1. 12 May, 2017 1 commit
  2. 03 May, 2017 1 commit
  3. 02 May, 2017 1 commit
    • Evan Lloyd's avatar
      Build: Correct Unix specific echo commands · 052ab529
      Evan Lloyd authored
      
      
      Some recent changes have added direct use of the echo command without
      parameters.  This fails on a Windows shell, because echo without
      parameters reports the mode ("ECHO is on").
      This is corrected using the ECHO_BLANK_LINE macro already provided
      for that purpose.
      
      Change-Id: I5fd7192861b4496f6f46b4f096e80a752cd135d6
      Signed-off-by: default avatarEvan Lloyd <evan.lloyd@arm.com>
      052ab529
  4. 20 Apr, 2017 1 commit
    • Antonio Nino Diaz's avatar
      Remove build option `ASM_ASSERTION` · 044bb2fa
      Antonio Nino Diaz authored
      
      
      The build option `ENABLE_ASSERTIONS` should be used instead. That way
      both C and ASM assertions can be enabled or disabled together.
      
      All occurrences of `ASM_ASSERTION` in common code and ARM platforms have
      been replaced by `ENABLE_ASSERTIONS`.
      
      ASM_ASSERTION has been removed from the user guide.
      
      Change-Id: I51f1991f11b9b7ff83e787c9a3270c274748ec6f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      044bb2fa
  5. 19 Apr, 2017 2 commits
    • Antonio Nino Diaz's avatar
      Add `ENABLE_ASSERTIONS` build option · cc8b5632
      Antonio Nino Diaz authored
      
      
      Add the new build option `ENABLE_ASSERTIONS` that controls whether or
      not assert functions are compiled out. It defaults to 1 for debug builds
      and to 0 for release builds.
      
      Additionally, a following patch will be done to allow this build option
      to hide auxiliary code used for the checks done in an `assert()`. This
      code is is currently under the DEBUG build flag.
      
      Assert messages are now only printed if LOG_LEVEL >= LOG_LEVEL_INFO,
      which is the default for debug builds.
      
      This patch also updates the User Guide.
      
      Change-Id: I1401530b56bab25561bb0f274529f1d12c5263bc
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      cc8b5632
    • Soby Mathew's avatar
      PSCI: Build option to enable D-Caches early in warmboot · bcc3c49c
      Soby Mathew authored
      
      
      This patch introduces a build option to enable D-cache early on the CPU
      after warm boot. This is applicable for platforms which do not require
      interconnect programming to enable cache coherency (eg: single cluster
      platforms). If this option is enabled, then warm boot path enables
      D-caches immediately after enabling MMU.
      
      Fixes ARM-Software/tf-issues#456
      
      Change-Id: I44c8787d116d7217837ced3bcf0b1d3441c8d80e
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      bcc3c49c
  6. 05 Apr, 2017 1 commit
    • Masahiro Yamada's avatar
      Build: add generic way to include SCP_BL2 into FIP image · 4d045d0e
      Masahiro Yamada authored
      
      
      If SCP_BL2 is passed in from the command line, it is recognized by
      make_helpers/tbbr/tbbr_tools.mk, and the cert_create tool generates
      the corresponding key and content certificates.
      
      On the other hand, the top-level Makefile does not care SCP_BL2, so
      the --scp-fw option is not passed to the fiptool.  As far as I see
      plat/arm/css/common/css_common.mk, it looks like a platform's job to
      add $(eval $(call FIP_ADD_IMG,SCP_BL2,--scp-fw)).
      
      We can make the top-level Makefile kind enough to take care of it.
      This is useful when we want to have optional SCP_BL2 firmware.
      
      Adjust css_common.mk so that Juno still requires SCP_BL2 by default.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      4d045d0e
  7. 31 Mar, 2017 1 commit
    • Douglas Raillard's avatar
      Add support for GCC stack protection · 51faada7
      Douglas Raillard authored
      
      
      Introduce new build option ENABLE_STACK_PROTECTOR. It enables
      compilation of all BL images with one of the GCC -fstack-protector-*
      options.
      
