Skip to content

GitLab

Switch branch/tag
  1. 28 Feb, 2019 1 commit
  3. 27 Feb, 2019 2 commits
    • Antonio Nino Diaz's avatar
      Add support for pointer authentication · b86048c4
      Antonio Nino Diaz authored 
      

The previous commit added the infrastructure to load and save
ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
didn't actually enable pointer authentication in the firmware.

This patch adds the functionality needed for platforms to provide
authentication keys for the firmware, and a new option (ENABLE_PAUTH) to
enable pointer authentication in the firmware itself. This option is
disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be
enabled.

Change-Id: I35127ec271e1198d43209044de39fa712ef202a5
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      b86048c4
    • Antonio Nino Diaz's avatar
      Add ARMv8.3-PAuth registers to CPU context · 5283962e
      Antonio Nino Diaz authored 
      

ARMv8.3-PAuth adds functionality that supports address authentication of
the contents of a register before that register is used as the target of
an indirect branch, or as a load.

This feature is supported only in AArch64 state.

This feature is mandatory in ARMv8.3 implementations.

This feature adds several registers to EL1. A new option called
CTX_INCLUDE_PAUTH_REGS has been added to select if the TF needs to save
them during Non-secure <-> Secure world switches. This option must be
enabled if the hardware has the registers or the values will be leaked
during world switches.

To prevent leaks, this patch also disables pointer authentication in the
Secure world if CTX_INCLUDE_PAUTH_REGS is 0. Any attempt to use it will
be trapped in EL3.

Change-Id: I27beba9907b9a86c6df1d0c5bf6180c972830855
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      5283962e
  5. 19 Feb, 2019 2 commits
  7. 08 Feb, 2019 2 commits
  9. 23 Jan, 2019 1 commit
    • Sathees Balya's avatar
      plat/arm: Save BL2 descriptors to reserved memory. · 5b8d50e4
      Sathees Balya authored 
      

On ARM platforms, the BL2 memory can be overlaid by BL31/BL32. The memory
descriptors describing the list of executable images are created in BL2
R/W memory, which could be possibly corrupted later on by BL31/BL32 due
to overlay. This patch creates a reserved location in SRAM for these
descriptors and are copied over by BL2 before handing over to next BL
image.

Also this patch increases the PLAT_ARM_MAX_BL2_SIZE for juno when TBBR
is enabled.

Fixes ARM-Software/tf-issues#626

Change-Id: I755735706fa702024b4032f51ed4895b3687377f
Signed-off-by: default avatarSathees Balya <sathees.balya@arm.com>
      5b8d50e4
  11. 15 Jan, 2019 1 commit
    • Paul Beesley's avatar
      Correct typographical errors · 8aabea33
      Paul Beesley authored 
      

Corrects typos in core code, documentation files, drivers, Arm
platforms and services.

None of the corrections affect code; changes are limited to comments
and other documentation.

Change-Id: I5c1027b06ef149864f315ccc0ea473e2a16bfd1d
Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      8aabea33
  13. 26 Nov, 2018 1 commit
  15. 16 Oct, 2018 1 commit
    • Jeenu Viswambharan's avatar
      AArch64: Enable lower ELs to use pointer authentication · 3ff4aaac
      Jeenu Viswambharan authored 
      

Pointer authentication is an Armv8.3 feature that introduces
instructions that can be used to authenticate and verify pointers.

Pointer authentication instructions are allowed to be accessed from all
ELs but only when EL3 explicitly allows for it; otherwise, their usage
will trap to EL3. Since EL3 doesn't have trap handling in place, this
patch unconditionally disables all related traps to EL3 to avoid
potential misconfiguration leading to an unhandled EL3 exception.

Fixes ARM-software/tf-issues#629

Change-Id: I9bd2efe0dc714196f503713b721ffbf05672c14d
Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      3ff4aaac
  17. 03 Oct, 2018 1 commit
    • Daniel Boulby's avatar
      Introduce RECLAIM_INIT_CODE build flag · 1dcc28cf
      Daniel Boulby authored 
      

This patch introduces a build flag "RECLAIM_INIT_CODE" to mark boot time
code which allows platforms to place this memory in an appropriate
section to be reclaimed later. This features is primarily targeted for
BL31. Appropriate documentation updates are also done.

Change-Id: If0ca062851614805d769c332c771083d46599194
Signed-off-by: default avatarDaniel Boulby <daniel.boulby@arm.com>
      1dcc28cf
  19. 01 Oct, 2018 1 commit
  21. 28 Sep, 2018 2 commits
  23. 26 Jun, 2018 1 commit
  25. 11 Jun, 2018 1 commit
  27. 07 Jun, 2018 1 commit
  29. 15 Mar, 2018 1 commit
  31. 13 Mar, 2018 1 commit
  33. 29 Jan, 2018 1 commit
  35. 18 Jan, 2018 1 commit
  37. 03 Jan, 2018 1 commit
  39. 15 Nov, 2017 1 commit
    • David Cunado's avatar
      Move FPEXC32_EL2 to FP Context · 91089f36
      David Cunado authored 
      

The FPEXC32_EL2 register controls SIMD and FP functionality when the
lower ELs are executing in AArch32 mode. It is architecturally mapped
to AArch32 system register FPEXC.

This patch removes FPEXC32_EL2 register from the System Register context
and adds it to the floating-point context. EL3 only saves / restores the
floating-point context if the build option CTX_INCLUDE_FPREGS is set to 1.

