- 22 Feb, 2017 2 commits
-
-
Varun Wadekar authored
This patch converts the common SiP handler to SoC specific SiP handler. T210 and T132 have different SiP SMCs and so it makes sense to move the SiP handler to soc/t132 and soc/t210 folders. Change-Id: Idfe48384d63641137d74a095432df4724986b241 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
The Flow Controller hardware block is not present across all Tegra SoCs, hence include the driver files from SoC specific makefiles. T132/T210 are the SoCs which include this hardware block while future SoCs have removed it. Change-Id: Iaca25766a4fa51567293d10cf14dae968b0fae80 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 20 Feb, 2017 4 commits
- 16 Feb, 2017 5 commits
-
-
Antonio Nino Diaz authored
This reverts commit b621fb50 . Because of the Trusted Firmware design, timing-safe functions are not needed. Using them may be misleading as it could be interpreted as being a protection against private data leakage, which isn't the case here. For each image, the SHA-256 hash is calculated. Some padding is appended and the result is encrypted with a private key using RSA-2048. This is the signature of the image. The public key is stored along with BL1 in read-only memory and the encrypted hash is stored in the FIP. When authenticating an image, the TF decrypts the hash stored in the FIP and recalculates the hash of the image. If they don't match, the boot sequence won't continue. A constant-time comparison does not provide additional security as all the data involved in this process is already known to any attacker. There is no private data that can leaked through a timing attack when authenticating an image. `timingsafe_bcmp()` is kept in the codebase because it could be useful in the future. Change-Id: I44bdcd58faa586a050cc89447e38c142508c9888 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
davidcunado-arm authored
Use DC ZVA instruction to zero memory
-
davidcunado-arm authored
Fix minor issues found by cppcheck
-
davidcunado-arm authored
Migrate to Linaro Release 16.12
-
davidcunado-arm authored
Makefile: use git describe for BUILD_STRING
-
- 15 Feb, 2017 2 commits
-
-
dp-arm authored
On Juno, the secure privileged invasive debug authentication signal (SPIDEN) is controlled by board SCC registers, which by default enable SPIDEN. Disable secure privileged external debug in release builds by programming the appropriate Juno SoC registers. Change-Id: I61045f09a47dc647bbe95e1b7a60e768f5499f49 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
dp-arm authored
Trusted Firmware currently has no support for secure self-hosted debug. To avoid unexpected exceptions, disable software debug exceptions, other than software breakpoint instruction exceptions, from all exception levels in secure state. This applies to both AArch32 and AArch64 EL3 initialization. Change-Id: Id097e54a6bbcd0ca6a2be930df5d860d8d09e777 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 14 Feb, 2017 4 commits
-
-
dp-arm authored
cppcheck highlighted variables that were initialized but then later reassigned. Change-Id: Ie12742c01fd3bf48b2d6c05a3b448da91d57a2e4 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
Jeenu Viswambharan authored
The memmap IO driver doesn't perform bounds check when reading, writing, or seeking. The onus to vet parameters is on the caller, and this patch asserts that: - non-negative size is specified for for backing memory; - valid parameters are passed into the driver for read, write and seek operations. Change-Id: I6518c4065817e640e9e7e39a8a4577655f2680f7 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
The ARMv8v.1 architecture extension has introduced support for far atomics, which includes compare-and-swap. Compare and Swap instruction is only available for AArch64. Introduce build options to choose the architecture versions to target ARM Trusted Firmware: - ARM_ARCH_MAJOR: selects the major version of target ARM Architecture. Default value is 8. - ARM_ARCH_MINOR: selects the minor version of target ARM Architecture. Default value is 0. When: (ARM_ARCH_MAJOR > 8) || ((ARM_ARCH_MAJOR == 8) && (ARM_ARCH_MINOR >= 1)), for AArch64, Compare and Swap instruction is used to implement spin locks. Otherwise, the implementation falls back to using load-/store-exclusive instructions. Update user guide, and introduce a section in Firmware Design guide to summarize support for features introduced in ARMv8 Architecture Extensions. Change-Id: I73096a0039502f7aef9ec6ab3ae36680da033f16 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
davidcunado-arm authored
Bug fix and cleanup of cert_create tool
-
- 13 Feb, 2017 6 commits
-
-
davidcunado-arm authored
Fiptool cleanup
-
David Cunado authored
This Linaro release updates both the binaries and the toolchain: Linaro binaries upgraded 16.06 --> 16.12 AArch64 compiler upgraded 15.05 (gcc 4.9) --> 5.3-2015.05 (gcc 5.3) AArch32 compiler upgraded 15.05 (gcc 4.9) --> 5.3-2015.05 (gcc 5.3) The ARM TF codebase has been tested against these new binaries. This patch updates the User Guide to reflect that the 16.12 release is now a supported Linaro Release. Change-Id: I6247e820f591df7d05df4f622ee45a3abf2c2d72 Signed-off-by: David Cunado <david.cunado@arm.com>
