- 06 Jan, 2017 1 commit
-
-
Masahiro Yamada authored
This comment block says the default algorithm is ESDSA, while the code obviously sets the default to RSA: ifeq (${MBEDTLS_KEY_ALG},) MBEDTLS_KEY_ALG := rsa endif The git log of commit 7d37aa17 ("TBB: add mbedTLS authentication related libraries") states available options are: * 'rsa' (for RSA-2048) (default option) * 'ecdsa' (for ECDSA-SECP256R1) So, my best guess is the comment block is wrong. The mismatch between the code and the comment is confusing. Fix it. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 15 Dec, 2016 2 commits
-
-
dp-arm authored
The previous code required that a certificate be signed with the ROT key before the platform's NV counter could be updated with the value in the certificate. This implies that the Non-Trusted NV counter was not being updated for Non-Trusted content certificates, as they cannot be signed with the ROT key in the TBBR CoT scheme. The code is reworked to only allow updating the platform's Trusted NV counter when a certificate protected by the Trusted NV counter is signed with the ROT key. Content certificates protected by the Non-Trusted NV counter are allowed to update the platform's Non-Trusted NV counter, assuming that the certificate value is higher than the platform's value. A new optional platform API has been introduced, named plat_set_nv_ctr2(). Platforms may choose to implement it and perform additional checks based on the authentication image descriptor before modifying the NV counters. A default weak implementation is available that just calls into plat_set_nv_ctr(). Fixes ARM-software/tf-issues#426 Change-Id: I4fc978fd28a3007bc0cef972ff1f69ad0413b79c Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
Jeenu Viswambharan authored
Some GICv3 implementations have provision for power management operations at Redistributor level. This patch introduces and provides place-holders for Redistributor power management. The default implementations are empty stubs, but are weakly bound so as to enable implementation-specific drivers to override them. Change-Id: I4fec1358693d3603ca5dce242a2f7f0e730516d8 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 01 Dec, 2016 1 commit
-
-
Yatharth Kochar authored
This patch makes following miscellaneous fixes: * pl011_console.S: Fixed the bit mask used to check if the transmit FIFO is full or empty. * smcc_macros.S: Added `_fsxc` suffix while updating the SPSR. By default the assembler assumes `_fc` suffix which does not update all the fields in SPSR. By adding `_fsxc` suffix all the fields gets updated. * platform_helpers.S: Removed the weak definition for `plat_my_core_pos()` as this is a mandatory function which needs to be defined by all platforms. Change-Id: I8302292533c943686fff8d7c749a07132c052a3b Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>
-
- 20 Sep, 2016 1 commit
-
-
Haojian Zhuang authored
Now only support GPT partition table. MBR partition table isn't supported yet. Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
-
- 12 Sep, 2016 1 commit
-
-
Yatharth Kochar authored
Currently the GICv3 driver mandates that platform populate both G1S and G0 interrupts. However, it is possible that a given platform is not interested in both the groups and just needs to specify either one of them. This patch modifies the `gicv3_rdistif_init()` & `gicv3_distif_init()` functions to allow either G1S or G0 interrupts to be configured. Fixes ARM-software/tf-issues#400 Change-Id: I43572b0e08ae30bed5af9334f25d35bf439b0d2b
-
- 12 Aug, 2016 1 commit
-
-
Haojian Zhuang authored
Support CMD23. When CMD23 is used, CMD12 could be avoided. Two scenarios: 1. CMD17 for single block, CMD18 + CMD12 for multiple blocks. 2. CMD23 + CMD18 for both single block and multiple blocks. The emmc_init() should initialize whether CMD23 is supported or not. Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
-
- 11 Aug, 2016 1 commit
-
-
Sudeep Holla authored
As per the GICv3 specification, to power down a processor using GICv3 and allow automatic power-on if an interrupt must be sent to a processor, software must set Enable to zero for all interrupt groups(by writing to GICC_CTLR or ICC_IGRPEN{0,1}_EL1/3 as appropriate. Also, NonSecure EL1 software may not be aware of the CPU power state details and fail to choose right states that require quiescing the CPU interface. So it's preferred that the PSCI implementation handles it as it is fully aware of the CPU power states. This patch adds disabling of Group1 NonSecure interrupts during processor power down along with Group0 and Group1 Secure interrupts so that all the interrupt groups are handled at once as per specification. Change-Id: Ib564d773c9c4c41f2ca9471451c030e3de75e641
