1. 11 Jun, 2015 1 commit
    • Varun Wadekar's avatar
      Boot Trusted OS' on Tegra SoCs · dc7fdad2
      Varun Wadekar authored
      
      
      This patch adds support to run a Trusted OS during boot time. The
      previous stage bootloader passes the entry point information in
      the 'bl32_ep_info' structure, which is passed over to the SPD.
      
      The build system expects the dispatcher to be passed as an input
      parameter using the 'SPD=<dispatcher>' option. The Tegra docs have
      also been updated with this information.
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      dc7fdad2
  2. 29 May, 2015 1 commit
    • Varun Wadekar's avatar
      Support for NVIDIA's Tegra T210 SoCs · 08438e24
      Varun Wadekar authored
      
      
      T210 is the latest chip in the Tegra family of SoCs from NVIDIA. It is an
      ARM v8 dual-cluster (A57/A53) SoC, with any one of the clusters being active
      at a given point in time.
      
      This patch adds support to boot the Trusted Firmware on T210 SoCs. The patch
      also adds support to boot secondary CPUs, enter/exit core power states for
      all CPUs in the slow/fast clusters. The support to switch between clusters
      is still not available in this patch and would be available later.
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      08438e24
  3. 29 Apr, 2015 1 commit
    • Sandrine Bailleux's avatar
      Move up dependency versions in user guide · 09a81af9
      Sandrine Bailleux authored
      Move up the version numbers in the user guide of:
      
       * DS-5 (to v5.21)
       * EDK2 (to v3.0)
       * Linux Kernel (to 1.6-Juno)
       * Linaro file-system (to 15.03)
       * Juno SCP binary (to v1.7.0 within board recovery image 0.11.3).
      
      Change-Id: Ieb09e633acc2b33823ddf35f77f44e7da60b99ba
      09a81af9
  4. 28 Apr, 2015 2 commits
    • Sandrine Bailleux's avatar
      Detect SCP version incompatibility · 556b966f
      Sandrine Bailleux authored
      There has been a breaking change in the communication protocols used
      between the AP cores and the SCP on CSS based platforms like Juno.
      This means both the AP Trusted Firmware and SCP firmware must be
      updated at the same time.
      
      In case the user forgets to update the SCP ROM firmware, this patch
      detects when it still uses the previous version of the communication
      protocol. It will then output a comprehensive error message that helps
      trouble-shoot the issue.
      
      Change-Id: I7baf8f05ec0b7d8df25e0ee53df61fe7be0207c2
      556b966f
    • Dan Handley's avatar
      Doc updates following platform port reorganization · 4a75b84a
      Dan Handley authored
      Update the User Guide, Porting Guide and Firmware Design documents
      to align them with the recent changes made to the FVP and Juno
      platform ports.
      
      Also fix some other historical inaccuracies.
      
      Change-Id: I37aba4805f9044b1a047996d3e396c75f4a09176
      4a75b84a
  5. 31 Mar, 2015 1 commit
  6. 16 Mar, 2015 1 commit
    • Vikram Kanigiri's avatar
      Common driver for ARM Cache Coherent Interconnects · 23e47ede
      Vikram Kanigiri authored
      Even though both CCI-400 and CCI-500 IPs have different configurations
      with respect to the number and types of supported interfaces, their
      register offsets and programming sequences are similar. This patch
      creates a common driver for enabling and disabling snoop transactions
      and DVMs with both the IPs.
      
      New platform ports which implement one of these IPs should use this
      common driver. Existing platform ports which implement CCI-400 should
      migrate to the common driver as the standalone CCI-400 will be
      deprecated in the future.
      
      Change-Id: I3ccd0eb7b062922d2e4a374ff8c21e79fa357556
      23e47ede
  7. 10 Mar, 2015 1 commit
  8. 05 Mar, 2015 1 commit
    • Juan Castillo's avatar
      TBB: use SHA256 to generate the certificate signatures · ea4ec3aa
      Juan Castillo authored
      This patch replaces SHA1 by SHA256 in the 'cert_create' tool, so
      certificate signatures are generated according to the NSA Suite B
      cryptographic algorithm requirements.
      
