1. 25 Jun, 2015 5 commits
    • Juan Castillo's avatar
      TBB: delete deprecated plat_match_rotpk() · f04585f3
      Juan Castillo authored
      The authentication framework deprecates plat_match_rotpk()
      in favour of plat_get_rotpk_info(). This patch removes
      plat_match_rotpk() from the platform port.
      
      Change-Id: I2250463923d3ef15496f9c39678b01ee4b33883b
      f04585f3
    • Juan Castillo's avatar
      TBB: switch to the new authentication framework · 1779ba6b
      Juan Castillo authored
      This patch modifies the Trusted Board Boot implementation to use
      the new authentication framework, making use of the authentication
      module, the cryto module and the image parser module to
      authenticate the images in the Chain of Trust.
      
      A new function 'load_auth_image()' has been implemented. When TBB
      is enabled, this function will call the authentication module to
      authenticate parent images following the CoT up to the root of
      trust to finally load and authenticate the requested image.
      
      The platform is responsible for picking up the right makefiles to
      build the corresponding cryptographic and image parser libraries.
      ARM platforms use the mbedTLS based libraries.
      
      The platform may also specify what key algorithm should be used
      to sign the certificates. This is done by declaring the 'KEY_ALG'
      variable in the platform makefile. FVP and Juno use ECDSA keys.
      
      On ARM platforms, BL2 and BL1-RW regions have been increased 4KB
      each to accommodate the ECDSA code.
      
      REMOVED BUILD OPTIONS:
      
        * 'AUTH_MOD'
      
      Change-Id: I47d436589fc213a39edf5f5297bbd955f15ae867
      1779ba6b
    • Juan Castillo's avatar
      TBB: add platform API to read the ROTPK information · 95cfd4ad
      Juan Castillo authored
      This patch extends the platform port by adding an API that returns
      either the Root of Trust public key (ROTPK) or its hash. This is
      usually stored in ROM or eFUSE memory. The ROTPK returned must be
      encoded in DER format according to the following ASN.1 structure:
      
          SubjectPublicKeyInfo  ::=  SEQUENCE  {
              algorithm           AlgorithmIdentifier,
              subjectPublicKey    BIT STRING
          }
      
      In case the platform returns a hash of the key:
      
          DigestInfo  ::= SEQUENCE {
              digestAlgorithm     AlgorithmIdentifier,
              keyDigest           OCTET STRING
          }
      
      An implementation for ARM development platforms is provided in this
      patch. When TBB is enabled, the ROTPK hash location must be specified
      using the build option 'ARM_ROTPK_LOCATION'. Available options are:
      
          - 'regs' : return the ROTPK hash stored in the Trusted
            root-key storage registers.
      
          - 'devel_rsa' : return a ROTPK hash embedded in the BL1 and
            BL2 binaries. This hash has been obtained from the development
            RSA public key located in 'plat/arm/board/common/rotpk'.
      
      On FVP, the number of MMU tables has been increased to map and
      access the ROTPK registers.
      
      A new file 'board_common.mk' has been added to improve code sharing
      in the ARM develelopment platforms.
      
      Change-Id: Ib25862e5507d1438da10773e62bd338da8f360bf
      95cfd4ad
    • Juan Castillo's avatar
      Use numbers to identify images instead of names · 16948ae1
      Juan Castillo authored
      The Trusted firmware code identifies BL images by name. The platform
      port defines a name for each image e.g. the IO framework uses this
      mechanism in the platform function plat_get_image_source(). For
      a given image name, it returns the handle to the image file which
      involves comparing images names. In addition, if the image is
      packaged in a FIP, a name comparison is required to find the UUID
      for the image. This method is not optimal.
      
      This patch changes the interface between the generic and platform
      code with regard to identifying images. The platform port must now
      allocate a unique number (ID) for every image. The generic code will
      use the image ID instead of the name to access its attributes.
      
      As a result, the plat_get_image_source() function now takes an image
      ID as an input parameter. The organisation of data structures within
      the IO framework has been rationalised to use an image ID as an index
      into an array which contains attributes of the image such as UUID and
      name. This prevents the name comparisons.
      