-
- 10 Aug, 2016 2 commits
-
-
Soby Mathew authored
This patch adds console drivers including the pl011 driver for the AArch32 mode. Change-Id: Ifd22520d370fca3e73dbbf6f2d97d6aee65b67dd
-
Soby Mathew authored
This patch modifies GICv3 and TZC drivers to add AArch32 support. No modifications are required for the GICv2 driver for AArch32 support. The TZC driver assumes that the secure world is running in Little-Endian mode to do 64 bit manipulations. Assertions are present to validate the assumption. Note: The legacy GICv3 driver is not supported for AArch32. Change-Id: Id1bc75a9f5dafb9715c9500ca77b4606eb1e2458
-
- 09 Aug, 2016 1 commit
-
-
Soby Mathew authored
This patch moves the various assembly console drivers into `aarch64` architecture specific folder. Stub files, which include files from new location, are retained at the original location for platform compatibility reasons. Change-Id: I0069b6c1c0489ca47f5204d4e26e3bc3def533a8
-
- 04 Aug, 2016 1 commit
-
-
Haojian Zhuang authored
If buffer address parameter isn't aligned, it may cause DMA issue in block device driver, as eMMC. Now check the buffer address. If it's not aligned, use temporary buffer in io block driver instead. Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
-
- 27 Jul, 2016 1 commit
-
-
Soby Mathew authored
This patch fixes the offset of GICD_IROUTER register defined in gicv3.h. Although the GICv3 documention mentions that the offset for this register is 0x6100-0x7FD8, the offset calculation for an interrupt id `n` is : 0x6000 + 8n, where n >= 32 This requires the offset for GICD_IROUTER to be defined as 0x6000. Fixes ARM-software/tf-issues#410 Change-Id: If9e91e30d946afe7f1f60fea4f065c7567093fa8
-
- 18 Jul, 2016 1 commit
-
-
Soby Mathew authored
This patch reworks type usage in generic code, drivers and ARM platform files to make it more portable. The major changes done with respect to type usage are as listed below: * Use uintptr_t for storing address instead of uint64_t or unsigned long. * Review usage of unsigned long as it can no longer be assumed to be 64 bit. * Use u_register_t for register values whose width varies depending on whether AArch64 or AArch32. * Use generic C types where-ever possible. In addition to the above changes, this patch also modifies format specifiers in print invocations so that they are AArch64/AArch32 agnostic. Only files related to upcoming feature development have been reworked. Change-Id: I9f8c78347c5a52ba7027ff389791f1dad63ee5f8
-
- 07 Jul, 2016 1 commit
-
-
Soby Mathew authored
The legacy GIC driver assumes that the SGIs and PPIs are Group0 during initialization. This is true if the driver is the first one to initialize the GIC hardware after reset. But in some cases, earlier BL stages could have already initialized the GIC hardware which means that SGI and PPI configuration are not the expected reset values causing assertion failure in `gicd_set_ipriorityr()`. This patch explicitly resets the SGI and PPI to Group0 prior to their initialization in the driver. The same patch is not done in the GICv2-only driver because unlike in the legacy driver, `gicd_set_ipriorityr()` of GICv2 driver doesn't enforce this policy and the appropriate group is set irrespective of the initial value. Fixes ARM-software/tf-issues#396 Change-Id: I521d35caa37470ce542c796c2ba99716e4763105
-
- 03 Jun, 2016 1 commit
-
-
Soby Mathew authored
A production ROM with TBB enabled must have the ability to boot test software before a real ROTPK is deployed (e.g. manufacturing mode). Previously the function plat_get_rotpk_info() must return a valid ROTPK for TBB to succeed. This patch adds an additional bit `ROTPK_NOT_DEPLOYED` in the output `flags` parameter from plat_get_rotpk_info(). If this bit is set, then the ROTPK in certificate is used without verifying against the platform value. Fixes ARM-software/tf-issues#381 Change-Id: Icbbffab6bff8ed76b72431ee21337f550d8fdbbb
-
- 27 May, 2016 1 commit
-
-
Caesar Wang authored
On some platform gpio can set/get pull status when input, add these function so we can set/get gpio pull status when need it. And they are optional function.