      Documentation updated accordingly.
      
      Change-Id: I7be79e6b2b62dac8dc78a4f4f5006e37686bccf6
      ea4ec3aa
  9. 12 Feb, 2015 1 commit
    • Soby Mathew's avatar
      Export maximum affinity using PLATFORM_MAX_AFFLVL macro · 8c32bc26
      Soby Mathew authored
      This patch removes the plat_get_max_afflvl() platform API
      and instead replaces it with a platform macro PLATFORM_MAX_AFFLVL.
      This is done because the maximum affinity level for a platform
      is a static value and it is more efficient for it to be defined
      as a platform macro.
      
      NOTE: PLATFORM PORTS NEED TO BE UPDATED ON MERGE OF THIS COMMIT
      
      Fixes ARM-Software/tf-issues#265
      
      Change-Id: I31d89b30c2ccda30d28271154d869060d50df7bf
      8c32bc26
  10. 04 Feb, 2015 1 commit
    • Achin Gupta's avatar
      Fix model command line for legacy VE memory map · d8d6cc35
      Achin Gupta authored
      The command line options specified in the User Guide to run the AEMv8 Base FVP
      with the legacy VE memory map apply only when the model is configured to use GIC
      v2.0. This patch adds the 'gicv3.gicv2-only=1' to the command line to ensure
      that the right version of GIC is used.
      
      Change-Id: I34c44e19fd42c29818b734ac8f6aa9bf97b4e891
      d8d6cc35
  11. 03 Feb, 2015 2 commits
    • Achin Gupta's avatar
      TBB: Add documentation for Trusted Board Boot · 8d35f61b
      Achin Gupta authored
      This patch updates the user-guide.md with the various build options related to
      Trusted Board Boot and steps to build a FIP image which includes this
      support. It also adds a trusted-board-boot.md which describes the scope and
      design of this feature.
      
      Change-Id: Ifb421268ebf7e06a135684c8ebb04c94835ce061
      8d35f61b
    • Achin Gupta's avatar
      Documentation for version 1.1 · 130ed88d
      Achin Gupta authored
      Final updates to readme.md and change-log.md for ARM Trusted Firmware version
      1.1. Also increment the version in the Makefile.
      
      Change-Id: Ib001a6ec9a9c570985841d06f0ff80ed76c2996b
      130ed88d
  12. 02 Feb, 2015 2 commits
    • Sandrine Bailleux's avatar
      Move up dependency versions in user guide · c4511313
      Sandrine Bailleux authored
      
      
      Move up the version numbers in the user guide of:
      
      * DS-5 (to v5.20)
      * EDK2 (to v2.1-rc0)
      * Linux Kernel (to 1.3-Juno)
      * Linaro file-system (to 14.12)
      * Juno SCP binary (to 1.5.0-rc0 within board recovery image 0.10.1).
        Also remove duplicate information that is available from the
        ARM Connected Community website.
      * Base FVP (to 6.2)
      * Foundation FVP (to 9.1). Also update the name of the Foundation
        FVP binary since it has changed since version 2.1.
      Co-Authored-By: default avatarDan Handley <dan.handley@arm.com>
      
      Change-Id: I1cf2f2b1a3f1b997ac905a4ab440876d265698c0
      c4511313
    • Sandrine Bailleux's avatar
      Miscellaneous doc fixes for v1.1 · 121f2ae7
      Sandrine Bailleux authored
      Change-Id: Iaf9d6305edc478d39cf1b37c8a70ccdf723e8ef9
      121f2ae7
  13. 30 Jan, 2015 1 commit
    • Soby Mathew's avatar
      Fix the Cortex-A57 reset handler register usage · 683f788f
      Soby Mathew authored
      The CPU specific reset handlers no longer have the freedom
      of using any general purpose register because it is being invoked
      by the BL3-1 entry point in addition to BL1. The Cortex-A57 CPU
      specific reset handler was overwriting x20 register which was being
      used by the BL3-1 entry point to save the entry point information.
      This patch fixes this bug by reworking the register allocation in the
      Cortex-A57 reset handler to avoid using x20. The patch also
      explicitly mentions the register clobber list for each of the
      callee functions invoked by the reset handler
      