      A new platform function plat_get_stack_protector_canary() is introduced.
      It returns a value that is used to initialize the canary for stack
      corruption detection. Returning a random value will prevent an attacker
      from predicting the value and greatly increase the effectiveness of the
      protection.
      
      A message is printed at the ERROR level when a stack corruption is
      detected.
      
      To be effective, the global data must be stored at an address
      lower than the base of the stacks. Failure to do so would allow an
      attacker to overwrite the canary as part of an attack which would void
      the protection.
      
      FVP implementation of plat_get_stack_protector_canary is weak as
      there is no real source of entropy on the FVP. It therefore relies on a
      timer's value, which could be predictable.
      
      Change-Id: Icaaee96392733b721fa7c86a81d03660d3c1bc06
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      51faada7
  8. 27 Mar, 2017 1 commit
  9. 20 Mar, 2017 1 commit
  10. 08 Mar, 2017 1 commit
    • Antonio Nino Diaz's avatar
      Add version 2 of xlat tables library · 7bb01fb2
      Antonio Nino Diaz authored
      
      
      The folder lib/xlat_tables_v2 has been created to store a new version
      of the translation tables library for further modifications in patches
      to follow. At the moment it only contains a basic implementation that
      supports static regions.
      
      This library allows different translation tables to be modified by
      using different 'contexts'. For now, the implementation defaults to
      the translation tables used by the current image, but it is possible
      to modify other tables than the ones in use.
      
      Added a new API to print debug information for the current state of
      the translation tables, rather than printing the information while
      the tables are being created. This allows subsequent debug printing
      of the xlat tables after they have been changed, which will be useful
      when dynamic regions are implemented in a patch to follow.
      
      The common definitions stored in `xlat_tables.h` header have been moved
      to a new file common to both versions, `xlat_tables_defs.h`.
      
      All headers related to the translation tables library have been moved to
      a the subfolder `xlat_tables`.
      
      Change-Id: Ia55962c33e0b781831d43a548e505206dffc5ea9
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      7bb01fb2
  11. 02 Mar, 2017 2 commits
    • Jeenu Viswambharan's avatar
      Disallow using coherent memory with hardware-assisted coherency · d4593e47
      Jeenu Viswambharan authored
      
      
      ARM Trusted Firmware keeps certain data structures in a memory region
      with non-cacheable attributes (termed as "coherent memory") to keep data
      coherent with observers that are cache-coherent, and those not. These
      data structures pertain to power management and mutual exclusion. Using
      coherent memory also costs at least an additional page to map memory
      with special memory attributes.
      
      On systems with hardware-assisted coherency, all CPUs that participate
      in power management and mutual exclusion are cache-coherent, obviating
      the need for special memory attributes for such data structures.
      Instead, they can be placed in normal memory, along with rest of data.
      
      On systems with hardware-assisted coherency, where build option
      HW_ASSISTED_COHERENCY will be set, also having USE_COHERENT_MEMORY
      enabled only wastes a page of memory without any
      benefit. Therefore, with HW_ASSISTED_COHERENCY set to 1, require that
      USE_COHERENT_MEMORY is explicitly set to 0.
      
      Change-Id: I5101657ae6b1a46278069f23e2d88ee5cbd98efa
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      d4593e47
    • Jeenu Viswambharan's avatar
      build: Define build option for hardware-assisted coherency · 3c251af3
      Jeenu Viswambharan authored
      
      
      The boolean build option HW_ASSISTED_COHERENCY is introduced to enable
      various optimizations in ARM Trusted Software, when built for such
      systems. It's set to 0 by default.
      
      Change-Id: I638390da6e1718fe024dcf5b402e07084f1eb014
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      3c251af3
  12. 14 Feb, 2017 1 commit
    • Jeenu Viswambharan's avatar
      Introduce locking primitives using CAS instruction · c877b414
      Jeenu Viswambharan authored
      
      
      The ARMv8v.1 architecture extension has introduced support for far
      atomics, which includes compare-and-swap. Compare and Swap instruction
      is only available for AArch64.
      
      Introduce build options to choose the architecture versions to target
      ARM Trusted Firmware:
      
        - ARM_ARCH_MAJOR: selects the major version of target ARM
          Architecture. Default value is 8.
      