The rationale for this change is that if the Secure world is using FP
functionality and EL3 is not managing the FP context, then the Secure
world will save / restore the appropriate FP registers.

NOTE - this is a break in behaviour in the unlikely case that
CTX_INCLUDE_FPREGS is set to 0 and the platform contains an AArch32
Secure Payload that modifies FPEXC, but does not save and restore
this register

Change-Id: Iab80abcbfe302752d52b323b4abcc334b585c184
Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      91089f36
  41. 08 Nov, 2017 1 commit
    • Etienne Carriere's avatar
      ARMv7 target is driven by ARM_ARCH_MAJOR==7 · 26e63c44
      Etienne Carriere authored 
      

External build environment shall sets directive ARM_ARCH_MAJOR to 7
to specify a target ARMv7-A core.

As ARM-TF expects AARCH to be set, ARM_ARCH_MAJOR==7 mandates
AARCH=aarch32.

The toolchain target architecture/cpu is delegated after the platform
configuration is parsed. Platform shall define target core through
ARM_CORTEX_A<x>=yes, <x> being 5, 7, 9, 12, 15 and/or 17.

Platform can bypass ARM_CORTEX_A<x>=yes directive and provide straight
the toolchain target directive through MARCH32_DIRECTIVE.
Signed-off-by: default avatarEtienne Carriere <etienne.carriere@linaro.org>
      26e63c44
  43. 31 Oct, 2017 1 commit
  45. 23 Oct, 2017 2 commits
  47. 16 Oct, 2017 2 commits
    • Jeenu Viswambharan's avatar
      GIC: Allow specifying interrupt properties · c639e8eb
      Jeenu Viswambharan authored 
      

The GIC driver initialization currently allows an array of interrupts to
be configured as secure. Future use cases would require more interrupt
configuration other than just security, such as priority.

This patch introduces a new interrupt property array as part of both
GICv2 and GICv3 driver data. The platform can populate the array with
interrupt numbers and respective properties. The corresponding driver
initialization iterates through the array, and applies interrupt
configuration as required.

This capability, and the current way of supplying array (or arrays, in
case of GICv3) of secure interrupts, are however mutually exclusive.
Henceforth, the platform should supply either:

  - A list of interrupts to be mapped as secure (the current way).
    Platforms that do this will continue working as they were. With this
    patch, this scheme is deprecated.

  - A list of interrupt properties (properties include interrupt group).
    Individual interrupt properties are specified via. descriptors of
    type 'interrupt_prop_desc_t', which can be populated with the macro
    INTR_PROP_DESC().

A run time assert checks that the platform doesn't specify both.

Henceforth the old scheme of providing list of secure interrupts is
deprecated. When built with ERROR_DEPRECATED=1, GIC drivers will require
that the interrupt properties are supplied instead of an array of secure
interrupts.

Add a section to firmware design about configuring secure interrupts.

Fixes ARM-software/tf-issues#262

Change-Id: I8eec29e72eb69dbb6bce77879febf32c95376942
Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      c639e8eb
    • Qixiang Xu's avatar
      docs: Update Trusted Board Boot Requirements document number · 67b66903
      Qixiang Xu authored 
      

Update DEN0006B-5(2013) to DEN0006C-1(2015)

Change-Id: I753a14214dde827d004fd04c47b5ba112df38d73
Signed-off-by: default avatarQixiang Xu <qixiang.xu@arm.com>
      67b66903
  49. 13 Oct, 2017 1 commit
  51. 24 Aug, 2017 2 commits
    • Isla Mitchell's avatar
      Enable CnP bit for ARMv8.2 CPUs · 9fce2725
      Isla Mitchell authored 
      

This patch enables the CnP (Common not Private) bit for secure page
tables so that multiple PEs in the same Inner Shareable domain can use
the same translation table entries for a given stage of translation in
a particular translation regime. This only takes effect when ARM
Trusted Firmware is built with ARM_ARCH_MINOR >= 2.

ARM Trusted Firmware Design has been updated to include a description
of this feature usage.

Change-Id: I698305f047400119aa1900d34c65368022e410b8
Signed-off-by: default avatarIsla Mitchell <isla.mitchell@arm.com>
      9fce2725
    • Jeenu Viswambharan's avatar
      firmware-design.rst: Fix formatting · 579b4adb
      Jeenu Viswambharan authored 
      

The format conversion wrongly formatted a couple of sections. These were
also missing from the Table of Contents.

Change-Id: I324216c27e7b4711e6cc5e25782f4b53842140cc
Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      579b4adb
  53. 23 Aug, 2017 1 commit
  55. 08 Aug, 2017 1 commit
  57. 29 Jun, 2017 3 commits
  59. 28 Jun, 2017 1 commit
  61. 21 Jun, 2017 1 commit
    • David Cunado's avatar
      Fully initialise essential control registers · 18f2efd6
      David Cunado authored 
      

This patch updates the el3_arch_init_common macro so that it fully
initialises essential control registers rather then relying on hardware
to set the reset values.

The context management functions are also updated to fully initialise
the appropriate control registers when initialising the non-secure and
secure context structures and when preparing to leave EL3 for a lower
EL.

This gives better alignement with the ARM ARM which states that software
must initialise RES0 and RES1 fields with 0 / 1.

This patch also corrects the following typos:

"NASCR definitions" -> "NSACR definitions"

Change-Id: Ia8940b8351dc27bc09e2138b011e249655041cfc
Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      18f2efd6