Dan Handley [Mon, 4 Aug 2014 10:41:20 +0000 (11:41 +0100)]
Clarify platform porting interface to TSP
* Move TSP platform porting functions to new file:
include/bl32/tsp/platform_tsp.h.
* Create new TSP_IRQ_SEC_PHY_TIMER definition for use by the generic
TSP interrupt handling code, instead of depending on the FVP
specific definition IRQ_SEC_PHY_TIMER.
* Rename TSP platform porting functions from bl32_* to tsp_*, and
definitions from BL32_* to TSP_*.
* Update generic TSP code to use new platform porting function names
and definitions.
* Update FVP port accordingly and move all TSP source files to:
plat/fvp/tsp/.
* Update porting guide with above changes.
Note: THIS CHANGE REQUIRES ALL PLATFORM PORTS OF THE TSP TO
BE UPDATED
Dan Handley [Mon, 4 Aug 2014 18:53:05 +0000 (19:53 +0100)]
Simplify interface to TZC-400 driver
The TZC-400 driver previously allowed the possibility of multiple
controller instances to be present in the same executable. This
was unnecessary since there will only ever be one instance.
This change simplifies the tzc_init() function to only take the
base address argument needed by implementation, conforming to the
driver initialization model of other drivers. It also hides some
of the implementation details that were previously exposed by the
API.
The FVP port has been updated accordingly.
THIS CHANGE REQUIRES ALL PLATFORM PORTS THAT USE THE TZC-400
DRIVER TO BE UPDATED
Dan Handley [Tue, 12 Aug 2014 13:20:28 +0000 (14:20 +0100)]
Move IO storage source to drivers directory
Move the remaining IO storage source file (io_storage.c) from the
lib to the drivers directory. This requires that platform ports
explicitly add this file to the list of source files.
Also move the IO header files to a new sub-directory, include/io.
Dan Handley [Mon, 4 Aug 2014 17:31:43 +0000 (18:31 +0100)]
Remove redundant io_init() function
The intent of io_init() was to allow platform ports to provide
a data object (io_plat_data_t) to the IO storage framework to
allocate into. The abstraction was incomplete because io_plat_data_t
uses a platform defined constant and the IO storage framework
internally allocates other arrays using platform defined constants.
This change simplifies the implementation by instantiating the
supporting objects in the IO storage framework itself. There is now
no need for the platform to call io_init().
The FVP port has been updated accordingly.
THIS CHANGE REQUIRES ALL PLATFORM PORTS THAT USE THE IO STORAGE
FRAMEWORK TO BE UDPATED.
Dan Handley [Mon, 4 Aug 2014 15:11:15 +0000 (16:11 +0100)]
Remove platform dependency in CCI-400 driver
* Create cci_init() function in CCI-400 driver to allow platform
to provide arguments needed by the driver (i.e. base address
and cluster indices for the ACE slave interfaces).
* Rename cci_(en|dis)able_coherency to
cci_(en|dis)able_cluster_coherency to make it clear that
the driver only enables/disables the coherency of CPU
clusters and not other devices connected to the CCI-400.
* Update FVP port to use new cci_init() function and remove
unnecessary CCI defintions from platform_def.h. Also rename
fvp_cci_setup() to fvp_cci_enable() to more clearly
differentiate between CCI initialization and enabling.
THIS CHANGE REQUIRES PLATFORM PORTS THAT USE THE CCI-400 DRIVER
TO BE UPDATED
Juan Castillo [Tue, 12 Aug 2014 12:51:51 +0000 (13:51 +0100)]
FVP: make usage of Trusted DRAM optional at build time
This patch groups the current contents of the Trusted DRAM region at
address 0x00_0600_0000 (entrypoint mailboxes and BL3-1 parameters) in
a single shared memory area that may be allocated to Trusted SRAM
(default) or Trusted DRAM at build time by setting the
FVP_SHARED_DATA_LOCATION make variable. The size of this shared
memory is 4096 bytes.
The combination 'Shared data in Trusted SRAM + TSP in Trusted DRAM'
is not currently supported due to restrictions in the maximum number
of mmu tables that can be created.
Documentation has been updated to reflect these changes.
Dan Handley [Wed, 13 Aug 2014 11:06:42 +0000 (12:06 +0100)]
Fix reset to BL3-1 instructions in user guide
Fix the instructions for resetting to the BL3-1 entrypoint in the
user guide. The BL3-1 and BL3-2 image locations changed in the fix
to ARM-software/tf-issues#117 (commit a1b6db6).
