1. 03 Apr, 2019 2 commits
    • Antonio Nino Diaz's avatar
      SPM: Refactor xlat context creation · 014df18b
      Antonio Nino Diaz authored
      
      
      Right now the virtual address space is fixed to
      PLAT_VIRT_ADDR_SPACE_SIZE, so all base translation tables are the same
      size and need the same alignment. The current code allocates the exact
      space needed by this initial table.
      
      However, a following patch is going to allow each partition to choose
      the size of its address space based on the memory regions defined in
      their resource description, so it isn't possible to determine this at
      build time. As this optimization no longer applies, it has to be
      removed.
      
      Change-Id: Ia8d19f4981e1017e4ffe0ba136de73d701044cb0
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      014df18b
    • Antonio Nino Diaz's avatar
      SPM: Move shim layer to TTBR1_EL1 · 6de6965b
      Antonio Nino Diaz authored
      
      
      This gives each Secure Partition complete freedom on its address space.
      Previously, the memory used by the exception vectors was reserved and
      couldn't be used. Also, it always had to be mapped, forcing SPM to
      generate translation tables that included the exception vectors as well
      as the Partition memory regions. With this change, partitions can reduce
      their address space size easily.
      
      Change-Id: I67fb5e9bdf2870b73347f23bff702fab0a8f8711
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      6de6965b
  2. 01 Apr, 2019 1 commit
    • Ambroise Vincent's avatar
      Remove several warnings reported with W=1 · 609e053c
      Ambroise Vincent authored
      
      
      Improved support for W=1 compilation flag by solving missing-prototypes
      and old-style-definition warnings.
      
      The libraries are compiling with warnings (which turn into errors with
      the Werror flag).
      
      Outside of libraries, some warnings cannot be fixed without heavy
      structural changes.
      
      Change-Id: I1668cf99123ac4195c2a6a1d48945f7a64c67f16
      Signed-off-by: default avatarAmbroise Vincent <ambroise.vincent@arm.com>
      609e053c
  3. 04 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Sanitise includes across codebase · 09d40e0e
      Antonio Nino Diaz authored
      Enforce full include path for includes. Deprecate old paths.
      
      The following folders inside include/lib have been left unchanged:
      
      - include/lib/cpus/${ARCH}
      - include/lib/el3_runtime/${ARCH}
      
      The reason for this change is that having a global namespace for
      includes isn't a good idea. It defeats one of the advantages of having
      folders and it introduces problems that are sometimes subtle (because
      you may not know the header you are actually including if there are two
      of them).
      
      For example, this patch had to be created because two headers were
      called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform
      to avoid collision."). More recently, this patch has had similar
      problems: 46f9b2c3 ("drivers: add tzc380 support").
      
      This problem was introduced in commit 4ecca339
      
       ("Move include and
      source files to logical locations"). At that time, there weren't too
      many headers so it wasn't a real issue. However, time has shown that
      this creates problems.
      
      Platforms that want to preserve the way they include headers may add the
      removed paths to PLAT_INCLUDES, but this is discouraged.
      
      Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      09d40e0e
  4. 11 Dec, 2018 9 commits
  5. 10 Dec, 2018 1 commit
  6. 14 Nov, 2018 1 commit
    • Sughosh Ganu's avatar
      SPM: Raise running priority of the core while in Secure Partition · 6e3bad36
      Sughosh Ganu authored
      
      
      The current secure partition design mandates that a) at a point, only
      a single core can be executing in the secure partition, and b) a core
      cannot be preempted by an interrupt while executing in secure
      partition.
      
      Ensure this by activating the SPM priority prior to entering the
      parition. Deactivate the priority on return from the
      partition.
      
      Change-Id: Icb3473496d16b733564592eef06304a1028e4f5c
      Signed-off-by: default avatarSughosh Ganu <sughosh.ganu@arm.com>
      6e3bad36
  7. 20 Jun, 2018 1 commit
  8. 15 Jun, 2018 1 commit
  9. 23 May, 2018 5 commits
  10. 17 Apr, 2018 1 commit
  11. 21 Mar, 2018 1 commit
    • Antonio Nino Diaz's avatar
      Rename 'smcc' to 'smccc' · 085e80ec
      Antonio Nino Diaz authored
      
      
      When the source code says 'SMCC' it is talking about the SMC Calling
      Convention. The correct acronym is SMCCC. This affects a few definitions
      and file names.
      
      Some files have been renamed (smcc.h, smcc_helpers.h and smcc_macros.S)
      but the old files have been kept for compatibility, they include the
      new ones with an ERROR_DEPRECATED guard.
      
      Change-Id: I78f94052a502436fdd97ca32c0fe86bd58173f2f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      085e80ec
  12. 10 Jan, 2018 1 commit
  13. 08 Jan, 2018 2 commits
  14. 12 Dec, 2017 1 commit
    • Sandrine Bailleux's avatar
      SPM: Fix MM_COMMUNICATE_AARCH32/64 parameters · 4d2787ce
      Sandrine Bailleux authored
      This partially reverts commit d6b532b5
      
      , keeping only the fixes to
      the assertions. The changes related to the order of arguments passed
      to the secure partition were not correct and violated the
      specification of the SP_EVENT_COMPLETE SMC.
      
      This patch also improves the MM_COMMUNICATE argument validation.  The
      cookie argument, as it comes from normal world, can't be trusted and thus
      needs to always be validated at run time rather than using an assertion.
      
      Also validate the communication buffer address and return
      INVALID_PARAMETER if it is zero, as per the MM specification.
      
      Fix a few typos in comments and use the "secure partition" terminology
      rather than "secure payload".
      
      Change-Id: Ice6b7b5494b729dd44611f9a93d362c55ab244f7
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      4d2787ce
  15. 05 Dec, 2017 2 commits
  16. 15 Nov, 2017 1 commit
  17. 08 Nov, 2017 1 commit
    • Antonio Nino Diaz's avatar
      SPM: Introduce Secure Partition Manager · 2fccb228
      Antonio Nino Diaz authored
      
      
      A Secure Partition is a software execution environment instantiated in
      S-EL0 that can be used to implement simple management and security
      services. Since S-EL0 is an unprivileged exception level, a Secure
      Partition relies on privileged firmware e.g. ARM Trusted Firmware to be
      granted access to system and processor resources. Essentially, it is a
      software sandbox that runs under the control of privileged software in
      the Secure World and accesses the following system resources:
      
      - Memory and device regions in the system address map.
      - PE system registers.
      - A range of asynchronous exceptions e.g. interrupts.
      - A range of synchronous exceptions e.g. SMC function identifiers.
      
      A Secure Partition enables privileged firmware to implement only the
      absolutely essential secure services in EL3 and instantiate the rest in
      a partition. Since the partition executes in S-EL0, its implementation
      cannot be overly complex.
      
      The component in ARM Trusted Firmware responsible for managing a Secure
      Partition is called the Secure Partition Manager (SPM). The SPM is
      responsible for the following:
      
      - Validating and allocating resources requested by a Secure Partition.
      - Implementing a well defined interface that is used for initialising a
        Secure Partition.
      - Implementing a well defined interface that is used by the normal world
        and other secure services for accessing the services exported by a
        Secure Partition.
      - Implementing a well defined interface that is used by a Secure
        Partition to fulfil service requests.
      - Instantiating the software execution environment required by a Secure
        Partition to fulfil a service request.
      
      Change-Id: I6f7862d6bba8732db5b73f54e789d717a35e802f
      Co-authored-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      Co-authored-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      Co-authored-by: default avatarAchin Gupta <achin.gupta@arm.com>
      Co-authored-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      2fccb228