1. 24 Jul, 2019 1 commit
    • John Tsichritzis's avatar
      SSBS: init SPSR register with default SSBS value · c250cc3b
      John Tsichritzis authored
      
      
      This patch introduces an additional precautionary step to further
      enhance protection against variant 4. During the context initialisation
      before we enter the various BL stages, the SPSR.SSBS bit is explicitly
      set to zero. As such, speculative loads/stores are by default disabled
      for all BL stages when they start executing. Subsequently, each BL
      stage, can choose to enable speculative loads/stores or keep them
      disabled.
      
      This change doesn't affect the initial execution context of BL33 which
      is totally platform dependent and, thus, it is intentionally left up to
      each platform to initialise.
      
      For Arm platforms, SPSR.SSBS is set to zero for BL33 too. This means
      that, for Arm platforms, all BL stages start with speculative
      loads/stores disabled.
      
      Change-Id: Ie47d39c391d3f20fc2852fc59dbd336f8cacdd6c
      Signed-off-by: default avatarJohn Tsichritzis <john.tsichritzis@arm.com>
      c250cc3b
  2. 16 Jul, 2019 1 commit
  3. 12 Jul, 2019 1 commit
  4. 10 Jul, 2019 3 commits
  5. 02 Jul, 2019 8 commits
  6. 28 Jun, 2019 1 commit
  7. 26 Jun, 2019 1 commit
    • Manoj Kumar's avatar
      n1sdp: add code for DDR ECC enablement and BL33 copy to DDR · de8bc83e
      Manoj Kumar authored
      
      
      N1SDP platform supports RDIMMs with ECC capability. To use the ECC
      capability, the entire DDR memory space has to be zeroed out before
      enabling the ECC bits in DMC620. Zeroing out several gigabytes of
      memory from SCP is quite time consuming so functions are added that
      zeros out the DDR memory from application processor which is
      much faster compared to SCP. BL33 binary cannot be copied to DDR memory
      before enabling ECC so this is also done by TF-A from IOFPGA-DDR3
      memory to main DDR4 memory after ECC is enabled.
      
      Original PLAT_PHY_ADDR_SPACE_SIZE was limited to 36-bits with which
      the entire DDR space cannot be accessed as DRAM2 starts in base
      0x8080000000. So these macros are redefined for all ARM platforms.
      
      Change-Id: If09524fb65b421b7a368b1b9fc52c49f2ddb7846
      Signed-off-by: default avatarManoj Kumar <manoj.kumar3@arm.com>
      de8bc83e
  8. 17 Jun, 2019 3 commits
  9. 13 Jun, 2019 2 commits
    • Marek Vasut's avatar
      rcar_gen3: console: Convert to multi-console API · 018358fc
      Marek Vasut authored
      
      
      Convert the R-Car Gen3 platform and both SCIF and Log drivers
      to multi-console API.
      Signed-off-by: default avatarMarek Vasut <marek.vasut+renesas@gmail.com>
      Change-Id: I18556973937d150b60453f9150d54ee612571e35
      018358fc
    • Sandrine Bailleux's avatar
      Fix type of cot_desc_ptr · 2efb7ddc
      Sandrine Bailleux authored
      
      
      The chain of trust description and the pointer pointing to its first
      element were incompatible, thus requiring an explicit type cast for
      the assignment.
      
      - cot_desc was an array of
        const pointers to const image descriptors.
      
      - cot_desc_ptr was a const pointer to
        (non-constant) pointers to const image descriptors.
      
      Thus, trying to assign cot_desc to cot_desc_ptr (with no cast) would
      generate the following compiler warning:
      
      drivers/auth/tbbr/tbbr_cot.c:826:14: warning: initialization discards
        ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
       REGISTER_COT(cot_desc);
                    ^~~~~~~~
      
      Change-Id: Iae62dd1bdb43fe379e3843d96461d47cc2f68a06
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      2efb7ddc
  10. 06 Jun, 2019 1 commit
  11. 28 May, 2019 1 commit
  12. 24 May, 2019 1 commit
    • Alexei Fedorov's avatar
      Add support for Branch Target Identification · 9fc59639
      Alexei Fedorov authored
      
      
      This patch adds the functionality needed for platforms to provide
      Branch Target Identification (BTI) extension, introduced to AArch64
      in Armv8.5-A by adding BTI instruction used to mark valid targets
      for indirect branches. The patch sets new GP bit [50] to the stage 1
      Translation Table Block and Page entries to denote guarded EL3 code
      pages which will cause processor to trap instructions in protected
      pages trying to perform an indirect branch to any instruction other
      than BTI.
      BTI feature is selected by BRANCH_PROTECTION option which supersedes
      the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication
      and is disabled by default. Enabling BTI requires compiler support
      and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0.
      The assembly macros and helpers are modified to accommodate the BTI
      instruction.
      This is an experimental feature.
      Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3
      is now made as an internal flag and BRANCH_PROTECTION flag should be
      used instead to enable Pointer Authentication.
      Note. USE_LIBROM=1 option is currently not supported.
      
      Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      9fc59639
  13. 15 May, 2019 1 commit
    • Sami Mujawar's avatar
      Add option for defining platform DRAM2 base · 6bb6015f
      Sami Mujawar authored
      
      
      The default DRAM2 base address for Arm platforms
      is 0x880000000. However, on some platforms the
      firmware may want to move the start address to
      a different value.
      