      Change-Id: I28fcff8e742aeed883eaec8f6c4ee2bd3fce30df
      683f788f
  14. 28 Jan, 2015 1 commit
    • Juan Castillo's avatar
      TBB: add a platform specific function to validate the ROTPK · 6eadf762
      Juan Castillo authored
      This patch adds the function plat_match_rotpk() to the platform
      porting layer to provide a Root Of Trust Public key (ROTPK)
      verification mechanism. This function is called during the
      Trusted Board Boot process and receives a supposed valid copy
      of the ROTPK as a parameter, usually obtained from an external
      source (for instance, a certificate). It returns 0 (success) if
      that key matches the actual ROTPK stored in the system or any
      other value otherwise.
      
      The mechanism to access the actual ROTPK stored in the system
      is platform specific and should be implemented as part of this
      function. The format of the ROTPK is also platform specific
      (to save memory, some platforms might store a hash of the key
      instead of the whole key).
      
      TRUSTED_BOARD_BOOT build option has been added to allow the user
      to enable the Trusted Board Boot features. The implementation of
      the plat_match_rotpk() funtion is mandatory when Trusted Board
      Boot is enabled.
      
      For development purposes, FVP and Juno ports provide a dummy
      function that returns always success (valid key). A safe trusted
      boot implementation should provide a proper matching function.
      
      Documentation updated accordingly.
      
      Change-Id: I74ff12bc2b041556c48533375527d9e8c035b8c3
      6eadf762
  15. 26 Jan, 2015 4 commits
    • Yatharth Kochar's avatar
      Call reset handlers upon BL3-1 entry. · 79a97b2e
      Yatharth Kochar authored
      This patch adds support to call the reset_handler() function in BL3-1 in the
      cold and warm boot paths when another Boot ROM reset_handler() has already run.
      
      This means the BL1 and BL3-1 versions of the CPU and platform specific reset
      handlers may execute different code to each other. This enables a developer to
      perform additional actions or undo actions already performed during the first
      call of the reset handlers e.g. apply additional errata workarounds.
      
      Typically, the reset handler will be first called from the BL1 Boot ROM. Any
      additional functionality can be added to the reset handler when it is called
      from BL3-1 resident in RW memory. The constant FIRST_RESET_HANDLER_CALL is used
      to identify whether this is the first version of the reset handler code to be
      executed or an overridden version of the code.
      
      The Cortex-A57 errata workarounds are applied only if they have not already been
      applied.
      
      Fixes ARM-software/tf-issue#275
      
      Change-Id: Id295f106e4fda23d6736debdade2ac7f2a9a9053
      79a97b2e
    • Soby Mathew's avatar
      Demonstrate model for routing IRQs to EL3 · f4f1ae77
      Soby Mathew authored
      This patch provides an option to specify a interrupt routing model
      where non-secure interrupts (IRQs) are routed to EL3 instead of S-EL1.
      When such an interrupt occurs, the TSPD arranges a return to
      the normal world after saving any necessary context. The interrupt
      routing model to route IRQs to EL3 is enabled only during STD SMC
      processing. Thus the pre-emption of S-EL1 is disabled during Fast SMC
      and Secure Interrupt processing.
      
      A new build option TSPD_ROUTE_NS_INT_EL3 is introduced to change
      the non secure interrupt target execution level to EL3.
      
      Fixes ARM-software/tf-issues#225
      
      Change-Id: Ia1e779fbbb6d627091e665c73fa6315637cfdd32
      f4f1ae77
    • Soby Mathew's avatar
      Increment the PSCI VERSION to 1.0 · e8ca7d1e
      Soby Mathew authored
      This patch:
      
         * Bumps the PSCI VERSION to 1.0. This means that
           the PSCI_VERSION API will now return the value 0x00010000
           to indicate the version as 1.0. The firmware remains
           compatible with PSCI v0.2 clients.
      
