- 09 Nov, 2017 1 commit
-
-
Antonio Nino Diaz authored
This initial port of the Secure Partitions Manager to FVP supports BL31 in both SRAM and Trusted DRAM. A document with instructions to build the SPM has been added. Change-Id: I4ea83ff0a659be77f2cd72eaf2302cdf8ba98b32 Co-authored-by: Douglas Raillard <douglas.raillard@arm.com> Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Co-authored-by: Achin Gupta <achin.gupta@arm.com> Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 25 Oct, 2017 1 commit
-
-
Qixiang Xu authored
For Trusted Board Boot, BL2 needs more space to support the ECDSA and ECDSA+RSA algorithms. Change-Id: Ie7eda9a1315ce836dbc6d18d6588f8d17891a92d Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
-
- 16 Oct, 2017 1 commit
-
-
Jeenu Viswambharan authored
An earlier patch added provision for the platform to provide secure interrupt properties. ARM platforms already has a list of interrupts that fall into different secure groups. This patch defines macros that enumerate interrupt properties in the same fashion, and points the driver driver data to a list of interrupt properties rather than list of secure interrupts on ARM platforms. The deprecated interrupt list definitions are however retained to support legacy builds. Configuration applied to individual interrupts remain unchanged, so no runtime behaviour change expected. NOTE: Platforms that use the arm/common function plat_arm_gic_driver_init() must replace their PLAT_ARM_G1S_IRQS and PLAT_ARM_G0_IRQS macro definitions with PLAT_ARM_G1S_IRQ_PROPS and PLAT_ARM_G0_IRQ_PROPS macros respectively, using the provided INTR_PROP_DESC macro. Change-Id: I24d643b83e3333753a3ba97d4b6fb71e16bb0952 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 11 Oct, 2017 2 commits
-
-
Soby Mathew authored
Provides GICv3 save/restore feature to arm_system_pwr_domain_resume and arm_system_pwr_domain_save functions. Introduce FVP PSCI power level 3 (System level) support. This is solely done to provide example code on how to use the GICv3 save and restore helpers. Also make CSS GICv3 platforms power off the Redistributor on SYSTEM SUSPEND as its state is saved and restored. Change-Id: I0d852f3af8824edee1a17c085cf593ddd33a4e77 Signed-off-by: Soby Mathew <soby.mathew@arm.com> Co-Authored-by: Douglas Raillard <douglas.raillard@arm.com>
-
Soby Mathew authored
Some recent enhancements to EL3 runtime firmware like support for save and restoring GICv3 register context during system_suspend necessitates additional data memory for the firmware. This patch introduces support for creating a TZC secured DDR carveout for use by ARM reference platforms. A new linker section `el3_tzc_dram` is created using platform supplied linker script and data marked with the attribute `arm_el3_tzc_dram` will be placed in this section. The FVP makefile now defines the `PLAT_EXTRA_LD_SCRIPT` variable to allow inclusion of the platform linker script by the top level BL31 linker script. Change-Id: I0e7f4a75a6ac51419c667875ff2677043df1585d Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 05 Oct, 2017 1 commit
-
-
Soby Mathew authored
During system suspend, the GICv3 Distributor and Redistributor context can be lost due to power gating of the system power domain. This means that the GICv3 context needs to be saved prior to system suspend and restored on wakeup. Currently the consensus is that the Firmware should be in charge of this. See tf-issues#464 for more details. This patch introduces helper APIs in the GICv3 driver to save and restore the Distributor and Redistributor contexts. The GICv3 ITS context is not considered in this patch because the specification says that the details of ITS power management is implementation-defined. These APIs are expected to be appropriately invoked by the platform layer during system suspend. Fixes ARM-software/tf-issues#464 Change-Id: Iebb9c6770ab8c4d522546f161fa402d2fe02ec00 Signed-off-by: Soby Mathew <soby.mathew@arm.com> Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 04 Oct, 2017 1 commit
-
-
Jeenu Viswambharan authored
