GitLab

Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.

Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Having an active stack while enabling MMU has shown coherency problems.
This patch builds on top of translation library changes that introduces
MMU-enabling without using stacks.

Previously, with HW_ASSISTED_COHERENCY, data caches were disabled while
enabling MMU only because of active stack. Now that we can enable MMU
without using stack, we can enable both MMU and data caches at the same
time.

NOTE: Since this feature depends on using translation table library v2,
disallow using translation table library v1 with HW_ASSISTED_COHERENCY.

Fixes ARM-software/tf-issues#566

Change-Id: Ie55aba0c23ee9c5109eb3454cb8fa45d74f8bbb2
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

Move the header files that provide translation tables architectural
definitions from the library v2 source files to the library include
directory. This allows to share these definitions between both
versions (v1 and v2) of the library.

Create a new header file that includes the AArch32 or AArch64
definitions based on the AARCH32 build flag, so that the library user
doesn't have to worry about handling it on their side.

Also repurpose some of the definitions the header files provide to
concentrate on the things that differ between AArch32 and AArch64.
As a result they now contain the following information:
 - the first table level that allows block descriptors;
 - the architectural limits of the virtual address space;
 - the initial lookup level to cover the entire address space.

Additionally, move the XLAT_TABLE_LEVEL_MIN macro from
xlat_tables_defs.h to the AArch32/AArch64 architectural definitions.

This new organisation eliminates duplicated information in the AArch32
and AArch64 versions. It also decouples these architectural files from
any platform-specific information. Previously, they were dependent on
the address space size, which is platform-specific.

Finally, for the v2 of the library, move the compatibility code for
ADDR_SPACE_SIZE into a C file as it is not needed outside of this
file. For v1, this code hasn't been changed and stays in a header
file because it's needed by several files.

Change-Id: If746c684acd80eebf918abd3ab6e8481d004ac68
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

A recent commit 030567e6

 added U()/ULL()
macro to TF constants. This has caused some signed-unsigned comparison
warnings / errors in the TF static analysis.

This patch addresses these issues by migrating impacted variables from
signed ints to unsigned ints and vice verse where applicable.

Change-Id: I4b4c739a3fa64aaf13b69ad1702c66ec79247e53
Signed-off-by: David Cunado <david.cunado@arm.com>

To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.

NOTE: Files that have been imported by FreeBSD have not been modified.

[0]: https://spdx.org/



Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

Translation regimes that only support one virtual address space (such as
the ones for EL2 and EL3) can flag memory regions as execute-never by
setting to 1 the XN bit in the Upper Attributes field in the translation
tables descriptors. Translation regimes that support two different
virtual address spaces (such as the one shared by EL1 and EL0) use bits
PXN and UXN instead.

The Trusted Firmware runs at EL3 and EL1, it has to handle translation
tables of both translation regimes, but the previous code handled both
regimes the same way, as if both had only 1 VA range.

When trying to set a descriptor as execute-never it would set the XN
bit correctly in EL3, but it would set the XN bit in EL1 as well. XN is
at the same bit position as UXN, which means that EL0 was being
prevented from executing code at this region, not EL1 as the code
intended. Therefore, the PXN bit was unset to 0 all the time. The result
is that, in AArch64 mode, read-only data sections of BL2 weren't
protected from being executed.

This patch adds support of translation regimes with two virtual address
spaces to both versions of the translation tables library, fixing the
execute-never permissions for translation tables in EL1.

The library currently does not support initializing translation tables
for EL0 software, therefore it does not set/unset the UXN bit. If EL1
software needs to initialize translation tables for EL0 software, it
should use a different library instead.

Change-Id: If27588f9820ff42988851d90dc92801c8ecbe0c9
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

utils.h is included in various header files for the defines in it.
Some of the other header files only contain defines.  This allows the
header files to be shared between host and target builds for shared defines.

Recently types.h has been included in utils.h as well as some function
prototypes.

Because of the inclusion of types.h conflicts exist building host tools
abd these header files now.  To solve this problem,
move the defines to utils_def.h and have this included by utils.h and
change header files to only include utils_def.h and not pick up the new
types.h being introduced.

Fixes ARM-software/tf-issues#461
Signed-off-by: Scott Branden <scott.branden@broadcom.com>

Remove utils_def.h from utils.h

This patch removes utils_def.h from utils.h as it is not required.
And also makes a minor change to ensure Juno platform compiles.