Dan Handley [Tue, 29 Jul 2014 16:14:00 +0000 (17:14 +0100)]
Rationalize console log output
Fix the following issues with the console log output:
* Make sure the welcome string is the first thing in the log output
(during normal boot).
* Prefix each message with the BL image name so it's clear which
BL the output is coming from.
* Ensure all output is wrapped in one of the log output macros so it can
be easily compiled out if necessary. Change some of the INFO() messages
to VERBOSE(), especially in the TSP.
* Create some extra NOTICE() and INFO() messages during cold boot.
* Remove all usage of \r in log output.
All log output up to and including the log level is compiled into the
build. The default value is 40 in debug builds and 20 in release
builds.
Complement the existing INFO, WARN and ERROR console output macros
with NOTICE and VERBOSE macros, which are conditionally compiled in
depending on the value of LOG_LEVEL.
Juan Castillo [Tue, 12 Aug 2014 12:04:43 +0000 (13:04 +0100)]
FVP: apply new naming conventions to memory regions
Secure ROM at address 0x0000_0000 is defined as FVP_TRUSTED_ROM
Secure RAM at address 0x0400_0000 is defined as FVP_TRUSTED_SRAM
Secure RAM at address 0x0600_0000 is defined as FVP_TRUSTED_DRAM
BLn_BASE and BLn_LIMIT definitions have been updated and are based on
these new memory regions.
The available memory for each bootloader in the linker script is
defined by BLn_BASE and BLn_LIMIT, instead of the complete memory
region.
TZROM_BASE/SIZE and TZRAM_BASE/SIZE are no longer required as part of
the platform porting.
FVP common definitions are defined in fvp_def.h while platform_def.h
contains exclusively (with a few exceptions) the definitions that are
mandatory in the porting guide. Therefore, platform_def.h now includes
fvp_def.h instead of the other way around.
Porting guide has been updated to reflect these changes.
Support asynchronous method for BL3-2 initialization
This patch adds support for BL3-2 initialization by asynchronous
method where BL3-1 transfers control to BL3-2 using world switch.
After BL3-2 initialization, it transfers control to BL3-3 via SPD
service handler. The SPD service handler initializes the CPU context
to BL3-3 entrypoint depending on the return function indentifier from
TSP initialization.
There is no mechanism which allows the TSPD to specify what SPSR to
use when entering BL3-2 instead of BL3-3. This patch divides the
responsibility between tspd_setup() and tspd_init() for initializing
the TSPD and TSP to support the alternate BL3-2 initialization flow
where BL3-1 handsover control to BL3-2 instead of BL3-3.
SPSR generated by TSPD for TSP is preserved due the new division of
labour which fixes #174.
This patch also moves the cpu_context initialization code from
tspd_setup() to tspd_init() immediately before entering the TSP.
Instead tspd_setup() updates the BL3-2 entrypoint info structure
with the state required for initializing the TSP later.
Juan Castillo [Wed, 16 Jul 2014 14:53:43 +0000 (15:53 +0100)]
Call platform_is_primary_cpu() only from reset handler
The purpose of platform_is_primary_cpu() is to determine after reset
(BL1 or BL3-1 with reset handler) if the current CPU must follow the
cold boot path (primary CPU), or wait in a safe state (secondary CPU)
until the primary CPU has finished the system initialization.
This patch removes redundant calls to platform_is_primary_cpu() in
subsequent bootloader entrypoints since the reset handler already
guarantees that code is executed exclusively on the primary CPU.
Additionally, this patch removes the weak definition of
platform_is_primary_cpu(), so the implementation of this function
becomes mandatory. Removing the weak symbol avoids other
bootloaders accidentally picking up an invalid definition in case the
porting layer makes the real function available only to BL1.
The define PRIMARY_CPU is no longer mandatory in the platform porting
because platform_is_primary_cpu() hides the implementation details
(for instance, there may be platforms that report the primary CPU in
a system register). The primary CPU definition in FVP has been moved
to fvp_def.h.
Optimize EL3 register state stored in cpu_context structure
This patch further optimizes the EL3 register state stored in
cpu_context. The 2 registers which are removed from cpu_context are:
* cntfrq_el0 is the system timer register which is writable
only in EL3 and it can be programmed during cold/warm boot. Hence
it need not be saved to cpu_context.
