- 26 Feb, 2014 2 commits
-
-
Harry Liebel authored
Change-Id: Ia8502f8d0566025d8bad150029f49cb63815261d
-
Jeenu Viswambharan authored
Commit 375f538a in Github accidentally removed the BL2 targets from the Makefile help message. This patch reverts that change. Change-Id: I825a9abe5b4ba0f15d02879dda1056912e2ad60c
-
- 20 Feb, 2014 16 commits
-
-
Jeenu Viswambharan authored
This patch updates .gitignore file to ignore potential build products, tool object files and binaries Also fixes issue ARM-software/tf-issues#35 Change-Id: I053dfba4ec8fecbcca081cad5b4bf94f8abfb15c
-
Ryan Harkin authored
Fixes issues #10: https://github.com/ARM-software/tf-issues/issues/10 This patch changes all/most variables of type int to be size_t or long to fix the sizing and alignment problems found when building with the newer toolchains such as Linaro GCC 13.12 or later. Change-Id: Idc9d48eb2ff9b8c5bbd5b227e6907263d1ea188b Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
-
Jeenu Viswambharan authored
At present the fip.bin depends on phony targets for BL images, resulting in unconditional remake of fip.bin. Also the build messages doesn't match with the rest of build system. This patch modifies the fip.bin dependencies to the actual BL binary images so that fip.bin is remade only when the component images are rebuilt/modified. The build messages and FIP Makefile are modified to match the style of rest of the build system. Change-Id: I8dd08666ff766d106820a5b4b037c2161bcf140f
-
Jeenu Viswambharan authored
At present many recoverable failures are reported as errors. This patch modifies all such failures to be reported as warnings instead. Change-Id: I5141653c82498defcada9b90fdf7498ba496b2f2
-
Achin Gupta authored
This patch reworks the service provided by the TSP to perform common arithmetic operations on a set of arguments provided by the non-secure world. For a addition, division, subtraction & multiplication operation requested on two arguments in x0 and x1 the steps are: 1. TSPD saves the non-secure context and passes the operation and its arguments to the TSP. 2. TSP asks the TSPD to return the same arguments once again. This exercises an additional SMC path. 3. TSP now has two copies of both x0 and x1. It performs the operation on the corresponding copies i.e. in case of addition it returns x0+x0 and x1+x1. 4. TSPD receives the result, saves the secure context, restores the non-secure context and passes the result back to the non-secure client. Change-Id: I6eebfa2ae0a6f28b1d2e11a31f575c7a4b96724b Co-authored-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Achin Gupta authored
This patch implements a set of handlers in the SPD which are called by the PSCI runtime service upon receiving a power management operation. These handlers in turn pass control to the Secure Payload image if required before returning control to PSCI. This ensures that the Secure Payload has complete visibility of all power transitions in the system and can prepare accordingly. Change-Id: I2d1dba5629b7cf2d53999d39fe807dfcf3f62fe2
-
Achin Gupta authored
This patch adds the TSPD service which is responsible for managing communication between the non-secure state and the Test Secure Payload (TSP) executing in S-EL1. The TSPD does the following: 1. Determines the location of the TSP (BL3-2) image and passes control to it for initialization. This is done by exporting the 'bl32_init()' function. 2. Receives a structure containing the various entry points into the TSP image as a response to being initialized. The TSPD uses this information to determine how the TSP should be entered depending on the type of operation. 3. Implements a synchronous mechanism for entering into and returning from the TSP image. This mechanism saves the current C runtime context on top of the current stack and jumps to the TSP through an ERET instruction. The TSP issues an SMC to indicate completion of the previous request. The TSPD restores the saved C runtime context and resumes TSP execution. This patch also introduces a Make variable 'SPD' to choose the specific SPD to include in the build. By default, no SPDs are included in the build. Change-Id: I124da5695cdc510999b859a1bf007f4d049e04f3 Co-authored-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
If there is a request to open a file from FIP, and that file is not found, the driver fails to reset the offset address. This causes subsequent file loads to fail. This patch resets the offset address to zero if a file is not found so that subsequent file loads are unaffected. Change-Id: I16418e35f92fb7c85fb12e2acc071990520cdef8