      A new type 'io_uuid_spec_t' has been introduced in the IO framework
      to specify images identified by UUID (i.e. when the image is contained
      in a FIP file). There is no longer need to maintain a look-up table
      [iname_name --> uuid] in the io_fip driver code.
      
      Because image names are no longer mandatory in the platform port, the
      debug messages in the generic code will show the image identifier
      instead of the file name. The platforms that support semihosting to
      load images (i.e. FVP) must provide the file names as definitions
      private to the platform.
      
      The ARM platform ports and documentation have been updated accordingly.
      All ARM platforms reuse the image IDs defined in the platform common
      code. These IDs will be used to access other attributes of an image in
      subsequent patches.
      
      IMPORTANT: applying this patch breaks compatibility for platforms that
      use TF BL1 or BL2 images or the image loading code. The platform port
      must be updated to match the new interface.
      
      Change-Id: I9c1b04cb1a0684c6ee65dee66146dd6731751ea5
      16948ae1
    • Juan Castillo's avatar
      TBB: add build option to save private keys · fd34e7ba
      Juan Castillo authored
      This patch adds a boolean build option 'SAVE_KEYS' to indicate the
      certificate generation tool that it must save the private keys used
      to establish the chain of trust. This option depends on 'CREATE_KEYS'
      to be enabled. Default is '0' (do not save).
      
      Because the same filenames are used as outputs to save the keys,
      they are no longer a dependency to the cert_tool. This dependency
      has been removed from the Makefile.
      
      Documentation updated accordingly.
      
      Change-Id: I67ab1c2b1f8a25793f0de95e8620ce7596a6bc3b
      fd34e7ba
  2. 11 Jun, 2015 2 commits
  3. 08 Jun, 2015 1 commit
    • Juan Castillo's avatar
      Fix build option 'ARM_TSP_RAM_LOCATION' in user guide · e5da24f7
      Juan Castillo authored
      The 'ARM_TSP_RAM_LOCATION_ID' option specified in the user guide
      corresponds to the internal definition not visible to the final
      user. The proper build option is 'ARM_TSP_RAM_LOCATION'. This
      patch fixes it.
      
      Fixes ARM-software/tf-issues#308
      
      Change-Id: Ica8cb72c0c5e8b3503f60b5357d16698e869b1bd
      e5da24f7
  4. 04 Jun, 2015 3 commits
    • Sandrine Bailleux's avatar
      Introduce PROGRAMMABLE_RESET_ADDRESS build option · bf031bba
      Sandrine Bailleux authored
      This patch introduces a new platform build option, called
      PROGRAMMABLE_RESET_ADDRESS, which tells whether the platform has
      a programmable or fixed reset vector address.
      
      If the reset vector address is fixed then the code relies on the
      platform_get_entrypoint() mailbox mechanism to figure out where
      it is supposed to jump. On the other hand, if it is programmable
      then it is assumed that the platform code will program directly
      the right address into the RVBAR register (instead of using the
      mailbox redirection) so the mailbox is ignored in this case.
      
      Change-Id: If59c3b11fb1f692976e1d8b96c7e2da0ebfba308
      bf031bba
    • Sandrine Bailleux's avatar
      Rationalize reset handling code · 52010cc7
      Sandrine Bailleux authored
      The attempt to run the CPU reset code as soon as possible after reset
      results in highly complex conditional code relating to the
      RESET_TO_BL31 option.
      
      This patch relaxes this requirement a little. In the BL1, BL3-1 and
      PSCI entrypoints code, the sequence of operations is now as follows:
       1) Detect whether it is a cold or warm boot;
       2) For cold boot, detect whether it is the primary or a secondary
          CPU. This is needed to handle multiple CPUs entering cold reset
          simultaneously;
       3) Run the CPU init code.
      
      This patch also abstracts the EL3 registers initialisation done by
      the BL1, BL3-1 and PSCI entrypoints into common code.
      
      This improves code re-use and consolidates the code flows for
      different types of systems.
      