-
davidcunado-arm authored
Decouple PSCI stat residency calculation from PMF
-
dp-arm authored
Perform stat accounting for retention/standby states also when requested at multiple power levels. Change-Id: I2c495ea7cdff8619bde323fb641cd84408eb5762 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
dp-arm authored
This patch introduces the following three platform interfaces: * void plat_psci_stat_accounting_start(const psci_power_state_t *state_info) This is an optional hook that platforms can implement in order to perform accounting before entering a low power state. This typically involves capturing a timestamp. * void plat_psci_stat_accounting_stop(const psci_power_state_t *state_info) This is an optional hook that platforms can implement in order to perform accounting after exiting from a low power state. This typically involves capturing a timestamp. * u_register_t plat_psci_stat_get_residency(unsigned int lvl, const psci_power_state_t *state_info, unsigned int last_cpu_index) This is an optional hook that platforms can implement in order to calculate the PSCI stat residency. If any of these interfaces are overridden by the platform, it is recommended that all of them are. By default `ENABLE_PSCI_STAT` is disabled. If `ENABLE_PSCI_STAT` is set but `ENABLE_PMF` is not set then an alternative PSCI stat collection backend must be provided. If both are set, then default weak definitions of these functions are provided, using PMF to calculate the residency. NOTE: Previously, platforms did not have to explicitly set `ENABLE_PMF` since this was automatically done by the top-level Makefile. Change-Id: I17b47804dea68c77bc284df15ee1ccd66bc4b79b Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
davidcunado-arm authored
Update AEM and Cortex Models versions
-
- 11 Feb, 2017 6 commits
-
-
Masahiro Yamada authored
These functions are defined above any calls. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
We should follow the Linux coding style, which is clearly stated in the docs/user-guide.mk: When making changes to the source for submission to the project, the source must be in compliance with the Linux style guide and Documentation/process/coding-style.rst of Linux Kernel says: The limit on the length of lines is 80 columns and this is a strongly preferred limit. [ snip ] However, never break user-visible strings such as printk messages, because that breaks the ability to grep for them. The strings for printf() are user-visible, and can exceed the 80 column limit. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The strings in usage functions are sent to stdout by printf(), but some new lines are sent to stderr by fputc(..., stderr). This inconsistency will break the usage format when users re-direct stdout or stderr. Just use printf() for consistency. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
These variables store return values of functions. Remove all of meaningless initializers. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The ext_new_nvcounter() function calls i2d_ASN1_INTEGER() twice; the first call to get the return value "sz", and the second one for writing data into the buffer. This is actually redundant. We can do both by one function call. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
In the current code, both key_load() and key_create() call key_new() to allocate a key container (and they do not free it even if they fail). If a specific key is not given by the command option, key_load() fails, then key_create() is called. At this point, the key container that has been allocated in key_load() is still alive, and it is overwritten by a new key container created by key_create(). Move the key_new() call to the main() function to make sure it is called just once for each descriptor. While we are here, let's fix one more bug; the error handling code ERROR("Malloc error while loading '%s'\n", keys[i].fn); is wrong because keys[i].fn is NULL pointer unless a specific key is given by the command option. This code could be run in either case. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 10 Feb, 2017 1 commit
-
-
David Cunado authored
AEMv8-A Model release v8.2 has been made available and Trusted Firmware has been tested against these versions as part of its CI system. This patch updates the user guide documentation to reflect the version of AEM and Cortex Models that Trusted Firmware has been tested against. Also, the Linaro Release Notes link was broken and this patch updates the link. Change-Id: I88729cef909a69fff629036f480fd6168ad7dc9a Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 07 Feb, 2017 1 commit
-
-
danh-arm authored
zynqmp: remove RESET_TO_BL31=1 from build instruction
-
- 06 Feb, 2017 5 commits
-
-
Douglas Raillard authored
