- 13 Sep, 2019 1 commit
-
-
Alexei Fedorov authored
This patch provides the following features and makes modifications listed below: - Individual APIAKey key generation for each CPU. - New key generation on every BL31 warm boot and TSP CPU On event. - Per-CPU storage of APIAKey added in percpu_data[] of cpu_data structure. - `plat_init_apiakey()` function replaced with `plat_init_apkey()` which returns 128-bit value and uses Generic timer physical counter value to increase the randomness of the generated key. The new function can be used for generation of all ARMv8.3-PAuth keys - ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`. - New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively; pauth_disable_el1()` and `pauth_disable_el3()` functions disable PAuth for EL1 and EL3 respectively; `pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from cpu-data structure. - Combined `save_gp_pauth_registers()` function replaces calls to `save_gp_registers()` and `pauth_context_save()`; `restore_gp_pauth_registers()` replaces `pauth_context_restore()` and `restore_gp_registers()` calls. - `restore_gp_registers_eret()` function removed with corresponding code placed in `el3_exit()`. - Fixed the issue when `pauth_t pauth_ctx` structure allocated space for 12 uint64_t PAuth registers instead of 10 by removal of macro CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h` and assigning its value to CTX_PAUTH_REGS_END. - Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions in `msr spsel` instruction instead of hard-coded values. - Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI. Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 12 Sep, 2019 3 commits
-
-
Justin Chadwell authored
Support for PKCS#1 v1.5 was deprecated in SHA 1001202d and fully removed in SHA fe199e3b , however, cert_tool is still able to generate certificates in that form. This patch fully removes the ability for cert_tool to generate these certificates. Additionally, this patch also fixes a bug where the issuing certificate was a RSA and the issued certificate was EcDSA. In this case, the issued certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now that PKCS#1 v1.5 support is removed, all certificates that are signed with RSA now use the more modern padding scheme. Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
Justin Chadwell authored
This patch adds documentation for the new KEY_SIZE build option that is exposed by cert_create, and instructions on how to use it. Change-Id: I09b9b052bfdeeaca837e0f0026e2b01144f2472c Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
Hadi Asyrafi authored
Some of the platform (ie. Agilex) make use of CCU IPs which will only be initialized during bl2_el3_early_platform_setup. Any operation to the cache beforehand will crash the platform. Hence, this will provide an option to skip the data cache invalidation upon bl2 entry at EL3 Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com> Change-Id: I2c924ed0589a72d0034714c31be8fe57237d1f06
-
- 11 Sep, 2019 1 commit
-
-
Justin Chadwell authored
This patch adds support for the Undefined Behaviour sanitizer. There are two types of support offered - minimalistic trapping support which essentially immediately crashes on undefined behaviour and full support with full debug messages. The full support relies on ubsan.c which has been adapted from code used by OPTEE. Change-Id: I417c810f4fc43dcb56db6a6a555bfd0b38440727 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
- 09 Sep, 2019 1 commit
-
-
Justin Chadwell authored
A new build flag, CTX_INCLUDE_MTE_REGS, has been added; this patch adds documentation for it in the User Guide along with instructions of what different values mean. Change-Id: I430a9c6ced06b1b6be317edbeff4f5530e30f63a Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
- 04 Sep, 2019 1 commit
-
-
zelalem-aweke authored
Signed-off-by: zelalem-aweke <zelalem.aweke@arm.com> Change-Id: Ib12ecc0b283274c74cdfa57caf9e1a105dce3afe
-
- 01 Aug, 2019 1 commit
-
-
Louis Mayencourt authored
At the time of writting, GCC 8.3-2019.03 is the latest version available on developer.arm.com. Switch to bare-metal toolchain (arm-eabi-) for AArch32. This allows to have a finer control on the use of floating-point and SIMD instructions. Change-Id: I4438401405eae1e5f6d531b0162e8fa06f69135e Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 10 Jul, 2019 1 commit
-
-
Balint Dobszay authored
Change-Id: I755e4c42242d9a052570fd1132ca3d937acadb13 Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
-
- 06 Jun, 2019 1 commit
-
-
Ambroise Vincent authored
Change-Id: I0d9dbef7041fcf950bcafcdbbc17c72b4dea9e40 Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
-
- 30 May, 2019 1 commit
-
-
John Tsichritzis authored
Change-Id: Ib021c721652d96f6c06ea18741f19a72bba1d00f Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 24 May, 2019 1 commit
-
-
Alexei Fedorov authored
This patch adds the functionality needed for platforms to provide Branch Target Identification (BTI) extension, introduced to AArch64 in Armv8.5-A by adding BTI instruction used to mark valid targets for indirect branches. The patch sets new GP bit [50] to the stage 1 Translation Table Block and Page entries to denote guarded EL3 code pages which will cause processor to trap instructions in protected pages trying to perform an indirect branch to any instruction other than BTI. BTI feature is selected by BRANCH_PROTECTION option which supersedes the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication and is disabled by default. Enabling BTI requires compiler support and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0. The assembly macros and helpers are modified to accommodate the BTI instruction. This is an experimental feature. Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3 is now made as an internal flag and BRANCH_PROTECTION flag should be used instead to enable Pointer Authentication. Note. USE_LIBROM=1 option is currently not supported. Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 22 May, 2019 4 commits
