1. 07 Sep, 2018 4 commits
    • Sathees Balya's avatar
      juno: Revert FWU update detect mechanism · 4da6f6cd
      Sathees Balya authored
      The patch 7b56928a
      
       unified the FWU mechanism on FVP and Juno
      platforms due to issues with MCC firmware not preserving the
      NVFLAGS. With MCCv150 firmware, this issue is resolved. Also
      writing to the NOR flash while executing from the same flash
      in Bypass mode had some stability issues. Hence, since the
      MCC firmware issue is resolved, this patch reverts to the
      NVFLAGS mechanism to detect FWU. Also, with the introduction
      of SDS (Shared Data Structure) by the SCP, the reset syndrome
      needs to queried from the appropriate SDS field.
      
      Change-Id: If9c08f1afaaa4fcf197f3186887068103855f554
      Signed-off-by: default avatarSathees Balya <sathees.balya@arm.com>
      Signed-off-by: default avatarSoby Mathew <Soby.Mathew@arm.com>
      4da6f6cd
    • John Tsichritzis's avatar
      Add cache flush after BL1 writes heap info to DTB · 63cc2658
      John Tsichritzis authored
      
      
      A cache flush is added in BL1, in Mbed TLS shared heap code. Thus, we
      ensure that the heap info written to the DTB always gets written back to
      memory.  Hence, sharing this info with other images is guaranteed.
      
      Change-Id: I0faada31fe7a83854cd5e2cf277ba519e3f050d5
      Signed-off-by: default avatarJohn Tsichritzis <john.tsichritzis@arm.com>
      63cc2658
    • John Tsichritzis's avatar
      Additional runtime check for DTB presence in BL2 · a606031e
      John Tsichritzis authored
      
      
      In Mbed TLS shared heap code, an additional sanity check is introduced
      in BL2. Currently, when BL2 shares heap with BL1, it expects the heap
      info to be found in the DTB. If for any reason the DTB is missing, BL2
      cannot have the heap address and, hence, Mbed TLS cannot proceed. So,
      BL2 cannot continue executing and it will eventually crash.  With this
      change we ensure that if the DTB is missing BL2 will panic() instead of
      having an unpredictable crash.
      
      Change-Id: I3045ae43e54b7fe53f23e7c2d4d00e3477b6a446
      Signed-off-by: default avatarJohn Tsichritzis <john.tsichritzis@arm.com>
      a606031e
    • John Tsichritzis's avatar
      Slight improvements in Mbed TLS shared heap helpers · 7af2dd2e
      John Tsichritzis authored
      
      
      This patch, firstly, makes the error messages consistent to how printed
      strings are usually formatted. Secondly, it removes an unnecessary #if
      directive.
      
      Change-Id: Idbb8ef0070562634766b683ac65f8160c9d109e6
      Signed-off-by: default avatarJohn Tsichritzis <john.tsichritzis@arm.com>
      7af2dd2e
  2. 04 Sep, 2018 1 commit
    • John Tsichritzis's avatar
      Support shared Mbed TLS heap for FVP · ba597da7
      John Tsichritzis authored
      
      
      This patch introduces the shared Mbed TLS heap optimisation for Arm
      platforms. The objective is the Mbed TLS heap to be shared between BL1
      and BL2 so as to not allocate the heap memory twice. To achieve that,
      the patch introduces all the necessary helpers for implementing this
      optimisation. It also applies it for FVP.
      
