1. 29 May, 2015 1 commit
  2. 28 Apr, 2015 3 commits
    • Dan Handley's avatar
      Migrate FVP port to use common code · 60eea55e
      Dan Handley authored
      Major update to the FVP platform port to use the common platform code
      in (include/)plat/arm/* and (include/)plat/common/*. This mainly
      consists of removing duplicated code but also introduces some small
      behavioural changes where there was unnecessary variation between the
      FVP and Juno ports. See earlier commit titled `Add common ARM and CSS
      platform code` for details.
      
      Also add support for Foundation FVP version 9.1 during FVP config
      setup to prevent a warning being emitted in the console.
      
      Change-Id: I254ca854987642ce09d1b924c9fd410a6e13e3bc
      60eea55e
    • Dan Handley's avatar
      Add common ARM and CSS platform code · b4315306
      Dan Handley authored
      This major change pulls out the common functionality from the
      FVP and Juno platform ports into the following categories:
      
      *   (include/)plat/common. Common platform porting functionality that
      typically may be used by all platforms.
      
      *   (include/)plat/arm/common. Common platform porting functionality
      that may be used by all ARM standard platforms. This includes all
      ARM development platforms like FVP and Juno but may also include
      non-ARM-owned platforms.
      
      *   (include/)plat/arm/board/common. Common platform porting
      functionality for ARM development platforms at the board
      (off SoC) level.
      
      *   (include/)plat/arm/css/common. Common platform porting
      functionality at the ARM Compute SubSystem (CSS) level. Juno
      is an example of a CSS-based platform.
      
      *   (include/)plat/arm/soc/common. Common platform porting
      functionality at the ARM SoC level, which is not already defined
      at the ARM CSS level.
      
      No guarantees are made about the backward compatibility of
      functionality provided in (include/)plat/arm.
      
      Also remove any unnecessary variation between the ARM development
      platform ports, including:
      
      *   Unify the way BL2 passes `bl31_params_t` to BL3-1. Use the
      Juno implementation, which copies the information from BL2 memory
      instead of expecting it to persist in shared memory.
      
      *   Unify the TZC configuration. There is no need to add a region
      for SCP in Juno; it's enough to simply not allow any access to
      this reserved region. Also set region 0 to provide no access by
      default instead of assuming this is the case.
      
      *   Unify the number of memory map regions required for ARM
      development platforms, although the actual ranges mapped for each
      platform may be different. For the FVP port, this reduces the
      mapped peripheral address space.
      
      These latter changes will only be observed when the platform ports
      are migrated to use the new common platform code in subsequent
      patches.
      
      Change-Id: Id9c269dd3dc6e74533d0e5116fdd826d53946dc8
      b4315306
    • Dan Handley's avatar
      Add linker symbol declarations to bl_common.h · 90b3a6ac
      Dan Handley authored
      Add extern declarations of linker symbols to bl_common.h. These are
      used by platform ports to determine the memory layout of BL images.
      Adding the declarations to this file facilitates removal of these
      declarations from the platform porting source files in subsequent
      patches.
      
      Also remove the linker symbol declarations from common TSP source
      code.
      
      Change-Id: I8ed0426bc815317c4536b588e4e78bc15b4fe91c
      90b3a6ac
  3. 27 Apr, 2015 3 commits
    • Dan Handley's avatar
      Add header guards to asm macro files · e2bf57f8
      Dan Handley authored
      Some assembly files containing macros are included like header files
      into other assembly files. This will cause assembler errors if they
      are included multiple times.
      
      Add header guards to assembly macro files to avoid assembler errors.
      
      Change-Id: Ia632e767ed7df7bf507b294982b8d730a6f8fe69
      e2bf57f8
    • Dan Handley's avatar
      Remove use of PLATFORM_CACHE_LINE_SIZE · ce4c820d
      Dan Handley authored
      The required platform constant PLATFORM_CACHE_LINE_SIZE is
      unnecessary since CACHE_WRITEBACK_GRANULE effectively provides the
      same information. CACHE_WRITEBACK_GRANULE is preferred since this
      is an architecturally defined term and allows comparison with the
      corresponding hardware register value.
      
      Replace all usage of PLATFORM_CACHE_LINE_SIZE with
      CACHE_WRITEBACK_GRANULE.
      
