1. 29 Apr, 2020 1 commit
    • Andre Przywara's avatar
      fdt/wrappers: Replace fdtw_read_cells() implementation · ff4e6c35
      Andre Przywara authored
      Our fdtw_read_cells() implementation goes to great lengths to
      sanity-check every parameter and result, but leaves a big hole open:
      The size of the storage the value pointer points at needs to match the
      number of cells given. This can't be easily checked at compile time,
      since we lose the size information by using a void pointer.
      Regardless the current usage of this function is somewhat wrong anyways,
      since we use it on single-element, fixed-length properties only, for
      which the DT binding specifies the size.
      Typically we use those functions dealing with a number of cells in DT
      context to deal with *dynamically* sized properties, which depend on
      other properties (#size-cells, #clock-cells, ...), to specify the number
      of cells needed.
      
      Another problem with the current implementation is the use of
      ambiguously sized types (uintptr_t, size_t) together with a certain
      expectation about their size. In general there is no relation between
      the length of a DT property and the bitness of the code that parses the
      DTB: AArch64 code could encounter 32-bit addresses (where the physical
      address space is limited to 4GB [1]), while AArch32 code could read
      64-bit sized properties (/memory nodes on LPAE systems, [2]).
      
      To make this more clear, fix the potential issues and also align more
      with other DT users (Linux and U-Boot), introduce functions to explicitly
      read uint32 and uint64 properties. As the other DT consumers, we do this
      based on the generic "read array" function.
      Convert all users to use either of those two new functions, and make
      sure we never use a pointer to anything other than uint32_t or uint64_t
      variables directly.
      
      This reveals (and fixes) a bug in plat_spmd_manifest.c, where we write
      4 bytes into a uint16_t variable (passed via a void pointer).
      
      Also we change the implementation of the function to better align with
      other libfdt users, by using the right types (fdt32_t) and common
      variable names (*prop, prop_names).
      
      [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi#n874
      [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/boot/dts/ecx-2000.dts
      
      
      
      Change-Id: I718de960515117ac7a3331a1b177d2ec224a3890
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      ff4e6c35
  2. 28 Apr, 2020 2 commits
    • Andre Przywara's avatar
      plat/stm32: Use generic fdt_read_uint32_array() implementation · 52a616b4
      Andre Przywara authored
      
      
      The device tree parsing code for the STM32 platform is using its own FDT
      helper functions, some of them being rather generic.
      In particular the existing fdt_read_uint32_array() implementation is now
      almost identical to the new generic code in fdt_wrappers.c, so we can
      remove the ST specific version and adjust the existing callers.
      
      Compared to the original ST implementation the new version takes a
      pointer to the DTB as the first argument, and also swaps the order of
      the number of cells and the pointer.
      
      Change-Id: Id06b0f1ba4db1ad1f733be40e82c34f46638551a
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      52a616b4
    • Andre Przywara's avatar
      fdt/wrappers: Generalise fdtw_read_array() · 6e3a89f4
      Andre Przywara authored
      
      
      Currently our fdtw_read_array() implementation requires the length of
      the property to exactly match the requested size, which makes it less
      flexible for parsing generic device trees.
      Also the name is slightly misleading, since we treat the cells of the
      array as 32 bit unsigned integers, performing the endianess conversion.
      
      To fix those issues and align the code more with other DT users (Linux
      kernel or U-Boot), rename the function to "fdt_read_uint32_array", and
      relax the length check to only check if the property covers at least the
      number of cells we request.
      This also changes the variable names to be more in-line with other DT
      users, and switches to the proper data types.
      
      This makes this function more useful in later patches.
      
      Change-Id: Id86f4f588ffcb5106d4476763ecdfe35a735fa6c
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      6e3a89f4
  3. 25 Apr, 2020 1 commit
    • Masahiro Yamada's avatar
      linker_script: move .data section to bl_common.ld.h · caa3e7e0
      Masahiro Yamada authored
      Move the data section to the common header.
      
      I slightly tweaked some scripts as follows:
      
      [1] bl1.ld.S has ALIGN(16). I added DATA_ALIGN macro, which is 1
          by default, but overridden by bl1.ld.S. Currently, ALIGN(16)
          of the .data section is redundant because commit 41286590
      
      
          ("Fix boot failures on some builds linked with ld.lld.") padded
          out the previous section to work around the issue of LLD version
          <= 10.0. This will be fixed in the future release of LLVM, so
          I am keeping the proper way to align LMA.
      
