- 11 Mar, 2020 2 commits
-
-
Madhukar Pappireddy authored
A populate() function essentially captures the value of a property, defined by a platform, into a fconf related c structure. Such a callback is usually platform specific and is associated to a specific configuration source. For example, a populate() function which captures the hardware topology of the platform can only parse HW_CONFIG DTB. Hence each populator function must be registered with a specific 'config_type' identifier. It broadly represents a logical grouping of configuration properties which is usually a device tree source file. Example: > TB_FW: properties related to trusted firmware such as IO policies, base address of other DTBs, mbedtls heap info etc. > HW_CONFIG: properties related to hardware configuration of the SoC such as topology, GIC controller, PSCI hooks, CPU ID etc. This patch modifies FCONF_REGISTER_POPULATOR macro and fconf_populate() to register and invoke the appropriate callbacks selectively based on configuration type. Change-Id: I6f63b1fd7a8729c6c9137d5b63270af1857bb44a Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
Masahiro Yamada authored
xlat_tables_v2_helpers.h defines two quite similar macros, REGISTER_XLAT_CONTEXT_FULL_SPEC and REGISTER_XLAT_CONTEXT_RO_BASE_TABLE. Only the difference is the section of _ctx_name##_base_xlat_table. Parameterize it and unify these two macros. The base xlat table goes into the .bss section by default. If PLAT_RO_XLAT_TABLES is defined, it goes into the .rodata section. Change-Id: I8b02f4da98f0c272e348a200cebd89f479099c55 Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 09 Mar, 2020 1 commit
-
-
Kalyani Chidambaram authored
The denver_enable_dco and denver_disable_dco use register X3 to store the return address. But X3 gets over-written by other functions, downstream. This patch stores the return address to X18 instead, to fix this anomaly. Change-Id: Ic40bfc1d9abaa7b90348843b9ecd09521bb4ee7b Signed-off-by: Kalyani Chidambaram <kalyanic@nvidia.com>
-
- 06 Mar, 2020 1 commit
-
-
Varun Wadekar authored
ARM has a weak memory ordering model. This means that without explicit barriers, memory accesses can be observed differently than program order. In this case, the cache invalidate instruction can be observed after the subsequent read to address. To solve this, a DMB instruction is required between the cache invalidate and the read. This ensures that the cache invalidate completes before all memory accesses in program order after the DMB. This patch updates the 'read_cache_op' macro to issue a DMB after the cache invalidate instruction to fix this anomaly. Change-Id: Iac9a90d228c57ba8bcdca7e409ea6719546ab441 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 03 Mar, 2020 1 commit
-
-
Max Shvetsov authored
This patch adds EL2 registers that are supported up to ARMv8.6. ARM_ARCH_MINOR has to specified to enable save/restore routine. Note: Following registers are still not covered in save/restore. * AMEVCNTVOFF0<n>_EL2 * AMEVCNTVOFF1<n>_EL2 * ICH_AP0R<n>_EL2 * ICH_AP1R<n>_EL2 * ICH_LR<n>_EL2 Change-Id: I4813f3243e56e21cb297b31ef549a4b38d4876e1 Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
- 02 Mar, 2020 1 commit
-
-
Max Shvetsov authored
NOTE: Not all EL-2 system registers are saved/restored. This subset includes registers recognized by ARMv8.0 Change-Id: I9993c7d78d8f5f8e72d1c6c8d6fd871283aa3ce0 Signed-off-by: Jose Marinho <jose.marinho@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
- 25 Feb, 2020 1 commit
-
-
Andre Przywara authored
Since now the generic console_t structure holds the UART base address as well, let's use that generic location for the coreboot memory console. This removes the base member from the coreboot specific data structure, but keeps the struct console_cbmc_t and its size member. Change-Id: I7f1dffd41392ba3fe5c07090aea761a42313fb5b Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
- 24 Feb, 2020 1 commit
-
-
Petre-Ionut Tudor authored
