- 31 Jan, 2017 3 commits
- 30 Jan, 2017 1 commit
-
-
Douglas Raillard authored
Disable the automatic substitution of functions with builtins. The existing -ffreestanding option should already do this but explicitly adding -fno-builtin reduces the risk of compiler variation. With this option, GCC is not supposed to be able to make assumptions on what the function does, which could otherwise lead to security-sensitive code removal. This can lead to potentially less efficient code but improves predictability of what code is actually compiled into the binary. Change-Id: I06ad151c61318bd1b00d84976f051d2d94314acc Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 26 Jan, 2017 3 commits
-
-
danh-arm authored
Patches for 8173 crbook
-
Jeenu Viswambharan authored
The current user guide mentions that Foundation model doesn't support debugger interface. Clarify that all FVPs support --cadi-server option such that a CADI-compliant debugger can connect to and control model execution. Also fix broken URL to FVP home page. Change-Id: Ia14d618a4e0abb4b228eb1616040f9b51fb3f6f9 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
David Cunado authored
With GCC 6.2 compiler, more C undefined behaviour is being flagged as warnings, which result in build errors in ARM TF build. The specific issue that this patch resolves is the use of (1 << 31), which is predominantly used in case statements, where 1 is represented as a signed int. When shifted to msb the behaviour is undefined. The resolution is to specify 1 as an unsigned int using a convenience macro ULL(). A duplicate macro MAKE_ULL() is replaced. Fixes ARM-software/tf-issues#438 Change-Id: I08e3053bbcf4c022ee2be33a75bd0056da4073e1 Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 24 Jan, 2017 9 commits
-
-
danh-arm authored
Import constant-time bcmp() and use it where necessary
-
Antonio Nino Diaz authored
To avoid timing side-channel attacks, it is needed to use a constant time memory comparison function when comparing hashes. The affected code only cheks for equality so it isn't needed to use any variant of memcmp(), bcmp() is enough. Also, timingsafe_bcmp() is as fast as memcmp() when the two compared regions are equal, so this change incurrs no performance hit in said case. In case they are unequal, the boot sequence wouldn't continue as normal, so performance is not an issue. Change-Id: I1c7c70ddfa4438e6031c8814411fef79fd3bb4df Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Some side-channel attacks involve an attacker inferring something from the time taken for a memory compare operation to complete, for example when comparing hashes during image authentication. To mitigate this, timingsafe_bcmp() must be used for such operations instead of the standard memcmp(). This function executes in constant time and so doesn't leak any timing information to the caller. Change-Id: I470a723dc3626a0ee6d5e3f7fd48d0a57b8aa5fd Signed-off-by: dp-arm <dimitris.papastamos@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
danh-arm authored
Add strnlen() to local C library
-
Sandrine Bailleux authored
This code has been imported and slightly adapted from FreeBSD: https://github.com/freebsd/freebsd/blob/6253393ad8df55730481bf2aafd76bdd6182e2f5/lib/libc/string/strnlen.c Change-Id: Ie5ef5f92e6e904adb88f8628077fdf1d27470eb3 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Koan-Sin Tan authored
Now it's possbile to build BL31 for MT8173 with ERROR_DEPRECATED=1. Signed-off-by: Koan-Sin Tan <koansin.tan@gmail.com>
-
Koan-Sin Tan authored
Signed-off-by: Koan-Sin Tan <koansin.tan@gmail.com>
-
Koan-Sin Tan authored
Signed-off-by: Koan-Sin Tan <koansin.tan@gmail.com>
-
Koan-Sin Tan authored
make 'make ARCH=aarch64 CROSS_COMPILE=aarch64-linux-gnu- PLAT=mt8173 ENABLE_PLAT_COMPAT=0' work. Change-Id: I13f35d8aef23dfa0e65883fa0be43f1513c9fef5 Signed-off-by: Koan-Sin Tan <koansin.tan@gmail.com>
-
- 23 Jan, 2017 9 commits
-
-
danh-arm authored
Correct preprocessor conditionals
-
danh-arm authored
drivers: add designware emmc driver
-
Masahiro Yamada authored
One nasty part of ATF is some of boolean macros are always defined as 1 or 0, and the rest of them are only defined under certain conditions. For the former group, "#if FOO" or "#if !FOO" must be used because "#ifdef FOO" is always true. (Options passed by $(call add_define,) are the cases.) For the latter, "#ifdef FOO" or "#ifndef FOO" should be used because checking the value of an undefined macro is strange. For AARCH32/AARCH64, these macros are defined in the top-level Makefile as follows: ifeq (${ARCH},aarch32) $(eval $(call add_define,AARCH32)) else $(eval $(call add_define,AARCH64)) endif This means only one of the two is defined. So, AARCH32/AARCH64 belongs to the latter group where we should use #ifdef or #ifndef. The conditionals are mostly coded correctly, but I see some mistakes. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