      [2] bl1.ld.S and bl2_el3.ld.S define __DATA_RAM_{START,END}__ instead
          of __DATA_{START,END}__. I put them out of the .data section.
      
      [3] SORT_BY_ALIGNMENT() is missing tsp.ld.S, sp_min.ld.S, and
          mediatek/mt6795/bl31.ld.S. This commit adds SORT_BY_ALIGNMENT()
          for all images, so the symbol order in those three will change,
          but I do not think it is a big deal.
      
      Change-Id: I215bb23c319f045cd88e6f4e8ee2518c67f03692
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      caa3e7e0
  4. 15 Apr, 2020 1 commit
  5. 07 Apr, 2020 3 commits
    • Alexei Fedorov's avatar
      TF-A: Add GICv4 extension for GIC driver · 5875f266
      Alexei Fedorov authored
      
      
      This patch adds support for GICv4 extension.
      New `GIC_ENABLE_V4_EXTN` option passed to gicv3.mk makefile
      was added, and enables GICv4 related changes when set to 1.
      This option defaults to 0.
      
      Change-Id: I30ebe1b7a98d3a54863900f37eda4589c707a288
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      5875f266
    • Julius Werner's avatar
      coreboot: Add memory range parsing · 579d1e90
      Julius Werner authored
      
      
      This patch adds code to parse memory range information passed by
      coreboot, and a simple helper to test whether a specific address belongs
      to a range. This may be useful for coreboot-using platforms that need to
      know information about the system's memory layout (e.g. to check whether
      an address passed in via SMC targets valid DRAM).
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      Change-Id: I3bea326c426db27d1a8b7d6e17418e4850e884b4
      579d1e90
    • Masahiro Yamada's avatar
      locks: bakery: use is_dcache_enabled() helper · 11504163
      Masahiro Yamada authored
      
      
      bakery_lock_normal.c uses the raw register accessor, read_sctlr(_el3)
      to check whether the dcache is enabled.
      
      Using is_dcache_enabled() is cleaner, and a good abstraction for
      the library code like this.
      
      A problem is is_dcache_enabled() is declared in the local header,
      lib/xlat_tables_v2/xlat_tables_private.h
      
      I searched for a good place to declare this helper. Moving it to
      arch_helpers.h, closed to cache operation helpers, looks good enough
      to me.
      
      I also changed the type of 'is_cached' to bool for consistency,
      and to avoid MISRA warnings.
      
      Change-Id: I9b016f67bc8eade25c316aa9c0db0fa4cd375b79
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      11504163
  6. 06 Apr, 2020 1 commit
  7. 03 Apr, 2020 9 commits
  8. 02 Apr, 2020 7 commits
    • Sandrine Bailleux's avatar
      Check for out-of-bound accesses in the platform io policies · afe62624
      Sandrine Bailleux authored
      
      
      The platform io policies array is now always accessed through a fconf getter.
      This gives us an ideal spot to check for out-of-bound accesses.
      
      Remove the assertion in plat_get_image_source(), which is now redundant.
      
      Change-Id: Iefe808d530229073b68cbd164d927b8b6662a217
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      afe62624
    • Sandrine Bailleux's avatar
      Check for out-of-bound accesses in the CoT description · 6f8a2565
      Sandrine Bailleux authored
      
      
      The chain of trust array is now always accessed through a fconf getter.
      This gives us an ideal spot to check for out-of-bound accesses.
      
      Change-Id: Ic5ea20e43cf8ca959bb7f9b60de7c0839b390add
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      6f8a2565
    • Masahiro Yamada's avatar
      Pass more -D options to BL*_CPPFLAGS instead of BL*_CFLAGS · 9cefb4b1
      Masahiro Yamada authored
      Commit d5e97a1d ("Build: define IMAGE_AT_EL1 or IMAGE_AT_EL3
      globally for C files") does not have commit 848a7e8c ("Build:
      introduce per-BL CPPFLAGS and ASFLAGS") as an ancestor because
      they were pulled almost at the same time.
      
      This is a follow-up conversion to be consistent with commit
      11a3c5ee
      
       ("plat: pass -D option to BL*_CPPFLAGS instead of
      BL*_CFLAGS").
      
      With this change, the command line option, IMAGE_AT_EL3, will be
      passed to .S files as well.
      
