- 08 Apr, 2016 1 commit
-
-
Antonio Nino Diaz authored
To avoid confusion the build option BL33_BASE has been renamed to PRELOADED_BL33_BASE, which is more descriptive of what it does and doesn't get mistaken by similar names like BL32_BASE that work in a completely different way. NOTE: PLATFORMS USING BUILD OPTION `BL33_BASE` MUST CHANGE TO THE NEW BUILD OPTION `PRELOADED_BL33_BASE`. Change-Id: I658925ebe95406edf0325f15aa1752e1782aa45b
-
- 07 Apr, 2016 1 commit
-
-
Soby Mathew authored
This patch enables the SCR_EL3.SIF (Secure Instruction Fetch) bit in BL1 and BL31 common architectural setup code. When in secure state, this disables instruction fetches from Non-secure memory. NOTE: THIS COULD BREAK PLATFORMS THAT HAVE SECURE WORLD CODE EXECUTING FROM NON-SECURE MEMORY, BUT THIS IS CONSIDERED UNLIKELY AND IS A SERIOUS SECURITY RISK. Fixes ARM-Software/tf-issues#372 Change-Id: I684e84b8d523c3b246e9a5fabfa085b6405df319
-
- 01 Apr, 2016 2 commits
-
-
Soby Mathew authored
This patch modifies the return type of the platform API `plat_get_ns_image_entrypoint()` from `unsigned long` to `uintptr_t` in accordance with the coding guidelines. Change-Id: Icb4510ca98b706aa4d535fe27e203394184fb4ca
-
Evan Lloyd authored
To get round problems encountered when building in a DOS build environment the generation of the .o file containing build identifier strings is modified. The problems encounterred were: 1. DOS echo doesn't strip ' characters from the output text. 2. git is not available from CMD.EXE so the BUILD_STRING value needs some other origin. A BUILD_STRING value of "development build" is used for now. MAKE_BUILD_STRINGS is used to customise build string generation in a DOS environment. This variable is not defined in the UNIX build environment make file helper, and so the existing build string generation behaviour is retained in these build environments. NOTE: This commit completes a cumulative series aimed at improving build portability across development environments. This enables the build to run on several new build environments, if the relevant tools are available. At this point the build is tested on Windows 7 Enterprise SP1, using CMD.EXE, Cygwin and Msys (MinGW),as well as a native Linux envionment". The Windows platform builds used aarch64-none-elf-gcc.exe 4.9.1. CMD.EXE and Msys used Gnu Make 3.81, cygwin used Gnu Make 4.1. CAVEAT: The cert_create tool build is not tested on the Windows platforms (openssl-for-windows has a GPL license). Change-Id: Iaa4fc89dbe2a9ebae87e2600c9eef10a6af30251
-
- 31 Mar, 2016 3 commits
-
-
Antonio Nino Diaz authored
lib/aarch64/xlat_helpers.c defines helper functions to build translation descriptors, but no common code or upstream platform port uses them. As the rest of the xlat_tables code evolves, there may be conflicts with these helpers, therefore this code should be removed. Change-Id: I9f5be99720f929264818af33db8dada785368711
-
Juan Castillo authored
This patch adds support for non-volatile counter authentication to the Authentication Module. This method consists of matching the counter values provided in the certificates with the ones stored in the platform. If the value from the certificate is lower than the platform, the boot process is aborted. This mechanism protects the system against rollback. The TBBR CoT has been updated to include this method as part of the authentication process. Two counters are used: one for the trusted world images and another for the non trusted world images. ** NEW PLATFORM APIs (mandatory when TBB is enabled) ** int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr); This API returns the non-volatile counter value stored in the platform. The cookie in the first argument may be used to select the counter in case the platform provides more than one (i.e. TBSA compliant platforms must provide trusted and non-trusted counters). This cookie is specified in the CoT. int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr); This API sets a new counter value. The cookie may be used to select the counter to be updated. An implementation of these new APIs for ARM platforms is also provided. The values are obtained from the Trusted Non-Volatile Counters peripheral. The cookie is used to pass the extension OID. This OID may be interpreted by the platform to know which counter must return. On Juno, The trusted and non-trusted counter values have been tied to 31 and 223, respectively, and cannot be modified. ** IMPORTANT ** THIS PATCH BREAKS THE BUILD WHEN TRUSTED_BOARD_BOOT IS ENABLED. THE NEW PLATFORM APIs INTRODUCED IN THIS PATCH MUST BE IMPLEMENTED IN ORDER TO SUCCESSFULLY BUILD TF. Change-Id: Ic943b76b25f2a37f490eaaab6d87b4a8b3cbc89a
