- 27 Apr, 2015 2 commits
-
-
Dan Handley authored
The required platform constant PLATFORM_CACHE_LINE_SIZE is unnecessary since CACHE_WRITEBACK_GRANULE effectively provides the same information. CACHE_WRITEBACK_GRANULE is preferred since this is an architecturally defined term and allows comparison with the corresponding hardware register value. Replace all usage of PLATFORM_CACHE_LINE_SIZE with CACHE_WRITEBACK_GRANULE. Also, add a runtime assert in BL1 to check that the provided CACHE_WRITEBACK_GRANULE matches the value provided in CTR_EL0. Change-Id: If87286be78068424217b9f3689be358356500dcd
-
Dan Handley authored
Region 0 is special in TZC-400. It is possible to set the access permissions for this but not the address range or filters to which the permissions apply. Add a function for setting the region 0 access permissions. Also add some VERBOSE logging and allow assembly files to include the TZC header. Change-Id: I4389261ba10a6e5e2e43ee93d55318dc507b6648
-
- 13 Apr, 2015 1 commit
-
-
Varun Wadekar authored
This patch removes the need for a shared buffer between the EL3 and S-EL1 levels. We now use the CPU registers, x0-x7, while passing data between the two levels. Since TLK is a 32-bit Trusted OS, tlkd has to unpack the arguments in the x0-x7 registers. TLK in turn gets these values via r0-r7. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 08 Apr, 2015 1 commit
-
-
Kévin Petit authored
In order for the symbol table in the ELF file to contain the size of functions written in assembly, it is necessary to report it to the assembler using the .size directive. To fulfil the above requirements, this patch introduces an 'endfunc' macro which contains the .endfunc and .size directives. It also adds a .func directive to the 'func' assembler macro. The .func/.endfunc have been used so the assembler can fail if endfunc is omitted. Fixes ARM-Software/tf-issues#295 Change-Id: If8cb331b03d7f38fe7e3694d4de26f1075b278fc Signed-off-by: Kévin Petit <kevin.petit@arm.com>
-
- 31 Mar, 2015 5 commits
-
-
Varun Wadekar authored
This patch adds support to open/close secure sessions with Trusted Apps and later send commands/events. Modify TLK_NUM_FID to indicate the total number of FIDs available to the NS world. Change-Id: I3f1153dfa5510bd44fc25f1fee85cae475b1abf1 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch allows servicing of the non-secure world IRQs when the CPU is in the secure world. Once the interrupt is handled, the non-secure world issues the Resume FID to allow the secure payload complete the preempted standard FID. Change-Id: Ia52c41adf45014ab51d8447bed6605ca2f935587 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch adds functionality to translate virtual addresses from secure or non-secure worlds. This functionality helps Trusted Apps to share virtual addresses directly and allows the NS world to pass virtual addresses to TLK directly. Change-Id: I77b0892963e0e839c448b5d0532920fb7e54dc8e Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch registers NS memory buffer with the secure payload using two different functions IDs - REGISTER_LOGBUF, REGISTER_REQBUF. a. The SP uses the log-buffer to store its activity logs, in a pre-decided format. This helps in debugging secure payload's issues. b. The SP uses the req-buffer to get the parameters required by sessions with Trusted Applications. Change-Id: I6b0247cf7790524132ee0da24f1f35b1fccec5d5 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
TLK Dispatcher (tlkd) is based on the tspd and is the glue required to run TLK as a Secure Payload with the Trusted Firmware. Change-Id: I69e573d26d52342eb049feef773dd7d2a506f4ab Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 27 Mar, 2015 2 commits
-
-
Soby Mathew authored
This patch removes the `owner` field in bakery_lock_t structure which is the data structure used in the bakery lock implementation that uses coherent memory. The assertions to protect against recursive lock acquisition were based on the 'owner' field. They are now done based on the bakery lock ticket number. These assertions are also added to the bakery lock implementation that uses normal memory as well. Change-Id: If4850a00dffd3977e218c0f0a8d145808f36b470
-
Soby Mathew authored
This patch optimizes the data structure used with the bakery lock implementation for coherent memory to save memory and minimize memory accesses. These optimizations were already part of the bakery lock implementation for normal memory and this patch now implements it for the coherent memory implementation as well. Also included in the patch is a cleanup to use the do-while loop while waiting for other contenders to finish choosing their tickets. Change-Id: Iedb305473133dc8f12126726d8329b67888b70f1