-
- 25 May, 2016 1 commit
-
-
Soby Mathew authored
This patch adds the API `ccn_get_part0_id` to query the PART0 ID from the PERIPHERAL_ID 0 register in the CCN driver. This ID allows to distinguish the variant of CCN present on the system and possibly enable dynamic configuration of the IP based on the variant. Also added an assert in `ccn_master_to_rn_id_map()` to ensure that the master map bitfield provided by the platform is within the expected interface id. Change-Id: I92d2db7bd93a9be8a7fbe72a522cbcba0aba2d0e
-
- 20 May, 2016 1 commit
-
-
Antonio Nino Diaz authored
Add delay timer implementation based on the system generic counter. This either uses the platform's implementation of `plat_get_syscnt_freq()` or explicit clock multiplier/divider values provided by the platform. The current implementation of udelay has been modified to avoid unnecessary calculations while waiting on the loop and to make it easier to check for overflows. Change-Id: I9062e1d506dc2f68367fd9289250b93444721732
-
- 12 May, 2016 1 commit
-
-
Gerald Lejeune authored
Allow to handle cases where some images are pre-loaded (by debugger for instance) without introducing many switches in files calling load_* functions. Fixes: arm-software/tf-issues#398 Signed-off-by: Gerald Lejeune <gerald.lejeune@st.com>
-
- 27 Apr, 2016 2 commits
-
-
Haojian Zhuang authored
In a lot of embedded platforms, eMMC device is the only one storage device. So loading content from eMMC device is required in ATF. Create the emmc stack that could co-work with IO block driver. Support to read/write/erase eMMC blocks on both rpmb and normal user area. Support to change the IO speed and bus width. Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
-
Haojian Zhuang authored
FIP is accessed as memory-mapped type. eMMC is block device type. In order to support FIP based on eMMC, add the new io_block layer. io_block always access eMMC device as block size. And it'll only copy the required data into buffer in io_block driver. So preparing an temporary buffer is required. When use io_block device, MAX_IO_BLOCK_DEVICES should be declared in platform_def.h. It's used to support multiple block devices. Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
-
- 12 Apr, 2016 1 commit
-
-
Yatharth Kochar authored
Currently the `tzc400_configure_region` and `tzc_dmc500_configure_region` functions uses uintptr_t as the data type for `region_top` and `region_base` variables, which will be converted to 32/64 bits for AArch32/AArch64 respectively. But the expectation is to keep these addresses at least 64 bit. This patch modifies the data types to make it at least 64 bit by using unsigned long long instead of uintptr_t for the `region_top` and `region_base` variables. It also modifies the associated macros `_tzc##fn_name##_write_region_xxx` accordingly. Change-Id: I4e3c6a8a39ad04205cf0f3bda336c3970b15a28b
-
- 01 Apr, 2016 1 commit
-
-
Soren Brinkmann authored
Add a driver for the Cadence UART which is found in Xilinx Zynq SOCs. Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
-
- 31 Mar, 2016 3 commits
-
-
Vikram Kanigiri authored
The ARM CoreLink DMC-500 Dynamic Memory Controller provides the programmable address region control of a TrustZone Address Space Controller. The access permissions can be defined for eight separate address regions plus a background or default region. This patch adds a DMC-500 driver to define address regions and program their access permissions as per ARM 100131_0000_02_en (r0p0) document. Change-Id: I9d33120f9480d742bcf7937e4b876f9d40c727e6
-
Vikram Kanigiri authored
TrustZone protection can be programmed by both memory and TrustZone address space controllers like DMC-500 and TZC-400. These peripherals share a similar programmer's view. Furthermore, it is possible to have multiple instances of each type of peripheral in a system resulting in multiple programmer's views. For example, on the TZC-400 each of the 4 filter units can be enabled or disabled for each region. There is a single set of registers to program the region attributes. On the DMC-500, each filter unit has its own programmer's view resulting in multiple sets of registers to program the region attributes. The layout of the registers is almost the same across all these variations. Hence the existing driver in `tzc400\tzc400.c` is refactored into the new driver in `tzc\tzc400.c`. The previous driver file is still maintained for compatibility and it is now deprecated. Change-Id: Ieabd0528e244582875bc7e65029a00517671216d
-
Juan Castillo authored