         * The firmware design guide is updated to document the
           APIs supported by the Trusted Firmware generic code.
      
         * The FVP Device Tree Sources (dts) and Blobs(dtb) are also
           updated to add "psci-1.0" and "psci-0.2" to the list of
           compatible PSCI versions.
      
      Change-Id: Iafc2f549c92651dcd65d7e24a8aae35790d00f8a
      e8ca7d1e
    • Juan Castillo's avatar
      FVP: Allow BL3-2 to sit in the secure region of DRAM · 513dd3a0
      Juan Castillo authored
      This patch allows the secure payload (BL3-2) to be loaded in the
      DRAM region secured by the TrustZone controller (top 16 MB of DRAM1).
      
      The location of BL3-2 can be selected at build time by setting the
      build flag FVP_TSP_RAM_LOCATION to one of the following options:
      
        - 'tsram' : Trusted SRAM (this is the default option)
        - 'tdram' : Trusted DRAM
        - 'dram'  : Secure region in DRAM1 (top 16MB configured by the
                    TrustZone controller)
      
      The number of MMU tables in BL3-2 depends on its location in
      memory: 3 in case it is loaded in DRAM, 2 otherwise.
      
      Documentation updated accordingly.
      
      Fixes ARM-software/tf-issues#212
      
      Change-Id: I371eef3a4159f06a0c9e3c6c1f4c905b2f93803a
      513dd3a0
  16. 23 Jan, 2015 2 commits
    • Soby Mathew's avatar
      Validate power_state and entrypoint when executing PSCI calls · 539dcedb
      Soby Mathew authored
      This patch allows the platform to validate the power_state and
      entrypoint information from the normal world early on in PSCI
      calls so that we can return the error safely. New optional
      pm_ops hooks `validate_power_state` and `validate_ns_entrypoint`
      are introduced to do this.
      
      As a result of these changes, all the other pm_ops handlers except
      the PSCI_ON handler are expected to be successful. Also, the PSCI
      implementation will now assert if a PSCI API is invoked without the
      corresponding pm_ops handler being registered by the platform.
      
      NOTE : PLATFORM PORTS WILL BREAK ON MERGE OF THIS COMMIT. The
      pm hooks have 2 additional optional callbacks and the return type
      of the other hooks have changed.
      
      Fixes ARM-Software/tf-issues#229
      
      Change-Id: I036bc0cff2349187c7b8b687b9ee0620aa7e24dc
      539dcedb
    • Soby Mathew's avatar
      Remove `ns_entrypoint` and `mpidr` from parameters in pm_ops · e146f4cc
      Soby Mathew authored
      This patch removes the non-secure entry point information being passed
      to the platform pm_ops which is not needed. Also, it removes the `mpidr`
      parameter for  platform pm hooks which are meant to do power management
      operations only on the current cpu.
      
      NOTE: PLATFORM PORTS MUST BE UPDATED AFTER MERGING THIS COMMIT.
      
      Change-Id: If632376a990b7f3b355f910e78771884bf6b12e7
      e146f4cc
  17. 22 Jan, 2015 1 commit
    • Soby Mathew's avatar
      Remove coherent memory from the BL memory maps · ab8707e6
      Soby Mathew authored
      This patch extends the build option `USE_COHERENT_MEMORY` to
      conditionally remove coherent memory from the memory maps of
      all boot loader stages. The patch also adds necessary
      documentation for coherent memory removal in firmware-design,
      porting and user guides.
      
      Fixes ARM-Software/tf-issues#106
      
      Change-Id: I260e8768c6a5c2efc402f5804a80657d8ce38773
      ab8707e6
  18. 12 Jan, 2015 2 commits
    • Juan Castillo's avatar
      Fix reset to BL3-1 instructions in user guide, part 3 · b04fb94a
      Juan Castillo authored
      Patch 20d51cad moved the shared data page from the top of the
      Trusted SRAM to the bottom, changing the load addresses of BL3-1
      and BL3-2.
      
