- 25 Mar, 2020 1 commit
-
-
Alexei Fedorov authored
This patch provides support for measured boot by adding calculation of BL2 image hash in BL1 and writing these data in TB_FW_CONFIG DTB. Change-Id: Ic074a7ed19b14956719c271c805b35d147b7cec1 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 17 Mar, 2020 1 commit
-
-
Manish V Badarkhe authored
Implemented SMCCC_ARCH_SOC_ID call in order to get below SOC information: 1. SOC revision 2. SOC version Implementation done using below SMCCC specification document: https://developer.arm.com/docs/den0028/c Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: Ie0595f1c345a6429a6fb4a7f05534a0ca9c9a48b
-
- 11 Mar, 2020 1 commit
-
-
Madhukar Pappireddy authored
Necessary infrastructure added to integrate fconf framework in BL31 & SP_MIN. Created few populator() functions which parse HW_CONFIG device tree and registered them with fconf framework. Many of the changes are only applicable for fvp platform. This patch: 1. Adds necessary symbols and sections in BL31, SP_MIN linker script 2. Adds necessary memory map entry for translation in BL31, SP_MIN 3. Creates an abstraction layer for hardware configuration based on fconf framework 4. Adds necessary changes to build flow (makefiles) 5. Minimal callback to read hw_config dtb for capturing properties related to GIC(interrupt-controller node) 6. updates the fconf documentation Change-Id: Ib6292071f674ef093962b9e8ba0d322b7bf919af Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 04 Mar, 2020 1 commit
-
-
Manish Pandey authored
This patch implements loading of Secure Partition packages using existing framework of loading other bl images. The current framework uses a statically defined array to store all the possible image types and at run time generates a link list and traverse through it to load different images. To load SPs, a new array of fixed size is introduced which will be dynamically populated based on number of SPs available in the system and it will be appended to the loadable images list. Change-Id: I8309f63595f2a71b28a73b922d20ccba9c4f6ae4 Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
-
- 03 Mar, 2020 1 commit
-
-
Olivier Deprez authored
Use the firmware configuration framework to retrieve information about Secure Partitions to facilitate loading them into memory. To load a SP image we need UUID look-up into FIP and the load address where it needs to be loaded in memory. This patch introduces a SP populator function which gets UUID and load address from firmware config device tree and updates its C data structure. Change-Id: I17faec41803df9a76712dcc8b67cadb1c9daf8cd Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
-
- 24 Feb, 2020 2 commits
-
-
Petre-Ionut Tudor authored
This patch introduces a build flag which allows the xlat tables to be mapped in a read-only region within BL31 memory. It makes it much harder for someone who has acquired the ability to write to arbitrary secure memory addresses to gain control of the translation tables. The memory attributes of the descriptors describing the tables themselves are changed to read-only secure data. This change happens at the end of BL31 runtime setup. Until this point, the tables have read-write permissions. This gives a window of opportunity for changes to be made to the tables with the MMU on (e.g. reclaiming init code). No changes can be made to the tables with the MMU turned on from this point onwards. This change is also enabled for sp_min and tspd. To make all this possible, the base table was moved to .rodata. The penalty we pay is that now .rodata must be aligned to the size of the base table (512B alignment). Still, this is better than putting the base table with the higher level tables in the xlat_table section, as that would cost us a full 4KB page. Changing the tables from read-write to read-only cannot be done with the MMU on, as the break-before-make sequence would invalidate the descriptor which resolves the level 3 page table where that very descriptor is located. This would make the translation required for writing the changes impossible, generating an MMU fault. The caches are also flushed. Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com> Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
-
Sandrine Bailleux authored
The cookie will be leveraged in the next commit. Change-Id: Ie8bad275d856d84c27466461cf815529dd860446 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 19 Feb, 2020 1 commit