-
- 18 Mar, 2015 1 commit
-
-
Vikram Kanigiri authored
This patch adds support for ARM Cortex-A72 processor in the CPU specific framework. Change-Id: I5986855fc1b875aadf3eba8c36e989d8a05e5175
-
- 16 Mar, 2015 3 commits
-
-
Vikram Kanigiri authored
This patch updates the FVP and Juno platform ports to use the common driver for ARM Cache Coherent Interconnects. Change-Id: Ib142f456b9b673600592616a2ec99e9b230d6542
-
Vikram Kanigiri authored
Even though both CCI-400 and CCI-500 IPs have different configurations with respect to the number and types of supported interfaces, their register offsets and programming sequences are similar. This patch creates a common driver for enabling and disabling snoop transactions and DVMs with both the IPs. New platform ports which implement one of these IPs should use this common driver. Existing platform ports which implement CCI-400 should migrate to the common driver as the standalone CCI-400 will be deprecated in the future. Change-Id: I3ccd0eb7b062922d2e4a374ff8c21e79fa357556
-
Vikram Kanigiri authored
This patch defines the ARRAY_SIZE macro for calculating number of elements in an array and uses it where appropriate. Change-Id: I72746a9229f0b259323972b498b9a3999731bc9b
-
- 13 Mar, 2015 1 commit
-
-
Vikram Kanigiri authored
The cpu-ops pointer was initialized before enabling the data cache in the cold and warm boot paths. This required a DCIVAC cache maintenance operation to invalidate any stale cache lines resident in other cpus. This patch moves this initialization to the bl31_arch_setup() function which is always called after the data cache and MMU has been enabled. This change removes the need: 1. for the DCIVAC cache maintenance operation. 2. to initialise the CPU ops upon resumption from a PSCI CPU_SUSPEND call since memory contents are always preserved in this case. Change-Id: Ibb2fa2f7460d1a1f1e721242025e382734c204c6
-
- 06 Mar, 2015 1 commit
-
-
Sandrine Bailleux authored
This patch modifies the declarations of the functions printf() et al. and adds the right GCC attribute to request the compiler to check the type of the arguments passed to these functions against the given format string. This will ensure that the compiler outputs warning messages like the following whenever it detects an inconsistency: file.c:42: warning: format ‘%d’ expects type ‘int’, but argument 3 has type ‘long int’ It also fixes the type mismatch inconsistencies that it revealed across the code base. NOTE: THIS PATCH MAY FORCE PLATFORM PORTS OR SP/SPDS THAT USE THE PRINTF FAMILY OF FUNCTIONS TO FIX ANY TYPE MISMATCH INCONSISTENCIES. Change-Id: If36bb54ec7d6dd2cb4791d89b02a24ac13fd2df6
-
- 12 Feb, 2015 1 commit
-
-
Soby Mathew authored
This patch removes the plat_get_max_afflvl() platform API and instead replaces it with a platform macro PLATFORM_MAX_AFFLVL. This is done because the maximum affinity level for a platform is a static value and it is more efficient for it to be defined as a platform macro. NOTE: PLATFORM PORTS NEED TO BE UPDATED ON MERGE OF THIS COMMIT Fixes ARM-Software/tf-issues#265 Change-Id: I31d89b30c2ccda30d28271154d869060d50df7bf
-
- 28 Jan, 2015 4 commits
-
-
Juan Castillo authored
This patch provides an API to access the authentication module that will be used to verify the authenticity of the images loaded into memory as part of the Trusted Board Boot process. To include the authentication module as part of the build, set the boolean build option TRUSTED_BOARD_BOOT. One single authentication module must be registered at build time by setting the build option AUTH_MOD=<mod_name>. All authentication modules will be located in 'common/auth/<mod_name>' and must present the <mod_name>.mk file that will be included by the build system to compile the module sources. To create an authentication module, an instance of auth_mod_t called 'auth_mod' must be declared in the module sources. The initialization and verification functions provided by the module will be exported through the function pointers specified when declaring this instance. If an authentication module includes third party sources that do not adhere to the C99 standard, the -pedantic option may be removed from the build options by setting the flag DISABLE_PEDANTIC in the module file <mod_name>.mk. Change-Id: I080bb04bd421029bcdf22ec2c63807afbf061dcd