      Also, add a runtime assert in BL1 to check that the provided
      CACHE_WRITEBACK_GRANULE matches the value provided in CTR_EL0.
      
      Change-Id: If87286be78068424217b9f3689be358356500dcd
      ce4c820d
    • Dan Handley's avatar
      Add TZC function to configure region 0 · 71a84445
      Dan Handley authored
      Region 0 is special in TZC-400. It is possible to set the access
      permissions for this but not the address range or filters to which
      the permissions apply. Add a function for setting the region 0
      access permissions.
      
      Also add some VERBOSE logging and allow assembly files to include
      the TZC header.
      
      Change-Id: I4389261ba10a6e5e2e43ee93d55318dc507b6648
      71a84445
  4. 13 Apr, 2015 1 commit
  5. 08 Apr, 2015 1 commit
    • Kévin Petit's avatar
      Add support to indicate size and end of assembly functions · 8b779620
      Kévin Petit authored
      
      
      In order for the symbol table in the ELF file to contain the size of
      functions written in assembly, it is necessary to report it to the
      assembler using the .size directive.
      
      To fulfil the above requirements, this patch introduces an 'endfunc'
      macro which contains the .endfunc and .size directives. It also adds
      a .func directive to the 'func' assembler macro.
      
      The .func/.endfunc have been used so the assembler can fail if
      endfunc is omitted.
      
      Fixes ARM-Software/tf-issues#295
      
      Change-Id: If8cb331b03d7f38fe7e3694d4de26f1075b278fc
      Signed-off-by: default avatarKévin Petit <kevin.petit@arm.com>
      8b779620
  6. 31 Mar, 2015 5 commits
  7. 27 Mar, 2015 2 commits
    • Soby Mathew's avatar
      Remove the `owner` field in bakery_lock_t data structure · 548579f5
      Soby Mathew authored
      This patch removes the `owner` field in bakery_lock_t structure which
      is the data structure used in the bakery lock implementation that uses
      coherent memory. The assertions to protect against recursive lock
      acquisition were based on the 'owner' field. They are now done based
      on the bakery lock ticket number. These assertions are also added
      to the bakery lock implementation that uses normal memory as well.
      
      Change-Id: If4850a00dffd3977e218c0f0a8d145808f36b470
      548579f5
    • Soby Mathew's avatar
      Optimize the bakery lock structure for coherent memory · 1c9573a1
      Soby Mathew authored
      This patch optimizes the data structure used with the bakery lock
      implementation for coherent memory to save memory and minimize memory
      accesses. These optimizations were already part of the bakery lock
      implementation for normal memory and this patch now implements
      it for the coherent memory implementation as well. Also
      included in the patch is a cleanup to use the do-while loop while
      waiting for other contenders to finish choosing their tickets.
      
      Change-Id: Iedb305473133dc8f12126726d8329b67888b70f1
      1c9573a1
  8. 18 Mar, 2015 1 commit
  9. 16 Mar, 2015 3 commits
    • Vikram Kanigiri's avatar
      Use ARM CCI driver on FVP and Juno platforms · 4991ecdc
      Vikram Kanigiri authored
      This patch updates the FVP and Juno platform ports to use the common
      driver for ARM Cache Coherent Interconnects.
      
      Change-Id: Ib142f456b9b673600592616a2ec99e9b230d6542
      4991ecdc
    • Vikram Kanigiri's avatar
      Common driver for ARM Cache Coherent Interconnects · 23e47ede
      Vikram Kanigiri authored
      Even though both CCI-400 and CCI-500 IPs have different configurations
      with respect to the number and types of supported interfaces, their
      register offsets and programming sequences are similar. This patch
      creates a common driver for enabling and disabling snoop transactions
      and DVMs with both the IPs.
      
      New platform ports which implement one of these IPs should use this
      common driver. Existing platform ports which implement CCI-400 should
      migrate to the common driver as the standalone CCI-400 will be
      deprecated in the future.
      
      Change-Id: I3ccd0eb7b062922d2e4a374ff8c21e79fa357556
      23e47ede
    • Vikram Kanigiri's avatar
      Add macro to calculate number of elements in an array · a7e98ad5
      Vikram Kanigiri authored
      This patch defines the ARRAY_SIZE macro for calculating number of elements
      in an array and uses it where appropriate.
      
