1. 14 Oct, 2016 1 commit
    • Soby Mathew's avatar
      Unify SCTLR initialization for AArch32 normal world · b7b0787d
      Soby Mathew authored
      
      
      The values of CP15BEN, nTWI & nTWE bits in SCTLR_EL1 are architecturally
      unknown if EL3 is AARCH64 whereas they reset to 1 if EL3 is AArch32. This
      might be a compatibility break for legacy AArch32 normal world software if
      these bits are not set to 1 when EL3 is AArch64. This patch enables the
      CP15BEN, nTWI and nTWE bits in the SCTLR_EL1 if the lower non-secure EL is
      AArch32. This unifies the SCTLR settings for lower non-secure EL in AArch32
      mode for both AArch64 and AArch32 builds of Trusted Firmware.
      
      Fixes ARM-software/tf-issues#428
      
      Change-Id: I3152d1580e4869c0ea745c5bd9da765f9c254947
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      b7b0787d
  2. 18 Jul, 2016 2 commits
    • Soby Mathew's avatar
      Introduce `el3_runtime` and `PSCI` libraries · 532ed618
      Soby Mathew authored
      This patch moves the PSCI services and BL31 frameworks like context
      management and per-cpu data into new library components `PSCI` and
      `el3_runtime` respectively. This enables PSCI to be built independently from
      BL31. A new `psci_lib.mk` makefile is introduced which adds the relevant
      PSCI library sources and gets included by `bl31.mk`. Other changes which
      are done as part of this patch are:
      
      * The runtime services framework is now moved to the `common/` folder to
        enable reuse.
      * The `asm_macros.S` and `assert_macros.S` helpers are moved to architecture
        specific folder.
      * The `plat_psci_common.c` is moved from the `plat/common/aarch64/` folder
        to `plat/common` folder. The original file location now has a stub which
        just includes the file from new location to maintain platform compatibility.
      
      Most of the changes wouldn't affect platform builds as they just involve
      changes to the generic bl1.mk and bl31.mk makefiles.
      
      NOTE: THE `plat_psci_common.c` FILE HAS MOVED LOCATION AND THE STUB FILE AT
      THE ORIGINAL LOCATION IS NOW DEPRECATED. PLATFORMS SHOULD MODIFY THEIR
      MAKEFILES TO INCLUDE THE FILE FROM THE NEW LOCATION.
      
      Change-Id: I6bd87d5b59424995c6a65ef8076d4fda91ad5e86
      532ed618
    • Soby Mathew's avatar
      Rework type usage in Trusted Firmware · 4c0d0390
      Soby Mathew authored
      This patch reworks type usage in generic code, drivers and ARM platform files
      to make it more portable. The major changes done with respect to
      type usage are as listed below:
      
      * Use uintptr_t for storing address instead of uint64_t or unsigned long.
      * Review usage of unsigned long as it can no longer be assumed to be 64 bit.
      * Use u_register_t for register values whose width varies depending on
        whether AArch64 or AArch32.
      * Use generic C types where-ever possible.
      
      In addition to the above changes, this patch also modifies format specifiers
      in print invocations so that they are AArch64/AArch32 agnostic. Only files
      related to upcoming feature development have been reworked.
      
      Change-Id: I9f8c78347c5a52ba7027ff389791f1dad63ee5f8
      4c0d0390
  3. 18 Apr, 2016 1 commit
  4. 30 Mar, 2016 1 commit
    • Gerald Lejeune's avatar
      Enable asynchronous abort exceptions during boot · adb4fcfb
      Gerald Lejeune authored
      
      
      Asynchronous abort exceptions generated by the platform during cold boot are
      not taken in EL3 unless SCR_EL3.EA is set.
      
      Therefore EA bit is set along with RES1 bits in early BL1 and BL31 architecture
      initialisation. Further write accesses to SCR_EL3 preserve these bits during
      cold boot.
      