-
Achin Gupta authored
This patch adds a simple TSP as the BL3-2 image. The secure payload executes in S-EL1. It paves the way for the addition of the TSP dispatcher runtime service to BL3-1. The TSP and the dispatcher service will serve as an example of the runtime firmware's ability to toggle execution between the non-secure and secure states in response to SMC request from the non-secure state. The TSP will be replaced by a Trusted OS in a real system. The TSP also exports a set of handlers which should be called in response to a PSCI power management event e.g a cpu being suspended or turned off. For now it runs out of Secure DRAM on the ARM FVP port and will be moved to Secure SRAM later. The default translation table setup code assumes that the caller is executing out of secure SRAM. Hence the TSP exports its own translation table setup function. The TSP only services Fast SMCs, is non-reentrant and non-interruptible. It does arithmetic operations on two sets of four operands, one set supplied by the non-secure client, and the other supplied by the TSP dispatcher in EL3. It returns the result according to the Secure Monitor Calling convention standard. This TSP has two functional entry points: - An initial, one-time entry point through which the TSP is initialized and prepares for receiving further requests from secure monitor/dispatcher - A fast SMC service entry point through which the TSP dispatcher requests secure services on behalf of the non-secure client Change-Id: I24377df53399307e2560a025eb2c82ce98ab3931 Co-authored-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Achin Gupta authored
This patch creates a 'services' directory and moves the PSCI under it. Other runtime services e.g. the Secure Payload Dispatcher service will be placed under the same directory in the future. Also fixes issue ARM-software/tf-issues#12 Change-Id: I187f83dcb660b728f82155d91882e961d2255068
-
Achin Gupta authored
This patch adds the ability to specify the base address of a UART device for initialising the console. This allows a boot loader stage to use a different UART device from UART0 (default) for the console. Change-Id: Ie60b927389ae26085cfc90d22a564ff83ba62955
-
Achin Gupta authored
This patch factors out the ARM FVP specific code to create MMU translation tables so that it is possible for a boot loader stage to create a different set of tables instead of using the default ones. The default translation tables are created with the assumption that the calling boot loader stage executes out of secure SRAM. This might not be true for the BL3_2 stage in the future. A boot loader stage can define the `fill_xlation_tables()` function as per its requirements. It returns a reference to the level 1 translation table which is used by the common platform code to setup the TTBR_EL3. This patch is a temporary solution before a larger rework of translation table creation logic is introduced. Change-Id: I09a075d5da16822ee32a411a9dbe284718fb4ff6
-
Achin Gupta authored
This patch adds the following support to the BL3-1 stage: 1. BL3-1 allows runtime services to specify and determine the security state of the next image after BL3-1. This has been done by adding the `bl31_set_next_image_type()` & `bl31_get_next_image_type()` apis. The default security state is non-secure. The platform api `bl31_get_next_image_info()` has been modified to let the platform decide which is the next image in the desired security state. 2. BL3-1 exports the `bl31_prepare_next_image_entry()` function to program entry into the target security state. It uses the apis introduced in 1. to do so. 3. BL3-1 reads the information populated by BL2 about the BL3-2 image into its internal data structures. 4. BL3-1 introduces a weakly defined reference `bl32_init()` to allow initialisation of a BL3-2 image. A runtime service like the Secure payload dispatcher will define this function if present. Change-Id: Icc46dcdb9e475ce6575dd3f9a5dc7a48a83d21d1
-
Achin Gupta authored
This patch adds support for loading a BL3-2 image in BL2. In case a BL3-2 image is found, it also passes information to BL3-1 about where it is located and the extents of memory available to it. Information about memory extents is populated by platform specific code. The documentation has also been updated to reflect the above changes. Change-Id: I526b2efb80babebab1318f2b02e319a86d6758b0 Co-authored-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Achin Gupta authored
