- 01 Mar, 2018 3 commits
-
-
Arve Hjønnevåg authored
memset does not return a useful result here, so explitcitly ignore it Change-Id: I33cd2228cadc280ee8e5ce3a4f8682dde9a7c16c
-
Arve Hjønnevåg authored
Change-Id: I9f9a8a159b41be1c865a20801d03a1b2934c3cac
-
Arve Hjønnevåg authored
Change-Id: Ie4f937808d24c9b45066c6582c4eee61699ef6df
-
- 22 Feb, 2018 1 commit
-
-
Arve Hjønnevåg authored
Fixes tegra build with SPD=trusty. Not tested. Change-Id: I851a2b00b8b1cc65112b6088980a811d8eda1a99
-
- 01 Feb, 2018 1 commit
-
-
Arve Hjønnevåg authored
Signed-off-by: Arve Hjønnevåg <arve@android.com>
-
- 25 Jan, 2018 5 commits
-
-
Arve Hjønnevåg authored
Add off/on argument to SMC_FC_CPU_SUSPEND SMC_FC_CPU_RESUME and pass 1 when called from the cpu on/off hooks. Change-Id: Ie233c446fd38b3ff8546e445a8d86a15d2816093 Signed-off-by: Arve Hjønnevåg <arve@android.com>
-
Arve Hjønnevåg authored
The secure physical timer is inacessible from 32-bit S-EL1 (when EL3 is 64-bit) so trusty will use the non-secure physical timer in this case. Linux will use the virtual timer instead of the physical timer when started in EL1. Change-Id: Ie49348d9a27e5287676dd4a77f678ecbd6c2309f Signed-off-by: Arve Hjønnevåg <arve@android.com>
-
Arve Hjønnevåg authored
The original patch has been partly merged. This adds the missing pieces. Change-Id: I77fd434feab396ff05d9b8e0c1761e4dd588a701 Signed-off-by: Arve Hjønnevåg <arve@android.com>
-
Arve Hjønnevåg authored
Add smc calls to return gic base address and print to the debug console. Allows running a generic trusty binary. Change-Id: I4b6540f140f11432cdff43c3f5a2097df09dc9d1 Signed-off-by: Arve Hjønnevåg <arve@android.com>
-
Arve Hjønnevåg authored
Change-Id: I081901e7df22f78dd9c4fc4c6bfad2aceb870a2d Signed-off-by: Arve Hjønnevåg <arve@android.com>
-
- 10 Jan, 2018 1 commit
-
-
Antonio Nino Diaz authored
Rename SP_VERSION macros to MM_VERSION, which is the name used in the MM specification [1]. Also, a few more helper macros have been added. MM-specific definitions have been moved to their own header file. [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0060a/DEN0060A_ARM_MM_Interface_Specification.pdf Change-Id: Ia10e48c7e81a7a1f5eeca29a5270cae740a4a88a Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 09 Jan, 2018 1 commit
-
-
Varun Wadekar authored
This patch adds support to receive function ID with NS world's memory ranges to provide the memory snapshot to TLK. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 08 Jan, 2018 2 commits
-
-
Antonio Nino Diaz authored
The Secure Partition should be able to be used from any CPU, not just the lead one. This patch point the secure contexts of all secondary CPUs to the same one used by the lead CPU for the Secure Partition. This way, they can also use it. In order to prevent more than one CPU from using the Secure Partition at the same time, a lock has been added. Change-Id: Ica76373127c3626498b06c558a4874ce72201ff7 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Whether a Secure Partition is being initialized or not is something related to that specific partition, so it should be saved with the rest of the information related to it. Change-Id: Ie8a780f70df83fb03ef9c01ba37960208d9b5319 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 12 Dec, 2017 1 commit
-
-
Sandrine Bailleux authored
This partially reverts commit d6b532b5 , keeping only the fixes to the assertions. The changes related to the order of arguments passed to the secure partition were not correct and violated the specification of the SP_EVENT_COMPLETE SMC. This patch also improves the MM_COMMUNICATE argument validation. The cookie argument, as it comes from normal world, can't be trusted and thus needs to always be validated at run time rather than using an assertion. Also validate the communication buffer address and return INVALID_PARAMETER if it is zero, as per the MM specification. Fix a few typos in comments and use the "secure partition" terminology rather than "secure payload". Change-Id: Ice6b7b5494b729dd44611f9a93d362c55ab244f7 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 06 Dec, 2017 3 commits
-
-
Antonio Nino Diaz authored
A new platform define, `PLAT_SP_IMAGE_XLAT_SECTION_NAME`, has been introduced to select the section where the translation tables used by the S-EL1/S-EL0 are placed. This define has been used to move the translation tables to DRAM secured by TrustZone. Most of the extra needed space in BL31 when SPM is enabled is due to the large size of the translation tables. By moving them to this memory region we can save 44 KiB. A new argument has been added to REGISTER_XLAT_CONTEXT2() to specify the region where the translation tables have to be placed by the linker. Change-Id: Ia81709b4227cb8c92601f0caf258f624c0467719 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Common code mustn't include ARM platforms headers. Change-Id: Ib6e4f5a77c2d095e6e8c3ad89c89cb1959cd3043 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Jeenu Viswambharan authored
At present, both SDEI_PRIVATE_RESET and SDEI_SHARED_RESET returns SDEI_PENDING if they fail to unregister an event. The SDEI specification however requires that the APIs return SDEI_EDENY in these cases. This patch fixes the return codes for the reset APIs. Change-Id: Ic14484c91fa8396910387196c256d1ff13d03afd Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 05 Dec, 2017 2 commits
