- 07 Sep, 2018 4 commits
-
-
Sathees Balya authored
The patch 7b56928a unified the FWU mechanism on FVP and Juno platforms due to issues with MCC firmware not preserving the NVFLAGS. With MCCv150 firmware, this issue is resolved. Also writing to the NOR flash while executing from the same flash in Bypass mode had some stability issues. Hence, since the MCC firmware issue is resolved, this patch reverts to the NVFLAGS mechanism to detect FWU. Also, with the introduction of SDS (Shared Data Structure) by the SCP, the reset syndrome needs to queried from the appropriate SDS field. Change-Id: If9c08f1afaaa4fcf197f3186887068103855f554 Signed-off-by: Sathees Balya <sathees.balya@arm.com> Signed-off-by: Soby Mathew <Soby.Mathew@arm.com>
-
John Tsichritzis authored
A cache flush is added in BL1, in Mbed TLS shared heap code. Thus, we ensure that the heap info written to the DTB always gets written back to memory. Hence, sharing this info with other images is guaranteed. Change-Id: I0faada31fe7a83854cd5e2cf277ba519e3f050d5 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
John Tsichritzis authored
In Mbed TLS shared heap code, an additional sanity check is introduced in BL2. Currently, when BL2 shares heap with BL1, it expects the heap info to be found in the DTB. If for any reason the DTB is missing, BL2 cannot have the heap address and, hence, Mbed TLS cannot proceed. So, BL2 cannot continue executing and it will eventually crash. With this change we ensure that if the DTB is missing BL2 will panic() instead of having an unpredictable crash. Change-Id: I3045ae43e54b7fe53f23e7c2d4d00e3477b6a446 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
John Tsichritzis authored
This patch, firstly, makes the error messages consistent to how printed strings are usually formatted. Secondly, it removes an unnecessary #if directive. Change-Id: Idbb8ef0070562634766b683ac65f8160c9d109e6 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 04 Sep, 2018 1 commit
-
-
John Tsichritzis authored
This patch introduces the shared Mbed TLS heap optimisation for Arm platforms. The objective is the Mbed TLS heap to be shared between BL1 and BL2 so as to not allocate the heap memory twice. To achieve that, the patch introduces all the necessary helpers for implementing this optimisation. It also applies it for FVP. Change-Id: I6d85eaa1361517b7490956b2ac50f5fa0d0bb008 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 30 Aug, 2018 2 commits
-
-
Daniel Boulby authored
Add another level of abstraction of weak defs for arm_bl2_handle_post_image_load to prevent two weak definitions of the same function Change-Id: Ie953786f43b0f88257c82956ffaa5fe0d19603db Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
-
Antonio Nino Diaz authored
Change-Id: I5993b425445ee794e6d2a792c244c0af53640655 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 23 Aug, 2018 1 commit
-
-
John Tsichritzis authored
Small patch which removes some redundant casts to (void *). Change-Id: If1cfd68f2989bac1d39dbb3d1c31d4119badbc21 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 20 Aug, 2018 1 commit
-
-
Jeenu Viswambharan authored
These changes address most of the required MISRA rules. In the process, some from generic code is also fixed. No functional changes. Change-Id: I707dbec9b34b802397e99da2f5ae738165d6feba Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 10 Aug, 2018 1 commit
-
-
Antonio Nino Diaz authored
Change-Id: I1bb310e1b05968d30b28913c4011c0601e1ae64e Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 06 Aug, 2018 1 commit
-
-
Roberto Vargas authored
Change-Id: Idb9ba3864d6de3053260724f07172fd32c1523e0 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 03 Aug, 2018 2 commits
-
-
Nariman Poushin authored
This omission causes a build error as the definition for arm_tzc_regions_info_t is needed from plat_arm.h Change-Id: I26935ee90d3e36ab6a016ff2c4eee4413df3e4e8 Signed-off-by: Nariman Poushin <nariman.poushin@linaro.org>
-
Roberto Vargas authored
TF Makefile was linking all the objects files generated for the fdt library instead of creating a static library that could be used in the linking stage. Change-Id: If3705bba188ec39e1fbf2322a7f2a9a941e1b90d Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 01 Aug, 2018 1 commit
