- 27 Feb, 2017 1 commit
-
-
dp-arm authored
Currently, fiptool uses two linked lists. One to chain together all the images and one for all the image descriptors. Initially this was done because not all images had a corresponding image descriptor. This was the case for unknown images which existed in the FIP but there was no descriptor in the builtin table for them. When support for the --blob option came in, we started building descriptors for the unknown images on the fly. As a result every image now has a corresponding image descriptor and therefore it is no longer necessary to keep track of them separately. To simplify the design, maintain only a single linked list of image descriptors. An image descriptor contains a pointer to the corresponding image. If the pointer is NULL, then the descriptor is skipped in all the operations. This approach simplifies the traversal code and avoids redundant lookups. The linked list of image descriptors is populated based on the `toc_entries` array. This means that the order of the images in the FIP file remains the same across add/remove or create/update operations. This is true for all standard images (those specified in `toc_entries`) but not for those specified via the --blob option. Change-Id: Ic29a263c86c8f1efdad322b430368c7623782e2d Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 23 Feb, 2017 1 commit
-
-
davidcunado-arm authored
Tegra changes from downstream v1
-
- 22 Feb, 2017 10 commits
-
-
Varun Wadekar authored
The BL2 fills in the UART controller ID to be used as the normal as well as the crash console on Tegra platforms. The controller ID to UART controller base address mapping is handled by each Tegra SoC the base addresses might change across Tegra chips. This patch adds the handler to parse the platform params to get the UART ID for the per-soc handlers. Change-Id: I4d167b20a59aaf52a31e2a8edf94d8d6f89598fa Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch adds another member, tzdram_base, to the plat_params_from_bl2 struct in order to store the TZDRAM carveout base address used to load the Trusted OS. The monitor programs the memory controller with the TZDRAM base and size in order to deny any accesses from the NS world. Change-Id: If39b8674d548175d7ccb6525c18d196ae8a8506c Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch renames the current Memory Controller driver files to "_v1". This is done to add a driver for the new Memory Controller hardware (v2). Change-Id: I668dbba42f6ee0db2f59a7103f0ae7e1d4684ecf Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch checks that the pointers to BL3-3 and BL3-2 ep_info structs are valid before accessing them. Add some INFO prints in the BL3-1 setup path for early debugging purposes. Change-Id: I62b23fa870f1b2fb783c8de69aab819f1749d15a Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch adds support for all variants of the Denver CPUs. The variants export their cpu_ops to allow all Denver platforms to run the Trusted Firmware stack. Change-Id: I1488813ddfd506ffe363d8a32cda1b575e437035 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch modifies platform_get_core_pos() to use the Cluster ID field as well to calculate the final index value. This helps the system to store CPU data for multi-cluster configurations. Change-Id: I76e35f723f741e995c6c9156e9d61b0b2cdd2709 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch enables the processor retention and L2/CPUECTLR read/write access from the NS world only for Cortex-A57 CPUs on the Tegra SoCs. Change-Id: I9941a67686ea149cb95d80716fa1d03645325445 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch moves these address translation helper macros to individual Tegra SoC makefiles to provide more control. Change-Id: Ieab53c457c73747bd0deb250459befb5b7b9363f Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch converts the common SiP handler to SoC specific SiP handler. T210 and T132 have different SiP SMCs and so it makes sense to move the SiP handler to soc/t132 and soc/t210 folders. Change-Id: Idfe48384d63641137d74a095432df4724986b241 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
The Flow Controller hardware block is not present across all Tegra SoCs, hence include the driver files from SoC specific makefiles. T132/T210 are the SoCs which include this hardware block while future SoCs have removed it. Change-Id: Iaca25766a4fa51567293d10cf14dae968b0fae80 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 20 Feb, 2017 4 commits
- 16 Feb, 2017 5 commits
-
-
Antonio Nino Diaz authored