-
Juan Castillo authored
This patch adds the missing features to the C library included in the Trusted Firmware to build PolarSSL: - strcasecmp() function - exit() function - sscanf()* function - time.h header file (and its dependencies) * NOTE: the sscanf() function is not a real implementation. It just returns the number of expected arguments by counting the number of '%' characters present in the formar string. This return value is good enough for PolarSSL because during the certificate parsing only the return value is checked. The certificate validity period is ignored. Change-Id: I43bb3742f26f0bd458272fccc3d72a7f2176ab3d
-
Juan Castillo authored
This patch adds the function plat_match_rotpk() to the platform porting layer to provide a Root Of Trust Public key (ROTPK) verification mechanism. This function is called during the Trusted Board Boot process and receives a supposed valid copy of the ROTPK as a parameter, usually obtained from an external source (for instance, a certificate). It returns 0 (success) if that key matches the actual ROTPK stored in the system or any other value otherwise. The mechanism to access the actual ROTPK stored in the system is platform specific and should be implemented as part of this function. The format of the ROTPK is also platform specific (to save memory, some platforms might store a hash of the key instead of the whole key). TRUSTED_BOARD_BOOT build option has been added to allow the user to enable the Trusted Board Boot features. The implementation of the plat_match_rotpk() funtion is mandatory when Trusted Board Boot is enabled. For development purposes, FVP and Juno ports provide a dummy function that returns always success (valid key). A safe trusted boot implementation should provide a proper matching function. Documentation updated accordingly. Change-Id: I74ff12bc2b041556c48533375527d9e8c035b8c3
-
Juan Castillo authored
This patch extends the FIP tool to include the certificates generated by the 'cert_create' tool. If GENERATE_COT build option is enabled, the Makefile adds the certificates as dependencies to create the FIP file. Thus, make target 'fip' will also build the certificates as part of the Trusted Firmware build process. Change-Id: I5eee500da7f7be6cfb6e3df0423599739d260074
-
- 26 Jan, 2015 5 commits
-
-
Yatharth Kochar authored
This patch adds support to call the reset_handler() function in BL3-1 in the cold and warm boot paths when another Boot ROM reset_handler() has already run. This means the BL1 and BL3-1 versions of the CPU and platform specific reset handlers may execute different code to each other. This enables a developer to perform additional actions or undo actions already performed during the first call of the reset handlers e.g. apply additional errata workarounds. Typically, the reset handler will be first called from the BL1 Boot ROM. Any additional functionality can be added to the reset handler when it is called from BL3-1 resident in RW memory. The constant FIRST_RESET_HANDLER_CALL is used to identify whether this is the first version of the reset handler code to be executed or an overridden version of the code. The Cortex-A57 errata workarounds are applied only if they have not already been applied. Fixes ARM-software/tf-issue#275 Change-Id: Id295f106e4fda23d6736debdade2ac7f2a9a9053
-
Soby Mathew authored
This patch provides an option to specify a interrupt routing model where non-secure interrupts (IRQs) are routed to EL3 instead of S-EL1. When such an interrupt occurs, the TSPD arranges a return to the normal world after saving any necessary context. The interrupt routing model to route IRQs to EL3 is enabled only during STD SMC processing. Thus the pre-emption of S-EL1 is disabled during Fast SMC and Secure Interrupt processing. A new build option TSPD_ROUTE_NS_INT_EL3 is introduced to change the non secure interrupt target execution level to EL3. Fixes ARM-software/tf-issues#225 Change-Id: Ia1e779fbbb6d627091e665c73fa6315637cfdd32
-
Soby Mathew authored
This patch: * Bumps the PSCI VERSION to 1.0. This means that the PSCI_VERSION API will now return the value 0x00010000 to indicate the version as 1.0. The firmware remains compatible with PSCI v0.2 clients. * The firmware design guide is updated to document the APIs supported by the Trusted Firmware generic code. * The FVP Device Tree Sources (dts) and Blobs(dtb) are also updated to add "psci-1.0" and "psci-0.2" to the list of compatible PSCI versions. Change-Id: Iafc2f549c92651dcd65d7e24a8aae35790d00f8a
