1. 26 Jan, 2015 1 commit
    • Soby Mathew's avatar
      Demonstrate model for routing IRQs to EL3 · f4f1ae77
      Soby Mathew authored
      This patch provides an option to specify a interrupt routing model
      where non-secure interrupts (IRQs) are routed to EL3 instead of S-EL1.
      When such an interrupt occurs, the TSPD arranges a return to
      the normal world after saving any necessary context. The interrupt
      routing model to route IRQs to EL3 is enabled only during STD SMC
      processing. Thus the pre-emption of S-EL1 is disabled during Fast SMC
      and Secure Interrupt processing.
      
      A new build option TSPD_ROUTE_NS_INT_EL3 is introduced to change
      the non secure interrupt target execution level to EL3.
      
      Fixes ARM-software/tf-issues#225
      
      Change-Id: Ia1e779fbbb6d627091e665c73fa6315637cfdd32
      f4f1ae77
  2. 22 Jan, 2015 1 commit
    • Soby Mathew's avatar
      Remove coherent memory from the BL memory maps · ab8707e6
      Soby Mathew authored
      This patch extends the build option `USE_COHERENT_MEMORY` to
      conditionally remove coherent memory from the memory maps of
      all boot loader stages. The patch also adds necessary
      documentation for coherent memory removal in firmware-design,
      porting and user guides.
      
      Fixes ARM-Software/tf-issues#106
      
      Change-Id: I260e8768c6a5c2efc402f5804a80657d8ce38773
      ab8707e6
  3. 12 Jan, 2015 1 commit
    • Juan Castillo's avatar
      Fix reset to BL3-1 instructions in user guide, part 3 · b04fb94a
      Juan Castillo authored
      Patch 20d51cad moved the shared data page from the top of the
      Trusted SRAM to the bottom, changing the load addresses of BL3-1
      and BL3-2.
      
      This patch updates BL3-1 and BL3-2 addresses in the instructions
      to run the Trusted Firmware on FVP using BL3-1 as reset vector.
      
      This patch is similar to but distinct from bfb1dd51 and 7ea4c437.
      
      Change-Id: I6b467f9a82360a5e2181db99fea881487de52704
      b04fb94a
  4. 09 Jan, 2015 1 commit
    • Sandrine Bailleux's avatar
      User Guide: Enable secure memory on Foundation FVP · c451b538
      Sandrine Bailleux authored
      Previously, the User Guide recommended launching the Foundation
      FVP with the parameter --no-secure-memory, which disabled security
      control of the address map. This was due to missing support for
      secure memory regions in v1 of the Foundation FVP. This is no longer
      needed as secure memory is now supported on the Foundation FVP.
      
      This patch updates the User Guide to recommend enabling secure
      memory instead.
      
      Change-Id: Ifae53c10ff6e1c7c6724af20e05a3d3a88f6a5ad
      c451b538
  5. 07 Jan, 2015 1 commit
  6. 06 Jan, 2015 1 commit
    • Juan Castillo's avatar
      Specify FIP filename at build time · 7f48fab9
      Juan Castillo authored
      This patch allows to define the name of the FIP at build time by
      defining the FIP_NAME variable. If FIP_NAME is not defined, default
      name 'fip.bin' is used.
      
      Documentation updated accordingly.
      
      Change-Id: Ic41f42aac379b0c958b3dfd02863ba8ba7108710
      7f48fab9
  7. 22 Oct, 2014 1 commit
    • Juan Castillo's avatar
      FVP: keep shared data in Trusted SRAM · 20d51cad
      Juan Castillo authored
      This patch deprecates the build option to relocate the shared data
      into Trusted DRAM in FVP. After this change, shared data is always
      located at the base of Trusted SRAM. This reduces the complexity
      of the memory map and the number of combinations in the build
      options.
      
