- 01 Sep, 2015 1 commit
-
-
Vikram Kanigiri authored
ARM TF configures all interrupts as non-secure except those which are present in irq_sec_array. This patch updates the irq_sec_array with the missing secure interrupts for ARM platforms. It also updates the documentation to be inline with the latest implementation. Fixes ARM-software/tf-issues#312 Change-Id: I39956c56a319086e3929d1fa89030b4ec4b01fcc
-
- 18 Aug, 2015 1 commit
-
-
Soby Mathew authored
This patch corrects some typos in the platform migration guide. More importantly, the commit ID of the patch that implements migration of ARM Reference platforms to the new platform API has been corrected. Change-Id: Ib0109ea42c3d2bad2c6856ab725862652da7f3c8
-
- 13 Aug, 2015 6 commits
-
-
Soby Mathew authored
This patch adds the necessary documentation updates to porting_guide.md for the changes in the platform interface mandated as a result of the new PSCI Topology and power state management frameworks. It also adds a new document `platform-migration-guide.md` to aid the migration of existing platform ports to the new API. The patch fixes the implementation and callers of plat_is_my_cpu_primary() to use w0 as the return parameter as implied by the function signature rather than x0 which was used previously. Change-Id: Ic11e73019188c8ba2bd64c47e1729ff5acdcdd5b
-
Sandrine Bailleux authored
Since there is a unique warm reset entry point, the FVP and Juno port can use a single mailbox instead of maintaining one per core. The mailbox gets programmed only once when plat_setup_psci_ops() is invoked during PSCI initialization. This means mailbox is not zeroed out during wakeup. Change-Id: Ieba032a90b43650f970f197340ebb0ce5548d432
-
Soby Mathew authored
This patch adds support to the Juno and FVP ports for composite power states with both the original and extended state-id power-state formats. Both the platform ports use the recommended state-id encoding as specified in Section 6.5 of the PSCI specification (ARM DEN 0022C). The platform build flag ARM_RECOM_STATE_ID_ENC is used to include this support. By default, to maintain backwards compatibility, the original power state parameter format is used and the state-id field is expected to be zero. Change-Id: Ie721b961957eaecaca5bf417a30952fe0627ef10
-
Soby Mathew authored
This patch defines deprecated platform APIs to enable Trusted Firmware components like Secure Payload and their dispatchers(SPD) to continue to build and run when platform compatibility is disabled. This decouples the migration of platform ports to the new platform API from SPD and enables them to be migrated independently. The deprecated platform APIs defined in this patch are : platform_get_core_pos(), platform_get_stack() and platform_set_stack(). The patch also deprecates MPIDR based context management helpers like cm_get_context_by_mpidr(), cm_set_context_by_mpidr() and cm_init_context(). A mechanism to deprecate APIs and identify callers of these APIs during build is introduced, which is controlled by the build flag WARN_DEPRECATED. If WARN_DEPRECATED is defined to 1, the users of the deprecated APIs will be flagged either as a link error for assembly files or compile time warning for C files during build. Change-Id: Ib72c7d5dc956e1a74d2294a939205b200f055613
-
Soby Mathew authored
The state-id field in the power-state parameter of a CPU_SUSPEND call can be used to describe composite power states specific to a platform. The current PSCI implementation does not interpret the state-id field. It relies on the target power level and the state type fields in the power-state parameter to perform state coordination and power management operations. The framework introduced in this patch allows the PSCI implementation to intepret generic global states like RUN, RETENTION or OFF from the State-ID to make global state coordination decisions and reduce the complexity of platform ports. It adds support to involve the platform in state coordination which facilitates the use of composite power states and improves the support for entering standby states at multiple power domains. The patch also includes support for extended state-id format for the power state parameter as specified by PSCIv1.0. The PSCI implementation now defines a generic representation of the power-state parameter. It depends on the platform port to convert the power-state parameter (possibly encoding a composite power state) passed in a CPU_SUSPEND call to this representation via the `validate_power_state()` plat_psci_ops handler. It