This patch introduces a build flag which allows the xlat tables to be mapped in a read-only region within BL31 memory. It makes it much harder for someone who has acquired the ability to write to arbitrary secure memory addresses to gain control of the translation tables. The memory attributes of the descriptors describing the tables themselves are changed to read-only secure data. This change happens at the end of BL31 runtime setup. Until this point, the tables have read-write permissions. This gives a window of opportunity for changes to be made to the tables with the MMU on (e.g. reclaiming init code). No changes can be made to the tables with the MMU turned on from this point onwards. This change is also enabled for sp_min and tspd. To make all this possible, the base table was moved to .rodata. The penalty we pay is that now .rodata must be aligned to the size of the base table (512B alignment). Still, this is better than putting the base table with the higher level tables in the xlat_table section, as that would cost us a full 4KB page. Changing the tables from read-write to read-only cannot be done with the MMU on, as the break-before-make sequence would invalidate the descriptor which resolves the level 3 page table where that very descriptor is located. This would make the translation required for writing the changes impossible, generating an MMU fault. The caches are also flushed. Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com> Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
-
- 20 Feb, 2020 1 commit
-
-
Varun Wadekar authored
The CPUACTLR_EL1 register on Cortex-A57 CPUs supports a bit to enable non-cacheable streaming enhancement. Platforms can set this bit only if their memory system meets the requirement that cache line fill requests from the Cortex-A57 processor are atomic. This patch adds support to enable higher performance non-cacheable load forwarding for such platforms. Platforms must enable this support by setting the 'A57_ENABLE_NONCACHEABLE_LOAD_FWD' flag from their makefiles. This flag is disabled by default. Change-Id: Ib27e55dd68d11a50962c0bbc5b89072208b4bac5 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 18 Feb, 2020 3 commits
-
-
Zelalem authored
Fixes for the following MISRA violations: - Missing explicit parentheses on sub-expression - An identifier or macro name beginning with an underscore, shall not be declared - Type mismatch in BL1 SMC handlers and tspd_main.c Change-Id: I7a92abf260da95acb0846b27c2997b59b059efc4 Signed-off-by: Zelalem <zelalem.aweke@arm.com>
-
Jimmy Brisson authored
Also update copyright statements Change-Id: Iba0305522ac0f2ddc4da99127fd773f340e67300 Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
-
Jimmy Brisson authored
Change-Id: I686fd623b8264c85434853a2a26ecd71e9eeac01 Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
-
- 07 Feb, 2020 6 commits
-
-
Louis Mayencourt authored
Use the firmware configuration framework in arm dynamic configuration to retrieve mbedtls heap information between bl1 and bl2. For this, a new fconf getter is added to expose the device tree base address and size. Change-Id: Ifa5ac9366ae100e2cdd1f4c8e85fc591b170f4b6 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
Louis Mayencourt authored
Use fconf to retrieve the `disable_authentication` property. Move this access from arm dynamic configuration to bl common. Change-Id: Ibf184a5c6245d04839222f5457cf5e651f252b86 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
Louis Mayencourt authored
This patch introduces a better separation between the trusted-boot related properties, and the dynamic configuration DTBs loading information. The dynamic configuration DTBs properties are moved to a new node: `dtb-registry`. All the sub-nodes present will be provided to the dynamic config framework to be loaded. The node currently only contains the already defined configuration DTBs, but can be extended for future features if necessary. The dynamic config framework is modified to use the abstraction provided by the fconf framework, instead of directly accessing the DTBs. The trusted-boot properties are kept under the "arm,tb_fw" compatible string, but in a separate `tb_fw-config` node. The `tb_fw-config` property of the `dtb-registry` node simply points to the load address of `fw_config`, as the `tb_fw-config` is currently part of the same DTB. Change-Id: Iceb6c4c2cb92b692b6e28dbdc9fb060f1c46de82 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
