1. 12 Jul, 2017 1 commit
  2. 07 Jul, 2017 1 commit
  3. 06 Jul, 2017 2 commits
    • David Cunado's avatar
      Release v1.4: update change-log.rst · aee3ef48
      David Cunado authored
      
      
      Updated change-log.rst with summary of changes since release v1.3.
      
      Change-Id: Iecd31ed315bd9ad7ffe8bce6550f7c90e1e3a9b0
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      aee3ef48
    • David Cunado's avatar
      Migrate to Linaro release 17.04 · 31f2f79d
      David Cunado authored
      
      
      ARM TF has been tested against Linaro Release 17.04 - the Linaro
      binaries have been update and also the version of the compiler.
      
      Linaro binaries: 17.01 --> 17.04
      AArch64 & AArch32 compilers: 5.3-2015.05 (gcc 5.3) -> 6.2-2016.11 (gcc 6.2)
      
      This patch updates the User Guide is to state that Linaro
      release 17.04 is supported.
      
      Additionally, the following fixes are made to the User Guide:
      - Removed out of date reference to Linaro release 16.06.
      - Updated the Juno variant coverage to include r2.
      
      Change-Id: Iebbced3356f8c6b3c2bff2df62574db9f937ca7b
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      31f2f79d
  4. 05 Jul, 2017 1 commit
    • David Cunado's avatar
      Update Foundation, AEM and Cortex Models versions · 64d50c74
      David Cunado authored
      
      
      Trusted Firmware has been tested as part of its CI system against Cortex
      and Foundation models in the 11.0 Model release available on
      developer.arm.com. Trusted Firmware has also been tested against the v8.5
      AEM model.
      
      This patch updates the user guide documentation to reflect the version of
      the Foundation, AEM and Cortex Models that Trusted Firmware has been
      tested against.
      
      Change-Id: I3b5b4d1e4220bda1dcc88aa9cfa01fa711ed92cd
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      64d50c74
  5. 29 Jun, 2017 4 commits
  6. 28 Jun, 2017 5 commits
    • Soby Mathew's avatar
      ARM plat changes to enable CryptoCell integration · e60f2af9
      Soby Mathew authored
      
      
      This patch makes the necessary changes to enable ARM platform to
      successfully integrate CryptoCell during Trusted Board Boot. The
      changes are as follows:
      
      * A new build option `ARM_CRYPTOCELL_INTEG` is introduced to select
        the CryptoCell crypto driver for Trusted Board boot.
      
      * The TrustZone filter settings for Non Secure DRAM is modified
        to allow CryptoCell to read this memory. This is required to
        authenticate BL33 which is loaded into the Non Secure DDR.
      
      * The CSS platforms are modified to use coherent stacks in BL1 and BL2
        when CryptoCell crypto is selected. This is because CryptoCell makes
        use of DMA to transfer data and the CryptoCell SBROM library allocates
        buffers on the stack during signature/hash verification.
      
      Change-Id: I1e6f6dcd1899784f1edeabfa2a9f279bbfb90e31
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      e60f2af9
    • Douglas Raillard's avatar
      Document CFLAGS make option · f7ad7a63
      Douglas Raillard authored
      
      
      CFLAGS content can be set on the command line to allow passing extra
      options to the compiler. Its content is appended after the options set
      by the Makefile (TF_CFLAGS).
      
      The Makefiles must use TF_CFLAGS instead of CFLAGS, as the latter can be
      completely overriden by setting it on the command line.
      
      Also tell about LDFLAGS in the "Debugging options" section.
      
      Change-Id: Iaf27b424002898ef3040133f78cb133983a37aee
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      f7ad7a63
    • Douglas Raillard's avatar
      Introduce TF_LDFLAGS · c2b8806f
      Douglas Raillard authored
      
      
      Use TF_LDFLAGS from the Makefiles, and still append LDFLAGS as well to
      the compiler's invocation. This allows passing extra options from the
      make command line using LDFLAGS.
      
      Document new LDFLAGS Makefile option.
      
      Change-Id: I88c5ac26ca12ac2b2d60a6f150ae027639991f27
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      c2b8806f
    • Isla Mitchell's avatar
      Add Juno AArch32 and AArch64 User Guide instructions · f5f1f9f2
      Isla Mitchell authored
      
      
      Updated section 6, building a FIP for Juno and FVP, adding
      instructions for AArch32 and AArch64.
      
      Updated section 4.1, summary of build options, to include a
      description of the `JUNO_AARCH32_EL3_RUNTIME` build flag.
      
      Change-Id: I4ed006522cab981371c382859063f088fbfcb8f7
      Signed-off-by: default avatarIsla Mitchell <isla.mitchell@arm.com>
      f5f1f9f2
    • Roberto Vargas's avatar
      Improve format of exception vectors in BL1 description · 7e3f1d9c
      Roberto Vargas authored
      
      
      Without the additional newlines all the text becomes a single paragraph
      and next newlines are ignored.
      