is an array where each index corresponds to a power level. Each entry contains the local power state the power domain at that power level could enter. The meaning of the local power state values is platform defined, and may vary between levels in a single platform. The PSCI implementation constrains the values only so that it can classify the state as RUN, RETENTION or OFF as required by the specification: * zero means RUN * all OFF state values at all levels must be higher than all RETENTION state values at all levels * the platform provides PLAT_MAX_RET_STATE and PLAT_MAX_OFF_STATE values to the framework The platform also must define the macros PLAT_MAX_RET_STATE and PLAT_MAX_OFF_STATE which lets the PSCI implementation find out which power domains have been requested to enter a retention or power down state. The PSCI implementation does not interpret the local power states defined by the platform. The only constraint is that the PLAT_MAX_RET_STATE < PLAT_MAX_OFF_STATE. For a power domain tree, the generic implementation maintains an array of local power states. These are the states requested for each power domain by all the cores contained within the domain. During a request to place multiple power domains in a low power state, the platform is passed an array of requested power-states for each power domain through the plat_get_target_pwr_state() API. It coordinates amongst these states to determine a target local power state for the power domain. A default weak implementation of this API is provided in the platform layer which returns the minimum of the requested power-states back to the PSCI state coordination. Finally, the plat_psci_ops power management handlers are passed the target local power states for each affected power domain using the generic representation described above. The platform executes operations specific to these target states. The platform power management handler for placing a power domain in a standby state (plat_pm_ops_t.pwr_domain_standby()) is now only used as a fast path for placing a core power domain into a standby or retention state should now be used to only place the core power domain in a standby or retention state. The extended state-id power state format can be enabled by setting the build flag PSCI_EXTENDED_STATE_ID=1 and it is disabled by default. Change-Id: I9d4123d97e179529802c1f589baaa4101759d80c
-
Soby Mathew authored
This patch removes the assumption in the current PSCI implementation that MPIDR based affinity levels map directly to levels in a power domain tree. This enables PSCI generic code to support complex power domain topologies as envisaged by PSCIv1.0 specification. The platform interface for querying the power domain topology has been changed such that: 1. The generic PSCI code does not generate MPIDRs and use them to query the platform about the number of power domains at a particular power level. The platform now provides a description of the power domain tree on the SoC through a data structure. The existing platform APIs to provide the same information have been removed. 2. The linear indices returned by plat_core_pos_by_mpidr() and plat_my_core_pos() are used to retrieve core power domain nodes from the power domain tree. Power domains above the core level are accessed using a 'parent' field in the tree node descriptors. The platform describes the power domain tree in an array of 'unsigned char's. The first entry in the array specifies the number of power domains at the highest power level implemented in the system. Each susbsequent entry corresponds to a power domain and contains the number of power domains that are its direct children. This array is exported to the generic PSCI implementation via the new `plat_get_power_domain_tree_desc()` platform API. The PSCI generic code uses this array to populate its internal power domain tree using the Breadth First Search like algorithm. The tree is split into two arrays: 1. An array that contains all the core power domain nodes 2. An array that contains all the other power domain nodes A separate array for core nodes allows certain core specific optimisations to be implemented e.g. remove the bakery lock, re-use per-cpu data framework for storing some information. Entries in the core power domain array are allocated such that the array index of the domain is equal to the linear index returned by plat_core_pos_by_mpidr() and plat_my_core_pos() for the MPIDR corresponding to that domain. This relationship is key to be able to use an MPIDR to find the corresponding core power domain node, traverse to higher power domain nodes and index into arrays that contain core specific information. An introductory document has been added to briefly describe the new interface. Change-Id: I4b444719e8e927ba391cae48a23558308447da13
