Achin Gupta [Sat, 7 Nov 2015 16:19:23 +0000 (16:19 +0000)]
Re-introduce evaluation of ENABLE_PLAT_COMPAT build flag
Commit #73c99d4eb377e0e25f7951be53087bf92e7b4b18 had refactored the top level
Makefile. This commit also broke platform ports that still rely on an enabled
ENABLE_PLAT_COMPAT build option since the evaluation of this option was also
accidentally removed from the Makefile.
This patch fixes this break by re-introducing the necessary support to ensure
that this build option is enabled by default if a platform port does not disable
it explicitly.
Brendan Jackman [Fri, 30 Oct 2015 16:25:12 +0000 (16:25 +0000)]
Add A72 support for Juno R2
Cortex-A72 library support is now compiled into the Juno platform port to go
with the existing A53/A57 support. This enables a single set of Juno TF
binaries to run on Juno R0, R1 and R2 boards.
Juan Castillo [Mon, 2 Nov 2015 10:47:01 +0000 (10:47 +0000)]
Remove deprecated IO return definitions
Patch 7e26fe1f deprecates IO specific return definitions in favour
of standard errno codes. This patch removes those definitions
and its usage from the IO framework, IO drivers and IO platform
layer. Following this patch, standard errno codes must be used
when checking the return value of an IO function.
This patch introduces a new function called 'print_entry_point_info'
that prints an entry_point_t structure for debugging purposes.
As such, it can be used to display the entry point address, SPSR and
arguments passed from a firmware image to the next one.
This function is now called in the following images transitions:
- BL1 to BL2
- BL1 to BL31
- BL31 to the next image (typically BL32 or BL33)
The following changes have been introduced:
- Fix the output format of the SPSR value : SPSR is a 32-bit value,
not a 64-bit one.
- Print all arguments values.
The entry_point_info_t structure allows to pass up to 8 arguments.
In most cases, only the first 2 arguments were printed.
print_entry_point_info() now prints all of them as 'VERBOSE'
traces.
Soby Mathew [Tue, 27 Oct 2015 10:31:35 +0000 (10:31 +0000)]
Include xlat_tables.h in plat_arm.h
This patch fixes a compilation issue for platforms that are aligned to ARM
Standard platforms and include the `plat_arm.h` header in their platform port.
The compilation would fail for such a platform because `xlat_tables.h` which
has the definition for `mmap_region_t` is not included in `plat_arm.h`. This
patch fixes this by including `xlat_tables.h` in `plat_arm.h` header.
Soby Mathew [Mon, 12 Oct 2015 16:32:29 +0000 (17:32 +0100)]
Support PSCI SYSTEM SUSPEND on Juno
This patch adds the capability to power down at system power domain level
on Juno via the PSCI SYSTEM SUSPEND API. The CSS power management helpers
are modified to add support for power management operations at system
power domain level. A new helper for populating `get_sys_suspend_power_state`
handler in plat_psci_ops is defined. On entering the system suspend state,
the SCP powers down the SYSTOP power domain on the SoC and puts the memory
into retention mode. On wakeup from the power down, the system components
on the CSS will be reinitialized by the platform layer and the PSCI client
is responsible for restoring the context of these system components.
According to PSCI Specification, interrupts targeted to cores in PSCI CPU
SUSPEND should be able to resume it. On Juno, when the system power domain
is suspended, the GIC is also powered down. The SCP resumes the final core
to be suspend when an external wake-up event is received. But the other
cores cannot be woken up by a targeted interrupt, because GIC doesn't
forward these interrupts to the SCP. Due to this hardware limitation,
we down-grade PSCI CPU SUSPEND requests targeted to the system power domain
level to cluster power domain level in `juno_validate_power_state()`
and the CSS default `plat_arm_psci_ops` is overridden in juno_pm.c.
