- 14 Feb, 2017 1 commit
-
-
Jeenu Viswambharan authored
The ARMv8v.1 architecture extension has introduced support for far atomics, which includes compare-and-swap. Compare and Swap instruction is only available for AArch64. Introduce build options to choose the architecture versions to target ARM Trusted Firmware: - ARM_ARCH_MAJOR: selects the major version of target ARM Architecture. Default value is 8. - ARM_ARCH_MINOR: selects the minor version of target ARM Architecture. Default value is 0. When: (ARM_ARCH_MAJOR > 8) || ((ARM_ARCH_MAJOR == 8) && (ARM_ARCH_MINOR >= 1)), for AArch64, Compare and Swap instruction is used to implement spin locks. Otherwise, the implementation falls back to using load-/store-exclusive instructions. Update user guide, and introduce a section in Firmware Design guide to summarize support for features introduced in ARMv8 Architecture Extensions. Change-Id: I73096a0039502f7aef9ec6ab3ae36680da033f16 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 10 Feb, 2017 1 commit
-
-
David Cunado authored
AEMv8-A Model release v8.2 has been made available and Trusted Firmware has been tested against these versions as part of its CI system. This patch updates the user guide documentation to reflect the version of AEM and Cortex Models that Trusted Firmware has been tested against. Also, the Linaro Release Notes link was broken and this patch updates the link. Change-Id: I88729cef909a69fff629036f480fd6168ad7dc9a Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 06 Feb, 2017 1 commit
-
-
Masahiro Yamada authored
RESET_TO_BL31=1 is specified by plat/xilinx/zynqmp/platform.mk with "override" directive. So, RESET_TO_BL31=1 is guaranteed without any operation on users' side. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 30 Jan, 2017 1 commit
-
-
Jeenu Viswambharan authored
The errata reporting policy is as follows: - If an errata workaround is enabled: - If it applies (i.e. the CPU is affected by the errata), an INFO message is printed, confirming that the errata workaround has been applied. - If it does not apply, a VERBOSE message is printed, confirming that the errata workaround has been skipped. - If an errata workaround is not enabled, but would have applied had it been, a WARN message is printed, alerting that errata workaround is missing. The CPU errata messages are printed by both BL1 (primary CPU only) and runtime firmware on debug builds, once for each CPU/errata combination. Relevant output from Juno r1 console when ARM Trusted Firmware is built with PLAT=juno LOG_LEVEL=50 DEBUG=1: VERBOSE: BL1: cortex_a57: errata workaround for 806969 was not applied VERBOSE: BL1: cortex_a57: errata workaround for 813420 was not applied INFO: BL1: cortex_a57: errata workaround for disable_ldnp_overread was applied WARNING: BL1: cortex_a57: errata workaround for 826974 was missing! WARNING: BL1: cortex_a57: errata workaround for 826977 was missing! WARNING: BL1: cortex_a57: errata workaround for 828024 was missing! WARNING: BL1: cortex_a57: errata workaround for 829520 was missing! WARNING: BL1: cortex_a57: errata workaround for 833471 was missing! ... VERBOSE: BL31: cortex_a57: errata workaround for 806969 was not applied VERBOSE: BL31: cortex_a57: errata workaround for 813420 was not applied INFO: BL31: cortex_a57: errata workaround for disable_ldnp_overread was applied WARNING: BL31: cortex_a57: errata workaround for 826974 was missing! WARNING: BL31: cortex_a57: errata workaround for 826977 was missing! WARNING: BL31: cortex_a57: errata workaround for 828024 was missing! WARNING: BL31: cortex_a57: errata workaround for 829520 was missing! WARNING: BL31: cortex_a57: errata workaround for 833471 was missing! ... VERBOSE: BL31: cortex_a53: errata workaround for 826319 was not applied INFO: BL31: cortex_a53: errata workaround for disable_non_temporal_hint was applied Also update documentation. Change-Id: Iccf059d3348adb876ca121cdf5207bdbbacf2aba Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 26 Jan, 2017 1 commit
-
-
Jeenu Viswambharan authored