      Change-Id: I6d85eaa1361517b7490956b2ac50f5fa0d0bb008
      Signed-off-by: default avatarJohn Tsichritzis <john.tsichritzis@arm.com>
      ba597da7
  3. 30 Aug, 2018 2 commits
  4. 23 Aug, 2018 1 commit
  5. 20 Aug, 2018 1 commit
  6. 10 Aug, 2018 1 commit
  7. 06 Aug, 2018 1 commit
  8. 03 Aug, 2018 2 commits
  9. 01 Aug, 2018 1 commit
    • Daniel Boulby's avatar
      Fix build for SEPARATE_CODE_AND_RODATA=0 · 2ecaafd2
      Daniel Boulby authored
      
      
      TF won't build since no memory region is specified
      for when SEPARATE_CODE_AND_RODATA=0 it still relies on
      the ARM_MAP_BL_RO_DATA region which is never defined for
      this case. Create memory region combining code and RO data for
      when the build flag SEPARATE_CODE_AND_RODATA=0 to fix this
      
      Change-Id: I6c129eb0833497710cce55e76b8908ce03e0a638
      Signed-off-by: default avatarDaniel Boulby <daniel.boulby@arm.com>
      2ecaafd2
  10. 26 Jul, 2018 1 commit
  11. 24 Jul, 2018 3 commits
  12. 12 Jul, 2018 1 commit
  13. 11 Jul, 2018 2 commits
  14. 26 Jun, 2018 1 commit
  15. 21 Jun, 2018 1 commit
  16. 20 Jun, 2018 1 commit
    • Soby Mathew's avatar
      ARM Platforms: Update CNTFRQ register in CNTCTLBase frame · 342d6220
      Soby Mathew authored
      
      
      Currently TF-A doesn't initialise CNTFRQ register in CNTCTLBase
      frame of the system timer. ARM ARM states that "The instance of
      the register in the CNTCTLBase frame must be programmed with this
      value as part of system initialization."
      
      The psci_arch_setup() updates the CNTFRQ system register but
      according to the ARM ARM, this instance of the register is
      independent of the memory mapped instance. This is only an issue
      for Normal world software which relies on the memory mapped
      instance rather than the system register one.
      
      This patch resolves the issue for ARM platforms.
      
      The patch also solves a related issue on Juno, wherein
      CNTBaseN.CNTFRQ can be written and does not reflect the value of
      the register in CNTCTLBase frame. Hence this patch additionally
      updates CNTFRQ register in the Non Secure frame of the CNTBaseN.
      
      Fixes ARM-Software/tf-issues#593
      
      Change-Id: I09cebb6633688b34d5b1bc349fbde4751025b350
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      342d6220
  17. 19 Jun, 2018 1 commit
    • Antonio Nino Diaz's avatar
      plat/arm: Migrate AArch64 port to the multi console driver · 88a0523e
      Antonio Nino Diaz authored
      
      
      The old API is deprecated and will eventually be removed.
      
      Arm platforms now use the multi console driver for boot and runtime
      consoles. However, the crash console uses the direct console API because
      it doesn't need any memory access to work. This makes it more robust
      during crashes.
      
      The AArch32 port of the Trusted Firmware doesn't support this new API
      yet, so it is only enabled in AArch64 builds. Because of this, the
      common code must maintain compatibility with both systems. SP_MIN
      doesn't have to be updated because it's only used in AArch32 builds.
      The TSP is only used in AArch64, so it only needs to support the new
      API without keeping support for the old one.
      
      Special care must be taken because of PSCI_SYSTEM_SUSPEND. In Juno, this
      causes the UARTs to reset (except for the one used by the TSP). This
      means that they must be unregistered when suspending and re-registered
      when resuming. This wasn't a problem with the old driver because it just
      restarted the UART, and there were no problems associated with
      registering and unregistering consoles.
      
      The size reserved for BL2 has been increased.
      
      Change-Id: Icefd117dd1eb9c498921181a21318c2d2435c441
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      88a0523e
  18. 15 Jun, 2018 1 commit
    • John Tsichritzis's avatar
      Panic in BL1 when TB_FW_CONFIG is invalid · 355e0967
      John Tsichritzis authored
      
      
      In Arm platforms, when using dynamic configuration, the necessary
      parameters are made available as a DTB. The DTB is loaded by BL1 and,
      later on, is parsed by BL1, BL2 or even both, depending on when
      information from the DTB is needed.
      