* cptr_el3 controls access to Trace, Floating-point, and Advanced
SIMD functionality and it is programmed every time during cold
and warm boot. The current BL3-1 implementation does not need to
modify the access controls during normal execution and hence
they are expected to remain static.
Juan Castillo [Thu, 5 Jun 2014 08:45:36 +0000 (09:45 +0100)]
Rework incorrect use of assert() and panic() in codebase
Assert a valid security state using the macro sec_state_is_valid().
Replace assert() with panic() in those cases that might arise
because of runtime errors and not programming errors.
Replace panic() with assert() in those cases that might arise
because of programming errors.
Add CPUECTLR_EL1 and Snoop Control register to crash reporting
This patch adds the CPUECTLR_EL1 register and the CCI Snoop Control
register to the list of registers being reported when an unhandled
exception occurs.
Soby Mathew [Wed, 25 Jun 2014 09:07:40 +0000 (10:07 +0100)]
Rework the crash reporting in BL3-1 to use less stack
This patch reworks the crash reporting mechanism to further
optimise the stack and code size. The reporting makes use
of assembly console functions to avoid calling C Runtime
to report the CPU state. The crash buffer requirement is
reduced to 64 bytes with this implementation. The crash
buffer is now part of per-cpu data which makes retrieving
the crash buffer trivial.
Also now panic() will use crash reporting if
invoked from BL3-1.
The patch implements a macro ASM_ASSERT() which can
be invoked from assembly code. When assertion happens,
file name and line number of the check is written
to the crash console.
This patch introduces platform APIs to initialise and
print a character on a designated crash console.
For the FVP platform, PL011_UART0 is the designated
crash console. The platform porting guide is also updated
to document the new APIs.
Parametrize baudrate and UART clock during console_init()
This patch adds baud rate and UART clock frequency as parameters
to the pl011 driver api console_init(). This allows each platform
to specify UART clock and baud rate according to their specific
hardware implementation.
Soby Mathew [Tue, 24 Jun 2014 11:28:41 +0000 (12:28 +0100)]
Introduce asm console functions in TF
This patch replaces the pl011 console family of functions
with their equivalents defined in assembly. The baud rate is
defined by the PL011_BAUDRATE macro and IBRD and FBRD values
for pl011 are computed statically. This patch will enable
us to invoke the console functions without the C Runtime Stack.
This patch reworks the manner in which the M,A, C, SA, I, WXN & EE bits of
SCTLR_EL3 & SCTLR_EL1 are managed. The EE bit is cleared immediately after reset
in EL3. The I, A and SA bits are set next in EL3 and immediately upon entry in
S-EL1. These bits are no longer managed in the blX_arch_setup() functions. They
do not have to be saved and restored either. The M, WXN and optionally the C
bit are set in the enable_mmu_elX() function. This is done during both the warm
and cold boot paths.
Achin Gupta [Thu, 26 Jun 2014 10:12:37 +0000 (11:12 +0100)]
Remove the concept of coherent stacks
This patch removes the allocation of memory for coherent stacks, associated
accessor function and some dead code which called the accessor function. It also
updates the porting guide to remove the concept and the motivation behind using
stacks allocated in coherent memory.
Juan Castillo [Mon, 30 Jun 2014 10:41:46 +0000 (11:41 +0100)]
Add support for printing version at runtime
Print out Trusted Firmware version at runtime at each BL stage.
Message consists of TF version as defined statically in the Makefile
(e.g. v0.4), build mode (debug|release) and a customizable build
string:
1. By defining BUILD_STRING in command line when building TF
2. Default string is git commit ID
3. Empty if git meta-data is not available
Soby Mathew [Thu, 12 Jun 2014 16:23:58 +0000 (17:23 +0100)]
Implement a leaner printf for Trusted Firmware
This patch implements a "tf_printf" which supports only the commonly
used format specifiers in Trusted Firmware, which uses a lot less
stack space than the stdlib printf function.
Achin Gupta [Thu, 26 Jun 2014 08:58:52 +0000 (09:58 +0100)]
Remove coherent stack usage from the warm boot path
This patch uses stacks allocated in normal memory to enable the MMU early in the
warm boot path thus removing the dependency on stacks allocated in coherent
memory. Necessary cache and stack maintenance is performed when a cpu is being
powered down and up. This avoids any coherency issues that can arise from
reading speculatively fetched stale stack memory from another CPUs cache. These
changes affect the warm boot path in both BL3-1 and BL3-2.