      A build flag controls SCR_EL3.EA value to keep asynchronous abort exceptions
      being trapped by EL3 after cold boot or not.
      
      For further reference SError Interrupts are also known as asynchronous external
      aborts.
      
      On Cortex-A53 revisions below r0p2, asynchronous abort exceptions are taken in
      EL3 whatever the SCR_EL3.EA value is.
      
      Fixes arm-software/tf-issues#368
      Signed-off-by: default avatarGerald Lejeune <gerald.lejeune@st.com>
      adb4fcfb
  5. 09 Dec, 2015 2 commits
    • Yatharth Kochar's avatar
      Move context management code to common location · bbf8f6f9
      Yatharth Kochar authored
      The upcoming Firmware Update feature needs transitioning across
      Secure/Normal worlds to complete the FWU process and hence requires
      context management code to perform this task.
      
      Currently context management code is part of BL31 stage only.
      This patch moves the code from (include)/bl31 to (include)/common.
      Some function declarations/definitions and macros have also moved
      to different files to help code sharing.
      
      Change-Id: I3858b08aecdb76d390765ab2b099f457873f7b0c
      bbf8f6f9
    • Sandrine Bailleux's avatar
      Initialize VTTBR_EL2 when bypassing EL2 · 85d80e55
      Sandrine Bailleux authored
      In the situation that EL1 is selected as the exception level for the
      next image upon BL31 exit for a processor that supports EL2, the
      context management code must configure all essential EL2 register
      state to ensure correct execution of EL1.
      
      VTTBR_EL2 should be part of this set of EL2 registers because:
       - The ARMv8-A architecture does not define a reset value for this
         register.
       - Cache maintenance operations depend on VTTBR_EL2.VMID even when
         non-secure EL1&0 stage 2 address translation are disabled.
      
      This patch initializes the VTTBR_EL2 register to 0 when bypassing EL2
      to address this issue. Note that this bug has not yet manifested
      itself on FVP or Juno because VTTBR_EL2.VMID resets to 0 on the
      Cortex-A53 and Cortex-A57.
      
      Change-Id: I58ce2d16a71687126f437577a506d93cb5eecf33
      85d80e55
  6. 24 Nov, 2015 1 commit
    • Soby Mathew's avatar
      Replace build macro WARN_DEPRECATED with ERROR_DEPRECATED · 7a24cba5
      Soby Mathew authored
      This patch changes the build time behaviour when using deprecated API within
      Trusted Firmware. Previously the use of deprecated APIs would only trigger a
      build warning (which was always treated as a build error), when
      WARN_DEPRECATED = 1. Now, the use of deprecated C declarations will always
      trigger a build time warning. Whether this warning is treated as error or not
      is determined by the build flag ERROR_DEPRECATED which is disabled by default.
      When the build flag ERROR_DEPRECATED=1, the invocation of deprecated API or
      inclusion of deprecated headers will result in a build error.
      
      Also the deprecated context management helpers in context_mgmt.c are now
      conditionally compiled depending on the value of ERROR_DEPRECATED flag
      so that the APIs themselves do not result in a build error when the
      ERROR_DEPRECATED flag is set.
      
      NOTE: Build systems that use the macro WARN_DEPRECATED must migrate to
      using ERROR_DEPRECATED, otherwise deprecated API usage will no longer
      trigger a build error.
      
      Change-Id: I843bceef6bde979af7e9b51dddf861035ec7965a
      7a24cba5
  7. 13 Aug, 2015 1 commit
    • Soby Mathew's avatar
      PSCI: Introduce new platform and CM helper APIs · 12d0d00d
      Soby Mathew authored
      This patch introduces new platform APIs and context management helper APIs
      to support the new topology framework based on linear core position. This
      framework will be introduced in the follwoing patch and it removes the
      assumption that the MPIDR based affinity levels map directly to levels
      in a power domain tree. The new platforms APIs and context management
      helpers based on core position are as described below:
      