      To support this introduce PLAT_ARM_DRAM2_BASE that
      defaults to 0x880000000; but can be overridden by
      a platform (e.g. in platform_def.h).
      
      Change-Id: I0d81195e06070bc98f376444b48ada2db1666e28
      Signed-off-by: default avatarSami Mujawar <sami.mujawar@arm.com>
      6bb6015f
  14. 10 May, 2019 1 commit
    • Alexei Fedorov's avatar
      SMMUv3: Abort DMA transactions · 1461ad9f
      Alexei Fedorov authored
      
      
      For security DMA should be blocked at the SMMU by default
      unless explicitly enabled for a device. SMMU is disabled
      after reset with all streams bypassing the SMMU, and
      abortion of all incoming transactions implements a default
      deny policy on reset.
      This patch also moves "bl1_platform_setup()" function from
      arm_bl1_setup.c to FVP platforms' fvp_bl1_setup.c and
      fvp_ve_bl1_setup.c files.
      
      Change-Id: Ie0ffedc10219b1b884eb8af625bd4b6753749b1a
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      1461ad9f
  15. 07 May, 2019 2 commits
  16. 03 May, 2019 1 commit
    • Alexei Fedorov's avatar
      SMMUv3: refactor the driver code · ccd4d475
      Alexei Fedorov authored
      
      
      This patch is a preparation for the subsequent changes in
      SMMUv3 driver. It introduces a new "smmuv3_poll" function
      and replaces inline functions for accessing SMMU registers
      with mmio read/write operations. Also the infinite loop
      for the poll has been replaced with a counter based timeout.
      
      Change-Id: I7a0547beb1509601f253e126b1a7a6ab3b0307e7
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      ccd4d475
  17. 25 Apr, 2019 1 commit
  18. 18 Apr, 2019 1 commit
  19. 17 Apr, 2019 5 commits
  20. 12 Apr, 2019 1 commit
    • Ambroise Vincent's avatar
      Mbed TLS: Remove weak heap implementation · 2374ab17
      Ambroise Vincent authored
      
      
      The implementation of the heap function plat_get_mbedtls_heap() becomes
      mandatory for platforms supporting TRUSTED_BOARD_BOOT.
      
      The shared Mbed TLS heap default weak function implementation is
      converted to a helper function get_mbedtls_heap_helper() which can be
      used by the platforms for their own function implementation.
      
      Change-Id: Ic8f2994e25e3d9fcd371a21ac459fdcafe07433e
      Signed-off-by: default avatarAmbroise Vincent <ambroise.vincent@arm.com>
      2374ab17
  21. 08 Apr, 2019 3 commits
    • Alexei Fedorov's avatar
      Add support for Cortex-A76AE CPU · 9ccc5a57
      Alexei Fedorov authored
      
      
      Change-Id: I0a81f4ea94d41245cd5150de341b51fc70babffe
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      9ccc5a57
    • Joel Hutton's avatar
      cot-desc: optimise memory further · 30070427
      Joel Hutton authored
      
      
      This changes the auth_img_desc_t struct to have pointers to struct
      arrays instead of struct arrays. This saves memory as many of these
      were never used, and can be NULL pointers. Note the memory savings are
      only when these arrays are not initialised, as it is assumed these
      arrays are fixed length. A possible future optimisation could allow for
      variable length.
      
      memory diff:
      bl1:        bl2:
          text        text
            -12         -12
          bss         bss
            -1463       0
          data        data
            -56         -48
          rodata      rodata
            -5688       -2592
          total       total
            -7419       -2652
      
      Change-Id: I8f9bdedf75048b8867f40c56381e3a6dc6402bcc
      Signed-off-by: default avatarJoel Hutton <Joel.Hutton@Arm.com>
      30070427
    • Joel Hutton's avatar
      Reduce memory needed for CoT description · 0b6377d1
      Joel Hutton authored
      
      
      When Trusted Board Boot is enabled, we need to specify the Chain of
      Trust (CoT) of the BL1 and BL2 images. A CoT consists of an array
      of image descriptors. The authentication module assumes that each
      image descriptor in this array is indexed by its unique image
      identifier. For example, the Trusted Boot Firmware Certificate has to
      be at index [TRUSTED_BOOT_FW_CERT_ID].
      
      Unique image identifiers may not necessarily be consecutive. Also,
      a given BL image might not use all image descriptors. For example, BL1
      does not need any of the descriptors related to BL31. As a result, the
      CoT array might contain holes, which unnecessarily takes up space in
      the BL binary.
      
      Using pointers to auth_img_desc_t structs (rather than structs
      themselves) means these unused elements only use 1 pointer worth of
      space, rather than one struct worth of space. This patch also changes
      the code which accesses this array to reflect the change to pointers.
      
      Image descriptors not needed in BL1 or BL2 respectively are also
      ifdef'd out in this patch. For example, verifying the BL31 image is
      the responsibility of BL2 so BL1 does not need any of the data
      structures describing BL31.
      
      memory diff:
      bl1:        bl2:
          text        text
            -20         -20
          bss         bss
            -1463       0
          data        data
            -256        -48
          rodata      rodata
            -5240       -1952
          total       total
            -6979       -2020
      
      Change-Id: I163668b174dc2b9bbb183acec817f2126864aaad
      Signed-off-by: default avatarJoel Hutton <Joel.Hutton@Arm.com>
      0b6377d1