      Change-Id: I72746a9229f0b259323972b498b9a3999731bc9b
      a7e98ad5
  10. 13 Mar, 2015 1 commit
    • Vikram Kanigiri's avatar
      Initialise cpu ops after enabling data cache · 12e7c4ab
      Vikram Kanigiri authored
      The cpu-ops pointer was initialized before enabling the data cache in the cold
      and warm boot paths. This required a DCIVAC cache maintenance operation to
      invalidate any stale cache lines resident in other cpus.
      
      This patch moves this initialization to the bl31_arch_setup() function
      which is always called after the data cache and MMU has been enabled.
      
      This change removes the need:
       1. for the DCIVAC cache maintenance operation.
       2. to initialise the CPU ops upon resumption from a PSCI CPU_SUSPEND
          call since memory contents are always preserved in this case.
      
      Change-Id: Ibb2fa2f7460d1a1f1e721242025e382734c204c6
      12e7c4ab
  11. 06 Mar, 2015 1 commit
    • Sandrine Bailleux's avatar
      Enable type-checking of arguments passed to printf() et al. · dad25049
      Sandrine Bailleux authored
      This patch modifies the declarations of the functions printf() et al.
      and adds the right GCC attribute to request the compiler to check
      the type of the arguments passed to these functions against the given
      format string. This will ensure that the compiler outputs warning
      messages like the following whenever it detects an inconsistency:
      
       file.c:42: warning: format ‘%d’ expects type ‘int’, but argument 3 has type ‘long int’
      
      It also fixes the type mismatch inconsistencies that it revealed
      across the code base.
      
      NOTE: THIS PATCH MAY FORCE PLATFORM PORTS OR SP/SPDS THAT USE THE
      PRINTF FAMILY OF FUNCTIONS TO FIX ANY TYPE MISMATCH INCONSISTENCIES.
      
      Change-Id: If36bb54ec7d6dd2cb4791d89b02a24ac13fd2df6
      dad25049
  12. 12 Feb, 2015 1 commit
    • Soby Mathew's avatar
      Export maximum affinity using PLATFORM_MAX_AFFLVL macro · 8c32bc26
      Soby Mathew authored
      This patch removes the plat_get_max_afflvl() platform API
      and instead replaces it with a platform macro PLATFORM_MAX_AFFLVL.
      This is done because the maximum affinity level for a platform
      is a static value and it is more efficient for it to be defined
      as a platform macro.
      
      NOTE: PLATFORM PORTS NEED TO BE UPDATED ON MERGE OF THIS COMMIT
      
      Fixes ARM-Software/tf-issues#265
      
      Change-Id: I31d89b30c2ccda30d28271154d869060d50df7bf
      8c32bc26
  13. 28 Jan, 2015 4 commits
    • Juan Castillo's avatar
      TBB: add authentication module interface · 40febc3a
      Juan Castillo authored
      This patch provides an API to access the authentication module that
      will be used to verify the authenticity of the images loaded into
      memory as part of the Trusted Board Boot process.
      
      To include the authentication module as part of the build, set the
      boolean build option TRUSTED_BOARD_BOOT. One single authentication
      module must be registered at build time by setting the build option
      AUTH_MOD=<mod_name>. All authentication modules will be located in
      'common/auth/<mod_name>' and must present the <mod_name>.mk file that
      will be included by the build system to compile the module sources.
      
      To create an authentication module, an instance of auth_mod_t called
      'auth_mod' must be declared in the module sources. The initialization
      and verification functions provided by the module will be exported
      through the function pointers specified when declaring this instance.
      
      If an authentication module includes third party sources that do not
      adhere to the C99 standard, the -pedantic option may be removed from
      the build options by setting the flag DISABLE_PEDANTIC in the module
      file <mod_name>.mk.
      
      Change-Id: I080bb04bd421029bcdf22ec2c63807afbf061dcd
      40febc3a
    • Juan Castillo's avatar
      stdlib: add missing features to build PolarSSL · e509d057
      Juan Castillo authored
      This patch adds the missing features to the C library included
      in the Trusted Firmware to build PolarSSL:
      
        - strcasecmp() function
        - exit() function
        - sscanf()* function
        - time.h header file (and its dependencies)
      
      * NOTE: the sscanf() function is not a real implementation. It just
      returns the number of expected arguments by counting the number of
      '%' characters present in the formar string. This return value is
      good enough for PolarSSL because during the certificate parsing
      only the return value is checked. The certificate validity period
      is ignored.
      