-
-
Sandrine Bailleux authored
Rename SP_COMMUNICATE_AARCH32/AARCH64 into MM_COMMUNICATE_AARCH32/AARCH64 to align with the MM specification [1]. [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0060a/DEN0060A_ARM_MM_Interface_Specification.pdf Change-Id: I478aa4024ace7507d14a5d366aa8e20681075b03 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Antonio Nino Diaz authored
The defines have been renamed to match the names used in the documentation. Change-Id: I2f18b65112d2db040a89d5a8522e9790c3e21628 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 20 Nov, 2017 2 commits
-
-
Jeenu Viswambharan authored
The SDEI specification requires that binding a client interrupt dispatches SDEI Normal priority event. This means that dynamic events can't have Critical priority. Add asserts for this. Change-Id: I0bdd9e0e642fb2b61810cb9f4cbfbd35bba521d1 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
Change-Id: Ic381ab5d03ec68c7f6e8d357ac2e2cbf0cc6b2e8 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 15 Nov, 2017 2 commits
-
-
Antonio Nino Diaz authored
The parameters passed to the Secure world from the Secure Partition Manager when invoking SP_COMMUNICATE_AARCH32/64 were incorrect, as well as the checks done on them. Change-Id: I26e8c80cad0b83437db7aaada3d0d9add1c53a78 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
The code was incorrectly reading from ID_AA64PRF0_EL1 instead of ID_AA64MMFR0_EL1 causing the supported granularity sizes returned by the code to be wrong. This wasn't causing any problem because it's just used to check the alignment of the base of the buffer shared between Non-secure and Secure worlds, and it was aligned to more than 64 KiB, which is the maximum granularity supported by the architecture. Change-Id: Icc0d949d9521cc0ef13afb753825c475ea62d462 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 13 Nov, 2017 3 commits
-
-
Jeenu Viswambharan authored
Change-Id: Iee617a3528225349b6eede2f8abb26da96640678 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
This allows for other EL3 components to schedule an SDEI event dispatch to Normal world upon the next ERET. The API usage constrains are set out in the SDEI dispatcher documentation. Documentation to follow. Change-Id: Id534bae0fd85afc94523490098c81f85c4e8f019 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
The implementation currently supports only interrupt-based SDEI events, and supports all interfaces as defined by SDEI specification version 1.0 [1]. Introduce the build option SDEI_SUPPORT to include SDEI dispatcher in BL31. Update user guide and porting guide. SDEI documentation to follow. [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0054a/ARM_DEN0054A_Software_Delegated_Exception_Interface.pdf Change-Id: I758b733084e4ea3b27ac77d0259705565842241a Co-authored-by: Yousuf A <yousuf.sait@arm.com> Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 10 Nov, 2017 1 commit
-
-
Antonio Nino Diaz authored
The MP info struct is placed right after the boot info struct. However, when calculating the address of the MP info, the size of the boot info struct was being multiplied by the size of the MP boot info. This left a big gap of empty space between the structs. This didn't break any code because the boot info struct has a pointer to the MP info struct. It was just wasting space. Change-Id: I1668e3540d9173261968f6740623549000bd48db Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 08 Nov, 2017 2 commits
-
-
Antonio Nino Diaz authored
A Secure Partition is a software execution environment instantiated in S-EL0 that can be used to implement simple management and security services. Since S-EL0 is an unprivileged exception level, a Secure Partition relies on privileged firmware e.g. ARM Trusted Firmware to be granted access to system and processor resources. Essentially, it is a software sandbox that runs under the control of privileged software in the Secure World and accesses the following system resources: - Memory and device regions in the system address map. - PE system registers. - A range of asynchronous exceptions e.g. interrupts. - A range of synchronous exceptions e.g. SMC function identifiers. A Secure Partition enables privileged firmware to implement only the absolutely essential secure services in EL3 and instantiate the rest in a partition. Since the partition executes in S-EL0, its implementation cannot be overly complex. The component in ARM Trusted Firmware responsible for managing a Secure Partition is called the Secure Partition Manager (SPM). The SPM is responsible for the following: - Validating and allocating resources requested by a Secure Partition. - Implementing a well defined interface that is used for initialising a Secure Partition. - Implementing a well defined interface that is used by the normal world and other secure services for accessing the services exported by a Secure Partition. - Implementing a well defined interface that is used by a Secure Partition to fulfil service requests. - Instantiating the software execution environment required by a Secure Partition to fulfil a service request. Change-Id: I6f7862d6bba8732db5b73f54e789d717a35e802f Co-authored-by: Douglas Raillard <douglas.raillard@arm.com> Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Co-authored-by: Achin Gupta <achin.gupta@arm.com> Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