-
-
Suyash Pathak authored
For platforms that have two or more TZC400 controllers instantiated, allow the TZC400 driver to be usable with all those instances. This is achieved by allowing 'arm_tzc400_setup' function to accept the base address of the TZC400 controller. Change-Id: I4add470e6ddb58432cd066145e644112400ab924 Signed-off-by: Suyash Pathak <suyash.pathak@arm.com>
-
- 10 Feb, 2020 1 commit
-
-
Achin Gupta authored
This patch reserves and maps the Trusted DRAM for SPM core execution. It also configures the TrustZone address space controller to run BL31 in secure DRAM. Signed-off-by: Achin Gupta <achin.gupta@arm.com> Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Change-Id: I7e1bb3bbc61a0fec6a9cb595964ff553620c21dc
-
- 07 Feb, 2020 7 commits
-
-
Louis Mayencourt authored
Currently, an IO setup failure will be ignored on arm platform release build. Change this to panic instead. Change-Id: I027a045bce2422b0a0fc4ff9e9d4c6e7bf5d2f98 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
Louis Mayencourt authored
Change the return type of "arm_io_is_toc_valid()" and "plat_arm_bl1_fwu_needed()" to bool, to match function behavior. Change-Id: I503fba211219a241cb263149ef36ca14e3362a1c Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
Louis Mayencourt authored
Use the firmware configuration framework to store the io_policies information inside the configuration device tree instead of the static structure in the code base. The io_policies required by BL1 can't be inside the dtb, as this one is loaded by BL1, and only available at BL2. This change currently only applies to FVP platform. Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
Louis Mayencourt authored
Use the firmware configuration framework in arm dynamic configuration to retrieve mbedtls heap information between bl1 and bl2. For this, a new fconf getter is added to expose the device tree base address and size. Change-Id: Ifa5ac9366ae100e2cdd1f4c8e85fc591b170f4b6 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
Louis Mayencourt authored
Use fconf to retrieve the `disable_authentication` property. Move this access from arm dynamic configuration to bl common. Change-Id: Ibf184a5c6245d04839222f5457cf5e651f252b86 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
Louis Mayencourt authored
This patch introduces a better separation between the trusted-boot related properties, and the dynamic configuration DTBs loading information. The dynamic configuration DTBs properties are moved to a new node: `dtb-registry`. All the sub-nodes present will be provided to the dynamic config framework to be loaded. The node currently only contains the already defined configuration DTBs, but can be extended for future features if necessary. The dynamic config framework is modified to use the abstraction provided by the fconf framework, instead of directly accessing the DTBs. The trusted-boot properties are kept under the "arm,tb_fw" compatible string, but in a separate `tb_fw-config` node. The `tb_fw-config` property of the `dtb-registry` node simply points to the load address of `fw_config`, as the `tb_fw-config` is currently part of the same DTB. Change-Id: Iceb6c4c2cb92b692b6e28dbdc9fb060f1c46de82 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
Louis Mayencourt authored
Move the loading of the dtb from arm_dym_cfg to fconf. The new loading function is not associated to arm platform anymore, and can be moved to bl_main if wanted. Change-Id: I847d07eaba36d31d9d3ed9eba8e58666ea1ba563 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 06 Feb, 2020 1 commit
-
-
Max Shvetsov authored
Enables usage of ARM_ROTPK_LOCATION=regs for FVP board. Removes hard-coded developer keys. Instead, setting ARM_ROTPK_LOCATION=devel_* takes keys from default directory. In case of ROT_KEY specified - generates a new hash and replaces the original. Note: Juno board was tested by original feature author and was not tested for this patch since we don't have access to the private key. Juno implementation was moved to board-specific file without changing functionality. It is not known whether byte-swapping is still needed for this platform. Change-Id: I0fdbaca0415cdcd78f3a388551c2e478c01ed986 Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
- 27 Jan, 2020 1 commit
-
-
