1. 12 Feb, 2018 1 commit
  2. 01 Feb, 2018 3 commits
    • Masahiro Yamada's avatar
      Build: change the first parameter of TOOL_ADD_IMG to lowercase · 33950dd8
      Masahiro Yamada authored
      
      
      In the next commit, I need the image name in lowercase because
      output files are generally named in lowercase.
      
      Unfortunately, TOOL_ADD_IMG takes the first argument in uppercase
      since we generally use uppercase Make variables.
      
      make_helpers/build_macros.mk provides 'uppercase' macro to convert
      a string into uppercase, but 'lowercase' does not exist.  We can
      implement it if we like, but it would be more straightforward to
      change the argument of TOOL_ADD_IMG.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      33950dd8
    • Masahiro Yamada's avatar
      Build: rename FIP_ADD_IMG to TOOL_ADD_IMG · c939d13a
      Masahiro Yamada authored
      
      
      Now FIP_ADD_IMG takes care of both fiptool and cert_create
      symmetrically.  Rename it so that it matches the behavior.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      c939d13a
    • Masahiro Yamada's avatar
      Build: merge build macros between FIP_ and FWU_FIP_ · 1dc0714f
      Masahiro Yamada authored
      
      
      The build system supports generating two FIP images, fip and fwu_fip.
      Accordingly, we have similar build macros.
      
         FIP_ADD_PAYLOAD   <-->  FWU_FIP_ADD_PAYLOAD
         CERT_ADD_CMD_OPT  <-->  FWU_CERT_ADD_CMD_OPT
         FIP_ADD_IMG       <-->  FWU_FIP_ADD_IMG
      
      The duplicated code increases the maintenance burden.  Also, the build
      rule of BL2U looks clumsy - we want to call MAKE_BL to compile it from
      source files, but we want to put it in fwu_fip.  We can not do it in a
      single macro call since the current MAKE_BL does not support fwu_fip.
      
      To refactor those in a clean way is to support one more argument to
      specify the FIP prefix.  If it is empty, the images are targeted to
      fip, whereas if the argument is "FWU_", targeted to fwu_fip.
      
      The build macros prefixed with FWU_ go away.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      1dc0714f
  3. 18 Jan, 2018 1 commit
    • Roberto Vargas's avatar
      bl2-el3: Add BL2 at EL3 support in FVP · 81528dbc
      Roberto Vargas authored
      
      
      This patch add supports for the new API added for BL2 at EL3 for
      FVP. We don't have a non-TF Boot ROM for FVP, but this option can be
      tested setting specific parameters in the model.
      
      The bl2 image is loaded directly in memory instead of being loaded
      by a non-TF Boot ROM and the reset address is changed:
      
      	--data cluster0.cpu0=bl2.bin@0x4001000
      	-C cluster0.cpu0.RVBAR=0x4001000
      
      These parameters mean that in the cold boot path the processor will
      jump to BL2 again. For this reason, BL2 is loaded in dram in this
      case, to avoid other images reclaiming BL2 memory.
      
      Change-Id: Ieb2ff8535a9e67ccebcd8c2212cad366e7776422
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      81528dbc
  4. 03 Jan, 2018 1 commit
  5. 19 Dec, 2017 1 commit
  6. 05 Dec, 2017 1 commit
  7. 20 Nov, 2017 1 commit
    • Dimitris Papastamos's avatar
      Refactor Statistical Profiling Extensions implementation · 281a08cc
      Dimitris Papastamos authored
      
      
      Factor out SPE operations in a separate file.  Use the publish
      subscribe framework to drain the SPE buffers before entering secure
      world.  Additionally, enable SPE before entering normal world.
      
      A side effect of this change is that the profiling buffers are now
      only drained when a transition from normal world to secure world
      happens.  Previously they were drained also on return from secure
      world, which is unnecessary as SPE is not supported in S-EL1.
      