A system power domain resume helper `arm_system_pwr_domain_resume()` is
defined for ARM standard platforms which resumes/re-initializes the
system components on wakeup from system suspend. The security setup also
needs to be done on resume from system suspend, which means
`plat_arm_security_setup()` must now be included in the BL3-1 image in
addition to previous BL images if system suspend need to be supported.
Soby Mathew [Fri, 8 May 2015 09:18:59 +0000 (10:18 +0100)]
CSS: Implement topology support for System power domain
This patch implements the necessary topology changes for supporting
system power domain on CSS platforms. The definition of PLAT_MAX_PWR_LVL and
PLAT_NUM_PWR_DOMAINS macros are removed from arm_def.h and are made platform
specific. In addition, the `arm_power_domain_tree_desc[]` and
`arm_pm_idle_states[]` are modified to support the system power domain
at level 2. With this patch, even though the power management operations
involving the system power domain will not return any error, the platform
layer will silently ignore any operations to the power domain. The actual
power management support for the system power domain will be added later.
Juan Castillo [Fri, 25 Sep 2015 14:41:14 +0000 (15:41 +0100)]
Add optional platform error handler API
This patch adds an optional API to the platform port:
void plat_error_handler(int err) __dead2;
The platform error handler is called when there is a specific error
condition after which Trusted Firmware cannot continue. While panic()
simply prints the crash report (if enabled) and spins, the platform
error handler can be used to hand control over to the platform port
so it can perform specific bookeeping or post-error actions (for
example, reset the system). This function must not return.
The parameter indicates the type of error using standard codes from
errno.h. Possible errors reported by the generic code are:
-EAUTH : a certificate or image could not be authenticated
(when Trusted Board Boot is enabled)
-ENOENT : the requested image or certificate could not be found
or an IO error was detected
-ENOMEM : resources exhausted. Trusted Firmware does not use
dynamic memory, so this error is usually an indication
of an incorrect array size
A default weak implementation of this function has been provided.
It simply implements an infinite loop.
Juan Castillo [Thu, 22 Oct 2015 10:34:44 +0000 (11:34 +0100)]
Make: fix dependency files generation
Currently, if no make goal is specified in the command line, 'all'
is assumed by default, but the dependency files are not generated.
This might lead to a successful but inconsistent build. This patch
provides a fix to the problem.
Juan Castillo [Tue, 18 Aug 2015 13:23:04 +0000 (14:23 +0100)]
Rework Makefile
This patch is a complete rework of the main Makefile. Functionality
remains the same but the code has been reorganized in sections in
order to improve readability and facilitate adding future extensions.
A new file 'build_macros.mk' has been created and will contain common
definitions (variables, macros, etc) that may be used from the main
Makefile and other platform specific makefiles.
A new macro 'FIP_ADD_IMG' has been introduced and it will allow the
platform to specify binary images and the necessary checks for a
successful build. Platforms that require a BL30 image no longer need
to specify the NEED_BL30 option. The main Makefile is now completely
unaware of additional images not built as part of Trusted Firmware,
like BL30. It is the platform responsibility to specify images using
the macro 'FIP_ADD_IMG'. Juno uses this macro to include the BL30
image in the build.
BL33 image is specified in the main Makefile to preserve backward
compatibility with the NEED_BL33 option. Otherwise, platform ports
that rely on the definition of NEED_BL33 might break.
All Trusted Board Boot related definitions have been moved to a
separate file 'tbbr_tools.mk'. The main Makefile will include this
file unless the platform indicates otherwise by setting the variable
'INCLUDE_TBBR_MK := 0' in the corresponding platform.mk file. This
will keep backward compatibility but ideally each platform should
include the corresponding TBB .mk file in platform.mk.
David Wang [Thu, 22 Oct 2015 05:30:50 +0000 (13:30 +0800)]
Allow CSS to redefine function `plat_arm_calc_core_pos`
Currently all ARM CSS platforms which include css_helpers.S use the same
strong definition of `plat_arm_calc_core_pos`. This patch allows these CSS
platforms to define their own strong definition of this function.
