- 29 Dec, 2019 1 commit
-
-
Samuel Holland authored
Some platforms are extremely memory constrained and must split BL31 between multiple non-contiguous areas in SRAM. Allow the NOBITS sections (.bss, stacks, page tables, and coherent memory) to be placed in a separate region of RAM from the loaded firmware image. Because the NOBITS region may be at a lower address than the rest of BL31, __RW_{START,END}__ and __BL31_{START,END}__ cannot include this region, or el3_entrypoint_common would attempt to invalidate the dcache for the entire address space. New symbols __NOBITS_{START,END}__ are added when SEPARATE_NOBITS_REGION is enabled, and the dcached for the NOBITS region is invalidated separately. Signed-off-by: Samuel Holland <samuel@sholland.org> Change-Id: Idedfec5e4dbee77e94f2fdd356e6ae6f4dc79d37
-
- 20 Dec, 2019 2 commits
-
-
Paul Beesley authored
The Secure Partition Manager (SPM) prototype implementation is being removed. This is preparatory work for putting in place a dispatcher component that, in turn, enables partition managers at S-EL2 / S-EL1. This patch removes: - The core service files (std_svc/spm) - The Resource Descriptor headers (include/services) - SPRT protocol support and service definitions - SPCI protocol support and service definitions Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426 Signed-off-by: Paul Beesley <paul.beesley@arm.com> Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
-
Paul Beesley authored
There are two different implementations of Secure Partition management in TF-A. One is based on the "Management Mode" (MM) design, the other is based on the Secure Partition Client Interface (SPCI) specification. Currently there is a dependency between their build flags that shouldn't exist, making further development harder than it should be. This patch removes that dependency, making the two flags function independently. Before: ENABLE_SPM=1 is required for using either implementation. By default, the SPCI-based implementation is enabled and this is overridden if SPM_MM=1. After: ENABLE_SPM=1 enables the SPCI-based implementation. SPM_MM=1 enables the MM-based implementation. The two build flags are mutually exclusive. Note that the name of the ENABLE_SPM flag remains a bit ambiguous - this will be improved in a subsequent patch. For this patch the intention was to leave the name as-is so that it is easier to track the changes that were made. Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
- 17 Dec, 2019 1 commit
-
-
Olivier Deprez authored
The 9p interface provides abstraction layers allowing the software that uses devices to be independent from the hardware. This patch provides a file system abstraction to link drivers to their devices and propose a common interface to expose driver operations to higher layers. This file system can be used to access and configure a device by doing read/write operations. Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: Ia9662393baf489855dc0c8f389fe4a0afbc9c255
-
- 16 Dec, 2019 1 commit
-
-
Justin Chadwell authored
-Wpadded warns whenever the C compiler automatically includes any padding in a structure. Because TF-A has a large number of structures, this occurs fairly frequently and is incredibly verbose, and as such is unlikely to ever be fixed. The utility of this warning is also extremely limited - knowing that a structure includes padding does not point to the existence of an error, and is probably quite unlikely to indicate actually buggy behaviour. Therefore, it's probably best to keep this warning off at all times. Change-Id: I0797cb75f06b4fea0d2fdc16fd5ad978a31d76ec Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
- 13 Dec, 2019 1 commit
-
-
Justin Chadwell authored
A function declaration declares the name of the function and the type of the parameter it returns. A function prototype is a function declaration that also specifies the type of the arguments of the function. Essentially, a function prototype helps the compiler ensure whether the function call matches the return type and the right number/type of arguments of function. A function prototype itself serves as a function declaration for new style functions. The warning flag -wmissing-prototype is good enough to check for missing function prototype and is exhaustive compared to -wmissing-declaration, therefore making the later redundant. Note that, at this point, these flags are part of WARNING1 which is not used for TF-A build by default. Several platforms use upstream libraries (such as zlib etc) which are in old style c code. After the TF-A build process is restructred using CMake framework, we plan to enable WARNING1, WARNING2 and WARNING3 incrementally as the new build platform can compile each BL binary of a particular platform with set of unique compilation flags. Change-Id: I9c6bf9da74e0840e4d2624bc12376e199953c213 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