-
-
Daniel Boulby authored
TF won't build since no memory region is specified for when SEPARATE_CODE_AND_RODATA=0 it still relies on the ARM_MAP_BL_RO_DATA region which is never defined for this case. Create memory region combining code and RO data for when the build flag SEPARATE_CODE_AND_RODATA=0 to fix this Change-Id: I6c129eb0833497710cce55e76b8908ce03e0a638 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
-
- 26 Jul, 2018 1 commit
-
-
Sughosh Ganu authored
The board_arm_def.h header file needs to be included via the platform definition header. Not doing so, results in a redefinition error of PLAT_ARM_MAX_BL31_SIZE macro, if defined in the platform definition file. Change-Id: I1d178f6e8a6a41461e7fbcab9f6813a2faa2d82b Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>
-
- 24 Jul, 2018 3 commits
-
-
Daniel Boulby authored
Change arm_setup_page_tables() to take a variable number of memory regions. Remove coherent memory region from BL1, BL2 and BL2U as their coherent memory region doesn't contain anything and therefore has a size of 0. Add check to ensure this doesn't change without us knowing. Change-Id: I790054e3b20b056dda1043a4a67bd7ac2d6a3bc0 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
-
Jeenu Viswambharan authored
This also gets rid of MISRA violations for Rule 8.3 and 8.4. Change-Id: I45bba011b16f90953dd4b260fcd58381f978eedc Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Antonio Nino Diaz authored
Fix violations of MISRA C-2012 Rules 10.1, 10.3, 13.3, 14.4, 17.7 and 17.8. Change-Id: I6c9725e428b5752f1d80684ec29cb6c52a5c0c2d Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 12 Jul, 2018 1 commit
-
-
Dimitris Papastamos authored
Change-Id: Iaebbeac1a1d6fbd531e5694b95ed068b7a193e62 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 11 Jul, 2018 2 commits
-
-
Sandrine Bailleux authored
The plat_arm_mmap variable is already declared in plat_arm.h, which is included from plat/arm/common/arm_common.c. Similarly, plat_arm.h declares the 'plat_arm_psci_pm_ops' variable, which does not need to be declared again in plat/arm/common/arm_pm.c. The duplication was not compliant with MISRA rule 8.5. Change-Id: Icc42547cc025023226b1078a7ec4f06d093364b7 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Sandrine Bailleux authored
Wherever we use 'struct foo' and 'foo_t' interchangeably in a function's declaration and definition, use 'struct foo' consistently for both, as per the TF-A coding guidelines [1]. [1] https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Coding-Guidelines#avoid-anonymous-typedefs-of-structsenums-in-header-files Change-Id: I7998eb24a26746e87e9b6425529926406745b721 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 26 Jun, 2018 1 commit
-
-
Soby Mathew authored
Currenly the CNTFRQ register and system timer is initialized in BL31 for use by the normal world. During firmware update, the NS-BL1 or NS-BL2U may need to access the system timer. Hence this patch duplicates the CNTFRQ and system timer initialization in BL1 as well. Signed-off-by: Soby Mathew <soby.mathew@arm.com> Change-Id: I1ede78b4ae64080fb418cb93f3e48b26d7b724dc
-
- 21 Jun, 2018 1 commit
-
-
Jeenu Viswambharan authored
The file arm_ras.c intended to provide common platform-specific RAS configuration for Arm platforms. Because this file has symbol definitions, it's proving difficult to provide a common definition. This patch therefore renames and makes the file specific to FVP. Other platforms shall provide their own configuration in similar fashion. Change-Id: I766fd238946e3e49cdb659680e1b45f41b237901 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 20 Jun, 2018 1 commit
-
-
Soby Mathew authored