The current user guide mentions that Foundation model doesn't support debugger interface. Clarify that all FVPs support --cadi-server option such that a CADI-compliant debugger can connect to and control model execution. Also fix broken URL to FVP home page. Change-Id: Ia14d618a4e0abb4b228eb1616040f9b51fb3f6f9 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 20 Dec, 2016 1 commit
-
-
Sandrine Bailleux authored
- Clarify the documentation of the 'FWU_SMC_IMAGE_COPY' SMC in the Firmware Update guide. Also extend the list of pre-conditions to include the additional input validation implemented by previous patches. - Improve documentation of bl1_plat_mem_check() in the porting guide. It now specifies that the generic FWU code protects bl1_plat_mem_check() from integer overflows resulting from the addition of the base address and size passed in arguments. Change-Id: I07b47a3778df7b9c089529b2dd2135707640a91c Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 15 Dec, 2016 3 commits
-
-
David Cunado authored
Foundation Model release 10.2 has been made available and Trusted Firmware has been tested against that it as part of its CI system. This patch updates the user guide documentation to reflect the version of Foundation Model that Trusted Firmware has been tested against. Change-Id: I8571e1027b24892b41d04b93b24245a371ca2cae Signed-off-by: David Cunado <david.cunado@arm.com>
-
Jeenu Viswambharan authored
Various CPU drivers in ARM Trusted Firmware register functions to handle power-down operations. At present, separate functions are registered to power down individual cores and clusters. This scheme operates on the basis of core and cluster, and doesn't cater for extending the hierarchy for power-down operations. For example, future CPUs might support multiple threads which might need powering down individually. This patch therefore reworks the CPU operations framework to allow for registering power down handlers on specific level basis. Henceforth: - Generic code invokes CPU power down operations by the level required. - CPU drivers explicitly mention CPU_NO_RESET_FUNC when the CPU has no reset function. - CPU drivers register power down handlers as a list: a mandatory handler for level 0, and optional handlers for higher levels. All existing CPU drivers are adapted to the new CPU operations framework without needing any functional changes within. Also update firmware design guide. Change-Id: I1826842d37a9e60a9e85fdcee7b4b8f6bc1ad043 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
dp-arm authored
The previous code required that a certificate be signed with the ROT key before the platform's NV counter could be updated with the value in the certificate. This implies that the Non-Trusted NV counter was not being updated for Non-Trusted content certificates, as they cannot be signed with the ROT key in the TBBR CoT scheme. The code is reworked to only allow updating the platform's Trusted NV counter when a certificate protected by the Trusted NV counter is signed with the ROT key. Content certificates protected by the Non-Trusted NV counter are allowed to update the platform's Non-Trusted NV counter, assuming that the certificate value is higher than the platform's value. A new optional platform API has been introduced, named plat_set_nv_ctr2(). Platforms may choose to implement it and perform additional checks based on the authentication image descriptor before modifying the NV counters. A default weak implementation is available that just calls into plat_set_nv_ctr(). Fixes ARM-software/tf-issues#426 Change-Id: I4fc978fd28a3007bc0cef972ff1f69ad0413b79c Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 13 Dec, 2016 2 commits
-
-
Antonio Nino Diaz authored
Added the definitions `PLAT_PHY_ADDR_SPACE_SIZE` and `PLAT_VIRT_ADDR_SPACE_SIZE` which specify respectively the physical and virtual address space size a platform can use. `ADDR_SPACE_SIZE` is now deprecated. To maintain compatibility, if any of the previous defines aren't present, the value of `ADDR_SPACE_SIZE` will be used instead. For AArch64, register ID_AA64MMFR0_EL1 is checked to calculate the max PA supported by the hardware and to verify that the previously mentioned definition is valid. For AArch32, a 40 bit physical address space is considered. Added asserts to check for overflows. Porting guide updated. Change-Id: Ie8ce1da5967993f0c94dbd4eb9841fc03d5ef8d6 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Jeenu Viswambharan authored