      When the DTB is going to be parsed, it must be validated first, to
      ensure that it is properly structured. If an invalid DTB is detected
      then:
        - BL1 prints a diagnostic but allows execution to continue,
        - BL2 prints a diagnostic and panics.
      
      Now the behaviour of BL1 is changed so for it also to panic. Thus, the
      behaviour of BL1 and BL2 is now similar.
      
      Keep in mind that if BL1 only loads the DTB but it doesn't need to
      read/write it, then it doesn't validate it. The validation is done only
      when the DTB is actually going to be accessed.
      
      Change-Id: Idcae6092e6dbeab7248dd5e041d6cbb7784fe410
      Signed-off-by: default avatarJohn Tsichritzis <john.tsichritzis@arm.com>
      355e0967
  19. 14 Jun, 2018 1 commit
    • Roberto Vargas's avatar
      Make TF UUID RFC 4122 compliant · 03364865
      Roberto Vargas authored
      
      
      RFC4122 defines that fields are stored in network order (big endian),
      but TF-A stores them in machine order (little endian by default in TF-A).
      We cannot change the future UUIDs that are already generated, but we can store
      all the bytes using arrays and modify fiptool to generate the UUIDs with
      the correct byte order.
      
      Change-Id: I97be2d3168d91f4dee7ccfafc533ea55ff33e46f
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      03364865
  20. 13 Jun, 2018 1 commit
    • Sandrine Bailleux's avatar
      SPM: Treat SP xlat tables the same as others · d801a1d0
      Sandrine Bailleux authored
      The translation tables allocated for the Secure Partition do not need
      to be treated as a special case. They can be put amongst the other
      tables mapping BL31's general purpose memory. They will be mapped with
      the same attributes as them, which is fine.
      
      The explicit alignment constraint in BL31's linker script to pad the
      last page of memory allocated to the Secure Partition's translation
      tables is useless too, as page tables are per se pages, thus their
      end address is naturally aligned on a page-boundary.
      
      In fact, this patch does not change the existing behaviour. Since
      patch 22282bb6
      
       ("SPM: Move all SP-related info to SP context
      struct"), the secure_partition.c file has been renamed into sp_xlat.c
      but the linker script has not been properly updated. As a result, the
      SP translation tables are not specifically put at the start of the
      xlat_table linker section, the __SP_IMAGE_XLAT_TABLES_START__/_END__
      symbols have the same value, the size of the resulting mmap_region
      covering these xlat tables is 0 and so it is ignored.
      
      Change-Id: I4cf0a4cc090298811cca53fc9cee74df0f2b1512
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      d801a1d0
  21. 08 Jun, 2018 1 commit
  22. 07 Jun, 2018 1 commit
    • Soby Mathew's avatar
      ARM platforms: Move BL31 below BL2 to enable BL2 overlay · c099cd39
      Soby Mathew authored
      
      
      The patch changes the layout of BL images in memory to enable
      more efficient use of available space. Previously BL31 was loaded
      with the expectation that BL2 memory would be reclaimed by BL32
      loaded in SRAM. But with increasing memory requirements in the
      firmware, we can no longer fit BL32 in SRAM anymore which means the
      BL2 memory is not reclaimed by any runtime image. Positioning BL2
      below BL1-RW and above BL31 means that the BL31 NOBITS can be
      overlaid on BL2 and BL1-RW.
      
      This patch also propogates the same memory layout to BL32 for AArch32
      mode. The reset addresses for the following configurations are also
      changed :
         * When RESET_TO_SP_MIN=1 for BL32 in AArch32 mode
         * When BL2_AT_EL3=1 for BL2
      
      The restriction on BL31 to be only in DRAM when SPM is enabled
      is now removed with this change. The update to the firmware design
      guide for the BL memory layout is done in the following patch.
      
