1. 25 Mar, 2020 1 commit
  2. 17 Mar, 2020 1 commit
  3. 11 Mar, 2020 1 commit
    • Madhukar Pappireddy's avatar
      fconf: necessary modifications to support fconf in BL31 & SP_MIN · 26d1e0c3
      Madhukar Pappireddy authored
      
      
      Necessary infrastructure added to integrate fconf framework in BL31 & SP_MIN.
      Created few populator() functions which parse HW_CONFIG device tree
      and registered them with fconf framework. Many of the changes are
      only applicable for fvp platform.
      
      This patch:
      1. Adds necessary symbols and sections in BL31, SP_MIN linker script
      2. Adds necessary memory map entry for translation in BL31, SP_MIN
      3. Creates an abstraction layer for hardware configuration based on
         fconf framework
      4. Adds necessary changes to build flow (makefiles)
      5. Minimal callback to read hw_config dtb for capturing properties
         related to GIC(interrupt-controller node)
      6. updates the fconf documentation
      
      Change-Id: Ib6292071f674ef093962b9e8ba0d322b7bf919af
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      26d1e0c3
  4. 04 Mar, 2020 1 commit
    • Manish Pandey's avatar
      SPMD: loading Secure Partition payloads · cb3b5344
      Manish Pandey authored
      
      
      This patch implements loading of Secure Partition packages using
      existing framework of loading other bl images.
      
      The current framework uses a statically defined array to store all the
      possible image types and at run time generates a link list and traverse
      through it to load different images.
      
      To load SPs, a new array of fixed size is introduced which will be
      dynamically populated based on number of SPs available in the system
      and it will be appended to the loadable images list.
      
      Change-Id: I8309f63595f2a71b28a73b922d20ccba9c4f6ae4
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      cb3b5344
  5. 03 Mar, 2020 1 commit
  6. 24 Feb, 2020 2 commits
    • Petre-Ionut Tudor's avatar
      Read-only xlat tables for BL31 memory · 60e8f3cf
      Petre-Ionut Tudor authored
      
      
      This patch introduces a build flag which allows the xlat tables
      to be mapped in a read-only region within BL31 memory. It makes it
      much harder for someone who has acquired the ability to write to
      arbitrary secure memory addresses to gain control of the
      translation tables.
      
      The memory attributes of the descriptors describing the tables
      themselves are changed to read-only secure data. This change
      happens at the end of BL31 runtime setup. Until this point, the
      tables have read-write permissions. This gives a window of
      opportunity for changes to be made to the tables with the MMU on
      (e.g. reclaiming init code). No changes can be made to the tables
      with the MMU turned on from this point onwards. This change is also
      enabled for sp_min and tspd.
      
      To make all this possible, the base table was moved to .rodata. The
      penalty we pay is that now .rodata must be aligned to the size of
      the base table (512B alignment). Still, this is better than putting
      the base table with the higher level tables in the xlat_table
      section, as that would cost us a full 4KB page.
      
      Changing the tables from read-write to read-only cannot be done with
      the MMU on, as the break-before-make sequence would invalidate the
      descriptor which resolves the level 3 page table where that very
      descriptor is located. This would make the translation required for
      writing the changes impossible, generating an MMU fault.
      
      The caches are also flushed.
      Signed-off-by: default avatarPetre-Ionut Tudor <petre-ionut.tudor@arm.com>
      Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
      60e8f3cf
    • Sandrine Bailleux's avatar
      plat/arm: Pass cookie argument down to arm_get_rotpk_info() · 88005701
      Sandrine Bailleux authored
      
      
      The cookie will be leveraged in the next commit.
      
