1. 12 Jan, 2017 1 commit
  2. 10 Jan, 2017 1 commit
  3. 30 Dec, 2016 1 commit
    • dp-arm's avatar
      fiptool: Add support for operating on binary blobs using the UUID · fcab6bbe
      dp-arm authored
      
      
      Previously, fiptool only understood a fixed set of images as
      specified in tbbr_config.c.  It preserved unknown images during
      the update, unpack and remove operations but it was not possible to
      explicitly refer to one of those unknown images.
      
      Add a new --blob option to create/update/unpack/remove images that
      are not known at compile time.  This is accomplished by specifying
      the UUID and filename pair as shown below:
      
      $ ./fiptool create --blob uuid=01234567-89ab-cdef-0123-456789abcdef,file=foo.bin fip.bin
      $ ./fiptool info fip.bin
      01234567-89ab-cdef-0123-456789abcdef: offset=0x60, size=0x1AA68
      
      Fixes ARM-software/tf-issues#420
      
      Change-Id: Iaac2504b9a4252289c09e73d29645cbe240f3a82
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      fcab6bbe
  4. 23 Dec, 2016 1 commit
    • Douglas Raillard's avatar
      Abort preempted TSP STD SMC after PSCI CPU suspend · 3df6012a
      Douglas Raillard authored
      
      
      Standard SMC requests that are handled in the secure-world by the Secure
      Payload can be preempted by interrupts that must be handled in the
      normal world. When the TSP is preempted the secure context is stored and
      control is passed to the normal world to handle the non-secure
      interrupt. Once completed the preempted secure context is restored. When
      restoring the preempted context, the dispatcher assumes that the TSP
      preempted context is still stored as the SECURE context by the context
      management library.
      
      However, PSCI power management operations causes synchronous entry into
      TSP. This overwrites the preempted SECURE context in the context
      management library. When restoring back the SECURE context, the Secure
      Payload crashes because this context is not the preempted context
      anymore.
      
      This patch avoids corruption of the preempted SECURE context by aborting
      any preempted SMC during PSCI power management calls. The
      abort_std_smc_entry hook of the TSP is called when aborting the SMC
      request.
      
      It also exposes this feature as a FAST SMC callable from normal world to
      abort preempted SMC with FID TSP_FID_ABORT.
      
      Change-Id: I7a70347e9293f47d87b5de20484b4ffefb56b770
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      3df6012a
  5. 20 Dec, 2016 2 commits
  6. 19 Dec, 2016 1 commit
  7. 15 Dec, 2016 4 commits
    • Jeenu Viswambharan's avatar
      Add provision to extend CPU operations at more levels · 5dd9dbb5
      Jeenu Viswambharan authored
      
      
      Various CPU drivers in ARM Trusted Firmware register functions to handle
      power-down operations. At present, separate functions are registered to
      power down individual cores and clusters.
      
      This scheme operates on the basis of core and cluster, and doesn't cater
      for extending the hierarchy for power-down operations. For example,
      future CPUs might support multiple threads which might need powering
      down individually.
      
      This patch therefore reworks the CPU operations framework to allow for
      registering power down handlers on specific level basis. Henceforth:
      
        - Generic code invokes CPU power down operations by the level
          required.
      
        - CPU drivers explicitly mention CPU_NO_RESET_FUNC when the CPU has no
          reset function.
      
        - CPU drivers register power down handlers as a list: a mandatory
          handler for level 0, and optional handlers for higher levels.
      
      All existing CPU drivers are adapted to the new CPU operations framework
      without needing any functional changes within.
      
      Also update firmware design guide.
      
      Change-Id: I1826842d37a9e60a9e85fdcee7b4b8f6bc1ad043
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      5dd9dbb5
    • dp-arm's avatar
      tbbr: Fix updating of Non-Trusted NV counter · d35dee23
      dp-arm authored
      
      
      The previous code required that a certificate be signed with the ROT
      key before the platform's NV counter could be updated with the value
      in the certificate.  This implies that the Non-Trusted NV counter was
      not being updated for Non-Trusted content certificates, as they cannot
      be signed with the ROT key in the TBBR CoT scheme.
      