      Change-Id: I783198477f654e3923fcabb21248f2bc62c33e9d
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      7e3f1d9c
  7. 27 Jun, 2017 1 commit
  8. 22 Jun, 2017 1 commit
    • dp-arm's avatar
      aarch64: Enable Statistical Profiling Extensions for lower ELs · d832aee9
      dp-arm authored
      
      
      SPE is only supported in non-secure state.  Accesses to SPE specific
      registers from SEL1 will trap to EL3.  During a world switch, before
      `TTBR` is modified the SPE profiling buffers are drained.  This is to
      avoid a potential invalid memory access in SEL1.
      
      SPE is architecturally specified only for AArch64.
      
      Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      d832aee9
  9. 21 Jun, 2017 1 commit
    • David Cunado's avatar
      Fully initialise essential control registers · 18f2efd6
      David Cunado authored
      
      
      This patch updates the el3_arch_init_common macro so that it fully
      initialises essential control registers rather then relying on hardware
      to set the reset values.
      
      The context management functions are also updated to fully initialise
      the appropriate control registers when initialising the non-secure and
      secure context structures and when preparing to leave EL3 for a lower
      EL.
      
      This gives better alignement with the ARM ARM which states that software
      must initialise RES0 and RES1 fields with 0 / 1.
      
      This patch also corrects the following typos:
      
      "NASCR definitions" -> "NSACR definitions"
      
      Change-Id: Ia8940b8351dc27bc09e2138b011e249655041cfc
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      18f2efd6
  10. 12 Jun, 2017 2 commits
  11. 07 Jun, 2017 1 commit
  12. 05 Jun, 2017 1 commit
    • Soby Mathew's avatar
      CSS: Add SCMI driver for SCP · c04a3b6c
      Soby Mathew authored
      
      
      This patch adds the SCMI driver for communicating with SCP. The power
      domain management and system power management protocol of the SCMI
      specification[1] is implemented in the driver. The SCP power management
      abstraction layer for SCMI for CSS power management is also added.
      
      A new buid option `CSS_USE_SCMI_DRIVER` is introduced to select SCMI
      driver over SCPI.
      
      [1] ARM System Control and Management Interface v1.0 (SCMI)
      Document number: ARM DEN 0056A
      
      Change-Id: I67265615a17e679a2afe810b9b0043711ba09dbb
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      c04a3b6c
  13. 02 Jun, 2017 1 commit
  14. 01 Jun, 2017 4 commits
    • Antonio Nino Diaz's avatar
      FWU: Introduce FWU_SMC_IMAGE_RESET · 9d6fc3c3
      Antonio Nino Diaz authored
      
      
      This SMC is as a means for the image loading state machine to go from
      COPYING, COPIED or AUTHENTICATED states to RESET state. Previously, this
      was only done when the authentication of an image failed or when the
      execution of the image finished.
      
      Documentation updated.
      
      Change-Id: Ida6d4c65017f83ae5e27465ec36f54499c6534d9
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      9d6fc3c3
    • Antonio Nino Diaz's avatar
      FWU: Check for overlaps when loading images · 128daee2
      Antonio Nino Diaz authored
      
      
      Added checks to FWU_SMC_IMAGE_COPY to prevent loading data into a
      memory region where another image data is already loaded.
      
      Without this check, if two images are configured to be loaded in
      overlapping memory regions, one of them can be loaded and
      authenticated and the copy function is still able to load data from
      the second image on top of the first one. Since the first image is
      still in authenticated state, it can be executed, which could lead to
      the execution of unauthenticated arbitrary code of the second image.
      
      Firmware update documentation updated.
      
      Change-Id: Ib6871e569794c8e610a5ea59fe162ff5dcec526c
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      128daee2
    • Antonio Nino Diaz's avatar
      Remove `DISABLE_PEDANTIC` build option · 79eb1aff
      Antonio Nino Diaz authored
      
      
      It doesn't make sense to use the `-pedantic` flag when building the
      Trusted Firmware as we use GNU extensions and so our code is not
      fully ISO C compliant. This flag only makes sense if the code intends to
      be ISO C compliant.
      
      Change-Id: I6273564112759ff57f03b273f5349733a5f38aef
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      79eb1aff
    • Jeenu Viswambharan's avatar
      Introduce ARM GIC-600 driver · e1c59ab3
      Jeenu Viswambharan authored
      
      
      ARM GIC-600 IP complies with ARM GICv3 architecture, but among others,
      implements a power control register in the Redistributor frame. This
      register must be programmed to mark the frame as powered on, before
      accessing other registers in the frame. Rest of initialization sequence
      remains the same.
      