-
David Wang authored
This patch adds an option to the ARM common platforms to load BL31 in the TZC secured DRAM instead of the default secure SRAM. To enable this feature, set `ARM_BL31_IN_DRAM` to 1 in build options. If TSP is present, then setting this option also sets the TSP location to DRAM and ignores the `ARM_TSP_RAM_LOCATION` build flag. To use this feature, BL2 platform code must map in the DRAM used by BL31. The macro ARM_MAP_BL31_SEC_DRAM is provided for this purpose. Currently, only the FVP BL2 platform code maps in this DRAM. Change-Id: If5f7cc9deb569cfe68353a174d4caa48acd78d67
-
- 30 Mar, 2016 1 commit
-
-
Gerald Lejeune authored
Asynchronous abort exceptions generated by the platform during cold boot are not taken in EL3 unless SCR_EL3.EA is set. Therefore EA bit is set along with RES1 bits in early BL1 and BL31 architecture initialisation. Further write accesses to SCR_EL3 preserve these bits during cold boot. A build flag controls SCR_EL3.EA value to keep asynchronous abort exceptions being trapped by EL3 after cold boot or not. For further reference SError Interrupts are also known as asynchronous external aborts. On Cortex-A53 revisions below r0p2, asynchronous abort exceptions are taken in EL3 whatever the SCR_EL3.EA value is. Fixes arm-software/tf-issues#368 Signed-off-by: Gerald Lejeune <gerald.lejeune@st.com>
-
- 22 Mar, 2016 1 commit
-
-
Sandrine Bailleux authored
The Firmware Design document is meant to provide a general overview of the Trusted Firmware code. Although it is useful to provide some guidance around the responsibilities of the platform layer, it should not provide too much platform specific implementation details. Right now, some sections are too tied to the implementation on ARM platforms. This makes the Firmware Design document harder to digest. This patch simplifies this aspect of the Firmware Design document. The sections relating the platform initialisations performed by the different BL stages have been simplified and the extra details about the ARM platforms implementation have been moved to the Porting Guide when appropriate. This patch also provides various documentation fixes and additions in the Firmware Design and Platform Porting Guide. In particular: - Update list of SMCs supported by BL1. - Remove MMU setup from architectural inits, as it is actually performed by platform code. - Similarly, move runtime services initialisation, BL2 image initialization and BL33 execution out of the platform initialisation paragraph. - List SError interrupt unmasking as part of BL1 architectural initialization. - Mention Trusted Watchdog enabling in BL1 on ARM platforms. - Fix order of steps in "BL2 image load and execution" section. - Refresh section about GICv3/GICv2 drivers initialisation on ARM platforms. Change-Id: I32113c4ffdc26687042629cd8bbdbb34d91e3c14
-
- 14 Mar, 2016 1 commit
-
-
Antonio Nino Diaz authored
Added a new platform porting function plat_panic_handler, to allow platforms to handle unexpected error situations. It must be implemented in assembly as it may be called before the C environment is initialized. A default implementation is provided, which simply spins. Corrected all dead loops in generic code to call this function instead. This includes the dead loop that occurs at the end of the call to panic(). All unnecesary wfis from bl32/tsp/aarch64/tsp_exceptions.S have been removed. Change-Id: I67cb85f6112fa8e77bd62f5718efcef4173d8134
-
- 07 Mar, 2016 2 commits
-
-
Antonio Nino Diaz authored
The previous reset code in BL1 performed the following steps in order: 1. Warm/Cold boot detection. If it's a warm boot, jump to warm boot entrypoint. 2. Primary/Secondary CPU detection. If it's a secondary CPU, jump to plat_secondary_cold_boot_setup(), which doesn't return. 3. CPU initialisations (cache, TLB...). 4. Memory and C runtime initialization. For a secondary CPU, steps 3 and 4 are never reached. This shouldn't be a problem in most cases, since current implementations of plat_secondary_cold_boot_setup() either panic or power down the secondary CPUs. The main concern is the lack of secondary CPU initialization when bare metal EL3 payloads are used in case they don't take care of this initialisation themselves. This patch moves the detection of primary/secondary CPU after step 3 so that the CPU initialisations are performed per-CPU, while the memory and the C runtime initialisation are only performed on the primary CPU. The diagrams used in the ARM Trusted Firmware Reset Design documentation file have been updated to reflect the new boot flow. Platforms ports might be affected by this patch depending on the behaviour of plat_secondary_cold_boot_setup(), as the state of the platform when entering this function will be different. Fixes ARM-software/tf-issues#342 Change-Id: Icbf4a0ee2a3e5b856030064472f9fa6696f2eb9e