      Change-Id: I43bb3742f26f0bd458272fccc3d72a7f2176ab3d
      e509d057
    • Juan Castillo's avatar
      TBB: add a platform specific function to validate the ROTPK · 6eadf762
      Juan Castillo authored
      This patch adds the function plat_match_rotpk() to the platform
      porting layer to provide a Root Of Trust Public key (ROTPK)
      verification mechanism. This function is called during the
      Trusted Board Boot process and receives a supposed valid copy
      of the ROTPK as a parameter, usually obtained from an external
      source (for instance, a certificate). It returns 0 (success) if
      that key matches the actual ROTPK stored in the system or any
      other value otherwise.
      
      The mechanism to access the actual ROTPK stored in the system
      is platform specific and should be implemented as part of this
      function. The format of the ROTPK is also platform specific
      (to save memory, some platforms might store a hash of the key
      instead of the whole key).
      
      TRUSTED_BOARD_BOOT build option has been added to allow the user
      to enable the Trusted Board Boot features. The implementation of
      the plat_match_rotpk() funtion is mandatory when Trusted Board
      Boot is enabled.
      
      For development purposes, FVP and Juno ports provide a dummy
      function that returns always success (valid key). A safe trusted
      boot implementation should provide a proper matching function.
      
      Documentation updated accordingly.
      
      Change-Id: I74ff12bc2b041556c48533375527d9e8c035b8c3
      6eadf762
    • Juan Castillo's avatar
      TBB: add support to include certificates in a FIP image · b7124ea7
      Juan Castillo authored
      This patch extends the FIP tool to include the certificates
      generated by the 'cert_create' tool.
      
      If GENERATE_COT build option is enabled, the Makefile adds the
      certificates as dependencies to create the FIP file. Thus, make
      target 'fip' will also build the certificates as part of the
      Trusted Firmware build process.
      
      Change-Id: I5eee500da7f7be6cfb6e3df0423599739d260074
      b7124ea7
  14. 26 Jan, 2015 5 commits
    • Yatharth Kochar's avatar
      Call reset handlers upon BL3-1 entry. · 79a97b2e
      Yatharth Kochar authored
      This patch adds support to call the reset_handler() function in BL3-1 in the
      cold and warm boot paths when another Boot ROM reset_handler() has already run.
      
      This means the BL1 and BL3-1 versions of the CPU and platform specific reset
      handlers may execute different code to each other. This enables a developer to
      perform additional actions or undo actions already performed during the first
      call of the reset handlers e.g. apply additional errata workarounds.
      
      Typically, the reset handler will be first called from the BL1 Boot ROM. Any
      additional functionality can be added to the reset handler when it is called
      from BL3-1 resident in RW memory. The constant FIRST_RESET_HANDLER_CALL is used
      to identify whether this is the first version of the reset handler code to be
      executed or an overridden version of the code.
      
      The Cortex-A57 errata workarounds are applied only if they have not already been
      applied.
      
      Fixes ARM-software/tf-issue#275
      
      Change-Id: Id295f106e4fda23d6736debdade2ac7f2a9a9053
      79a97b2e
    • Soby Mathew's avatar
      Demonstrate model for routing IRQs to EL3 · f4f1ae77
      Soby Mathew authored
      This patch provides an option to specify a interrupt routing model
      where non-secure interrupts (IRQs) are routed to EL3 instead of S-EL1.
      When such an interrupt occurs, the TSPD arranges a return to
      the normal world after saving any necessary context. The interrupt
      routing model to route IRQs to EL3 is enabled only during STD SMC
      processing. Thus the pre-emption of S-EL1 is disabled during Fast SMC
      and Secure Interrupt processing.
      
      A new build option TSPD_ROUTE_NS_INT_EL3 is introduced to change
      the non secure interrupt target execution level to EL3.
      
      Fixes ARM-software/tf-issues#225
      
      Change-Id: Ia1e779fbbb6d627091e665c73fa6315637cfdd32
      f4f1ae77
    • Soby Mathew's avatar
      Increment the PSCI VERSION to 1.0 · e8ca7d1e
      Soby Mathew authored
      This patch:
      
         * Bumps the PSCI VERSION to 1.0. This means that
           the PSCI_VERSION API will now return the value 0x00010000
           to indicate the version as 1.0. The firmware remains
           compatible with PSCI v0.2 clients.
      