* Replace the strong definition of `plat_arm_calc_core_pos` in
css_helpers.S with a utility function `css_calc_core_pos_swap_cluster`
does the same thing (swaps cluster IDs). ARM CSS platforms may choose
to use this function or not.
* Add a Juno strong definition of `plat_arm_calc_core_pos`, which uses
`css_calc_core_pos_swap_cluster`.
Juan Castillo [Thu, 1 Oct 2015 17:37:40 +0000 (18:37 +0100)]
Use standard errno definitions in load_auth_image()
This patch replaces custom definitions used as return values for
the load_auth_image() function with standard error codes defined
in errno.h. The custom definitions have been removed.
It also replaces the usage of IO framework error custom definitions,
which have been deprecated. Standard errno definitions are used
instead.
NOTE: please note that the IO_FAIL, IO_NOT_SUPPORTED and
IO_RESOURCES_EXHAUSTED definitions are considered deprecated
and their usage should be avoided. Callers should rely on errno.h
definitions when checking the return values of IO functions.
Juan Castillo [Fri, 3 Jul 2015 15:23:16 +0000 (16:23 +0100)]
cert_create: specify command line options in the CoT
This patch introduces a new API that allows to specify command
line options in the Chain of Trust description. These command line
options may be used to specify parameters related to the CoT (i.e.
keys or certificates), instead of keeping a hardcoded list of
options in main.c.
Juan Castillo [Wed, 8 Jul 2015 11:11:38 +0000 (12:11 +0100)]
cert_create: improve command line argument check
The certificate generation tool currently checks if all command
line options required to create all certificates in the CoT have
been specified. This prevents using the tool to create individual
certificates when the whole CoT is not required.
This patch improves the checking function so only those options
required by the certificates specified in the command line are
verified.
Juan Castillo [Mon, 5 Oct 2015 15:59:38 +0000 (16:59 +0100)]
Add optional bl1_plat_prepare_exit() API
This patch adds an optional API to the platform port:
void bl1_plat_prepare_exit(void);
This function is called prior to exiting BL1 in response to the
RUN_IMAGE_SMC request raised by BL2. It should be used to perform
platform specific clean up or bookkeeping operations before
transferring control to the next image.
A weak empty definition of this function has been provided to
preserve platform backwards compatibility.
Reorganise PSCI PM handler setup on ARM Standard platforms
This patch does the following reorganization to psci power management (PM)
handler setup for ARM standard platform ports :
1. The mailbox programming required during `plat_setup_psci_ops()` is identical
for all ARM platforms. Hence the implementation of this API is now moved
to the common `arm_pm.c` file. Each ARM platform now must define the
PLAT_ARM_TRUSTED_MAILBOX_BASE macro, which in current platforms is the same
as ARM_SHARED_RAM_BASE.
2. The PSCI PM handler callback structure, `plat_psci_ops`, must now be
exported via `plat_arm_psci_pm_ops`. This allows the common implementation
of `plat_setup_psci_ops()` to return a platform specific `plat_psci_ops`.
In the case of CSS platforms, a default weak implementation of the same is
provided in `css_pm.c` which can be overridden by each CSS platform.
3. For CSS platforms, the PSCI PM handlers defined in `css_pm.c` are now
made library functions and a new header file `css_pm.h` is added to export
these generic PM handlers. This allows the platform to reuse the
adequate CSS PM handlers and redefine others which need to be customized
when overriding the default `plat_arm_psci_pm_ops` in `css_pm.c`.
Break down BL1 AArch64 synchronous exception handler
The AArch64 synchronous exception vector code in BL1 is almost
reaching its architectural limit of 32 instructions. This means
there is very little space for this code to grow.
This patch reduces the size of the exception vector code by
moving most of its code in a function to which we branch from
SynchronousExceptionA64.
