Julius Werner [Fri, 9 Jun 2017 22:17:15 +0000 (15:17 -0700)]
Add platform-independent coreboot support library
This patch adds the foundation for a platform-independent coreboot
support library that can be shared by all platforms that boot BL31 from
coreboot (acting as BL2). It adds code to parse the "coreboot table", a
data structure that coreboot uses to communicate different kinds of
information to later-stage firmware and certain OS drivers.
As a first small use case for this information, allow platforms to
access the serial console configuration used by coreboot, removing the
need to hardcode base address and divisors and allowing Trusted Firmware
to benefit from coreboot's user configuration (e.g. which UART to pick
and which baud rate to use).
Change-Id: I2bfb39cd2609ce6640b844ab68df6c9ae3f28e9e Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner [Tue, 19 Sep 2017 00:01:06 +0000 (17:01 -0700)]
drivers: cadence: cdns: Update CDNS driver to support MULTI_CONSOLE_API
This patch updates the Cadence CDNS console driver to support the new
console API. The driver will continue to support the old API as well by
checking the MULTI_CONSOLE_API compile-time flag.
Change-Id: I2ef8fb0d6ab72696997db1e0243a533499569d6b Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner [Mon, 18 Sep 2017 23:59:43 +0000 (16:59 -0700)]
drivers: arm: pl011: Update PL011 driver to support MULTI_CONSOLE_API
This patch updates the ARM PL011 console driver to support the new
console API. The driver will continue to support the old API as well by
checking the MULTI_CONSOLE_API compile-time flag.
Change-Id: Ic34e4158addbb0c5fae500c9cff899c05a4f4206 Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner [Mon, 18 Sep 2017 23:57:51 +0000 (16:57 -0700)]
drivers: ti: uart: Update 16550 UART driver to support MULTI_CONSOLE_API
This patch updates the TI 16550 console driver to support the new
console API. The driver will continue to support the old API as well by
checking the MULTI_CONSOLE_API compile-time flag.
Change-Id: I60a44b7ba3c35c74561824c04b8dbe3e3039324c Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner [Mon, 18 Sep 2017 23:49:48 +0000 (16:49 -0700)]
Add default crash console code to hook up to new console API
This patch expands the weak stubs for the plat_crash_console_xxx
functions in common platform code to use the new console API for crash
output. This should make crash console output "just work" for most cases
without the need for the platform to explicitly set up a crash console.
For cases where the normal console framework doesn't work (e.g. very
early crashes, before the platform can register any consoles), platforms
are still able to override the functions just like before.
This feature requires the MULTI_CONSOLE_API compile-time flag to work.
For builds which don't have it set, this patch has no practical effect.
Change-Id: I80dd161cb43f9db59a0bad2dae33c6560cfac584 Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner [Tue, 1 Aug 2017 01:15:11 +0000 (18:15 -0700)]
Add new function-pointer-based console API
This patch overhauls the console API to allow for multiple console
instances of different drivers that are active at the same time. Instead
of binding to well-known function names (like console_core_init),
consoles now provide a register function (e.g. console_16550_register())
that will hook them into the list of active consoles. All console
operations will be dispatched to all consoles currently in the list.
The new API will be selected by the build-time option MULTI_CONSOLE_API,
which defaults to ${ERROR_DEPRECATED} for now. The old console API code
will be retained to stay backwards-compatible to older platforms, but
should no longer be used for any newly added platforms and can hopefully
be removed at some point in the future.
The new console API is intended to be used for both normal (bootup) and
crash use cases, freeing platforms of the need to set up the crash
console separately. Consoles can be individually configured to be active
active at boot (until first handoff to EL2), at runtime (after first
handoff to EL2), and/or after a crash. Console drivers should set a sane
default upon registration that can be overridden with the
console_set_scope() call. Code to hook up the crash reporting mechanism
to this framework will be added with a later patch.
This patch only affects AArch64, but the new API could easily be ported
to AArch32 as well if desired.
Change-Id: I35c5aa2cb3f719cfddd15565eb13c7cde4162549 Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner [Tue, 20 Jun 2017 00:05:30 +0000 (17:05 -0700)]
rockchip: Implement a panic handler that will reboot the system
The current Rockchip platform code retains the "common" default panic
handler which simply hangs the system (until the watchdog kicks in, if
enabled). This is usually not a great user experience.