      * plat_my_core_pos() and plat_core_pos_by_mpidr()
      
      These 2 new mandatory platform APIs are meant to replace the existing
      'platform_get_core_pos()' API. The 'plat_my_core_pos()' API returns the
      linear index of the calling core and 'plat_core_pos_by_mpidr()' returns
      the linear index of a core specified by its MPIDR. The latter API will also
      validate the MPIDR passed as an argument and will return an error code (-1)
      if an invalid MPIDR is passed as the argument. This enables the caller to
      safely convert an MPIDR of another core to its linear index without querying
      the PSCI topology tree e.g. during a call to PSCI CPU_ON.
      
      Since the 'plat_core_pos_by_mpidr()' API verifies an MPIDR, which is always
      platform specific, it is no longer possible to maintain a default implementation
      of this API. Also it might not be possible for a platform port to verify an
      MPIDR before the C runtime has been setup or the topology has been initialized.
      This would prevent 'plat_core_pos_by_mpidr()' from being callable prior to
      topology setup. As a result, the generic Trusted Firmware code does not call
      this API before the topology setup has been done.
      
      The 'plat_my_core_pos' API should be able to run without a C runtime.
      Since this API needs to return a core position which is equal to the one
      returned by 'plat_core_pos_by_mpidr()' API for the corresponding MPIDR,
      this too cannot have default implementation and is a mandatory API for
      platform ports. These APIs will be implemented by the ARM reference platform
      ports later in the patch stack.
      
      * plat_get_my_stack() and plat_set_my_stack()
      
      These APIs are the stack management APIs which set/return stack addresses
      appropriate for the calling core. These replace the 'platform_get_stack()' and
      'platform_set_stack()' APIs. A default weak MP version and a global UP version
      of these APIs are provided for the platforms.
      
      * Context management helpers based on linear core position
      
      A set of new context management(CM) helpers viz cm_get_context_by_index(),
      cm_set_context_by_index(), cm_init_my_context() and cm_init_context_by_index()
      are defined which are meant to replace the old helpers which took MPIDR
      as argument. The old CM helpers are implemented based on the new helpers to
      allow for code consolidation and will be deprecated once the switch to the new
      framework is done.
      
      Change-Id: I89758632b370c2812973a4b2efdd9b81a41f9b69
      12d0d00d
  8. 16 Sep, 2014 1 commit
  9. 02 Sep, 2014 1 commit
    • Soby Mathew's avatar
      Reset CNTVOFF_EL2 register before exit into EL1 on warm boot · 14c0526b
      Soby Mathew authored
      This patch resets the value of CNTVOFF_EL2 before exit to EL1 on
      warm boot. This needs to be done if only the Trusted Firmware exits
      to EL1 instead of EL2, otherwise the hypervisor would be responsible
      for this.
      
      Fixes ARM-software/tf-issues#240
      
      Change-Id: I79d54831356cf3215bcf1f251c373bd8f89db0e0
      14c0526b
  10. 31 Jul, 2014 1 commit
    • Soby Mathew's avatar
      Optimize EL3 register state stored in cpu_context structure · fdfabec1
      Soby Mathew authored
      This patch further optimizes the EL3 register state stored in
      cpu_context. The 2 registers which are removed from cpu_context are:
      
        * cntfrq_el0 is the system timer register which is writable
          only in EL3 and it can be programmed during cold/warm boot. Hence
          it need not be saved to cpu_context.
      
        * cptr_el3 controls access to Trace, Floating-point, and Advanced
          SIMD functionality and it is programmed every time during cold
          and warm boot. The current BL3-1 implementation does not need to
          modify the access controls during normal execution and hence
          they are expected to remain static.
      
