- 07 Feb, 2020 5 commits
-
-
Louis Mayencourt authored
Use fconf to retrieve the `disable_authentication` property. Move this access from arm dynamic configuration to bl common. Change-Id: Ibf184a5c6245d04839222f5457cf5e651f252b86 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
Louis Mayencourt authored
This patch introduces a better separation between the trusted-boot related properties, and the dynamic configuration DTBs loading information. The dynamic configuration DTBs properties are moved to a new node: `dtb-registry`. All the sub-nodes present will be provided to the dynamic config framework to be loaded. The node currently only contains the already defined configuration DTBs, but can be extended for future features if necessary. The dynamic config framework is modified to use the abstraction provided by the fconf framework, instead of directly accessing the DTBs. The trusted-boot properties are kept under the "arm,tb_fw" compatible string, but in a separate `tb_fw-config` node. The `tb_fw-config` property of the `dtb-registry` node simply points to the load address of `fw_config`, as the `tb_fw-config` is currently part of the same DTB. Change-Id: Iceb6c4c2cb92b692b6e28dbdc9fb060f1c46de82 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
Louis Mayencourt authored
Use the dtb provided by bl1 as configuration file for fconf. Change-Id: I3f466ad9b7047e1a361d94e71ac6d693e31496d9 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
Louis Mayencourt authored
Move the loading of the dtb from arm_dym_cfg to fconf. The new loading function is not associated to arm platform anymore, and can be moved to bl_main if wanted. Change-Id: I847d07eaba36d31d9d3ed9eba8e58666ea1ba563 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
Louis Mayencourt authored
Introduce the Firmware CONfiguration Framework (fconf). The fconf is an abstraction layer for platform specific data, allowing a "property" to be queried and a value retrieved without the requesting entity knowing what backing store is being used to hold the data. The default backing store used is C structure. If another backing store has to be used, the platform integrator needs to provide a "populate()" function to fill the corresponding C structure. The "populate()" function must be registered to the fconf framework with the "FCONF_REGISTER_POPULATOR()". This ensures that the function would be called inside the "fconf_populate()" function. A two level macro is used as getter: - the first macro takes 3 parameters and converts it to a function call: FCONF_GET_PROPERTY(a,b,c) -> a__b_getter(c). - the second level defines a__b_getter(c) to the matching C structure, variable, array, function, etc.. Ex: Get a Chain of trust property: 1) FCONF_GET_PROPERY(tbbr, cot, BL2_id) -> tbbr__cot_getter(BL2_id) 2) tbbr__cot_getter(BL2_id) -> cot_desc_ptr[BL2_id] Change-Id: Id394001353ed295bc680c3f543af0cf8da549469 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 04 Feb, 2020 2 commits
-
-
Zelalem authored
This patch removes unnecessary header file includes discovered by Coverity HFA option. Change-Id: I2827c37c1c24866c87db0e206e681900545925d4 Signed-off-by: Zelalem <zelalem.aweke@arm.com>
-
Olivier Deprez authored
CID 353228: Integer handling issues (CONSTANT_EXPRESSION_RESULT) The checks on size and offset_address in get_entry always resolve to false provided those fields are long long int and cannot be greater than LONG_MAX. Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I0fac485a39ac4a40ae8c0d25a706ad74c795e130
-
- 03 Feb, 2020 1 commit
-
-
Alexei Fedorov authored
This patch adds 'fdtw_read_bytes' and 'fdtw_write_inplace_bytes' functions for read/write array of bytes from/to a given property. It also adds 'fdt_setprop_inplace_namelen_partial' to jmptbl.i files for builds with USE_ROMLIB=1 option. Change-Id: Ied7b5c8b38a0e21d508aa7bcf5893e656028b14d Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 29 Jan, 2020 1 commit
-
-
Andrew Walbran authored
This is based on the rpi implementation from https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/2746 . Signed-off-by: Andrew Walbran <qwandor@google.com> Change-Id: I5fe324fcd9d5e232091e01267ea12147c46bc9c1
-
- 28 Jan, 2020 1 commit
-
-
Louis Mayencourt authored
The Secure Configuration Register is 64-bits in AArch64 and 32-bits in AArch32. Use u_register_t instead of unsigned int to reflect this. Change-Id: I51b69467baba36bf0cfaec2595dc8837b1566934 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 27 Jan, 2020 3 commits
-
-
Madhukar Pappireddy authored