      The driver provides APIs for Redistributor power management, and
      overrides those in the generic GICv3 driver. The driver data is shared
      between generic GICv3 driver and that of GIC-600.
      
      For FVP platform, the GIC-600 driver is chosen when FVP_USE_GIC_DRIVER
      is set to FVP_GIC600. Also update user guide.
      
      Change-Id: I321b2360728d69f6d4b0a747b2cfcc3fe5a20d67
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      e1c59ab3
  15. 24 May, 2017 3 commits
  16. 23 May, 2017 1 commit
    • Masahiro Yamada's avatar
      cert: move platform_oid.h to include/tools_share for all platforms · bb41eb7a
      Masahiro Yamada authored
      
      
      Platforms aligned with TBBR are supposed to use their own OIDs, but
      defining the same macros with different OIDs does not provide any
      value (at least technically).
      
      For easier use of TBBR, this commit allows platforms to reuse the OIDs
      obtained by ARM Ltd.  This will be useful for non-ARM vendors that
      do not need their own extension fields in their certificate files.
      
      The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h
      
      Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by
      defining USE_TBBR_DEFS as 1.  USE_TBBR_DEFS is 0 by default to keep the
      backward compatibility.
      
      For clarification, I inserted a blank line between headers from the
      include/ directory (#include <...>) and ones from a local directory
      (#include "..." ).
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      bb41eb7a
  17. 19 May, 2017 1 commit
    • David Cunado's avatar
      Migrate to Linaro Release 17.01 · 218888de
      David Cunado authored
      
      
      This Linaro release updates just the binaries:
      
      Linaro binaries upgraded 16.12 --> 17.01
      
      The toolchain remains at 5.3-2015.05 (gcc 5.3) for both AArch64
      and AArch32.
      
      The ARM TF codebase has been tested against these new binaries. This patch
      updates the User Guide to reflect that the 17.01 release is now a supported
      Linaro Release.
      
      Change-Id: I83c579dabd3fa9861ba0d41507036efbd87abcb5
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      218888de
  18. 16 May, 2017 1 commit
    • Antonio Nino Diaz's avatar
      Simplify assert() to reduce memory usage · 0da2fe7e
      Antonio Nino Diaz authored
      
      
      The behaviour of assert() now depends on the value of the new optional
      platform define `PLAT_LOG_LEVEL_ASSERT`. This defaults to `LOG_LEVEL` if
      not defined by the platform.
      
      - If `PLAT_LOG_LEVEL_ASSERT` >= `LOG_LEVEL_VERBOSE`, it prints the file
        name, line and asserted expression.
      - If `PLAT_LOG_LEVEL_ASSERT` >= `LOG_LEVEL_INFO`, it prints the file
        name and line.
      - If not, it doesn't print anything.
      
      Note the old behaviour was to print the function name whereas now it
      prints the file name. This reduces memory usage because the file name is
      shared between all assert calls in a given file. Also, the default
      behaviour in debug builds is to no longer print the asserted expression,
      greatly reducing the string usage.
      
      For FVP debug builds this change saves approximately:
      
                    No TBBR    TBBR
              BL1    1.6 KB   2.2 KB
              BL2    1.7 KB   2.1 KB
              BL31   2.6 KB   3.3 KB
      
      Change-Id: I2947569d593df0b25611dc3c7a6096f42155c115
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      0da2fe7e
  19. 05 May, 2017 1 commit
    • David Cunado's avatar
      Update AEM and Cortex Models versions · b9ecb216
      David Cunado authored
      
      
      AEMv8-A Model release v8.4 has been made available and Trusted Firmware
      has been tested against these versions as part of its CI system. This
      patch updates the user guide documentation to reflect the version of AEM
      and Cortex Models that Trusted Firmware has been tested against.
      
      Additionally, ARM FVPs FVP_Base_Cortex-A57x1-A53x1 and
      FVP_Base_Cortex-A57x2-A53x4 are removed from the list of tested FVPs
      as they are currently not being tested with the latest version of ARM
      Trusted Firmware.
      
      Also, documentation and links to Linaro pages have been updated to
      reflect the changes in the ARM community document hosting.
      
      Change-Id: Idae97303ce0929c82b137017de84ce94678f6f2b
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      b9ecb216
  20. 04 May, 2017 1 commit
    • Jeenu Viswambharan's avatar
      Introduce ARM SiP service to switch execution state · b10d4499
      Jeenu Viswambharan authored
      
      
      In AArch64, privileged exception levels control the execution state
      (a.k.a. register width) of the immediate lower Exception Level; i.e.
      whether the lower exception level executes in AArch64 or AArch32 state.
      For an exception level to have its execution state changed at run time,
      it must request the change by raising a synchronous exception to the
      higher exception level.
      
