1. 28 Jun, 2017 1 commit
  2. 22 Jun, 2017 1 commit
    • dp-arm's avatar
      aarch64: Enable Statistical Profiling Extensions for lower ELs · d832aee9
      dp-arm authored
      
      
      SPE is only supported in non-secure state.  Accesses to SPE specific
      registers from SEL1 will trap to EL3.  During a world switch, before
      `TTBR` is modified the SPE profiling buffers are drained.  This is to
      avoid a potential invalid memory access in SEL1.
      
      SPE is architecturally specified only for AArch64.
      
      Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      d832aee9
  3. 21 Jun, 2017 1 commit
    • David Cunado's avatar
      Fully initialise essential control registers · 18f2efd6
      David Cunado authored
      
      
      This patch updates the el3_arch_init_common macro so that it fully
      initialises essential control registers rather then relying on hardware
      to set the reset values.
      
      The context management functions are also updated to fully initialise
      the appropriate control registers when initialising the non-secure and
      secure context structures and when preparing to leave EL3 for a lower
      EL.
      
      This gives better alignement with the ARM ARM which states that software
      must initialise RES0 and RES1 fields with 0 / 1.
      
      This patch also corrects the following typos:
      
      "NASCR definitions" -> "NSACR definitions"
      
      Change-Id: Ia8940b8351dc27bc09e2138b011e249655041cfc
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      18f2efd6
  4. 12 Jun, 2017 2 commits
  5. 07 Jun, 2017 1 commit
  6. 05 Jun, 2017 1 commit
    • Soby Mathew's avatar
      CSS: Add SCMI driver for SCP · c04a3b6c
      Soby Mathew authored
      
      
      This patch adds the SCMI driver for communicating with SCP. The power
      domain management and system power management protocol of the SCMI
      specification[1] is implemented in the driver. The SCP power management
      abstraction layer for SCMI for CSS power management is also added.
      
      A new buid option `CSS_USE_SCMI_DRIVER` is introduced to select SCMI
      driver over SCPI.
      
      [1] ARM System Control and Management Interface v1.0 (SCMI)
      Document number: ARM DEN 0056A
      
      Change-Id: I67265615a17e679a2afe810b9b0043711ba09dbb
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      c04a3b6c
  7. 02 Jun, 2017 1 commit
  8. 01 Jun, 2017 4 commits
    • Antonio Nino Diaz's avatar
      FWU: Introduce FWU_SMC_IMAGE_RESET · 9d6fc3c3
      Antonio Nino Diaz authored
      
      
      This SMC is as a means for the image loading state machine to go from
      COPYING, COPIED or AUTHENTICATED states to RESET state. Previously, this
      was only done when the authentication of an image failed or when the
      execution of the image finished.
      
      Documentation updated.
      
      Change-Id: Ida6d4c65017f83ae5e27465ec36f54499c6534d9
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      9d6fc3c3
    • Antonio Nino Diaz's avatar
      FWU: Check for overlaps when loading images · 128daee2
      Antonio Nino Diaz authored
      
      
      Added checks to FWU_SMC_IMAGE_COPY to prevent loading data into a
      memory region where another image data is already loaded.
      
      Without this check, if two images are configured to be loaded in
      overlapping memory regions, one of them can be loaded and
      authenticated and the copy function is still able to load data from
      the second image on top of the first one. Since the first image is
      still in authenticated state, it can be executed, which could lead to
      the execution of unauthenticated arbitrary code of the second image.
      
      Firmware update documentation updated.
      
      Change-Id: Ib6871e569794c8e610a5ea59fe162ff5dcec526c
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      128daee2
    • Antonio Nino Diaz's avatar
      Remove `DISABLE_PEDANTIC` build option · 79eb1aff
      Antonio Nino Diaz authored
      
      
      It doesn't make sense to use the `-pedantic` flag when building the
      Trusted Firmware as we use GNU extensions and so our code is not
      fully ISO C compliant. This flag only makes sense if the code intends to
      be ISO C compliant.
      
      Change-Id: I6273564112759ff57f03b273f5349733a5f38aef
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      79eb1aff
    • Jeenu Viswambharan's avatar
      Introduce ARM GIC-600 driver · e1c59ab3
      Jeenu Viswambharan authored
      
      
      ARM GIC-600 IP complies with ARM GICv3 architecture, but among others,
      implements a power control register in the Redistributor frame. This
      register must be programmed to mark the frame as powered on, before
      accessing other registers in the frame. Rest of initialization sequence
      remains the same.
      
