Skip to content

GitLab

Switch branch/tag
  1. 05 Jun, 2019 1 commit
    • James kung's avatar
      Prevent pending G1S interrupt become G0 interrupt · acc29852
      James kung authored 
      

According to Arm GIC spec(IHI0069E, section 4.6.1),
when GICD_CTLR.DS == 0, Secure Group 1 interrupts
are treated as Group 0 by a CPU interface if:
- The PE does not implement EL3.
- ICC_SRE_EL1(S).SRE == 0

When a cpu enter suspend or deep idle, it might be
powered off. When the cpu resume, according to
the GIC spec(IHI0069E, section 9.2.15, 9.2.16 and
9.2.22) the ICC_SRE_EL1.SRE reset value is 0 (if
write is allowed) and G0/G1S/G1NS interrupt of the
GIC cpu interface are all disabled.

If a G1S SPI interrupt occurred and the target cpu
of the SPI is assigned to a specific cpu which is
in suspend and is powered off, when the cpu resume
and start to initial the GIC cpu interface, the
initial sequence might affect the interrupt group
type of the pending interrupt on the cpu interface.

Current initial sequence on the cpu interface is:
1. Enable G0 interrupt
2. Enable G1S interrupt
3. Enable ICC_SRE_EL1(S).SRE

It is possible to treat the pending G1S interrupt
as G0 interrupt on the cpu interface if the G1S
SPI interrupt occurred between step2 and step3.

To prevent the above situation happend, the initial
sequence should be changed as follows:
1. Enable ICC_SRE_EL1(S).SRE
2. Enable G0 interrupt
3. Enable G1S interrupt

Change-Id: Ie34f6e0b32eb9a1677ff72571fd4bfdb5cae25b0
Signed-off-by: default avatarJames Kung <kong1191@gmail.com>
      acc29852
  3. 23 May, 2019 1 commit
  5. 21 May, 2019 1 commit
  7. 14 May, 2019 1 commit
  9. 10 May, 2019 1 commit
    • Alexei Fedorov's avatar
      SMMUv3: Abort DMA transactions · 1461ad9f
      Alexei Fedorov authored 
      

For security DMA should be blocked at the SMMU by default
unless explicitly enabled for a device. SMMU is disabled
after reset with all streams bypassing the SMMU, and
abortion of all incoming transactions implements a default
deny policy on reset.
This patch also moves "bl1_platform_setup()" function from
arm_bl1_setup.c to FVP platforms' fvp_bl1_setup.c and
fvp_ve_bl1_setup.c files.

Change-Id: Ie0ffedc10219b1b884eb8af625bd4b6753749b1a
Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      1461ad9f
  11. 03 May, 2019 1 commit
    • Alexei Fedorov's avatar
      SMMUv3: refactor the driver code · ccd4d475
      Alexei Fedorov authored 
      

This patch is a preparation for the subsequent changes in
SMMUv3 driver. It introduces a new "smmuv3_poll" function
and replaces inline functions for accessing SMMU registers
with mmio read/write operations. Also the infinite loop
for the poll has been replaced with a counter based timeout.

Change-Id: I7a0547beb1509601f253e126b1a7a6ab3b0307e7
Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      ccd4d475
  13. 25 Apr, 2019 1 commit
  15. 24 Apr, 2019 1 commit
  17. 17 Apr, 2019 1 commit
  19. 12 Apr, 2019 1 commit
    • Ambroise Vincent's avatar
      Mbed TLS: Remove weak heap implementation · 2374ab17
      Ambroise Vincent authored 
      

The implementation of the heap function plat_get_mbedtls_heap() becomes
mandatory for platforms supporting TRUSTED_BOARD_BOOT.

The shared Mbed TLS heap default weak function implementation is
converted to a helper function get_mbedtls_heap_helper() which can be
used by the platforms for their own function implementation.

