- 06 Jan, 2016 2 commits
- 05 Jan, 2016 1 commit
-
-
Sandrine Bailleux authored
By default ARM TF is built with the '-pedantic' compiler flag, which helps detecting violations of the C standard. However, the mbed TLS library and its associated authentication module in TF used to fail building with this compiler flag. As a workaround, the mbed TLS authentication module makefile used to set the 'DISABLE_PEDANTIC' TF build flag. The compiler errors flagged by '-pedantic' in the mbed TLS library have been fixed between versions 1.3.9 and 2.2.0 and the library now properly builds with this compiler flag. This patch fixes the remaining compiler errors in the mbed TLS authentication module in TF and unsets the 'DISABLE_PEDANTIC' TF build flag. This means that TF is now always built with '-pedantic'. In particular, this patch: * Removes the final semi-colon in REGISTER_COT() macro. This semi-colon was causing the following error message: drivers/auth/tbbr/tbbr_cot.c:544:23: error: ISO C does not allow extra ';' outside of a function [-Werror=pedantic] This has been fixed both in the mbed TLS authentication module as well as in the certificate generation tool. Note that the latter code didn't need fixing since it is not built with '-pedantic' but the change has been propagated for consistency. Also fixed the REGISTER_KEYS() and REGISTER_EXTENSIONS() macros, which were suffering from the same issue. * Fixes a pointer type. It was causing the following error message: drivers/auth/mbedtls/mbedtls_crypto.c: In function 'verify_hash': drivers/auth/mbedtls/mbedtls_crypto.c:177:42: error: pointer of type 'void *' used in arithmetic [-Werror=pointer-arith] Change-Id: I7b7a04ef711efd65e17b5be26990d1a0d940257d
-
- 04 Jan, 2016 1 commit
-
-
Jimmy Huang authored
The 'ret' was missing in console_uninit() implementation, so the program doesn't return from console_uninit(). Instead, it keeps executing the following instructions which is not expected. Change-Id: I810684f37f61c41c6f95a3bb36914d0765da8571 Signed-off-by: Jimmy Huang <jimmy.huang@mediatek.com>
-
- 22 Dec, 2015 4 commits
-
-
danh-arm authored
Final v1.2 release changes
-
danh-arm authored
Misc documentation fixes for v1.2 release
-
Dan Handley authored
Change-Id: I50cd383e480628bf750bcfb76cfdc9d597c2595b
-
Dan Handley authored
Change-Id: I50e62cc89a55a6f13093a2c1c84d13802b65b4aa
-
- 21 Dec, 2015 5 commits
-
-
Sandrine Bailleux authored
Change-Id: I23a852fc7d91f91923bb84bc3167a830d1bb7463
-
Sandrine Bailleux authored
Change-Id: I6f49bd779f2a4d577c6443dd160290656cdbc59b
-
Dan Handley authored
Remove the following redundant sentence from the user guide, which implies the user should use the TF version from the Linaro release, which was not the intention: "However, the rest of this document assumes that you got the Trusted Firmware as part of the Linaro release." Also, tidied up the grammar in this section. Change-Id: I5dae0b68d3683e2a85a7b3c6a31222182a66f6c8
-
Dan Handley authored
Update `contributing.md` to make it clear that contributors should wait for ARM to confirm acceptance of the completed CLA before making contributions. Change-Id: Ide62d893ad8cc0d2a0949c16605cd8689d9624bf
-
Sandrine Bailleux authored
fvp_pwr_domain_on() used to program the CPUs mailbox. This changed with commit 804040d1 but the comment documenting this code still refers to the mailbox programming. This patch removes this out-dated information. Change-Id: Ibfe2a426bdda6e71f20c83a99cb223ceca9c559c
-
- 17 Dec, 2015 5 commits
-
-
danh-arm authored
Documentation: Clean legacy variables in User Guide
-
danh-arm authored
FWU: Add documentation for Firmware Update feature
-
Yatharth Kochar authored
This patch adds design documentation for the Firmware Update (FWU) feature in `firmware-update.md`. It provides an overview of FWU, describes the BL1 SMC interface, and includes diagrams showing an example FWU boot flow and the FWU state machine. This patch also updates the existing TF documents where needed: * `porting-guide.md` * `user-guide.md` * `firmware-design.md` * `rt-svc-writers-guide.md` * `trusted_board_boot.md` Change-Id: Ie6de31544429b18f01327bd763175e218299a4ce Co-Authored-By: Dan Handley <dan.handley@arm.com>
-
Olivier Martin authored
-
Olivier Martin authored
`FVP_TSP_RAM_LOCATION` has been renamed into `ARM_TSP_RAM_LOCATION`.