      Change-Id: I17582c689b4b525770dbb6db098b3a0b5777b70a
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      281a08cc
  8. 13 Nov, 2017 5 commits
  9. 09 Nov, 2017 1 commit
  10. 01 Nov, 2017 1 commit
  11. 25 Oct, 2017 1 commit
  12. 16 Oct, 2017 2 commits
    • Jeenu Viswambharan's avatar
      ARM platforms: Migrate to using interrupt properties · b2c363b1
      Jeenu Viswambharan authored
      
      
      An earlier patch added provision for the platform to provide secure
      interrupt properties. ARM platforms already has a list of interrupts
      that fall into different secure groups.
      
      This patch defines macros that enumerate interrupt properties in the
      same fashion, and points the driver driver data to a list of interrupt
      properties rather than list of secure interrupts on ARM platforms.  The
      deprecated interrupt list definitions are however retained to support
      legacy builds.
      
      Configuration applied to individual interrupts remain unchanged, so no
      runtime behaviour change expected.
      
      NOTE: Platforms that use the arm/common function
      plat_arm_gic_driver_init() must replace their PLAT_ARM_G1S_IRQS and
      PLAT_ARM_G0_IRQS macro definitions with PLAT_ARM_G1S_IRQ_PROPS and
      PLAT_ARM_G0_IRQ_PROPS macros respectively, using the provided
      INTR_PROP_DESC macro.
      
      Change-Id: I24d643b83e3333753a3ba97d4b6fb71e16bb0952
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      b2c363b1
    • Jeenu Viswambharan's avatar
      ARM platforms: supply per-PE target mask array · dea417cd
      Jeenu Viswambharan authored
      
      
      Call the GICv2 driver API to initialise per-PE target mask.
      
      Change-Id: Idc7eb0d906a5379f4c05917af05c90613057ab97
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      dea417cd
  13. 11 Oct, 2017 2 commits
    • Soby Mathew's avatar
      ARM platforms: enable GICv3 state save/restore · e35a3fb5
      Soby Mathew authored
      
      
      Provides GICv3 save/restore feature to arm_system_pwr_domain_resume and
      arm_system_pwr_domain_save functions.
      
      Introduce FVP PSCI power level 3 (System level) support. This is solely
      done to provide example code on how to use the GICv3 save and restore
      helpers.
      
      Also make CSS GICv3 platforms power off the Redistributor on SYSTEM
      SUSPEND as its state is saved and restored.
      
      Change-Id: I0d852f3af8824edee1a17c085cf593ddd33a4e77
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      Co-Authored-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      e35a3fb5
    • Soby Mathew's avatar
      ARM platforms: Add support for EL3 TZC memory region · a22dffc6
      Soby Mathew authored
      
      
      Some recent enhancements to EL3 runtime firmware like support for
      save and restoring GICv3 register context during system_suspend
      necessitates additional data memory for the firmware. This patch
      introduces support for creating a TZC secured DDR carveout for use
      by ARM reference platforms. A new linker section `el3_tzc_dram` is
      created using platform supplied linker script and data marked with
      the attribute `arm_el3_tzc_dram` will be placed in this section.
      The FVP makefile now defines the `PLAT_EXTRA_LD_SCRIPT` variable to
      allow inclusion of the platform linker script by the top level BL31
      linker script.
      
      Change-Id: I0e7f4a75a6ac51419c667875ff2677043df1585d
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      a22dffc6
  14. 25 Sep, 2017 2 commits
    • Roberto Vargas's avatar
      mem_protect: Add DRAM2 to the list of mem protected ranges · b09ba056
      Roberto Vargas authored
      
      
      On ARM platforms, the maximum size of the address space is limited
      to 32-bits as defined in arm_def.h. In order to access DRAM2, which
      is defined beyond the 32-bit address space, the maximum address space
      is increased to 36-bits in AArch64. It is possible to increase the
      virtual space for AArch32, but it is more difficult and not supported
      for now.
      
      NOTE - the actual maximum memory address space is platform dependent
      and is checked at run-time by querying the PARange field in the
      ID_AA64MMFR0_EL1 register.
      