This patch adds support for non-volatile counter authentication to the Authentication Module. This method consists of matching the counter values provided in the certificates with the ones stored in the platform. If the value from the certificate is lower than the platform, the boot process is aborted. This mechanism protects the system against rollback. The TBBR CoT has been updated to include this method as part of the authentication process. Two counters are used: one for the trusted world images and another for the non trusted world images. ** NEW PLATFORM APIs (mandatory when TBB is enabled) ** int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr); This API returns the non-volatile counter value stored in the platform. The cookie in the first argument may be used to select the counter in case the platform provides more than one (i.e. TBSA compliant platforms must provide trusted and non-trusted counters). This cookie is specified in the CoT. int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr); This API sets a new counter value. The cookie may be used to select the counter to be updated. An implementation of these new APIs for ARM platforms is also provided. The values are obtained from the Trusted Non-Volatile Counters peripheral. The cookie is used to pass the extension OID. This OID may be interpreted by the platform to know which counter must return. On Juno, The trusted and non-trusted counter values have been tied to 31 and 223, respectively, and cannot be modified. ** IMPORTANT ** THIS PATCH BREAKS THE BUILD WHEN TRUSTED_BOARD_BOOT IS ENABLED. THE NEW PLATFORM APIs INTRODUCED IN THIS PATCH MUST BE IMPLEMENTED IN ORDER TO SUCCESSFULLY BUILD TF. Change-Id: Ic943b76b25f2a37f490eaaab6d87b4a8b3cbc89a
-
- 11 Mar, 2016 1 commit
-
-
Gerald Lejeune authored
Hence memmap device can be used to load an image without being wrapped in a FIP. Fixes arm-software/tf-issues#371 Signed-off-by: Gerald Lejeune <gerald.lejeune@st.com>
-
- 24 Feb, 2016 1 commit
-
-
Juan Castillo authored
The PL011 initialization function disables the UART, flushes the FIFO and waits for the current character to be transmitted before applying the configuration and enabling the UART. This waiting might result in a deadlock if the FIFO is disabled while another CPU is printing a message since the flush of FIFO will never finish. This patch fixes the problem by removing the flush operation and the loop for last character completion from the initialization function. The UART is disabled, configured and enabled again. Change-Id: I1ca0b6bd9f352c12856f10f174a9f6eaca3ab4ea
-
- 18 Feb, 2016 1 commit
-
-
Antonio Nino Diaz authored
This patch adds support for the `%p` format specifier in tf_printf() following the example of the printf implementation of the stdlib used in the trusted firmware. Fixes ARM-software/tf-issues#292 Change-Id: I0b3230c783f735d3e039be25a9405f00023420da
-
- 12 Feb, 2016 2 commits
-
-
Haojian Zhuang authored
Add PL061 GPIO driver that is depend on gpio framework. Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
-
Haojian Zhuang authored
Define the gpio ops in gpio driver. Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
-
- 09 Feb, 2016 3 commits
-
-
Soby Mathew authored
This patch moves the private GIC common accessors from `gic_common.h` to a new private header file `gic_common_private.h`. This patch also adds additional comments to GIC register accessors to highlight the fact that some of them access register values that correspond to multiple interrupt IDs. The convention used is that the `set`, `get` and `clr` accessors access and modify the values corresponding to a single interrupt ID whereas the `read` and `write` GIC register accessors access the raw GIC registers and it could correspond to multiple interrupt IDs depending on the register accessed. Change-Id: I2643ecb2533f01e3d3219fcedfb5f80c120622f9
-
Soby Mathew authored
The code to set the interrupt priority for secure interrupts in the new GICv2 and GICv3 drivers is incorrect. The setup code to configure interrupt priorities of secure interrupts, one interrupt at a time, used gicd_write_ipriorityr()/gicr_write_ipriority() function affecting 4 interrupts at a time. This bug did not manifest itself because all the secure interrupts were configured to the highest secure priority(0) during cold boot and the adjacent non secure interrupt priority would be configured later by the normal world. This patch introduces new accessors, gicd_set_ipriorityr() and gicr_set_ipriorityr(), for configuring priority one interrupt at a time and fixes the the setup code to use the new accessors. Fixes ARM-software/tf-issues#344 Change-Id: I470fd74d2b7fce7058b55d83f604be05a27e1341