      The driver provides APIs for Redistributor power management, and
      overrides those in the generic GICv3 driver. The driver data is shared
      between generic GICv3 driver and that of GIC-600.
      
      For FVP platform, the GIC-600 driver is chosen when FVP_USE_GIC_DRIVER
      is set to FVP_GIC600. Also update user guide.
      
      Change-Id: I321b2360728d69f6d4b0a747b2cfcc3fe5a20d67
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      e1c59ab3
  9. 24 May, 2017 3 commits
  10. 23 May, 2017 1 commit
    • Masahiro Yamada's avatar
      cert: move platform_oid.h to include/tools_share for all platforms · bb41eb7a
      Masahiro Yamada authored
      
      
      Platforms aligned with TBBR are supposed to use their own OIDs, but
      defining the same macros with different OIDs does not provide any
      value (at least technically).
      
      For easier use of TBBR, this commit allows platforms to reuse the OIDs
      obtained by ARM Ltd.  This will be useful for non-ARM vendors that
      do not need their own extension fields in their certificate files.
      
      The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h
      
      Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by
      defining USE_TBBR_DEFS as 1.  USE_TBBR_DEFS is 0 by default to keep the
      backward compatibility.
      
      For clarification, I inserted a blank line between headers from the
      include/ directory (#include <...>) and ones from a local directory
      (#include "..." ).
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      bb41eb7a
  11. 19 May, 2017 1 commit
    • David Cunado's avatar
      Migrate to Linaro Release 17.01 · 218888de
      David Cunado authored
      
      
      This Linaro release updates just the binaries:
      
      Linaro binaries upgraded 16.12 --> 17.01
      
      The toolchain remains at 5.3-2015.05 (gcc 5.3) for both AArch64
      and AArch32.
      
      The ARM TF codebase has been tested against these new binaries. This patch
      updates the User Guide to reflect that the 17.01 release is now a supported
      Linaro Release.
      
      Change-Id: I83c579dabd3fa9861ba0d41507036efbd87abcb5
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      218888de
  12. 16 May, 2017 1 commit
    • Antonio Nino Diaz's avatar
      Simplify assert() to reduce memory usage · 0da2fe7e
      Antonio Nino Diaz authored
      
      
      The behaviour of assert() now depends on the value of the new optional
      platform define `PLAT_LOG_LEVEL_ASSERT`. This defaults to `LOG_LEVEL` if
      not defined by the platform.
      
      - If `PLAT_LOG_LEVEL_ASSERT` >= `LOG_LEVEL_VERBOSE`, it prints the file
        name, line and asserted expression.
      - If `PLAT_LOG_LEVEL_ASSERT` >= `LOG_LEVEL_INFO`, it prints the file
        name and line.
      - If not, it doesn't print anything.
      
      Note the old behaviour was to print the function name whereas now it
      prints the file name. This reduces memory usage because the file name is
      shared between all assert calls in a given file. Also, the default
      behaviour in debug builds is to no longer print the asserted expression,
      greatly reducing the string usage.
      
      For FVP debug builds this change saves approximately:
      
                    No TBBR    TBBR
              BL1    1.6 KB   2.2 KB
              BL2    1.7 KB   2.1 KB
              BL31   2.6 KB   3.3 KB
      
      Change-Id: I2947569d593df0b25611dc3c7a6096f42155c115
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      0da2fe7e
  13. 05 May, 2017 1 commit
    • David Cunado's avatar
      Update AEM and Cortex Models versions · b9ecb216
      David Cunado authored
      
      
      AEMv8-A Model release v8.4 has been made available and Trusted Firmware
      has been tested against these versions as part of its CI system. This
      patch updates the user guide documentation to reflect the version of AEM
      and Cortex Models that Trusted Firmware has been tested against.
      
      Additionally, ARM FVPs FVP_Base_Cortex-A57x1-A53x1 and
      FVP_Base_Cortex-A57x2-A53x4 are removed from the list of tested FVPs
      as they are currently not being tested with the latest version of ARM
      Trusted Firmware.
      
      Also, documentation and links to Linaro pages have been updated to
      reflect the changes in the ARM community document hosting.
      
      Change-Id: Idae97303ce0929c82b137017de84ce94678f6f2b
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      b9ecb216
  14. 04 May, 2017 1 commit
    • Jeenu Viswambharan's avatar
      Introduce ARM SiP service to switch execution state · b10d4499
      Jeenu Viswambharan authored
      
      
      In AArch64, privileged exception levels control the execution state
      (a.k.a. register width) of the immediate lower Exception Level; i.e.
      whether the lower exception level executes in AArch64 or AArch32 state.
      For an exception level to have its execution state changed at run time,
      it must request the change by raising a synchronous exception to the
      higher exception level.
      