This patch reworks BL2 to BL3-1 hand over interface by introducing a composite structure (bl31_args) that holds the superset of information that needs to be passed from BL2 to BL3-1. - The extents of secure memory available to BL3-1 - The extents of memory available to BL3-2 (not yet implemented) and BL3-3 - Information to execute BL3-2 (not yet implemented) and BL3-3 images This patch also introduces a new platform API (bl2_get_bl31_args_ptr) that needs to be implemented by the platform code to export reference to bl31_args structure which has been allocated in platform-defined memory. The platform will initialize the extents of memory available to BL3-3 during early platform setup in bl31_args structure. This obviates the need for bl2_get_ns_mem_layout platform API. BL2 calls the bl2_get_bl31_args_ptr function to get a reference to bl31_args structure. It uses the 'bl33_meminfo' field of this structure to load the BL3-3 image. It sets the entry point information for the BL3-3 image in the 'bl33_image_info' field of this structure. The reference to this structure is passed to the BL3-1 image. Also fixes issue ARM-software/tf-issues#25 Change-Id: Ic36426196dd5ebf89e60ff42643bed01b3500517
-
Jeenu Viswambharan authored
This patch adds guards so that an exception vector exceeding 32 instructions will generate a compile-time error. This keeps the exception handlers in check from spilling over. Change-Id: I7aa56dd0071a333664e2814c656d3896032046fe
-
- 17 Feb, 2014 17 commits
-
-
Achin Gupta authored
This patch increases coherent stack size for both debug and release builds in order to accommodate stack-heavy printf() and extended EL3 functionality Change-Id: I30ef30530a01517a97e63d703873374828c09f20
-
Jeenu Viswambharan authored
This patch uses the reworked exception handling support to handle runtime service requests through SMCs following the SMC calling convention. This is a giant commit since all the changes are inter-related. It does the following: 1. Replace the old exception handling mechanism with the new one 2. Enforce that SP_EL0 is used C runtime stacks. 3. Ensures that the cold and warm boot paths use the 'cpu_context' structure to program an ERET into the next lower EL. 4. Ensures that SP_EL3 always points to the next 'cpu_context' structure prior to an ERET into the next lower EL 5. Introduces a PSCI SMC handler which completes the use of PSCI as a runtime service Change-Id: I661797f834c0803d2c674d20f504df1b04c2b852 Co-authored-by: Achin Gupta <achin.gupta@arm.com>
-
Achin Gupta authored
This patch introduces the reworked exception handling logic which lays the foundation for accessing runtime services in later patches. The type of an exception has a greater say in the way it is handled. SP_EL3 is used as the stack pointer for: 1. Determining the type of exception and handling the unexpected ones on the exception stack 2. Saving and restoring the essential general purpose and system register state after exception entry and prior to exception exit. SP_EL0 is used as the stack pointer for handling runtime service requests e.g. SMCs. A new structure for preserving general purpose register state has been added to the 'cpu_context' structure. All assembler ensures that it does not use callee saved registers (x19-x29). The C runtime preserves them across functions calls. Hence EL3 code does not have to save and restore them explicitly. Since the exception handling framework has undergone substantial change, the changes have been kept in separate files to aid readability. These files will replace the existing ones in subsequent patches. Change-Id: Ice418686592990ff7a4260771e8d6676e6c8c5ef
-
Achin Gupta authored
This patch introduces the framework to enable registration and initialisation of runtime services. PSCI is registered and initialised as a runtime service. Handling of runtime service requests will be implemented in subsequent patches. Change-Id: Id21e7ddc5a33d42b7d6e455b41155fc5441a9547
-
Achin Gupta authored
This patch uses the context library to save and restore EL3 state on the 'cpu_context' data structures allocated by PSCI for managing non-secure state context on each cpu. Change-Id: I19c1f26578204a7cd9e0a6c582ced0d97ee4cf80
-
Achin Gupta authored