      Fixes ARM-software/tf-issues#257
      
      Change-Id: I68426472567b9d8c6d22d8884cb816f6b61bcbd3
      20d51cad
  8. 14 Oct, 2014 1 commit
    • Juan Castillo's avatar
      Juno: Reserve some DDR-DRAM for secure use · 740134e6
      Juan Castillo authored
      This patch configures the TrustZone Controller in Juno to split
      the 2GB DDR-DRAM memory at 0x80000000 into Secure and Non-Secure
      regions:
      
      - Secure DDR-DRAM: top 16 MB, except for the last 2 MB which are
        used by the SCP for DDR retraining
      - Non-Secure DDR-DRAM: remaining DRAM starting at base address
      
      Build option PLAT_TSP_LOCATION selects the location of the secure
      payload (BL3-2):
      
      - 'tsram' : Trusted SRAM (default option)
      - 'dram'  : Secure region in the DDR-DRAM (set by the TrustZone
                  controller)
      
      The MMU memory map has been updated to give BL2 permission to load
      BL3-2 into the DDR-DRAM secure region.
      
      Fixes ARM-software/tf-issues#233
      
      Change-Id: I6843fc32ef90aadd3ea6ac4c7f314f8ecbd5d07b
      740134e6
  9. 16 Sep, 2014 1 commit
    • Soby Mathew's avatar
      Add support for specifying pre-built BL binaries in Makefile · 27713fb4
      Soby Mathew authored
      This patch adds support for supplying pre-built BL binaries for BL2,
      BL3-1 and BL3-2 during trusted firmware build. Specifying BLx = <path_to_BLx>
      in the build command line, where 'x' is any one of BL2, BL3-1 or BL3-2, will
      skip building that BL stage from source and include the specified binary in
      final fip image.
      
      This patch also makes BL3-3 binary for FIP optional depending on the
      value of 'NEED_BL33' flag which is defined by the platform.
      
      Fixes ARM-software/tf-issues#244
      Fixes ARM-software/tf-issues#245
      
      Change-Id: I3ebe1d4901f8b857e8bb51372290978a3323bfe7
      27713fb4
  10. 28 Aug, 2014 1 commit
    • Dan Handley's avatar
      Fix minor issues in user guide · d78baf25
      Dan Handley authored
      *   Fix broken link to SCP download.
      
      *   Remove requirement to install `ia32-libs`. This package is no
          longer available in current versions of Ubuntu and is no
          longer required when using the Linaro toolchain.
      
      Change-Id: I9823d535a1d69136685754b7707b73e1eef0978d
      d78baf25
  11. 27 Aug, 2014 3 commits
    • Sandrine Bailleux's avatar
      Miscellaneous documentation fixes · 44804252
      Sandrine Bailleux authored
      
      
      This patch gathers miscellaneous minor fixes to the documentation, and comments
      in the source code.
      
      Change-Id: I631e3dda5abafa2d90f464edaee069a1e58b751b
      Co-Authored-By: default avatarSoby Mathew <soby.mathew@arm.com>
      Co-Authored-By: default avatarDan Handley <dan.handley@arm.com>
      44804252
    • Juan Castillo's avatar
      Add Juno instructions to user guide · d14e0acf
      Juan Castillo authored
      This patch makes the Trusted Firmware build instructions in the
      user guide platform independent.
      
      FVP specific instructions have been grouped together under a new
      section dedicated to FVP.
      
      Juno specific instructions to build and run the Trusted Firmware,
      UEFI and Linux have been added.
      
      Change-Id: I9bfb1b9d732b1f73abbe29f68ac931e1773a4fd5
      d14e0acf
    • Dan Handley's avatar
      Fix reset to BL3-1 instructions in user guide, part 2 · 7ea4c437
      Dan Handley authored
      Fix the instructions for resetting to the BL3-1 entrypoint in the
      user guide. The BL3-1 and BL3-2 image locations changed in the fix
      to ARM-software/tf-issues#100 (commit 186c1d4b). This is distinct
      from the similar issue fixed in commit bfb1dd51.
      
      Also clarify the dependence on the FVP_SHARED_DATA_LOCATION and
      FVP_TSP_RAM_LOCATION build options, and tidy up the "Notes
      regarding Base FVP configuration options" section.
      
      Change-Id: I6b03452a71f0c69efa169852712bcb184242696e
      7ea4c437
  12. 21 Aug, 2014 1 commit
  13. 14 Aug, 2014 1 commit
    • Juan Castillo's avatar
      FVP: make usage of Trusted DRAM optional at build time · 186c1d4b
      Juan Castillo authored
      This patch groups the current contents of the Trusted DRAM region at
      address 0x00_0600_0000 (entrypoint mailboxes and BL3-1 parameters) in
      a single shared memory area that may be allocated to Trusted SRAM
      (default) or Trusted DRAM at build time by setting the
      FVP_SHARED_DATA_LOCATION make variable. The size of this shared
      memory is 4096 bytes.
      