Currently TF-A doesn't initialise CNTFRQ register in CNTCTLBase frame of the system timer. ARM ARM states that "The instance of the register in the CNTCTLBase frame must be programmed with this value as part of system initialization." The psci_arch_setup() updates the CNTFRQ system register but according to the ARM ARM, this instance of the register is independent of the memory mapped instance. This is only an issue for Normal world software which relies on the memory mapped instance rather than the system register one. This patch resolves the issue for ARM platforms. The patch also solves a related issue on Juno, wherein CNTBaseN.CNTFRQ can be written and does not reflect the value of the register in CNTCTLBase frame. Hence this patch additionally updates CNTFRQ register in the Non Secure frame of the CNTBaseN. Fixes ARM-Software/tf-issues#593 Change-Id: I09cebb6633688b34d5b1bc349fbde4751025b350 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 19 Jun, 2018 1 commit
-
-
Antonio Nino Diaz authored
The old API is deprecated and will eventually be removed. Arm platforms now use the multi console driver for boot and runtime consoles. However, the crash console uses the direct console API because it doesn't need any memory access to work. This makes it more robust during crashes. The AArch32 port of the Trusted Firmware doesn't support this new API yet, so it is only enabled in AArch64 builds. Because of this, the common code must maintain compatibility with both systems. SP_MIN doesn't have to be updated because it's only used in AArch32 builds. The TSP is only used in AArch64, so it only needs to support the new API without keeping support for the old one. Special care must be taken because of PSCI_SYSTEM_SUSPEND. In Juno, this causes the UARTs to reset (except for the one used by the TSP). This means that they must be unregistered when suspending and re-registered when resuming. This wasn't a problem with the old driver because it just restarted the UART, and there were no problems associated with registering and unregistering consoles. The size reserved for BL2 has been increased. Change-Id: Icefd117dd1eb9c498921181a21318c2d2435c441 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 15 Jun, 2018 1 commit
-
-
John Tsichritzis authored
In Arm platforms, when using dynamic configuration, the necessary parameters are made available as a DTB. The DTB is loaded by BL1 and, later on, is parsed by BL1, BL2 or even both, depending on when information from the DTB is needed. When the DTB is going to be parsed, it must be validated first, to ensure that it is properly structured. If an invalid DTB is detected then: - BL1 prints a diagnostic but allows execution to continue, - BL2 prints a diagnostic and panics. Now the behaviour of BL1 is changed so for it also to panic. Thus, the behaviour of BL1 and BL2 is now similar. Keep in mind that if BL1 only loads the DTB but it doesn't need to read/write it, then it doesn't validate it. The validation is done only when the DTB is actually going to be accessed. Change-Id: Idcae6092e6dbeab7248dd5e041d6cbb7784fe410 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 14 Jun, 2018 1 commit
-
-
Roberto Vargas authored
RFC4122 defines that fields are stored in network order (big endian), but TF-A stores them in machine order (little endian by default in TF-A). We cannot change the future UUIDs that are already generated, but we can store all the bytes using arrays and modify fiptool to generate the UUIDs with the correct byte order. Change-Id: I97be2d3168d91f4dee7ccfafc533ea55ff33e46f Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 13 Jun, 2018 1 commit
-
-
Sandrine Bailleux authored
The translation tables allocated for the Secure Partition do not need to be treated as a special case. They can be put amongst the other tables mapping BL31's general purpose memory. They will be mapped with the same attributes as them, which is fine. The explicit alignment constraint in BL31's linker script to pad the last page of memory allocated to the Secure Partition's translation tables is useless too, as page tables are per se pages, thus their end address is naturally aligned on a page-boundary. In fact, this patch does not change the existing behaviour. Since patch 22282bb6 ("SPM: Move all SP-related info to SP context struct"), the secure_partition.c file has been renamed into sp_xlat.c but the linker script has not been properly updated. As a result, the SP translation tables are not specifically put at the start of the xlat_table linker section, the __SP_IMAGE_XLAT_TABLES_START__/_END__ symbols have the same value, the size of the resulting mmap_region covering these xlat tables is 0 and so it is ignored. Change-Id: I4cf0a4cc090298811cca53fc9cee74df0f2b1512 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 08 Jun, 2018 1 commit