      I remove the definition in include/lib/cpus/aarch64/cpu_macros.S
      
      Otherwise, the following error would happen.
      
        include/lib/cpus/aarch64/cpu_macros.S:29:0: error: "IMAGE_AT_EL3" redefined [-Werror]
      
      Change-Id: I943c8f22356483c2ae3c57b515c69243a8fa6889
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      9cefb4b1
    • Masahiro Yamada's avatar
      xlat_tables_v2: fix assembler warning of PLAT_RO_XLAT_TABLES · 268131c2
      Masahiro Yamada authored
      
      
      If PLAT_RO_XLAT_TABLES is defined, the base xlat table goes to the
      .rodata section instead of .bss section.
      
      This causes a warning like:
      
      /tmp/ccswitLr.s: Assembler messages:
      /tmp/ccswitLr.s:297: Warning: setting incorrect section attributes for .rodata
      
      It is practically no problem, but I want to keep the build log clean.
      
      Put the base table into the "base_xlat_table" section to suppress the
      assembler warnings.
      
      The linker script determines its final destination; rodata section if
      PLAT_RO_XLAT_TABLES=1, or bss section otherwise. So, the result is the
      same.
      
      Change-Id: Ic85d1d2dddd9b5339289fc2378cbcb21dd7db02e
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      268131c2
    • Masahiro Yamada's avatar
      linker_script: move bss section to bl_common.ld.h · a7739bc7
      Masahiro Yamada authored
      
      
      Move the bss section to the common header. This adds BAKERY_LOCK_NORMAL
      and PMF_TIMESTAMP, which previously existed only in BL31. This is not
      a big deal because unused data should not be compiled in the first
      place. I believe this should be controlled by BL*_SOURCES in Makefiles,
      not by linker scripts.
      
      I investigated BL1, BL2, BL2U, BL31 for plat=fvp, and BL2-AT-EL3,
      BL31, BL31 for plat=uniphier. I did not see any more  unexpected
      code addition.
      
      The bss section has bigger alignment. I added BSS_ALIGN for this.
      
      Currently, SORT_BY_ALIGNMENT() is missing in sp_min.ld.S, and with this
      change, the BSS symbols in SP_MIN will be sorted by the alignment.
      This is not a big deal (or, even better in terms of the image size).
      
      Change-Id: I680ee61f84067a559bac0757f9d03e73119beb33
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      a7739bc7
    • Masahiro Yamada's avatar
      linker_script: replace common read-only data with RODATA_COMMON · 0a0a7a9a
      Masahiro Yamada authored
      The common section data are repeated in many linker scripts (often
      twice in each script to support SEPARATE_CODE_AND_RODATA). When you
      add a new read-only data section, you end up with touching lots of
      places.
      
      After this commit, you will only need to touch bl_common.ld.h when
      you add a new section to RODATA_COMMON.
      
      Replace a series of RO section with RODATA_COMMON, which contains
      6 sections, some of which did not exist before.
      
      This is not a big deal because unneeded data should not be compiled
      in the first place. I believe this should be controlled by BL*_SOURCES
      in Makefiles, not by linker scripts.
      
      When I was working on this commit, the BL1 image size increased
      due to the fconf_populator. Commit c452ba15
      
       ("fconf: exclude
      fconf_dyn_cfg_getter.c from BL1_SOURCES") fixed this issue.
      
      I investigated BL1, BL2, BL2U, BL31 for plat=fvp, and BL2-AT-EL3,
      BL31, BL31 for plat=uniphier. I did not see any more  unexpected
      code addition.
      
      Change-Id: I5d14d60dbe3c821765bce3ae538968ef266f1460
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      0a0a7a9a
    • Masahiro Yamada's avatar
      linker_script: move more common code to bl_common.ld.h · 9fb288a0
      Masahiro Yamada authored
      
      
      These are mostly used to collect data from special structure,
      and repeated in many linker scripts.
      
      To differentiate the alignment size between aarch32/aarch64, I added
      a new macro STRUCT_ALIGN.
      
      While I moved the PMF_SVC_DESCS, I dropped #if ENABLE_PMF conditional.
      As you can see in include/lib/pmf/pmf_helpers.h, PMF_REGISTER_SERVICE*
      are no-op when ENABLE_PMF=0. So, pmf_svc_descs and pmf_timestamp_array
      data are not populated.
      
      Change-Id: I3f4ab7fa18f76339f1789103407ba76bda7e56d0
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      9fb288a0
  9. 01 Apr, 2020 3 commits
  10. 31 Mar, 2020 2 commits
    • Masahiro Yamada's avatar
      xlat_tables_v2: add enable_mmu() · f5547735
      Masahiro Yamada authored
      
      
      enable_mmu_* has a different function name, so it is not handy in the
      shared code. enable_mmu() calls an appropriate one depending on the
      exception level.
      