      The combination 'Shared data in Trusted SRAM + TSP in Trusted DRAM'
      is not currently supported due to restrictions in the maximum number
      of mmu tables that can be created.
      
      Documentation has been updated to reflect these changes.
      
      Fixes ARM-software/tf-issues#100
      
      Change-Id: I26ff04d33ce4cacf8d770d1a1e24132b4fc53ff0
      186c1d4b
  14. 13 Aug, 2014 1 commit
    • Dan Handley's avatar
      Fix reset to BL3-1 instructions in user guide · bfb1dd51
      Dan Handley authored
      Fix the instructions for resetting to the BL3-1 entrypoint in the
      user guide. The BL3-1 and BL3-2 image locations changed in the fix
      to ARM-software/tf-issues#117 (commit a1b6db6c).
      
      Fixes ARM-software/tf-issues#237
      
      Change-Id: I764eb17c66034511efb984c0e7cfda29bd99198f
      bfb1dd51
  15. 12 Aug, 2014 2 commits
    • Dan Handley's avatar
      Add concept of console output log levels · 289c28a8
      Dan Handley authored
      Create new LOG_LEVEL build option, which controls the amount of
      console output compiled into the build. This should be one of the
      following:
      
          0  (LOG_LEVEL_NONE)
          10 (LOG_LEVEL_NOTICE)
          20 (LOG_LEVEL_ERROR)
          30 (LOG_LEVEL_WARNING)
          40 (LOG_LEVEL_INFO)
          50 (LOG_LEVEL_VERBOSE)
      
      All log output up to and including the log level is compiled into the
      build. The default value is 40 in debug builds and 20 in release
      builds.
      
      Complement the existing INFO, WARN and ERROR console output macros
      with NOTICE and VERBOSE macros, which are conditionally compiled in
      depending on the value of LOG_LEVEL.
      
      Fixes ARM-software/tf-issues#232
      
      Change-Id: I951e2f333e7b90fc4b1060741d9a6db699d5aa72
      289c28a8
    • Juan Castillo's avatar
      FVP: apply new naming conventions to memory regions · 637ebd2e
      Juan Castillo authored
      Secure ROM at address 0x0000_0000 is defined as FVP_TRUSTED_ROM
      Secure RAM at address 0x0400_0000 is defined as FVP_TRUSTED_SRAM
      Secure RAM at address 0x0600_0000 is defined as FVP_TRUSTED_DRAM
      
      BLn_BASE and BLn_LIMIT definitions have been updated and are based on
      these new memory regions.
      
      The available memory for each bootloader in the linker script is
      defined by BLn_BASE and BLn_LIMIT, instead of the complete memory
      region.
      
      TZROM_BASE/SIZE and TZRAM_BASE/SIZE are no longer required as part of
      the platform porting.
      
      FVP common definitions are defined in fvp_def.h while platform_def.h
      contains exclusively (with a few exceptions) the definitions that are
      mandatory in the porting guide. Therefore, platform_def.h now includes
      fvp_def.h instead of the other way around.
      
      Porting guide has been updated to reflect these changes.
      
      Change-Id: I39a6088eb611fc4a347db0db4b8f1f0417dbab05
      637ebd2e
  16. 07 Aug, 2014 1 commit
    • Juan Castillo's avatar
      Move up to Linaro 14.07 toolchain · 752b05b0
      Juan Castillo authored
      Tests show a slight reduction in code size compared to 13.11.
      
      User guide updated.
      
      Fixes ARM-software/tf-issues#207
      
      Change-Id: I9b80a5d7820cdfd443cac4d4b63f925b74a8c3a3
      752b05b0
  17. 01 Aug, 2014 1 commit
    • Vikram Kanigiri's avatar
      Support asynchronous method for BL3-2 initialization · faaa2e76
      Vikram Kanigiri authored
      This patch adds support for BL3-2 initialization by asynchronous
      method where BL3-1 transfers control to BL3-2 using world switch.
      After BL3-2 initialization, it transfers control to BL3-3 via SPD
      service handler. The SPD service handler initializes the CPU context
      to BL3-3 entrypoint depending on the return function indentifier from
      TSP initialization.
      