The CASSERT() macro introduces a typedef for the sole purpose of
triggering a compilation error if the condition to check is false.
This typedef is not used afterwards. As a consequence, when the
CASSERT() macro is called from withing a function block, the compiler
complains and outputs the following error message:
error: typedef 'msg' locally defined but not used [-Werror=unused-local-typedefs]
This patch adds the "unused" attribute for the aforementioned
typedef. This silences the compiler warning and thus makes the
CASSERT() macro callable from within function blocks as well.
This patch fixes the relative path to the 'bl1_private.h' header file
included from 'arm_bl1_setup.c'. Note that, although the path was
incorrect, it wasn't causing a compilation error because the header
file still got included through an alternative include search path.
This patch fixes a copy and paste issue that resulted in the cluster
indexes not being checked as intended. Note that this fix applies to
the deprecated CCI-400 driver, not the unified one.
Varun Wadekar [Wed, 7 Oct 2015 11:45:41 +0000 (17:15 +0530)]
TLKD: pass results with TLK_RESUME_FID function ID
TLK sends the "preempted" event to the NS world along with an
identifier for certain use cases. The NS world driver is then
expected to take appropriate action depending on the identifier
value. Upon completion, the NS world driver then sends the
results to TLK (via x1-x3) with the TLK_RESUME_FID function ID.
This patch uses the already present code to pass the results
from the NS world to TLK for the TLK_RESUME_FID function ID.
Soby Mathew [Thu, 1 Oct 2015 15:46:06 +0000 (16:46 +0100)]
PSCI: Update state only if CPU_OFF is not denied by SPD
This patch fixes an issue in the PSCI framework where the affinity info
state of a core was being set to OFF even when the SPD had denied the
CPU_OFF request. Now, the state remains set to ON instead.
Varun Wadekar [Wed, 26 Aug 2015 07:19:03 +0000 (12:49 +0530)]
Send power management events to the Trusted OS (TLK)
This patch adds PM handlers to TLKD for the system suspend/resume and
system poweroff/reset cases. TLK expects all SMCs through a single
handler, which then fork out into multiple handlers depending on the
SMC. We tap into the same single entrypoint by restoring the S-EL1
context before passing the PM event via register 'x0'. On completion
of the PM event, TLK sends a completion SMC and TLKD then moves on
with the PM process.
The generic delay timer driver expects a pointer to a timer_ops_t
structure containing the specific timer driver information. It
doesn't make a copy of the structure, instead it just keeps the
pointer. Therefore, this pointer must remain valid over time.
The SP804 driver doesn't satisfy this requirement. The
sp804_timer_init() macro creates a temporary instanciation of the
timer_ops_t structure on the fly and passes it to the generic
delay timer. When this temporary instanciation gets deallocated,
the generic delay timer is left with a pointer to invalid data.
This patch fixes this bug by statically allocating the SP804
timer_ops_t structure.
When a platform port does not define PLAT_PERCPU_BAKERY_LOCK_SIZE, the total
memory that should be allocated per-cpu to accommodate all bakery locks is
calculated by the linker in bl31.ld.S. The linker stores this value in the
__PERCPU_BAKERY_LOCK_SIZE__ linker symbol. The runtime value of this symbol is
different from the link time value as the symbol is relocated into the current
section (.bss). This patch fixes this issue by marking the symbol as ABSOLUTE
which allows it to retain its correct value even at runtime.
The description of PLAT_PERCPU_BAKERY_LOCK_SIZE in the porting-guide.md has been
made clearer as well.
This patch adds a device driver which can be used to program the following
aspects of ARM CCN IP:
1. Specify the mapping between ACE/ACELite/ACELite+DVM/CHI master interfaces and
Request nodes.
2. Add and remove master interfaces from the snoop and dvm
domains.
3. Place the L3 cache in a given power state.
4. Configuring system adress map and enabling 3 SN striping mode of memory
controller operation.