      Change-Id: Ie8bad275d856d84c27466461cf815529dd860446
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      88005701
  7. 19 Feb, 2020 3 commits
  8. 10 Feb, 2020 1 commit
  9. 07 Feb, 2020 9 commits
  10. 06 Feb, 2020 1 commit
    • Max Shvetsov's avatar
      Adds option to read ROTPK from registers for FVP · a6ffddec
      Max Shvetsov authored
      
      
      Enables usage of ARM_ROTPK_LOCATION=regs for FVP board.
      Removes hard-coded developer keys. Instead, setting
      ARM_ROTPK_LOCATION=devel_* takes keys from default directory.
      In case of ROT_KEY specified - generates a new hash and replaces the
      original.
      
      Note: Juno board was tested by original feature author and was not tested
      for this patch since we don't have access to the private key. Juno
      implementation was moved to board-specific file without changing
      functionality. It is not known whether byte-swapping is still needed
      for this platform.
      
      Change-Id: I0fdbaca0415cdcd78f3a388551c2e478c01ed986
      Signed-off-by: default avatarMax Shvetsov <maksims.svecovs@arm.com>
      a6ffddec
  11. 27 Jan, 2020 1 commit
    • Madhukar Pappireddy's avatar
      plat/arm: Add support for SEPARATE_NOBITS_REGION · 0c1f197a
      Madhukar Pappireddy authored
      
      
      In order to support SEPARATE_NOBITS_REGION for Arm platforms, we need to load
      BL31 PROGBITS into secure DRAM space and BL31 NOBITS into SRAM. Hence mandate
      the build to require that ARM_BL31_IN_DRAM is enabled as well.
      
      Naturally with SEPARATE_NOBITS_REGION enabled, the BL31 initialization code
      cannot be reclaimed to be used for runtime data such as secondary cpu stacks.
      
      Memory map for BL31 NOBITS region also has to be created.
      
      Change-Id: Ibbc8c9499a32e63fd0957a6e254608fbf6fa90c9
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      0c1f197a
  12. 23 Jan, 2020 1 commit
  13. 22 Jan, 2020 1 commit
    • Madhukar Pappireddy's avatar
      plat/arm: Add support for SEPARATE_NOBITS_REGION · d433bbdd
      Madhukar Pappireddy authored
      
      
      In order to support SEPARATE_NOBITS_REGION for Arm platforms, we need to load
      BL31 PROGBITS into secure DRAM space and BL31 NOBITS into SRAM. Hence mandate
      the build to require that ARM_BL31_IN_DRAM is enabled as well.
      
      Naturally with SEPARATE_NOBITS_REGION enabled, the BL31 initialization code
      cannot be reclaimed to be used for runtime data such as secondary cpu stacks.
      
      Memory map for BL31 NOBITS region also has to be created.
      
      Change-Id: Ibd480f82c1dc74e9cbb54eec07d7a8fecbf25433
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      d433bbdd
  14. 10 Jan, 2020 1 commit
    • Deepika Bhavnani's avatar
      Unify type of "cpu_idx" across PSCI module. · 5b33ad17
      Deepika Bhavnani authored
      
      
      NOTE for platform integrators:
         API `plat_psci_stat_get_residency()` third argument
         `last_cpu_idx` is changed from "signed int" to the
         "unsigned int" type.
      
      Issue / Trouble points
      1. cpu_idx is used as mix of `unsigned int` and `signed int` in code
      with typecasting at some places leading to coverity issues.
      
      2. Underlying platform API's return cpu_idx as `unsigned int`
      and comparison is performed with platform specific defines
      `PLAFORM_xxx` which is not consistent
      
      Misra Rule 10.4:
      The value of a complex expression of integer type may only be cast to
      a type that is narrower and of the same signedness as the underlying
      type of the expression.
      
      Based on above points, cpu_idx is kept as `unsigned int` to match
      the API's and low-level functions and platform defines are updated
      where ever required
      Signed-off-by: default avatarDeepika Bhavnani <deepika.bhavnani@arm.com>
      Change-Id: Ib26fd16e420c35527204b126b9b91e8babcc3a5c
      5b33ad17
  15. 20 Dec, 2019 2 commits
    • Paul Beesley's avatar
      spm: Remove SPM Alpha 1 prototype and support files · 538b0020
      Paul Beesley authored
      
      
      The Secure Partition Manager (SPM) prototype implementation is
      being removed. This is preparatory work for putting in place a
      dispatcher component that, in turn, enables partition managers
      at S-EL2 / S-EL1.
      