Madhukar Pappireddy authored
In order to support SEPARATE_NOBITS_REGION for Arm platforms, we need to load BL31 PROGBITS into secure DRAM space and BL31 NOBITS into SRAM. Hence mandate the build to require that ARM_BL31_IN_DRAM is enabled as well. Naturally with SEPARATE_NOBITS_REGION enabled, the BL31 initialization code cannot be reclaimed to be used for runtime data such as secondary cpu stacks. Memory map for BL31 NOBITS region also has to be created. Change-Id: Ibbc8c9499a32e63fd0957a6e254608fbf6fa90c9 Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 23 Jan, 2020 1 commit
-
-
Mark Dykes authored
This reverts commit d433bbdd. Change-Id: I46c69dce704a1ce1b50452dd4d62425c4a67f7f0
-
- 22 Jan, 2020 1 commit
-
-
Madhukar Pappireddy authored
In order to support SEPARATE_NOBITS_REGION for Arm platforms, we need to load BL31 PROGBITS into secure DRAM space and BL31 NOBITS into SRAM. Hence mandate the build to require that ARM_BL31_IN_DRAM is enabled as well. Naturally with SEPARATE_NOBITS_REGION enabled, the BL31 initialization code cannot be reclaimed to be used for runtime data such as secondary cpu stacks. Memory map for BL31 NOBITS region also has to be created. Change-Id: Ibd480f82c1dc74e9cbb54eec07d7a8fecbf25433 Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 10 Jan, 2020 1 commit
-
-
Deepika Bhavnani authored
NOTE for platform integrators: API `plat_psci_stat_get_residency()` third argument `last_cpu_idx` is changed from "signed int" to the "unsigned int" type. Issue / Trouble points 1. cpu_idx is used as mix of `unsigned int` and `signed int` in code with typecasting at some places leading to coverity issues. 2. Underlying platform API's return cpu_idx as `unsigned int` and comparison is performed with platform specific defines `PLAFORM_xxx` which is not consistent Misra Rule 10.4: The value of a complex expression of integer type may only be cast to a type that is narrower and of the same signedness as the underlying type of the expression. Based on above points, cpu_idx is kept as `unsigned int` to match the API's and low-level functions and platform defines are updated where ever required Signed-off-by: Deepika Bhavnani <deepika.bhavnani@arm.com> Change-Id: Ib26fd16e420c35527204b126b9b91e8babcc3a5c
-
- 20 Dec, 2019 2 commits
-
-
Paul Beesley authored
The Secure Partition Manager (SPM) prototype implementation is being removed. This is preparatory work for putting in place a dispatcher component that, in turn, enables partition managers at S-EL2 / S-EL1. This patch removes: - The core service files (std_svc/spm) - The Resource Descriptor headers (include/services) - SPRT protocol support and service definitions - SPCI protocol support and service definitions Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426 Signed-off-by: Paul Beesley <paul.beesley@arm.com> Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
-
Paul Beesley authored
There are two different implementations of Secure Partition management in TF-A. One is based on the "Management Mode" (MM) design, the other is based on the Secure Partition Client Interface (SPCI) specification. Currently there is a dependency between their build flags that shouldn't exist, making further development harder than it should be. This patch removes that dependency, making the two flags function independently. Before: ENABLE_SPM=1 is required for using either implementation. By default, the SPCI-based implementation is enabled and this is overridden if SPM_MM=1. After: ENABLE_SPM=1 enables the SPCI-based implementation. SPM_MM=1 enables the MM-based implementation. The two build flags are mutually exclusive. Note that the name of the ENABLE_SPM flag remains a bit ambiguous - this will be improved in a subsequent patch. For this patch the intention was to leave the name as-is so that it is easier to track the changes that were made. Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
- 18 Dec, 2019 1 commit
-
-
Ambroise Vincent authored
Provide an SMC interface to the 9p filesystem. This permits accessing firmware drivers through a common interface, using standardized read/write/control operations. Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I9314662314bb060f6bc02714476574da158b2a7d
-
- 09 Dec, 2019 1 commit
-
-
Ambroise Vincent authored