         * The firmware design guide is updated to document the
           APIs supported by the Trusted Firmware generic code.
      
         * The FVP Device Tree Sources (dts) and Blobs(dtb) are also
           updated to add "psci-1.0" and "psci-0.2" to the list of
           compatible PSCI versions.
      
      Change-Id: Iafc2f549c92651dcd65d7e24a8aae35790d00f8a
      e8ca7d1e
    • Soby Mathew's avatar
      Implement PSCI_FEATURES API · 90e8258e
      Soby Mathew authored
      This patch implements the PSCI_FEATURES function which is a mandatory
      API in the PSCI 1.0 specification. A capability variable is
      constructed during initialization by examining the plat_pm_ops and
      spd_pm_ops exported by the platform and the Secure Payload Dispatcher.
      This is used by the PSCI FEATURES function to determine which
      PSCI APIs are supported by the platform.
      
      Change-Id: I147ffc1bd5d90b469bd3cc4bbe0a20e95c247df7
      90e8258e
    • Soby Mathew's avatar
      Rework the PSCI migrate APIs · 8991eed7
      Soby Mathew authored
      This patch reworks the PSCI MIGRATE, MIGRATE_INFO_TYPE and
      MIGRATE_INFO_UP_CPU support for Trusted Firmware. The
      implementation does the appropriate validation of parameters
      and invokes the appropriate hook exported by the SPD.
      
      The TSP is a MP Trusted OS. Hence the ability to actually
      migrate a Trusted OS has not been implemented. The
      corresponding function is not populated in the spd_pm_hooks
      structure for the TSPD.
      
      The `spd_pm_ops_t` has undergone changes with this patch.
      SPD PORTS MAY NEED TO BE UPDATED.
      
      Fixes ARM-software/tf-issues#249
      
      Change-Id: Iabd87521bf7c530a5e4506b6d3bfd4f1bf87604f
      8991eed7
  15. 23 Jan, 2015 4 commits
    • Soby Mathew's avatar
      Return success if an interrupt is seen during PSCI CPU_SUSPEND · 22f08973
      Soby Mathew authored
      This patch adds support to return SUCCESS if a pending interrupt is
      detected during a CPU_SUSPEND call to a power down state. The check
      is performed as late as possible without losing the ability to return
      to the caller. This reduces the overhead incurred by a CPU in
      undergoing a complete power cycle when a wakeup interrupt is already
      pending.
      
      Fixes ARM-Software/tf-issues#102
      
      Change-Id: I1aff04a74b704a2f529734428030d1d10750fd4b
      22f08973
    • Soby Mathew's avatar
      Validate power_state and entrypoint when executing PSCI calls · 539dcedb
      Soby Mathew authored
      This patch allows the platform to validate the power_state and
      entrypoint information from the normal world early on in PSCI
      calls so that we can return the error safely. New optional
      pm_ops hooks `validate_power_state` and `validate_ns_entrypoint`
      are introduced to do this.
      
      As a result of these changes, all the other pm_ops handlers except
      the PSCI_ON handler are expected to be successful. Also, the PSCI
      implementation will now assert if a PSCI API is invoked without the
      corresponding pm_ops handler being registered by the platform.
      
      NOTE : PLATFORM PORTS WILL BREAK ON MERGE OF THIS COMMIT. The
      pm hooks have 2 additional optional callbacks and the return type
      of the other hooks have changed.
      
      Fixes ARM-Software/tf-issues#229
      
      Change-Id: I036bc0cff2349187c7b8b687b9ee0620aa7e24dc
      539dcedb
    • Soby Mathew's avatar
      Save 'power_state' early in PSCI CPU_SUSPEND call · 31244d74
      Soby Mathew authored
      This patch adds support to save the "power state" parameter before the
      affinity level specific handlers are called in a CPU_SUSPEND call.
      This avoids the need to pass the power_state as a parameter to the
      handlers and Secure Payload Dispatcher (SPD) suspend spd_pm_ops.
      The power_state arguments in the spd_pm_ops operations are now reserved
      and must not be used. The SPD can query the relevant power_state fields
      by using the psci_get_suspend_afflvl() & psci_get_suspend_stateid() APIs.
      