      The code is reworked to only allow updating the platform's Trusted NV
      counter when a certificate protected by the Trusted NV counter is
      signed with the ROT key.
      
      Content certificates protected by the Non-Trusted NV counter are
      allowed to update the platform's Non-Trusted NV counter, assuming
      that the certificate value is higher than the platform's value.
      
      A new optional platform API has been introduced, named
      plat_set_nv_ctr2().  Platforms may choose to implement it and perform
      additional checks based on the authentication image descriptor before
      modifying the NV counters.  A default weak implementation is available
      that just calls into plat_set_nv_ctr().
      
      Fixes ARM-software/tf-issues#426
      
      Change-Id: I4fc978fd28a3007bc0cef972ff1f69ad0413b79c
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      d35dee23
    • Jeenu Viswambharan's avatar
      Introduce ARM platform APIs for GICv3 Redistributor · d17b953a
      Jeenu Viswambharan authored
      
      
      As with other ARM platform GIC APIs, these directly invoke the GICv3
      driver APIs for Redistributor power management.
      
      For the sake of uniform GIC API, empty stubs are placed for those GIC
      drivers that lack Redistributor component.
      
      Change-Id: Iad0d760d4dbca790998f7768cda621ff3b15a864
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      d17b953a
    • Jeenu Viswambharan's avatar
      GICv3: Introduce power management APIs for Redistributor · d780699b
      Jeenu Viswambharan authored
      
      
      Some GICv3 implementations have provision for power management
      operations at Redistributor level. This patch introduces and provides
      place-holders for Redistributor power management. The default
      implementations are empty stubs, but are weakly bound so as to enable
      implementation-specific drivers to override them.
      
      Change-Id: I4fec1358693d3603ca5dce242a2f7f0e730516d8
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      d780699b
  8. 14 Dec, 2016 3 commits
  9. 13 Dec, 2016 3 commits
    • Antonio Nino Diaz's avatar
      ARM platforms: Replace address space size defines · e60e74bd
      Antonio Nino Diaz authored
      
      
      The now deprecated ADDR_SPACE_SIZE has been replaced by the two
      defines PLAT_PHY_ADDR_SPACE_SIZE and PLAT_VIRT_ADDR_SPACE_SIZE.
      
      Change-Id: I027a2f02f47ab2f679b8979a6dbfb0f08270a1a4
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      e60e74bd
    • Antonio Nino Diaz's avatar
      Add PLAT_xxx_ADDR_SPACE_SIZE definitions · 0029624f
      Antonio Nino Diaz authored
      
      
      Added the definitions `PLAT_PHY_ADDR_SPACE_SIZE` and
      `PLAT_VIRT_ADDR_SPACE_SIZE` which specify respectively the physical
      and virtual address space size a platform can use.
      
      `ADDR_SPACE_SIZE` is now deprecated. To maintain compatibility, if any
      of the previous defines aren't present, the value of `ADDR_SPACE_SIZE`
      will be used instead.
      
      For AArch64, register ID_AA64MMFR0_EL1 is checked to calculate the
      max PA supported by the hardware and to verify that the previously
      mentioned definition is valid. For AArch32, a 40 bit physical
      address space is considered.
      
      Added asserts to check for overflows.
      
      Porting guide updated.
      
      Change-Id: Ie8ce1da5967993f0c94dbd4eb9841fc03d5ef8d6
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      0029624f
    • Antonio Nino Diaz's avatar
      Assert correct granularity when mapping a PA · d3d6c6e3
      Antonio Nino Diaz authored
      
      
      Each translation table level entry can only map a given virtual
      address onto physical addresses of the same granularity. For example,
      with the current configuration, a level 2 entry maps blocks of 2 MB,
      so the physical address must be aligned to 2 MB. If the address is not
      aligned, the MMU will just ignore the lower bits.
      
      This patch adds an assertion to make sure that physical addresses are
      always aligned to the correct boundary.
      