Change-Id: I28b2790ff2f87b9fe3cf1020e59e1e0a00be6f97 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 22 Nov, 2016 1 commit
-
-
Douglas Raillard authored
Add dependency information in the user guide for ARM_RECOM_STATE_ID_ENC that needs to be set when using PSCI_EXTENDED_STATE_ID on ARM platforms. Also clarify the build error message. Change-Id: Id125a0299b179f5f222bca4e2503204bf89a3c59 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 17 Nov, 2016 1 commit
-
-
Douglas Raillard authored
The API description currently states that interrupt handlers (interrupt_type_handler_t pointers) SHOULD return a pointer to the target cpu_context. This patch rewords the description of the interrupts handlers to state that it MUST return a pointer to the target security context. It also warns about potential portability issue. Specifically, this pointer is not used on AArch64 and calls to context library APIs must be used to ask BL31 to return to a specific context. However, this could change in the future and interrupt handlers must always return the pointer. Change-Id: I3f82a046de4d7a5b51a8cbebe7eb2a00dbbdb4f0 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 14 Nov, 2016 2 commits
-
-
Douglas Raillard authored
Fix a link broken by a missing space that turned it into a link to an non-existent anchor. Change-Id: Ie863e963db28afa3a28b69d3f63bd7638bdf5af9 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
Douglas Raillard authored
fixes ARM-Software/tf-issues#346 Change-Id: I946c8eab650bba7407775462ce91f394d767e079 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 08 Nov, 2016 2 commits
-
-
Varun Wadekar authored
This patch adds the secure payload dispatcher for interacting with Google's Trusty TEE. Documentation for Trusty can be found at https://source.android.com/security/trusty Original authors: ----------------- * Arve Hjønnevåg <arve@android.com> * Michael Ryleev <gmar@google.com> Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Jeenu Viswambharan authored
At present, build options in the user guide aren't listed in any specific order. Ordering them alphabetically is a standard practice, and is also easier on the reader. Contents unchanged. Change-Id: Ibc36f3a2a576edb86c1a402430d2ef5adcb2f144 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 03 Nov, 2016 2 commits
-
-
Sandrine Bailleux authored
This patch fixes the type of the return value of bl1_plat_mem_check() in the porting guide. It also specifies the expected return value. Change-Id: I7c437342b8bfb1e621d74b2edf0aaf97b913216a Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
dp-arm authored
Change-Id: I8e50df67e860b9589834445761a7b9927690fdce Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 24 Oct, 2016 1 commit
-
-
Masahiro Yamada authored
Do not double the phrase "called with the". Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 13 Oct, 2016 2 commits
-
-
David Cunado authored
Updated the user guide to clarify building FIP for AArch32. The instructions were previously specific to building a FIP for AArch64. Change-Id: I7bd1a6b8e810cfda411f707e04f479006817858e Signed-off-by: David Cunado <david.cunado@arm.com>
-
David Cunado authored
Updated change-log.md with summary of changes since release v1.2. Change-Id: Ia1e18ff4b0da567cf12dfcb53e6317e995100bdf
-
- 12 Oct, 2016 2 commits
-
-
dp-arm authored
Add a Performance Measurement Framework (PMF) section to the firmware design document. Change-Id: I5953bd3b1067501f190164c8827d2b0d8022fc0b Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
Antonio Nino Diaz authored