Tegra: Perform cache maintenance on video carveout memory
Currently, the non-overlapping video memory carveout region is cleared after
disabling the MMU at EL3. If at any exception level the carveout region is being
marked as cacheable, this zeroing of memory will not have an affect on the
cached lines. Hence, we first invalidate the dirty lines and update the memory
and invalidate again so that both caches and memory is zeroed out.
Make generic code work in presence of system caches
On the ARMv8 architecture, cache maintenance operations by set/way on the last
level of integrated cache do not affect the system cache. This means that such a
flush or clean operation could result in the data being pushed out to the system
cache rather than main memory. Another CPU could access this data before it
enables its data cache or MMU. Such accesses could be serviced from the main
memory instead of the system cache. If the data in the sysem cache has not yet
been flushed or evicted to main memory then there could be a loss of
coherency. The only mechanism to guarantee that the main memory will be updated
is to use cache maintenance operations to the PoC by MVA(See section D3.4.11
(System level caches) of ARMv8-A Reference Manual (Issue A.g/ARM DDI0487A.G).
This patch removes the reliance of Trusted Firmware on the flush by set/way
operation to ensure visibility of data in the main memory. Cache maintenance
operations by MVA are now used instead. The following are the broad category of
changes:
1. The RW areas of BL2/BL31/BL32 are invalidated by MVA before the C runtime is
initialised. This ensures that any stale cache lines at any level of cache
are removed.
2. Updates to global data in runtime firmware (BL31) by the primary CPU are made
visible to secondary CPUs using a cache clean operation by MVA.
3. Cache maintenance by set/way operations are only used prior to power down.
NOTE: NON-UPSTREAM TRUSTED FIRMWARE CODE SHOULD MAKE EQUIVALENT CHANGES IN
ORDER TO FUNCTION CORRECTLY ON PLATFORMS WITH SUPPORT FOR SYSTEM CACHES.
This patch update Mediatek port to use the `DEFINE_BAKERY_LOCK` macro instead of
specifying the exact data structure to use for a bakery lock and the input
linker section that it should be allocated to.
Update ARM platform ports to use new bakery lock apis.
This patch updates ARM platform ports to use the new unified bakery locks
API. The caller does not have to use a different bakery lock API depending upon
the value of the USE_COHERENT_MEM build option.
NOTE: THIS PATCH CAN BE USED AS A REFERENCE TO UPDATE OTHER PLATFORM PORTS.
Andrew Thoelke [Thu, 10 Sep 2015 10:39:36 +0000 (11:39 +0100)]
Re-design bakery lock memory allocation and algorithm
This patch unifies the bakery lock api's across coherent and normal
memory implementation of locks by using same data type `bakery_lock_t`
and similar arguments to functions.
A separate section `bakery_lock` has been created and used to allocate
memory for bakery locks using `DEFINE_BAKERY_LOCK`. When locks are
allocated in normal memory, each lock for a core has to spread
across multiple cache lines. By using the total size allocated in a
separate cache line for a single core at compile time, the memory for
other core locks is allocated at link time by multiplying the single
core locks size with (PLATFORM_CORE_COUNT - 1). The normal memory lock
algorithm now uses lock address instead of the `id` in the per_cpu_data.
For locks allocated in coherent memory, it moves locks from
tzfw_coherent_memory to bakery_lock section.
The bakery locks are allocated as part of bss or in coherent memory
depending on usage of coherent memory. Both these regions are
initialised to zero as part of run_time_init before locks are used.
Hence, bakery_lock_init() is made an empty function as the lock memory
is already initialised to zero.
The above design lead to the removal of psci bakery locks from
non_cpu_power_pd_node to psci_locks.
NOTE: THE BAKERY LOCK API WHEN USE_COHERENT_MEM IS NOT SET HAS CHANGED.