      Change-Id: I0ab43df71829d45cdbe323301b3053e08ca99c2c
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      d3d6c6e3
  10. 12 Dec, 2016 1 commit
    • Soby Mathew's avatar
      AArch32: Fix the stack alignment issue · 9f3ee61c
      Soby Mathew authored
      
      
      The AArch32 Procedure call Standard mandates that the stack must be aligned
      to 8 byte boundary at external interfaces. This patch does the required
      changes.
      
      This problem was detected when a crash was encountered in
      `psci_print_power_domain_map()` while printing 64 bit values. Aligning
      the stack to 8 byte boundary resolved the problem.
      
      Fixes ARM-Software/tf-issues#437
      
      Change-Id: I517bd8203601bb88e9311bd36d477fb7b3efb292
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      9f3ee61c
  11. 07 Dec, 2016 2 commits
    • Soby Mathew's avatar
      Allow ARM Standard platforms to dynamically define PSCI capability · 5486a965
      Soby Mathew authored
      
      
      The capabilities exposed by the PSCI generic layer depends on the hooks
      populated by the platform in `plat_arm_psci_pm_ops`. Currently ARM
      Standard platforms statically define this structure. However, some
      platforms may want to modify the hooks at runtime before registering
      them with the generic layer.
      
      This patch introduces a new ARM platform layer API
      `plat_arm_psci_override_pm_ops` which allows the platform to probe
      the power controller and modify `plat_arm_psci_pm_ops` if required.
      Consequently, 'plat_arm_psci_pm_ops' is no longer qualified as
      `const` on ARM Standard platforms.
      
      Change-Id: I7dbb44b7bd36c20ec14ded5ee45a96816ca2ab9d
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      5486a965
    • Soby Mathew's avatar
      Introduce SCP power management abstraction · b12a2b49
      Soby Mathew authored
      
      
      This patch introduces an additional layer of abstraction between
      CSS power management hooks and the SCPI driver. A new set of APIs
      are introduced in order to abstract out power management operations
      from underlying communication mechanism with the SCP.
      
      The SCPI and the associated MHU drivers are moved into a `drivers`
      folder in CSS. The new SCP communication abstraction layer is added
      in the `drivers/scp` folder. The existing CSS power management
      uses the new APIs to reflect this abstraction.
      
      Change-Id: I7d775129fc0558e9703c2724523fb8f0a916838c
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      b12a2b49
  12. 05 Dec, 2016 1 commit
    • Jeenu Viswambharan's avatar
      Define and use no_ret macro where no return is expected · a806dad5
      Jeenu Viswambharan authored
      
      
      There are many instances in ARM Trusted Firmware where control is
      transferred to functions from which return isn't expected. Such jumps
      are made using 'bl' instruction to provide the callee with the location
      from which it was jumped to. Additionally, debuggers infer the caller by
      examining where 'lr' register points to. If a 'bl' of the nature
      described above falls at the end of an assembly function, 'lr' will be
      left pointing to a location outside of the function range. This misleads
      the debugger back trace.
      
      This patch defines a 'no_ret' macro to be used when jumping to functions
      from which return isn't expected. The macro ensures to use 'bl'
      instruction for the jump, and also, for debug builds, places a 'nop'
      instruction immediately thereafter (unless instructed otherwise) so as
      to leave 'lr' pointing within the function range.
      
      Change-Id: Ib34c69fc09197cfd57bc06e147cc8252910e01b0
      Co-authored-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      a806dad5
  13. 01 Dec, 2016 3 commits
    • David Cunado's avatar
      Reset EL2 and EL3 configurable controls · 939f66d6
      David Cunado authored
      
      
      This patch resets EL2 and EL3 registers that have architecturally
      UNKNOWN values on reset and that also provide EL2/EL3 configuration
      and trap controls.
      
      Specifically, the EL2 physical timer is disabled to prevent timer
      interrups into EL2 - CNTHP_CTL_EL2 and CNTHP_CTL for AArch64 and AArch32,
      respectively.
      
      Additionally, for AArch64, HSTR_EL2 is reset to avoid unexpected traps of
      non-secure access to certain system registers at EL1 or lower.
      
      For AArch32, the patch also reverts the reset to SDCR which was
      incorrectly added in a previous change.
      