Since BL31 PROGBITS and BL31 NOBITS sections are going to be in non-adjacent memory regions, potentially far from each other, some fixes are needed to support it completely. 1. adr instruction only allows computing the effective address of a location only within 1MB range of the PC. However, adrp instruction together with an add permits position independent address of any location with 4GB range of PC. 2. Since BL31 _RW_END_ marks the end of BL31 image, care must be taken that it is aligned to page size since we map this memory region in BL31 using xlat_v2 lib utils which mandate alignment of image size to page granularity. Change-Id: I3451cc030d03cb2032db3cc088f0c0e2c84bffda Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
Raghu Krishnamurthy authored
bakery_lock_get() uses DMB LD after lock acquisition and bakery_lock_release() uses DMB ST before releasing the lock. This is insufficient in both cases. With just DMB LD, stores in the critical section can be reordered before the DMB LD which could mean writes in the critical section completing before the lock has been acquired successfully. Similarly, with just DMB ST, a load in the critical section could be reordered after the the DMB ST. DMB is the least expensive barrier that can provide the required ordering. Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@icloud.com> Change-Id: Ieb74cbf5b76b09e1789331b71f37f7c660221b0e
-
Manish Pandey authored
CPUECTLR_EL1.EXTLLC bit indicates the presense of internal or external last level cache(LLC) in the system, the reset value is internal LLC. To cater for the platforms(like N1SDP) which has external LLC present introduce a new build option 'NEOVERSE_N1_EXTERNAL_LLC' which can be enabled by platform port. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ibf475fcd6fd44401897a71600f4eafe989921363
-
- 23 Jan, 2020 2 commits
-
-
laurenw-arm authored
Setting errata workarounds for N1 1043202 and 1315703 to 0 since they should be turned off by default. Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Change-Id: I116673a4ddcf64436e90d70133f035a133989ed9
-
Andrew Walbran authored
This makes the PSCI SYSTEM_OFF call work on QEMU. It assumes that QEMU has semihosting enabled, but that is already assumed by the image loader. Signed-off-by: Andrew Walbran <qwandor@google.com> Change-Id: I0fb7cf7909262b675c3143efeac07f4d60730b03
-
- 22 Jan, 2020 4 commits
-
-
Mark Dykes authored
This reverts commit 76d84cbc. Change-Id: I867af7af3d9f5e568101f79b9ebea578e5cb2a4b
-
Anthony Steinhauser authored
Even though ERET always causes a jump to another address, aarch64 CPUs speculatively execute following instructions as if the ERET instruction was not a jump instruction. The speculative execution does not cross privilege-levels (to the jump target as one would expect), but it continues on the kernel privilege level as if the ERET instruction did not change the control flow - thus execution anything that is accidentally linked after the ERET instruction. Later, the results of this speculative execution are always architecturally discarded, however they can leak data using microarchitectural side channels. This speculative execution is very reliable (seems to be unconditional) and it manages to complete even relatively performance-heavy operations (e.g. multiple dependent fetches from uncached memory). This was fixed in Linux, FreeBSD, OpenBSD and Optee OS: https://github.com/torvalds/linux/commit/679db70801da9fda91d26caf13bf5b5ccc74e8e8 https://github.com/freebsd/freebsd/commit/29fb48ace4186a41c409fde52bcf4216e9e50b61 https://github.com/openbsd/src/commit/3a08873ece1cb28ace89fd65e8f3c1375cc98de2 https://github.com/OP-TEE/optee_os/commit/abfd092aa19f9c0251e3d5551e2d68a9ebcfec8a It is demonstrated in a SafeSide example: https://github.com/google/safeside/blob/master/demos/eret_hvc_smc_wrapper.cc https://github.com/google/safeside/blob/master/kernel_modules/kmod_eret_hvc_smc/eret_hvc_smc_module.c Signed-off-by: Anthony Steinhauser <asteinhauser@google.com> Change-Id: Iead39b0b9fb4b8d8b5609daaa8be81497ba63a0f
-
Masahiro Yamada authored
Use end_va and end_pa defined at the beginning of this function. Change-Id: I0e8b3b35fceb87b5d35397eb892d4fe92ba90b4c Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Madhukar Pappireddy authored
Since BL31 PROGBITS and BL31 NOBITS sections are going to be in non-adjacent memory regions, potentially far from each other, some fixes are needed to support it completely. 1. adr instruction only allows computing the effective address of a location only within 1MB range of the PC. However, adrp instruction together with an add permits position independent address of any location with 4GB range of PC. 2. Since BL31 _RW_END_ marks the end of BL31 image, care must be taken that it is aligned to page size since we map this memory region in BL31 using xlat_v2 lib utils which mandate alignment of image size to page granularity. Change-Id: Ic745c5a130fe4239fa2742142d083b2bdc4e8b85 Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 20 Jan, 2020 1 commit
-
-
Lionel Debieve authored