      This patch implements and adds such a provision to the ARM SiP service,
      by which an immediate lower exception level can request to switch its
      execution state. The execution state is switched if the request is:
      
        - raised from non-secure world;
      
        - raised on the primary CPU, before any secondaries are brought online
          with CPU_ON PSCI call;
      
        - raised from an exception level immediately below EL3: EL2, if
          implemented; otherwise NS EL1.
      
      If successful, the SMC doesn't return to the caller, but to the entry
      point supplied with the call. Otherwise, the caller will observe the SMC
      returning with STATE_SW_E_DENIED code. If ARM Trusted Firmware is built
      for AArch32, the feature is not supported, and the call will always
      fail.
      
      For the ARM SiP service:
      
        - Add SMC function IDs for both AArch32 and AArch64;
        - Increment the SiP service minor version to 2;
        - Adjust the number of supported SiP service calls.
      
      Add documentation for ARM SiP service.
      
      Fixes ARM-software/tf-issues#436
      
      Change-Id: I4347f2d6232e69fbfbe333b340fcd0caed0a4cea
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      b10d4499
  15. 26 Apr, 2017 1 commit
  16. 20 Apr, 2017 1 commit
    • Antonio Nino Diaz's avatar
      Remove build option `ASM_ASSERTION` · 044bb2fa
      Antonio Nino Diaz authored
      
      
      The build option `ENABLE_ASSERTIONS` should be used instead. That way
      both C and ASM assertions can be enabled or disabled together.
      
      All occurrences of `ASM_ASSERTION` in common code and ARM platforms have
      been replaced by `ENABLE_ASSERTIONS`.
      
      ASM_ASSERTION has been removed from the user guide.
      
      Change-Id: I51f1991f11b9b7ff83e787c9a3270c274748ec6f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      044bb2fa
  17. 19 Apr, 2017 3 commits
    • Antonio Nino Diaz's avatar
      Add `ENABLE_ASSERTIONS` build option · cc8b5632
      Antonio Nino Diaz authored
      
      
      Add the new build option `ENABLE_ASSERTIONS` that controls whether or
      not assert functions are compiled out. It defaults to 1 for debug builds
      and to 0 for release builds.
      
      Additionally, a following patch will be done to allow this build option
      to hide auxiliary code used for the checks done in an `assert()`. This
      code is is currently under the DEBUG build flag.
      
      Assert messages are now only printed if LOG_LEVEL >= LOG_LEVEL_INFO,
      which is the default for debug builds.
      
      This patch also updates the User Guide.
      
      Change-Id: I1401530b56bab25561bb0f274529f1d12c5263bc
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      cc8b5632
    • Soby Mathew's avatar
      PSCI: Build option to enable D-Caches early in warmboot · bcc3c49c
      Soby Mathew authored
      
      
      This patch introduces a build option to enable D-cache early on the CPU
      after warm boot. This is applicable for platforms which do not require
      interconnect programming to enable cache coherency (eg: single cluster
      platforms). If this option is enabled, then warm boot path enables
      D-caches immediately after enabling MMU.
      
      Fixes ARM-Software/tf-issues#456
      
      Change-Id: I44c8787d116d7217837ced3bcf0b1d3441c8d80e
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      bcc3c49c
    • Antonio Nino Diaz's avatar
      ARM platforms: Add option to use xlat tables lib v1 · 3b211ff5
      Antonio Nino Diaz authored
      
      
      ARM platforms have migrated to the translation tables library v2.
      However, for testing purposes, it can be useful to temporarily switch
      back to the old version.
      
      This patch introduces the option `ARM_XLAT_TABLES_LIB_V1`, that switches
      to v1 of the library when is set to 1. By default, it is 0, so that ARM
      platforms use the new version unless specifically stated.
      
      Updated User Guide.
      
      Change-Id: I53d3c8dd97706f6af9c6fca0364a88ef341efd31
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      3b211ff5
  18. 31 Mar, 2017 2 commits
    • Douglas Raillard's avatar
      Add support for GCC stack protection · 51faada7
      Douglas Raillard authored
      
      
      Introduce new build option ENABLE_STACK_PROTECTOR. It enables
      compilation of all BL images with one of the GCC -fstack-protector-*
      options.
      
      A new platform function plat_get_stack_protector_canary() is introduced.
      It returns a value that is used to initialize the canary for stack
      corruption detection. Returning a random value will prevent an attacker
      from predicting the value and greatly increase the effectiveness of the
      protection.
      