Change-Id: Ic8f2994e25e3d9fcd371a21ac459fdcafe07433e
Signed-off-by: default avatarAmbroise Vincent <ambroise.vincent@arm.com>
      2374ab17
  21. 11 Apr, 2019 5 commits
  23. 09 Apr, 2019 1 commit
  25. 08 Apr, 2019 2 commits
    • Joel Hutton's avatar
      cot-desc: optimise memory further · 30070427
      Joel Hutton authored 
      

This changes the auth_img_desc_t struct to have pointers to struct
arrays instead of struct arrays. This saves memory as many of these
were never used, and can be NULL pointers. Note the memory savings are
only when these arrays are not initialised, as it is assumed these
arrays are fixed length. A possible future optimisation could allow for
variable length.

memory diff:
bl1:        bl2:
    text        text
      -12         -12
    bss         bss
      -1463       0
    data        data
      -56         -48
    rodata      rodata
      -5688       -2592
    total       total
      -7419       -2652

Change-Id: I8f9bdedf75048b8867f40c56381e3a6dc6402bcc
Signed-off-by: default avatarJoel Hutton <Joel.Hutton@Arm.com>
      30070427
    • Joel Hutton's avatar
      Reduce memory needed for CoT description · 0b6377d1
      Joel Hutton authored 
      

When Trusted Board Boot is enabled, we need to specify the Chain of
Trust (CoT) of the BL1 and BL2 images. A CoT consists of an array
of image descriptors. The authentication module assumes that each
image descriptor in this array is indexed by its unique image
identifier. For example, the Trusted Boot Firmware Certificate has to
be at index [TRUSTED_BOOT_FW_CERT_ID].

Unique image identifiers may not necessarily be consecutive. Also,
a given BL image might not use all image descriptors. For example, BL1
does not need any of the descriptors related to BL31. As a result, the
CoT array might contain holes, which unnecessarily takes up space in
the BL binary.

Using pointers to auth_img_desc_t structs (rather than structs
themselves) means these unused elements only use 1 pointer worth of
space, rather than one struct worth of space. This patch also changes
the code which accesses this array to reflect the change to pointers.

Image descriptors not needed in BL1 or BL2 respectively are also
ifdef'd out in this patch. For example, verifying the BL31 image is
the responsibility of BL2 so BL1 does not need any of the data
structures describing BL31.

memory diff:
bl1:        bl2:
    text        text
      -20         -20
    bss         bss
      -1463       0
    data        data
      -256        -48
    rodata      rodata
      -5240       -1952
    total       total
      -6979       -2020

Change-Id: I163668b174dc2b9bbb183acec817f2126864aaad
Signed-off-by: default avatarJoel Hutton <Joel.Hutton@Arm.com>
      0b6377d1
  27. 03 Apr, 2019 3 commits
  29. 02 Apr, 2019 10 commits
  31. 01 Apr, 2019 2 commits
  33. 22 Mar, 2019 1 commit
  35. 13 Mar, 2019 2 commits
  37. 12 Mar, 2019 3 commits
    • Paul Beesley's avatar
      drivers: Remove TODO from io_fip.c · 7d721816
      Paul Beesley authored 
      

The comment suggests checking version numbers and
a checksum but there doesn't seem to be any usable
data for either of these.

For example, fip_toc_header_t doesn't contain any
version information and neither does fip_toc_entry_t.

As the function name "is_valid_header" suggests, this
function is not concerned with checksumming any of
the table of contents entries.

Change-Id: I8673ae5dd37793771760169f26b2f55c15fbf587
Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      7d721816
    • Paul Beesley's avatar
      drivers: Remove TODO from io_storage · 9a2fffb8
      Paul Beesley authored 
      

This TODO was added five years ago so I assume that there is not
going to be a shutdown API added after all.

Change-Id: If0f4e2066454df773bd9bf41ed65d3a10248a2d3
Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      9a2fffb8
    • Tien Hock, Loh's avatar
      drivers: synopsys: Fix synopsys MMC driver · 3d0f30bb
      Tien Hock, Loh authored 
      

There are some issues with synopsys MMC driver:
- CMD8 should not expect data (for SD)
- ACMD51 should expect data (Send SCR for SD)
- dw_prepare should not dictate size to be MMC_BLOCK_SIZE, block size is
now handled in the dw_prepare function
- after the CMD completes, when doing dw_read, we need to invalidate cache
and wait for the data transfer to complete
- Need to set FIFO threshold, otherwise DMA might never get the interrupt
to read or write
Signed-off-by: default avatarTien Hock, Loh <tien.hock.loh@intel.com>
      3d0f30bb
  39. 08 Mar, 2019 1 commit