Commit 11ad8f20 added supporting multi-threaded CPUs on FVP platform, including modifications for calculating CPU IDs. This patch imports the strong definition of the same CPU ID calculation on FVP platform for TSP. Without this patch, TSP on FVP was using the default CPU ID calculation, which would end up being wrong on CPUs with multi-threading. Change-Id: If67fd492dfce1f57224c9e693988c4b0f89a9a9a Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 25 Sep, 2017 2 commits
-
-
Roberto Vargas authored
On ARM platforms, the maximum size of the address space is limited to 32-bits as defined in arm_def.h. In order to access DRAM2, which is defined beyond the 32-bit address space, the maximum address space is increased to 36-bits in AArch64. It is possible to increase the virtual space for AArch32, but it is more difficult and not supported for now. NOTE - the actual maximum memory address space is platform dependent and is checked at run-time by querying the PARange field in the ID_AA64MMFR0_EL1 register. Change-Id: I6cb05c78a63b1fed96db9a9773faca04a5b93d67 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
mem_protect needs some kind of non-volatile memory because it has to remember its state across reset and power down events. The most suitable electronic part for this feature is a NVRAM which should be only accesible from the secure world. Juno and FVP lack such hardware and for this reason the MEM_PROTECT functionality is implemented with Flash EEPROM memory on both boards, even though this memory is accesible from the non-secure world. This is done only to show a full implementation of these PSCI features, but an actual system shouldn't use a non-secure NVRAM to implement it. The EL3 runtime software will write the mem_protect flag and BL2 will read and clear the memory ranges if enabled. It is done in BL2 because it reduces the time that TF needs access to the full non-secure memory. The memory layout of both boards is defined using macros which take different values in Juno and FVP platforms. Generic platform helpers are added that use the platform specific macros to generate a mem_region_t that is valid for the platform. Change-Id: I2c6818ac091a2966fa07a52c5ddf8f6fde4941e9 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 22 Sep, 2017 2 commits
-
-
Qixiang Xu authored
- fixed compile error when KEY_ALG=ecdsa - add new option ecdsa for TF_MBEDTLS_KEY_ALG - add new option devel_ecdsa for ARM_ROTPK_LOCATION - add ecdsa key at plat/arm/board/common/rotpk/ - reduce the mbedtls heap memory size to 13k Change-Id: I3f7a6170af93fdbaaa7bf2fffb4680a9f6113c13 Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
-
Qixiang Xu authored
For Trusted Board Boot, BL1 RW section and BL2 need more space to support the ECDSA algorithm. Specifically, PLAT_ARM_MAX_BL1_RW_SIZE is increased on ARM platforms. And on the Juno platform: - BL2 size, PLAT_ARM_MAX_BL2_SIZE is increased. - SCP_BL2 is loaded into the space defined by BL31_BASE -> BL31_RW_BASE. In order to maintain the same size space for SCP_BL2,PLAT_ARM_MAX_BL31_SIZE is increased. Change-Id: I379083f918b40ab1c765da4e71780d89f0058040 Co-Authored-By: David Cunado <david.cunado@arm.com> Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
-
- 21 Sep, 2017 1 commit
-
-
Sandrine Bailleux authored
platform_def.h doesn't need all the definitions in utils.h, the ones in utils_def.h are enough. This patch is related to the changes introduced by commit 53d9c9c8 . Change-Id: I4b2ff237a2d7fe07a7230e0e49b44b3fc2ca8abe Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 07 Sep, 2017 1 commit
-
-
Eleanor Bonnici authored
Earlier patches added errata workarounds 859972 for Cortex-A72, and 859972 for Cortex-A57 CPUs. Explicitly disable the workaround for Juno. Also reorganize errata workaround flags. No functional changes. Change-Id: I3fe3745de57d77e5bf52012826d3969fe5d4844e Signed-off-by: Eleanor Bonnici <Eleanor.bonnici@arm.com> Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 06 Sep, 2017 3 commits
-
-
Soby Mathew authored
This patch does the required changes to enable CSS platforms to build and use the SDS framework. Since SDS is always coupled with SCMI protocol, the preexisting SCMI build flag is now renamed to `CSS_USE_SCMI_SDS_DRIVER` which will enable both SCMI and SDS on CSS platforms. Also some of the workarounds applied for SCMI are now removed with SDS in place. Change-Id: I94e8b93f05e3fe95e475c5501c25bec052588a9c Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Soby Mathew authored