This patch implements a Rockchip-specific panic handler that calls the
platform's reboot implementation to reset the system.
Change-Id: I4cbe09c48f1b3f86ebdfc0108c186565f9ffc119 Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner [Tue, 12 Dec 2017 22:23:26 +0000 (14:23 -0800)]
utils_def: Add REGSZ and make BIT() assembly-compatible
In assembly code it can be useful to have a constant for the width of a
register in the current architecture, so this patch adds one to
<utils_def.h> and replaces the existing custom one in crash_reporting.S
with that. It also fixes up the BIT() macro in the same file so that it
can be safely used in assembly code.
Change-Id: I10513a311f3379e767396e6ddfbae8d2d8201464 Signed-off-by: Julius Werner <jwerner@chromium.org>
A new platform define, `PLAT_SP_IMAGE_XLAT_SECTION_NAME`, has been
introduced to select the section where the translation tables used by
the S-EL1/S-EL0 are placed.
This define has been used to move the translation tables to DRAM secured
by TrustZone.
Most of the extra needed space in BL31 when SPM is enabled is due to the
large size of the translation tables. By moving them to this memory
region we can save 44 KiB.
A new argument has been added to REGISTER_XLAT_CONTEXT2() to specify the
region where the translation tables have to be placed by the linker.
Change-Id: Ia81709b4227cb8c92601f0caf258f624c0467719 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
After returning from SYSTEM_SUSPEND state, BL31 reconfigures the
TrustZone Controller during the boot sequence. If BL31 is placed in
TZC-secured DRAM, it will try to change the permissions of the memory it
is being executed from, causing an exception.
The solution is to disable SYSTEM_SUSPEND when the Trusted Firmware has
been compiled with ``ARM_BL31_IN_DRAM=1``.
Change-Id: I96dc50decaacd469327c6b591d07964726e58db4 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
At present, both SDEI_PRIVATE_RESET and SDEI_SHARED_RESET returns
SDEI_PENDING if they fail to unregister an event. The SDEI specification
however requires that the APIs return SDEI_EDENY in these cases. This
patch fixes the return codes for the reset APIs.
Leo Yan [Fri, 24 Nov 2017 06:19:51 +0000 (14:19 +0800)]
Hikey960: Change to use recommended power state id format
ARM Power State Coordination Interface (ARM DEN 0022D) chapter
6.5 "Recommended StateID Encoding" defines the state ID which can be
used by platforms. The recommended power states can be presented by
below values; and it divides into three fields, every field has 4 bits
to present power states corresponding to core level, cluster level and
system level.
0: Run
1: Standby
2: Retention
3: Powerdown
This commit changes to use upper recommended power states definition on
Hikey960; and changes the power state validate function to check the
power state passed from kernel side.
Soby Mathew [Fri, 10 Nov 2017 13:14:40 +0000 (13:14 +0000)]
Unify cache flush code path after image load
Previously the cache flush happened in 2 different places in code
depending on whether TRUSTED_BOARD_BOOT is enabled or not. This
patch unifies this code path for both the cases. The `load_image()`
function is now made an internal static function.
This port can be compiled to boot an AArch64 or AArch32 payload with the
build option `RPI3_BL33_AARCH32`.
Note: This is not a secure port of the Trusted Firmware. This port is
only meant to be a reference implementation to experiment with an
inexpensive board in real hardware.
David Cunado [Tue, 31 Oct 2017 23:19:21 +0000 (23:19 +0000)]
Do not enable SVE on pre-v8.2 platforms
Pre-v8.2 platforms such as the Juno platform does not have
the Scalable Vector Extensions implemented and so the build
option ENABLE_SVE is set to zero.
This has a minor performance improvement with no functional
impact.
Change-Id: Ib072735db7a0247406f8b60e325b7e28b1e04ad1 Signed-off-by: David Cunado <david.cunado@arm.com>
David Cunado [Fri, 20 Oct 2017 10:30:57 +0000 (11:30 +0100)]
Enable SVE for Non-secure world
This patch adds a new build option, ENABLE_SVE_FOR_NS, which when set
to one EL3 will check to see if the Scalable Vector Extension (SVE) is
implemented when entering and exiting the Non-secure world.
