- 29 Jan, 2018 1 commit
-
-
Sandrine Bailleux authored
This patch maps the devices in the first GB of the system address map on the FVP into the S-EL1&0 translation regime when SPM support is enabled. This grants the Secure Partition access to the devices in this region, for example the memory-mapped Generic Timer device. Change-Id: I3aeea65f859ecbe83efde2acee20c55500c451bc Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 18 Jan, 2018 2 commits
-
-
Roberto Vargas authored
This patch modifies the makefiles to avoid the definition of BL1_SOURCES and BL2_SOURCES in the tbbr makefiles, and it lets to the platform makefiles to define them if they actually need these images. In the case of BL2_AT_EL3 BL1 will not be needed usually because the Boot ROM will jump directly to BL2. Change-Id: Ib6845a260633a22a646088629bcd7387fe35dcf9 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
This patch add supports for the new API added for BL2 at EL3 for FVP. We don't have a non-TF Boot ROM for FVP, but this option can be tested setting specific parameters in the model. The bl2 image is loaded directly in memory instead of being loaded by a non-TF Boot ROM and the reset address is changed: --data cluster0.cpu0=bl2.bin@0x4001000 -C cluster0.cpu0.RVBAR=0x4001000 These parameters mean that in the cold boot path the processor will jump to BL2 again. For this reason, BL2 is loaded in dram in this case, to avoid other images reclaiming BL2 memory. Change-Id: Ieb2ff8535a9e67ccebcd8c2212cad366e7776422 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 11 Jan, 2018 1 commit
-
-
Dimitris Papastamos authored
Change-Id: I504d3f65ca5829bc1f4ebadb764931f8379ee81f Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 19 Dec, 2017 1 commit
-
-
Jeenu Viswambharan authored
With this patch, ARM platforms are expected to define the macros PLAT_ARM_SDEI_PRIVATE_EVENTS and PLAT_ARM_SDEI_SHARED_EVENTS as a list of private and shared events, respectively. This allows for individual platforms to define their own events. Change-Id: I66851fdcbff83fd9568c2777ade9eb12df284b49 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 06 Dec, 2017 2 commits
-
-
Antonio Nino Diaz authored
After returning from SYSTEM_SUSPEND state, BL31 reconfigures the TrustZone Controller during the boot sequence. If BL31 is placed in TZC-secured DRAM, it will try to change the permissions of the memory it is being executed from, causing an exception. The solution is to disable SYSTEM_SUSPEND when the Trusted Firmware has been compiled with ``ARM_BL31_IN_DRAM=1``. Change-Id: I96dc50decaacd469327c6b591d07964726e58db4 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Common code mustn't include ARM platforms headers. Change-Id: Ib6e4f5a77c2d095e6e8c3ad89c89cb1959cd3043 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 30 Nov, 2017 1 commit
-
-
David Cunado authored
Pre-v8.2 platforms such as the Juno platform does not have the Scalable Vector Extensions implemented and so the build option ENABLE_SVE is set to zero. This has a minor performance improvement with no functional impact. Change-Id: Ib072735db7a0247406f8b60e325b7e28b1e04ad1 Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 29 Nov, 2017 3 commits
-
-
Soby Mathew authored
The bl2_early_platform_setup() and bl2_platform_setup() were redefined for Juno AArch32 eventhough CSS platform layer had same definition for them. The CSS definitions definitions were previously restricted to EL3_PAYLOAD_BASE builds and this is now modified to include the Juno AArch32 builds as well thus allowing us to remove the duplicate definitions in Juno platform layer. Change-Id: Ibd1d8c1428cc1d51ac0ba90f19f5208ff3278ab5 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Soby Mathew authored
This patch fixes a couple of issues for AArch32 builds on ARM reference platforms : 1. The arm_def.h previously defined the same BL32_BASE value for AArch64 and AArch32 build. Since BL31 is not present in AArch32 mode, this meant that the BL31 memory is empty when built for AArch32. Hence this patch allocates BL32 to the memory region occupied by BL31 for AArch32 builds. As a side-effect of this change, the ARM_TSP_RAM_LOCATION macro cannot be used to control the load address of BL32 in AArch32 mode which was never the intention of the macro anyway. 2. A static assert is added to sp_min linker script to check that the progbits are within the bounds expected when overlaid with other images. 3. Fix specifying `SPD` when building Juno for AArch32 mode. Due to the quirks involved when building Juno for AArch32 mode, the build option SPD needed to specifed. This patch corrects this and also updates the documentation in the user-guide. 4. Exclude BL31 from the build and FIP when building Juno for AArch32 mode. As a result the previous assumption that BL31 must be always present is removed and the certificates for BL31 is only generated if `NEED_BL31` is defined. Change-Id: I1c39bbc0abd2be8fbe9f2dea2e9cb4e3e3e436a8 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Dimitris Papastamos authored