Replace all use of memset by zeromem when zeroing moderately-sized structure by applying the following transformation: memset(x, 0, sizeof(x)) => zeromem(x, sizeof(x)) As the Trusted Firmware is compiled with -ffreestanding, it forbids the compiler from using __builtin_memset and forces it to generate calls to the slow memset implementation. Zeromem is a near drop in replacement for this use case, with a more efficient implementation on both AArch32 and AArch64. Change-Id: Ia7f3a90e888b96d056881be09f0b4d65b41aa79e Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
Douglas Raillard authored
Introduce zeromem_dczva function on AArch64 that can handle unaligned addresses and make use of DC ZVA instruction to zero a whole block at a time. This zeroing takes place directly in the cache to speed it up without doing external memory access. Remove the zeromem16 function on AArch64 and replace it with an alias to zeromem. This zeromem16 function is now deprecated. Remove the 16-bytes alignment constraint on __BSS_START__ in firmware-design.md as it is now not mandatory anymore (it used to comply with zeromem16 requirements). Change the 16-bytes alignment constraints in SP min's linker script to a 8-bytes alignment constraint as the AArch32 zeromem implementation is now more efficient on 8-bytes aligned addresses. Introduce zero_normalmem and zeromem helpers in platform agnostic header that are implemented this way: * AArch32: * zero_normalmem: zero using usual data access * zeromem: alias for zero_normalmem * AArch64: * zero_normalmem: zero normal memory using DC ZVA instruction (needs MMU enabled) * zeromem: zero using usual data access Usage guidelines: in most cases, zero_normalmem should be preferred. There are 2 scenarios where zeromem (or memset) must be used instead: * Code that must run with MMU disabled (which means all memory is considered device memory for data accesses). * Code that fills device memory with null bytes. Optionally, the following rule can be applied if performance is important: * Code zeroing small areas (few bytes) that are not secrets should use memset to take advantage of compiler optimizations. Note: Code zeroing security-related critical information should use zero_normalmem/zeromem instead of memset to avoid removal by compilers' optimizations in some cases or misbehaving versions of GCC. Fixes ARM-software/tf-issues#408 Change-Id: Iafd9663fc1070413c3e1904e54091cf60effaa82 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
danh-arm authored
gitignore: ignore GNU GLOBAL tag files
-
danh-arm authored
PMF: Fixup PMF constants
-
Masahiro Yamada authored
RESET_TO_BL31=1 is specified by plat/xilinx/zynqmp/platform.mk with "override" directive. So, RESET_TO_BL31=1 is guaranteed without any operation on users' side. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 03 Feb, 2017 2 commits
-
-
Masahiro Yamada authored
GNU GLOBAL (https://www.gnu.org/software/global/ ) is source code tagging system. It creates 4 tag files (GTAGS, GRTAGS, GSYMS and GPATH) for the symbol cross-reference. Ignore them. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
Currently, the BUILD_STRING is just 7-digits git hash. It is true we can identify which version is running, but we can not get a quick idea about how new or old it is. The command "git describe" provides us a bit more useful information in the format of: (tag-name)-(number of commits on top the tag)-g(7 digits hash) I added some options: --always Make "git describe" work without any tag in case the upstream ATF is cloned, but all the tags are locally dropped. --tags Use any tag instead of only annotated tags. In ATF, only some tags are annotated, actually the last annotated tag is "v0.2", whereas we are on "v1.3" tag now. This option is needed to get something like v1.3-233-gbcc2bf09 instead of v0.2-1713-gbcc2bf09. --dirty The mark "-dirty" is appended if the source tree is locally modified. With this commit, the welcome string NOTICE: BL1: v1.3(debug):bcc2bf09 will become like follows: NOTICE: BL1: v1.3(debug):v1.3-233-gbcc2bf09 -dirty While we are here, let's add "2> /dev/null" as well to silently ignore any error message from git. We should not assume that users always work in a git repository; the ATF might be released in a tarball form instead of a git repository. In such a case, the git command will fail, then the ugly message "fatal: Not a git ..." will be displayed during the build: $ make CROSS_COMPILE=aarch64-linux-gnu- fatal: Not a git repository (or any of the parent directories): .git Building fvp CC drivers/io/io_semihosting.c CC lib/semihosting/semihosting.c ... Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 02 Feb, 2017 1 commit
-
-
dp-arm authored
`PMF_ARM_TIF_IMPL_ID` should be set to 0x41. The code already left shifts it by 24 bit positions so this was overflowing. This fixes a build error with GCC 6.2 when `ENABLE_RUNTIME_INSTRUMENTATION` is set. Change-Id: I4c99d48ea7ce3d76e9edd1325b1979994db2c0fb Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 31 Jan, 2017 1 commit
-
-
danh-arm authored
Errata printing infrastructure
-