If SVE is implemented, EL3 will do the following:
- Entry to Non-secure world: SIMD, FP and SVE functionality is enabled.
- Exit from Non-secure world: SIMD, FP and SVE functionality is
disabled. As SIMD and FP registers are part of the SVE Z-registers
then any use of SIMD / FP functionality would corrupt the SVE
registers.
The build option default is 1. The SVE functionality is only supported
on AArch64 and so the build option is set to zero when the target
archiecture is AArch32.
This build option is not compatible with the CTX_INCLUDE_FPREGS - an
assert will be raised on platforms where SVE is implemented and both
ENABLE_SVE_FOR_NS and CTX_INCLUDE_FPREGS are set to 1.
Also note this change prevents secure world use of FP&SIMD registers on
SVE-enabled platforms. Existing Secure-EL1 Payloads will not work on
such platforms unless ENABLE_SVE_FOR_NS is set to 0.
Additionally, on the first entry into the Non-secure world the SVE
functionality is enabled and the SVE Z-register length is set to the
maximum size allowed by the architecture. This includes the use case
where EL2 is implemented but not used.
Change-Id: Ie2d733ddaba0b9bef1d7c9765503155188fe7dae Signed-off-by: David Cunado <david.cunado@arm.com>
Soby Mathew [Wed, 15 Nov 2017 12:05:28 +0000 (12:05 +0000)]
Juno AArch32: Remove duplicate definition of bl2 platform API
The bl2_early_platform_setup() and bl2_platform_setup() were
redefined for Juno AArch32 eventhough CSS platform layer had
same definition for them. The CSS definitions definitions were
previously restricted to EL3_PAYLOAD_BASE builds and this is now
modified to include the Juno AArch32 builds as well thus
allowing us to remove the duplicate definitions in Juno platform
layer.
Soby Mathew [Tue, 14 Nov 2017 14:10:10 +0000 (14:10 +0000)]
ARM platforms: Fixup AArch32 builds
This patch fixes a couple of issues for AArch32 builds on ARM reference
platforms :
1. The arm_def.h previously defined the same BL32_BASE value for AArch64 and
AArch32 build. Since BL31 is not present in AArch32 mode, this meant that
the BL31 memory is empty when built for AArch32. Hence this patch allocates
BL32 to the memory region occupied by BL31 for AArch32 builds.
As a side-effect of this change, the ARM_TSP_RAM_LOCATION macro cannot
be used to control the load address of BL32 in AArch32 mode which was
never the intention of the macro anyway.
2. A static assert is added to sp_min linker script to check that the progbits
are within the bounds expected when overlaid with other images.
3. Fix specifying `SPD` when building Juno for AArch32 mode. Due to the quirks
involved when building Juno for AArch32 mode, the build option SPD needed to
specifed. This patch corrects this and also updates the documentation in the
user-guide.
4. Exclude BL31 from the build and FIP when building Juno for AArch32 mode. As
a result the previous assumption that BL31 must be always present is removed
and the certificates for BL31 is only generated if `NEED_BL31` is defined.
Replace magic numbers in linkerscripts by PAGE_SIZE
When defining different sections in linker scripts it is needed to align
them to multiples of the page size. In most linker scripts this is done
by aligning to the hardcoded value 4096 instead of PAGE_SIZE.
This may be confusing when taking a look at all the codebase, as 4096
is used in some parts that aren't meant to be a multiple of the page
size.
Change-Id: I36c6f461c7782437a58d13d37ec8b822a1663ec1 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The `ENABLE_AMU` build option can be used to enable the
architecturally defined AMU counters. At present, there is no support
for the auxiliary counter group.
The `ENABLE_AMU` build option can be used to enable the
architecturally defined AMU counters. At present, there is no support
for the auxiliary counter group.
Implement support for the Activity Monitor Unit on Cortex A75
The Cortex A75 has 5 AMU counters. The first three counters are fixed
and the remaining two are programmable.