This reverts commit b621fb50 . Because of the Trusted Firmware design, timing-safe functions are not needed. Using them may be misleading as it could be interpreted as being a protection against private data leakage, which isn't the case here. For each image, the SHA-256 hash is calculated. Some padding is appended and the result is encrypted with a private key using RSA-2048. This is the signature of the image. The public key is stored along with BL1 in read-only memory and the encrypted hash is stored in the FIP. When authenticating an image, the TF decrypts the hash stored in the FIP and recalculates the hash of the image. If they don't match, the boot sequence won't continue. A constant-time comparison does not provide additional security as all the data involved in this process is already known to any attacker. There is no private data that can leaked through a timing attack when authenticating an image. `timingsafe_bcmp()` is kept in the codebase because it could be useful in the future. Change-Id: I44bdcd58faa586a050cc89447e38c142508c9888 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
davidcunado-arm authored
Use DC ZVA instruction to zero memory
-
davidcunado-arm authored
Fix minor issues found by cppcheck
-
davidcunado-arm authored
Migrate to Linaro Release 16.12
-
davidcunado-arm authored
Makefile: use git describe for BUILD_STRING
-
- 15 Feb, 2017 2 commits
-
-
dp-arm authored
On Juno, the secure privileged invasive debug authentication signal (SPIDEN) is controlled by board SCC registers, which by default enable SPIDEN. Disable secure privileged external debug in release builds by programming the appropriate Juno SoC registers. Change-Id: I61045f09a47dc647bbe95e1b7a60e768f5499f49 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
dp-arm authored
Trusted Firmware currently has no support for secure self-hosted debug. To avoid unexpected exceptions, disable software debug exceptions, other than software breakpoint instruction exceptions, from all exception levels in secure state. This applies to both AArch32 and AArch64 EL3 initialization. Change-Id: Id097e54a6bbcd0ca6a2be930df5d860d8d09e777 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 14 Feb, 2017 4 commits
-
-
dp-arm authored
cppcheck highlighted variables that were initialized but then later reassigned. Change-Id: Ie12742c01fd3bf48b2d6c05a3b448da91d57a2e4 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
Jeenu Viswambharan authored
The memmap IO driver doesn't perform bounds check when reading, writing, or seeking. The onus to vet parameters is on the caller, and this patch asserts that: - non-negative size is specified for for backing memory; - valid parameters are passed into the driver for read, write and seek operations. Change-Id: I6518c4065817e640e9e7e39a8a4577655f2680f7 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
The ARMv8v.1 architecture extension has introduced support for far atomics, which includes compare-and-swap. Compare and Swap instruction is only available for AArch64. Introduce build options to choose the architecture versions to target ARM Trusted Firmware: - ARM_ARCH_MAJOR: selects the major version of target ARM Architecture. Default value is 8. - ARM_ARCH_MINOR: selects the minor version of target ARM Architecture. Default value is 0. When: (ARM_ARCH_MAJOR > 8) || ((ARM_ARCH_MAJOR == 8) && (ARM_ARCH_MINOR >= 1)), for AArch64, Compare and Swap instruction is used to implement spin locks. Otherwise, the implementation falls back to using load-/store-exclusive instructions. Update user guide, and introduce a section in Firmware Design guide to summarize support for features introduced in ARMv8 Architecture Extensions. Change-Id: I73096a0039502f7aef9ec6ab3ae36680da033f16 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
davidcunado-arm authored
Bug fix and cleanup of cert_create tool
-
- 13 Feb, 2017 6 commits
-
-
davidcunado-arm authored
Fiptool cleanup
-
David Cunado authored
This Linaro release updates both the binaries and the toolchain: Linaro binaries upgraded 16.06 --> 16.12 AArch64 compiler upgraded 15.05 (gcc 4.9) --> 5.3-2015.05 (gcc 5.3) AArch32 compiler upgraded 15.05 (gcc 4.9) --> 5.3-2015.05 (gcc 5.3) The ARM TF codebase has been tested against these new binaries. This patch updates the User Guide to reflect that the 16.12 release is now a supported Linaro Release. Change-Id: I6247e820f591df7d05df4f622ee45a3abf2c2d72 Signed-off-by: David Cunado <david.cunado@arm.com>
-
davidcunado-arm authored
Decouple PSCI stat residency calculation from PMF