- 04 Dec, 2019 1 commit
-
-
Samuel Holland authored
Currently, sections within .text/.rodata/.data/.bss are emitted in the order they are seen by the linker. This leads to wasted space, when a section with a larger alignment follows one with a smaller alignment. We can avoid this wasted space by sorting the sections. To take full advantage of this, we must disable generation of common symbols, so "common" data can be sorted along with the rest of .bss. An example of the improvement, from `make DEBUG=1 PLAT=sun50i_a64 bl31`: .text => no change .rodata => 16 bytes saved .data => 11 bytes saved .bss => 576 bytes saved As a side effect, the addition of `-fno-common` in TF_CFLAGS makes it easier to spot bugs in header files. Signed-off-by: Samuel Holland <samuel@sholland.org> Change-Id: I073630a9b0b84e7302a7a500d4bb4b547be01d51
-
- 03 Dec, 2019 1 commit
-
-
Justin Chadwell authored
-Wunused-const-variable=1 is already included by -Wunused-variable, which is part of -Wall. -Wunused-const-variable=2, which is what we have been using as part of W=1, warns for unused static const variables in headers, which will likely produce a lot of false positives that will take a large effort to fix. Additionally, some of these issues may be caused by different builds of TF-A where some features are used in some builds and ignored in others. Change-Id: Ifa0b16a75344cc1f6240e8d5745005f8f2046d34 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
- 02 Dec, 2019 1 commit
-
-
zelalem-aweke authored
This patch enables LTO for TF-A when compiled with GCC. LTO is disabled by default and is enabled by ENABLE_LTO=1 build option. LTO is enabled only for aarch64 as there seem to be a bug in the aarch32 compiler when LTO is enabled. The changes in the makefiles include: - Adding -flto and associated flags to enable LTO. - Using gcc as a wrapper at link time instead of ld. This is recommended when using LTO as gcc internally takes care of invoking the necessary plugins for LTO. - Adding switches to pass options to ld. - Adding a flag to disable fix for erratum cortex-a53-843419 unless explicitly enabled. This is needed because GCC seem to automatically add the erratum fix when used as a wrapper for LD. Additionally, this patch updates the TF-A user guide with the new build option. Signed-off-by: zelalem-aweke <zelalem.aweke@arm.com> Change-Id: I1188c11974da98434b7dc9344e058cd1eacf5468
-
- 25 Nov, 2019 1 commit
-
-
Louis Mayencourt authored
Create a new "memmap" target for the Makefile, which prints a representation of the memory map for the build. The information are extracted from the .map files by the "print_memory_map.py" tools. Change-Id: Id5ebc7ce8a3a571c7ac4848be14657cf2fd711f4 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 19 Nov, 2019 4 commits
-
-
Justin Chadwell authored
-Wlogical-op prevents common errors with using numerical constants where a boolean one is expected as well as when the operands of a logical operator are the same. While these are perfectly valid behavior, they can be a sign that something is slightly off. This patch adds this warning to gcc and it's closest equivalent to clang, while also fixing any warnings that enabling them causes. Change-Id: Iabadfc1e6ee0c44eef6685a23b0aed8abef8ce89 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
Justin Chadwell authored
Variable shadowing is, according to the C standard, permitted and valid behaviour. However, allowing a local variable to take the same name as a global one can cause confusion and can make refactoring and bug hunting more difficult. This patch moves -Wshadow from WARNING2 into the general warning group so it is always used. It also fixes all warnings that this introduces by simply renaming the local variable to a new name Change-Id: I6b71bdce6580c6e58b5e0b41e4704ab0aa38576e Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
Justin Chadwell authored