-
-
Dimitris Papastamos authored
-
- 07 Jun, 2018 1 commit
-
-
Soby Mathew authored
The patch changes the layout of BL images in memory to enable more efficient use of available space. Previously BL31 was loaded with the expectation that BL2 memory would be reclaimed by BL32 loaded in SRAM. But with increasing memory requirements in the firmware, we can no longer fit BL32 in SRAM anymore which means the BL2 memory is not reclaimed by any runtime image. Positioning BL2 below BL1-RW and above BL31 means that the BL31 NOBITS can be overlaid on BL2 and BL1-RW. This patch also propogates the same memory layout to BL32 for AArch32 mode. The reset addresses for the following configurations are also changed : * When RESET_TO_SP_MIN=1 for BL32 in AArch32 mode * When BL2_AT_EL3=1 for BL2 The restriction on BL31 to be only in DRAM when SPM is enabled is now removed with this change. The update to the firmware design guide for the BL memory layout is done in the following patch. Change-Id: Icca438e257abe3e4f5a8215f945b9c3f9fbf29c9 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 25 May, 2018 1 commit
-
-
Daniel Boulby authored
The weak pragma was assigned twice to the bl2_plat_handle_post_image_load definition both in plat/common/ and in plat/arm/common/ this was an error as it should have only have been defined in plat/common Change-Id: Id85e14c699cb09ed998d1677f2a172e760911918 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
-
- 21 May, 2018 1 commit
-
-
Soby Mathew authored
This patch adds soc_fw_config, tos_fw_config and nt_fw_config to the FVP. The config files are placeholders and do not have any useful bindings defined. The tos_fw_config is packaged in FIP and loaded by BL2 only if SPD=tspd. The load address of these configs are specified in tb_fw_config via new bindings defined for these configs. Currently, in FVP, the soc_fw_config and tos_fw_config is loaded in the page between BL2_BASE and ARM_SHARED_RAM. This memory was typically used for BL32 when ARM_TSP_RAM_LOCATION=tsram but since we cannot fit BL32 in that space anymore, it should be safe to use this memory for these configs. There is also a runtime check in arm_bl2_dyn_cfg_init() which ensures that this overlap doesn't happen. The previous arm_dyn_get_hwconfig_info() is modified to accept configs other than hw_config and hence renamed to arm_dyn_get_config_load_info(). The patch also corrects the definition of ARM_TB_FW_CONFIG_LIMIT to be BL2_BASE. Change-Id: I03a137d9fa1f92c862c254be808b8330cfd17a5a Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 18 May, 2018 1 commit
-
-
Soby Mathew authored
This patch adds capability to FVP to disable authentication dynamically via the `disable_auth` property in TB_FW_CONFIG. Both BL1 and BL2 parses the TB_FW_CONFIG for the `disable_auth` property and invokes the `load_dyn_disable_auth()` API to disable authentication if the property is set to 1. The DYN_DISABLE_AUTH is enabled by default for FVP as it is a development platform. Note that the TB_FW_CONFIG has to be authenticated by BL1 irrespective of these settings. The arm_bl2_dyn_cfg_init() is now earlier in bl2_plat_preload_setup() rather than in bl2_platform_setup() as we need to get the value of `disable_auth` property prior to authentication of any image by BL2. Change-Id: I734acd59572849793e5020ec44c6ac51f654a4d1 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 15 May, 2018 1 commit
-
-
Antonio Nino Diaz authored
This reverts commit 2f18aa1f . It is causing some tests to fail. Until the cause is found and fixed, it is needed to remove this commit from master. Change-Id: Ic5ff7a841903a15613e00379e87cbbd8a0e85152 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 11 May, 2018 2 commits
-
-
Antonio Nino Diaz authored