THIS IS A BREAKING CHANGE FOR ALL PLATFORM PORTS THAT ALLOCATE BAKERY
LOCKS IN NORMAL MEMORY.
Vikram Kanigiri [Mon, 3 Aug 2015 22:58:19 +0000 (23:58 +0100)]
Separate CSS security setup from SOC security setup
Currently, on ARM platforms(ex. Juno) non-secure access to specific
peripheral regions, config registers which are inside and outside CSS
is done in the soc_css_security_setup(). This patch separates the CSS
security setup from the SOC security setup in the css_security_setup().
The CSS security setup involves programming of the internal NIC to
provide access to regions inside the CSS. This is needed only in
Juno, hence Juno implements it in its board files as css_init_nic400().
Define the Non-Secure timer frame ID for ARM platforms
On Juno and FVP platforms, the Non-Secure System timer corresponds
to frame 1. However, this is a platform-specific decision and it
shouldn't be hard-coded. Hence, this patch introduces
PLAT_ARM_NSTIMER_FRAME_ID which should be used by all ARM platforms
to specify the correct non-secure timer frame.
This patch replaces the `ARM_TZC_BASE` constant with `PLAT_ARM_TZC_BASE` to
support different TrustZone Controller base addresses across ARM platforms.
Pass the target suspend level to SPD suspend hooks
In certain Trusted OS implementations it is a requirement to pass them the
highest power level which will enter a power down state during a PSCI
CPU_SUSPEND or SYSTEM_SUSPEND API invocation. This patch passes this power level
to the SPD in the "max_off_pwrlvl" parameter of the svc_suspend() hook.
Currently, the highest power level which was requested to be placed in a low
power state (retention or power down) is passed to the SPD svc_suspend_finish()
hook. This hook is called after emerging from the low power state. It is more
useful to pass the highest power level which was powered down instead. This
patch does this by changing the semantics of the parameter passed to an SPD's
svc_suspend_finish() hook. The name of the parameter has been changed from
"suspend_level" to "max_off_pwrlvl" as well. Same changes have been made to the
parameter passed to the tsp_cpu_resume_main() function.
NOTE: THIS PATCH CHANGES THE SEMANTICS OF THE EXISTING "svc_suspend_finish()"
API BETWEEN THE PSCI AND SPD/SP IMPLEMENTATIONS. THE LATTER MIGHT NEED
UPDATES TO ENSURE CORRECT BEHAVIOUR.
BL2 loads secure runtime code(BL3-1, BL3-2) and hence it has to
run in secure world otherwise BL3-1/BL3-2 have to execute from
non-secure memory. Hence, This patch removes the change_security_state()
call in bl1_run_bl2() and replaces it with an assert to confirm
the BL2 as secure.
Vikram Kanigiri [Wed, 24 Jun 2015 16:51:09 +0000 (17:51 +0100)]
Configure all secure interrupts on ARM platforms
ARM TF configures all interrupts as non-secure except those which
are present in irq_sec_array. This patch updates the irq_sec_array
with the missing secure interrupts for ARM platforms.
It also updates the documentation to be inline with the latest
implementation.
Vikram Kanigiri [Fri, 26 Jun 2015 09:13:22 +0000 (10:13 +0100)]
Remove EL2/EL1 GICv3 register updates
From Linux 3.17 onwards, the mainline kernel has support for GICv3
systems and if EL3 exists, it only needs to initialise ICC_SRE_EL3.SRE
and ICC_SRE_EL3.Enable to 1. Hence, this patch removes the redundant
updates of ICC_SRE_EL2 and ICC_PMR_EL1.
NOTE: For partner software's which enter kernel in EL1,
ICC_SRE_EL2.Enable and ICC_SRE_EL2.SRE bit needs to be set to 1
in EL2 before jumping to linux.