      Change-Id: If00eaa23afa7dd36a922265194ccd6223187414f
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      939f66d6
    • Qixiang.Xu's avatar
      emmc/sd: for C99 compliance, changed the unsigned char/short bitfield to unsigned int bitfields · 80d4d748
      Qixiang.Xu authored
      
      
      C99 restricts bitfields type is signed and unsigned integer or _Bool.
      See section 6.7.2.1 Structure and union specifiers.
      "A bit-field shall have a type that is a qualified or unqualified version
       of _Bool, signed int, unsigned int, or some other implementation-defined type."
      
      Since the compiler packs bitfields anyways, actual data layout in the structure is unaffected.
      Signed-off-by: default avatarAlex Nemirovsky <alex.nemirovsky@cortina-access.com>
      80d4d748
    • Yatharth Kochar's avatar
      AArch32: Miscellaneous fixes in the AArch32 code · 69d59e0c
      Yatharth Kochar authored
      
      
      This patch makes following miscellaneous fixes:
      * pl011_console.S: Fixed the bit mask used to check if the
        transmit FIFO is full or empty.
      * smcc_macros.S: Added `_fsxc` suffix while updating the SPSR.
        By default the assembler assumes `_fc` suffix which does not
        update all the fields in SPSR. By adding `_fsxc` suffix all
        the fields gets updated.
      * platform_helpers.S: Removed the weak definition for
        `plat_my_core_pos()` as this is a mandatory function which
        needs to be defined by all platforms.
      
      Change-Id: I8302292533c943686fff8d7c749a07132c052a3b
      Signed-off-by: default avatarYatharth Kochar <yatharth.kochar@arm.com>
      69d59e0c
  14. 21 Nov, 2016 1 commit
    • Douglas Raillard's avatar
      Add CFI debug frame information for ASM functions · b91d935f
      Douglas Raillard authored
      
      
      This allows the debugger to print the callstack when there is an
      assembly function in the callstack.
      
      It will work as long as the CFA pointer (frame pointer) location is not
      modified (i.e. x29 is not touched in AArch64 state). It is the case in
      almost all assembly functions, so this patch improves the average
      debugging experience. Call stacks from the debugger should still be
      interpreted with care. In more complex functions, one could use .cfi*
      directives to inform the debugger about the new location of the CFA
      pointer.
      
      Change-Id: I9dabfbc033b45e8528e67f4823c17de7bf02fa24
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      b91d935f
  15. 09 Nov, 2016 1 commit
    • David Cunado's avatar
      Reset debug registers MDCR-EL3/SDCR and MDCR_EL2/HDCR · 495f3d3c
      David Cunado authored
      
      
      In order to avoid unexpected traps into EL3/MON mode, this patch
      resets the debug registers, MDCR_EL3 and MDCR_EL2 for AArch64,
      and SDCR and HDCR for AArch32.
      
      MDCR_EL3/SDCR is zero'ed when EL3/MON mode is entered, at the
      start of BL1 and BL31/SMP_MIN.
      
      For MDCR_EL2/HDCR, this patch zero's the bits that are
      architecturally UNKNOWN values on reset. This is done when
      exiting from EL3/MON mode but only on platforms that support
      EL2/HYP mode but choose to exit to EL1/SVC mode.
      
      Fixes ARM-software/tf-issues#430
      
      Change-Id: Idb992232163c072faa08892251b5626ae4c3a5b6
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      495f3d3c
  16. 14 Oct, 2016 1 commit
    • Soby Mathew's avatar
      Unify SCTLR initialization for AArch32 normal world · b7b0787d
      Soby Mathew authored
      
      
      The values of CP15BEN, nTWI & nTWE bits in SCTLR_EL1 are architecturally
      unknown if EL3 is AARCH64 whereas they reset to 1 if EL3 is AArch32. This
      might be a compatibility break for legacy AArch32 normal world software if
      these bits are not set to 1 when EL3 is AArch64. This patch enables the
      CP15BEN, nTWI and nTWE bits in the SCTLR_EL1 if the lower non-secure EL is
      AArch32. This unifies the SCTLR settings for lower non-secure EL in AArch32
      mode for both AArch64 and AArch32 builds of Trusted Firmware.
      