-
- 16 Dec, 2015 2 commits
- 15 Dec, 2015 6 commits
-
-
danh-arm authored
FWU: Pass client cookie to FWU_SMC_UPDATE_DONE
-
Sandrine Bailleux authored
This patch introduces a new document presenting the ARM Trusted Firmware Reset Design. It shows the reset code flow, lists the different build options that affect it, in which case to use them and what their exact effect is. The section about using BL31 entrypoint as the reset address has been moved from the general firmware design document to this one. It's also been improved to explain why the FVP port supports the RESET_TO_BL31 configuration, even though the reset vector address can't be programmed dynamically. This document includes some images, which have been generated using Dia version 0.97.2. This tool can be obtained from: https://wiki.gnome.org/Apps/Dia/Download This patch provides: - the image files describing the different reset flow diagrams; - the source '.dia' file; - a script automating the generation of the images from the '.dia' file. Note that the 2 latter files are not actually needed for the document and are provided for convenience only, in case the reset images need to be modified. Change-Id: Ib6302e8209d418a5b31c4e85e55fd9e83caf2ca2
-
danh-arm authored
FWU: Remove image_id arg from FWU_SMC_IMAGE_RESUME
-
Dan Handley authored
The current FWU_SMC_UPDATE_DONE implementation incorrectly passes an unused framework cookie through to the 1st argument in the platform function `bl1_plat_fwu_done`. The intent is to allow the SMC caller to pass a cookie through to this function. This patch fixes FWU_SMC_UPDATE_DONE to pass x1 from the caller through to `bl1_plat_fwu_done`. The argument names are updated for clarity. Upstream platforms currently do not use this argument so no impact is expected. Change-Id: I107f4b51eb03e7394f66d9a534ffab1cbc09a9b2
-
Dan Handley authored
The current implementation of FWU_SMC_IMAGE_RESUME when called from the normal world, uses the provided image_id argument to determine which secure image to resume into. This implies that the normal world has a choice of which secure image to resume into when in fact it is only possible to resume into the previously interrupted secure image. This patch removes the argument, tightens up the pre-conditions for the SMC and adds additional asserts. The pre-conditions for FWU_SMC_SEC_IMAGE_DONE are also tightened up. Change-Id: Ia5a46753bb01e8f8dad8a2999314f90db8f300e8
-
Soby Mathew authored
This patch updates the relevant documentation in ARM Trusted Firmware for the new GIC drivers. The user-guide.md and porting-guide.md have been updated as follows: * The build option to compile Trusted Firmware with different GIC drivers for FVP has been explained in the user-guide.md. * The implementation details of interrupt management framework porting APIs for GICv3 have been added in porting-guide.md. * The Linaro tracking kernel release does not work OOB in GICv3 mode. The instructions for changing UEFI configuration in order to run with the new GICv3 driver in ARM TF have been added to user-guide.md. The interrupt-framework-design.md has been updated as follows: * Describes support for registering and handling interrupts targeted to EL3 e.g. Group 0 interrupts in GICv3. * Describes the build option `TSP_NS_INTR_ASYNC_PREEMPT` in detail. * Describes preemption of TSP in S-EL1 by non secure interrupts and also possibly by higher priority EL3 interrupts. * Describes the normal world sequence for issuing `standard` SMC calls. * Modifies the document to correspond to the current state of interrupt handling in TSPD and TSP. * Modifies the various functions names in the document to reflect the current names used in code. Change-Id: I78c9514b5be834f193405aad3c1752a4a9e27a6c