      Fixes ARM-software/TF-issues#184
      
      Change-Id: I7b135c2ceeb356d3bb5b6a287932e96ac67c7a34
      faaa2e76
  18. 28 Jul, 2014 1 commit
    • Soby Mathew's avatar
      Implement an assert() callable from assembly code · bc920128
      Soby Mathew authored
      The patch implements a macro ASM_ASSERT() which can
      be invoked from assembly code. When assertion happens,
      file name and line number of the check is written
      to the crash console.
      
      Fixes ARM-software/tf-issues#95
      
      Change-Id: I6f905a068e1c0fa4f746d723f18df60daaa00a86
      bc920128
  19. 10 Jul, 2014 1 commit
    • Sandrine Bailleux's avatar
      Add support for BL3-0 image · 93d81d64
      Sandrine Bailleux authored
       - Add support for loading a BL3-0 image in BL2. Information about
         memory extents is populated by platform-specific code. Subsequent
         handling of BL3-0 is also platform specific.
         The BL2 main function has been broken down to improve readability.
         The BL3-2 image is now loaded before the BL3-3 image to align with
         the boot flow.
      
       - Build system: Add support for specifying a BL3-0 image that will be
         included into the FIP image.
      
       - IO FIP driver: Add support for identifying a BL3-0 image inside a
         FIP image.
      
       - Update the documentation to reflect the above changes.
      
      Change-Id: I067c184afd52ccaa86569f13664757570c86fc48
      93d81d64
  20. 09 Jul, 2014 1 commit
    • Dan Handley's avatar
      Refactor fvp gic code to be a generic driver · 1e8c5c4f
      Dan Handley authored
      Refactor the FVP gic code in plat/fvp/fvp_gic.c to be a generic ARM
      GIC driver in drivers/arm/gic/arm_gic.c. Provide the platform
      specific inputs in the arm_gic_setup() function so that the driver
      has no explicit dependency on platform code.
      
      Provide weak implementations of the platform interrupt controller
      API in a new file, plat/common/plat_gic.c. These simply call through
      to the ARM GIC driver.
      
      Move the only remaining FVP GIC function, fvp_gic_init() to
      plat/fvp/aarch64/fvp_common.c and remove plat/fvp/fvp_gic.c
      
      Fixes ARM-software/tf-issues#182
      
      Change-Id: Iea82fe095fad62dd33ba9efbddd48c57717edd21
      1e8c5c4f
  21. 11 Jun, 2014 1 commit
    • Andrew Thoelke's avatar
      Make the BL3-1 crash reporting optional · 9c22b323
      Andrew Thoelke authored
      This patch makes the console crash dump of processor register
      state optional based on the CRASH_REPORTING make variable.
      
      This defaults to only being enabled for DEBUG builds. This can
      be overridden by setting a different value in the platform
      makefile or on the make command line.
      
      Change-Id: Icfa1b2d7ff0145cf0a85e8ad732f9cee7e7e993f
      9c22b323
  22. 03 Jun, 2014 2 commits
  23. 22 May, 2014 4 commits
    • Achin Gupta's avatar
      Introduce interrupt handling framework in BL3-1 · dce74b89
      Achin Gupta authored
      This patch adds a common handler for FIQ and IRQ exceptions in the
      BL3-1 runtime exception vector table. This function determines the
      interrupt type and calls its handler. A crash is reported if an
      inconsistency in the interrupt management framework is detected. In
      the event of a spurious interrupt, execution resumes from the
      instruction where the interrupt was generated.
      
      This patch also removes 'cm_macros.S' as its contents have been moved
      to 'runtime_exceptions.S'
      
      Change-Id: I3c85ecf8eaf43a3fac429b119ed0bd706d2e2093
      dce74b89
    • Achin Gupta's avatar
      Introduce interrupt registration framework in BL3-1 · e1333f75
      Achin Gupta authored
      This patch introduces a framework for registering interrupts routed to
      EL3. The interrupt routing model is governed by the SCR_EL3.IRQ and
      FIQ bits and the security state an interrupt is generated in. The
      framework recognizes three type of interrupts depending upon which
      exception level and security state they should be handled in
      i.e. Secure EL1 interrupts, Non-secure interrupts and EL3
      interrupts. It provides an API and macros that allow a runtime service
      to register an handler for a type of interrupt and specify the routing
      model. The framework validates the routing model and uses the context
      management framework to ensure that it is applied to the SCR_EL3 prior
      to entry into the target security state. It saves the handler in
      internal data structures. An API is provided to retrieve the handler
      when an interrupt of a particular type is asserted. Registration is
      expected to be done once by the primary CPU. The same handler and
      routing model is used for all CPUs.
      