      NOTE: THIS PATCH WILL BREAK THE SPD_PM_OPS INTERFACE. HENCE THE SECURE
      PAYLOAD DISPATCHERS WILL NEED TO BE REWORKED TO USE THE NEW INTERFACE.
      
      Change-Id: I1293d7dc8cf29cfa6a086a009eee41bcbf2f238e
      31244d74
    • Soby Mathew's avatar
      Remove `ns_entrypoint` and `mpidr` from parameters in pm_ops · e146f4cc
      Soby Mathew authored
      This patch removes the non-secure entry point information being passed
      to the platform pm_ops which is not needed. Also, it removes the `mpidr`
      parameter for  platform pm hooks which are meant to do power management
      operations only on the current cpu.
      
      NOTE: PLATFORM PORTS MUST BE UPDATED AFTER MERGING THIS COMMIT.
      
      Change-Id: If632376a990b7f3b355f910e78771884bf6b12e7
      e146f4cc
  16. 22 Jan, 2015 2 commits
    • Soby Mathew's avatar
      Move bakery algorithm implementation out of coherent memory · 8c5fe0b5
      Soby Mathew authored
      This patch moves the bakery locks out of coherent memory to normal memory.
      This implies that the lock information needs to be placed on a separate cache
      line for each cpu. Hence the bakery_lock_info_t structure is allocated in the
      per-cpu data so as to minimize memory wastage. A similar platform per-cpu
      data is introduced for the platform locks.
      
      As a result of the above changes, the bakery lock api is completely changed.
      Earlier, a reference to the lock structure was passed to the lock implementation.
      Now a unique-id (essentially an index into the per-cpu data array) and an offset
      into the per-cpu data for bakery_info_t needs to be passed to the lock
      implementation.
      
      Change-Id: I1e76216277448713c6c98b4c2de4fb54198b39e0
      8c5fe0b5
    • Soby Mathew's avatar
      Add macros for domain specific barriers. · 5b1cd43b
      Soby Mathew authored
      This patch adds helper macros for barrier operations that specify
      the type of barrier (dmb, dsb) and the shareability domain (system,
      inner-shareable) it affects.
      
      Change-Id: I4bf95103e79da212c4fbdbc13d91ad8ac385d9f5
      5b1cd43b
  17. 13 Jan, 2015 1 commit
    • Soby Mathew's avatar
      Invalidate the dcache after initializing cpu-ops · 09997346
      Soby Mathew authored
      This patch fixes a crash due to corruption of cpu_ops
      data structure. During the secondary CPU boot, after the
      cpu_ops has been initialized in the per cpu-data, the
      dcache lines need to invalidated so that the update in
      memory can be seen later on when the dcaches are turned ON.
      Also, after initializing the psci per cpu data, the dcache
      lines are flushed so that they are written back to memory
      and dirty dcache lines are avoided.
      
      Fixes ARM-Software/tf-issues#271
      
      Change-Id: Ia90f55e9882690ead61226eea5a5a9146d35f313
      09997346
  18. 07 Jan, 2015 1 commit
    • Sandrine Bailleux's avatar
      Prevent optimisation of sysregs accessors calls · 36e2fd01
      Sandrine Bailleux authored
      Calls to system register read accessors functions may be optimised
      out by the compiler if called twice in a row for the same register.
      This is because the compiler is not aware that the result from
      the instruction may be modified by external agents. Therefore, if
      nothing modifies the register between the 2 reads as far as the
      compiler knows then it might consider that it is useless to read
      it twice and emit only 1 call.
      
      This behaviour is faulty for registers that may not have the same
      value if read twice in succession. E.g.: counters, timer
      control/countdown registers, GICv3 interrupt status registers and
      so on.
      
      The same problem happens for calls to system register write
      accessors functions. The compiler might optimise out some calls
      if it considers that it will produce the same result. Again, this
      behaviour is faulty for cases where intermediate writes to these
      registers make a difference in the system.
      
      This patch fixes the problem by making these assembly register
      accesses volatile.
      
      Fixes ARM-software/tf-issues#273
      
      Change-Id: I33903bc4cc4eea8a8d87bc2c757909fbb0138925
      36e2fd01