        - ARM_ARCH_MINOR: selects the minor version of target ARM
          Architecture. Default value is 0.
      
      When:
      
        (ARM_ARCH_MAJOR > 8) || ((ARM_ARCH_MAJOR == 8) && (ARM_ARCH_MINOR >= 1)),
      
      for AArch64, Compare and Swap instruction is used to implement spin
      locks. Otherwise, the implementation falls back to using
      load-/store-exclusive instructions.
      
      Update user guide, and introduce a section in Firmware Design guide to
      summarize support for features introduced in ARMv8 Architecture
      Extensions.
      
      Change-Id: I73096a0039502f7aef9ec6ab3ae36680da033f16
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      c877b414
  13. 13 Feb, 2017 1 commit
    • dp-arm's avatar
      PSCI: Decouple PSCI stat residency calculation from PMF · 04c1db1e
      dp-arm authored
      
      
      This patch introduces the following three platform interfaces:
      
      * void plat_psci_stat_accounting_start(const psci_power_state_t *state_info)
      
        This is an optional hook that platforms can implement in order
        to perform accounting before entering a low power state.  This
        typically involves capturing a timestamp.
      
      * void plat_psci_stat_accounting_stop(const psci_power_state_t *state_info)
      
        This is an optional hook that platforms can implement in order
        to perform accounting after exiting from a low power state.  This
        typically involves capturing a timestamp.
      
      * u_register_t plat_psci_stat_get_residency(unsigned int lvl,
      	const psci_power_state_t *state_info,
      	unsigned int last_cpu_index)
      
        This is an optional hook that platforms can implement in order
        to calculate the PSCI stat residency.
      
      If any of these interfaces are overridden by the platform, it is
      recommended that all of them are.
      
      By default `ENABLE_PSCI_STAT` is disabled.  If `ENABLE_PSCI_STAT`
      is set but `ENABLE_PMF` is not set then an alternative PSCI stat
      collection backend must be provided.  If both are set, then default
      weak definitions of these functions are provided, using PMF to
      calculate the residency.
      
      NOTE: Previously, platforms did not have to explicitly set
      `ENABLE_PMF` since this was automatically done by the top-level
      Makefile.
      
      Change-Id: I17b47804dea68c77bc284df15ee1ccd66bc4b79b
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      04c1db1e
  14. 03 Feb, 2017 1 commit
    • Masahiro Yamada's avatar
      Makefile: use git describe for BUILD_STRING · bee71c7a
      Masahiro Yamada authored
      Currently, the BUILD_STRING is just 7-digits git hash.  It is true
      we can identify which version is running, but we can not get a quick
      idea about how new or old it is.
      
      The command "git describe" provides us a bit more useful information
      in the format of:
        (tag-name)-(number of commits on top the tag)-g(7 digits hash)
      
      I added some options:
        --always
          Make "git describe" work without any tag in case the upstream
          ATF is cloned, but all the tags are locally dropped.
      
        --tags
          Use any tag instead of only annotated tags.  In ATF, only some
          tags are annotated, actually the last annotated tag is "v0.2",
          whereas we are on "v1.3" tag now.  This option is needed to get
          something like v1.3-233-gbcc2bf09 instead of v0.2-1713-gbcc2bf09.
      
        --dirty
          The mark "-dirty" is appended if the source tree is locally
          modified.
      
      With this commit, the welcome string
      
        NOTICE:  BL1: v1.3(debug):bcc2bf09
      
      will become like follows:
      
        NOTICE:  BL1: v1.3(debug):v1.3-233-gbcc2bf09
      
      -dirty
      
      While we are here, let's add "2> /dev/null" as well to silently
      ignore any error message from git.  We should not assume that users
      always work in a git repository; the ATF might be released in a
      tarball form instead of a git repository.  In such a case, the git
      command will fail, then the ugly message "fatal: Not a git ..." will
      be displayed during the build:
      
      $ make CROSS_COMPILE=aarch64-linux-gnu-
      fatal: Not a git repository (or any of the parent directories): .git
      Building fvp
        CC      drivers/io/io_semihosting.c
        CC      lib/semihosting/semihosting.c
           ...
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      bee71c7a
  15. 31 Jan, 2017 1 commit
    • Douglas Raillard's avatar
      build: Use separate CFLAGS for tools · 72fc70ed
      Douglas Raillard authored
      
      
      Sharing the same CFLAGS for both the firmware and host tools is not
      useful and can lead to compilation failure when CFLAGS is set on the
      command line.
      