-
Soby Mathew authored
This patch implements the PSCI_FEATURES function which is a mandatory API in the PSCI 1.0 specification. A capability variable is constructed during initialization by examining the plat_pm_ops and spd_pm_ops exported by the platform and the Secure Payload Dispatcher. This is used by the PSCI FEATURES function to determine which PSCI APIs are supported by the platform. Change-Id: I147ffc1bd5d90b469bd3cc4bbe0a20e95c247df7
-
Soby Mathew authored
This patch reworks the PSCI MIGRATE, MIGRATE_INFO_TYPE and MIGRATE_INFO_UP_CPU support for Trusted Firmware. The implementation does the appropriate validation of parameters and invokes the appropriate hook exported by the SPD. The TSP is a MP Trusted OS. Hence the ability to actually migrate a Trusted OS has not been implemented. The corresponding function is not populated in the spd_pm_hooks structure for the TSPD. The `spd_pm_ops_t` has undergone changes with this patch. SPD PORTS MAY NEED TO BE UPDATED. Fixes ARM-software/tf-issues#249 Change-Id: Iabd87521bf7c530a5e4506b6d3bfd4f1bf87604f
-
- 23 Jan, 2015 4 commits
-
-
Soby Mathew authored
This patch adds support to return SUCCESS if a pending interrupt is detected during a CPU_SUSPEND call to a power down state. The check is performed as late as possible without losing the ability to return to the caller. This reduces the overhead incurred by a CPU in undergoing a complete power cycle when a wakeup interrupt is already pending. Fixes ARM-Software/tf-issues#102 Change-Id: I1aff04a74b704a2f529734428030d1d10750fd4b
-
Soby Mathew authored
This patch allows the platform to validate the power_state and entrypoint information from the normal world early on in PSCI calls so that we can return the error safely. New optional pm_ops hooks `validate_power_state` and `validate_ns_entrypoint` are introduced to do this. As a result of these changes, all the other pm_ops handlers except the PSCI_ON handler are expected to be successful. Also, the PSCI implementation will now assert if a PSCI API is invoked without the corresponding pm_ops handler being registered by the platform. NOTE : PLATFORM PORTS WILL BREAK ON MERGE OF THIS COMMIT. The pm hooks have 2 additional optional callbacks and the return type of the other hooks have changed. Fixes ARM-Software/tf-issues#229 Change-Id: I036bc0cff2349187c7b8b687b9ee0620aa7e24dc
-
Soby Mathew authored
This patch adds support to save the "power state" parameter before the affinity level specific handlers are called in a CPU_SUSPEND call. This avoids the need to pass the power_state as a parameter to the handlers and Secure Payload Dispatcher (SPD) suspend spd_pm_ops. The power_state arguments in the spd_pm_ops operations are now reserved and must not be used. The SPD can query the relevant power_state fields by using the psci_get_suspend_afflvl() & psci_get_suspend_stateid() APIs. NOTE: THIS PATCH WILL BREAK THE SPD_PM_OPS INTERFACE. HENCE THE SECURE PAYLOAD DISPATCHERS WILL NEED TO BE REWORKED TO USE THE NEW INTERFACE. Change-Id: I1293d7dc8cf29cfa6a086a009eee41bcbf2f238e
-
Soby Mathew authored
This patch removes the non-secure entry point information being passed to the platform pm_ops which is not needed. Also, it removes the `mpidr` parameter for platform pm hooks which are meant to do power management operations only on the current cpu. NOTE: PLATFORM PORTS MUST BE UPDATED AFTER MERGING THIS COMMIT. Change-Id: If632376a990b7f3b355f910e78771884bf6b12e7
-
- 22 Jan, 2015 2 commits
-
-
Soby Mathew authored
This patch moves the bakery locks out of coherent memory to normal memory. This implies that the lock information needs to be placed on a separate cache line for each cpu. Hence the bakery_lock_info_t structure is allocated in the per-cpu data so as to minimize memory wastage. A similar platform per-cpu data is introduced for the platform locks. As a result of the above changes, the bakery lock api is completely changed. Earlier, a reference to the lock structure was passed to the lock implementation. Now a unique-id (essentially an index into the per-cpu data array) and an offset into the per-cpu data for bakery_info_t needs to be passed to the lock implementation. Change-Id: I1e76216277448713c6c98b4c2de4fb54198b39e0
-
Soby Mathew authored
This patch adds helper macros for barrier operations that specify the type of barrier (dmb, dsb) and the shareability domain (system, inner-shareable) it affects. Change-Id: I4bf95103e79da212c4fbdbc13d91ad8ac385d9f5