-
- 05 Aug, 2015 1 commit
-
-
Jimmy Huang authored
- Apply a53 errata #826319 to revision <= r0p2 - Apply a53 errata #836870 to revision <= r0p3 - Update docs/cpu-specific-build-macros.md for newly added errata build flags Change-Id: I44918e36b47dca1fa29695b68700ff9bf888865e Signed-off-by: Jimmy Huang <jimmy.huang@mediatek.com>
-
- 04 Aug, 2015 1 commit
-
-
David Wang authored
This patch fixes a pair of typos. The security state had been described as non-secure where it should have been secure. Change-Id: Ib3f424708a6b8e2084e5447f8507ea4e9c99ee79
-
- 01 Aug, 2015 1 commit
-
-
Varun Wadekar authored
This patch fixes the command line used to compile BL31 on Tegra platforms. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 31 Jul, 2015 2 commits
-
-
Varun Wadekar authored
The TZDRAM base on the reference platform has been bumped up due to some BL2 memory cleanup. Platforms can also use a different TZDRAM base by setting TZDRAM_BASE=<value> in the build command line. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch removes the bootargs pointer from the platform params structure. Instead the bootargs are passed by the BL2 in the bl32_ep_info struct which is a part of the EL3 params struct. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 24 Jul, 2015 2 commits
-
-
Varun Wadekar authored
Remove the 'NEED_BL32' flag from the makefile. TLK compiles using a completely different build system and is present on the device as a binary blob. The NEED_BL32 flag does not influence the TLK load/boot sequence at all. Moreover, it expects that TLK binary be present on the host before we can compile BL31 support for Tegra. This patch removes the flag from the makefile and thus decouples both the build systems. Tested by booting TLK without the NEED_BL32 flag. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch implements support for T132 (Denver CPU) based Tegra platforms. The following features have been added: * SiP calls to switch T132 CPU's AARCH mode * Complete PSCI support, including 'System Suspend' * Platform specific MMIO settings * Locking of CPU vector registers Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 15 Jul, 2015 1 commit
-
-
Sandrine Bailleux authored
Linaro produce monthly software releases for the Juno and AEMv8-FVP platforms. These provide an integrated set of software components that have been tested together on these platforms. From now on, it is recommend that Trusted Firmware developers use the Linaro releases (currently 15.06) as a baseline for the dependent software components: normal world firmware, Linux kernel and device tree, file system as well as any additional micro-controller firmware required by the platform. This patch updates the user guide to document this new process. It changes the instructions to get the source code of the full software stack (including Trusted Firmware) and updates the dependency build instructions to make use of the build scripts that the Linaro releases provide. Change-Id: Ia8bd043f4b74f1e1b10ef0d12cc8a56ed3c92b6e
-
- 06 Jul, 2015 1 commit
-
-
Varun Wadekar authored
This patch implements the get_sys_suspend_power_state() handler required by the PSCI SYSTEM_SUSPEND API. The intent of this handler is to return the appropriate State-ID field which can be utilized in `affinst_suspend()` to suspend to system affinity level. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 25 Jun, 2015 6 commits
-
-
Juan Castillo authored
This patch updates the user guide, adding instructions to build the Trusted Firmware with Trusted Board Support using the new framework. It also provides documentation about the framework itself, including a detailed section about the TBBR implementation using the framework. Change-Id: I0849fce9c5294cd4f52981e7a8423007ac348ec6
-
Juan Castillo authored
The authentication framework deprecates plat_match_rotpk() in favour of plat_get_rotpk_info(). This patch removes plat_match_rotpk() from the platform port. Change-Id: I2250463923d3ef15496f9c39678b01ee4b33883b
-
Juan Castillo authored