      Change-Id: Icca438e257abe3e4f5a8215f945b9c3f9fbf29c9
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      c099cd39
  23. 25 May, 2018 1 commit
    • Daniel Boulby's avatar
      Remove duplicate weak definition · bc325c2c
      Daniel Boulby authored
      
      
      The weak pragma was assigned twice to the bl2_plat_handle_post_image_load
      definition both in plat/common/ and in plat/arm/common/ this was an error as
      it should have only have been defined in plat/common
      
      Change-Id: Id85e14c699cb09ed998d1677f2a172e760911918
      Signed-off-by: default avatarDaniel Boulby <daniel.boulby@arm.com>
      bc325c2c
  24. 21 May, 2018 1 commit
    • Soby Mathew's avatar
      FVP: Add dummy configs for BL31, BL32 and BL33 · 1d71ba14
      Soby Mathew authored
      
      
      This patch adds soc_fw_config, tos_fw_config and nt_fw_config to the FVP.
      The config files are placeholders and do not have any useful bindings
      defined. The tos_fw_config is packaged in FIP and loaded by BL2 only
      if SPD=tspd. The load address of these configs are specified in tb_fw_config
      via new bindings defined for these configs. Currently, in FVP, the
      soc_fw_config and tos_fw_config is loaded in the page between BL2_BASE
      and ARM_SHARED_RAM. This memory was typically used for BL32 when
      ARM_TSP_RAM_LOCATION=tsram but since we cannot fit BL32 in that
      space anymore, it should be safe to use this memory for these configs.
      There is also a runtime check in arm_bl2_dyn_cfg_init() which ensures
      that this overlap doesn't happen.
      
      The previous arm_dyn_get_hwconfig_info() is modified to accept configs
      other than hw_config and hence renamed to arm_dyn_get_config_load_info().
      The patch also corrects the definition of ARM_TB_FW_CONFIG_LIMIT to be
      BL2_BASE.
      
      Change-Id: I03a137d9fa1f92c862c254be808b8330cfd17a5a
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      1d71ba14
  25. 18 May, 2018 1 commit
    • Soby Mathew's avatar
      FVP: Enable capability to disable auth via dynamic config · 6e79f9fd
      Soby Mathew authored
      
      
      This patch adds capability to FVP to disable authentication dynamically
      via the `disable_auth` property in TB_FW_CONFIG. Both BL1 and BL2 parses
      the TB_FW_CONFIG for the `disable_auth` property and invokes the
      `load_dyn_disable_auth()` API to disable authentication if the
      property is set to 1. The DYN_DISABLE_AUTH is enabled by default for
      FVP as it is a development platform. Note that the TB_FW_CONFIG has to
      be authenticated by BL1 irrespective of these settings.
      
      The arm_bl2_dyn_cfg_init() is now earlier in bl2_plat_preload_setup()
      rather than in bl2_platform_setup() as we need to get the value of
      `disable_auth` property prior to authentication of any image by BL2.
      
      Change-Id: I734acd59572849793e5020ec44c6ac51f654a4d1
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      6e79f9fd
  26. 15 May, 2018 1 commit
  27. 11 May, 2018 2 commits
    • Antonio Nino Diaz's avatar
      plat/arm: Introduce ARM_LINUX_KERNEL_AS_BL33 build option · b726c169
      Antonio Nino Diaz authored
      
      
      Normally, BL33 needs to contain a boot loader like U-Boot or UEFI that
      eventually gives control to the OS. However, in some cases, this boot
      sequence may be too slow. For example, when doing tests in a
      cycle-accurate emulator, the user may only be interested in the
      interaction between the Trusted Firmware and the OS, not in the boot
      process itself.
      
      The new option ARM_LINUX_KERNEL_AS_BL33 allows BL33 to contain the Linux
      kernel image by changing the value of registers x0-x3 to the values
      expected by the kernel. This option requires the device tree blob (DTB)
      to be present in memory. Its address must be specified in the newly
      introduced ARM_PRELOADED_DTB_BASE build option. For now, it only supports
      AArch64 kernels.
      
      This option is only available when RESET_TO_BL31=1. For this reason
      the BL33 binary must be preloaded in memory and PRELOADED_BL33_BASE must
      be used.
      