Imported from the LLVM compiler_rt library on master branch as of 30 Oct 2018 (SVN revision: r345645). This is to get the __popcountsi2(si_int a) and __popcountdi2(di_int a) builtin which are required by a driver that uses a __builtin_popcount(). Change-Id: I8e0d97cebdd90d224690c8ce1b02e657acdddb25 Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
-
- 10 Jan, 2020 1 commit
-
-
Deepika Bhavnani authored
NOTE for platform integrators: API `plat_psci_stat_get_residency()` third argument `last_cpu_idx` is changed from "signed int" to the "unsigned int" type. Issue / Trouble points 1. cpu_idx is used as mix of `unsigned int` and `signed int` in code with typecasting at some places leading to coverity issues. 2. Underlying platform API's return cpu_idx as `unsigned int` and comparison is performed with platform specific defines `PLAFORM_xxx` which is not consistent Misra Rule 10.4: The value of a complex expression of integer type may only be cast to a type that is narrower and of the same signedness as the underlying type of the expression. Based on above points, cpu_idx is kept as `unsigned int` to match the API's and low-level functions and platform defines are updated where ever required Signed-off-by: Deepika Bhavnani <deepika.bhavnani@arm.com> Change-Id: Ib26fd16e420c35527204b126b9b91e8babcc3a5c
-
- 02 Jan, 2020 1 commit
-
-
Lionel Debieve authored
Import aeabi_ldivmod.S with divmoddi4.c and divdi3.c from the LLVM compiler_rt library on master branch as of 30 Oct 2018 (SVN revision: r345645). This is to get the __aeabi_ldivmod builtin, which is required by a patch using signed long long division. Change-Id: Iee4c421deb3175142655e19074cd3732edd82227 Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
-
- 23 Dec, 2019 1 commit
-
-
Madhukar Pappireddy authored
Erratum 1688305 is a Cat B erratum present in r0p0, r0p1 versions of Hercules core. The erratum can be avoided by setting bit 1 of the implementation defined register CPUACTLR2_EL1 to 1 to prevent store- release from being dispatched before it is the oldest. Change-Id: I2ac04f5d9423868b6cdd4ceb3d0ffa46e570efed Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 20 Dec, 2019 1 commit
-
-
Paul Beesley authored
The Secure Partition Manager (SPM) prototype implementation is being removed. This is preparatory work for putting in place a dispatcher component that, in turn, enables partition managers at S-EL2 / S-EL1. This patch removes: - The core service files (std_svc/spm) - The Resource Descriptor headers (include/services) - SPRT protocol support and service definitions - SPCI protocol support and service definitions Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426 Signed-off-by: Paul Beesley <paul.beesley@arm.com> Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
-
- 18 Dec, 2019 2 commits
-
-
Ambroise Vincent authored
Provide an SMC interface to the 9p filesystem. This permits accessing firmware drivers through a common interface, using standardized read/write/control operations. Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I9314662314bb060f6bc02714476574da158b2a7d
-
Jan Dabros authored
EA handlers for exceptions taken from lower ELs at the end invokes el3_exit function. However there was a bug with sp maintenance which resulted in el3_exit setting runtime stack to context. This in turn caused memory corruption on consecutive EL3 entries. Signed-off-by: Jan Dabros <jsd@semihalf.com> Change-Id: I0424245c27c369c864506f4baa719968890ce659
-
- 17 Dec, 2019 2 commits
-
-
Olivier Deprez authored
Add a FIP driver hooked to debugfs 9p interface. This is an abstraction of the FIP filesystem layer on top of a mass storage, or memory block driver. Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: If275ea0824763de43ab666dab2a06de5352ff940
-
Olivier Deprez authored
The 9p interface provides abstraction layers allowing the software that uses devices to be independent from the hardware. This patch provides a file system abstraction to link drivers to their devices and propose a common interface to expose driver operations to higher layers. This file system can be used to access and configure a device by doing read/write operations. Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: Ia9662393baf489855dc0c8f389fe4a0afbc9c255
-
- 11 Dec, 2019 1 commit
-
-
Ambroise Vincent authored
This function scans a string backwards from the end for the first instance of a character. Change-Id: I46b21573ed25a0ff222eac340e1e1fb93b040763 Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
-
- 06 Dec, 2019 2 commits
-
-
Artsem Artsemenka authored
Check that entry point information requesting S-EL2 has AArch64 as an execution state during context setup. Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Change-Id: I447263692fed6e55c1b076913e6eb73b1ea735b7
-
Achin Gupta authored