The user guide incorrectly claimed that it is possible to load a bootwrapped kernel over JTAG on Juno in the same manner as an EL3 payload. In the EL3 payload boot flow, some of the platform initialisations in BL2 are modified. In particular, the TZC settings are modified to allow unrestricted access to DRAM. This in turn allows the debugger to access the DRAM and therefore to load the image there. In the BL33-preloaded boot flow though, BL2 uses the default TZC programming, which prevent access to most of the DRAM from secure state. When execution reaches the SPIN_ON_BL1_EXIT loop, the MMU is disabled and thus DS-5 presumably issues secure access transactions while trying to load the image, which fails. One way around it is to stop execution at the end of BL2 instead. At this point, the MMU is still enabled and the DRAM is mapped as non-secure memory. Therefore, the debugger is allowed to access this memory in this context and to sucessfully load the bootwrapped kernel in DRAM. The user guide is updated to suggest this alternative method. Co-Authored-By: Sandrine Bailleux <sandrine.bailleux@arm.com> Signed-off-by: Dan Handley <dan.handley@arm.com> Change-Id: I537ea1c6d2f96edc06bc3f512e770c748bcabe94
-
- 11 Oct, 2016 3 commits
-
-
Soby Mathew authored
This patch adds necessary updates for building and running Trusted Firmware for AArch32 to user-guide.md. The instructions for running on both `FVP_Base_AEMv8A-AEMv8A` in AArch32 mode and `FVP_Base_Cortex-A32x4` models are added. The device tree files for AArch32 Linux kernel are also added in the `fdts` folder. Change-Id: I0023b6b03e05f32637cb5765fdeda8c8df2d0d3e
-
Yatharth Kochar authored
This patch updates the firmware-design.md for AArch32 related changes. Change-Id: Idf392a44861ab9c1f59f3de4f3435f508b17c678
-
Jeenu Viswambharan authored
Fix one of the two titles that ended up being the same, although both describe different things. Change-Id: I66ecf369643709898ee4c014659d8f85c0480643
-
- 28 Sep, 2016 1 commit
-
-
Soby Mathew authored
This patch adds the PSCI library integration guide for AArch32 ARMv8-A systems `psci-lib-integration-guide.md` to the documentation. The patch also adds appropriate reference to the new document in the `firmware-design.md` document. Change-Id: I2d5b5c6b612452371713399702e318e3c73a8ee0
-
- 27 Sep, 2016 1 commit
-
-
Sandrine Bailleux authored
This patch updates the User Guide to recommend the latest version of some of the software dependencies of ARM Trusted Firmware. - Upgrade Linaro release: 16.02 -> 16.06 - Upgrade FVPs - Foundation v8 FVP: 9.5 -> 10.1 - Base FVPs: 7.6 -> 7.7 - Upgrade mbed TLS library: 2.2.0 -> 2.2.1 Note that the latest release of mbed TLS as of today is 2.3.0 but it has compilations issues with the set of library configuration options that Trusted Firmware uses. 2.2.1 is the next most recent release known to build with TF. This patch also fixes the markdown formatting of a link in the User Guide. Change-Id: Ieb7dd336f4d3110fba060afec4ad580ae707a8f1
-
- 21 Sep, 2016 1 commit
-
-
Yatharth Kochar authored
This patch adds common changes to support AArch32 state in BL1 and BL2. Following are the changes: * Added functions for disabling MMU from Secure state. * Added AArch32 specific SMC function. * Added semihosting support. * Added reporting of unhandled exceptions. * Added uniprocessor stack support. * Added `el3_entrypoint_common` macro that can be shared by BL1 and BL32 (SP_MIN) BL stages. The `el3_entrypoint_common` is similar to the AArch64 counterpart with the main difference in the assembly instructions and the registers that are relevant to AArch32 execution state. * Enabled `LOAD_IMAGE_V2` flag in Makefile for `ARCH=aarch32` and added check to make sure that platform has not overridden to disable it. Change-Id: I33c6d8dfefb2e5d142fdfd06a0f4a7332962e1a3
-
- 20 Sep, 2016 2 commits
-
-
Yatharth Kochar authored