Louis Mayencourt authored
Use the dtb provided by bl1 as configuration file for fconf. Change-Id: I3f466ad9b7047e1a361d94e71ac6d693e31496d9 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
Louis Mayencourt authored
Move the loading of the dtb from arm_dym_cfg to fconf. The new loading function is not associated to arm platform anymore, and can be moved to bl_main if wanted. Change-Id: I847d07eaba36d31d9d3ed9eba8e58666ea1ba563 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
Louis Mayencourt authored
Introduce the Firmware CONfiguration Framework (fconf). The fconf is an abstraction layer for platform specific data, allowing a "property" to be queried and a value retrieved without the requesting entity knowing what backing store is being used to hold the data. The default backing store used is C structure. If another backing store has to be used, the platform integrator needs to provide a "populate()" function to fill the corresponding C structure. The "populate()" function must be registered to the fconf framework with the "FCONF_REGISTER_POPULATOR()". This ensures that the function would be called inside the "fconf_populate()" function. A two level macro is used as getter: - the first macro takes 3 parameters and converts it to a function call: FCONF_GET_PROPERTY(a,b,c) -> a__b_getter(c). - the second level defines a__b_getter(c) to the matching C structure, variable, array, function, etc.. Ex: Get a Chain of trust property: 1) FCONF_GET_PROPERY(tbbr, cot, BL2_id) -> tbbr__cot_getter(BL2_id) 2) tbbr__cot_getter(BL2_id) -> cot_desc_ptr[BL2_id] Change-Id: Id394001353ed295bc680c3f543af0cf8da549469 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 05 Feb, 2020 1 commit
-
-
Zelalem authored
Fix code that violates the MISRA rule: MISRA C-2012 Rule 11.9: Literal "0" shall not be used as null pointer constant. The fix explicitly checks whether a pointer is NULL. Change-Id: Ibc318dc0f464982be9a34783f24ccd1d44800551 Signed-off-by: Zelalem <zelalem.aweke@arm.com>
-
- 04 Feb, 2020 2 commits
-
-
Zelalem authored
This patch removes unnecessary header file includes discovered by Coverity HFA option. Change-Id: I2827c37c1c24866c87db0e206e681900545925d4 Signed-off-by: Zelalem <zelalem.aweke@arm.com>
-
Olivier Deprez authored
CID 353228: Integer handling issues (CONSTANT_EXPRESSION_RESULT) The checks on size and offset_address in get_entry always resolve to false provided those fields are long long int and cannot be greater than LONG_MAX. Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I0fac485a39ac4a40ae8c0d25a706ad74c795e130
-
- 03 Feb, 2020 1 commit
-
-
Alexei Fedorov authored
This patch adds 'fdtw_read_bytes' and 'fdtw_write_inplace_bytes' functions for read/write array of bytes from/to a given property. It also adds 'fdt_setprop_inplace_namelen_partial' to jmptbl.i files for builds with USE_ROMLIB=1 option. Change-Id: Ied7b5c8b38a0e21d508aa7bcf5893e656028b14d Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 29 Jan, 2020 1 commit
-
-
Andrew Walbran authored
This is based on the rpi implementation from https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/2746 . Signed-off-by: Andrew Walbran <qwandor@google.com> Change-Id: I5fe324fcd9d5e232091e01267ea12147c46bc9c1
-
- 28 Jan, 2020 1 commit
-
-
Louis Mayencourt authored
The Secure Configuration Register is 64-bits in AArch64 and 32-bits in AArch32. Use u_register_t instead of unsigned int to reflect this. Change-Id: I51b69467baba36bf0cfaec2595dc8837b1566934 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 27 Jan, 2020 3 commits
-
-
Madhukar Pappireddy authored