Both -Wmissing-field-initializers and -Wsign-compare are both covered by -Wextra which is enabled at W=1 anyway. Therefore, the explicit options are not required. Change-Id: I2e7d95b5fc14af7c70895859a7ebbeac5bc0d2a4 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
Justin Chadwell authored
This patch keeps the same warnings, and simply reorders them to keep all the warning options together in one place. Change-Id: Ibb655dcabc84f3af01a0d7f71f5af7e0479c2521 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
- 15 Oct, 2019 1 commit
-
-
Deepika Bhavnani authored
Signed-off-by: Deepika Bhavnani <deepika.bhavnani@arm.com> Change-Id: Ia03701e2e37e3a00a501b144960a4a65aedbfde9
-
- 04 Oct, 2019 1 commit
-
-
Soby Mathew authored
Make the spinlock implementation use ARMv8.1-LSE CAS instruction based on a platform build option. The CAS-based implementation used to be unconditionally selected for all ARM8.1+ platforms. The previous CAS spinlock implementation had a bug wherein the spin_unlock() implementation had an `sev` after `stlr` which is not sufficient. A dsb is needed to ensure that the stlr completes prior to the sev. Having a dsb is heavyweight and a better solution would be to use load exclusive semantics to monitor the lock and wake up from wfe when a store happens to the lock. The patch implements the same. Change-Id: I5283ce4a889376e4cc01d1b9d09afa8229a2e522 Signed-off-by: Soby Mathew <soby.mathew@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
-
- 12 Sep, 2019 2 commits
-
-
Justin Chadwell authored
Previously, TF-A could not support large RSA key sizes as the configuration options passed to MBEDTLS prevented storing and performing calculations with the larger, higher-precision numbers required. With these changes to the arguments passed to MBEDTLS, TF-A now supports using 3072 (3K) and 4096 (4K) keys in certificates. Change-Id: Ib73a6773145d2faa25c28d04f9a42e86f2fd555f Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
Hadi Asyrafi authored
Some of the platform (ie. Agilex) make use of CCU IPs which will only be initialized during bl2_el3_early_platform_setup. Any operation to the cache beforehand will crash the platform. Hence, this will provide an option to skip the data cache invalidation upon bl2 entry at EL3 Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com> Change-Id: I2c924ed0589a72d0034714c31be8fe57237d1f06
-
- 11 Sep, 2019 1 commit
-
-
Justin Chadwell authored
This patch adds support for the Undefined Behaviour sanitizer. There are two types of support offered - minimalistic trapping support which essentially immediately crashes on undefined behaviour and full support with full debug messages. The full support relies on ubsan.c which has been adapted from code used by OPTEE. Change-Id: I417c810f4fc43dcb56db6a6a555bfd0b38440727 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
- 09 Sep, 2019 1 commit
-
-
Justin Chadwell authored
This patch adds support for the new Memory Tagging Extension arriving in ARMv8.5. MTE support is now enabled by default on systems that support at EL0. To enable it at ELx for both the non-secure and the secure world, the compiler flag CTX_INCLUDE_MTE_REGS includes register saving and restoring when necessary in order to prevent register leakage between the worlds. Change-Id: I2d4ea993d6b11654ea0d4757d00ca20d23acf36c Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
- 01 Aug, 2019 2 commits
-
-
Julius Werner authored
NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__. All common C compilers pre-define the same macros to signal which architecture the code is being compiled for: __arm__ for AArch32 (or earlier versions) and __aarch64__ for AArch64. There's no need for TF-A to define its own custom macros for this. In order to unify code with the export headers (which use __aarch64__ to avoid another dependency), let's deprecate the AARCH32 and AARCH64 macros and switch the code base over to the pre-defined standard macro. (Since it is somewhat unintuitive that __arm__ only means AArch32, let's standardize on only using __aarch64__.) Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200 Signed-off-by: Julius Werner <jwerner@chromium.org>
-
Julius Werner authored
NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__. All common C compilers predefine a macro called __ASSEMBLER__ when preprocessing a .S file. There is no reason for TF-A to define it's own __ASSEMBLY__ macro for this purpose instead. To unify code with the export headers (which use __ASSEMBLER__ to avoid one extra dependency), let's deprecate __ASSEMBLY__ and switch the code base over to the predefined standard. Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417 Signed-off-by: Julius Werner <jwerner@chromium.org>
-
- 12 Jul, 2019 1 commit
-
-
Justin Chadwell authored
The -Wshift-overflow=2 option enables checks for left bit shifts. Specifically, the option will warn when the result of a shift will be placed into a signed integer and overflow the sign bit there, which results in undefined behavior. To avoid the warnings from these checks, the left operand of a shift can be made an unsigned integer by using the U() macro or appending the u suffix. Change-Id: I50c67bedab86a9fdb6c87cfdc3e784f01a22d560 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
- 10 Jul, 2019 1 commit
-
-
John Tsichritzis authored
The project has been renamed from "Arm Trusted Firmware (ATF)" to "Trusted Firmware-A (TF-A)" long ago. A few references to the old project name that still remained in various places have now been removed. This change doesn't affect any platform files. Any "ATF" references inside platform files, still remain. Change-Id: Id97895faa5b1845e851d4d50f5750de7a55bf99e Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 28 Jun, 2019 1 commit
-
-
Ambroise Vincent authored
The new API becomes the default one. Change-Id: Ic1d602da3dff4f4ebbcc158b885295c902a24fec Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
-
- 24 May, 2019 4 commits
-
-
Alexei Fedorov authored
This patch adds the functionality needed for platforms to provide Branch Target Identification (BTI) extension, introduced to AArch64 in Armv8.5-A by adding BTI instruction used to mark valid targets for indirect branches. The patch sets new GP bit [50] to the stage 1 Translation Table Block and Page entries to denote guarded EL3 code pages which will cause processor to trap instructions in protected pages trying to perform an indirect branch to any instruction other than BTI. BTI feature is selected by BRANCH_PROTECTION option which supersedes the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication and is disabled by default. Enabling BTI requires compiler support and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0. The assembly macros and helpers are modified to accommodate the BTI instruction. This is an experimental feature. Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3 is now made as an internal flag and BRANCH_PROTECTION flag should be used instead to enable Pointer Authentication. Note. USE_LIBROM=1 option is currently not supported. Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
Ambroise Vincent authored
The flags are taken from the different warning levels of the build system when they do not generate any error with the current upstreamed platforms. Change-Id: Ia70cff83bedefb6d2f0dd266394ef77fe47e7f65 Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
-
John Tsichritzis authored
When TF-A is compiled with BTI enabled, the branches in the ROMLIB jumptable must be preceded by a "bti j" instruction. Moreover, when the additional "bti" instruction is inserted, the jumptable entries have a distance of 8 bytes between them instead of 4. Hence, the wrappers are also modified accordinly. If TF-A is compiled without BTI enabled, the ROMLIB jumptable and wrappers are generated as before. Change-Id: Iaa59897668f8e59888d39046233300c2241d8de7 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
John Tsichritzis authored
Changes to make the help text a bit more readable: 1) The "usage" part is now a one-liner 2) The supported platforms list is printed separately Change-Id: I93e48a6cf1d28f0ef9f3db16ce17725e4dff33c9 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 22 May, 2019 1 commit
-
-
Paul Beesley authored
Previously checkpatch was invoked with options to make it ignore Markdown (md) files as this was the dominant format for TF-A documents. Now that rst is being used everywhere this option needs updating. Change-Id: I59b5a0bcc45d2386df4f880b8d333baef0bbee77 Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
- 09 May, 2019 1 commit
-
-
John Tsichritzis authored
Pointer authentication is supported only in AArch64. A relevant check is added for that in the Makefile. Change-Id: I021ba65a9bd5764fd33292bee42617015e04a870 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 03 Apr, 2019 1 commit