      Change-Id: I6cb05c78a63b1fed96db9a9773faca04a5b93d67
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      b09ba056
    • Roberto Vargas's avatar
      mem_protect: Add mem_protect support in Juno and FVP for DRAM1 · f145403c
      Roberto Vargas authored
      
      
      mem_protect needs some kind of non-volatile memory because it has
      to remember its state across reset and power down events.
      The most suitable electronic part for this feature is a NVRAM
      which should be only accesible from the secure world. Juno and
      FVP lack such hardware and for this reason the MEM_PROTECT
      functionality is implemented with Flash EEPROM memory on both
      boards, even though this memory is accesible from the non-secure
      world. This is done only to show a full implementation of
      these PSCI features, but an actual system shouldn't use a
      non-secure NVRAM to implement it.
      
      The EL3 runtime software will write the mem_protect flag and BL2
      will read and clear the memory ranges if enabled. It is done in
      BL2 because it reduces the time that TF needs access to the full
      non-secure memory.
      
      The memory layout of both boards is defined using macros which
      take different values in Juno and FVP platforms. Generic platform
      helpers are added that use the platform specific macros to generate
      a mem_region_t that is valid for the platform.
      
      Change-Id: I2c6818ac091a2966fa07a52c5ddf8f6fde4941e9
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      f145403c
  15. 06 Sep, 2017 1 commit
    • Soby Mathew's avatar
      CSS: Changes for SDS framework · 18e279eb
      Soby Mathew authored
      
      
      This patch does the required changes to enable CSS platforms
      to build and use the SDS framework. Since SDS is always coupled with
      SCMI protocol, the preexisting SCMI build flag is now renamed to
      `CSS_USE_SCMI_SDS_DRIVER` which will enable both SCMI and SDS on
      CSS platforms. Also some of the workarounds applied for SCMI are
      now removed with SDS in place.
      
      Change-Id: I94e8b93f05e3fe95e475c5501c25bec052588a9c
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      18e279eb
  16. 31 Aug, 2017 1 commit
    • Soby Mathew's avatar
      Export KEY_ALG as a user build option · 2091755c
      Soby Mathew authored
      
      
      The `KEY_ALG` variable is used to select the algorithm for key
      generation by `cert_create` tool for signing the certificates. This
      variable was previously undocumented and did not have a global default
      value. This patch corrects this and also adds changes to derive the
      value of `TF_MBEDTLS_KEY_ALG` based on `KEY_ALG` if it not set by the
      platform. The corresponding assignment of these variables are also now
      removed from the `arm_common.mk` makefile.
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      Change-Id: I78e2d6f4fc04ed5ad35ce2266118afb63127a5a4
      2091755c
  17. 09 Aug, 2017 2 commits
    • Summer Qin's avatar
      Add Trusted OS extra image parsing support for ARM standard platforms · 54661cd2
      Summer Qin authored
      
      
      Trusted OS may have extra images to be loaded. Load them one by one
      and do the parsing. In this patch, ARM TF need to load up to 3 images
      for optee os: header, pager and paged images. Header image is the info
      about optee os and images. Pager image include pager code and data.
      Paged image include the paging parts using virtual memory.
      
      Change-Id: Ia3bcfa6d8a3ed7850deb5729654daca7b00be394
      Signed-off-by: default avatarSummer Qin <summer.qin@arm.com>
      54661cd2
    • Summer Qin's avatar
      Support Trusted OS firmware extra images in TF tools · 71fb3964
      Summer Qin authored
      
      
      Since Trusted OS firmware may have extra images, need to
      assign new uuid and image id for them.
      The TBBR chain of trust has been extended to add support
      for the new images within the existing Trusted OS firmware
      content certificate.
      
      Change-Id: I678dac7ba1137e85c5779b05e0c4331134c10e06
      Signed-off-by: default avatarSummer Qin <summer.qin@arm.com>
      71fb3964
  18. 01 Aug, 2017 1 commit
    • Jeenu Viswambharan's avatar
      FVP: Add support for multi-threaded CPUs · 11ad8f20
      Jeenu Viswambharan authored
      
      
      ARM CPUs with multi-threading implementation has more than one
      Processing Element in a single physical CPU. Such an implementation will
      reflect the following changes in the MPIDR register:
      
        - The MT bit set;
      
        - Affinity levels pertaining to cluster and CPUs occupy one level
          higher than in a single-threaded implementation, and the lowest
          affinity level pertains to hardware threads. MPIDR affinity level
          fields essentially appear shifted to left than otherwise.
      
