Masahiro Yamada [Mon, 22 May 2017 03:11:24 +0000 (12:11 +0900)]
cert: move platform_oid.h to include/tools_share for all platforms
Platforms aligned with TBBR are supposed to use their own OIDs, but
defining the same macros with different OIDs does not provide any
value (at least technically).
For easier use of TBBR, this commit allows platforms to reuse the OIDs
obtained by ARM Ltd. This will be useful for non-ARM vendors that
do not need their own extension fields in their certificate files.
The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h
Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by
defining USE_TBBR_DEFS as 1. USE_TBBR_DEFS is 0 by default to keep the
backward compatibility.
For clarification, I inserted a blank line between headers from the
include/ directory (#include <...>) and ones from a local directory
(#include "..." ).
Masahiro Yamada [Mon, 8 May 2017 09:29:03 +0000 (18:29 +0900)]
fip: move headers shared between TF and fiptool to include/tools_share
Some header files need to be shared between TF and host programs.
For fiptool, two headers are copied to the tools/fiptool directory,
but it looks clumsy.
This commit introduces a new directory, include/tools_share, which
collects headers that should be shared between TF and host programs.
This will clarify the interface exposed to host tools. We should
add new headers to this directory only when we really need to do so.
For clarification, I inserted a blank line between headers from the
include/ directory (#include <...>) and ones from a local directory
(#include "..." ).
David Cunado [Fri, 19 May 2017 08:27:19 +0000 (09:27 +0100)]
Migrate to Linaro Release 17.01
This Linaro release updates just the binaries:
Linaro binaries upgraded 16.12 --> 17.01
The toolchain remains at 5.3-2015.05 (gcc 5.3) for both AArch64
and AArch32.
The ARM TF codebase has been tested against these new binaries. This patch
updates the User Guide to reflect that the 17.01 release is now a supported
Linaro Release.
Change-Id: I83c579dabd3fa9861ba0d41507036efbd87abcb5 Signed-off-by: David Cunado <david.cunado@arm.com>
xlat_tables_arch.h uses the platform macro `PLAT_VIRT_ADDR_SPACE_SIZE`.
This macro is defined in xlat_tables_private.h only if the platform
still uses the deprecated `ADDR_SPACE_SIZE`.
Change-Id: I1c3b12ebd96bdfe9bf94b26d440c03bc0f8c0b24 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The behaviour of assert() now depends on the value of the new optional
platform define `PLAT_LOG_LEVEL_ASSERT`. This defaults to `LOG_LEVEL` if
not defined by the platform.
- If `PLAT_LOG_LEVEL_ASSERT` >= `LOG_LEVEL_VERBOSE`, it prints the file
name, line and asserted expression.
- If `PLAT_LOG_LEVEL_ASSERT` >= `LOG_LEVEL_INFO`, it prints the file
name and line.
- If not, it doesn't print anything.
Note the old behaviour was to print the function name whereas now it
prints the file name. This reduces memory usage because the file name is
shared between all assert calls in a given file. Also, the default
behaviour in debug builds is to no longer print the asserted expression,
greatly reducing the string usage.
For FVP debug builds this change saves approximately:
dp-arm [Wed, 15 Feb 2017 11:07:55 +0000 (11:07 +0000)]
AArch32: Add `TRUSTED_BOARD_BOOT` support
This patch adds `TRUSTED_BOARD_BOOT` support for AArch32 mode.
To build this patch the "mbedtls/include/mbedtls/bignum.h"
needs to be modified to remove `#define MBEDTLS_HAVE_UDBL`
when `MBEDTLS_HAVE_INT32` is defined. This is a workaround
for "https://github.com/ARMmbed/mbedtls/issues/708"
NOTE: TBBR support on Juno AArch32 is not currently supported.
David Cunado [Mon, 8 May 2017 08:48:34 +0000 (09:48 +0100)]
mbedtls: Complete namespace for TF specific macros
This patch renames MBEDTLS_KEY_ALG to TF_MBEDTLS_KEY_ALG. This
completes the migration of TF specific macros so that they do not
have the MBEDTLS_ suffix (see arm-trusted-firmware#874).
Change-Id: Iad7632477e220b0af987c4db3cf52229fb127d00 Signed-off-by: David Cunado <david.cunado@arm.com>
David Cunado [Wed, 10 May 2017 15:38:44 +0000 (16:38 +0100)]
mbedtls: Namespace for TF specific macros
An earlier patch (arm-trusted-firmware#874) migrated MBEDTLS_ suffixed
macros to have a TBBR_ suffix to avoid any potential clash with future
mbedtls macros.