-
-
Ambroise Vincent authored
Now it is needed to use the full path of the common header files. Commit 09d40e0e ("Sanitise includes across codebase") provides more information. Change-Id: Ifedc79d9f664d208ba565f5736612a3edd94c647 Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
-
- 26 Mar, 2019 1 commit
-
-
Soby Mathew authored
Change-Id: I6d8a6419df4d4924214115facbce90715a1a0371 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 18 Mar, 2019 1 commit
-
-
Alexei Fedorov authored
Declare ENABLE_PAUTH and CTX_INCLUDE_PAUTH_REGS build options as experimental. Pointer Authentication is enabled for Non-secure world irrespective of the value of these build flags if the CPU supports it. The patch also fixes the description of fiptool 'help' command. Change-Id: I46de3228fbcce774a2624cd387798680d8504c38 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 12 Mar, 2019 2 commits
-
-
Alexei Fedorov authored
Change-Id: I56ea088f415bdb9077c385bd3450ff4b2cfa2eac Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
Louis Mayencourt authored
Since binutils 1a9ccd70f9a7[1] TFA will not link when the PIE option is used: aarch64-linux-gnu-ld: build/fvp/debug/bl31/bl31.elf: Not enough room for program headers, try linking with -N aarch64-linux-gnu-ld: final link failed: Bad value This issue was also encountered by u-boot[2] and linux powerpc kernel [3]. The fix is to provide --no-dynamic-linker for the linker. This tells the linker that PIE does not need loaded program program headers. Fix https://github.com/ARM-software/tf-issues/issues/675 [1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=1a9ccd70f9a7 [2] http://git.denx.de/?p=u-boot.git;a=commit;h=e391b1e64b0bd65709a28a4764afe4f32d408243 [3] https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next&id=ff45000fcb56b5b0f1a14a865d3541746d838a0a Change-Id: Ic3c33c795a9b7bdeab0e87c4345153ce2703a524 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 11 Mar, 2019 1 commit
-
-
Yann Gautier authored
It can be handy for example to add --strict option which can detect more coding issues, even if not mandated by TF-A coding rules. To use it: CHECKPATCH_OPTS="--strict" make checkpatch Change-Id: I707e4cc2d1250b21f18ff16169b5f1e5ab03a7ed Signed-off-by: Yann Gautier <yann.gautier@st.com>
-
- 27 Feb, 2019 3 commits
-
-
Varun Wadekar authored
This patch provides support for using the scatterfile format as the linker script with the 'armlink' linker for Tegra platforms. In order to enable the scatterfile usage the following changes have been made: * provide mapping for ld.S symbols in bl_common.h * include bl_common.h from all the affected files * update the makefile rules to use the scatterfile and armlink to compile BL31 * update pubsub.h to add sections to the scatterfile NOTE: THIS CHANGE HAS BEEN VERIFIED WITH TEGRA PLATFORMS ONLY. Change-Id: I7bb78b991c97d74a842e5635c74cb0b18e0fce67 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Antonio Nino Diaz authored
The previous commit added the infrastructure to load and save ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but didn't actually enable pointer authentication in the firmware. This patch adds the functionality needed for platforms to provide authentication keys for the firmware, and a new option (ENABLE_PAUTH) to enable pointer authentication in the firmware itself. This option is disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be enabled. Change-Id: I35127ec271e1198d43209044de39fa712ef202a5 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
ARMv8.3-PAuth adds functionality that supports address authentication of the contents of a register before that register is used as the target of an indirect branch, or as a load. This feature is supported only in AArch64 state. This feature is mandatory in ARMv8.3 implementations. This feature adds several registers to EL1. A new option called CTX_INCLUDE_PAUTH_REGS has been added to select if the TF needs to save them during Non-secure <-> Secure world switches. This option must be enabled if the hardware has the registers or the values will be leaked during world switches. To prevent leaks, this patch also disables pointer authentication in the Secure world if CTX_INCLUDE_PAUTH_REGS is 0. Any attempt to use it will be trapped in EL3. Change-Id: I27beba9907b9a86c6df1d0c5bf6180c972830855 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-