-
- 13 Jan, 2015 1 commit
-
-
Soby Mathew authored
This patch fixes a crash due to corruption of cpu_ops data structure. During the secondary CPU boot, after the cpu_ops has been initialized in the per cpu-data, the dcache lines need to invalidated so that the update in memory can be seen later on when the dcaches are turned ON. Also, after initializing the psci per cpu data, the dcache lines are flushed so that they are written back to memory and dirty dcache lines are avoided. Fixes ARM-Software/tf-issues#271 Change-Id: Ia90f55e9882690ead61226eea5a5a9146d35f313
-
- 07 Jan, 2015 1 commit
-
-
Sandrine Bailleux authored
Calls to system register read accessors functions may be optimised out by the compiler if called twice in a row for the same register. This is because the compiler is not aware that the result from the instruction may be modified by external agents. Therefore, if nothing modifies the register between the 2 reads as far as the compiler knows then it might consider that it is useless to read it twice and emit only 1 call. This behaviour is faulty for registers that may not have the same value if read twice in succession. E.g.: counters, timer control/countdown registers, GICv3 interrupt status registers and so on. The same problem happens for calls to system register write accessors functions. The compiler might optimise out some calls if it considers that it will produce the same result. Again, this behaviour is faulty for cases where intermediate writes to these registers make a difference in the system. This patch fixes the problem by making these assembly register accesses volatile. Fixes ARM-software/tf-issues#273 Change-Id: I33903bc4cc4eea8a8d87bc2c757909fbb0138925
-
- 04 Dec, 2014 1 commit
-
-
Soby Mathew authored
This patch fixes the array size of mpidr_aff_map_nodes_t which was less by one element. Fixes ARM-software/tf-issues#264 Change-Id: I48264f6f9e7046a3d0f4cbcd63b9ba49657e8818
-
- 31 Oct, 2014 1 commit
-
-
Juan Castillo authored
This patch introduces several improvements to the ARM GIC driver: * In function gicd_set_itargetsr(), target CPU is specified using the same bit mask detailed in the GICD_ITARGETSRn register instead of the CPU linear ID, removing the dependency between bit position and linear ID in the platform porting. The current CPU bit mask may be obtained by reading GICD_ITARGETSR0. * PPIs and SGIs are initialized in arm_gic_pcpu_distif_setup(). SPIs are initialized in arm_gic_distif_setup(). * By default, non secure interrupts are assigned the maximum priority allowed to a non secure interrupt (defined by GIC_HIGHEST_NS_PRIORITY). * GICR base address is allowed to be NULL for GICv1 and GICv2. Change-Id: Ie2837fe860d43b2282e582dfdb13c39c6186f232
-
- 29 Oct, 2014 1 commit
-
-
Soby Mathew authored
Prior to this patch, the errata workarounds were applied for any version of the CPU in the release build and in the debug build an assert failure resulted when the revision did not match. This patch applies errata workarounds in the Cortex-A57 reset handler only if the 'variant' and 'revision' fields read from the MIDR_EL1 match. In the debug build, a warning message is printed for each errata workaround which is not applied. The patch modifies the register usage in 'reset_handler` so as to adhere to ARM procedure calling standards. Fixes ARM-software/tf-issues#242 Change-Id: I51b1f876474599db885afa03346e38a476f84c29
-
- 14 Oct, 2014 1 commit
-
-
Juan Castillo authored
This patch configures the TrustZone Controller in Juno to split the 2GB DDR-DRAM memory at 0x80000000 into Secure and Non-Secure regions: - Secure DDR-DRAM: top 16 MB, except for the last 2 MB which are used by the SCP for DDR retraining - Non-Secure DDR-DRAM: remaining DRAM starting at base address Build option PLAT_TSP_LOCATION selects the location of the secure payload (BL3-2): - 'tsram' : Trusted SRAM (default option) - 'dram' : Secure region in the DDR-DRAM (set by the TrustZone controller) The MMU memory map has been updated to give BL2 permission to load BL3-2 into the DDR-DRAM secure region. Fixes ARM-software/tf-issues#233 Change-Id: I6843fc32ef90aadd3ea6ac4c7f314f8ecbd5d07b
-
- 25 Sep, 2014 1 commit
-
-
Soby Mathew authored
This patch uses the IMAGE_BL<x> constants to create translation tables specific to a boot loader stage. This allows each stage to create mappings only for areas in the memory map that it needs. Fixes ARM-software/tf-issues#209 Change-Id: Ie4861407ddf9317f0fb890fc7575eaa88d0de51c
-