But on reflection the TBBR_ suffix could be confusing as the macros
are used to drive TF-specific configuration of mbedtls. As such
this patch migrates these macros from TBBR_suffix to TF_MBEDTLS_
suffix which more accurately conveys their use.
Change-Id: Ic87642b653ceeaa03d62f724976abd5e12e867d4 Signed-off-by: David Cunado <david.cunado@arm.com>
Soby Mathew [Thu, 30 Mar 2017 13:42:54 +0000 (14:42 +0100)]
AArch32: Rework SMC context save and restore mechanism
The current SMC context data structure `smc_ctx_t` and related helpers are
optimized for case when SMC call does not result in world switch. This was
the case for SP_MIN and BL1 cold boot flow. But the firmware update usecase
requires world switch as a result of SMC and the current SMC context helpers
were not helping very much in this regard. Therefore this patch does the
following changes to improve this:
1. Add monitor stack pointer, `spmon` to `smc_ctx_t`
The C Runtime stack pointer in monitor mode, `sp_mon` is added to the
SMC context, and the `smc_ctx_t` pointer is cached in `sp_mon` prior
to exit from Monitor mode. This makes is easier to retrieve the
context when the next SMC call happens. As a result of this change,
the SMC context helpers no longer depend on the stack to save and
restore the register.
This aligns it with the context save and restore mechanism in AArch64.
2. Add SCR in `smc_ctx_t`
Adding the SCR register to `smc_ctx_t` makes it easier to manage this
register state when switching between non secure and secure world as a
result of an SMC call.
dp-arm [Thu, 4 May 2017 11:15:35 +0000 (12:15 +0100)]
Hook up LLVM compiler-rt in the build system
This patch enables compiler-rt for the AArch32 target. The code is
not used for AArch64 as the architecture supports the 64-bit division
and modulo operations natively.
Tegra: Break circular dependency in platform header files
For SoCs T132 and T210, the header file 'platform_def.h' used to include
'tegra_def.h' and vice versa. This patch breaks this circular dependency
by making 'tegra_def.h' independent.
David Cunado [Thu, 4 May 2017 10:35:56 +0000 (11:35 +0100)]
Update AEM and Cortex Models versions
AEMv8-A Model release v8.4 has been made available and Trusted Firmware
has been tested against these versions as part of its CI system. This
patch updates the user guide documentation to reflect the version of AEM
and Cortex Models that Trusted Firmware has been tested against.
Additionally, ARM FVPs FVP_Base_Cortex-A57x1-A53x1 and
FVP_Base_Cortex-A57x2-A53x4 are removed from the list of tested FVPs
as they are currently not being tested with the latest version of ARM
Trusted Firmware.
Also, documentation and links to Linaro pages have been updated to
reflect the changes in the ARM community document hosting.
Change-Id: Idae97303ce0929c82b137017de84ce94678f6f2b Signed-off-by: David Cunado <david.cunado@arm.com>
David Cunado [Sun, 16 Apr 2017 16:15:08 +0000 (17:15 +0100)]
Migrate secure payload dispatchers to new SMC terminology
Since Issue B (November 2016) of the SMC Calling Convention document
standard SMC calls are renamed to yielding SMC calls to help avoid
confusion with the standard service SMC range, which remains unchanged.
A previous patch introduced a new define for yielding SMC call type.
This patch updates the secure payload dispatchers (except the TSPD) to
use this new define and also migrates the code to use the new
terminology.
Change-Id: I3d2437c04e3b21fdbd32019f55c066c87679a5bf Signed-off-by: David Cunado <david.cunado@arm.com>
Introduce ARM SiP service to switch execution state
In AArch64, privileged exception levels control the execution state
(a.k.a. register width) of the immediate lower Exception Level; i.e.
whether the lower exception level executes in AArch64 or AArch32 state.
For an exception level to have its execution state changed at run time,
it must request the change by raising a synchronous exception to the
higher exception level.
This patch implements and adds such a provision to the ARM SiP service,
by which an immediate lower exception level can request to switch its
execution state. The execution state is switched if the request is:
- raised from non-secure world;
- raised on the primary CPU, before any secondaries are brought online
with CPU_ON PSCI call;
- raised from an exception level immediately below EL3: EL2, if
implemented; otherwise NS EL1.