      This patch make MAKEOVERRIDES special variable empty so make's command
      line variable definitions are not implicitly forwarded to sub make
      invocations. However, make options are still forwarded like "-s" option
      to make the build silent.
      
      Change-Id: Ia921c02beb1fd2041696a26160b9e7974ae000fa
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      72fc70ed
  16. 30 Jan, 2017 2 commits
    • Jeenu Viswambharan's avatar
      Report errata workaround status to console · 10bcd761
      Jeenu Viswambharan authored
      
      
      The errata reporting policy is as follows:
      
        - If an errata workaround is enabled:
      
          - If it applies (i.e. the CPU is affected by the errata), an INFO
            message is printed, confirming that the errata workaround has been
            applied.
      
          - If it does not apply, a VERBOSE message is printed, confirming
            that the errata workaround has been skipped.
      
        - If an errata workaround is not enabled, but would have applied had
          it been, a WARN message is printed, alerting that errata workaround
          is missing.
      
      The CPU errata messages are printed by both BL1 (primary CPU only) and
      runtime firmware on debug builds, once for each CPU/errata combination.
      
      Relevant output from Juno r1 console when ARM Trusted Firmware is built
      with PLAT=juno LOG_LEVEL=50 DEBUG=1:
      
        VERBOSE: BL1: cortex_a57: errata workaround for 806969 was not applied
        VERBOSE: BL1: cortex_a57: errata workaround for 813420 was not applied
        INFO:    BL1: cortex_a57: errata workaround for disable_ldnp_overread was applied
        WARNING: BL1: cortex_a57: errata workaround for 826974 was missing!
        WARNING: BL1: cortex_a57: errata workaround for 826977 was missing!
        WARNING: BL1: cortex_a57: errata workaround for 828024 was missing!
        WARNING: BL1: cortex_a57: errata workaround for 829520 was missing!
        WARNING: BL1: cortex_a57: errata workaround for 833471 was missing!
        ...
        VERBOSE: BL31: cortex_a57: errata workaround for 806969 was not applied
        VERBOSE: BL31: cortex_a57: errata workaround for 813420 was not applied
        INFO:    BL31: cortex_a57: errata workaround for disable_ldnp_overread was applied
        WARNING: BL31: cortex_a57: errata workaround for 826974 was missing!
        WARNING: BL31: cortex_a57: errata workaround for 826977 was missing!
        WARNING: BL31: cortex_a57: errata workaround for 828024 was missing!
        WARNING: BL31: cortex_a57: errata workaround for 829520 was missing!
        WARNING: BL31: cortex_a57: errata workaround for 833471 was missing!
        ...
        VERBOSE: BL31: cortex_a53: errata workaround for 826319 was not applied
        INFO:    BL31: cortex_a53: errata workaround for disable_non_temporal_hint was applied
      
      Also update documentation.
      
      Change-Id: Iccf059d3348adb876ca121cdf5207bdbbacf2aba
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      10bcd761
    • Douglas Raillard's avatar
      Add -fno-builtin to CFLAGS · e507f8e7
      Douglas Raillard authored
      
      
      Disable the automatic substitution of functions with builtins. The
      existing -ffreestanding option should already do this but explicitly
      adding -fno-builtin reduces the risk of compiler variation. With this
      option, GCC is not supposed to be able to make assumptions on what the
      function does, which could otherwise lead to security-sensitive code
      removal.
      
      This can lead to potentially less efficient code but improves
      predictability of what code is actually compiled into the binary.
      
      Change-Id: I06ad151c61318bd1b00d84976f051d2d94314acc
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      e507f8e7
  17. 28 Jan, 2017 1 commit
    • Masahiro Yamada's avatar
      fiptool: support --align option to add desired alignment to image offset · 1c75d5df
      Masahiro Yamada authored
      
      
      The current fiptool packs all the images without any padding between
      them.  So, the offset to each image has no alignment.  This is not
      efficient, for example, when the FIP is read from a block-oriented
      device.
      