Change-Id: I10cf1fb51e44a8fa6dcec02980354eb9ecc9fa29

In AArch64, depending on the granularity of the translation tables,
level 0 and/or level 1 of the translation tables may not support block
descriptors, only table descriptors.

This patch introduces a check to make sure that, even if theoretically
it could be possible to create a block descriptor to map a big memory
region, a new subtable will be created to describe its mapping.

Change-Id: Ieb9c302206bfa33fbaf0cdc6a5a82516d32ae2a7
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Added the definitions `PLAT_PHY_ADDR_SPACE_SIZE` and
`PLAT_VIRT_ADDR_SPACE_SIZE` which specify respectively the physical
and virtual address space size a platform can use.

`ADDR_SPACE_SIZE` is now deprecated. To maintain compatibility, if any
of the previous defines aren't present, the value of `ADDR_SPACE_SIZE`
will be used instead.

For AArch64, register ID_AA64MMFR0_EL1 is checked to calculate the
max PA supported by the hardware and to verify that the previously
mentioned definition is valid. For AArch32, a 40 bit physical
address space is considered.

Added asserts to check for overflows.

Porting guide updated.

Change-Id: Ie8ce1da5967993f0c94dbd4eb9841fc03d5ef8d6
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Instead of hardcoding a level 1 table as the base translation level
table, let the code decide which level is the most appropriate given
the virtual address space size.

As the table granularity is 4 KB, this allows the code to select
level 0, 1 or 2 as base level for AArch64. This way, instead of
limiting the virtual address space width to 39-31 bits, widths of
48-25 bit can be used.

For AArch32, this change allows the code to select level 1 or 2
as the base translation level table and use virtual address space
width of 32-25 bits.

Also removed some unused definitions related to translation tables.

Fixes ARM-software/tf-issues#362

Change-Id: Ie3bb5d6d1a4730a26700b09827c79f37ca3cdb65

The AArch32 long descriptor format and the AArch64 descriptor format
correspond to each other which allows possible sharing of xlat_tables
library code between AArch64 and AArch32. This patch refactors the
xlat_tables library code to seperate the common functionality from
architecture specific code. Prior to this patch, all of the xlat_tables
library code were in `lib/aarch64/xlat_tables.c` file. The refactored code
is now in `lib/xlat_tables/` directory. The AArch64 specific programming
for xlat_tables is in `lib/xlat_tables/aarch64/xlat_tables.c` and the rest
of the code common to AArch64 and AArch32 is in
`lib/xlat_tables/xlat_tables_common.c`. Also the data types used in
xlat_tables library APIs are reworked to make it compatible between AArch64
and AArch32.

The `lib/aarch64/xlat_tables.c` file now includes the new xlat_tables
library files to retain compatibility for existing platform ports.
The macros related to xlat_tables library are also moved from
`include/lib/aarch64/arch.h` to the header `include/lib/xlat_tables.h`.

NOTE: THE `lib/aarch64/xlat_tables.c` FILE IS DEPRECATED AND PLATFORM PORTS
ARE EXPECTED TO INCLUDE THE NEW XLAT_TABLES LIBRARY FILES IN THEIR MAKEFILES.

Change-Id: I3d17217d24aaf3a05a4685d642a31d4d56255a0f

Add PL061 GPIO driver that is depend on gpio framework.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>

This patch adds a CoT based on the Trusted Board Boot Requirements
document*. The CoT consists of an array of authentication image
descriptors indexed by the image identifiers.

A new header file with TBBR image identifiers has been added.
Platforms that use the TBBR (i.e. ARM platforms) may reuse these
definitions as part of their platform porting.

PLATFORM PORT - IMPORTANT:

Default image IDs have been removed from the platform common
definitions file (common_def.h). As a consequence, platforms that
used those common definitons must now either include the IDs
provided by the TBBR header file or define their own IDs.

*The NVCounter authentication method has not been implemented yet.

Change-Id: I7c4d591863ef53bb0cd4ce6c52a60b06fa0102d5

This patch adds a tool that generates all the necessary elements
to establish the chain of trust (CoT) between the images.

The tool reads the binary images and signing keys and outputs the
corresponding certificates that will be used by the target at run
time to verify the authenticity of the images.

Note: the platform port must provide the file platform_oid.h. This
file will define the OIDs of the x509 extensions that will be added
to the certificates in order to establish the CoT.