      Fixes ARM-software/tf-issues#428
      
      Change-Id: I3152d1580e4869c0ea745c5bd9da765f9c254947
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      b7b0787d
  17. 12 Oct, 2016 3 commits
    • dp-arm's avatar
      Remove non-standard <sys/cdefs.h> include from uuid.h · 9e23f9ab
      dp-arm authored
      This include provides nothing useful for TF and prevents building
      the fiptool using musl libc[0].
      
      [0] https://www.musl-libc.org/
      
      
      
      Change-Id: Ied35e16b9ea2b40213433f2a8185dddc59077884
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      9e23f9ab
    • dp-arm's avatar
      Add PMF instrumentation points in TF · 872be88a
      dp-arm authored
      
      
      In order to quantify the overall time spent in the PSCI software
      implementation, an initial collection of PMF instrumentation points
      has been added.
      
      Instrumentation has been added to the following code paths:
      
      - Entry to PSCI SMC handler.  The timestamp is captured as early
        as possible during the runtime exception and stored in memory
        before entering the PSCI SMC handler.
      
      - Exit from PSCI SMC handler.  The timestamp is captured after
        normal return from the PSCI SMC handler or if a low power state
        was requested it is captured in the bl31 warm boot path before
        return to normal world.
      
      - Entry to low power state.  The timestamp is captured before entry
        to a low power state which implies either standby or power down.
        As these power states are mutually exclusive, only one timestamp
        is defined to describe both.  It is possible to differentiate between
        the two power states using the PSCI STAT interface.
      
      - Exit from low power state.  The timestamp is captured after a standby
        or power up operation has completed.
      
      To calculate the number of cycles spent running code in Trusted Firmware
      one can perform the following calculation:
      
      (exit_psci - enter_psci) - (exit_low_pwr - enter_low_pwr).
      
      The resulting number of cycles can be converted to time given the
      frequency of the counter.
      
      Change-Id: Ie3b8f3d16409b6703747093b3a2d5c7429ad0166
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      872be88a
    • dp-arm's avatar
      Introduce ARM SiP service · f10796a0
      dp-arm authored
      
      
      This patch adds ARM SiP service for use by ARM standard platforms.
      This service is added to support the SMC interface for the Performance
      measurement framework(PMF).
      
      Change-Id: I26f5712f9ab54f5f721dd4781e35a16f40aacc44
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      f10796a0
  18. 28 Sep, 2016 1 commit
    • Yatharth Kochar's avatar
      AArch32: Add `memcpy4` function in assembly · 9c1dceb1
      Yatharth Kochar authored
      At present the `el3_entrypoint_common` macro uses `memcpy`
      function defined in lib/stdlib/mem.c file, to copy data
      from ROM to RAM for BL1. Depending on the compiler being
      used the stack could potentially be used, in `memcpy`,
      for storing the local variables. Since the stack is
      initialized much later in `el3_entrypoint_common` it
      may result in unknown behaviour.
      
      This patch adds `memcpy4` function definition in assembly so
      that it can be used before the stack is initialized and it
      also replaces `memcpy` by `memcpy4` in `el3_entrypoint_common`
      macro, to copy data from ROM to RAM for BL1.
      
      Change-Id: I3357a0e8095f05f71bbbf0b185585d9499bfd5e0
      9c1dceb1
  19. 22 Sep, 2016 2 commits
    • Soby Mathew's avatar
      PSCI: Do psci_setup() as part of std_svc_setup() · 58e946ae
      Soby Mathew authored
      This patch moves the invocation of `psci_setup()` from BL31 and SP_MIN
      into `std_svc_setup()` as part of ARM Standard Service initialization.
      This allows us to consolidate ARM Standard Service initializations which
      will be added to in the future. A new function `get_arm_std_svc_args()`
      is introduced to get arguments corresponding to each standard service.
      This function must be implemented by the EL3 Runtime Firmware and both
      SP_MIN and BL31 implement it.
      