This patch adds support for enabling S-EL2 if this EL is specified in the entry point information being used to initialise a secure context. It is the caller's responsibility to check if S-EL2 is available on the system before requesting this EL through the entry point information. Signed-off-by: Achin Gupta <achin.gupta@arm.com> Change-Id: I2752964f078ab528b2e80de71c7d2f35e60569e1
-
- 26 Nov, 2019 1 commit
-
-
Pankaj Gupta authored
Same SoC has different personality by creating different number of: - cores - clusters. As a result, the platform specific power domain tree will be created after identify the personality of the SoC. Hence, platform specific power domain tree may not be same for all the personality of the soc. Thus, psci library code will deduce the 'plat_core_count', while populating the power domain tree topology and return the number of cores. PLATFORM_CORE_COUNT will still be valid for a SoC, such that psci_plat_core_count <= PLATFORM_CORE_COUNT. PLATFORM_CORE_COUNT will continued to be defined by platform to create the data structures. Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com> Change-Id: I1f5c47647631cae2dcdad540d64cf09757db7185
-
- 12 Nov, 2019 1 commit
-
-
Deepika Bhavnani authored
`unsigned long` should be replaced to 1. `unsigned int` or `unsigned long long` - If fixed, based on the architecture AArch32 or AArch64 2. `u_register_t` - If it is supposed to be 32-bit wide in AArch32 and 64-bit wide in AArch64. Translation descriptors are always 32-bit wide, here `uint32_t` is used to describe the `exact size` of translation descriptors instead of `unsigned int` which guarantees minimum 32-bits Signed-off-by: Deepika Bhavnani <deepika.bhavnani@arm.com> Change-Id: I6a2af2e8b3c71170e2634044e0b887f07a41677e
-
- 24 Oct, 2019 1 commit
-
-
laurenw-arm authored
Fix a few white space errors and remove #if defined in workaround for N1 Errata 1542419. Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Change-Id: I07ac5a2fd50cd63de53c06e3d0f8262871b62fad
-
- 20 Oct, 2019 1 commit
-
-
Simon South authored
Explicitly disable stack protection via the "-fno-stack-protector" compiler option when the ENABLE_STACK_PROTECTOR build option is set to "none" (the default). This allows the build to complete without link errors on systems where stack protection is enabled by default in the compiler. Change-Id: I0a676aa672815235894fb2cd05fa2b196fabb972 Signed-off-by: Simon South <simon@simonsouth.net>
-
- 18 Oct, 2019 1 commit
-
-
Artsem Artsemenka authored
The WARMBOOT_ENABLE_DCACHE_EARLY allows caches to be turned on early during the boot. But the xlat_change_mem_attributes_ctx() API did not do the required cache maintenance after the mmap tables are modified if WARMBOOT_ENABLE_DCACHE_EARLY is enabled. This meant that when the caches are turned off during power down, the tables in memory are accessed as part of cache maintenance for power down, and the tables are not correct at this point which results in a data abort. This patch removes the optimization within xlat_change_mem_attributes_ctx() when WARMBOOT_ENABLE_DCACHE_EARLY is enabled. Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Change-Id: I82de3decba87dd13e9856b5f3620a1c8571c8d87
-
- 04 Oct, 2019 2 commits
-
-
laurenw-arm authored
Coherent I-cache is causing a prefetch violation where when the core executes an instruction that has recently been modified, the core might fetch a stale instruction which violates the ordering of instruction fetches. The workaround includes an instruction sequence to implementation defined registers to trap all EL0 IC IVAU instructions to EL3 and a trap handler to execute a TLB inner-shareable invalidation to an arbitrary address followed by a DSB. Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Change-Id: Ic3b7cbb11cf2eaf9005523ef5578a372593ae4d6
-
Soby Mathew authored
Make the spinlock implementation use ARMv8.1-LSE CAS instruction based on a platform build option. The CAS-based implementation used to be unconditionally selected for all ARM8.1+ platforms. The previous CAS spinlock implementation had a bug wherein the spin_unlock() implementation had an `sev` after `stlr` which is not sufficient. A dsb is needed to ensure that the stlr completes prior to the sev. Having a dsb is heavyweight and a better solution would be to use load exclusive semantics to monitor the lock and wake up from wfe when a store happens to the lock. The patch implements the same. Change-Id: I5283ce4a889376e4cc01d1b9d09afa8229a2e522 Signed-off-by: Soby Mathew <soby.mathew@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
-
- 03 Oct, 2019 2 commits
-
-
Alexei Fedorov authored
This patch adds support for ARMv8.3-PAuth in BL1 SMC calls and BL2U image for firmware updates by programming APIAKey_EL1 registers and enabling Pointer Authentication in EL3 and EL1 respectively. Change-Id: I875d952aba8242caf74fb5f4f2d2af6f0c768c08 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
Imre Kis authored
Change-Id: I1ea2bf088f1e001cdbd377cbfb7c6a2866af0422 Signed-off-by: Imre Kis <imre.kis@arm.com>
-