Since BL31 PROGBITS and BL31 NOBITS sections are going to be in non-adjacent memory regions, potentially far from each other, some fixes are needed to support it completely. 1. adr instruction only allows computing the effective address of a location only within 1MB range of the PC. However, adrp instruction together with an add permits position independent address of any location with 4GB range of PC. 2. Since BL31 _RW_END_ marks the end of BL31 image, care must be taken that it is aligned to page size since we map this memory region in BL31 using xlat_v2 lib utils which mandate alignment of image size to page granularity. Change-Id: I3451cc030d03cb2032db3cc088f0c0e2c84bffda Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
Raghu Krishnamurthy authored
bakery_lock_get() uses DMB LD after lock acquisition and bakery_lock_release() uses DMB ST before releasing the lock. This is insufficient in both cases. With just DMB LD, stores in the critical section can be reordered before the DMB LD which could mean writes in the critical section completing before the lock has been acquired successfully. Similarly, with just DMB ST, a load in the critical section could be reordered after the the DMB ST. DMB is the least expensive barrier that can provide the required ordering. Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@icloud.com> Change-Id: Ieb74cbf5b76b09e1789331b71f37f7c660221b0e
-
Manish Pandey authored
CPUECTLR_EL1.EXTLLC bit indicates the presense of internal or external last level cache(LLC) in the system, the reset value is internal LLC. To cater for the platforms(like N1SDP) which has external LLC present introduce a new build option 'NEOVERSE_N1_EXTERNAL_LLC' which can be enabled by platform port. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ibf475fcd6fd44401897a71600f4eafe989921363
-
- 23 Jan, 2020 2 commits
-
-
laurenw-arm authored
Setting errata workarounds for N1 1043202 and 1315703 to 0 since they should be turned off by default. Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Change-Id: I116673a4ddcf64436e90d70133f035a133989ed9
-
Andrew Walbran authored
This makes the PSCI SYSTEM_OFF call work on QEMU. It assumes that QEMU has semihosting enabled, but that is already assumed by the image loader. Signed-off-by: Andrew Walbran <qwandor@google.com> Change-Id: I0fb7cf7909262b675c3143efeac07f4d60730b03
-
- 22 Jan, 2020 4 commits
-
-
Mark Dykes authored
This reverts commit 76d84cbc. Change-Id: I867af7af3d9f5e568101f79b9ebea578e5cb2a4b
-
Anthony Steinhauser authored
Even though ERET always causes a jump to another address, aarch64 CPUs speculatively execute following instructions as if the ERET instruction was not a jump instruction. The speculative execution does not cross privilege-levels (to the jump target as one would expect), but it continues on the kernel privilege level as if the ERET instruction did not change the control flow - thus execution anything that is accidentally linked after the ERET instruction. Later, the results of this speculative execution are always architecturally discarded, however they can leak data using microarchitectural side channels. This speculative execution is very reliable (seems to be unconditional) and it manages to complete even relatively performance-heavy operations (e.g. multiple dependent fetches from uncached memory). This was fixed in Linux, FreeBSD, OpenBSD and Optee OS: https://github.com/torvalds/linux/commit/679db70801da9fda91d26caf13bf5b5ccc74e8e8 https://github.com/freebsd/freebsd/commit/29fb48ace4186a41c409fde52bcf4216e9e50b61 https://github.com/openbsd/src/commit/3a08873ece1cb28ace89fd65e8f3c1375cc98de2 https://github.com/OP-TEE/optee_os/commit/abfd092aa19f9c0251e3d5551e2d68a9ebcfec8a It is demonstrated in a SafeSide example: https://github.com/google/safeside/blob/master/demos/eret_hvc_smc_wrapper.cc https://github.com/google/safeside/blob/master/kernel_modules/kmod_eret_hvc_smc/eret_hvc_smc_module.c Signed-off-by: Anthony Steinhauser <asteinhauser@google.com> Change-Id: Iead39b0b9fb4b8d8b5609daaa8be81497ba63a0f
-
Masahiro Yamada authored
Use end_va and end_pa defined at the beginning of this function. Change-Id: I0e8b3b35fceb87b5d35397eb892d4fe92ba90b4c Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Madhukar Pappireddy authored