A new build option is introduced, `ENABLE_AMU`. When set, the fixed
counters will be enabled for use by lower ELs. The programmable
counters are currently disabled.
Matt Ma [Wed, 22 Nov 2017 11:31:28 +0000 (19:31 +0800)]
Replace macro ASM_ASSERTION with macro ENABLE_ASSERTIONS
This patch replaces the macro ASM_ASSERTION with the macro
ENABLE_ASSERTIONS in ARM Cortex-A53/57/72 MPCore Processor
related files. There is build error when ASM_ASSERTION is set
to 1 and ENABLE_ASSERTIONS is set to 0 because function
asm_assert in common/aarch32/debug.S is defined in the macro
ENABLE_ASSERTIONS but is called with the macro ASM_ASSERTION.
There is also the indication to use ENABLE_ASSERTIONS but not
ASM_ASSERTION in the Makefile.
Qixiang Xu [Thu, 9 Nov 2017 05:51:58 +0000 (13:51 +0800)]
tools: add an option -hash-alg for cert_create
This option enables the user to select the secure hash algorithm
to be used for generating the hash. It supports the following
options:
- sha256 (default)
- sha384
- sha512
Roberto Vargas [Mon, 13 Nov 2017 08:24:07 +0000 (08:24 +0000)]
Flush the affinity data in psci_affinity_info
There is an edge case where the cache maintaince done in
psci_do_cpu_off may not seen by some cores. This case is handled in
psci_cpu_on_start but it hasn't handled in psci_affinity_info.
Factor out SPE operations in a separate file. Use the publish
subscribe framework to drain the SPE buffers before entering secure
world. Additionally, enable SPE before entering normal world.
A side effect of this change is that the profiling buffers are now
only drained when a transition from normal world to secure world
happens. Previously they were drained also on return from secure
world, which is unnecessary as SPE is not supported in S-EL1.
It is not possible to detect at compile-time whether support for an
optional extension such as SPE should be enabled based on the
ARM_ARCH_MINOR build option value. Therefore SPE is now enabled by
default.
The explicit event dispatch sequence currently depicts handling done in
Secure EL1, although further error handling is typically done inside a
Secure Partition. Clarify the sequence diagram to that effect.
SDEI: Assert that dynamic events have Normal priority
The SDEI specification requires that binding a client interrupt
dispatches SDEI Normal priority event. This means that dynamic events
can't have Critical priority. Add asserts for this.
Register count is currently declared as unsigned, where as there are
asserts in place to check it being negative during unregister. These are
flagged as never being true.
If an implementation of ARMv8.2 includes ARMv8.2-LPA, the value 0b0110
is permitted in ID_AA64MMFR0_EL1.PARange, which means that the Physical
Address range supported is 52 bits (4 PiB). It is a reserved value
otherwise.
Change-Id: Ie0147218e9650aa09f0034a9ee03c1cca8db908a Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
David Cunado [Fri, 20 Oct 2017 10:30:57 +0000 (11:30 +0100)]
Move FPEXC32_EL2 to FP Context
The FPEXC32_EL2 register controls SIMD and FP functionality when the
lower ELs are executing in AArch32 mode. It is architecturally mapped
to AArch32 system register FPEXC.
This patch removes FPEXC32_EL2 register from the System Register context
and adds it to the floating-point context. EL3 only saves / restores the
floating-point context if the build option CTX_INCLUDE_FPREGS is set to 1.
The rationale for this change is that if the Secure world is using FP
functionality and EL3 is not managing the FP context, then the Secure
world will save / restore the appropriate FP registers.
NOTE - this is a break in behaviour in the unlikely case that
CTX_INCLUDE_FPREGS is set to 0 and the platform contains an AArch32
Secure Payload that modifies FPEXC, but does not save and restore
this register
Change-Id: Iab80abcbfe302752d52b323b4abcc334b585c184 Signed-off-by: David Cunado <david.cunado@arm.com>
The parameters passed to the Secure world from the Secure Partition
Manager when invoking SP_COMMUNICATE_AARCH32/64 were incorrect, as well
as the checks done on them.