-
- 14 Dec, 2015 6 commits
-
-
danh-arm authored
FWU: Fix secure memory check in image auth
-
danh-arm authored
Apply new image terminology
-
Dan Handley authored
The implementation of FWU_SMC_IMAGE_AUTH performs a number of pre-condition checks before authenticating the image. One of these checks calls `bl1_plat_mem_check()` to ensure the image source is mapped in when authenticating an image in place. The framework incorrectly passes the security state of the caller into this function instead of the security state of the source image. This patch corrects the defect. The defect would only manifest itself for secure world callers authenticating non-secure images in place, which is not done by current upstream platforms. Change-Id: I617c7b43e02ac7149f266aeaf3874316e62f3003
-
Juan Castillo authored
This patch removes the dash character from the image name, to follow the image terminology in the Trusted Firmware Wiki page: https://github.com/ARM-software/arm-trusted-firmware/wiki Changes apply to output messages, comments and documentation. non-ARM platform files have been left unmodified. Change-Id: Ic2a99be4ed929d52afbeb27ac765ceffce46ed76
-
Juan Castillo authored
This patch replaces all references to the SCP Firmware (BL0, BL30, BL3-0, bl30) with the image terminology detailed in the TF wiki (https://github.com/ARM-software/arm-trusted-firmware/wiki): BL0 --> SCP_BL1 BL30, BL3-0 --> SCP_BL2 bl30 --> scp_bl2 This change affects code, documentation, build system, tools and platform ports that load SCP firmware. ARM plaforms have been updated to the new porting API. IMPORTANT: build option to specify the SCP FW image has changed: BL30 --> SCP_BL2 IMPORTANT: This patch breaks compatibility for platforms that use BL2 to load SCP firmware. Affected platforms must be updated as follows: BL30_IMAGE_ID --> SCP_BL2_IMAGE_ID BL30_BASE --> SCP_BL2_BASE bl2_plat_get_bl30_meminfo() --> bl2_plat_get_scp_bl2_meminfo() bl2_plat_handle_bl30() --> bl2_plat_handle_scp_bl2() Change-Id: I24c4c1a4f0e4b9f17c9e4929da815c4069549e58
-
Juan Castillo authored
This patch applies the TBBR naming convention to the certificates and the corresponding extensions defined by the CoT: * Certificate UUID names * Certificate identifier names * OID names Changes apply to: * Generic code (variables and defines) * The default certificate identifiers provided in the generic code * Build system * ARM platforms port * cert_create tool internal definitions * fip_create and cert_create tools command line options * Documentation IMPORTANT: this change breaks the compatibility with platforms that use TBBR. The platform will need to adapt the identifiers and OIDs to the TBBR naming convention introduced by this patch: Certificate UUIDs: UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT --> UUID_TRUSTED_BOOT_FW_CERT UUID_SCP_FIRMWARE_BL30_KEY_CERT --> UUID_SCP_FW_KEY_CERT UUID_SCP_FIRMWARE_BL30_CERT --> UUID_SCP_FW_CONTENT_CERT UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT --> UUID_SOC_FW_KEY_CERT UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT --> UUID_SOC_FW_CONTENT_CERT UUID_SECURE_PAYLOAD_BL32_KEY_CERT --> UUID_TRUSTED_OS_FW_KEY_CERT UUID_SECURE_PAYLOAD_BL32_CERT --> UUID_TRUSTED_OS_FW_CONTENT_CERT UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT --> UUID_NON_TRUSTED_FW_KEY_CERT UUID_NON_TRUSTED_FIRMWARE_BL33_CERT --> UUID_NON_TRUSTED_FW_CONTENT_CERT Certificate identifiers: BL2_CERT_ID --> TRUSTED_BOOT_FW_CERT_ID