      This patch implements and adds such a provision to the ARM SiP service,
      by which an immediate lower exception level can request to switch its
      execution state. The execution state is switched if the request is:
      
        - raised from non-secure world;
      
        - raised on the primary CPU, before any secondaries are brought online
          with CPU_ON PSCI call;
      
        - raised from an exception level immediately below EL3: EL2, if
          implemented; otherwise NS EL1.
      
      If successful, the SMC doesn't return to the caller, but to the entry
      point supplied with the call. Otherwise, the caller will observe the SMC
      returning with STATE_SW_E_DENIED code. If ARM Trusted Firmware is built
      for AArch32, the feature is not supported, and the call will always
      fail.
      
      For the ARM SiP service:
      
        - Add SMC function IDs for both AArch32 and AArch64;
        - Increment the SiP service minor version to 2;
        - Adjust the number of supported SiP service calls.
      
      Add documentation for ARM SiP service.
      
      Fixes ARM-software/tf-issues#436
      
      Change-Id: I4347f2d6232e69fbfbe333b340fcd0caed0a4cea
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      b10d4499
  21. 26 Apr, 2017 1 commit
  22. 20 Apr, 2017 1 commit
    • Antonio Nino Diaz's avatar
      Remove build option `ASM_ASSERTION` · 044bb2fa
      Antonio Nino Diaz authored
      
      
      The build option `ENABLE_ASSERTIONS` should be used instead. That way
      both C and ASM assertions can be enabled or disabled together.
      
      All occurrences of `ASM_ASSERTION` in common code and ARM platforms have
      been replaced by `ENABLE_ASSERTIONS`.
      
      ASM_ASSERTION has been removed from the user guide.
      
      Change-Id: I51f1991f11b9b7ff83e787c9a3270c274748ec6f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      044bb2fa
  23. 19 Apr, 2017 3 commits
    • Antonio Nino Diaz's avatar
      Add `ENABLE_ASSERTIONS` build option · cc8b5632
      Antonio Nino Diaz authored
      
      
      Add the new build option `ENABLE_ASSERTIONS` that controls whether or
      not assert functions are compiled out. It defaults to 1 for debug builds
      and to 0 for release builds.
      
      Additionally, a following patch will be done to allow this build option
      to hide auxiliary code used for the checks done in an `assert()`. This
      code is is currently under the DEBUG build flag.
      
      Assert messages are now only printed if LOG_LEVEL >= LOG_LEVEL_INFO,
      which is the default for debug builds.
      
      This patch also updates the User Guide.
      
      Change-Id: I1401530b56bab25561bb0f274529f1d12c5263bc
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      cc8b5632
    • Soby Mathew's avatar
      PSCI: Build option to enable D-Caches early in warmboot · bcc3c49c
      Soby Mathew authored
      
      
      This patch introduces a build option to enable D-cache early on the CPU
      after warm boot. This is applicable for platforms which do not require
      interconnect programming to enable cache coherency (eg: single cluster
      platforms). If this option is enabled, then warm boot path enables
      D-caches immediately after enabling MMU.
      
      Fixes ARM-Software/tf-issues#456
      
      Change-Id: I44c8787d116d7217837ced3bcf0b1d3441c8d80e
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      bcc3c49c
    • Antonio Nino Diaz's avatar
      ARM platforms: Add option to use xlat tables lib v1 · 3b211ff5
      Antonio Nino Diaz authored
      
      
      ARM platforms have migrated to the translation tables library v2.
      However, for testing purposes, it can be useful to temporarily switch
      back to the old version.
      
      This patch introduces the option `ARM_XLAT_TABLES_LIB_V1`, that switches
      to v1 of the library when is set to 1. By default, it is 0, so that ARM
      platforms use the new version unless specifically stated.
      
      Updated User Guide.
      
      Change-Id: I53d3c8dd97706f6af9c6fca0364a88ef341efd31
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      3b211ff5
  24. 31 Mar, 2017 1 commit
    • Douglas Raillard's avatar
      Add support for GCC stack protection · 51faada7
      Douglas Raillard authored
      
      
      Introduce new build option ENABLE_STACK_PROTECTOR. It enables
      compilation of all BL images with one of the GCC -fstack-protector-*
      options.
      
      A new platform function plat_get_stack_protector_canary() is introduced.
      It returns a value that is used to initialize the canary for stack
      corruption detection. Returning a random value will prevent an attacker
      from predicting the value and greatly increase the effectiveness of the
      protection.
      
      A message is printed at the ERROR level when a stack corruption is
      detected.
      
      To be effective, the global data must be stored at an address
      lower than the base of the stacks. Failure to do so would allow an
      attacker to overwrite the canary as part of an attack which would void
      the protection.
      
      FVP implementation of plat_get_stack_protector_canary is weak as
      there is no real source of entropy on the FVP. It therefore relies on a
      timer's value, which could be predictable.
      
      Change-Id: Icaaee96392733b721fa7c86a81d03660d3c1bc06
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      51faada7