Change-Id: I96de88f44c36681ad8a70430af8e01016394bd14 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 20 Nov, 2017 1 commit
-
-
Dimitris Papastamos authored
Factor out SPE operations in a separate file. Use the publish subscribe framework to drain the SPE buffers before entering secure world. Additionally, enable SPE before entering normal world. A side effect of this change is that the profiling buffers are now only drained when a transition from normal world to secure world happens. Previously they were drained also on return from secure world, which is unnecessary as SPE is not supported in S-EL1. Change-Id: I17582c689b4b525770dbb6db098b3a0b5777b70a Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 13 Nov, 2017 1 commit
-
-
Jeenu Viswambharan authored
The function arm_validate_ns_entrypoint() validates a given non-secure physical address. This function however specifically returns PSCI error codes. Non-secure physical address validation is potentially useful across ARM platforms, even for non-PSCI use cases. Therefore make this function common by returning 0 for success or -1 otherwise. Having made the function common, make arm_validate_psci_entrypoint() a wrapper around arm_validate_ns_entrypoint() which only translates return value into PSCI error codes. This wrapper is now used where arm_validate_ns_entrypoint() was currently used for PSCI entry point validation. Change-Id: Ic781fc3105d6d199fd8f53f01aba5baea0ebc310 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 09 Nov, 2017 1 commit
-
-
Antonio Nino Diaz authored
This initial port of the Secure Partitions Manager to FVP supports BL31 in both SRAM and Trusted DRAM. A document with instructions to build the SPM has been added. Change-Id: I4ea83ff0a659be77f2cd72eaf2302cdf8ba98b32 Co-authored-by: Douglas Raillard <douglas.raillard@arm.com> Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Co-authored-by: Achin Gupta <achin.gupta@arm.com> Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 25 Oct, 2017 1 commit
-
-
Qixiang Xu authored
For Trusted Board Boot, BL2 needs more space to support the ECDSA and ECDSA+RSA algorithms. Change-Id: Ie7eda9a1315ce836dbc6d18d6588f8d17891a92d Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
-
- 16 Oct, 2017 1 commit
-
-
Jeenu Viswambharan authored
An earlier patch added provision for the platform to provide secure interrupt properties. ARM platforms already has a list of interrupts that fall into different secure groups. This patch defines macros that enumerate interrupt properties in the same fashion, and points the driver driver data to a list of interrupt properties rather than list of secure interrupts on ARM platforms. The deprecated interrupt list definitions are however retained to support legacy builds. Configuration applied to individual interrupts remain unchanged, so no runtime behaviour change expected. NOTE: Platforms that use the arm/common function plat_arm_gic_driver_init() must replace their PLAT_ARM_G1S_IRQS and PLAT_ARM_G0_IRQS macro definitions with PLAT_ARM_G1S_IRQ_PROPS and PLAT_ARM_G0_IRQ_PROPS macros respectively, using the provided INTR_PROP_DESC macro. Change-Id: I24d643b83e3333753a3ba97d4b6fb71e16bb0952 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 11 Oct, 2017 2 commits
-
-
Soby Mathew authored
Provides GICv3 save/restore feature to arm_system_pwr_domain_resume and arm_system_pwr_domain_save functions. Introduce FVP PSCI power level 3 (System level) support. This is solely done to provide example code on how to use the GICv3 save and restore helpers. Also make CSS GICv3 platforms power off the Redistributor on SYSTEM SUSPEND as its state is saved and restored. Change-Id: I0d852f3af8824edee1a17c085cf593ddd33a4e77 Signed-off-by: Soby Mathew <soby.mathew@arm.com> Co-Authored-by: Douglas Raillard <douglas.raillard@arm.com>
-
Soby Mathew authored
Some recent enhancements to EL3 runtime firmware like support for save and restoring GICv3 register context during system_suspend necessitates additional data memory for the firmware. This patch introduces support for creating a TZC secured DDR carveout for use by ARM reference platforms. A new linker section `el3_tzc_dram` is created using platform supplied linker script and data marked with the attribute `arm_el3_tzc_dram` will be placed in this section. The FVP makefile now defines the `PLAT_EXTRA_LD_SCRIPT` variable to allow inclusion of the platform linker script by the top level BL31 linker script. Change-Id: I0e7f4a75a6ac51419c667875ff2677043df1585d Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 05 Oct, 2017 1 commit
-
-
Soby Mathew authored
During system suspend, the GICv3 Distributor and Redistributor context can be lost due to power gating of the system power domain. This means that the GICv3 context needs to be saved prior to system suspend and restored on wakeup. Currently the consensus is that the Firmware should be in charge of this. See tf-issues#464 for more details. This patch introduces helper APIs in the GICv3 driver to save and restore the Distributor and Redistributor contexts. The GICv3 ITS context is not considered in this patch because the specification says that the details of ITS power management is implementation-defined. These APIs are expected to be appropriately invoked by the platform layer during system suspend. Fixes ARM-software/tf-issues#464 Change-Id: Iebb9c6770ab8c4d522546f161fa402d2fe02ec00 Signed-off-by: Soby Mathew <soby.mathew@arm.com> Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 04 Oct, 2017 1 commit