This patch adds support for a cpu context management library. This library will be used to: 1. Share pointers to secure and non-secure state cpu contexts between runtime services e.g. PSCI and Secure Payload Dispatcher services 2. Set SP_EL3 to a context structure which will be used for programming an ERET into a lower EL 3. Provide wrapper functions to save and restore EL3 & EL1 state. These functions will in turn use the helper functions in context.S Change-Id: I655eeef83dcd2a0c6f2eb2ac23efab866ac83ca0
-
Achin Gupta authored
This patch introduces functions for saving and restoring shared system registers between secure and non-secure EL1 exception levels, VFP registers and essential EL3 system register and other state. It also defines the 'cpu_context' data structure which will used for saving and restoring execution context for a given security state. These functions will allow runtime services like PSCI and Secure payload dispatcher to implement logic for switching between the secure and non-secure states. The save and restore functions follow AArch64 PCS and only use caller-saved temporary registers. Change-Id: I8ee3aaa061d3caaedb28ae2c5becb9a206b6fd74
-
Achin Gupta authored
This patch ensures that VBAR_EL3 points to the simple stack-less 'early_exceptions' when the C runtime stack is not correctly setup to use the more complex 'runtime_exceptions'. It is initialised to 'runtime_exceptions' once this is done. This patch also moves all exception vectors into a '.vectors' section and modifies linker scripts to place all such sections together. This will minimize space wastage from alignment restrictions. Change-Id: I8c3e596ea3412c8bd582af9e8d622bb1cb2e049d
-
Jeenu Viswambharan authored
The SynchronousExceptionA64 vector has gone beyond the 32-instruction limit for individual exception vector. This patch splits and relocates the exception handler so that it fits into the 32-instruction window. Change-Id: Ic60c4fc3f09a1cb071d63ff0e58353ecaecbb62f
-
Jeenu Viswambharan authored
This patch moves the translation tables into their own section. This saves space that would otherwise have been lost in padding due to page table alignment constraints. The BL31 and BL32 bases have been consequently adjusted. Change-Id: Ibd65ae8a5ce4c4ea9a71a794c95bbff40dc63e65
-
Harry Liebel authored
This fixes ARM-software/tf-issues#9 Change-Id: Id57037115b8762efc9eaf5ff41887b71d6494c5d
-
Harry Liebel authored
The Firmware Image Package (FIP) driver allows for data to be loaded from a FIP on platform storage. The FVP supports loading bootloader images from a FIP located in NOR FLASH. The implemented FVP policy states that bootloader images will be loaded from a FIP in NOR FLASH if available and fall back to loading individual images from semi-hosting. NOTE: - BL3-3(e.g. UEFI) is loaded into DRAM and needs to be configured to run from the BL33_BASE address. This is currently set to DRAM_BASE+128MB for the FVP. Change-Id: I2e4821748e3376b5f9e467cf3ec09509e43579a0
-
Harry Liebel authored
This tool can be used to create a Firmware Image Packages (FIP). These FIPs store a combined set of firmware images with a Table of Contents (ToC) that can be loaded by the firmware from platform storage. - Add uuid.h from FreeBSD. - Use symbolic links to shared headers otherwise unwanted headers and definitions are pulled in. - A FIP is created as part of the default FVP build. - A BL3-3 image(e.g. UEFI) must be provided. Change-Id: Ib73feee181df2dba68bf6abec115a83cfa5e26cb
-
James Morrissey authored
The modified implementation uses the IO abstraction rather than making direct semi-hosting calls. The semi-hosting driver is now registered for the FVP platform during initialisation of each boot stage where it is used. Additionally, the FVP platform includes a straightforward implementation of 'plat_get_image_source' which provides a generic means for the 'load_image' function to determine how to access the image data. Change-Id: Ia34457b471dbee990c7b3c79de7aee4ceea51aa6
-
James Morrissey authored
This is intended primarily for use as a storage abstraction. It allows operations such as image-loading to be implemented in a platform-independent fashion. Each platform registers a set of IO drivers during initialisation. The platform must also provide a function that will return a device and a specifier that can be used to access specified content. Clients of the API will primarily use device and entity handles. The term "entity" is deliberately vague, to allow for different representations of content accessed using different types of specifier, but will often be interpreted as a "file" where the specifier will normally be its path. This commit builds, but is intended to be paired with a sample implementation of "load_image" using a semi-hosting driver on FVP. Change-Id: Id3b52f1c0eb9ce76b44b99fc6b6460803668cc86