      This patch removes:
      
      - The core service files (std_svc/spm)
      - The Resource Descriptor headers (include/services)
      - SPRT protocol support and service definitions
      - SPCI protocol support and service definitions
      
      Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426
      Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      Signed-off-by: default avatarArtsem Artsemenka <artsem.artsemenka@arm.com>
      538b0020
    • Paul Beesley's avatar
      Remove dependency between SPM_MM and ENABLE_SPM build flags · 3f3c341a
      Paul Beesley authored
      
      
      There are two different implementations of Secure Partition
      management in TF-A. One is based on the "Management Mode" (MM)
      design, the other is based on the Secure Partition Client Interface
      (SPCI) specification. Currently there is a dependency between their
      build flags that shouldn't exist, making further development
      harder than it should be. This patch removes that
      dependency, making the two flags function independently.
      
      Before: ENABLE_SPM=1 is required for using either implementation.
              By default, the SPCI-based implementation is enabled and
              this is overridden if SPM_MM=1.
      
      After: ENABLE_SPM=1 enables the SPCI-based implementation.
             SPM_MM=1 enables the MM-based implementation.
             The two build flags are mutually exclusive.
      
      Note that the name of the ENABLE_SPM flag remains a bit
      ambiguous - this will be improved in a subsequent patch. For this
      patch the intention was to leave the name as-is so that it is
      easier to track the changes that were made.
      
      Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a
      Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      3f3c341a
  16. 18 Dec, 2019 1 commit
  17. 09 Dec, 2019 1 commit
  18. 07 Nov, 2019 1 commit
  19. 05 Nov, 2019 1 commit
  20. 26 Sep, 2019 1 commit
  21. 15 Aug, 2019 1 commit
  22. 01 Aug, 2019 2 commits
    • Julius Werner's avatar
      Switch AARCH32/AARCH64 to __aarch64__ · 402b3cf8
      Julius Werner authored
      
      
      NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__.
      
      All common C compilers pre-define the same macros to signal which
      architecture the code is being compiled for: __arm__ for AArch32 (or
      earlier versions) and __aarch64__ for AArch64. There's no need for TF-A
      to define its own custom macros for this. In order to unify code with
      the export headers (which use __aarch64__ to avoid another dependency),
      let's deprecate the AARCH32 and AARCH64 macros and switch the code base
      over to the pre-defined standard macro. (Since it is somewhat
      unintuitive that __arm__ only means AArch32, let's standardize on only
      using __aarch64__.)
      
      Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      402b3cf8
    • Julius Werner's avatar
      Replace __ASSEMBLY__ with compiler-builtin __ASSEMBLER__ · d5dfdeb6
      Julius Werner authored
      
      
      NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__.
      
      All common C compilers predefine a macro called __ASSEMBLER__ when
      preprocessing a .S file. There is no reason for TF-A to define it's own
      __ASSEMBLY__ macro for this purpose instead. To unify code with the
      export headers (which use __ASSEMBLER__ to avoid one extra dependency),
      let's deprecate __ASSEMBLY__ and switch the code base over to the
      predefined standard.
      
      Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      d5dfdeb6
  23. 23 Jul, 2019 1 commit
    • Ambroise Vincent's avatar
      arm: Shorten the Firmware Update (FWU) process · 37b70031
      Ambroise Vincent authored
      
      
      The watchdog is configured with a default value of 256 seconds in order
      to implement the Trusted Board Boot Requirements.
      