      NOTE: THE FUNCTION plat_secondary_cold_boot() IS NOW EXPECTED TO
      NEVER RETURN. THIS PATCH FORCES PLATFORM PORTS THAT RELIED ON THE
      FORMER RETRY LOOP AT THE CALL SITE TO MODIFY THEIR IMPLEMENTATION.
      OTHERWISE, SECONDARY CPUS WILL PANIC.
      
      Change-Id: If5ecd74d75bee700b1bd718d23d7556b8f863546
      52010cc7
    • Sandrine Bailleux's avatar
      Remove FIRST_RESET_HANDLER_CALL build option · 452b7fa2
      Sandrine Bailleux authored
      This patch removes the FIRST_RESET_HANDLER_CALL build flag and its
      use in ARM development platforms. If a different reset handling
      behavior is required between the first and subsequent invocations
      of the reset handling code, this should be detected at runtime.
      
      On Juno, the platform reset handler is now always compiled in.
      This means it is now executed twice on the cold boot path, first in
      BL1 then in BL3-1, and it has the same behavior in both cases. It is
      also executed twice on the warm boot path, first in BL1 then in the
      PSCI entrypoint code.
      
      Also update the documentation to reflect this change.
      
      NOTE: THIS PATCH MAY FORCE PLATFORM PORTS THAT USE THE
      FIRST_RESET_HANDLER_CALL BUILD OPTION TO FIX THEIR RESET HANDLER.
      
      Change-Id: Ie5c17dbbd0932f5fa3b446efc6e590798a5beae2
      452b7fa2
  5. 01 Jun, 2015 1 commit
    • Sandrine Bailleux's avatar
      Always enable CCI coherency in BL3-1 · a6695275
      Sandrine Bailleux authored
      On ARM standard platforms, snoop and DVM requests used to be enabled
      for the primary CPU's cluster only in the first EL3 bootloader.
      In other words, if the platform reset into BL1 then CCI coherency
      would be enabled by BL1 only, and not by BL3-1 again.
      
      However, this doesn't cater for platforms that use BL3-1 along with
      a non-TF ROM bootloader that doesn't enable snoop and DVM requests.
      In this case, CCI coherency is never enabled.
      
      This patch modifies the function bl31_early_platform_setup() on
      ARM standard platforms so that it always enables snoop and DVM
      requests regardless of whether earlier bootloader stages have
      already done it. There is no harm in executing this code twice.
      
      ARM Trusted Firmware Design document updated accordingly.
      
      Change-Id: Idf1bdeb24d2e1947adfbb76a509f10beef224e1c
      a6695275
  6. 29 May, 2015 1 commit
    • Varun Wadekar's avatar
      Support for NVIDIA's Tegra T210 SoCs · 08438e24
      Varun Wadekar authored
      
      
      T210 is the latest chip in the Tegra family of SoCs from NVIDIA. It is an
      ARM v8 dual-cluster (A57/A53) SoC, with any one of the clusters being active
      at a given point in time.
      
      This patch adds support to boot the Trusted Firmware on T210 SoCs. The patch
      also adds support to boot secondary CPUs, enter/exit core power states for
      all CPUs in the slow/fast clusters. The support to switch between clusters
      is still not available in this patch and would be available later.
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      08438e24
  7. 29 Apr, 2015 1 commit
    • Sandrine Bailleux's avatar
      Move up dependency versions in user guide · 09a81af9
      Sandrine Bailleux authored
      Move up the version numbers in the user guide of:
      
       * DS-5 (to v5.21)
       * EDK2 (to v3.0)
       * Linux Kernel (to 1.6-Juno)
       * Linaro file-system (to 15.03)
       * Juno SCP binary (to v1.7.0 within board recovery image 0.11.3).
      
      Change-Id: Ieb09e633acc2b33823ddf35f77f44e7da60b99ba
      09a81af9
  8. 28 Apr, 2015 2 commits
    • Sandrine Bailleux's avatar
      Detect SCP version incompatibility · 556b966f
      Sandrine Bailleux authored
      There has been a breaking change in the communication protocols used
      between the AP cores and the SCP on CSS based platforms like Juno.
      This means both the AP Trusted Firmware and SCP firmware must be
      updated at the same time.
      