This patch adds capability to load BL images based on image descriptors instead of hard coded way of loading BL images. This framework is designed such that it can be readily adapted by any BL stage that needs to load images. In order to provide the above capability the following new platform functions are introduced: bl_load_info_t *plat_get_bl_image_load_info(void); This function returns pointer to the list of images that the platform has populated to load. bl_params_t *plat_get_next_bl_params(void); This function returns a pointer to the shared memory that the platform has kept aside to pass trusted firmware related information that next BL image needs. void plat_flush_next_bl_params(void); This function flushes to main memory all the params that are passed to next image. int bl2_plat_handle_post_image_load(unsigned int image_id) This function can be used by the platforms to update/use image information for given `image_id`. `desc_image_load.c` contains utility functions which can be used by the platforms to generate, load and executable, image list based on the registered image descriptors. This patch also adds new version of `load_image/load_auth_image` functions in-order to achieve the above capability. Following are the changes for the new version as compared to old: - Refactor the signature and only keep image_id and image_info_t arguments. Removed image_base argument as it is already passed through image_info_t. Given that the BL image base addresses and limit/size are already provided by the platforms, the meminfo_t and entry_point_info arguments are not needed to provide/reserve the extent of free memory for the given BL image. - Added check for the image size against the defined max size. This is needed because the image size could come from an unauthenticated source (e.g. the FIP header). To make this check, new member is added to the image_info_t struct for identifying the image maximum size. New flag `LOAD_IMAGE_V2` is added in the Makefile. Default value is 0. NOTE: `TRUSTED_BOARD_BOOT` is currently not supported when `LOAD_IMAGE_V2` is enabled. Change-Id: Ia7b643f4817a170d5a2fbf479b9bc12e63112e79
-
Haojian Zhuang authored
Partition driver requires the "PLAT_PARTITION_MAX_ENTRIES" definition. By default, it's defined to 128 in partition driver. But it costs a lot of memory, and only a few partition entries are really used in platform partition table. If user wants use memory efficiently, user should define the build flag in platform.mk instead. Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
-
- 15 Sep, 2016 1 commit
-
-
Jeenu Viswambharan authored
This patch adds support for NODE_HW_STATE PSCI API by introducing a new PSCI platform hook (get_node_hw_state). The implementation validates supplied arguments, and then invokes this platform-defined hook and returns its result to the caller. PSCI capabilities are updated accordingly. Also updates porting and firmware design guides. Change-Id: I808e55bdf0c157002a7c104b875779fe50a68a30
-
- 12 Sep, 2016 1 commit
-
-
dp-arm authored
This feature allows one to quickly verify that the expected image is contained in the FIP without extracting the image and running sha256sum(1) on it. The sha256 digest is only shown when the verbose flag is used. This change requires libssl-dev to be installed in order to build Trusted Firmware. Previously, libssl-dev was optionally needed only to support Trusted Board Boot configurations. Fixes ARM-Software/tf-issues#124 Change-Id: Ifb1408d17f483d482bb270a589ee74add25ec5a6
-
- 16 Aug, 2016 1 commit
-
-
Sandrine Bailleux authored
This patch updates the User Guide to move up from version 7.2 to 7.6 of the Base FVP. Change-Id: I792b2250deb4836266e14b40992ae59a5ab5f729
-
- 15 Aug, 2016 1 commit
-
-
Soby Mathew authored
This patch enables the AArch32 build including SP_MIN in the top level Makefile. The build flag `ARCH` now can specify either `aarch64`(default) or `aarch32`. Currently only FVP AEM model is supported for AArch32 build. Another new build flag `AARCH32_SP` is introduced to specify the AArch32 secure payload to be built. Change-Id: Ie1198cb9e52d7da1b79b93243338fc3868b08faa
-
- 29 Jul, 2016 1 commit
-
-
dp-arm authored