Previously the .init section was created even when the reclaim flag was manually set to 0. Change-Id: Ia9e7c7997261f54a4eca725d7ea605192f60bcf8 Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com> Zelalem Aweke <zelalem.aweke@arm.com>
-
- 07 Nov, 2019 1 commit
-
-
Manish Pandey authored
Earlier PIE support was enabled for all arm platforms when RESET_TO_BL31=1, but later on it was restricted only to FVP with patch SHA d4580d17 because of n1sdp platform. Now it has been verified that PIE does work for n1sdp platform also, so enabling it again for all arm platforms. Change-Id: I05ad4f1775ef72e7cb578ec9245cde3fbce971a5 Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
-
- 05 Nov, 2019 1 commit
-
-
Vijayenthiran Subramaniam authored
ARM platform can have a non-contiguous GICR frames. For instance, a multi socket platform can have two or more GIC Redistributor frames which are 4TB apart. Hence it is necessary for the `gicv3_rdistif_probe` function to probe all the GICR frames available in the platform. Introduce `plat_arm_override_gicr_frames` function which platforms can use to override the default gicr_frames which holds the GICR base address of the primary cpu. Change-Id: I1f537b0d871a679cb256092944737f2e55ab866e Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
-
- 15 Aug, 2019 1 commit
-
-
Alexei Fedorov authored
This patch modifies crash reporting for AArch64 to provide aligned output of register dump and GIC registers. Change-Id: I8743bf1d2d6d56086e735df43785ef28051c5fc3 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 01 Aug, 2019 1 commit
-
-
Julius Werner authored
NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__. All common C compilers pre-define the same macros to signal which architecture the code is being compiled for: __arm__ for AArch32 (or earlier versions) and __aarch64__ for AArch64. There's no need for TF-A to define its own custom macros for this. In order to unify code with the export headers (which use __aarch64__ to avoid another dependency), let's deprecate the AARCH32 and AARCH64 macros and switch the code base over to the pre-defined standard macro. (Since it is somewhat unintuitive that __arm__ only means AArch32, let's standardize on only using __aarch64__.) Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200 Signed-off-by: Julius Werner <jwerner@chromium.org>
-
- 23 Jul, 2019 1 commit
-
-
Ambroise Vincent authored
The watchdog is configured with a default value of 256 seconds in order to implement the Trusted Board Boot Requirements. For the FVP and Juno platforms, the FWU process relies on a watchdog reset. In order to automate the test of FWU, the length of this process needs to be as short as possible. Instead of waiting for those 4 minutes to have a reset by the watchdog, tell it to reset immediately. There are no side effects as the value of the watchdog's load register resets to 0xFFFFFFFF. Tested on Juno. Change-Id: Ib1aea80ceddc18ff1e0813a5b98dd141ba8a3ff2 Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
-
- 26 Jun, 2019 1 commit
-
-
Manoj Kumar authored
N1SDP platform supports RDIMMs with ECC capability. To use the ECC capability, the entire DDR memory space has to be zeroed out before enabling the ECC bits in DMC620. Zeroing out several gigabytes of memory from SCP is quite time consuming so functions are added that zeros out the DDR memory from application processor which is much faster compared to SCP. BL33 binary cannot be copied to DDR memory before enabling ECC so this is also done by TF-A from IOFPGA-DDR3 memory to main DDR4 memory after ECC is enabled. Original PLAT_PHY_ADDR_SPACE_SIZE was limited to 36-bits with which the entire DDR space cannot be accessed as DRAM2 starts in base 0x8080000000. So these macros are redefined for all ARM platforms. Change-Id: If09524fb65b421b7a368b1b9fc52c49f2ddb7846 Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
-
- 15 May, 2019 1 commit
-
-
Sami Mujawar authored
The default DRAM2 base address for Arm platforms is 0x880000000. However, on some platforms the firmware may want to move the start address to a different value. To support this introduce PLAT_ARM_DRAM2_BASE that defaults to 0x880000000; but can be overridden by a platform (e.g. in platform_def.h). Change-Id: I0d81195e06070bc98f376444b48ada2db1666e28 Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
-
- 17 Apr, 2019 1 commit
-
-
Aditya Angadi authored