      In case the user forgets to update the SCP ROM firmware, this patch
      detects when it still uses the previous version of the communication
      protocol. It will then output a comprehensive error message that helps
      trouble-shoot the issue.
      
      Change-Id: I7baf8f05ec0b7d8df25e0ee53df61fe7be0207c2
      556b966f
    • Dan Handley's avatar
      Doc updates following platform port reorganization · 4a75b84a
      Dan Handley authored
      Update the User Guide, Porting Guide and Firmware Design documents
      to align them with the recent changes made to the FVP and Juno
      platform ports.
      
      Also fix some other historical inaccuracies.
      
      Change-Id: I37aba4805f9044b1a047996d3e396c75f4a09176
      4a75b84a
  9. 31 Mar, 2015 1 commit
  10. 16 Mar, 2015 1 commit
    • Vikram Kanigiri's avatar
      Common driver for ARM Cache Coherent Interconnects · 23e47ede
      Vikram Kanigiri authored
      Even though both CCI-400 and CCI-500 IPs have different configurations
      with respect to the number and types of supported interfaces, their
      register offsets and programming sequences are similar. This patch
      creates a common driver for enabling and disabling snoop transactions
      and DVMs with both the IPs.
      
      New platform ports which implement one of these IPs should use this
      common driver. Existing platform ports which implement CCI-400 should
      migrate to the common driver as the standalone CCI-400 will be
      deprecated in the future.
      
      Change-Id: I3ccd0eb7b062922d2e4a374ff8c21e79fa357556
      23e47ede
  11. 10 Mar, 2015 1 commit
  12. 05 Mar, 2015 1 commit
    • Juan Castillo's avatar
      TBB: use SHA256 to generate the certificate signatures · ea4ec3aa
      Juan Castillo authored
      This patch replaces SHA1 by SHA256 in the 'cert_create' tool, so
      certificate signatures are generated according to the NSA Suite B
      cryptographic algorithm requirements.
      
      Documentation updated accordingly.
      
      Change-Id: I7be79e6b2b62dac8dc78a4f4f5006e37686bccf6
      ea4ec3aa
  13. 12 Feb, 2015 1 commit
    • Soby Mathew's avatar
      Export maximum affinity using PLATFORM_MAX_AFFLVL macro · 8c32bc26
      Soby Mathew authored
      This patch removes the plat_get_max_afflvl() platform API
      and instead replaces it with a platform macro PLATFORM_MAX_AFFLVL.
      This is done because the maximum affinity level for a platform
      is a static value and it is more efficient for it to be defined
      as a platform macro.
      
      NOTE: PLATFORM PORTS NEED TO BE UPDATED ON MERGE OF THIS COMMIT
      
      Fixes ARM-Software/tf-issues#265
      
      Change-Id: I31d89b30c2ccda30d28271154d869060d50df7bf
      8c32bc26
  14. 04 Feb, 2015 1 commit
    • Achin Gupta's avatar
      Fix model command line for legacy VE memory map · d8d6cc35
      Achin Gupta authored
      The command line options specified in the User Guide to run the AEMv8 Base FVP
      with the legacy VE memory map apply only when the model is configured to use GIC
      v2.0. This patch adds the 'gicv3.gicv2-only=1' to the command line to ensure
      that the right version of GIC is used.
      
      Change-Id: I34c44e19fd42c29818b734ac8f6aa9bf97b4e891
      d8d6cc35
  15. 03 Feb, 2015 2 commits
    • Achin Gupta's avatar
      TBB: Add documentation for Trusted Board Boot · 8d35f61b
      Achin Gupta authored
      This patch updates the user-guide.md with the various build options related to
      Trusted Board Boot and steps to build a FIP image which includes this
      support. It also adds a trusted-board-boot.md which describes the scope and
      design of this feature.
      
      Change-Id: Ifb421268ebf7e06a135684c8ebb04c94835ce061
      8d35f61b
    • Achin Gupta's avatar
      Documentation for version 1.1 · 130ed88d
      Achin Gupta authored
      Final updates to readme.md and change-log.md for ARM Trusted Firmware version
      1.1. Also increment the version in the Makefile.
      