      For example, (e)MMC is accessed by block-addressing.  The block size
      is 512 byte.  So, the best case is each image is aligned by 512 byte
      since the DMA engine can transfer the whole of the image to its load
      address directly.  The worst case is the offset does not have even
      DMA-capable alignment (this is where we stand now).  In this case,
      we need to transfer every block to a bounce buffer, then do memcpy()
      from the bounce buffer to our final destination.  At least, this
      should work with the abstraction by the block I/O layer, but the
      CPU-intervention for the whole data transfer makes it really slow.
      
      This commit adds a new option --align to the fiptool.  This option,
      if given, requests the tool to align each component in the FIP file
      by the specified byte.  Also, add a new Make option FIP_ALIGN for
      easier access to this feature; users can give something like
      FIP_ALIGN=512 from the command line, or add "FIP_ALIGN := 512" to
      their platform.mk file.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      1c75d5df
  18. 16 Jan, 2017 1 commit
    • Antonio Nino Diaz's avatar
      checkpatch: Fix regular expressions · 55cdcf75
      Antonio Nino Diaz authored
      
      
      When generating the list of files to check by checkpatch.pl, the list
      generated by `git ls-files` is filtered by a regular expression with
      grep. Due to a malformed regex, the dot of `.md` was considered a
      wildcard instead of a dot. This patch fixes this so that it matches
      only dots, thus allowing the two following files to be checked:
      
      * tools/cert_create/include/cmd_opt.h
      * tools/cert_create/src/cmd_opt.c
      
      Also extended the list of library directories to check by checkpatch
      to exclude any folder starting with libfdt.
      
      Change-Id: Ie7bf18efe4df29e364e5d67ba1118515304ed9a4
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      55cdcf75
  19. 05 Jan, 2017 2 commits
  20. 14 Dec, 2016 1 commit
  21. 08 Nov, 2016 1 commit
  22. 27 Oct, 2016 1 commit
    • Antonio Nino Diaz's avatar
      Fix format of patches passed to checkpatch · c626311e
      Antonio Nino Diaz authored
      
      
      Checkpatch is a script developed to verify the style of Linux kernel
      patches. As Kernel developers use emails to send patches for review,
      checkpatch is prepared for that specific format. This change adapts
      the Makefile to use said format.
      
      As a result, indentation in the commit message has been removed, thus
      fixing the warnings about Signed-off-by lines being preceded by
      whitespace.
      
      Fixes ARM-software/tf-issues#432
      
      Change-Id: I00cb86365fe15f7e2c3a99a306c8eb51cf02fe86
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      c626311e
  23. 13 Oct, 2016 1 commit
  24. 12 Oct, 2016 1 commit
    • dp-arm's avatar
      Add PMF instrumentation points in TF · 872be88a
      dp-arm authored
      
      
      In order to quantify the overall time spent in the PSCI software
      implementation, an initial collection of PMF instrumentation points
      has been added.
      
      Instrumentation has been added to the following code paths:
      
      - Entry to PSCI SMC handler.  The timestamp is captured as early
        as possible during the runtime exception and stored in memory
        before entering the PSCI SMC handler.
      
      - Exit from PSCI SMC handler.  The timestamp is captured after
        normal return from the PSCI SMC handler or if a low power state
        was requested it is captured in the bl31 warm boot path before
        return to normal world.
      
      - Entry to low power state.  The timestamp is captured before entry
        to a low power state which implies either standby or power down.
        As these power states are mutually exclusive, only one timestamp
        is defined to describe both.  It is possible to differentiate between
        the two power states using the PSCI STAT interface.
      
      - Exit from low power state.  The timestamp is captured after a standby
        or power up operation has completed.
      
      To calculate the number of cycles spent running code in Trusted Firmware
      one can perform the following calculation:
      
      (exit_psci - enter_psci) - (exit_low_pwr - enter_low_pwr).
      