      The FVP port henceforth assumes that both properties above to be
      concomitant on a given FVP platform.
      
      To accommodate for varied MPIDR formats at run time, this patch
      re-implements the FVP platform-specific functions that translates MPIDR
      values to a linear indices, along with required validation. The same
      treatment is applied for GICv3 MPIDR hashing function as well.
      
      An FVP-specific build option FVP_MAX_PE_PER_CPU is introduced which
      specifies the maximum number of threads implemented per CPU. For
      backwards compatibility, its value defaults to 1.
      
      Change-Id: I729b00d3e121d16ce9a03de4f9db36dfac580e3f
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      11ad8f20
  19. 14 Jul, 2017 1 commit
  20. 28 Jun, 2017 1 commit
    • Soby Mathew's avatar
      ARM plat changes to enable CryptoCell integration · e60f2af9
      Soby Mathew authored
      
      
      This patch makes the necessary changes to enable ARM platform to
      successfully integrate CryptoCell during Trusted Board Boot. The
      changes are as follows:
      
      * A new build option `ARM_CRYPTOCELL_INTEG` is introduced to select
        the CryptoCell crypto driver for Trusted Board boot.
      
      * The TrustZone filter settings for Non Secure DRAM is modified
        to allow CryptoCell to read this memory. This is required to
        authenticate BL33 which is loaded into the Non Secure DDR.
      
      * The CSS platforms are modified to use coherent stacks in BL1 and BL2
        when CryptoCell crypto is selected. This is because CryptoCell makes
        use of DMA to transfer data and the CryptoCell SBROM library allocates
        buffers on the stack during signature/hash verification.
      
      Change-Id: I1e6f6dcd1899784f1edeabfa2a9f279bbfb90e31
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      e60f2af9
  21. 22 Jun, 2017 1 commit
    • dp-arm's avatar
      aarch64: Enable Statistical Profiling Extensions for lower ELs · d832aee9
      dp-arm authored
      
      
      SPE is only supported in non-secure state.  Accesses to SPE specific
      registers from SEL1 will trap to EL3.  During a world switch, before
      `TTBR` is modified the SPE profiling buffers are drained.  This is to
      avoid a potential invalid memory access in SEL1.
      
      SPE is architecturally specified only for AArch64.
      
      Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      d832aee9
  22. 20 Jun, 2017 1 commit
  23. 24 May, 2017 3 commits
  24. 23 May, 2017 1 commit
  25. 15 May, 2017 1 commit
  26. 12 May, 2017 1 commit
  27. 11 May, 2017 1 commit
  28. 04 May, 2017 1 commit
    • Jeenu Viswambharan's avatar
      Introduce ARM SiP service to switch execution state · b10d4499
      Jeenu Viswambharan authored
      
      
      In AArch64, privileged exception levels control the execution state
      (a.k.a. register width) of the immediate lower Exception Level; i.e.
      whether the lower exception level executes in AArch64 or AArch32 state.
      For an exception level to have its execution state changed at run time,
      it must request the change by raising a synchronous exception to the
      higher exception level.
      
      This patch implements and adds such a provision to the ARM SiP service,
      by which an immediate lower exception level can request to switch its
      execution state. The execution state is switched if the request is:
      
        - raised from non-secure world;
      
        - raised on the primary CPU, before any secondaries are brought online
          with CPU_ON PSCI call;
      
        - raised from an exception level immediately below EL3: EL2, if
          implemented; otherwise NS EL1.
      
      If successful, the SMC doesn't return to the caller, but to the entry
      point supplied with the call. Otherwise, the caller will observe the SMC
      returning with STATE_SW_E_DENIED code. If ARM Trusted Firmware is built
      for AArch32, the feature is not supported, and the call will always
      fail.
      
      For the ARM SiP service:
      
        - Add SMC function IDs for both AArch32 and AArch64;
        - Increment the SiP service minor version to 2;
        - Adjust the number of supported SiP service calls.
      
      Add documentation for ARM SiP service.
      
      Fixes ARM-software/tf-issues#436
      
      Change-Id: I4347f2d6232e69fbfbe333b340fcd0caed0a4cea
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      b10d4499