      Change-Id: Ib001a6ec9a9c570985841d06f0ff80ed76c2996b
      130ed88d
  16. 02 Feb, 2015 2 commits
    • Sandrine Bailleux's avatar
      Move up dependency versions in user guide · c4511313
      Sandrine Bailleux authored
      
      
      Move up the version numbers in the user guide of:
      
      * DS-5 (to v5.20)
      * EDK2 (to v2.1-rc0)
      * Linux Kernel (to 1.3-Juno)
      * Linaro file-system (to 14.12)
      * Juno SCP binary (to 1.5.0-rc0 within board recovery image 0.10.1).
        Also remove duplicate information that is available from the
        ARM Connected Community website.
      * Base FVP (to 6.2)
      * Foundation FVP (to 9.1). Also update the name of the Foundation
        FVP binary since it has changed since version 2.1.
      Co-Authored-By: default avatarDan Handley <dan.handley@arm.com>
      
      Change-Id: I1cf2f2b1a3f1b997ac905a4ab440876d265698c0
      c4511313
    • Sandrine Bailleux's avatar
      Miscellaneous doc fixes for v1.1 · 121f2ae7
      Sandrine Bailleux authored
      Change-Id: Iaf9d6305edc478d39cf1b37c8a70ccdf723e8ef9
      121f2ae7
  17. 30 Jan, 2015 1 commit
    • Soby Mathew's avatar
      Fix the Cortex-A57 reset handler register usage · 683f788f
      Soby Mathew authored
      The CPU specific reset handlers no longer have the freedom
      of using any general purpose register because it is being invoked
      by the BL3-1 entry point in addition to BL1. The Cortex-A57 CPU
      specific reset handler was overwriting x20 register which was being
      used by the BL3-1 entry point to save the entry point information.
      This patch fixes this bug by reworking the register allocation in the
      Cortex-A57 reset handler to avoid using x20. The patch also
      explicitly mentions the register clobber list for each of the
      callee functions invoked by the reset handler
      
      Change-Id: I28fcff8e742aeed883eaec8f6c4ee2bd3fce30df
      683f788f
  18. 28 Jan, 2015 1 commit
    • Juan Castillo's avatar
      TBB: add a platform specific function to validate the ROTPK · 6eadf762
      Juan Castillo authored
      This patch adds the function plat_match_rotpk() to the platform
      porting layer to provide a Root Of Trust Public key (ROTPK)
      verification mechanism. This function is called during the
      Trusted Board Boot process and receives a supposed valid copy
      of the ROTPK as a parameter, usually obtained from an external
      source (for instance, a certificate). It returns 0 (success) if
      that key matches the actual ROTPK stored in the system or any
      other value otherwise.
      
      The mechanism to access the actual ROTPK stored in the system
      is platform specific and should be implemented as part of this
      function. The format of the ROTPK is also platform specific
      (to save memory, some platforms might store a hash of the key
      instead of the whole key).
      
      TRUSTED_BOARD_BOOT build option has been added to allow the user
      to enable the Trusted Board Boot features. The implementation of
      the plat_match_rotpk() funtion is mandatory when Trusted Board
      Boot is enabled.
      
      For development purposes, FVP and Juno ports provide a dummy
      function that returns always success (valid key). A safe trusted
      boot implementation should provide a proper matching function.
      
      Documentation updated accordingly.
      
      Change-Id: I74ff12bc2b041556c48533375527d9e8c035b8c3
      6eadf762
  19. 26 Jan, 2015 4 commits
    • Yatharth Kochar's avatar
      Call reset handlers upon BL3-1 entry. · 79a97b2e
      Yatharth Kochar authored
      This patch adds support to call the reset_handler() function in BL3-1 in the
      cold and warm boot paths when another Boot ROM reset_handler() has already run.
      
      This means the BL1 and BL3-1 versions of the CPU and platform specific reset
      handlers may execute different code to each other. This enables a developer to
      perform additional actions or undo actions already performed during the first
      call of the reset handlers e.g. apply additional errata workarounds.
      