Change-Id: I26e8c80cad0b83437db7aaada3d0d9add1c53a78 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The code was incorrectly reading from ID_AA64PRF0_EL1 instead of
ID_AA64MMFR0_EL1 causing the supported granularity sizes returned by the
code to be wrong.
This wasn't causing any problem because it's just used to check the
alignment of the base of the buffer shared between Non-secure and Secure
worlds, and it was aligned to more than 64 KiB, which is the maximum
granularity supported by the architecture.
Change-Id: Icc0d949d9521cc0ef13afb753825c475ea62d462 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This allows for other EL3 components to schedule an SDEI event dispatch
to Normal world upon the next ERET. The API usage constrains are set out
in the SDEI dispatcher documentation.
Support SDEI on ARM platforms using frameworks implemented in earlier
patches by defining and exporting SDEI events: this patch defines the
standard event 0, and a handful of shared and private dynamic events.
ARM platforms: Provide SDEI entry point validation
Provide a strong definition for plat_sdei_validate_sdei_entrypoint()
which translates client address to Physical Address, and then validating
the address to be present in DRAM.
ARM platforms: Make arm_validate_ns_entrypoint() common
The function arm_validate_ns_entrypoint() validates a given non-secure
physical address. This function however specifically returns PSCI error
codes.
Non-secure physical address validation is potentially useful across ARM
platforms, even for non-PSCI use cases. Therefore make this function
common by returning 0 for success or -1 otherwise.
Having made the function common, make arm_validate_psci_entrypoint() a
wrapper around arm_validate_ns_entrypoint() which only translates return
value into PSCI error codes. This wrapper is now used where
arm_validate_ns_entrypoint() was currently used for PSCI entry point
validation.
On GICv3 systems, as a side effect of adding provision to handle EL3
interrupts (unconditionally routing FIQs to EL3), pending Non-secure
interrupts (signalled as FIQs) may preempt execution in lower Secure ELs
[1]. This will inadvertently disrupt the semantics of Fast SMC
(previously called Atomic SMC) calls.
To retain semantics of Fast SMCs, the GIC PMR must be programmed to
prevent Non-secure interrupts from preempting Secure execution. To that
effect, two new functions in the Exception Handling Framework subscribe
to events introduced in an earlier commit:
- Upon 'cm_exited_normal_world', the Non-secure PMR is stashed, and
the PMR is programmed to the highest Non-secure interrupt priority.
- Upon 'cm_entering_normal_world', the previously stashed Non-secure
PMR is restored.
The above sequence however prevents Yielding SMCs from being preempted
by Non-secure interrupts as intended. To facilitate this, the public API
exc_allow_ns_preemption() is introduced that programs the PMR to the
original Non-secure PMR value. Another API
exc_is_ns_preemption_allowed() is also introduced to check if
exc_allow_ns_preemption() had been called previously.
API documentation to follow.
[1] On GICv2 systems, this isn't a problem as, unlike GICv3, pending NS
IRQs during Secure execution are signalled as IRQs, which aren't
routed to EL3.
EHF is a framework that allows dispatching of EL3 interrupts to their
respective handlers in EL3.
This framework facilitates the firmware-first error handling policy in
which asynchronous exceptions may be routed to EL3. Such exceptions may
be handed over to respective exception handlers. Individual handlers
might further delegate exception handling to lower ELs.
The framework associates the delegated execution to lower ELs with a
priority value. For interrupts, this corresponds to the priorities
programmed in GIC; for other types of exceptions, viz. SErrors or
Synchronous External Aborts, individual dispatchers shall explicitly
associate delegation to a secure priority. In order to prevent lower
priority interrupts from preempting higher priority execution, the
framework provides helpers to control preemption by virtue of
programming Priority Mask register in the interrupt controller.
This commit allows for handling interrupts targeted at EL3. Exception
handlers own interrupts by assigning them a range of secure priorities,
and registering handlers for each priority range it owns.
Support for exception handling in BL31 image is enabled by setting the
build option EL3_EXCEPTION_HANDLING=1.
Documentation to follow.
NOTE: The framework assumes the priority scheme supported by platform
interrupt controller is compliant with that of ARM GIC architecture (v2
or later).