-
Antonio Nino Diaz authored
This patch clarifies a porting API in the Porting Guide that do not follow the ARM Architecture Program Calling Standards (AAPCS). The list of registers that are allowed to be clobbered by this API has been updated in the Porting Guide. Fixes ARM-software/tf-issues#259 Change-Id: Ibf2adda2e1fb3e9b8f53d8a918d5998356eb8fce
-
- 02 Mar, 2016 1 commit
-
-
Antonio Nino Diaz authored
Enable alternative boot flow where BL2 does not load BL33 from non-volatile storage, and BL31 hands execution over to a preloaded BL33. The flag used to enable this bootflow is BL33_BASE, which must hold the entrypoint address of the BL33 image. The User Guide has been updated with an example of how to use this option with a bootwrapped kernel. Change-Id: I48087421a7b0636ac40dca7d457d745129da474f
-
- 22 Feb, 2016 1 commit
-
-
Vikram Kanigiri authored
`board_arm_def.h` contains multiple definitions of `PLAT_ARM_MMAP_ENTRIES` and `MAX_XLAT_TABLES` that are optimised for memory usage depending upon the chosen build configuration. To ease maintenance of these constants, this patch replaces their multiple definitions with a single set of definitions that will work on all ARM platforms. Platforms can override the defaults with optimal values by enabling the `ARM_BOARD_OPTIMISE_MMAP` build option. An example has been provided in the Juno ADP port. Additionally, `PLAT_ARM_MMAP_ENTRIES` is increased by one to accomodate future ARM platforms. Change-Id: I5ba6490fdd1e118cc9cc2d988ad7e9c38492b6f0
-
- 19 Feb, 2016 1 commit
-
-
Soby Mathew authored
The common topology description helper funtions and macros for ARM Standard platforms assumed a dual cluster system. This is not flexible enough to scale to multi cluster platforms. This patch does the following changes for more flexibility in defining topology: 1. The `plat_get_power_domain_tree_desc()` definition is moved from `arm_topology.c` to platform specific files, that is `fvp_topology.c` and `juno_topology.c`. Similarly the common definition of the porting macro `PLATFORM_CORE_COUNT` in `arm_def.h` is moved to platform specific `platform_def.h` header. 2. The ARM common layer porting macros which were dual cluster specific are now removed and a new macro PLAT_ARM_CLUSTER_COUNT is introduced which must be defined by each ARM standard platform. 3. A new mandatory ARM common layer porting API `plat_arm_get_cluster_core_count()` is introduced to enable the common implementation of `arm_check_mpidr()` to validate MPIDR. 4. For the FVP platforms, a new build option `FVP_NUM_CLUSTERS` has been introduced which allows the user to specify the cluster count to be used to build the topology tree within Trusted Firmare. This enables Trusted Firmware to be built for multi cluster FVP models. Change-Id: Ie7a2e38e5661fe2fdb2c8fdf5641d2b2614c2b6b
-
- 18 Feb, 2016 1 commit
-
-
Sandrine Bailleux authored
This patch adds a link to the Cortex-A57 Software Optimization Guide in the ARM CPU Specific Build Macros document to justify the default value of the A57_DISABLE_NON_TEMPORAL_HINT build flag. Change-Id: I9779e42a4bb118442b2b64717ce143314ec9dd16
-
- 17 Feb, 2016 1 commit
-
-
Antonio Nino Diaz authored
The folowing build options were missing from the User Guide and have been documented: - CTX_INCLUDE_FPREGS - DISABLE_PEDANTIC - BUILD_STRING - VERSION_STRING - BUILD_MESSAGE_TIMESTAMP Change-Id: I6a9c39ff52cad8ff04deff3ac197af84d437b8b7
-
- 16 Feb, 2016 1 commit
-
-
Vikram Kanigiri authored
Current code mandates loading of SCP_BL2/SCP_BL2U images for all CSS platforms. On future ARM CSS platforms, the Application Processor (AP) might not need to load these images. So, these items can be removed from the FIP on those platforms. BL2 tries to load SCP_BL2/SCP_BL2U images if their base addresses are defined causing boot error if the images are not found in FIP. This change adds a make flag `CSS_LOAD_SCP_IMAGES` which if set to `1` does: 1. Adds SCP_BL2, SCP_BL2U images to FIP. 2. Defines the base addresses of these images so that AP loads them. And vice-versa if it is set to `0`. The default value is set to `1`. Change-Id: I5abfe22d5dc1e9d80d7809acefc87b42a462204a