      Typically, the reset handler will be first called from the BL1 Boot ROM. Any
      additional functionality can be added to the reset handler when it is called
      from BL3-1 resident in RW memory. The constant FIRST_RESET_HANDLER_CALL is used
      to identify whether this is the first version of the reset handler code to be
      executed or an overridden version of the code.
      
      The Cortex-A57 errata workarounds are applied only if they have not already been
      applied.
      
      Fixes ARM-software/tf-issue#275
      
      Change-Id: Id295f106e4fda23d6736debdade2ac7f2a9a9053
      79a97b2e
    • Soby Mathew's avatar
      Demonstrate model for routing IRQs to EL3 · f4f1ae77
      Soby Mathew authored
      This patch provides an option to specify a interrupt routing model
      where non-secure interrupts (IRQs) are routed to EL3 instead of S-EL1.
      When such an interrupt occurs, the TSPD arranges a return to
      the normal world after saving any necessary context. The interrupt
      routing model to route IRQs to EL3 is enabled only during STD SMC
      processing. Thus the pre-emption of S-EL1 is disabled during Fast SMC
      and Secure Interrupt processing.
      
      A new build option TSPD_ROUTE_NS_INT_EL3 is introduced to change
      the non secure interrupt target execution level to EL3.
      
      Fixes ARM-software/tf-issues#225
      
      Change-Id: Ia1e779fbbb6d627091e665c73fa6315637cfdd32
      f4f1ae77
    • Soby Mathew's avatar
      Increment the PSCI VERSION to 1.0 · e8ca7d1e
      Soby Mathew authored
      This patch:
      
         * Bumps the PSCI VERSION to 1.0. This means that
           the PSCI_VERSION API will now return the value 0x00010000
           to indicate the version as 1.0. The firmware remains
           compatible with PSCI v0.2 clients.
      
         * The firmware design guide is updated to document the
           APIs supported by the Trusted Firmware generic code.
      
         * The FVP Device Tree Sources (dts) and Blobs(dtb) are also
           updated to add "psci-1.0" and "psci-0.2" to the list of
           compatible PSCI versions.
      
      Change-Id: Iafc2f549c92651dcd65d7e24a8aae35790d00f8a
      e8ca7d1e
    • Juan Castillo's avatar
      FVP: Allow BL3-2 to sit in the secure region of DRAM · 513dd3a0
      Juan Castillo authored
      This patch allows the secure payload (BL3-2) to be loaded in the
      DRAM region secured by the TrustZone controller (top 16 MB of DRAM1).
      
      The location of BL3-2 can be selected at build time by setting the
      build flag FVP_TSP_RAM_LOCATION to one of the following options:
      
        - 'tsram' : Trusted SRAM (this is the default option)
        - 'tdram' : Trusted DRAM
        - 'dram'  : Secure region in DRAM1 (top 16MB configured by the
                    TrustZone controller)
      
      The number of MMU tables in BL3-2 depends on its location in
      memory: 3 in case it is loaded in DRAM, 2 otherwise.
      
      Documentation updated accordingly.
      
      Fixes ARM-software/tf-issues#212
      
      Change-Id: I371eef3a4159f06a0c9e3c6c1f4c905b2f93803a
      513dd3a0
  20. 23 Jan, 2015 2 commits
    • Soby Mathew's avatar
      Validate power_state and entrypoint when executing PSCI calls · 539dcedb
      Soby Mathew authored
      This patch allows the platform to validate the power_state and
      entrypoint information from the normal world early on in PSCI
      calls so that we can return the error safely. New optional
      pm_ops hooks `validate_power_state` and `validate_ns_entrypoint`
      are introduced to do this.
      
      As a result of these changes, all the other pm_ops handlers except
      the PSCI_ON handler are expected to be successful. Also, the PSCI
      implementation will now assert if a PSCI API is invoked without the
      corresponding pm_ops handler being registered by the platform.
      
      NOTE : PLATFORM PORTS WILL BREAK ON MERGE OF THIS COMMIT. The
      pm hooks have 2 additional optional callbacks and the return type
      of the other hooks have changed.
      