One nasty part of ATF is some of boolean macros are always defined as 1 or 0, and the rest of them are only defined under certain conditions. For the former group, "#if FOO" or "#if !FOO" must be used because "#ifdef FOO" is always true. (Options passed by $(call add_define,) are the cases.) For the latter, "#ifdef FOO" or "#ifndef FOO" should be used because checking the value of an undefined macro is strange. Here, IMAGE_BL* is handled by make_helpers/build_macro.mk like follows: $(eval IMAGE := IMAGE_BL$(call uppercase,$(3))) $(OBJ): $(2) @echo " CC $$<" $$(Q)$$(CC) $$(TF_CFLAGS) $$(CFLAGS) -D$(IMAGE) -c $$< -o $$@ This means, IMAGE_BL* is defined when building the corresponding image, but *undefined* for the other images. So, IMAGE_BL* belongs to the latter group where we should use #ifdef or #ifndef. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
danh-arm authored
Fix parallel building
-
Haojian Zhuang authored
Support Designware eMMC driver. It's based on both IO block and eMMC driver. Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
-
danh-arm authored
Fix fiptool bug introduced by recent rework
-
danh-arm authored
Update libfdt to version 1.4.2
-
danh-arm authored
Clear static variables in X509 parser on error
-
- 19 Jan, 2017 4 commits
-
-
Masahiro Yamada authored
Append . then strip /. seems clumsy. Just use $(patsubst %/,%, ). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
Soren reports build fails if -j option is given: $ make -j16 CROSS_COMPILE=aarch64-linux-gnu- Building fvp make: *** No rule to make target 'build/fvp/release/bl1/', needed by 'build/fvp/release/bl1/bl1.ld'. Stop. make: *** Waiting for unfinished jobs.... The cause of the failure is that $(dir ) leaves a trailing / on the directory names. It must be ripped off to let Make create the directory. There are some ways to fix the issue. Here, I chose to make MAKE_LD look like MAKE_C and MAKE_S because bl*_dirs seems the central place of making directories. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reported-by: Soren Brinkmann <soren.brinkmann@xilinx.com> Tested-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
-
Antonio Nino Diaz authored
In mbedtls_x509_parser.c there are some static arrays that are filled during the integrity check and then read whenever an authentication parameter is requested. However, they aren't cleared in case of an integrity check failure, which can be problematic from a security point of view. This patch clears these arrays in the case of failure. Change-Id: I9d48f5bc71fa13e5a75d6c45b5e34796ef13aaa2 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Fix the parameter type of the maintenance functions of data cache. Add missing declarations for AArch32 versions of dcsw_op_louis and dcsw_op_all to match the AAch64 ones. Change-Id: I4226e8ea4f8b2b5bc2972992c83de659ee0da52c
-
- 18 Jan, 2017 7 commits
-
-
davidcunado-arm authored
Macro cleanups
-
davidcunado-arm authored
Correct system include order
-
danh-arm authored
mt8173: Correct SPM MCDI firmware length
-
danh-arm authored
add utility macros to utils.h
-
Masahiro Yamada authored
I do not see any line that references BL32_SIZE. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
We have lots of duplicated defines (and comment blocks too). Move them to include/plat/common/common_def.h. While we are here, suffix the end address with _END instead of _LIMIT. The _END is a better fit to indicate the linker-derived real end address. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The usage of _LIMIT seems odd here, so rename as follows: BL_CODE_LIMIT --> BL_CODE_END BL_RO_DATA_LIMIT --> BL_RO_DATA_END BL1_CODE_LIMIT --> BL1_CODE_END BL1_RO_DATA_LIMIT --> BL1_RO_DATA_END Basically, we want to use _LIMIT and _END properly as follows: *_SIZE + *_MAX_SIZE = *_LIMIT *_SIZE + *_SIZE = *_END The _LIMIT is generally defined by platform_def.h to indicate the platform-dependent memory constraint. So, its typical usage is ASSERT(. <= BL31_LIMIT, "BL31 image has exceeded its limit.") in a linker script. On the other hand, _END is used to indicate the end address of the compiled image, i.e. we do not know it until the image is linked. Here, all of these macros belong to the latter, so should be suffixed with _END. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 17 Jan, 2017 1 commit
-
-
David Cunado authored
NOTE - this is patch does not address all occurrences of system includes not being in alphabetical order, just this one case. Change-Id: I3cd23702d69b1f60a4a9dd7fd4ae27418f15b7a3
-
- 16 Jan, 2017 3 commits
-
-
Antonio Nino Diaz authored
Delete old version of libfdt at lib/libfdt. Move new libfdt API headers to include/lib/libfdt and all other files to lib/libfdt. Change-Id: I32b7888f1f20d62205310e363accbef169ad7b1b Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
* Add libfdt.mk helper makefile * Remove unused libfdt files * Minor changes to fdt.h and libfdt.h to make them C99 compliant Adapted from 754d78b1 . Change-Id: I0847f1c2e6e11f0c899b0b7ecc522c0ad7de210c Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Import libfdt code from https://git.kernel.org/cgit/utils/dtc/dtc.git tag "v1.4.2" commit ec02b34c05be04f249ffaaca4b666f5246877dea. This version includes commit d0b3ab0a0f46ac929b4713da46f7fdcd893dd3bd, which fixes a buffer overflow in fdt_offset_ptr(). Change-Id: I05a30511ea68417ee7ff26477da3f99e0bd4e06b Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-