Varun Wadekar [Wed, 26 Aug 2015 09:36:14 +0000 (15:06 +0530)]
Tegra: fix logic to clear videomem regions
The previous logic in the memctrl driver was not catering to cases
where the new memory region lied inside the older region. This patch
fixes the if/elseif/elseif logic in the driver to take care of this
case.
Varun Wadekar [Fri, 21 Aug 2015 10:26:02 +0000 (15:56 +0530)]
Tegra210: wait for 512 timer ticks before retention entry
This patch programs the CPUECTLR_EL1 and L2ECTLR_EL1 registers,
so that the core waits for 512 generic timer CNTVALUEB ticks before
entering retention state, after executing a WFI instruction.
This functionality is configurable and can be enabled for platforms
by setting the newly defined 'ENABLE_L2_DYNAMIC_RETENTION' and
'ENABLE_CPU_DYNAMIC_RETENTION' flag.
Varun Wadekar [Fri, 21 Aug 2015 10:22:51 +0000 (15:52 +0530)]
Add macros for retention control in Cortex-A53/A57
This patch adds macros suitable for programming the Advanced
SIMD/Floating-point (only Cortex-A53), CPU and L2 dynamic
retention control policy in the CPUECTLR_EL1 and L2ECTLR
registers.
Juan Castillo [Mon, 17 Aug 2015 09:43:27 +0000 (10:43 +0100)]
TBB: abort boot if BL3-2 cannot be authenticated
BL3-2 image (Secure Payload) is optional. If the image cannot be
loaded a warning message is printed and the boot process continues.
According to the TBBR document, this behaviour should not apply in
case of an authentication error, where the boot process should be
aborted.
This patch modifies the load_auth_image() function to distinguish
between a load error and an authentication error. The caller uses
the return value to abort the boot process or continue.
In case of authentication error, the memory region used to store
the image is wiped clean.
Soby Mathew [Tue, 18 Aug 2015 13:16:36 +0000 (14:16 +0100)]
docs: Fixes to platform-migration-guide.md
This patch corrects some typos in the platform migration guide. More
importantly, the commit ID of the patch that implements migration of ARM
Reference platforms to the new platform API has been corrected.
PSCI: Rework generic code to conform to coding guidelines
This patch reworks the PSCI generic implementation to conform to ARM
Trusted Firmware coding guidelines as described here:
https://github.com/ARM-software/arm-trusted-firmware/wiki
This patch also reviews the use of signed data types within PSCI
Generic code and replaces them with their unsigned counterparts wherever
they are not appropriate. The PSCI_INVALID_DATA macro which was defined
to -1 is now replaced with PSCI_INVALID_PWR_LVL macro which is defined
to PLAT_MAX_PWR_LVL + 1.
Soby Mathew [Mon, 8 Jun 2015 11:32:50 +0000 (12:32 +0100)]
PSCI: Add documentation and fix plat_is_my_cpu_primary()
This patch adds the necessary documentation updates to porting_guide.md
for the changes in the platform interface mandated as a result of the new
PSCI Topology and power state management frameworks. It also adds a
new document `platform-migration-guide.md` to aid the migration of existing
platform ports to the new API.
The patch fixes the implementation and callers of
plat_is_my_cpu_primary() to use w0 as the return parameter as implied by
the function signature rather than x0 which was used previously.
PSCI: Validate non secure entrypoint on ARM platforms
This patch implements the platform power managment handler to verify
non secure entrypoint for ARM platforms. The handler ensures that the
entry point specified by the normal world during CPU_SUSPEND, CPU_ON
or SYSTEM_SUSPEND PSCI API is a valid address within the non secure
DRAM.
As per PSCI1.0 specification, the error code to be returned when an invalid
non secure entrypoint address is specified by the PSCI client for CPU_SUSPEND,
CPU_ON or SYSTEM_SUSPEND must be PSCI_E_INVALID_ADDRESS. The current PSCI
implementation returned PSCI_E_INVAL_PARAMS. This patch rectifies this error
and also implements a common helper function to validate the entrypoint
information to be used across these PSCI API implementations.