The BL1 stage setup code for ARM platforms sets up the SP805 watchdog controller as the secure watchdog. But not all ARM platforms use SP805 as the secure watchdog controller. So introduce two new ARM platform code specific wrapper functions to start and stop the secure watchdog. These functions then replace the calls to SP805 driver in common BL1 setup code. All the ARM platforms implement these wrapper functions by either calling into SP805 driver or the SBSA watchdog driver. Change-Id: I1a9a11b124cf3fac2a84f22ca40acd440a441257 Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
-
- 01 Apr, 2019 1 commit
-
-
Ambroise Vincent authored
Improved support for W=1 compilation flag by solving missing-prototypes and old-style-definition warnings. The libraries are compiling with warnings (which turn into errors with the Werror flag). Outside of libraries, some warnings cannot be fixed without heavy structural changes. Change-Id: I1668cf99123ac4195c2a6a1d48945f7a64c67f16 Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
-
- 23 Jan, 2019 1 commit
-
-
Sathees Balya authored
On ARM platforms, the BL2 memory can be overlaid by BL31/BL32. The memory descriptors describing the list of executable images are created in BL2 R/W memory, which could be possibly corrupted later on by BL31/BL32 due to overlay. This patch creates a reserved location in SRAM for these descriptors and are copied over by BL2 before handing over to next BL image. Also this patch increases the PLAT_ARM_MAX_BL2_SIZE for juno when TBBR is enabled. Fixes ARM-Software/tf-issues#626 Change-Id: I755735706fa702024b4032f51ed4895b3687377f Signed-off-by: Sathees Balya <sathees.balya@arm.com>
-
- 22 Jan, 2019 1 commit
-
-
Antonio Nino Diaz authored
The SPM implementation based on MM is going to be kept for the foreseeable future. Change-Id: I11e96778a4f52a1aa803e7e048d9a7cb24a53954 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Acked-by: Sumit Garg <sumit.garg@linaro.org>
-
- 15 Jan, 2019 1 commit
-
-
Antonio Nino Diaz authored
From now on, platform_def.h must include any header with definitions that are platform-specific (like arm_def.h) and the included headers mustn't include back platform_def.h, and shouldn't be used by other files. Only platform_def.h should be included in other files. This will ensure that all needed definitions are present, rather than needing to include all the headers in all the definitions' headers just in case. This also prevents problems like cyclic dependencies. Change-Id: I9d3cf4d1de4b956fa035c79545222697acdaf5ca Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 08 Jan, 2019 1 commit
-
-
Ard Biesheuvel authored
Update some asserts that refer to #defines that only occur in ARM platforms, preventing this code to be used on other platforms. Instead, use a platform agnostic name, and update all the existing users. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
-
- 07 Jan, 2019 1 commit
-
-
Soby Mathew authored
The patch SHA 55cf015c enabled PIE support when RESET_TO_BL31=1 for all ARM platforms. But it seems n1sdp platform doesn't work with PIE support yet. Hence restrict the ENABLE_PIE=1 to fvp platform. Change-Id: If44e42528e4b0b57c69084503f346576fe0748bd Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 04 Jan, 2019 1 commit
-
-
Antonio Nino Diaz authored
Enforce full include path for includes. Deprecate old paths. The following folders inside include/lib have been left unchanged: - include/lib/cpus/${ARCH} - include/lib/el3_runtime/${ARCH} The reason for this change is that having a global namespace for includes isn't a good idea. It defeats one of the advantages of having folders and it introduces problems that are sometimes subtle (because you may not know the header you are actually including if there are two of them). For example, this patch had to be created because two headers were called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform to avoid collision."). More recently, this patch has had similar problems: 46f9b2c3 ("drivers: add tzc380 support"). This problem was introduced in commit 4ecca339 ("Move include and source files to logical locations"). At that time, there weren't too many headers so it wasn't a real issue. However, time has shown that this creates problems. Platforms that want to preserve the way they include headers may add the removed paths to PLAT_INCLUDES, but this is discouraged. Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-