      Fixes ARM-software/tf-issues#197
      
      Change-Id: I599ceee3b73a7dcfd37069fd41b60e3d397a7b18
      fdfabec1
  11. 28 Jul, 2014 1 commit
    • Juan Castillo's avatar
      Rework incorrect use of assert() and panic() in codebase · d3280beb
      Juan Castillo authored
      Assert a valid security state using the macro sec_state_is_valid().
      Replace assert() with panic() in those cases that might arise
      because of runtime errors and not programming errors.
      Replace panic() with assert() in those cases that might arise
      because of programming errors.
      
      Fixes ARM-software/tf-issues#96
      
      Change-Id: I51e9ef0439fd5ff5e0edfef49050b69804bf14d5
      d3280beb
  12. 24 Jun, 2014 1 commit
  13. 23 Jun, 2014 1 commit
    • Andrew Thoelke's avatar
      Initialise CPU contexts from entry_point_info · 167a9357
      Andrew Thoelke authored
      Consolidate all BL3-1 CPU context initialization for cold boot, PSCI
      and SPDs into two functions:
      *  The first uses entry_point_info to initialize the relevant
         cpu_context for first entry into a lower exception level on a CPU
      *  The second populates the EL1 and EL2 system registers as needed
         from the cpu_context to ensure correct entry into the lower EL
      
      This patch alters the way that BL3-1 determines which exception level
      is used when first entering EL1 or EL2 during cold boot - this is now
      fully determined by the SPSR value in the entry_point_info for BL3-3,
      as set up by the platform code in BL2 (or otherwise provided to BL3-1).
      
      In the situation that EL1 (or svc mode) is selected for a processor
      that supports EL2, the context management code will now configure all
      essential EL2 register state to ensure correct execution of EL1. This
      allows the platform code to run non-secure EL1 payloads directly
      without requiring a small EL2 stub or OS loader.
      
      Change-Id: If9fbb2417e82d2226e47568203d5a369f39d3b0f
      167a9357
  14. 16 Jun, 2014 2 commits
    • Andrew Thoelke's avatar
      Move CPU context pointers into cpu_data · aaba4f28
      Andrew Thoelke authored
      Moving the context pointers for each CPU into the per-cpu data
      allows for much more efficient access to the contexts for the
      current CPU.
      
      Change-Id: Id784e210d63cbdcddb44ac1591617ce668dbc29f
      aaba4f28
    • Andrew Thoelke's avatar
      Per-cpu data cache restructuring · 5e910074
      Andrew Thoelke authored
      This patch prepares the per-cpu pointer cache for wider use by:
      * renaming the structure to cpu_data and placing in new header
      * providing accessors for this CPU, or other CPUs
      * splitting the initialization of the TPIDR pointer from the
        initialization of the cpu_data content
      * moving the crash stack initialization to a crash stack function
      * setting the TPIDR pointer very early during boot
      
      Change-Id: Icef9004ff88f8eb241d48c14be3158087d7e49a3
      5e910074
  15. 11 Jun, 2014 2 commits
    • Andrew Thoelke's avatar
      Make the BL3-1 crash reporting optional · 9c22b323
      Andrew Thoelke authored
      This patch makes the console crash dump of processor register
      state optional based on the CRASH_REPORTING make variable.
      
      This defaults to only being enabled for DEBUG builds. This can
      be overridden by setting a different value in the platform
      makefile or on the make command line.
      
      Change-Id: Icfa1b2d7ff0145cf0a85e8ad732f9cee7e7e993f
      9c22b323
    • Andrew Thoelke's avatar
      Provide cm_get/set_context() for current CPU · 08ab89d3
      Andrew Thoelke authored
      All callers of cm_get_context() pass the calling CPU MPIDR to the
      function. Providing a specialised version for the current
      CPU results in a reduction in code size and better readability.
      
      The current function has been renamed to cm_get_context_by_mpidr()
      and the existing name is now used for the current-CPU version.
      
      The same treatment has been done to cm_set_context(), although
      only both forms are used at present in the PSCI and TSPD code.
      