-
Soby Mathew authored
GICD_IPRIORITYR and GICD_ITARGETSR specifically support byte addressing so that individual interrupt priorities can be atomically updated by issuing a single byte write. The previous implementation of gicd_set_ipriority() and gicd_set_itargetsr() used 32-bit register accesses, modifying values for 4 interrupts at a time, using a read-modify-write approach. This potentially may cause concurrent changes by other CPUs to the adjacent interrupts to be corrupted. This patch fixes the issue by modifying these accessors to use byte addressing. Fixes ARM-software/tf-issues#343 Change-Id: Iec28b5f5074045b00dfb8d5f5339b685f9425915
-
- 08 Feb, 2016 1 commit
-
-
Vikram Kanigiri authored
Currently, `ccn_snoop_dvm_domain_common()` is responsible for providing a bitmap of HN-F and HN-I nodes in the interconnect. There is a request node (RN) corresponding to the master interface (e.g. cluster) that needs to be added or removed from the snoop/DVM domain. This request node is removed from or added to each HN-F or HN-I node present in the bitmap depending upon the type of domain. The above logic is incorrect when participation of a master interface in the DVM domain has to be managed. The request node should be removed from or added to the single Miscellaneous Node (MN) in the system instead of each HN-I node. This patch fixes this by removing the intermediate `ccn_snoop_dvm_domain_common()` and instead reads the MN registers to get the needed node Id bitmap for snoop(HN-F bitmap) and DVM(MN bitmap) domains. Additionally, it renames `MN_DDC_SET_OFF` to `MN_DDC_SET_OFFSET` to be inline with other macros. Change-Id: Id896046dd0ccc5092419e74f8ac85e31b104f7a4
-
- 21 Jan, 2016 1 commit
-
-
Juan Castillo authored
The PL011 TRM (ARM DDI 0183G) specifies that the UART must be disabled before any of the control registers are programmed. The PL011 driver included in TF does not disable the UART, so the initialization in BL2 and BL31 is violating this requirement (and potentially in BL1 if the UART is enabled after reset). This patch modifies the initialization function in the PL011 console driver to disable the UART before programming the control registers. Register clobber list and documentation updated. Fixes ARM-software/tf-issues#300 Change-Id: I839b2d681d48b03f821ac53663a6a78e8b30a1a1
-
- 14 Jan, 2016 1 commit
-
-
Soren Brinkmann authored
Migrate all direct usage of __attribute__ to usage of their corresponding macros from cdefs.h. e.g.: - __attribute__((unused)) -> __unused Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
-
- 05 Jan, 2016 1 commit
-
-
Sandrine Bailleux authored
By default ARM TF is built with the '-pedantic' compiler flag, which helps detecting violations of the C standard. However, the mbed TLS library and its associated authentication module in TF used to fail building with this compiler flag. As a workaround, the mbed TLS authentication module makefile used to set the 'DISABLE_PEDANTIC' TF build flag. The compiler errors flagged by '-pedantic' in the mbed TLS library have been fixed between versions 1.3.9 and 2.2.0 and the library now properly builds with this compiler flag. This patch fixes the remaining compiler errors in the mbed TLS authentication module in TF and unsets the 'DISABLE_PEDANTIC' TF build flag. This means that TF is now always built with '-pedantic'. In particular, this patch: * Removes the final semi-colon in REGISTER_COT() macro. This semi-colon was causing the following error message: drivers/auth/tbbr/tbbr_cot.c:544:23: error: ISO C does not allow extra ';' outside of a function [-Werror=pedantic] This has been fixed both in the mbed TLS authentication module as well as in the certificate generation tool. Note that the latter code didn't need fixing since it is not built with '-pedantic' but the change has been propagated for consistency. Also fixed the REGISTER_KEYS() and REGISTER_EXTENSIONS() macros, which were suffering from the same issue. * Fixes a pointer type. It was causing the following error message: drivers/auth/mbedtls/mbedtls_crypto.c: In function 'verify_hash': drivers/auth/mbedtls/mbedtls_crypto.c:177:42: error: pointer of type 'void *' used in arithmetic [-Werror=pointer-arith] Change-Id: I7b7a04ef711efd65e17b5be26990d1a0d940257d
-
- 04 Jan, 2016 1 commit
-
-
Jimmy Huang authored
The 'ret' was missing in console_uninit() implementation, so the program doesn't return from console_uninit(). Instead, it keeps executing the following instructions which is not expected. Change-Id: I810684f37f61c41c6f95a3bb36914d0765da8571 Signed-off-by: Jimmy Huang <jimmy.huang@mediatek.com>
-