      The resulting number of cycles can be converted to time given the
      frequency of the counter.
      
      Change-Id: Ie3b8f3d16409b6703747093b3a2d5c7429ad0166
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      872be88a
  25. 10 Oct, 2016 1 commit
  26. 21 Sep, 2016 3 commits
    • Yatharth Kochar's avatar
      AArch32: Add ARM platform changes in BL2 · 6fe8aa2f
      Yatharth Kochar authored
      This patch adds ARM platform changes in BL2 for AArch32 state.
      It instantiates a descriptor array for ARM platforms describing
      image and entrypoint information for `SCP_BL2`, `BL32` and `BL33`.
      It also enables building of BL2 for ARCH=aarch32.
      
      Change-Id: I60dc7a284311eceba401fc789311c50ac746c51e
      6fe8aa2f
    • Yatharth Kochar's avatar
      AArch32: Add ARM platform changes in BL1 · 83fc4a93
      Yatharth Kochar authored
      This patch adds ARM platform changes in BL1 for AArch32 state.
      It also enables building of BL1 for ARCH=aarch32.
      
      Change-Id: I079be81a93d027f37b0f7d8bb474b1252bb4cf48
      83fc4a93
    • Yatharth Kochar's avatar
      AArch32: Common changes needed for BL1/BL2 · 1a0a3f06
      Yatharth Kochar authored
      This patch adds common changes to support AArch32 state in
      BL1 and BL2. Following are the changes:
      
      * Added functions for disabling MMU from Secure state.
      * Added AArch32 specific SMC function.
      * Added semihosting support.
      * Added reporting of unhandled exceptions.
      * Added uniprocessor stack support.
      * Added `el3_entrypoint_common` macro that can be
        shared by BL1 and BL32 (SP_MIN) BL stages. The
        `el3_entrypoint_common` is similar to the AArch64
        counterpart with the main difference in the assembly
        instructions and the registers that are relevant to
        AArch32 execution state.
      * Enabled `LOAD_IMAGE_V2` flag in Makefile for
        `ARCH=aarch32` and added check to make sure that
        platform has not overridden to disable it.
      
      Change-Id: I33c6d8dfefb2e5d142fdfd06a0f4a7332962e1a3
      1a0a3f06
  27. 20 Sep, 2016 1 commit
    • Yatharth Kochar's avatar
      Add new version of image loading. · 72600226
      Yatharth Kochar authored
      This patch adds capability to load BL images based on image
      descriptors instead of hard coded way of loading BL images.
      This framework is designed such that it can be readily adapted
      by any BL stage that needs to load images.
      
      In order to provide the above capability the following new
      platform functions are introduced:
      
        bl_load_info_t *plat_get_bl_image_load_info(void);
          This function returns pointer to the list of images that the
          platform has populated to load.
      
        bl_params_t *plat_get_next_bl_params(void);
          This function returns a pointer to the shared memory that the
          platform has kept aside to pass trusted firmware related
          information that next BL image needs.
      
        void plat_flush_next_bl_params(void);
          This function flushes to main memory all the params that
          are passed to next image.
      
        int bl2_plat_handle_post_image_load(unsigned int image_id)
          This function can be used by the platforms to update/use
          image information for given `image_id`.
      
      `desc_image_load.c` contains utility functions which can be used
      by the platforms to generate, load and executable, image list
      based on the registered image descriptors.
      
      This patch also adds new version of `load_image/load_auth_image`
      functions in-order to achieve the above capability.
      
      Following are the changes for the new version as compared to old:
        - Refactor the signature and only keep image_id and image_info_t
          arguments. Removed image_base argument as it is already passed
          through image_info_t. Given that the BL image base addresses and
          limit/size are already provided by the platforms, the meminfo_t
          and entry_point_info arguments are not needed to provide/reserve
          the extent of free memory for the given BL image.
      
        - Added check for the image size against the defined max size.
          This is needed because the image size could come from an
          unauthenticated source (e.g. the FIP header).
          To make this check, new member is added to the image_info_t
          struct for identifying the image maximum size.
      
      New flag `LOAD_IMAGE_V2` is added in the Makefile.
      Default value is 0.
      