      Support for EL3 interrupts will be added to the framework in the
      future. A makefile flag has been added to allow the FVP port choose
      between ARM GIC v2 and v3 support in EL3. The latter version is
      currently unsupported.
      
      A framework for handling interrupts in BL3-1 will be introduced in
      subsequent patches. The default routing model in the absence of any
      handlers expects no interrupts to be routed to EL3.
      
      Change-Id: Idf7c023b34fcd4800a5980f2bef85e4b5c29e649
      e1333f75
    • Sandrine Bailleux's avatar
      Doc: Add the "Building the Test Secure Payload" section · f860e2cf
      Sandrine Bailleux authored
      Add a section in the user guide explaining how to compile the TSP
      image and include it into the FIP. This includes instructions to make
      the TSP run from Trusted DRAM (rather than Trusted SRAM) on FVP.
      
      Change-Id: I04780757a149eeb5482a12a61e821be947b882c0
      f860e2cf
    • Juan Castillo's avatar
      Reserve some DDR DRAM for secure use on FVP platforms · 364daf93
      Juan Castillo authored
      TZC-400 is configured to set the last 16MB of DRAM1 as secure memory and
      the rest of DRAM as non-secure. Non-secure software must not attempt to
      access the 16MB secure area.
      
      Device tree files (sources and binaries) have been updated to match this
      configuration, removing that memory from the Linux physical memory map.
      
      To use UEFI and Linux with this patch, the latest version of UEFI and
      the updated device tree files are required. Check the user guide in the
      documentation for more details.
      
      Replaced magic numbers with #define for memory region definition in the
      platform security initialization function.
      
      Fixes ARM-software/tf-issues#149
      
      Change-Id: Ia5d070244aae6c5288ea0e6c8e89d92859522bfe
      364daf93
  24. 16 May, 2014 2 commits
    • Jeenu Viswambharan's avatar
      Add build configuration for timer save/restore · 2da8d8bf
      Jeenu Viswambharan authored
      At present, non-secure timer register contents are saved and restored as
      part of world switch by BL3-1. This effectively means that the
      non-secure timer stops, and non-secure timer interrupts are prevented
      from asserting until BL3-1 switches back, introducing latency for
      non-secure services. Often, secure world might depend on alternate
      sources for secure interrupts (secure timer or platform timer) instead
      of non-secure timers, in which case this save and restore is
      unnecessary.
      
      This patch introduces a boolean build-time configuration NS_TIMER_SWITCH
      to choose whether or not to save and restore non-secure timer registers
      upon world switch. The default choice is made not to save and restore
      them.
      
      Fixes ARM-software/tf-issues#148
      
      Change-Id: I1b9d623606acb9797c3e0b02fb5ec7c0a414f37e
      2da8d8bf
    • Jeenu Viswambharan's avatar
      Document summary of build options in user guide · c3c1e9b0
      Jeenu Viswambharan authored
      Change-Id: I6bd077955bf3780168a874705974bbe72ea0f5f1
      c3c1e9b0
  25. 24 Apr, 2014 1 commit
  26. 05 Mar, 2014 1 commit
    • Jon Medhurst's avatar
      Enable platforms to omit some bootloaders · 4bfc2d21
      Jon Medhurst authored
      
      
      If a platform doesn't specify a BLx_SOURCE variable, then building
      of the corresponding bootloader isn't attempted. Also allow BL3-3 to
      be omitted from the FIP.
      
      Note, this change also removes support for PLAT=all and the 'fip' target
      from the 'all' recipe.
      