      This patch updates BL3-1 and BL3-2 addresses in the instructions
      to run the Trusted Firmware on FVP using BL3-1 as reset vector.
      
      This patch is similar to but distinct from bfb1dd51 and 7ea4c437.
      
      Change-Id: I6b467f9a82360a5e2181db99fea881487de52704
      b04fb94a
    • Juan Castillo's avatar
      Juno: Add support for image overlaying in Trusted SRAM · 1217d28d
      Juan Castillo authored
      This patch allows the BL3-1 NOBITS section to overlap the BL1 R/W
      section since the former will always be used after the latter.
      Similarly, the BL3-2 NOBITS section can overlay the BL2 image
      when BL3-2 is loaded in Trusted SRAM.
      
      Due to the current size of the images, there is no actual overlap.
      Nevertheless, this reorganization may help to optimise the Trusted
      SRAM usage when the images size grows.
      
      Note that because BL3-1 NOBITS section is allowed to overlap the
      BL1 R/W section, BL1 global variables will remain valid only until
      execution reaches the BL3-1 entry point during a cold boot.
      
      Documentation updated accordingly.
      
      Fixes ARM-software/tf-issues#254
      
      Change-Id: Id538f4d1c7f1f7858108280fd7b97e138572b879
      1217d28d
  19. 09 Jan, 2015 1 commit
    • Sandrine Bailleux's avatar
      User Guide: Enable secure memory on Foundation FVP · c451b538
      Sandrine Bailleux authored
      Previously, the User Guide recommended launching the Foundation
      FVP with the parameter --no-secure-memory, which disabled security
      control of the address map. This was due to missing support for
      secure memory regions in v1 of the Foundation FVP. This is no longer
      needed as secure memory is now supported on the Foundation FVP.
      
      This patch updates the User Guide to recommend enabling secure
      memory instead.
      
      Change-Id: Ifae53c10ff6e1c7c6724af20e05a3d3a88f6a5ad
      c451b538
  20. 07 Jan, 2015 1 commit
  21. 06 Jan, 2015 1 commit
    • Juan Castillo's avatar
      Specify FIP filename at build time · 7f48fab9
      Juan Castillo authored
      This patch allows to define the name of the FIP at build time by
      defining the FIP_NAME variable. If FIP_NAME is not defined, default
      name 'fip.bin' is used.
      
      Documentation updated accordingly.
      
      Change-Id: Ic41f42aac379b0c958b3dfd02863ba8ba7108710
      7f48fab9
  22. 29 Oct, 2014 2 commits
    • Soby Mathew's avatar
      Optimize Cortex-A57 cluster power down sequence on Juno · 5541bb3f
      Soby Mathew authored
      This patch optimizes the Cortex-A57 cluster power down sequence by not
      flushing the Level1 data cache. The L1 data cache and the L2 unified
      cache are inclusive. A flush of the L2 by set/way flushes any dirty
      lines from the L1 as well. This is a known safe deviation from the
      Cortex-A57 TRM defined power down sequence. This optimization can be
      enabled by the platform through the 'SKIP_A57_L1_FLUSH_PWR_DWN' build
      flag. Each Cortex-A57 based platform must make its own decision on
      whether to use the optimization.
      
      This patch also renames the cpu-errata-workarounds.md to
      cpu-specific-build-macros.md as this facilitates documentation
      of both CPU Specific errata and CPU Specific Optimization
      build macros.
      
      Change-Id: I299b9fe79e9a7e08e8a0dffb7d345f9a00a71480
      5541bb3f
    • Soby Mathew's avatar
      Apply errata workarounds only when major/minor revisions match. · 7395a725
      Soby Mathew authored
      Prior to this patch, the errata workarounds were applied for any version
      of the CPU in the release build and in the debug build an assert
      failure resulted when the revision did not match. This patch applies
      errata workarounds in the Cortex-A57 reset handler only if the 'variant'
      and 'revision' fields read from the MIDR_EL1 match. In the debug build,
      a warning message is printed for each errata workaround which is not
      applied.
      