      Change-Id: I91cb0c2f7bfcb950a045dbd9ff7595751c0c0ffb
      08ab89d3
  16. 23 May, 2014 1 commit
    • Dan Handley's avatar
      Split platform.h into separate headers · 5f0cdb05
      Dan Handley authored
      Previously, platform.h contained many declarations and definitions
      used for different purposes. This file has been split so that:
      
      * Platform definitions used by common code that must be defined
        by the platform are now in platform_def.h. The exact include
        path is exported through $PLAT_INCLUDES in the platform makefile.
      
      * Platform definitions specific to the FVP platform are now in
        /plat/fvp/fvp_def.h.
      
      * Platform API declarations specific to the FVP platform are now
        in /plat/fvp/fvp_private.h.
      
      * The remaining platform API declarations that must be ported by
        each platform are still in platform.h but this file has been
        moved to /include/plat/common since this can be shared by all
        platforms.
      
      Change-Id: Ieb3bb22fbab3ee8027413c6b39a783534aee474a
      5f0cdb05
  17. 22 May, 2014 2 commits
    • Achin Gupta's avatar
      Introduce interrupt registration framework in BL3-1 · e1333f75
      Achin Gupta authored
      This patch introduces a framework for registering interrupts routed to
      EL3. The interrupt routing model is governed by the SCR_EL3.IRQ and
      FIQ bits and the security state an interrupt is generated in. The
      framework recognizes three type of interrupts depending upon which
      exception level and security state they should be handled in
      i.e. Secure EL1 interrupts, Non-secure interrupts and EL3
      interrupts. It provides an API and macros that allow a runtime service
      to register an handler for a type of interrupt and specify the routing
      model. The framework validates the routing model and uses the context
      management framework to ensure that it is applied to the SCR_EL3 prior
      to entry into the target security state. It saves the handler in
      internal data structures. An API is provided to retrieve the handler
      when an interrupt of a particular type is asserted. Registration is
      expected to be done once by the primary CPU. The same handler and
      routing model is used for all CPUs.
      
      Support for EL3 interrupts will be added to the framework in the
      future. A makefile flag has been added to allow the FVP port choose
      between ARM GIC v2 and v3 support in EL3. The latter version is
      currently unsupported.
      
      A framework for handling interrupts in BL3-1 will be introduced in
      subsequent patches. The default routing model in the absence of any
      handlers expects no interrupts to be routed to EL3.
      
      Change-Id: Idf7c023b34fcd4800a5980f2bef85e4b5c29e649
      e1333f75
    • Achin Gupta's avatar
      Add context library API to change a bit in SCR_EL3 · c429b5e9
      Achin Gupta authored
      This patch adds an API to write to any bit in the SCR_EL3 member of
      the 'cpu_context' structure of the current CPU for a specified
      security state. This API will be used in subsequent patches which
      introduce interrupt management in EL3 to specify the interrupt routing
      model when execution is not in EL3.
      
      It also renames the cm_set_el3_elr() function to cm_set_elr_el3()
      which is more in line with the system register name being targeted by
      the API.
      
      Change-Id: I310fa7d8f827ad3f350325eca2fb28cb350a85ed
      c429b5e9
  18. 16 May, 2014 1 commit
    • Soby Mathew's avatar
      Rework BL3-1 unhandled exception handling and reporting · a43d431b
      Soby Mathew authored
      This patch implements the register reporting when unhandled exceptions are
      taken in BL3-1. Unhandled exceptions will result in a dump of registers
      to the console, before halting execution by that CPU. The Crash Stack,
      previously called the Exception Stack, is used for this activity.
      This stack is used to preserve the CPU context and runtime stack
      contents for debugging and analysis.
      
      This also introduces the per_cpu_ptr_cache, referenced by tpidr_el3,
      to provide easy access to some of BL3-1 per-cpu data structures.
      Initially, this is used to provide a pointer to the Crash stack.
      
      panic() now prints the the error file and line number in Debug mode
      and prints the PC value in release mode.
      