-
-
Paul Beesley authored
The documentation contains plenty of notes and warnings. Enable special rendering of these blocks by converting the note prefix into a .. note:: annotation. Change-Id: I34e26ca6bf313d335672ab6c2645741900338822 Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
Paul Beesley authored
Several code blocks do not specify a language for syntax highlighting. This results in Sphinx using a default highlighter which is Python. This patch adds the correct language to each code block that doesn't already specify it. Change-Id: Icce1949aabfdc11a334a42d49edf55fa673cddc3 Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
Paul Beesley authored
These are no longer needed as there will always be a table of contents rendered to the left of every page. Some of these lists can be quite long and, when opening a page, the reader sees nothing but a huge list of contents! After this patch, the document contents are front-and-centre and the contents are nicely rendered in the sidebar without duplication. Change-Id: I444754d548ec91d00f2b04e861de8dde8856aa62 Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
Paul Beesley authored
This patch attempts to standardise the document titles as well as adding titles to documents that were missing one. The aim is to remove needless references to "TF-A" or "Trusted Firmware" in the title of every document and to make sure that the title matches with the document content. Change-Id: I9b93ccf43b5d57e8dc793a5311b8ed7c4dd245cc Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
- 21 May, 2019 1 commit
-
-
Paul Beesley authored
This change creates the following directories under docs/ in order to provide a grouping for the content: - components - design - getting_started - perf - process In each of these directories an index.rst file is created and this serves as an index / landing page for each of the groups when the pages are compiled. Proper layout of the top-level table of contents relies on this directory/index structure. Without this patch it is possible to build the documents correctly with Sphinx but the output looks messy because there is no overall hierarchy. Change-Id: I3c9f4443ec98571a56a6edf775f2c8d74d7f429f Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
- 20 May, 2019 1 commit
-
-
John Tsichritzis authored
Change-Id: I33c1bf49aa10867e1a2ca4c167112b99bf756dda Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 08 May, 2019 1 commit
-
-
John Tsichritzis authored
1) One space was missing from the indentation and, hence, rendering error was generated in the user guide. 2) Partially reword Pointer Authentication related info. Change-Id: Id5e65d419ec51dd7764f24d1b96b6c9942d63ba4 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 03 May, 2019 1 commit
-
-
John Tsichritzis authored
This patch fixes this issue: https://github.com/ARM-software/tf-issues/issues/660 The introduced changes are the following: 1) Some cores implement cache coherency maintenance operation on the hardware level. For those cores, such as - but not only - the DynamIQ cores, it is mandatory that TF-A is compiled with the HW_ASSISTED_COHERENCY flag. If not, the core behaviour at runtime is unpredictable. To prevent this, compile time checks have been added and compilation errors are generated, if needed. 2) To enable this change for FVP, a logical separation has been done for the core libraries. A system cannot contain cores of both groups, i.e. cores that manage coherency on hardware and cores that don't do it. As such, depending on the HW_ASSISTED_COHERENCY flag, FVP includes the libraries only of the relevant cores. 3) The neoverse_e1.S file has been added to the FVP sources. Change-Id: I787d15819b2add4ec0d238249e04bf0497dc12f3 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 02 May, 2019 1 commit
-
-
Christoph Müllner authored
On certain platforms it does not make sense to generate TF-A binary images. For example a platform could make use of serveral memory areas, which are non-continuous and the resulting binary therefore would suffer from the padding-bytes. Typically these platforms use the ELF image. This patch introduces a variable DISABLE_BIN_GENERATION, which can be set to '1' in the platform makefile to prevent the binary generation. Signed-off-by: Christoph Müllner <christophm30@gmail.com> Change-Id: I62948e88bab685bb055fe6167d9660d14e604462
-
- 30 Apr, 2019 1 commit
-
-
Louis Mayencourt authored
The current stack-protector support is for none, "strong" or "all". The default use of the flag enables the stack-protection to all functions that declare a character array of eight bytes or more in length on their stack. This option can be tuned with the --param=ssp-buffer-size=N option. Change-Id: I11ad9568187d58de1b962b8ae04edd1dc8578fb0 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 11 Apr, 2019 1 commit
-
-
Paul Beesley authored
The user guide documentation for the cert_create tool needs to mention that a platform must have a platform_oid.h header file in order to successfully build the cert_create tool when USE_TBBR_DEFS is 0. Change-Id: I77f86a022d207e88a79c97741be3eafbfa0c86f1 Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
