2018 1 commit
    • Jeenu Viswambharan's avatar
      xlat v2: Split MMU setup and enable · 0cc7aa89
      Jeenu Viswambharan authored
      
      
      At present, the function provided by the translation library to enable
      MMU constructs appropriate values for translation library, and programs
      them to the right registers. The construction of initial values,
      however, is only required once as both the primary and secondaries
      program the same values.
      
      Additionally, the MMU-enabling function is written in C, which means
      there's an active stack at the time of enabling MMU. On some systems,
      like Arm DynamIQ, having active stack while enabling MMU during warm
      boot might lead to coherency problems.
      
      This patch addresses both the above problems by:
      
        - Splitting the MMU-enabling function into two: one that sets up
          values to be programmed into the registers, and another one that
          takes the pre-computed values and writes to the appropriate
          registers. With this, the primary effectively calls both functions
          to have the MMU enabled, but secondaries only need to call the
          latter.
      
        - Rewriting the function that enables MMU in assembly so that it
          doesn't use stack.
      
      This patch fixes a bunch of MISRA issues on the way.
      
      Change-Id: I0faca97263a970ffe765f0e731a1417e43fbfc45
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      0cc7aa89