This patch modifies the Trusted Board Boot implementation to use the new authentication framework, making use of the authentication module, the cryto module and the image parser module to authenticate the images in the Chain of Trust. A new function 'load_auth_image()' has been implemented. When TBB is enabled, this function will call the authentication module to authenticate parent images following the CoT up to the root of trust to finally load and authenticate the requested image. The platform is responsible for picking up the right makefiles to build the corresponding cryptographic and image parser libraries. ARM platforms use the mbedTLS based libraries. The platform may also specify what key algorithm should be used to sign the certificates. This is done by declaring the 'KEY_ALG' variable in the platform makefile. FVP and Juno use ECDSA keys. On ARM platforms, BL2 and BL1-RW regions have been increased 4KB each to accommodate the ECDSA code. REMOVED BUILD OPTIONS: * 'AUTH_MOD' Change-Id: I47d436589fc213a39edf5f5297bbd955f15ae867
-
Juan Castillo authored
This patch extends the platform port by adding an API that returns either the Root of Trust public key (ROTPK) or its hash. This is usually stored in ROM or eFUSE memory. The ROTPK returned must be encoded in DER format according to the following ASN.1 structure: SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING } In case the platform returns a hash of the key: DigestInfo ::= SEQUENCE { digestAlgorithm AlgorithmIdentifier, keyDigest OCTET STRING } An implementation for ARM development platforms is provided in this patch. When TBB is enabled, the ROTPK hash location must be specified using the build option 'ARM_ROTPK_LOCATION'. Available options are: - 'regs' : return the ROTPK hash stored in the Trusted root-key storage registers. - 'devel_rsa' : return a ROTPK hash embedded in the BL1 and BL2 binaries. This hash has been obtained from the development RSA public key located in 'plat/arm/board/common/rotpk'. On FVP, the number of MMU tables has been increased to map and access the ROTPK registers. A new file 'board_common.mk' has been added to improve code sharing in the ARM develelopment platforms. Change-Id: Ib25862e5507d1438da10773e62bd338da8f360bf
-
Juan Castillo authored
The Trusted firmware code identifies BL images by name. The platform port defines a name for each image e.g. the IO framework uses this mechanism in the platform function plat_get_image_source(). For a given image name, it returns the handle to the image file which involves comparing images names. In addition, if the image is packaged in a FIP, a name comparison is required to find the UUID for the image. This method is not optimal. This patch changes the interface between the generic and platform code with regard to identifying images. The platform port must now allocate a unique number (ID) for every image. The generic code will use the image ID instead of the name to access its attributes. As a result, the plat_get_image_source() function now takes an image ID as an input parameter. The organisation of data structures within the IO framework has been rationalised to use an image ID as an index into an array which contains attributes of the image such as UUID and name. This prevents the name comparisons. A new type 'io_uuid_spec_t' has been introduced in the IO framework to specify images identified by UUID (i.e. when the image is contained in a FIP file). There is no longer need to maintain a look-up table [iname_name --> uuid] in the io_fip driver code. Because image names are no longer mandatory in the platform port, the debug messages in the generic code will show the image identifier instead of the file name. The platforms that support semihosting to load images (i.e. FVP) must provide the file names as definitions private to the platform. The ARM platform ports and documentation have been updated accordingly. All ARM platforms reuse the image IDs defined in the platform common code. These IDs will be used to access other attributes of an image in subsequent patches. IMPORTANT: applying this patch breaks compatibility for platforms that use TF BL1 or BL2 images or the image loading code. The platform port must be updated to match the new interface. Change-Id: I9c1b04cb1a0684c6ee65dee66146dd6731751ea5
-
Juan Castillo authored
This patch adds a boolean build option 'SAVE_KEYS' to indicate the certificate generation tool that it must save the private keys used to establish the chain of trust. This option depends on 'CREATE_KEYS' to be enabled. Default is '0' (do not save). Because the same filenames are used as outputs to save the keys, they are no longer a dependency to the cert_tool. This dependency has been removed from the Makefile. Documentation updated accordingly. Change-Id: I67ab1c2b1f8a25793f0de95e8620ce7596a6bc3b