      For the FVP and Juno platforms, the FWU process relies on a watchdog
      reset. In order to automate the test of FWU, the length of this process
      needs to be as short as possible. Instead of waiting for those 4 minutes
      to have a reset by the watchdog, tell it to reset immediately.
      
      There are no side effects as the value of the watchdog's load register
      resets to 0xFFFFFFFF.
      
      Tested on Juno.
      
      Change-Id: Ib1aea80ceddc18ff1e0813a5b98dd141ba8a3ff2
      Signed-off-by: default avatarAmbroise Vincent <ambroise.vincent@arm.com>
      37b70031
  24. 26 Jun, 2019 1 commit
    • Manoj Kumar's avatar
      n1sdp: add code for DDR ECC enablement and BL33 copy to DDR · de8bc83e
      Manoj Kumar authored
      
      
      N1SDP platform supports RDIMMs with ECC capability. To use the ECC
      capability, the entire DDR memory space has to be zeroed out before
      enabling the ECC bits in DMC620. Zeroing out several gigabytes of
      memory from SCP is quite time consuming so functions are added that
      zeros out the DDR memory from application processor which is
      much faster compared to SCP. BL33 binary cannot be copied to DDR memory
      before enabling ECC so this is also done by TF-A from IOFPGA-DDR3
      memory to main DDR4 memory after ECC is enabled.
      
      Original PLAT_PHY_ADDR_SPACE_SIZE was limited to 36-bits with which
      the entire DDR space cannot be accessed as DRAM2 starts in base
      0x8080000000. So these macros are redefined for all ARM platforms.
      
      Change-Id: If09524fb65b421b7a368b1b9fc52c49f2ddb7846
      Signed-off-by: default avatarManoj Kumar <manoj.kumar3@arm.com>
      de8bc83e
  25. 15 May, 2019 1 commit
    • Sami Mujawar's avatar
      Add option for defining platform DRAM2 base · 6bb6015f
      Sami Mujawar authored
      
      
      The default DRAM2 base address for Arm platforms
      is 0x880000000. However, on some platforms the
      firmware may want to move the start address to
      a different value.
      
      To support this introduce PLAT_ARM_DRAM2_BASE that
      defaults to 0x880000000; but can be overridden by
      a platform (e.g. in platform_def.h).
      
      Change-Id: I0d81195e06070bc98f376444b48ada2db1666e28
      Signed-off-by: default avatarSami Mujawar <sami.mujawar@arm.com>
      6bb6015f
  26. 17 Apr, 2019 1 commit
    • Aditya Angadi's avatar
      plat/arm: introduce wrapper functions to setup secure watchdog · b0c97daf
      Aditya Angadi authored
      
      
      The BL1 stage setup code for ARM platforms sets up the SP805 watchdog
      controller as the secure watchdog. But not all ARM platforms use SP805
      as the secure watchdog controller.
      
      So introduce two new ARM platform code specific wrapper functions to
      start and stop the secure watchdog. These functions then replace the
      calls to SP805 driver in common BL1 setup code. All the ARM platforms
      implement these wrapper functions by either calling into SP805 driver
      or the SBSA watchdog driver.
      
      Change-Id: I1a9a11b124cf3fac2a84f22ca40acd440a441257
      Signed-off-by: default avatarAditya Angadi <aditya.angadi@arm.com>
      b0c97daf
  27. 01 Apr, 2019 1 commit
    • Ambroise Vincent's avatar
      Remove several warnings reported with W=1 · 609e053c
      Ambroise Vincent authored
      
      
      Improved support for W=1 compilation flag by solving missing-prototypes
      and old-style-definition warnings.
      
      The libraries are compiling with warnings (which turn into errors with
      the Werror flag).
      
      Outside of libraries, some warnings cannot be fixed without heavy
      structural changes.
      
      Change-Id: I1668cf99123ac4195c2a6a1d48945f7a64c67f16
      Signed-off-by: default avatarAmbroise Vincent <ambroise.vincent@arm.com>
      609e053c