A line in the upstream SPDs is only compiled in in `DEBUG` builds. This line is used to help with assertions and so assertion failures can happen in release builds with assertions enabled. Use `ENABLE_ASSERTIONS` instead of `DEBUG`. This bug was introduced in commit aa61368e , which introduced the build option `ENABLE_ASSERTIONS`. Change-Id: I7977df9c89c68677b00099b2a1926fa3cb0937c6 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 19 Sep, 2017 1 commit
-
-
Aijun Sun authored
Currently, Trusty OS/LK implemented FPU context switch in internal thread switch but does not implement the proper mechanism for world switch. This commit just simply saves/restores FPU registes in world switch to prevent FPU context from being currupted when Trusty OS uses VFP in its applications. It should be noted that the macro *CTX_INCLUDE_FPREGS* must be defined in trusty.mk if Trusty OS uses VFP Signed-off-by: Aijun Sun <aijun.sun@spreadtrum.com>
-
- 24 Aug, 2017 1 commit
-
-
Jens Wiklander authored
Pass device tree pointer to OP-TEE in x2. bl2 is expected to fill in the device tree pointer in args.arg3. Passing 0 means that device tree is unavailable. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
-
- 09 Aug, 2017 1 commit
-
-
Edison Ai authored
ARM TF need transfer information about pageable image load address and memory limit to OPTEE. OPTEE will relocate the pageable image to where it's needed. The legacy OP-TEE images that do not include header information are not affected. Change-Id: Id057efbbc894de7c36b2209b391febea4729c455 Signed-off-by: Edison Ai <edison.ai@arm.com>
-
- 12 Jul, 2017 1 commit
-
-
Isla Mitchell authored
This fix modifies the order of system includes to meet the ARM TF coding standard. There are some exceptions in order to retain header groupings, minimise changes to imported headers, and where there are headers within the #if and #ifndef statements. Change-Id: I65085a142ba6a83792b26efb47df1329153f1624 Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
-
- 14 Jun, 2017 1 commit
-
-
Varun Wadekar authored
This patch enables the 'sign-compare' flag, to enable warning/errors for comparisons between signed/unsigned variables. The warning has been enabled for all the Tegra platforms, to start with. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 04 May, 2017 1 commit
-
-
David Cunado authored
Since Issue B (November 2016) of the SMC Calling Convention document standard SMC calls are renamed to yielding SMC calls to help avoid confusion with the standard service SMC range, which remains unchanged. http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pd A previous patch introduced a new define for yielding SMC call type. This patch updates the secure payload dispatchers (except the TSPD) to use this new define and also migrates the code to use the new terminology. Change-Id: I3d2437c04e3b21fdbd32019f55c066c87679a5bf Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 03 May, 2017 1 commit
-
-
dp-arm authored
To make software license auditing simpler, use SPDX[0] license identifiers instead of duplicating the license text in every file. NOTE: Files that have been imported by FreeBSD have not been modified. [0]: https://spdx.org/ Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 26 Apr, 2017 1 commit
-
-
David Cunado authored
Since Issue B (November 2016) of the SMC Calling Convention document standard SMC calls are renamed to yielding SMC calls to help avoid confusion with the standard service SMC range, which remains unchanged. http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf This patch adds a new define for yielding SMC call type and deprecates the current standard SMC call type. The tsp is migrated to use this new terminology and, additionally, the documentation and code comments are updated to use this new terminology. Change-Id: I0d7cc0224667ee6c050af976745f18c55906a793 Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 20 Apr, 2017 1 commit
-
-
Antonio Nino Diaz authored
SMC_RET0 should only be used when the SMC code works as a function that returns void. If the code of the SMC uses SMC_RET1 to return a value to signify success and doesn't return anything in case of an error (or the other way around) SMC_RET1 should always be used to return clearly identifiable values. This patch fixes two cases in which the code used SMC_RET0 instead of SMC_RET1. It also introduces the define SMC_OK to use when an SMC must return a value to tell that it succeeded, the same way as SMC_UNK is used in case of failure. Change-Id: Ie4278b51559e4262aced13bbde4e844023270582 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 06 Mar, 2017 1 commit
-
-
Varun Wadekar authored
This patch removes support for running Trusty in the AARCH32 mode as all platforms use it in only AARCH64 mode. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-