      Change-Id: I38e1b644f797fa4089b20574bd4a10f0419de184
      58e946ae
    • Soby Mathew's avatar
      PSCI: Introduce PSCI Library argument structure · f426fc05
      Soby Mathew authored
      This patch introduces a `psci_lib_args_t` structure which must be
      passed into `psci_setup()` which is then used to initialize the PSCI
      library. The `psci_lib_args_t` is a versioned structure so as to enable
      compatibility checks during library initialization. Both BL31 and SP_MIN
      are modified to use the new structure.
      
      SP_MIN is also modified to add version string and build message as part
      of its cold boot log just like the other BLs in Trusted Firmware.
      
      NOTE: Please be aware that this patch modifies the prototype of
      `psci_setup()`, which breaks compatibility with EL3 Runtime Firmware
      (excluding BL31 and SP_MIN) integrated with the PSCI Library.
      
      Change-Id: Ic3761db0b790760a7ad664d8a437c72ea5edbcd6
      f426fc05
  20. 21 Sep, 2016 5 commits
    • Yatharth Kochar's avatar
      AArch32: Add support for ARM Cortex-A32 MPCore Processor · 03a3042b
      Yatharth Kochar authored
      This patch adds ARM Cortex-A32 MPCore Processor support
      in the CPU specific operations framework. It also includes
      this support for the Base FVP port.
      
      Change-Id: If3697b88678df737c29f79cf3fa1ea2cb6fa565d
      03a3042b
    • Yatharth Kochar's avatar
      AArch32: Support in SP_MIN to receive arguments from BL2 · d9915518
      Yatharth Kochar authored
      This patch adds support in SP_MIN to receive generic and
      platform specific arguments from BL2.
      
      The new signature is as following:
          void sp_min_early_platform_setup(void *from_bl2,
               void *plat_params_from_bl2);
      
      ARM platforms have been modified to use this support.
      
      Note: Platforms may break if using old signature.
            Default value for RESET_TO_SP_MIN is changed to 0.
      
      Change-Id: I008d4b09fd3803c7b6231587ebf02a047bdba8d0
      d9915518
    • Yatharth Kochar's avatar
      AArch32: Add generic changes in BL1 · f3b4914b
      Yatharth Kochar authored
      This patch adds generic changes in BL1 to support AArch32 state.
      New AArch32 specific assembly/C files are introduced and
      some files are moved to AArch32/64 specific folders.
      BL1 for AArch64 is refactored but functionally identical.
      BL1 executes in Secure Monitor mode in AArch32 state.
      
      NOTE: BL1 in AArch32 state ONLY handles BL1_RUN_IMAGE SMC.
      
      Change-Id: I6e2296374c7efbf3cf2aa1a0ce8de0732d8c98a5
      f3b4914b
    • Yatharth Kochar's avatar
      AArch32: Common changes needed for BL1/BL2 · 1a0a3f06
      Yatharth Kochar authored
      This patch adds common changes to support AArch32 state in
      BL1 and BL2. Following are the changes:
      
      * Added functions for disabling MMU from Secure state.
      * Added AArch32 specific SMC function.
      * Added semihosting support.
      * Added reporting of unhandled exceptions.
      * Added uniprocessor stack support.
      * Added `el3_entrypoint_common` macro that can be
        shared by BL1 and BL32 (SP_MIN) BL stages. The
        `el3_entrypoint_common` is similar to the AArch64
        counterpart with the main difference in the assembly
        instructions and the registers that are relevant to
        AArch32 execution state.
      * Enabled `LOAD_IMAGE_V2` flag in Makefile for
        `ARCH=aarch32` and added check to make sure that
        platform has not overridden to disable it.
      
      Change-Id: I33c6d8dfefb2e5d142fdfd06a0f4a7332962e1a3
      1a0a3f06
    • Yatharth Kochar's avatar
      ARM platform changes for new version of image loading · a8aa7fec
      Yatharth Kochar authored
      This patch adds changes in ARM platform code to use new
      version of image loading.
      