-
dp-arm authored
Perform stat accounting for retention/standby states also when requested at multiple power levels. Change-Id: I2c495ea7cdff8619bde323fb641cd84408eb5762 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
dp-arm authored
This patch introduces the following three platform interfaces: * void plat_psci_stat_accounting_start(const psci_power_state_t *state_info) This is an optional hook that platforms can implement in order to perform accounting before entering a low power state. This typically involves capturing a timestamp. * void plat_psci_stat_accounting_stop(const psci_power_state_t *state_info) This is an optional hook that platforms can implement in order to perform accounting after exiting from a low power state. This typically involves capturing a timestamp. * u_register_t plat_psci_stat_get_residency(unsigned int lvl, const psci_power_state_t *state_info, unsigned int last_cpu_index) This is an optional hook that platforms can implement in order to calculate the PSCI stat residency. If any of these interfaces are overridden by the platform, it is recommended that all of them are. By default `ENABLE_PSCI_STAT` is disabled. If `ENABLE_PSCI_STAT` is set but `ENABLE_PMF` is not set then an alternative PSCI stat collection backend must be provided. If both are set, then default weak definitions of these functions are provided, using PMF to calculate the residency. NOTE: Previously, platforms did not have to explicitly set `ENABLE_PMF` since this was automatically done by the top-level Makefile. Change-Id: I17b47804dea68c77bc284df15ee1ccd66bc4b79b Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
davidcunado-arm authored
Update AEM and Cortex Models versions
-
- 11 Feb, 2017 6 commits
-
-
Masahiro Yamada authored
These functions are defined above any calls. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
We should follow the Linux coding style, which is clearly stated in the docs/user-guide.mk: When making changes to the source for submission to the project, the source must be in compliance with the Linux style guide and Documentation/process/coding-style.rst of Linux Kernel says: The limit on the length of lines is 80 columns and this is a strongly preferred limit. [ snip ] However, never break user-visible strings such as printk messages, because that breaks the ability to grep for them. The strings for printf() are user-visible, and can exceed the 80 column limit. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The strings in usage functions are sent to stdout by printf(), but some new lines are sent to stderr by fputc(..., stderr). This inconsistency will break the usage format when users re-direct stdout or stderr. Just use printf() for consistency. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
These variables store return values of functions. Remove all of meaningless initializers. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The ext_new_nvcounter() function calls i2d_ASN1_INTEGER() twice; the first call to get the return value "sz", and the second one for writing data into the buffer. This is actually redundant. We can do both by one function call. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
In the current code, both key_load() and key_create() call key_new() to allocate a key container (and they do not free it even if they fail). If a specific key is not given by the command option, key_load() fails, then key_create() is called. At this point, the key container that has been allocated in key_load() is still alive, and it is overwritten by a new key container created by key_create(). Move the key_new() call to the main() function to make sure it is called just once for each descriptor. While we are here, let's fix one more bug; the error handling code ERROR("Malloc error while loading '%s'\n", keys[i].fn); is wrong because keys[i].fn is NULL pointer unless a specific key is given by the command option. This code could be run in either case. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 10 Feb, 2017 1 commit
-
-
David Cunado authored
AEMv8-A Model release v8.2 has been made available and Trusted Firmware has been tested against these versions as part of its CI system. This patch updates the user guide documentation to reflect the version of AEM and Cortex Models that Trusted Firmware has been tested against. Also, the Linaro Release Notes link was broken and this patch updates the link. Change-Id: I88729cef909a69fff629036f480fd6168ad7dc9a Signed-off-by: David Cunado <david.cunado@arm.com>
-