      Fixes ARM-Software/tf-issues#229
      
      Change-Id: I036bc0cff2349187c7b8b687b9ee0620aa7e24dc
      539dcedb
    • Soby Mathew's avatar
      Remove `ns_entrypoint` and `mpidr` from parameters in pm_ops · e146f4cc
      Soby Mathew authored
      This patch removes the non-secure entry point information being passed
      to the platform pm_ops which is not needed. Also, it removes the `mpidr`
      parameter for  platform pm hooks which are meant to do power management
      operations only on the current cpu.
      
      NOTE: PLATFORM PORTS MUST BE UPDATED AFTER MERGING THIS COMMIT.
      
      Change-Id: If632376a990b7f3b355f910e78771884bf6b12e7
      e146f4cc
  21. 22 Jan, 2015 1 commit
    • Soby Mathew's avatar
      Remove coherent memory from the BL memory maps · ab8707e6
      Soby Mathew authored
      This patch extends the build option `USE_COHERENT_MEMORY` to
      conditionally remove coherent memory from the memory maps of
      all boot loader stages. The patch also adds necessary
      documentation for coherent memory removal in firmware-design,
      porting and user guides.
      
      Fixes ARM-Software/tf-issues#106
      
      Change-Id: I260e8768c6a5c2efc402f5804a80657d8ce38773
      ab8707e6
  22. 12 Jan, 2015 2 commits
    • Juan Castillo's avatar
      Fix reset to BL3-1 instructions in user guide, part 3 · b04fb94a
      Juan Castillo authored
      Patch 20d51cad moved the shared data page from the top of the
      Trusted SRAM to the bottom, changing the load addresses of BL3-1
      and BL3-2.
      
      This patch updates BL3-1 and BL3-2 addresses in the instructions
      to run the Trusted Firmware on FVP using BL3-1 as reset vector.
      
      This patch is similar to but distinct from bfb1dd51 and 7ea4c437.
      
      Change-Id: I6b467f9a82360a5e2181db99fea881487de52704
      b04fb94a
    • Juan Castillo's avatar
      Juno: Add support for image overlaying in Trusted SRAM · 1217d28d
      Juan Castillo authored
      This patch allows the BL3-1 NOBITS section to overlap the BL1 R/W
      section since the former will always be used after the latter.
      Similarly, the BL3-2 NOBITS section can overlay the BL2 image
      when BL3-2 is loaded in Trusted SRAM.
      
      Due to the current size of the images, there is no actual overlap.
      Nevertheless, this reorganization may help to optimise the Trusted
      SRAM usage when the images size grows.
      
      Note that because BL3-1 NOBITS section is allowed to overlap the
      BL1 R/W section, BL1 global variables will remain valid only until
      execution reaches the BL3-1 entry point during a cold boot.
      
      Documentation updated accordingly.
      
      Fixes ARM-software/tf-issues#254
      
      Change-Id: Id538f4d1c7f1f7858108280fd7b97e138572b879
      1217d28d
  23. 09 Jan, 2015 1 commit
    • Sandrine Bailleux's avatar
      User Guide: Enable secure memory on Foundation FVP · c451b538
      Sandrine Bailleux authored
      Previously, the User Guide recommended launching the Foundation
      FVP with the parameter --no-secure-memory, which disabled security
      control of the address map. This was due to missing support for
      secure memory regions in v1 of the Foundation FVP. This is no longer
      needed as secure memory is now supported on the Foundation FVP.
      
      This patch updates the User Guide to recommend enabling secure
      memory instead.
      
      Change-Id: Ifae53c10ff6e1c7c6724af20e05a3d3a88f6a5ad
      c451b538
  24. 07 Jan, 2015 1 commit
  25. 06 Jan, 2015 1 commit
    • Juan Castillo's avatar
      Specify FIP filename at build time · 7f48fab9
      Juan Castillo authored
      This patch allows to define the name of the FIP at build time by
      defining the FIP_NAME variable. If FIP_NAME is not defined, default
      name 'fip.bin' is used.
      
      Documentation updated accordingly.
      
      Change-Id: Ic41f42aac379b0c958b3dfd02863ba8ba7108710
      7f48fab9