- 08 Apr, 2019 1 commit
-
-
Alexei Fedorov authored
Change-Id: I0a81f4ea94d41245cd5150de341b51fc70babffe Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 02 Apr, 2019 1 commit
-
-
Louis Mayencourt authored
Update the documentation for trustedfirmware.org migration Change-Id: Ibb7052b0becbec3326164f1503806ca2c2fd4dcc Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 29 Mar, 2019 1 commit
-
-
Louis Mayencourt authored
The latest version of GCC are required to use the new features of TF-A. Suggest to use the latest version available on developer.arm.com instead of the version specified on the Linaro Release notes. At the time of writing, GCC 8.2-2019.01 is the latest version available. Change-Id: Idd5c00749e39ca9dc8b7c5623b5d64356c9ce6e5 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 28 Mar, 2019 1 commit
-
-
Ambroise Vincent authored
Update both the readme and user guide on their shared "platform" section. Change-Id: Ia1f30acda45ac8facdcb7d540800191cdf6cdacf Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
-
- 26 Mar, 2019 1 commit
-
-
Ambroise Vincent authored
Make sure the steps in the user guide are up to date and can be performed out of the box. Change-Id: Ib4d959aa771cf515f74e150aaee2fbad24c18c38 Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
-
- 19 Mar, 2019 1 commit
-
-
John Tsichritzis authored
Change-Id: I4261fec500184383980b7fc9475620a485cf6c28 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 18 Mar, 2019 1 commit
-
-
Alexei Fedorov authored
Declare ENABLE_PAUTH and CTX_INCLUDE_PAUTH_REGS build options as experimental. Pointer Authentication is enabled for Non-secure world irrespective of the value of these build flags if the CPU supports it. The patch also fixes the description of fiptool 'help' command. Change-Id: I46de3228fbcce774a2624cd387798680d8504c38 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 14 Mar, 2019 1 commit
-
-
John Tsichritzis authored
Change-Id: I1854b5830dbd48e909a4ce1b931c13fb3e997600 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 28 Feb, 2019 1 commit
-
-
Antonio Nino Diaz authored
Fix some typos and clarify some sentences. Change-Id: Id276d1ced9a991b4eddc5c47ad9a825e6b29ef74 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 27 Feb, 2019 3 commits
-
-
Varun Wadekar authored
This patch provides support for using the scatterfile format as the linker script with the 'armlink' linker for Tegra platforms. In order to enable the scatterfile usage the following changes have been made: * provide mapping for ld.S symbols in bl_common.h * include bl_common.h from all the affected files * update the makefile rules to use the scatterfile and armlink to compile BL31 * update pubsub.h to add sections to the scatterfile NOTE: THIS CHANGE HAS BEEN VERIFIED WITH TEGRA PLATFORMS ONLY. Change-Id: I7bb78b991c97d74a842e5635c74cb0b18e0fce67 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Antonio Nino Diaz authored
The previous commit added the infrastructure to load and save ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but didn't actually enable pointer authentication in the firmware. This patch adds the functionality needed for platforms to provide authentication keys for the firmware, and a new option (ENABLE_PAUTH) to enable pointer authentication in the firmware itself. This option is disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be enabled. Change-Id: I35127ec271e1198d43209044de39fa712ef202a5 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
ARMv8.3-PAuth adds functionality that supports address authentication of the contents of a register before that register is used as the target of an indirect branch, or as a load. This feature is supported only in AArch64 state. This feature is mandatory in ARMv8.3 implementations. This feature adds several registers to EL1. A new option called CTX_INCLUDE_PAUTH_REGS has been added to select if the TF needs to save them during Non-secure <-> Secure world switches. This option must be enabled if the hardware has the registers or the values will be leaked during world switches. To prevent leaks, this patch also disables pointer authentication in the Secure world if CTX_INCLUDE_PAUTH_REGS is 0. Any attempt to use it will be trapped in EL3. Change-Id: I27beba9907b9a86c6df1d0c5bf6180c972830855 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 08 Feb, 2019 3 commits
-
-
Paul Beesley authored
Using Sphinx linkcheck on the TF-A docs revealed some broken or permanently-redirected links. These have been updated where possible. Change-Id: Ie1fead47972ede3331973759b50ee466264bd2ee Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
Sandrine Bailleux authored
Just like has been done in the porting guide a couple of patches earlier, kill all escaped underscore characters in all documents. Change-Id: I7fb5b806412849761d9221a6ce3cbd95ec43d611 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Sandrine Bailleux authored
Change-Id: I915303cea787d9fb188428b98ac6cfc610cc4470 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 05 Feb, 2019 1 commit
-
-
Varun Wadekar authored
This patch introduces a build option 'OVERRIDE_LIBC' that platforms can set to override libc from the BL image. The default value is '0' to keep the library. Change-Id: I10a0b247f6a782eeea4a0359e30a8d79b1e9e4e1 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 31 Jan, 2019 1 commit
-
-
Sandrine Bailleux authored
ARM_PLAT_MT build flag is specific to Arm platforms so should not be classified as a common build option. Change-Id: I79e411958846759a5b60d770e53f44bbec5febe6 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-