If successful, the SMC doesn't return to the caller, but to the entry
point supplied with the call. Otherwise, the caller will observe the SMC
returning with STATE_SW_E_DENIED code. If ARM Trusted Firmware is built
for AArch32, the feature is not supported, and the call will always
fail.
For the ARM SiP service:
- Add SMC function IDs for both AArch32 and AArch64;
- Increment the SiP service minor version to 2;
- Adjust the number of supported SiP service calls.
Some recent changes have added direct use of the echo command without
parameters. This fails on a Windows shell, because echo without
parameters reports the mode ("ECHO is on").
This is corrected using the ECHO_BLANK_LINE macro already provided
for that purpose.
2 problems were found, but are in one change to avoid submitting a patch
that might fail to build. The problems were:
1. The macro MAKE_PREREQ_DIR has a minor bug, in that it is capable of
generating recursive dependencies.
2. The inclusion of BUILD_DIR in TEMP_OBJ_DIRS left no explicit
dependency, BUILD_DIR might not exist when subdirectories are
created by a thread on another CPU.
This fix corrects these with the following changes:
1. MAKE_PREREQ_DIR does nothing for a direct self dependency.
2. BUILD_DIR is built using MAKE_PREREQ_DIR.
3. BUILD_DIR is an explicit prerequisite of all OBJ_DIRS.
Translation regimes that only support one virtual address space (such as
the ones for EL2 and EL3) can flag memory regions as execute-never by
setting to 1 the XN bit in the Upper Attributes field in the translation
tables descriptors. Translation regimes that support two different
virtual address spaces (such as the one shared by EL1 and EL0) use bits
PXN and UXN instead.
The Trusted Firmware runs at EL3 and EL1, it has to handle translation
tables of both translation regimes, but the previous code handled both
regimes the same way, as if both had only 1 VA range.
When trying to set a descriptor as execute-never it would set the XN
bit correctly in EL3, but it would set the XN bit in EL1 as well. XN is
at the same bit position as UXN, which means that EL0 was being
prevented from executing code at this region, not EL1 as the code
intended. Therefore, the PXN bit was unset to 0 all the time. The result
is that, in AArch64 mode, read-only data sections of BL2 weren't
protected from being executed.
This patch adds support of translation regimes with two virtual address
spaces to both versions of the translation tables library, fixing the
execute-never permissions for translation tables in EL1.
The library currently does not support initializing translation tables
for EL0 software, therefore it does not set/unset the UXN bit. If EL1
software needs to initialize translation tables for EL0 software, it
should use a different library instead.
Change-Id: If27588f9820ff42988851d90dc92801c8ecbe0c9 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Nishanth Menon [Mon, 1 May 2017 17:26:34 +0000 (12:26 -0500)]
xlat lib: Don't set mmap_attr_t enum to be -1
-1 is not a defined mmap_attr_t type. Instead of using invalid enum
types, we can either choose to define a INVALID type OR handle the
condition specifically.
Since the usage of mmap_region_attr is limited, it is easier to just
handle the error condition specifically and return 0 or -1 depending
on success or fail.
Fixes: ARM-Software/tf-issues#473 Fixes: 28fa2e9ee8f4 ("xlat lib: Use mmap_attr_t type consistently") Signed-off-by: Nishanth Menon <nm@ti.com>
This patch implements the handler to calculate the cluster and
system power states for the Tegra210 SoC. The power states
returned by this handler are used by the PSCI library to decide
cache maintenance operations - cluster v cpu.
Varun Wadekar [Wed, 25 Jan 2017 21:35:27 +0000 (13:35 -0800)]
Tegra: fix the NS DRAM address calculation logic
This patch fixes the logic used to calculate the end of NS memory
aperture. The functions allows zero sized NS apertures as that is
a valid requirement for some use cases. e.g. VPR resize.
Varun Wadekar [Wed, 21 Dec 2016 22:50:18 +0000 (14:50 -0800)]
Tegra: memctrl_v2: zero out NS Video memory carveout region
The video memory carveout has to be re-sized depending on the Video
content. This requires the NS world to send us new base/size values.
Before setting up the new region, we must zero out the previous memory
region, so that the video frames are not leaked to the outside world.
This patch adds the logic to zero out the previous memory carveout
region.
Steven Kao [Fri, 21 Oct 2016 06:16:59 +0000 (14:16 +0800)]
Tegra: early init the delay timer
This patch moves the platform delay timer init to early BL31
platform setup, so that platforms can use the udelay/mdelay
routines in the early init code.