      NOTE: `TRUSTED_BOARD_BOOT` is currently not supported when
            `LOAD_IMAGE_V2` is enabled.
      
      Change-Id: Ia7b643f4817a170d5a2fbf479b9bc12e63112e79
      72600226
  28. 26 Aug, 2016 1 commit
    • dp-arm's avatar
      Move pmf headers to include/lib/pmf · afdda571
      dp-arm authored
      More headers will be needed soon so better to move these to their own
      directory to avoid cluttering include/lib.
      
      Change-Id: I6a72dc5b602d6f51954cf60aadd1beb52a268670
      afdda571
  29. 15 Aug, 2016 1 commit
    • Soby Mathew's avatar
      AArch32: Enable build at top level Makefile for FVP · 9d29c227
      Soby Mathew authored
      This patch enables the AArch32 build including SP_MIN in the
      top level Makefile. The build flag `ARCH` now can specify either
      `aarch64`(default) or `aarch32`. Currently only FVP AEM model is
      supported for AArch32 build. Another new build flag `AARCH32_SP`
      is introduced to specify the AArch32 secure payload to be built.
      
      Change-Id: Ie1198cb9e52d7da1b79b93243338fc3868b08faa
      9d29c227
  30. 10 Aug, 2016 1 commit
    • Soby Mathew's avatar
      AArch32: Add essential Arch helpers · 031dbb12
      Soby Mathew authored
      This patch adds the essential AArch32 architecture helpers
      arch.h and arch_helpers.h and modifies `_types.h` to add AArch32
      support.
      
      A new build option `ARCH` is defined in the top level makefile to
      enable the component makefiles to choose the right files based on the
      Architecture it is being build for. Depending on this flag, either
      `AARCH32` or `AARCH64` flag is defined by the Makefile. The default
      value of `ARCH` flag is `aarch64`. The AArch32 build support will be
      added in a later patch.
      
      Change-Id: I405e5fac02db828a55cd25989b572b64cb005241
      031dbb12
  31. 29 Jul, 2016 1 commit
    • dp-arm's avatar
      Replace fip_create with fiptool · 819281ee
      dp-arm authored
      fiptool provides a more consistent and intuitive interface compared to
      the fip_create program.  It serves as a better base to build on more
      features in the future.
      
      fiptool supports various subcommands.  Below are the currently
      supported subcommands:
      
      1) info   - List the images contained in a FIP file.
      2) create - Create a new FIP file with the given images.
      3) update - Update an existing FIP with the given images.
      4) unpack - Extract a selected set or all the images from a FIP file.
      5) remove - Remove images from a FIP file.  This is a new command that
         was not present in fip_create.
      
      To create a new FIP file, replace "fip_create" with "fiptool create".
      
      To update a FIP file, replace "fip_create" with "fiptool update".
      
      To dump the contents of a FIP file, replace "fip_create --dump" with
      "fiptool info".
      
      A compatibility script that emulates the basic functionality of
      fip_create is provided.  Existing scripts might or might not work with
      the compatibility script.  Users are strongly encouraged to migrate to
      fiptool.
      
      Fixes ARM-Software/tf-issues#87
      Fixes ARM-Software/tf-issues#108
      Fixes ARM-Software/tf-issues#361
      
      Change-Id: I7ee4da7ac60179cc83cf46af890fd8bc61a53330
      819281ee
  32. 18 Jul, 2016 1 commit
    • Soby Mathew's avatar
      Introduce `el3_runtime` and `PSCI` libraries · 532ed618
      Soby Mathew authored
      This patch moves the PSCI services and BL31 frameworks like context
      management and per-cpu data into new library components `PSCI` and
      `el3_runtime` respectively. This enables PSCI to be built independently from
      BL31. A new `psci_lib.mk` makefile is introduced which adds the relevant
      PSCI library sources and gets included by `bl31.mk`. Other changes which
      are done as part of this patch are:
      
      * The runtime services framework is now moved to the `common/` folder to
        enable reuse.
      * The `asm_macros.S` and `assert_macros.S` helpers are moved to architecture
        specific folder.
      * The `plat_psci_common.c` is moved from the `plat/common/aarch64/` folder
        to `plat/common` folder. The original file location now has a stub which
        just includes the file from new location to maintain platform compatibility.
      