This patch factors out common files required for sp_min for all CSS platforms from the JUNO specific makefile to a the new `css_sp_min.mk` makefile. This also allows the common build options that affect CSS platforms to be configured in a central makefile for sp_min. Change-Id: Ida952d8833b1aa5eda77ae0a6664a4632aeab24c Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Roberto Vargas authored
plat_get_my_entrypoint was branching to juno_do_reset_to_aarch_32_state, which is not supposed to return, and in case of returning it implemented an infinite loop. The problem was that plat_get_my_entrypoint was using "b" instead of "bl", so juno_do_reset_to_aarch_32_state was returning to the caller of plat_get_my_entrypoint instead of stop the system with a panic. To avoid this problem juno_do_reset_to_aarch_32_state was modified to call directly to plat_panic_handler if it tries to return. Change-Id: I591cf2dd78d27d8568fb15b91366e4b3dce027b5 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 05 Sep, 2017 1 commit
-
-
Soby Mathew authored
The commit 3eb2d672 optimizes the memory map for BL2 when TSP is not present. But this also broke OP-TEE as it was reusing the TSP mapping. This patch fixes this problem by adding a separate mapping for OP-TEE in the BL2 memory map table. Change-Id: I130a2ea552b7b62d8478081feb1f4ddf5292a118 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 31 Aug, 2017 2 commits
-
-
Sandrine Bailleux authored
This patch ensures that the ARM_MAP_TSP_SEC_MEM memory region is mapped in BL2 only if the TSPD has been included in the build. This saves one entry in the plat_arm_mmap[] array and avoids to map extra memory when it's not needed. Change-Id: I6ae60822ff8f0de198145925b0b0d45355179a94 Signed-off-by: Achin Gupta <achin.gupta@arm.com> Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Soby Mathew authored
This patch fixes the PLAT_LOG_LEVEL_ASSERT to 40 which corresponds to LOG_LEVEL_INFO. Having this level of log for assertions means that the `assert()` will not generate the strings implied in the expression taken as parameter. This allows to save some memory when Juno is built for LOG_LEVEL = LOG_LEVEL_VERBOSE and DEBUG = 1. Fixes ARM-software/tf-issues#511 Change-Id: Id84a40f803ab07a5a8f6e587167af96694a07d04 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 29 Aug, 2017 1 commit
-
-
Jeenu Viswambharan authored
The current definition of ARM_INSTANTIATE_LOCK macro includes a semicolon, which means it's omitted where it's used. This is anomalous for a C statement in global scope. Fix this by removing semicolon from the definition; and where it's a NOP, declare a file-scoped variable explicitly tagged as unused to avoid compiler warning. No functional changes. Change-Id: I2c1d92ece4777e272a025011e03b8003f3543335 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 25 Aug, 2017 1 commit
-
-
Jens Wiklander authored
If SPD_opteed is defined map ARM_OPTEE_PAGEABLE_LOAD_MEM in bl2 to allow loading of OP-TEE paged part. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
-
- 23 Aug, 2017 2 commits
-
-
Isla Mitchell authored
At present, the MPIDR validation on FVP relies on MT bit set along with shifted affinities. This currently is additionally dependent on the FVP model being of variant C. This however should be based on the presence of MT bit alone. This patch makes the change to always assume that the affinities are shifted in the FVP model when MT bit is present. Change-Id: I09fcb0126e1b38d29124bdeaf3450a60b95d485d Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
-
Roberto Vargas authored
The nor_XXXXX functions may fail due to different reasons, and it is convenient to do a full check to detect any failure. It is also a good idea to have a specific function to do a full status check, because new checks can be added to this function and they will be incorporated automatically to any function calling it. Change-Id: I54fed913e37ef574c1608e94139a519426348d12 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 22 Aug, 2017 4 commits
-
-
Roberto Vargas authored
NOR memory only supports setting bits to 1. To clear a bit, set to zero, the NOR memory needs to be erased. Change-Id: Ia82eb15a5af9a6d4fc7e5ea2b58e6db87226b351 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