      Fixes ARM-software/tf-issues#30
      
      Change-Id: Ibdfead0440256eaf364617ecff65290ca6fe6240
      Signed-off-by: default avatarJon Medhurst <tixy@linaro.org>
      4bfc2d21
  27. 28 Feb, 2014 2 commits
    • Dan Handley's avatar
      Separate firmware design out of user-guide.md · 247f60bc
      Dan Handley authored
      Move the firmware design documentation out of user-guide.md
      and into a new file - firmware-design.md. Reformat the
      section headers.
      
      Change-Id: I664815dd47011c7c1cf2202aa4472a8fd78ebb92
      247f60bc
    • Dan Handley's avatar
      Update versions of dependencies in user-guide.md · 3505c044
      Dan Handley authored
      1. Update user-guide.md with the latest versions of dependent
      components required by the tested configurations of ARM Trusted
      Firmware. This includes the tested versions of Fixed Virtual
      Platforms (FVPs), toolchain, EFI Development Kit 2(EDK2),
      Linux kernel and Linux file system.
      
      2. Remove the instructions to configure the Cortex Base FVP
      with the legacy GICv2 memory map as this is no longer supported
      since version 5.3 of the Base FVPs.
      
      3. General tidyup of "Using the software" section.
      
      Change-Id: If8264cd29036b59dc5ff435b5f8b1d072dd36ef0
      3505c044
  28. 20 Feb, 2014 3 commits
    • Achin Gupta's avatar
      Add support for BL3-2 in BL3-1 · 35ca3511
      Achin Gupta authored
      This patch adds the following support to the BL3-1 stage:
      
      1. BL3-1 allows runtime services to specify and determine the security
         state of the next image after BL3-1. This has been done by adding
         the `bl31_set_next_image_type()` & `bl31_get_next_image_type()`
         apis. The default security state is non-secure. The platform api
         `bl31_get_next_image_info()` has been modified to let the platform
         decide which is the next image in the desired security state.
      
      2. BL3-1 exports the `bl31_prepare_next_image_entry()` function to
         program entry into the target security state. It uses the apis
         introduced in 1. to do so.
      
      3. BL3-1 reads the information populated by BL2 about the BL3-2 image
         into its internal data structures.
      
      4. BL3-1 introduces a weakly defined reference `bl32_init()` to allow
         initialisation of a BL3-2 image. A runtime service like the Secure
         payload dispatcher will define this function if present.
      
      Change-Id: Icc46dcdb9e475ce6575dd3f9a5dc7a48a83d21d1
      35ca3511
    • Achin Gupta's avatar
      Add support for BL3-2 in BL2 · a3050ed5
      Achin Gupta authored
      
      
      This patch adds support for loading a BL3-2 image in BL2. In case a
      BL3-2 image is found, it also passes information to BL3-1 about where it
      is located and the extents of memory available to it. Information about
      memory extents is populated by platform specific code.
      
      The documentation has also been updated to reflect the above changes.
      
      Change-Id: I526b2efb80babebab1318f2b02e319a86d6758b0
      Co-authored-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      a3050ed5
    • Achin Gupta's avatar
      Rework BL2 to BL3-1 hand over interface · e4d084ea
      Achin Gupta authored
      This patch reworks BL2 to BL3-1 hand over interface by introducing a
      composite structure (bl31_args) that holds the superset of information
      that needs to be passed from BL2 to BL3-1.
      
        - The extents of secure memory available to BL3-1
        - The extents of memory available to BL3-2 (not yet implemented) and
          BL3-3
        - Information to execute BL3-2 (not yet implemented) and BL3-3 images
      
      This patch also introduces a new platform API (bl2_get_bl31_args_ptr)
      that needs to be implemented by the platform code to export reference to
      bl31_args structure which has been allocated in platform-defined memory.
      
      The platform will initialize the extents of memory available to BL3-3
      during early platform setup in bl31_args structure. This obviates the
      need for bl2_get_ns_mem_layout platform API.
      
      BL2 calls the bl2_get_bl31_args_ptr function to get a reference to
      bl31_args structure. It uses the 'bl33_meminfo' field of this structure
      to load the BL3-3 image. It sets the entry point information for the
      BL3-3 image in the 'bl33_image_info' field of this structure. The
      reference to this structure is passed to the BL3-1 image.
      
      Also fixes issue ARM-software/tf-issues#25
      
      Change-Id: Ic36426196dd5ebf89e60ff42643bed01b3500517
      e4d084ea
  29. 17 Feb, 2014 1 commit