BL30_KEY_CERT_ID --> SCP_FW_KEY_CERT_ID BL30_CERT_ID --> SCP_FW_CONTENT_CERT_ID BL31_KEY_CERT_ID --> SOC_FW_KEY_CERT_ID BL31_CERT_ID --> SOC_FW_CONTENT_CERT_ID BL32_KEY_CERT_ID --> TRUSTED_OS_FW_KEY_CERT_ID BL32_CERT_ID --> TRUSTED_OS_FW_CONTENT_CERT_ID BL33_KEY_CERT_ID --> NON_TRUSTED_FW_KEY_CERT_ID BL33_CERT_ID --> NON_TRUSTED_FW_CONTENT_CERT_ID OIDs: TZ_FW_NVCOUNTER_OID --> TRUSTED_FW_NVCOUNTER_OID NTZ_FW_NVCOUNTER_OID --> NON_TRUSTED_FW_NVCOUNTER_OID BL2_HASH_OID --> TRUSTED_BOOT_FW_HASH_OID TZ_WORLD_PK_OID --> TRUSTED_WORLD_PK_OID NTZ_WORLD_PK_OID --> NON_TRUSTED_WORLD_PK_OID BL30_CONTENT_CERT_PK_OID --> SCP_FW_CONTENT_CERT_PK_OID BL30_HASH_OID --> SCP_FW_HASH_OID BL31_CONTENT_CERT_PK_OID --> SOC_FW_CONTENT_CERT_PK_OID BL31_HASH_OID --> SOC_AP_FW_HASH_OID BL32_CONTENT_CERT_PK_OID --> TRUSTED_OS_FW_CONTENT_CERT_PK_OID BL32_HASH_OID --> TRUSTED_OS_FW_HASH_OID BL33_CONTENT_CERT_PK_OID --> NON_TRUSTED_FW_CONTENT_CERT_PK_OID BL33_HASH_OID --> NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID BL2U_HASH_OID --> AP_FWU_CFG_HASH_OID SCP_BL2U_HASH_OID --> SCP_FWU_CFG_HASH_OID NS_BL2U_HASH_OID --> FWU_HASH_OID Change-Id: I1e047ae046299ca913911c39ac3a6e123bd41079
-
- 10 Dec, 2015 6 commits
-
-
danh-arm authored
Move up to mbed TLS 2.x
-
Juan Castillo authored
The mbed TLS library has introduced some changes in the API from the 1.3.x to the 2.x releases. Using the 2.x releases requires some changes to the crypto and transport modules. This patch updates both modules to the mbed TLS 2.x API. All references to the mbed TLS library in the code or documentation have been updated to 'mbed TLS'. Old references to PolarSSL have been updated to 'mbed TLS'. User guide updated to use mbed TLS 2.2.0. NOTE: moving up to mbed TLS 2.x from 1.3.x is not backward compatible. Applying this patch will require an mbed TLS 2.x release to be used. Also note that the mbed TLS license changed to Apache version 2.0. Change-Id: Iba4584408653cf153091f2ca2ee23bc9add7fda4
-
danh-arm authored
Move up dependency versions in user guide
-
Sandrine Bailleux authored
Move up the version numbers in the user guide of: * DS-5 (to v5.22) * Base FVP (to 7.0) * Foundation FVP (to 9.4) * Linaro release (to 15.10) Note that, starting from Linaro release 15.10, the related release instructions have migrated from http://releases.linaro.org to the ARM Connected Community website. The URLs in the User Guide have been updated accordingly. The 'libssl-dev' package has been removed from the list of prerequisite tools, as it is already referenced on the ARM Connected Community page. Also, the 'device-tree-compiler' package has been marked as an optional dependency, since the Trusted Firmware repository provides the prebuilt DTB files. Hence, this tool is needed only when the user wants to rebuild the DTS files. Change-Id: I4a172ece60bf90437131c6b96e73a9f1e9b40117
-
danh-arm authored
De-feature PL011 UART driver to match generic UART spec
-
Juan Castillo authored
The Server Base System Architecture document (ARM-DEN-0029) specifies a generic UART device. The programmer's view of this generic UART is a subset of the ARM PL011 UART. However, the current PL011 driver in Trusted Firmware uses some features that are outside the generic UART specification. This patch modifies the PL011 driver to exclude features outside the SBSA generic UART specification by setting the boolean build option 'PL011_GENERIC_UART=1'. Default value is 0 (use full PL011 features). User guide updated. Fixes ARM-software/tf-issues#216 Change-Id: I6e0eb86f9d69569bc3980fb57e70d6da5d91a737
-
- 09 Dec, 2015 2 commits