The status register bits remain until explicitly cleared, which means that a command can be incorrectly considered to have generated an error - for example, after reset the status register contents may be unknown or if a previous command had failed. This patch clears the status register before beginning any command to be sure that the status register only represents information about the current operation. Change-Id: I9e98110ee24179937215461c00b6543a3467b350 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
lock/unlock operation must wait until WSM bit is set. Since we do not allow to loop forever then these functions must return an error if WSM bit isn't enabled after a number of tries. Change-Id: I21c9e292b514b28786ff4a225128bcd8c1bfa999 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
- Add comments to all the functions - Simplify nor_poll_dws - Simplify nor_word_program Change-Id: I29c0199d2908a4fceb1ac3430fcfdd699be22bb3 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 09 Aug, 2017 1 commit
-
-
Summer Qin authored
Trusted OS may have extra images to be loaded. Load them one by one and do the parsing. In this patch, ARM TF need to load up to 3 images for optee os: header, pager and paged images. Header image is the info about optee os and images. Pager image include pager code and data. Paged image include the paging parts using virtual memory. Change-Id: Ia3bcfa6d8a3ed7850deb5729654daca7b00be394 Signed-off-by: Summer Qin <summer.qin@arm.com>
-
- 02 Aug, 2017 1 commit
-
-
Jeenu Viswambharan authored
Revision C of the Base FVP has the same memory map as earlier revisions, but has the following differences: - Implements CCI550 instead of CCI400, - Has a single instantiation of SMMUv3, - CPU MPIDs are shifted left by one level, and has MT bit set in them. The correct interconnect to program is chosen at run time based on the FVP revision. Therefore, this patch implements FVP functions for interconnect programming, rather than depending on ARM generic ones. The macros used have been renamed to reflect this change. Additionally, this patch initializes SMMUv3 as part of FVP early platform setup. New ARM config flags are introduced for feature queries at run time. Change-Id: Ic7b7f080953a51fceaf62ce7daa6de0573801f09 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 01 Aug, 2017 2 commits
-
-
Jeenu Viswambharan authored
The CCI crash dump macros assumes CCI base at build time. Since this can't be the case for CCI on FVP, choose not to register dump CCI registers for FVP. Change-Id: I7374a037e7fd0a85b138e84b3cf0aa044262da97 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
ARM CPUs with multi-threading implementation has more than one Processing Element in a single physical CPU. Such an implementation will reflect the following changes in the MPIDR register: - The MT bit set; - Affinity levels pertaining to cluster and CPUs occupy one level higher than in a single-threaded implementation, and the lowest affinity level pertains to hardware threads. MPIDR affinity level fields essentially appear shifted to left than otherwise. The FVP port henceforth assumes that both properties above to be concomitant on a given FVP platform. To accommodate for varied MPIDR formats at run time, this patch re-implements the FVP platform-specific functions that translates MPIDR values to a linear indices, along with required validation. The same treatment is applied for GICv3 MPIDR hashing function as well. An FVP-specific build option FVP_MAX_PE_PER_CPU is introduced which specifies the maximum number of threads implemented per CPU. For backwards compatibility, its value defaults to 1. Change-Id: I729b00d3e121d16ce9a03de4f9db36dfac580e3f Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 25 Jul, 2017 1 commit
-
-
Sandrine Bailleux authored
The DEVICE2 memory range is needed to access the Root of Trust Public Key registers. This is not needed when Trusted Board Boot is disabled so it's safer to not map it in this case. This also saves one level-2 page table in each of BL1 and BL2 images. Also add some comments. Change-Id: I67456b44f3fd5e145f6510a8499b7fdf720a7273 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 20 Jul, 2017 1 commit
-
-
Soby Mathew authored