-
- 12 Feb, 2016 1 commit
-
-
Haojian Zhuang authored
ARM PL061 GPIO driver requires the "PLAT_PL061_MAX_GPIOS" definition. By default, it's defined to 32 in PL061 GPIO driver. If user wants more PL061 controllers in platform, user should define the build flag in platform.mk instead. Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
-
- 08 Feb, 2016 1 commit
-
-
Sandrine Bailleux authored
The LDNP/STNP instructions as implemented on Cortex-A53 and Cortex-A57 do not behave in a way most programmers expect, and will most probably result in a significant speed degradation to any code that employs them. The ARMv8-A architecture (see Document ARM DDI 0487A.h, section D3.4.3) allows cores to ignore the non-temporal hint and treat LDNP/STNP as LDP/STP instead. This patch introduces 2 new build flags: A53_DISABLE_NON_TEMPORAL_HINT and A57_DISABLE_NON_TEMPORAL_HINT to enforce this behaviour on Cortex-A53 and Cortex-A57. They are enabled by default. The string printed in debug builds when a specific CPU errata workaround is compiled in but skipped at runtime has been generalised, so that it can be reused for the non-temporal hint use case as well. Change-Id: I3e354f4797fd5d3959872a678e160322b13867a1
-
- 05 Feb, 2016 1 commit
-
-
Antonio Nino Diaz authored
Move up to Base FVP version 7.2 (build 0.8/7202) and Foundation FVP version 9.5 (build 9.5.41) in the user guide. Change-Id: Ie9900596216808cadf45f042eec639d906e497b2
-
- 01 Feb, 2016 1 commit
-
-
Juan Castillo authored
This patch adds a brief explanation of the top/bottom load approach to the Firmware Design guide and how Trusted Firmware keeps track of the free memory at boot time. This will help platform developers to avoid unexpected results in the memory layout. Fixes ARM-software/tf-issues#319 Change-Id: I04be7e24c1f3b54d28cac29701c24bf51a5c00ad
-
- 29 Jan, 2016 2 commits
-
-
Sandrine Bailleux authored
The memory translation library in Trusted Firmware supports non-identity mappings for Physical to Virtual addresses since commit f984ce84. However, the porting guide hasn't been updated accordingly and still mandates the platform ports to use identity-mapped page tables for all addresses. This patch removes this out-dated information from the Porting Guide and clarifies in which circumstances non-identity mapping may safely be used. Fixes ARM-software/tf-issues#258 Change-Id: I84dab9f3cabfc43794951b1828bfecb13049f706
-
Sandrine Bailleux authored
This patch reworks the section about booting an EL3 payload in the User Guide: - Centralize all EL3 payload related information in the same section. - Mention the possibility to program the EL3 payload in flash memory and execute it in place. - Provide model parameters for both the Base and Foundation FVPs. - Provide some guidance to boot an EL3 payload on Juno. Change-Id: I975c8de6b9b54ff4de01a1154cba63271d709912
-
- 21 Jan, 2016 1 commit
-
-
Juan Castillo authored
The PL011 TRM (ARM DDI 0183G) specifies that the UART must be disabled before any of the control registers are programmed. The PL011 driver included in TF does not disable the UART, so the initialization in BL2 and BL31 is violating this requirement (and potentially in BL1 if the UART is enabled after reset). This patch modifies the initialization function in the PL011 console driver to disable the UART before programming the control registers. Register clobber list and documentation updated. Fixes ARM-software/tf-issues#300 Change-Id: I839b2d681d48b03f821ac53663a6a78e8b30a1a1
-
- 20 Jan, 2016 1 commit
-
-
Juan Castillo authored
Currently, Trusted Firmware on ARM platforms unlocks access to the timer frame registers that will be used by the Non-Secure world. This unlock operation should be done by the Non-Secure software itself, instead of relying on secure firmware settings. This patch adds a new ARM specific build option 'ARM_CONFIG_CNTACR' to unlock access to the timer frame by setting the corresponding bits in the CNTACR<N> register. The frame id <N> is defined by 'PLAT_ARM_NSTIMER_FRAME_ID'. Default value is true (unlock timer access). Documentation updated accordingly. Fixes ARM-software/tf-issues#170 Change-Id: Id9d606efd781e43bc581868cd2e5f9c8905bdbf6
-
- 18 Jan, 2016 1 commit
-
-
Yuping Luo authored
GIC v2 and v3 specification references in the porting guide should refer to publically visible links, not ARM internal links. Change-Id: Ib47c8adda6a03581f23bcaed72d71c08c7dd9fb1 Signed-off-by: Yuping Luo <yuping.luo@arm.com>