Acknowledging interrupt shall return a raw value from the interrupt
controller in which the actual interrupt ID may be encoded. Add a
platform API to extract the actual interrupt ID from the raw value
obtained from interrupt controller.
Document the new function. Also clarify the semantics of interrupt
acknowledge.
At present, the GIC drivers enable Group 0 interrupts only if there are
Secure SPIs listed in the interrupt properties/list. This means that,
even if there are Group 0 SGIs/PPIs configured, the group remained
disabled in the absence of a Group 0 SPI.
Modify both GICv2 and GICv3 SGI/PPI configuration to enable Group 0 when
corresponding SGIs/PPIs are present.
The MP info struct is placed right after the boot info struct. However,
when calculating the address of the MP info, the size of the boot info
struct was being multiplied by the size of the MP boot info. This left
a big gap of empty space between the structs.
This didn't break any code because the boot info struct has a pointer to
the MP info struct. It was just wasting space.
Change-Id: I1668e3540d9173261968f6740623549000bd48db Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
A Secure Partition is a software execution environment instantiated in
S-EL0 that can be used to implement simple management and security
services. Since S-EL0 is an unprivileged exception level, a Secure
Partition relies on privileged firmware e.g. ARM Trusted Firmware to be
granted access to system and processor resources. Essentially, it is a
software sandbox that runs under the control of privileged software in
the Secure World and accesses the following system resources:
- Memory and device regions in the system address map.
- PE system registers.
- A range of asynchronous exceptions e.g. interrupts.
- A range of synchronous exceptions e.g. SMC function identifiers.
A Secure Partition enables privileged firmware to implement only the
absolutely essential secure services in EL3 and instantiate the rest in
a partition. Since the partition executes in S-EL0, its implementation
cannot be overly complex.
The component in ARM Trusted Firmware responsible for managing a Secure
Partition is called the Secure Partition Manager (SPM). The SPM is
responsible for the following:
- Validating and allocating resources requested by a Secure Partition.
- Implementing a well defined interface that is used for initialising a
Secure Partition.
- Implementing a well defined interface that is used by the normal world
and other secure services for accessing the services exported by a
Secure Partition.
- Implementing a well defined interface that is used by a Secure
Partition to fulfil service requests.
- Instantiating the software execution environment required by a Secure
Partition to fulfil a service request.
Change-Id: I6f7862d6bba8732db5b73f54e789d717a35e802f Co-authored-by: Douglas Raillard <douglas.raillard@arm.com> Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Co-authored-by: Achin Gupta <achin.gupta@arm.com> Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
xlat: Make function to calculate TCR PA bits public
This function can be useful to setup TCR_ELx by callers that don't use
the translation tables library to setup the system registers related
to them. By making it common, it can be reused whenever it is needed
without duplicating code.
Change-Id: Ibfada9e846d2a6cd113b1925ac911bb27327d375 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
A line in the upstream SPDs is only compiled in in `DEBUG` builds. This
line is used to help with assertions and so assertion failures can
happen in release builds with assertions enabled. Use
`ENABLE_ASSERTIONS` instead of `DEBUG`.
This bug was introduced in commit aa61368eb5, which introduced the build
option `ENABLE_ASSERTIONS`.
Change-Id: I7977df9c89c68677b00099b2a1926fa3cb0937c6 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
ARMv7: division support for missing __aeabi_*divmod
ARMv7-A architectures that do not support the Virtualization extensions
do not support instructions for the 32bit division. This change provides
a software implementation for 32bit division.
The division implementation is dumped from the OP-TEE project
http://github.com/OP-TEE/optee_os. The code was slightly modified
to pass trusted firmware checkpatch requirements and copyright is
given to the ARM trusted firmware initiative and its contributors.
ARMv7: GICv2 driver can manage GICv1 with security extension
Some SoCs integrate a GIC in version 1 that is currently not supported
by the trusted firmware. This change hijacks GICv2 driver to handle the
GICv1 as GICv1 is compatible enough with GICv2 as far as the platform
does not attempt to play with virtualization support or some GICv2
specific power features.
Note that current trusted firmware does not use these GICv2 features
that are not available in GICv1 Security Extension.
projects / arm-tf.git / log