      The Exception Stack is renamed to Crash Stack with this patch.
      The original intention of exception stack is no longer valid
      since we intend to support several valid exceptions like IRQ
      and FIQ in the trusted firmware context. This stack is now
      utilized for dumping and reporting the system state when a
      crash happens and hence the rename.
      
      Fixes ARM-software/tf-issues#79 Improve reporting of unhandled exception
      
      Change-Id: I260791dc05536b78547412d147193cdccae7811a
      a43d431b
  19. 06 May, 2014 2 commits
    • Dan Handley's avatar
      Reduce deep nesting of header files · 97043ac9
      Dan Handley authored
      Reduce the number of header files included from other header
      files as much as possible without splitting the files. Use forward
      declarations where possible. This allows removal of some unnecessary
      "#ifndef __ASSEMBLY__" statements.
      
      Also, review the .c and .S files for which header files really need
      including and reorder the #include statements alphabetically.
      
      Fixes ARM-software/tf-issues#31
      
      Change-Id: Iec92fb976334c77453e010b60bcf56f3be72bd3e
      97043ac9
    • Dan Handley's avatar
      Always use named structs in header files · fb037bfb
      Dan Handley authored
      Add tag names to all unnamed structs in header files. This
      allows forward declaration of structs, which is necessary to
      reduce header file nesting (to be implemented in a subsequent
      commit).
      
      Also change the typedef names across the codebase to use the _t
      suffix to be more conformant with the Linux coding style. The
      coding style actually prefers us not to use typedefs at all but
      this is considered a step too far for Trusted Firmware.
      
      Also change the IO framework structs defintions to use typedef'd
      structs to be consistent with the rest of the codebase.
      
      Change-Id: I722b2c86fc0d92e4da3b15e5cab20373dd26786f
      fb037bfb
  20. 20 Feb, 2014 1 commit
    • Achin Gupta's avatar
      Add power management support in the SPD · 607084ee
      Achin Gupta authored
      This patch implements a set of handlers in the SPD which are called by
      the PSCI runtime service upon receiving a power management
      operation. These handlers in turn pass control to the Secure Payload
      image if required before returning control to PSCI. This ensures that
      the Secure Payload has complete visibility of all power transitions in
      the system and can prepare accordingly.
      
      Change-Id: I2d1dba5629b7cf2d53999d39fe807dfcf3f62fe2
      607084ee
  21. 17 Feb, 2014 2 commits
    • Jeenu Viswambharan's avatar
      Add support for handling runtime service requests · caa84939
      Jeenu Viswambharan authored
      
      
      This patch uses the reworked exception handling support to handle
      runtime service requests through SMCs following the SMC calling
      convention. This is a giant commit since all the changes are
      inter-related. It does the following:
      
      1. Replace the old exception handling mechanism with the new one
      2. Enforce that SP_EL0 is used C runtime stacks.
      3. Ensures that the cold and warm boot paths use the 'cpu_context'
         structure to program an ERET into the next lower EL.
      4. Ensures that SP_EL3 always points to the next 'cpu_context'
         structure prior to an ERET into the next lower EL
      5. Introduces a PSCI SMC handler which completes the use of PSCI as a
         runtime service
      
      Change-Id: I661797f834c0803d2c674d20f504df1b04c2b852
      Co-authored-by: default avatarAchin Gupta <achin.gupta@arm.com>
      caa84939
    • Achin Gupta's avatar
      Add context management library · 7aea9087
      Achin Gupta authored
      This patch adds support for a cpu context management library. This
      library will be used to:
      
      1. Share pointers to secure and non-secure state cpu contexts between
         runtime services e.g. PSCI and Secure Payload Dispatcher services
      2. Set SP_EL3 to a context structure which will be used for
         programming an ERET into a lower EL
      3. Provide wrapper functions to save and restore EL3 & EL1
         state. These functions will in turn use the helper functions in
         context.S
      
      Change-Id: I655eeef83dcd2a0c6f2eb2ac23efab866ac83ca0
      7aea9087