      Most of the changes wouldn't affect platform builds as they just involve
      changes to the generic bl1.mk and bl31.mk makefiles.
      
      NOTE: THE `plat_psci_common.c` FILE HAS MOVED LOCATION AND THE STUB FILE AT
      THE ORIGINAL LOCATION IS NOW DEPRECATED. PLATFORMS SHOULD MODIFY THEIR
      MAKEFILES TO INCLUDE THE FILE FROM THE NEW LOCATION.
      
      Change-Id: I6bd87d5b59424995c6a65ef8076d4fda91ad5e86
      532ed618
  33. 08 Jul, 2016 1 commit
    • Sandrine Bailleux's avatar
      Introduce SEPARATE_CODE_AND_RODATA build flag · 5d1c104f
      Sandrine Bailleux authored
      At the moment, all BL images share a similar memory layout: they start
      with their code section, followed by their read-only data section.
      The two sections are contiguous in memory. Therefore, the end of the
      code section and the beginning of the read-only data one might share
      a memory page. This forces both to be mapped with the same memory
      attributes. As the code needs to be executable, this means that the
      read-only data stored on the same memory page as the code are
      executable as well. This could potentially be exploited as part of
      a security attack.
      
      This patch introduces a new build flag called
      SEPARATE_CODE_AND_RODATA, which isolates the code and read-only data
      on separate memory pages. This in turn allows independent control of
      the access permissions for the code and read-only data.
      
      This has an impact on memory footprint, as padding bytes need to be
      introduced between the code and read-only data to ensure the
      segragation of the two. To limit the memory cost, the memory layout
      of the read-only section has been changed in this case.
      
       - When SEPARATE_CODE_AND_RODATA=0, the layout is unchanged, i.e.
         the read-only section still looks like this (padding omitted):
      
         |        ...        |
         +-------------------+
         | Exception vectors |
         +-------------------+
         |  Read-only data   |
         +-------------------+
         |       Code        |
         +-------------------+ BLx_BASE
      
         In this case, the linker script provides the limits of the whole
         read-only section.
      
       - When SEPARATE_CODE_AND_RODATA=1, the exception vectors and
         read-only data are swapped, such that the code and exception
         vectors are contiguous, followed by the read-only data. This
         gives the following new layout (padding omitted):
      
         |        ...        |
         +-------------------+
         |  Read-only data   |
         +-------------------+
         | Exception vectors |
         +-------------------+
         |       Code        |
         +-------------------+ BLx_BASE
      
         In this case, the linker script now exports 2 sets of addresses
         instead: the limits of the code and the limits of the read-only
         data. Refer to the Firmware Design guide for more details. This
         provides platform code with a finer-grained view of the image
         layout and allows it to map these 2 regions with the appropriate
         access permissions.
      
      Note that SEPARATE_CODE_AND_RODATA applies to all BL images.
      
      Change-Id: I936cf80164f6b66b6ad52b8edacadc532c935a49
      5d1c104f
  34. 16 Jun, 2016 1 commit
    • Yatharth Kochar's avatar
      Add optional PSCI STAT residency & count functions · 170fb93d
      Yatharth Kochar authored
      This patch adds following optional PSCI STAT functions:
      
      - PSCI_STAT_RESIDENCY: This call returns the amount of time spent
        in power_state in microseconds, by the node represented by the
        `target_cpu` and the highest level of `power_state`.
      
      - PSCI_STAT_COUNT: This call returns the number of times a
        `power_state` has been used by the node represented by the
        `target_cpu` and the highest power level of `power_state`.
      
      These APIs provides residency statistics for power states that has
      been used by the platform. They are implemented according to v1.0
      of the PSCI specification.
      
      By default this optional feature is disabled in the PSCI
      implementation. To enable it, set the boolean flag
      `ENABLE_PSCI_STAT` to 1. This also sets `ENABLE_PMF` to 1.
      
      Change-Id: Ie62e9d37d6d416ccb1813acd7f616d1ddd3e8aff
      170fb93d