Change-Id: I6fe20b76176ea22589539c180c5b6f9d09eda8de Signed-off-by: Steven Kao <skao@nvidia.com> Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Scott Branden [Mon, 10 Apr 2017 18:45:52 +0000 (11:45 -0700)]
Move defines in utils.h to utils_def.h to fix shared header compile issues
utils.h is included in various header files for the defines in it.
Some of the other header files only contain defines. This allows the
header files to be shared between host and target builds for shared defines.
Recently types.h has been included in utils.h as well as some function
prototypes.
Because of the inclusion of types.h conflicts exist building host tools
abd these header files now. To solve this problem,
move the defines to utils_def.h and have this included by utils.h and
change header files to only include utils_def.h and not pick up the new
types.h being introduced.
Fixes ARM-software/tf-issues#461
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
Remove utils_def.h from utils.h
This patch removes utils_def.h from utils.h as it is not required.
And also makes a minor change to ensure Juno platform compiles.
Tegra: Control inclusion of helper code used for asserts
One assert depends on code that is conditionally compiled based on the
DEBUG define. This patch modifies the conditional inclusion of such code
so that it is based on the ENABLE_ASSERTIONS build option.
This patch changes the platform Makefile to set `ENABLE_ASSERTIONS` to
1 instead of the deprecated option `ASM_ASSERTION`. This also pulls in
C assertions in release mode.
David Cunado [Wed, 5 Apr 2017 10:34:03 +0000 (11:34 +0100)]
Update terminology: standard SMC to yielding SMC
Since Issue B (November 2016) of the SMC Calling Convention document
standard SMC calls are renamed to yielding SMC calls to help avoid
confusion with the standard service SMC range, which remains unchanged.
This patch adds a new define for yielding SMC call type and deprecates
the current standard SMC call type. The tsp is migrated to use this new
terminology and, additionally, the documentation and code comments are
updated to use this new terminology.
Change-Id: I0d7cc0224667ee6c050af976745f18c55906a793 Signed-off-by: David Cunado <david.cunado@arm.com>
rockchip: rk3328: support rk3328
rk3328 is a Quad-core soc and Cortex-a53 inside!
This patch supports the following functions:
1、power up/off cpus
2、suspend/resume cpus
3、suspend/resume system
4、reset system
5、power off system
Soby Mathew [Fri, 9 Dec 2016 15:23:08 +0000 (15:23 +0000)]
CSS: Allow system suspend only via PSCI SYSTEM_SUSPEND API
The CSS power management layer previously allowed to suspend system
power domain level via both PSCI CPU_SUSPEND and PSCI SYSTEM_SUSPEND
APIs. System suspend via PSCI CPU_SUSPEND was always problematic to
support because of issues with targeting wakeup interrupts to
suspended cores before the per-cpu GIC initialization is done. This
is not the case for PSCI SYSTEM_SUSPEND API because all the other
cores are expected to be offlined prior to issuing system suspend and
PSCI CPU_ON explicit calls will be made to power them on. Hence the Juno
platform used to downgrade the PSCI CPU_SUSPEND request for system
power domain level to cluster level by overriding the default
`plat_psci_pm_ops` exported by CSS layer.
Given the direction the new CSS platforms are evolving, it is best to
limit the system suspend only via PSCI SYSTEM_SUSPEND API for all
CSS platforms. This patch makes changes to allow system suspend
only via PSCI SYSTEM_SUSPEND API. The override of `plat_psci_ops`
for Juno is removed.
This patch removes the code that touched UART_FCR, from
console_core_putc(). The check for whether transmit FIFO is
full is sufficient before writing to UART TX FIFO. In fact
setting UARTFCR_TXCLR immediately after a byte is written to
FIFO might even result in loss of that byte, if UART hasn't
sent that byte out yet.
Tegra: smmu: make the context save sequence robust
This patch sanity checks the SMMU context created by the platform
code. The first entry contains the size of the array; which the
driver now verifies before moving on with the save.
This patch also fixes an error in the calculation of the size of
the context that gets copied to TZDRAM.
Yatharth Kochar [Mon, 14 Nov 2016 12:00:41 +0000 (12:00 +0000)]
AArch32: Add SP_MIN support for JUNO
This patch adds support for SP_MIN on JUNO platform.
The changes include addition of AArch32 assembly files,
JUNO specific SP_MIN make file and miscellaneous changes
in ARM platform files to enable support for SP_MIN.
projects / arm-tf.git / log