-
-
Jeenu Viswambharan authored
Commit 11ad8f20 added supporting multi-threaded CPUs on FVP platform, including modifications for calculating CPU IDs. This patch imports the strong definition of the same CPU ID calculation on FVP platform for TSP. Without this patch, TSP on FVP was using the default CPU ID calculation, which would end up being wrong on CPUs with multi-threading. Change-Id: If67fd492dfce1f57224c9e693988c4b0f89a9a9a Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 25 Sep, 2017 2 commits
-
-
Roberto Vargas authored
On ARM platforms, the maximum size of the address space is limited to 32-bits as defined in arm_def.h. In order to access DRAM2, which is defined beyond the 32-bit address space, the maximum address space is increased to 36-bits in AArch64. It is possible to increase the virtual space for AArch32, but it is more difficult and not supported for now. NOTE - the actual maximum memory address space is platform dependent and is checked at run-time by querying the PARange field in the ID_AA64MMFR0_EL1 register. Change-Id: I6cb05c78a63b1fed96db9a9773faca04a5b93d67 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
mem_protect needs some kind of non-volatile memory because it has to remember its state across reset and power down events. The most suitable electronic part for this feature is a NVRAM which should be only accesible from the secure world. Juno and FVP lack such hardware and for this reason the MEM_PROTECT functionality is implemented with Flash EEPROM memory on both boards, even though this memory is accesible from the non-secure world. This is done only to show a full implementation of these PSCI features, but an actual system shouldn't use a non-secure NVRAM to implement it. The EL3 runtime software will write the mem_protect flag and BL2 will read and clear the memory ranges if enabled. It is done in BL2 because it reduces the time that TF needs access to the full non-secure memory. The memory layout of both boards is defined using macros which take different values in Juno and FVP platforms. Generic platform helpers are added that use the platform specific macros to generate a mem_region_t that is valid for the platform. Change-Id: I2c6818ac091a2966fa07a52c5ddf8f6fde4941e9 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 22 Sep, 2017 2 commits
-
-
Qixiang Xu authored
- fixed compile error when KEY_ALG=ecdsa - add new option ecdsa for TF_MBEDTLS_KEY_ALG - add new option devel_ecdsa for ARM_ROTPK_LOCATION - add ecdsa key at plat/arm/board/common/rotpk/ - reduce the mbedtls heap memory size to 13k Change-Id: I3f7a6170af93fdbaaa7bf2fffb4680a9f6113c13 Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
-
Qixiang Xu authored
For Trusted Board Boot, BL1 RW section and BL2 need more space to support the ECDSA algorithm. Specifically, PLAT_ARM_MAX_BL1_RW_SIZE is increased on ARM platforms. And on the Juno platform: - BL2 size, PLAT_ARM_MAX_BL2_SIZE is increased. - SCP_BL2 is loaded into the space defined by BL31_BASE -> BL31_RW_BASE. In order to maintain the same size space for SCP_BL2,PLAT_ARM_MAX_BL31_SIZE is increased. Change-Id: I379083f918b40ab1c765da4e71780d89f0058040 Co-Authored-By: David Cunado <david.cunado@arm.com> Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
-
- 21 Sep, 2017 1 commit
-
-
Sandrine Bailleux authored
platform_def.h doesn't need all the definitions in utils.h, the ones in utils_def.h are enough. This patch is related to the changes introduced by commit 53d9c9c8 . Change-Id: I4b2ff237a2d7fe07a7230e0e49b44b3fc2ca8abe Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 07 Sep, 2017 1 commit
-
-
Eleanor Bonnici authored
Earlier patches added errata workarounds 859972 for Cortex-A72, and 859972 for Cortex-A57 CPUs. Explicitly disable the workaround for Juno. Also reorganize errata workaround flags. No functional changes. Change-Id: I3fe3745de57d77e5bf52012826d3969fe5d4844e Signed-off-by: Eleanor Bonnici <Eleanor.bonnici@arm.com> Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 06 Sep, 2017 3 commits
-
-
Soby Mathew authored
This patch does the required changes to enable CSS platforms to build and use the SDS framework. Since SDS is always coupled with SCMI protocol, the preexisting SCMI build flag is now renamed to `CSS_USE_SCMI_SDS_DRIVER` which will enable both SCMI and SDS on CSS platforms. Also some of the workarounds applied for SCMI are now removed with SDS in place. Change-Id: I94e8b93f05e3fe95e475c5501c25bec052588a9c Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Soby Mathew authored