-
- 22 Jun, 2015 1 commit
-
-
Soby Mathew authored
This patch adds support for SYSTEM_SUSPEND API as mentioned in the PSCI 1.0 specification. This API, on being invoked on the last running core on a supported platform, will put the system into a low power mode with memory retention. The psci_afflvl_suspend() internal API has been reused as most of the actions to suspend a system are the same as invoking the PSCI CPU_SUSPEND API with the target affinity level as 'system'. This API needs the 'power state' parameter for the target low power state. This parameter is not passed by the caller of the SYSTEM_SUSPEND API. Hence, the platform needs to implement the get_sys_suspend_power_state() platform function to provide this information. Also, the platform also needs to add support for suspending the system to the existing 'plat_pm_ops' functions: affinst_suspend() and affinst_suspend_finish(). Change-Id: Ib6bf10809cb4e9b92f463755608889aedd83cef5
-
- 11 Jun, 2015 2 commits
-
-
Varun Wadekar authored
This patch moves the optee-dispatcher.md and tlk-dispatcher.md to docs/spd. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch adds support to run a Trusted OS during boot time. The previous stage bootloader passes the entry point information in the 'bl32_ep_info' structure, which is passed over to the SPD. The build system expects the dispatcher to be passed as an input parameter using the 'SPD=<dispatcher>' option. The Tegra docs have also been updated with this information. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 08 Jun, 2015 1 commit
-
-
Juan Castillo authored
The 'ARM_TSP_RAM_LOCATION_ID' option specified in the user guide corresponds to the internal definition not visible to the final user. The proper build option is 'ARM_TSP_RAM_LOCATION'. This patch fixes it. Fixes ARM-software/tf-issues#308 Change-Id: Ica8cb72c0c5e8b3503f60b5357d16698e869b1bd
-
- 04 Jun, 2015 3 commits
-
-
Sandrine Bailleux authored
This patch introduces a new platform build option, called PROGRAMMABLE_RESET_ADDRESS, which tells whether the platform has a programmable or fixed reset vector address. If the reset vector address is fixed then the code relies on the platform_get_entrypoint() mailbox mechanism to figure out where it is supposed to jump. On the other hand, if it is programmable then it is assumed that the platform code will program directly the right address into the RVBAR register (instead of using the mailbox redirection) so the mailbox is ignored in this case. Change-Id: If59c3b11fb1f692976e1d8b96c7e2da0ebfba308
-
Sandrine Bailleux authored
The attempt to run the CPU reset code as soon as possible after reset results in highly complex conditional code relating to the RESET_TO_BL31 option. This patch relaxes this requirement a little. In the BL1, BL3-1 and PSCI entrypoints code, the sequence of operations is now as follows: 1) Detect whether it is a cold or warm boot; 2) For cold boot, detect whether it is the primary or a secondary CPU. This is needed to handle multiple CPUs entering cold reset simultaneously; 3) Run the CPU init code. This patch also abstracts the EL3 registers initialisation done by the BL1, BL3-1 and PSCI entrypoints into common code. This improves code re-use and consolidates the code flows for different types of systems. NOTE: THE FUNCTION plat_secondary_cold_boot() IS NOW EXPECTED TO NEVER RETURN. THIS PATCH FORCES PLATFORM PORTS THAT RELIED ON THE FORMER RETRY LOOP AT THE CALL SITE TO MODIFY THEIR IMPLEMENTATION. OTHERWISE, SECONDARY CPUS WILL PANIC. Change-Id: If5ecd74d75bee700b1bd718d23d7556b8f863546
-
Sandrine Bailleux authored
This patch removes the FIRST_RESET_HANDLER_CALL build flag and its use in ARM development platforms. If a different reset handling behavior is required between the first and subsequent invocations of the reset handling code, this should be detected at runtime. On Juno, the platform reset handler is now always compiled in. This means it is now executed twice on the cold boot path, first in BL1 then in BL3-1, and it has the same behavior in both cases. It is also executed twice on the warm boot path, first in BL1 then in the PSCI entrypoint code. Also update the documentation to reflect this change. NOTE: THIS PATCH MAY FORCE PLATFORM PORTS THAT USE THE FIRST_RESET_HANDLER_CALL BUILD OPTION TO FIX THEIR RESET HANDLER. Change-Id: Ie5c17dbbd0932f5fa3b446efc6e590798a5beae2
-