      The patch modifies the register usage in 'reset_handler` so
      as to adhere to ARM procedure calling standards.
      
      Fixes ARM-software/tf-issues#242
      
      Change-Id: I51b1f876474599db885afa03346e38a476f84c29
      7395a725
  23. 22 Oct, 2014 1 commit
    • Juan Castillo's avatar
      FVP: keep shared data in Trusted SRAM · 20d51cad
      Juan Castillo authored
      This patch deprecates the build option to relocate the shared data
      into Trusted DRAM in FVP. After this change, shared data is always
      located at the base of Trusted SRAM. This reduces the complexity
      of the memory map and the number of combinations in the build
      options.
      
      Fixes ARM-software/tf-issues#257
      
      Change-Id: I68426472567b9d8c6d22d8884cb816f6b61bcbd3
      20d51cad
  24. 14 Oct, 2014 1 commit
    • Juan Castillo's avatar
      Juno: Reserve some DDR-DRAM for secure use · 740134e6
      Juan Castillo authored
      This patch configures the TrustZone Controller in Juno to split
      the 2GB DDR-DRAM memory at 0x80000000 into Secure and Non-Secure
      regions:
      
      - Secure DDR-DRAM: top 16 MB, except for the last 2 MB which are
        used by the SCP for DDR retraining
      - Non-Secure DDR-DRAM: remaining DRAM starting at base address
      
      Build option PLAT_TSP_LOCATION selects the location of the secure
      payload (BL3-2):
      
      - 'tsram' : Trusted SRAM (default option)
      - 'dram'  : Secure region in the DDR-DRAM (set by the TrustZone
                  controller)
      
      The MMU memory map has been updated to give BL2 permission to load
      BL3-2 into the DDR-DRAM secure region.
      
      Fixes ARM-software/tf-issues#233
      
      Change-Id: I6843fc32ef90aadd3ea6ac4c7f314f8ecbd5d07b
      740134e6
  25. 16 Sep, 2014 2 commits
    • Jens Wiklander's avatar
      Add opteed based on tspd · aa5da461
      Jens Wiklander authored
      Adds a dispatcher for OP-TEE based on the test secure payload
      dispatcher.
      
      Fixes arm-software/tf-issues#239
      aa5da461
    • Soby Mathew's avatar
      Add support for specifying pre-built BL binaries in Makefile · 27713fb4
      Soby Mathew authored
      This patch adds support for supplying pre-built BL binaries for BL2,
      BL3-1 and BL3-2 during trusted firmware build. Specifying BLx = <path_to_BLx>
      in the build command line, where 'x' is any one of BL2, BL3-1 or BL3-2, will
      skip building that BL stage from source and include the specified binary in
      final fip image.
      
      This patch also makes BL3-3 binary for FIP optional depending on the
      value of 'NEED_BL33' flag which is defined by the platform.
      
      Fixes ARM-software/tf-issues#244
      Fixes ARM-software/tf-issues#245
      
      Change-Id: I3ebe1d4901f8b857e8bb51372290978a3323bfe7
      27713fb4
  26. 28 Aug, 2014 2 commits
    • Dan Handley's avatar
      Documentation for version 1.0 · c6249aaa
      Dan Handley authored
      Final updates to readme.md and change-log.md for ARM Trusted
      Firmware version 1.0. Also increment the version in the Makefile.
      
      Change-Id: I00fe1016c8b936834bbf7bbba7aab07f51261bbb
      c6249aaa
    • Dan Handley's avatar
      Fix minor issues in user guide · d78baf25
      Dan Handley authored
      *   Fix broken link to SCP download.
      
      *   Remove requirement to install `ia32-libs`. This package is no
          longer available in current versions of Ubuntu and is no
          longer required when using the Linaro toolchain.
      
      Change-Id: I9823d535a1d69136685754b7707b73e1eef0978d
      d78baf25
  27. 27 Aug, 2014 3 commits