Since BL31 PROGBITS and BL31 NOBITS sections are going to be in non-adjacent memory regions, potentially far from each other, some fixes are needed to support it completely. 1. adr instruction only allows computing the effective address of a location only within 1MB range of the PC. However, adrp instruction together with an add permits position independent address of any location with 4GB range of PC. 2. Since BL31 _RW_END_ marks the end of BL31 image, care must be taken that it is aligned to page size since we map this memory region in BL31 using xlat_v2 lib utils which mandate alignment of image size to page granularity. Change-Id: Ic745c5a130fe4239fa2742142d083b2bdc4e8b85 Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 20 Jan, 2020 1 commit
-
-
Lionel Debieve authored
Imported from the LLVM compiler_rt library on master branch as of 30 Oct 2018 (SVN revision: r345645). This is to get the __popcountsi2(si_int a) and __popcountdi2(di_int a) builtin which are required by a driver that uses a __builtin_popcount(). Change-Id: I8e0d97cebdd90d224690c8ce1b02e657acdddb25 Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
-
- 10 Jan, 2020 1 commit
-
-
Deepika Bhavnani authored
NOTE for platform integrators: API `plat_psci_stat_get_residency()` third argument `last_cpu_idx` is changed from "signed int" to the "unsigned int" type. Issue / Trouble points 1. cpu_idx is used as mix of `unsigned int` and `signed int` in code with typecasting at some places leading to coverity issues. 2. Underlying platform API's return cpu_idx as `unsigned int` and comparison is performed with platform specific defines `PLAFORM_xxx` which is not consistent Misra Rule 10.4: The value of a complex expression of integer type may only be cast to a type that is narrower and of the same signedness as the underlying type of the expression. Based on above points, cpu_idx is kept as `unsigned int` to match the API's and low-level functions and platform defines are updated where ever required Signed-off-by: Deepika Bhavnani <deepika.bhavnani@arm.com> Change-Id: Ib26fd16e420c35527204b126b9b91e8babcc3a5c
-
- 02 Jan, 2020 1 commit
-
-
Lionel Debieve authored
Import aeabi_ldivmod.S with divmoddi4.c and divdi3.c from the LLVM compiler_rt library on master branch as of 30 Oct 2018 (SVN revision: r345645). This is to get the __aeabi_ldivmod builtin, which is required by a patch using signed long long division. Change-Id: Iee4c421deb3175142655e19074cd3732edd82227 Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
-
- 23 Dec, 2019 1 commit
-
-
Madhukar Pappireddy authored
Erratum 1688305 is a Cat B erratum present in r0p0, r0p1 versions of Hercules core. The erratum can be avoided by setting bit 1 of the implementation defined register CPUACTLR2_EL1 to 1 to prevent store- release from being dispatched before it is the oldest. Change-Id: I2ac04f5d9423868b6cdd4ceb3d0ffa46e570efed Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 20 Dec, 2019 1 commit
-
-
Paul Beesley authored
The Secure Partition Manager (SPM) prototype implementation is being removed. This is preparatory work for putting in place a dispatcher component that, in turn, enables partition managers at S-EL2 / S-EL1. This patch removes: - The core service files (std_svc/spm) - The Resource Descriptor headers (include/services) - SPRT protocol support and service definitions - SPCI protocol support and service definitions Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426 Signed-off-by: Paul Beesley <paul.beesley@arm.com> Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
-
- 18 Dec, 2019 2 commits
-
-
Ambroise Vincent authored
Provide an SMC interface to the 9p filesystem. This permits accessing firmware drivers through a common interface, using standardized read/write/control operations. Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I9314662314bb060f6bc02714476574da158b2a7d
-
Jan Dabros authored
EA handlers for exceptions taken from lower ELs at the end invokes el3_exit function. However there was a bug with sp maintenance which resulted in el3_exit setting runtime stack to context. This in turn caused memory corruption on consecutive EL3 entries. Signed-off-by: Jan Dabros <jsd@semihalf.com> Change-Id: I0424245c27c369c864506f4baa719968890ce659
-