Normally, BL33 needs to contain a boot loader like U-Boot or UEFI that eventually gives control to the OS. However, in some cases, this boot sequence may be too slow. For example, when doing tests in a cycle-accurate emulator, the user may only be interested in the interaction between the Trusted Firmware and the OS, not in the boot process itself. The new option ARM_LINUX_KERNEL_AS_BL33 allows BL33 to contain the Linux kernel image by changing the value of registers x0-x3 to the values expected by the kernel. This option requires the device tree blob (DTB) to be present in memory. Its address must be specified in the newly introduced ARM_PRELOADED_DTB_BASE build option. For now, it only supports AArch64 kernels. This option is only available when RESET_TO_BL31=1. For this reason the BL33 binary must be preloaded in memory and PRELOADED_BL33_BASE must be used. For example, if the kernel is loaded at 0x80080000 and the DTB is loaded at address 0x82000000, the firmware could be built like this: CROSS_COMPILE=aarch64-linux-gnu- \ make PLAT=fvp DEBUG=1 \ RESET_TO_BL31=1 \ ARM_LINUX_KERNEL_AS_BL33=1 \ PRELOADED_BL33_BASE=0x80080000 \ ARM_PRELOADED_DTB_BASE=0x82000000 \ all fip Change-Id: If9dc847c65ae2d0c27b51f0fd44fc06b28497db9 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
The old API is deprecated and will eventually be removed. Arm platforms now use the multi console driver for boot and runtime consoles. However, the crash console uses the direct console API because it doesn't need any memory access to work. This makes it more robust during crashes. The AArch32 port of the Trusted Firmware doesn't support this new API yet, so it is only enabled in AArch64 builds. Because of this, the common code must maintain compatibility with both systems. SP_MIN doesn't have to be updated because it's only used in AArch32 builds. The TSP is only used in AArch64, so it only needs to support the new API without keeping support for the old one. Special care must be taken because of PSCI_SYSTEM_SUSPEND. In Juno, this causes the UARTs to reset (except for the one used by the TSP). This means that they must be unregistered when suspending and re-registered when resuming. This wasn't a problem with the old driver because it just restarted the UART, and there were no problems associated with registering and unregistering consoles. The size of BL31 has been increased in builds with SPM. Change-Id: Icefd117dd1eb9c498921181a21318c2d2435c441 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 04 May, 2018 1 commit
-
-
Jeenu Viswambharan authored
- Assign 0x10 for RAS exceptions on ARM platforms, and install EHF priority descriptor. - Call the common RAS initialisation from ARM BL31 setup. - Add empty definitions for platform error records and RAS interrupts. Change-Id: I0675f299b7840be4c83a9c7a81073a95c605dc90 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 01 May, 2018 1 commit
-
-
Roberto Vargas authored
Previously mem_protect used to be only supported from BL2. This is not helpful in the case when ARM TF-A BL2 is not used. This patch demonstrates mem_protect from el3_runtime firmware on ARM Platforms specifically when RESET_TO_BL31 or RESET_TO_SP_MIN flag is set as BL2 may be absent in these cases. The Non secure DRAM is dynamically mapped into EL3 mmap tables temporarily and then the protected regions are then cleared. This avoids the need to map the non secure DRAM permanently to BL31/sp_min. The stack size is also increased, because DYNAMIC_XLAT_TABLES require a bigger stack. Change-Id: Ia44c594192ed5c5adc596c0cff2c7cc18c001fde Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 13 Apr, 2018 2 commits
-
-
Roberto Vargas authored
Rule 8.4: A compatible declaration shall be visible when an object or function with external linkage is defined Fixed for: make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \ GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \ ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all Change-Id: Ie4cd6011b3e4fdcdd94ccb97a7e941f3b5b7aeb8 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
Rule 8.4: A compatible declaration shall be visible when an object or function with external linkage is defined Fixed for: make DEBUG=1 PLAT=fvp LOG_LEVEL=50 all Change-Id: I32b223251b8bf5924149d89431a65d3405a73d3e Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-