Change-Id: I2734d6808b964a2107ab3a4805110698066a04be

This patch implements the TSP on Juno. It executes from on-chip Trusted
SRAM.

Also, the other bootloader images (i.e. BL1 R/W, BL2 and BL3-1) have
been moved around. The reason is, although there was enough space
overall to store the TSP in SRAM, there was no contiguous free chunk
of SRAM big enough to hold it.

This patch keeps the overall memory layout (i.e. keeping BL1 R/W at
the bottom, BL2 at the top and BL3-1 in between) but moves the base
addresses of all the bootloader images in such a way that:
 - memory fragmentation is reduced enough to fit BL3-2 in;
 - new base addresses are suitable for release builds as well as debug
   ones;
 - each image has a few extra kilobytes for future growth.
   BL3-1 and BL3-2 are the images which received the biggest allocations
   since they will most probably grow the most.

This patch also adds instruction synchronization barriers around the code which
handles the timer interrupt in the TSP. This ensures that the interrupt is not
acknowledged after or EOIed before it is deactivated at the peripheral.

Change-Id: I1c5b51858700027ee283ac85d18e06863a27c72e

This patch adds the initial port of the ARM Trusted Firmware on the Juno
development platform. This port does not support a BL3-2 image or any PSCI APIs
apart from PSCI_VERSION and PSCI_CPU_ON. It enables workarounds for selected
Cortex-A57 (#806969 & #813420) errata and implements the workaround for a Juno
platform errata (Defect id 831273).

Change-Id: Ib3d92df3af53820cfbb2977582ed0d7abf6ef893

Move the remaining IO storage source file (io_storage.c) from the
lib to the drivers directory. This requires that platform ports
explicitly add this file to the list of source files.

Also move the IO header files to a new sub-directory, include/io.

Change-Id: I862b1252a796b3bcac0d93e50b11e7fb2ded93d6

Update code base to remove variables from the .data section,
mainly by using const static data where possible and adding
the const specifier as required. Most changes are to the IO
subsystem, including the framework APIs. The FVP power
management code is also affected.

Delay initialization of the global static variable,
next_image_type in bl31_main.c, until it is realy needed.
Doing this moves the variable from the .data to the .bss
section.

Also review the IO interface for inconsistencies, using
uintptr_t where possible instead of void *. Remove the
io_handle and io_dev_handle typedefs, which were
unnecessary, replacing instances with uintptr_t.

Fixes ARM-software/tf-issues#107.

Change-Id: I085a62197c82410b566e4698e5590063563ed304

Reduce the number of header files included from other header
files as much as possible without splitting the files. Use forward
declarations where possible. This allows removal of some unnecessary
"#ifndef __ASSEMBLY__" statements.

Also, review the .c and .S files for which header files really need
including and reorder the #include statements alphabetically.

Fixes ARM-software/tf-issues#31

Change-Id: Iec92fb976334c77453e010b60bcf56f3be72bd3e

Move almost all system include files to a logical sub-directory
under ./include. The only remaining system include directories
not under ./include are specific to the platform. Move the
corresponding source files to match the include directory
structure.

Also remove pm.h as it is no longer used.

Change-Id: Ie5ea6368ec5fad459f3e8a802ad129135527f0b3

The modified implementation uses the IO abstraction rather than
making direct semi-hosting calls.  The semi-hosting driver is now
registered for the FVP platform during initialisation of each boot
stage where it is used.  Additionally, the FVP platform includes a
straightforward implementation of 'plat_get_image_source' which
provides a generic means for the 'load_image' function to determine
how to access the image data.

Change-Id: Ia34457b471dbee990c7b3c79de7aee4ceea51aa6

Ctags seem to have a problem with generating tags for assembler symbols
when a comment immediately follows an assembly label.

This patch inserts a single space character between the label
definition and the following comments to help ctags.

The patch is generated by the command:

  git ls-files -- \*.S | xargs sed -i 's/^\([^:]\+\):;/\1: ;/1'

Change-Id: If7a3c9d0f51207ea033cc8b8e1b34acaa0926475

Change-Id: Ic7fb61aabae1d515b9e6baf3dd003807ff42da60

- Add instructions for contributing to ARM Trusted Firmware.

- Update copyright text in all files to acknowledge contributors.

Change-Id: I9311aac81b00c6c167d2f8c889aea403b84450e5