This patch factors out common files required for sp_min for all CSS platforms from the JUNO specific makefile to a the new `css_sp_min.mk` makefile. This also allows the common build options that affect CSS platforms to be configured in a central makefile for sp_min. Change-Id: Ida952d8833b1aa5eda77ae0a6664a4632aeab24c Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Roberto Vargas authored
plat_get_my_entrypoint was branching to juno_do_reset_to_aarch_32_state, which is not supposed to return, and in case of returning it implemented an infinite loop. The problem was that plat_get_my_entrypoint was using "b" instead of "bl", so juno_do_reset_to_aarch_32_state was returning to the caller of plat_get_my_entrypoint instead of stop the system with a panic. To avoid this problem juno_do_reset_to_aarch_32_state was modified to call directly to plat_panic_handler if it tries to return. Change-Id: I591cf2dd78d27d8568fb15b91366e4b3dce027b5 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 05 Sep, 2017 1 commit
-
-
Soby Mathew authored
The commit 3eb2d672 optimizes the memory map for BL2 when TSP is not present. But this also broke OP-TEE as it was reusing the TSP mapping. This patch fixes this problem by adding a separate mapping for OP-TEE in the BL2 memory map table. Change-Id: I130a2ea552b7b62d8478081feb1f4ddf5292a118 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 31 Aug, 2017 2 commits
-
-
Sandrine Bailleux authored
This patch ensures that the ARM_MAP_TSP_SEC_MEM memory region is mapped in BL2 only if the TSPD has been included in the build. This saves one entry in the plat_arm_mmap[] array and avoids to map extra memory when it's not needed. Change-Id: I6ae60822ff8f0de198145925b0b0d45355179a94 Signed-off-by: Achin Gupta <achin.gupta@arm.com> Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Soby Mathew authored
This patch fixes the PLAT_LOG_LEVEL_ASSERT to 40 which corresponds to LOG_LEVEL_INFO. Having this level of log for assertions means that the `assert()` will not generate the strings implied in the expression taken as parameter. This allows to save some memory when Juno is built for LOG_LEVEL = LOG_LEVEL_VERBOSE and DEBUG = 1. Fixes ARM-software/tf-issues#511 Change-Id: Id84a40f803ab07a5a8f6e587167af96694a07d04 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 29 Aug, 2017 1 commit
-
-
Jeenu Viswambharan authored
The current definition of ARM_INSTANTIATE_LOCK macro includes a semicolon, which means it's omitted where it's used. This is anomalous for a C statement in global scope. Fix this by removing semicolon from the definition; and where it's a NOP, declare a file-scoped variable explicitly tagged as unused to avoid compiler warning. No functional changes. Change-Id: I2c1d92ece4777e272a025011e03b8003f3543335 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 25 Aug, 2017 1 commit
-
-
Jens Wiklander authored
If SPD_opteed is defined map ARM_OPTEE_PAGEABLE_LOAD_MEM in bl2 to allow loading of OP-TEE paged part. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
-
- 23 Aug, 2017 2 commits
-
-
Isla Mitchell authored
At present, the MPIDR validation on FVP relies on MT bit set along with shifted affinities. This currently is additionally dependent on the FVP model being of variant C. This however should be based on the presence of MT bit alone. This patch makes the change to always assume that the affinities are shifted in the FVP model when MT bit is present. Change-Id: I09fcb0126e1b38d29124bdeaf3450a60b95d485d Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
-
Roberto Vargas authored
The nor_XXXXX functions may fail due to different reasons, and it is convenient to do a full check to detect any failure. It is also a good idea to have a specific function to do a full status check, because new checks can be added to this function and they will be incorporated automatically to any function calling it. Change-Id: I54fed913e37ef574c1608e94139a519426348d12 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 22 Aug, 2017 4 commits
-
-
Roberto Vargas authored
NOR memory only supports setting bits to 1. To clear a bit, set to zero, the NOR memory needs to be erased. Change-Id: Ia82eb15a5af9a6d4fc7e5ea2b58e6db87226b351 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
The status register bits remain until explicitly cleared, which means that a command can be incorrectly considered to have generated an error - for example, after reset the status register contents may be unknown or if a previous command had failed. This patch clears the status register before beginning any command to be sure that the status register only represents information about the current operation. Change-Id: I9e98110ee24179937215461c00b6543a3467b350 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
lock/unlock operation must wait until WSM bit is set. Since we do not allow to loop forever then these functions must return an error if WSM bit isn't enabled after a number of tries. Change-Id: I21c9e292b514b28786ff4a225128bcd8c1bfa999 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
- Add comments to all the functions - Simplify nor_poll_dws - Simplify nor_word_program Change-Id: I29c0199d2908a4fceb1ac3430fcfdd699be22bb3 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-