      A message is printed at the ERROR level when a stack corruption is
      detected.
      
      To be effective, the global data must be stored at an address
      lower than the base of the stacks. Failure to do so would allow an
      attacker to overwrite the canary as part of an attack which would void
      the protection.
      
      FVP implementation of plat_get_stack_protector_canary is weak as
      there is no real source of entropy on the FVP. It therefore relies on a
      timer's value, which could be predictable.
      
      Change-Id: Icaaee96392733b721fa7c86a81d03660d3c1bc06
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      51faada7
    • Antonio Nino Diaz's avatar
      Add and use plat_crash_console_flush() API · 801cf93c
      Antonio Nino Diaz authored
      
      
      This API makes sure that all the characters sent to the crash console
      are output before returning from it.
      
      Porting guide updated.
      
      Change-Id: I1785f970a40f6aacfbe592b6a911b1f249bb2735
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      801cf93c
  19. 29 Mar, 2017 1 commit
    • David Cunado's avatar
      Upgrade mbed TLS version · cfa33e2f
      David Cunado authored
      This patch updates the User Guide to recommend the latest version
      of mbed TLS library to use with ARM Trusted Firmware.
      
       - Upgrade mbed TLS library:   2.2.1 -> 2.4.2
      
      Change-Id: Ifb5386fec0673d6dbfdaa474233e397afc279c85
      cfa33e2f
  20. 27 Mar, 2017 1 commit
    • Summer Qin's avatar
      ARM platforms: Add support for MT bit in MPIDR · d8d6cf24
      Summer Qin authored
      
      
      This patch modifies some of the functions in ARM platform layer to cater
      for the case when multi-threading `MT` is set in MPIDR. A new build flag
      `ARM_PLAT_MT` is added, and when enabled, the functions accessing MPIDR
      now assume that the `MT` bit is set for the platform and access the bit
      fields accordingly.
      
      Also, a new API plat_arm_get_cpu_pe_count is added when `ARM_PLAT_MT` is
      enabled, returning the PE count within the physical cpu corresponding to
      `mpidr`.
      
      Change-Id: I04ccf212ac3054a60882761f4087bae299af13cb
      Signed-off-by: default avatarSummer Qin <summer.qin@arm.com>
      d8d6cf24
  21. 20 Mar, 2017 2 commits
    • dp-arm's avatar
      firmware-design: Fix typo in ToC header flags specification · d34f4f84
      dp-arm authored
      
      
      Fixes ARM-software/tf-issues#463
      
      Change-Id: I73e0c5fbd87004953df8b1fa19319ad562ecc867
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      d34f4f84
    • Andre Przywara's avatar
      Add workaround for ARM Cortex-A53 erratum 855873 · b75dc0e4
      Andre Przywara authored
      
      
      ARM erratum 855873 applies to all Cortex-A53 CPUs.
      The recommended workaround is to promote "data cache clean"
      instructions to "data cache clean and invalidate" instructions.
      For core revisions of r0p3 and later this can be done by setting a bit
      in the CPUACTLR_EL1 register, so that hardware takes care of the promotion.
      As CPUACTLR_EL1 is both IMPLEMENTATION DEFINED and can be trapped to EL3,
      we set the bit in firmware.
      Also we dump this register upon crashing to provide more debug
      information.
      
      Enable the workaround for the Juno boards.
      
      Change-Id: I3840114291958a406574ab6c49b01a9d9847fec8
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      b75dc0e4
  22. 08 Mar, 2017 2 commits
    • Antonio Nino Diaz's avatar
      Apply workaround for errata 813419 of Cortex-A57 · ccbec91c
      Antonio Nino Diaz authored
      
      
      TLBI instructions for EL3 won't have the desired effect under specific
      circumstances in Cortex-A57 r0p0. The workaround is to execute DSB and
      TLBI twice each time.
      
      Even though this errata is only needed in r0p0, the current errata
      framework is not prepared to apply run-time workarounds. The current one
      is always applied if compiled in, regardless of the CPU or its revision.
      
      This errata has been enabled for Juno.
      
      The `DSB` instruction used when initializing the translation tables has
      been changed to `DSB ISH` as an optimization and to be consistent with
      the barriers used for the workaround.
      
      Change-Id: Ifc1d70b79cb5e0d87e90d88d376a59385667d338
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      ccbec91c
    • Antonio Nino Diaz's avatar
      Add dynamic region support to xlat tables lib v2 · 0b64f4ef
      Antonio Nino Diaz authored
      
      
      Added APIs to add and remove regions to the translation tables
      dynamically while the MMU is enabled. Only static regions are allowed
      to overlap other static ones (for backwards compatibility).
      