      Change-Id: I0657968bfcb91c32733f75f9259f550a5c35b1c3
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      f5547735
    • Masahiro Yamada's avatar
      Add get_current_el_maybe_constant() · fd092be2
      Masahiro Yamada authored
      
      
      There are some cases where we want to run EL-dependent code in the
      shared code.
      
      We could use #ifdef, but it leaves slight possibility where we do not
      know the exception level at the build-time (e.g. library code).
      
      The counter approach is to use get_current_el(), but it is run-time
      detection, so all EL code is linked, some of which might be unneeded.
      
      This commit adds get_current_el_maybe_constant(). This is a static
      inline function that returns a constant value if we know the exception
      level at build-time. This is mostly the case.
      
          if (get_current_el_maybe_constant() == 1) {
                  /* do something for EL1 */
          } else if (get_current_el_maybe_constant() == 3) {
                  /* do something for EL3 */
          }
      
      If get_current_el_maybe_constant() is build-time constant, the compiler
      will optimize out the unreachable code.
      
      If such code is included from the library code, it is not built-time
      constant. In this case, it falls back to get_current_el(), so it still
      works.
      
      Change-Id: Idb03c20342a5b5173fe2d6b40e1fac7998675ad3
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      fd092be2
  11. 30 Mar, 2020 1 commit
  12. 25 Mar, 2020 2 commits
    • Alexei Fedorov's avatar
      FVP: Add BL2 hash calculation in BL1 · 0ab49645
      Alexei Fedorov authored
      
      
      This patch provides support for measured boot by adding calculation
      of BL2 image hash in BL1 and writing these data in TB_FW_CONFIG DTB.
      
      Change-Id: Ic074a7ed19b14956719c271c805b35d147b7cec1
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      0ab49645
    • Manish V Badarkhe's avatar
      Fix 'tautological-constant-compare' error · 4c4a1327
      Manish V Badarkhe authored
      
      
      Fixed below 'tautological-constant-compare' error when building the source
      code with latest clang compiler <clang version 11.0.0>.
      
      plat/common/plat_psci_common.c:36:2:
      error: converting the result of '<<' to a boolean always evaluates
      to true [-Werror,-Wtautological-constant-compare]
              PMF_STORE_ENABLE)
              ^
      include/lib/pmf/pmf.h:28:29: note: expanded from macro 'PMF_STORE_ENABLE'
      PMF_STORE_ENABLE        (1 << 0)
      
      This error is observed beacuse of CASSERT placed in
      "PMF_DEFINE_CAPTURE_TIMESTAMP" which do below stuff:
      CASSERT(_flags, select_proper_config);
      where _flags = PMF_STORE_ENABLE (1 << 0) which always results true.
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      Change-Id: Ifa82ea202496a23fdf1d27ea1798d1f1b583a021
      4c4a1327
  13. 23 Mar, 2020 1 commit
  14. 22 Mar, 2020 1 commit
    • Mustafa Yigit Bilgen's avatar
      spd: tlkd: support new TLK SMCs for RPMB service · bd0c2f8d
      Mustafa Yigit Bilgen authored
      
      
      This patch adds support to handle following TLK SMCs:
      {TLK_SET_BL_VERSION, TLK_LOCK_BL_INTERFACE, TLK_BL_RPMB_SERVICE}
      
      These SMCs need to be supported in ATF in order to forward them to
      TLK. Otherwise, these functionalities won't work.
      
      Brief:
      TLK_SET_BL_VERSION: This SMC is issued by the bootloader to supply its
      version to TLK. TLK can use this to prevent rollback attacks.
      
      TLK_LOCK_BL_INTERFACE: This SMC is issued by bootloader before handing off
      execution to the OS. This allows preventing sensitive SMCs being used
      by the OS.
      
      TLK_BL_RPMB_SERVICE: bootloader issues this SMC to sign or verify RPMB
      frames.
      
      Tested by: Tests TLK can receive the new SMCs issued by bootloader
      
      Change-Id: I57c2d189a5f7a77cea26c3f8921866f2a6f0f944
      Signed-off-by: default avatarMustafa Yigit Bilgen <mbilgen@nvidia.com>
      bd0c2f8d
  15. 20 Mar, 2020 1 commit
  16. 19 Mar, 2020 2 commits
  17. 17 Mar, 2020 2 commits