      Following are the major changes:
        -Refactor the signatures for bl31_early_platform_setup()
         and arm_bl31_early_platform_setup() function to use
         `void *` instead of `bl31_params_t *`.
        -Introduce `plat_arm_bl2_handle_scp_bl2()` to handle
         loading of SCP_BL2 image from BL2.
        -Remove usage of reserve_mem() function from
         `arm_bl1_early_platform_setup()`
        -Extract BL32 & BL33 entrypoint info, from the link list
         passed by BL2, in `arm_bl31_early_platform_setup()`
        -Provides weak definitions for following platform functions:
           plat_get_bl_image_load_info
           plat_get_next_bl_params
           plat_flush_next_bl_params
           bl2_plat_handle_post_image_load
        -Instantiates a descriptor array for ARM platforms
         describing image and entrypoint information for
         `SCP_BL2`, `BL31`, `BL32` and `BL33` images.
      
      All the above changes are conditionally compiled using the
      `LOAD_IMAGE_V2` flag.
      
      Change-Id: I5e88b9785a3df1a2b2bbbb37d85b8e353ca61049
      a8aa7fec
  21. 20 Sep, 2016 2 commits
    • Yatharth Kochar's avatar
      Changes for new version of image loading in BL1/BL2 · 42019bf4
      Yatharth Kochar authored
      This patch adds changes in BL1 & BL2 to use new version
      of image loading to load the BL images.
      
      Following are the changes in BL1:
        -Use new version of load_auth_image() to load BL2
        -Modified `bl1_init_bl2_mem_layout()` to remove using
         `reserve_mem()` and to calculate `bl2_mem_layout`.
         `bl2_mem_layout` calculation now assumes that BL1 RW
         data is at the top of the bl1_mem_layout, which is more
         restrictive than the previous BL1 behaviour.
      
      Following are the changes in BL2:
        -The `bl2_main.c` is refactored and all the functions
         for loading BLxx images are now moved to `bl2_image_load.c`
         `bl2_main.c` now calls a top level `bl2_load_images()` to
         load all the images that are applicable in BL2.
        -Added new file `bl2_image_load_v2.c` that uses new version
         of image loading to load the BL images in BL2.
      
      All the above changes are conditionally compiled using the
      `LOAD_IMAGE_V2` flag.
      
      Change-Id: Ic6dcde5a484495bdc05526d9121c59fa50c1bf23
      42019bf4
    • Yatharth Kochar's avatar
      Add new version of image loading. · 72600226
      Yatharth Kochar authored
      This patch adds capability to load BL images based on image
      descriptors instead of hard coded way of loading BL images.
      This framework is designed such that it can be readily adapted
      by any BL stage that needs to load images.
      
      In order to provide the above capability the following new
      platform functions are introduced:
      
        bl_load_info_t *plat_get_bl_image_load_info(void);
          This function returns pointer to the list of images that the
          platform has populated to load.
      
        bl_params_t *plat_get_next_bl_params(void);
          This function returns a pointer to the shared memory that the
          platform has kept aside to pass trusted firmware related
          information that next BL image needs.
      
        void plat_flush_next_bl_params(void);
          This function flushes to main memory all the params that
          are passed to next image.
      
        int bl2_plat_handle_post_image_load(unsigned int image_id)
          This function can be used by the platforms to update/use
          image information for given `image_id`.
      
      `desc_image_load.c` contains utility functions which can be used
      by the platforms to generate, load and executable, image list
      based on the registered image descriptors.
      
      This patch also adds new version of `load_image/load_auth_image`
      functions in-order to achieve the above capability.
      
      Following are the changes for the new version as compared to old:
        - Refactor the signature and only keep image_id and image_info_t
          arguments. Removed image_base argument as it is already passed
          through image_info_t. Given that the BL image base addresses and
          limit/size are already provided by the platforms, the meminfo_t
          and entry_point_info arguments are not needed to provide/reserve
          the extent of free memory for the given BL image.
      
        - Added check for the image size against the defined max size.
          This is needed because the image size could come from an
          unauthenticated source (e.g. the FIP header).
          To make this check, new member is added to the image_info_t
          struct for identifying the image maximum size.
      
      New flag `LOAD_IMAGE_V2` is added in the Makefile.
      Default value is 0.
      
      NOTE: `TRUSTED_BOARD_BOOT` is currently not supported when
            `LOAD_IMAGE_V2` is enabled.
      
      Change-Id: Ia7b643f4817a170d5a2fbf479b9bc12e63112e79
      72600226