      A new private attribute (MT_DYNAMIC / MT_STATIC) has been added to
      flag each region as such.
      
      The dynamic mapping functionality can be enabled or disabled when
      compiling by setting the build option PLAT_XLAT_TABLES_DYNAMIC to 1
      or 0. This can be done per-image.
      
      TLB maintenance code during dynamic table mapping and unmapping has
      also been added.
      
      Fixes ARM-software/tf-issues#310
      
      Change-Id: I19e8992005c4292297a382824394490c5387aa3b
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      0b64f4ef
  23. 02 Mar, 2017 3 commits
    • Jeenu Viswambharan's avatar
      PSCI: Optimize call paths if all participants are cache-coherent · b0408e87
      Jeenu Viswambharan authored
      
      
      The current PSCI implementation can apply certain optimizations upon the
      assumption that all PSCI participants are cache-coherent.
      
        - Skip performing cache maintenance during power-up.
      
        - Skip performing cache maintenance during power-down:
      
          At present, on the power-down path, CPU driver disables caches and
          MMU, and performs cache maintenance in preparation for powering down
          the CPU. This means that PSCI must perform additional cache
          maintenance on the extant stack for correct functioning.
      
          If all participating CPUs are cache-coherent, CPU driver would
          neither disable MMU nor perform cache maintenance. The CPU being
          powered down, therefore, remain cache-coherent throughout all PSCI
          call paths. This in turn means that PSCI cache maintenance
          operations are not required during power down.
      
        - Choose spin locks instead of bakery locks:
      
          The current PSCI implementation must synchronize both cache-coherent
          and non-cache-coherent participants. Mutual exclusion primitives are
          not guaranteed to function on non-coherent memory. For this reason,
          the current PSCI implementation had to resort to bakery locks.
      
          If all participants are cache-coherent, the implementation can
          enable MMU and data caches early, and substitute bakery locks for
          spin locks. Spin locks make use of architectural mutual exclusion
          primitives, and are lighter and faster.
      
      The optimizations are applied when HW_ASSISTED_COHERENCY build option is
      enabled, as it's expected that all PSCI participants are cache-coherent
      in those systems.
      
      Change-Id: Iac51c3ed318ea7e2120f6b6a46fd2db2eae46ede
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      b0408e87
    • Jeenu Viswambharan's avatar
      build: Define build option for hardware-assisted coherency · 3c251af3
      Jeenu Viswambharan authored
      
      
      The boolean build option HW_ASSISTED_COHERENCY is introduced to enable
      various optimizations in ARM Trusted Software, when built for such
      systems. It's set to 0 by default.
      
      Change-Id: I638390da6e1718fe024dcf5b402e07084f1eb014
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      3c251af3
    • Summer Qin's avatar
      Update LOAD_IMAGE_V2 user guide documentation · 7334e5c7
      Summer Qin authored
      
      
      Now the TRUSTED_BOARD_BOOT is supported for AArch64 when LOAD_IMAGE_V2
      is enabled. This patch updates the user-guide.md documentation for the
      same.
      
      Change-Id: I97de07435c81258c2a5f41a30a69736863a10bd1
      Signed-off-by: default avatarSummer Qin <summer.qin@arm.com>
      7334e5c7
  24. 28 Feb, 2017 1 commit
  25. 23 Feb, 2017 1 commit
  26. 22 Feb, 2017 2 commits
    • Varun Wadekar's avatar
      Tegra: init normal/crash console for platforms · e1084216
      Varun Wadekar authored
      
      
      The BL2 fills in the UART controller ID to be used as the normal as
      well as the crash console on Tegra platforms. The controller ID to
      UART controller base address mapping is handled by each Tegra SoC
      the base addresses might change across Tegra chips.
      
      This patch adds the handler to parse the platform params to get the
      UART ID for the per-soc handlers.
      
      Change-Id: I4d167b20a59aaf52a31e2a8edf94d8d6f89598fa
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      e1084216
    • Varun Wadekar's avatar
      Tegra: add tzdram_base to plat_params_from_bl2 struct · e0d4158c
      Varun Wadekar authored
      
      
      This patch adds another member, tzdram_base, to the plat_params_from_bl2 struct
      in order to store the TZDRAM carveout base address used to load the Trusted OS.
      The monitor programs the memory controller with the TZDRAM base and size in order
      to deny any accesses from the NS world.
      
      Change-Id: If39b8674d548175d7ccb6525c18d196ae8a8506c
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      e0d4158c