- 01 Jun, 2015 1 commit
-
-
Sandrine Bailleux authored
On ARM standard platforms, snoop and DVM requests used to be enabled for the primary CPU's cluster only in the first EL3 bootloader. In other words, if the platform reset into BL1 then CCI coherency would be enabled by BL1 only, and not by BL3-1 again. However, this doesn't cater for platforms that use BL3-1 along with a non-TF ROM bootloader that doesn't enable snoop and DVM requests. In this case, CCI coherency is never enabled. This patch modifies the function bl31_early_platform_setup() on ARM standard platforms so that it always enables snoop and DVM requests regardless of whether earlier bootloader stages have already done it. There is no harm in executing this code twice. ARM Trusted Firmware Design document updated accordingly. Change-Id: Idf1bdeb24d2e1947adfbb76a509f10beef224e1c
-
- 29 May, 2015 1 commit
-
-
Varun Wadekar authored
T210 is the latest chip in the Tegra family of SoCs from NVIDIA. It is an ARM v8 dual-cluster (A57/A53) SoC, with any one of the clusters being active at a given point in time. This patch adds support to boot the Trusted Firmware on T210 SoCs. The patch also adds support to boot secondary CPUs, enter/exit core power states for all CPUs in the slow/fast clusters. The support to switch between clusters is still not available in this patch and would be available later. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 29 Apr, 2015 1 commit
-
-
Sandrine Bailleux authored
Move up the version numbers in the user guide of: * DS-5 (to v5.21) * EDK2 (to v3.0) * Linux Kernel (to 1.6-Juno) * Linaro file-system (to 15.03) * Juno SCP binary (to v1.7.0 within board recovery image 0.11.3). Change-Id: Ieb09e633acc2b33823ddf35f77f44e7da60b99ba
-
- 28 Apr, 2015 2 commits
-
-
Sandrine Bailleux authored
There has been a breaking change in the communication protocols used between the AP cores and the SCP on CSS based platforms like Juno. This means both the AP Trusted Firmware and SCP firmware must be updated at the same time. In case the user forgets to update the SCP ROM firmware, this patch detects when it still uses the previous version of the communication protocol. It will then output a comprehensive error message that helps trouble-shoot the issue. Change-Id: I7baf8f05ec0b7d8df25e0ee53df61fe7be0207c2
-
Dan Handley authored
Update the User Guide, Porting Guide and Firmware Design documents to align them with the recent changes made to the FVP and Juno platform ports. Also fix some other historical inaccuracies. Change-Id: I37aba4805f9044b1a047996d3e396c75f4a09176
-
- 31 Mar, 2015 1 commit
-
-
Varun Wadekar authored
Include TLK Dispatcher's documentation and add NVIDIA to the Acknowledgements file. TLK is now a supported Trusted OS with the Trusted Firmware. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 16 Mar, 2015 1 commit
-
-
Vikram Kanigiri authored
Even though both CCI-400 and CCI-500 IPs have different configurations with respect to the number and types of supported interfaces, their register offsets and programming sequences are similar. This patch creates a common driver for enabling and disabling snoop transactions and DVMs with both the IPs. New platform ports which implement one of these IPs should use this common driver. Existing platform ports which implement CCI-400 should migrate to the common driver as the standalone CCI-400 will be deprecated in the future. Change-Id: I3ccd0eb7b062922d2e4a374ff8c21e79fa357556
-
- 10 Mar, 2015 1 commit
-
-
Sandrine Bailleux authored
The 'libssl-dev' package must be installed on the host to build the certificate generation tool. This patch adds it to the list of required tools in the User Guide. Change-Id: I018381fb14b7c2d2bd6f2b7929aaad0571f7eb2e
-
- 05 Mar, 2015 1 commit
-
-
Juan Castillo authored
This patch replaces SHA1 by SHA256 in the 'cert_create' tool, so certificate signatures are generated according to the NSA Suite B cryptographic algorithm requirements. Documentation updated accordingly. Change-Id: I7be79e6b2b62dac8dc78a4f4f5006e37686bccf6
-
- 12 Feb, 2015 1 commit
-
-
Soby Mathew authored
This patch removes the plat_get_max_afflvl() platform API and instead replaces it with a platform macro PLATFORM_MAX_AFFLVL. This is done because the maximum affinity level for a platform is a static value and it is more efficient for it to be defined as a platform macro. NOTE: PLATFORM PORTS NEED TO BE UPDATED ON MERGE OF THIS COMMIT Fixes ARM-Software/tf-issues#265 Change-Id: I31d89b30c2ccda30d28271154d869060d50df7bf
-