-
- 15 Jan, 2016 1 commit
-
-
Sandrine Bailleux authored
Since commit 804040d1, the Juno port has moved from per-CPU mailboxes to a single shared one. This patch updates an out-dated reference to the former per-CPU mailboxes mechanism in the Firmware Design. Change-Id: I355b54156b1ace1b3df4c4416e1e8625211677fc
-
- 14 Jan, 2016 1 commit
-
-
Soren Brinkmann authored
Migrate all direct usage of __attribute__ to usage of their corresponding macros from cdefs.h. e.g.: - __attribute__((unused)) -> __unused Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
-
- 13 Jan, 2016 1 commit
-
-
Juan Castillo authored
This patch adds a brief description of 'MAX_MMAP_REGIONS' and 'ADDR_SPACE_SIZE' to the Porting Guide. These fields must be defined by the platform in order to use the translation table library. Change-Id: Ida366458fe2bc01979091a014dc38da0fae5991e
-
- 12 Jan, 2016 1 commit
-
-
Sandrine Bailleux authored
Change-Id: I4fcdb8e813e0392c2cd3d0623698e8319b3b0593
-
- 08 Jan, 2016 1 commit
-
-
Sandrine Bailleux authored
This patch fixes a couple of issues in the "CPU specific operations framework" section in the Firmware Design document. * Fix broken link to the CPU Specific Build Macros document. * Fix the path to the cortex_a53.S file. * Fix power levels terminology. Change-Id: Ib610791eaba13dab2823b7699bb63534bcd1c8fb
-
- 05 Jan, 2016 1 commit
-
-
Juan Castillo authored
The fip_create tool specifies images in the command line using the ARM TF naming convention (--bl2, --bl31, etc), while the cert_create tool uses the TBBR convention (--tb-fw, --soc-fw, etc). This double convention is confusing and should be aligned. This patch updates the fip_create command line options to follow the TBBR naming convention. Usage examples in the User Guide have been also updated. NOTE: users that build the FIP by calling the fip_create tool directly from the command line must update the command line options in their scripts. Users that build the FIP by invoking the main ARM TF Makefile should not notice any difference. Change-Id: I84d602630a2585e558d927b50dfde4dd2112496f
-
- 21 Dec, 2015 3 commits
-
-
Sandrine Bailleux authored
Change-Id: I23a852fc7d91f91923bb84bc3167a830d1bb7463
-
Sandrine Bailleux authored
Change-Id: I6f49bd779f2a4d577c6443dd160290656cdbc59b
-
Dan Handley authored
Remove the following redundant sentence from the user guide, which implies the user should use the TF version from the Linaro release, which was not the intention: "However, the rest of this document assumes that you got the Trusted Firmware as part of the Linaro release." Also, tidied up the grammar in this section. Change-Id: I5dae0b68d3683e2a85a7b3c6a31222182a66f6c8
-
- 17 Dec, 2015 3 commits
-
-
Yatharth Kochar authored
This patch adds design documentation for the Firmware Update (FWU) feature in `firmware-update.md`. It provides an overview of FWU, describes the BL1 SMC interface, and includes diagrams showing an example FWU boot flow and the FWU state machine. This patch also updates the existing TF documents where needed: * `porting-guide.md` * `user-guide.md` * `firmware-design.md` * `rt-svc-writers-guide.md` * `trusted_board_boot.md` Change-Id: Ie6de31544429b18f01327bd763175e218299a4ce Co-Authored-By: Dan Handley <dan.handley@arm.com>
-
Olivier Martin authored
-
Olivier Martin authored
`FVP_TSP_RAM_LOCATION` has been renamed into `ARM_TSP_RAM_LOCATION`.
-
- 15 Dec, 2015 1 commit
-
-
Sandrine Bailleux authored
This patch introduces a new document presenting the ARM Trusted Firmware Reset Design. It shows the reset code flow, lists the different build options that affect it, in which case to use them and what their exact effect is. The section about using BL31 entrypoint as the reset address has been moved from the general firmware design document to this one. It's also been improved to explain why the FVP port supports the RESET_TO_BL31 configuration, even though the reset vector address can't be programmed dynamically. This document includes some images, which have been generated using Dia version 0.97.2. This tool can be obtained from: https://wiki.gnome.org/Apps/Dia/Download This patch provides: - the image files describing the different reset flow diagrams; - the source '.dia' file; - a script automating the generation of the images from the '.dia' file. Note that the 2 latter files are not actually needed for the document and are provided for convenience only, in case the reset images need to be modified. Change-Id: Ib6302e8209d418a5b31c4e85e55fd9e83caf2ca2
-