      For example, if the kernel is loaded at 0x80080000 and the DTB is loaded
      at address 0x82000000, the firmware could be built like this:
      
          CROSS_COMPILE=aarch64-linux-gnu-  \
          make PLAT=fvp DEBUG=1             \
          RESET_TO_BL31=1                   \
          ARM_LINUX_KERNEL_AS_BL33=1        \
          PRELOADED_BL33_BASE=0x80080000    \
          ARM_PRELOADED_DTB_BASE=0x82000000 \
          all fip
      
      Change-Id: If9dc847c65ae2d0c27b51f0fd44fc06b28497db9
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      b726c169
    • Antonio Nino Diaz's avatar
      plat/arm: Migrate AArch64 port to the multi console driver · 2f18aa1f
      Antonio Nino Diaz authored
      
      
      The old API is deprecated and will eventually be removed.
      
      Arm platforms now use the multi console driver for boot and runtime
      consoles. However, the crash console uses the direct console API because
      it doesn't need any memory access to work. This makes it more robust
      during crashes.
      
      The AArch32 port of the Trusted Firmware doesn't support this new API
      yet, so it is only enabled in AArch64 builds. Because of this, the
      common code must maintain compatibility with both systems. SP_MIN
      doesn't have to be updated because it's only used in AArch32 builds.
      The TSP is only used in AArch64, so it only needs to support the new
      API without keeping support for the old one.
      
      Special care must be taken because of PSCI_SYSTEM_SUSPEND. In Juno, this
      causes the UARTs to reset (except for the one used by the TSP). This
      means that they must be unregistered when suspending and re-registered
      when resuming. This wasn't a problem with the old driver because it just
      restarted the UART, and there were no problems associated with
      registering and unregistering consoles.
      
      The size of BL31 has been increased in builds with SPM.
      
      Change-Id: Icefd117dd1eb9c498921181a21318c2d2435c441
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      2f18aa1f
  28. 04 May, 2018 1 commit
  29. 01 May, 2018 1 commit
    • Roberto Vargas's avatar
      ARM platforms: Demonstrate mem_protect from el3_runtime · 638b034c
      Roberto Vargas authored
      
      
      Previously mem_protect used to be only supported from BL2. This is not
      helpful in the case when ARM TF-A BL2 is not used. This patch demonstrates
      mem_protect from el3_runtime firmware on ARM Platforms specifically
      when RESET_TO_BL31 or RESET_TO_SP_MIN flag is set as BL2 may be absent
      in these cases. The Non secure DRAM is dynamically mapped into EL3 mmap
      tables temporarily and then the protected regions are then cleared. This
      avoids the need to map the non secure DRAM permanently to BL31/sp_min.
      
      The stack size is also increased, because DYNAMIC_XLAT_TABLES require
      a bigger stack.
      
      Change-Id: Ia44c594192ed5c5adc596c0cff2c7cc18c001fde
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      638b034c
  30. 13 Apr, 2018 2 commits
    • Roberto Vargas's avatar
      Fix MISRA rule 8.4 Part 4 · 3b94189a
      Roberto Vargas authored
      
      
      Rule 8.4: A compatible declaration shall be visible when
                an object or function with external linkage is defined
      
      Fixed for:
      	make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \
      	     GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
      	     ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all
      
      Change-Id: Ie4cd6011b3e4fdcdd94ccb97a7e941f3b5b7aeb8
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      3b94189a
    • Roberto Vargas's avatar
      Fix MISRA rule 8.4 Part 1 · 35a3eeb6
      Roberto Vargas authored
      
      
      Rule 8.4: A compatible declaration shall be visible when
                an object or function with external linkage is defined
      
      Fixed for:
      	make DEBUG=1 PLAT=fvp LOG_LEVEL=50 all
      
      Change-Id: I32b223251b8bf5924149d89431a65d3405a73d3e
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      35a3eeb6