-
James Morrissey authored
Also fix warnings generated in release builds when assert code is absent. Change-Id: I45b9173d3888f9e93e98eb5b4fdc06727ba5cbf4
-
Sandrine Bailleux authored
Change-Id: Ic6cf19402a0936161baf6b91bf75d64d95269a3c
-
- 30 Jan, 2014 3 commits
-
-
Jon Medhurst authored
memmove needs to allow for overlapping memory regions and, together with memcpy, should return the input destination pointer, not the address after the end of the copied data. fixes ARM-software/tf-issues#18 Signed-off-by: Jon Medhurst <tixy@linaro.org>
-
Ian Spray authored
New phony Makefile targets have been added: * checkcodebase * checkpatch The checkcodebase target will run a Linux style compliance check over the entire codebase, and honours the V=1 Makefile verbose setting and so will show more information when this is enabled. If the local directory is a git checkout then the output of git ls-files is used to decide which files to test for compliance. If the local directory is not under git control then a 'best attempt' is made, but in this case it should be noted that it is possible for additional non-codebase files to be tested, so care should be taken when parsing the output. The checkpatch target will compare local changes against the git origin/master to allow issues with the last set of changes to be identified. To override the change comparision location, set the BASE_COMMIT variable to your desired git branch. Both targets rely on the Linux source tree script checkpatch.pl to do the syntax checking, and expects that the CHECKPATCH environment variable points to the location of this file. Notes on the usage of these targets have been added to the contributing.md and docs/user-guide.md text files. Change-Id: I6d73c97af578e24a34226d972afadab9d30f1d8d
-
Joakim Bech authored
Fixes arm-software/tf-issues#15 Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
-
- 23 Jan, 2014 1 commit
-
-
Achin Gupta authored
The last CPU in a cluster is responsible for issuing the cluster power down request to the FVP power controller. If another CPU in this cluster wakes up before the last CPU enters WFI then the cluster power down request remains pending. If this request is not cancelled and the newly woken up CPU enters a simple WFI later, the power controller powers the cluster down. This leads to unpredictable behaviour. This patch fixes this issue by ensuring that the first CPU to wake up in a cluster writes its MPIDR to the power controller's PPONR. This cancels any pending cluster power down request. Change-Id: I7e787adfd6c9a0bd7308390e3309d46f35c01086
-
- 20 Jan, 2014 1 commit
-
-
Achin Gupta authored
The psci implementation does not track target affinity level requests specified during cpu_suspend calls correctly as per the following example. 1. cpu0.cluster0 calls cpu_suspend with the target affinity level as 0 2. Only the cpu0.cluster0 is powered down while cluster0 remains powered up 3. cpu1.cluster0 calls cpu_off to power itself down to highest possible affinity level 4. cluster0 will be powered off even though cpu0.cluster0 does not allow cluster shutdown This patch introduces reference counts at affinity levels > 0 to track the number of cpus which want an affinity instance at level X to remain powered up. This instance can be turned off only if its reference count is 0. Cpus still undergo the normal state transitions (ON, OFF, ON_PENDING, SUSPEND) but the higher levels can only be either ON or OFF depending upon their reference count. The above issue is thus fixed as follows: 1. cluster0's reference count is incremented by two when cpu0 and cpu1 are initially powered on. 2. cpu0.cluster0 calls cpu_suspend with the target affinity level as 0. This does not affect the cluster0 reference count. 3. Only the cpu0.cluster0 is powered down while cluster0 remains powered up as it has a non-zero reference count. 4. cpu1.cluster0 call cpu_off to power itself down to highest possible affinity level. This decrements the cluster0 reference count. 5. cluster0 is still not powered off since its reference count will at least be 1 due to the restriction placed by cpu0. Change-Id: I433dfe82b946f5f6985b1602c2de87800504f7a9
-