fiptool provides a more consistent and intuitive interface compared to the fip_create program. It serves as a better base to build on more features in the future. fiptool supports various subcommands. Below are the currently supported subcommands: 1) info - List the images contained in a FIP file. 2) create - Create a new FIP file with the given images. 3) update - Update an existing FIP with the given images. 4) unpack - Extract a selected set or all the images from a FIP file. 5) remove - Remove images from a FIP file. This is a new command that was not present in fip_create. To create a new FIP file, replace "fip_create" with "fiptool create". To update a FIP file, replace "fip_create" with "fiptool update". To dump the contents of a FIP file, replace "fip_create --dump" with "fiptool info". A compatibility script that emulates the basic functionality of fip_create is provided. Existing scripts might or might not work with the compatibility script. Users are strongly encouraged to migrate to fiptool. Fixes ARM-Software/tf-issues#87 Fixes ARM-Software/tf-issues#108 Fixes ARM-Software/tf-issues#361 Change-Id: I7ee4da7ac60179cc83cf46af890fd8bc61a53330
-
- 28 Jul, 2016 1 commit
-
-
Sandrine Bailleux authored
This patch documents the effect, cost and benefits of the SEPARATE_CODE_AND_RODATA build flag. Change-Id: Ic8daf0563fa6335930ad6c70b9c35f678e84d39d
-
- 25 Jul, 2016 1 commit
-
-
Antonio Nino Diaz authored
Compile option `ARM_BOARD_OPTIMISE_MMAP` has been renamed to `ARM_BOARD_OPTIMISE_MEM` because it now applies not only to defines related to the translation tables but to the image size as well. The defines `PLAT_ARM_MAX_BL1_RW_SIZE`, `PLAT_ARM_MAX_BL2_SIZE` and `PLAT_ARM_MAX_BL31_SIZE` have been moved to the file board_arm_def.h. This way, ARM platforms no longer have to set their own values if `ARM_BOARD_OPTIMISE_MEM=0` and they can specify optimized values otherwise. The common sizes have been set to the highest values used for any of the current build configurations. This is needed because in some build configurations some images are running out of space. This way there is a common set of values known to work for all of them and it can be optimized for each particular platform if needed. The space reserved for BL2 when `TRUSTED_BOARD_BOOT=0` has been increased. This is needed because when memory optimisations are disabled the values for Juno of `PLAT_ARM_MMAP_ENTRIES` and `MAX_XLAT_TABLES` are higher. If in this situation the code is compiled in debug mode and with "-O0", the code won't fit. Change-Id: I70a3d8d3a0b0cad1d6b602c01a7ea334776e718e
-
- 19 Jul, 2016 1 commit
-
-
Soby Mathew authored
This patch introduces the PSCI Library interface. The major changes introduced are as follows: * Earlier BL31 was responsible for Architectural initialization during cold boot via bl31_arch_setup() whereas PSCI was responsible for the same during warm boot. This functionality is now consolidated by the PSCI library and it does Architectural initialization via psci_arch_setup() during both cold and warm boots. * Earlier the warm boot entry point was always `psci_entrypoint()`. This was not flexible enough as a library interface. Now PSCI expects the runtime firmware to provide the entry point via `psci_setup()`. A new function `bl31_warm_entrypoint` is introduced in BL31 and the previous `psci_entrypoint()` is deprecated. * The `smc_helpers.h` is reorganized to separate the SMC Calling Convention defines from the Trusted Firmware SMC helpers. The former is now in a new header file `smcc.h` and the SMC helpers are moved to Architecture specific header. * The CPU context is used by PSCI for context initialization and restoration after power down (PSCI Context). It is also used by BL31 for SMC handling and context management during Normal-Secure world switch (SMC Context). The `psci_smc_handler()` interface is redefined to not use SMC helper macros thus enabling to decouple the PSCI context from EL3 runtime firmware SMC context. This enables PSCI to be integrated with other runtime firmware using a different SMC context. NOTE: With this patch the architectural setup done in `bl31_arch_setup()` is done as part of `psci_setup()` and hence `bl31_platform_setup()` will be invoked prior to architectural setup. It is highly unlikely that the platform setup will depend on architectural setup and cause any failure. Please be be aware of this change in sequence. Change-Id: I7f497a08d33be234bbb822c28146250cb20dab73
-