PSCI: Migrate SPDs and TSP to the new platform and framework API
The new PSCI frameworks mandates that the platform APIs and the various
frameworks in Trusted Firmware migrate away from MPIDR based core
identification to one based on core index. Deprecated versions of the old
APIs are still present to provide compatibility but their implementations
are not optimal. This patch migrates the various SPDs exisiting within
Trusted Firmware tree and TSP to the new APIs.
PSCI: Pool platform_mem_init() in common ARM platforms code
Now that the FVP mailbox is no longer zeroed, the function
platform_mem_init() does nothing both on FVP and on Juno. Therefore,
this patch pools it as the default implementation on ARM platforms.
PSCI: Use a single mailbox for warm reset for FVP and Juno
Since there is a unique warm reset entry point, the FVP and Juno
port can use a single mailbox instead of maintaining one per core.
The mailbox gets programmed only once when plat_setup_psci_ops()
is invoked during PSCI initialization. This means mailbox is not
zeroed out during wakeup.
PSCI: Demonstrate support for composite power states
This patch adds support to the Juno and FVP ports for composite power states
with both the original and extended state-id power-state formats. Both the
platform ports use the recommended state-id encoding as specified in
Section 6.5 of the PSCI specification (ARM DEN 0022C). The platform build flag
ARM_RECOM_STATE_ID_ENC is used to include this support.
By default, to maintain backwards compatibility, the original power state
parameter format is used and the state-id field is expected to be zero.
PSCI: Migrate ARM reference platforms to new platform API
This patch migrates ARM reference platforms, Juno and FVP, to the new platform
API mandated by the new PSCI power domain topology and composite power state
frameworks. The platform specific makefiles now exports the build flag
ENABLE_PLAT_COMPAT=0 to disable the platform compatibility layer.
PSCI: Migrate TF to the new platform API and CM helpers
This patch migrates the rest of Trusted Firmware excluding Secure Payload and
the dispatchers to the new platform and context management API. The per-cpu
data framework APIs which took MPIDRs as their arguments are deleted and only
the ones which take core index as parameter are retained.
PSCI: Add deprecated API for SPD when compatibility is disabled
This patch defines deprecated platform APIs to enable Trusted
Firmware components like Secure Payload and their dispatchers(SPD)
to continue to build and run when platform compatibility is disabled.
This decouples the migration of platform ports to the new platform API
from SPD and enables them to be migrated independently. The deprecated
platform APIs defined in this patch are : platform_get_core_pos(),
platform_get_stack() and platform_set_stack().
The patch also deprecates MPIDR based context management helpers like
cm_get_context_by_mpidr(), cm_set_context_by_mpidr() and cm_init_context().
A mechanism to deprecate APIs and identify callers of these APIs during
build is introduced, which is controlled by the build flag WARN_DEPRECATED.
If WARN_DEPRECATED is defined to 1, the users of the deprecated APIs will be
flagged either as a link error for assembly files or compile time warning
for C files during build.
This commit does the switch to the new PSCI framework implementation replacing
the existing files in PSCI folder with the ones in PSCI1.0 folder. The
corresponding makefiles are modified as required for the new implementation.
The platform.h header file is also is switched to the new one
as required by the new frameworks. The build flag ENABLE_PLAT_COMPAT defaults
to 1 to enable compatibility layer which let the existing platform ports to
continue to build and run with minimal changes.
The default weak implementation of platform_get_core_pos() is now removed from
platform_helpers.S and is provided by the compatibility layer.
Note: The Secure Payloads and their dispatchers still use the old platform
and framework APIs and hence it is expected that the ENABLE_PLAT_COMPAT build
flag will remain enabled in subsequent patch. The compatibility for SPDs using
the older APIs on platforms migrated to the new APIs will be added in the
following patch.
projects / arm-tf.git / log