Recent patches to reduce the memory footprint of BL images have resulted in saving several pages of memory. This patch reduces the BL2 size limit by 20KB for Juno when ARM_BOARD_OPTIMISE_MEM=1 so that more free space can be freed up for Trusted OS (BL32). Also SCP_BL2/SCP_BL2U size is now restricted to 80K. Change-Id: I1573d7a34e24d15e4abce8a14da40dbb5dc81e37 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 14 Jul, 2017 1 commit
-
-
Isla Mitchell authored
This fix modifies the order of #includes in ARM standard platforms to meet the ARM TF coding standard. Change-Id: Ide19aad6233babda4eea2d17d49e523645fed1b2 Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
-
- 28 Jun, 2017 2 commits
-
-
Soby Mathew authored
This patch implements the platform APIs plat_get_rotpk_info, plat_get_nv_ctr, plat_set_nv_ctr to invoke CryptoCell SBROM APIs when ARM_CRYPTOCELL_INT is set. Change-Id: I693556b3c7f42eceddd527abbe6111e499f55c45 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Soby Mathew authored
This patch makes the necessary changes to enable ARM platform to successfully integrate CryptoCell during Trusted Board Boot. The changes are as follows: * A new build option `ARM_CRYPTOCELL_INTEG` is introduced to select the CryptoCell crypto driver for Trusted Board boot. * The TrustZone filter settings for Non Secure DRAM is modified to allow CryptoCell to read this memory. This is required to authenticate BL33 which is loaded into the Non Secure DDR. * The CSS platforms are modified to use coherent stacks in BL1 and BL2 when CryptoCell crypto is selected. This is because CryptoCell makes use of DMA to transfer data and the CryptoCell SBROM library allocates buffers on the stack during signature/hash verification. Change-Id: I1e6f6dcd1899784f1edeabfa2a9f279bbfb90e31 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 26 Jun, 2017 2 commits
-
-
Dimitris Papastamos authored
On Juno AArch32, the L2 cache may contain garbage after the warm reset from AArch64 to AArch32. This is all fine until the MMU is configured and the data caches enabled. To avoid fetching stale data from the L2 unified cache, invalidate it before the warm reset to AArch32 state. Change-Id: I7d27e810692c02c3e83c9f31de67f6bae59a960a Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
Before BL2 loads the SCP ram firmware, `SCP_BOOT_CFG_ADDR` specifies the primary core. After the SCP ram firmware has started executing, `SCP_BOOT_CFG_ADDR` is modified. This is not normally an issue but the Juno AArch32 boot flow is a special case. BL1 does a warm reset into AArch32 and the core jumps to the `sp_min` entrypoint. This is effectively a `RESET_TO_SP_MIN` configuration. `sp_min` has to be able to determine the primary core and hence we need to restore `SCP_BOOT_CFG_ADDR` to the cold boot value before `sp_min` runs. This magically worked when booting on A53 because the core index was zero and it just so happened to match with the new value in `SCP_BOOT_CFG_ADDR`. Change-Id: I105425c680cf6238948625c1d1017b01d3517c01 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 22 Jun, 2017 2 commits
-
-
Douglas Raillard authored
These errata are only applicable to AArch64 state. See the errata notice for more details: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.epm048406/index.html Introduce the build options ERRATA_A53_835769 and ERRATA_A53_843419. Enable both of them for Juno. Apply the 835769 workaround as following: * Compile with -mfix-cortex-a53-835769 * Link with --fix-cortex-a53-835769 Apply the 843419 workaround as following: * Link with --fix-cortex-a53-843419 The erratum 843419 workaround can lead the linker to create new sections suffixed with "*.stub*" and 4KB aligned. The erratum 835769 can lead the linker to create new "*.stub" sections with no particular alignment. Also add support for LDFLAGS_aarch32 and LDFLAGS_aarch64 in Makefile for architecture-specific linker options. Change-Id: Iab3337e338b7a0a16b0d102404d9db98c154f8f8 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
dp-arm authored
SPE is only supported in non-secure state. Accesses to SPE specific registers from SEL1 will trap to EL3. During a world switch, before `TTBR` is modified the SPE profiling buffers are drained. This is to avoid a potential invalid memory access in SEL1. SPE is architecturally specified only for AArch64. Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-