The EL3 system registers responsible for preserving the MMU state are not saved
and restored any longer. Static values are used to program these system
registers when a cpu is powered on or resumed from suspend.
Achin Gupta [Thu, 26 Jun 2014 07:59:07 +0000 (08:59 +0100)]
Make enablement of the MMU more flexible
This patch adds a 'flags' parameter to each exception level specific function
responsible for enabling the MMU. At present only a single flag which indicates
whether the data cache should also be enabled is implemented. Subsequent patches
will use this flag when enabling the MMU in the warm boot paths.
Achin Gupta [Wed, 25 Jun 2014 18:26:22 +0000 (19:26 +0100)]
Remove coherent stack usage from the cold boot path
This patch reworks the cold boot path across the BL1, BL2, BL3-1 and BL3-2 boot
loader stages to not use stacks allocated in coherent memory for early platform
setup and enabling the MMU. Stacks allocated in normal memory are used instead.
Attributes for stack memory change from nGnRnE when the MMU is disabled to
Normal WBWA Inner-shareable when the MMU and data cache are enabled. It is
possible for the CPU to read stale stack memory after the MMU is enabled from
another CPUs cache. Hence, it is unsafe to turn on the MMU and data cache while
using normal stacks when multiple CPUs are a part of the same coherency
domain. It is safe to do so in the cold boot path as only the primary cpu
executes it. The secondary cpus are in a quiescent state.
This patch does not remove the allocation of coherent stack memory. That is done
in a subsequent patch.
Define ARM_GIC_ARCH default value for all platforms
The ARM_GIC_ARCH build option was supposed to default to 2 on all
platforms. However, the default value was set in the FVP makefile
so for all other platforms it wasn't even defined.
This patch moves the default value to the main Makefile. The platform
port can then override it if needed.
Juan Castillo [Fri, 11 Jul 2014 09:23:18 +0000 (10:23 +0100)]
FVP: Ensure system reset wake-up results in cold boot
platform_get_entrypoint() did not consider that a wakeup due to
System Reset Pin (by reading the power controller's PSYSR) requires
a cold boot. As a result, the code would execute the warm boot path
and eventually panic because entrypoint mailboxes are empty.
This patch ensures that the following wake-up reasons result in cold
boot:
- Cold Power-on
- System Reset Pin (includes reset by software)
Update the documentation about the memory layout on FVP
Update the "Memory layout on FVP platforms" section in the Firmware
Design document to reflect the overlaying of BL1 and BL2 images
by BL3-1 and BL3-2.
Also update the Porting Guide document to mention the
BL31_PROGBITS_LIMIT and BL32_PROGBITS_LIMIT constants.
- Add support for loading a BL3-0 image in BL2. Information about
memory extents is populated by platform-specific code. Subsequent
handling of BL3-0 is also platform specific.
The BL2 main function has been broken down to improve readability.
The BL3-2 image is now loaded before the BL3-3 image to align with
the boot flow.
- Build system: Add support for specifying a BL3-0 image that will be
included into the FIP image.
- IO FIP driver: Add support for identifying a BL3-0 image inside a
FIP image.
- Update the documentation to reflect the above changes.
fvp: Reuse BL1 and BL2 memory through image overlaying
This patch re-organizes the memory layout on FVP as to give the
BL3-2 image as much memory as possible.
Considering these two facts:
- not all images need to live in memory at the same time. Once
in BL3-1, the memory used by BL1 and BL2 can be reclaimed.
- when BL2 loads the BL3-1 and BL3-2 images, it only considers the
PROGBITS sections of those 2 images. The memory occupied by the
NOBITS sections will be touched only at execution of the BL3-x
images;
Then it is possible to choose the different base addresses such that
the NOBITS sections of BL3-1 and BL3-2 overlay BL1 and BL2.
On FVP we choose to put:
- BL1 and BL3-1 at the top of the Trusted RAM, with BL3-1 NOBITS
sections overlaying BL1;
- BL3-2 at the bottom of the Trusted RAM, with its NOBITS sections
overlaying BL2;
New platform-specific constants have been introduced to easily check
at link time that BL3-1 and BL3-2 PROGBITS sections don't overwrite
BL1 and BL2. These are optional and the platform code is free to define
them or not. If not defined, the linker won't attempt to check
image overlaying.
Dan Handley [Fri, 20 Jun 2014 08:43:15 +0000 (09:43 +0100)]
Refactor fvp gic code to be a generic driver
Refactor the FVP gic code in plat/fvp/fvp_gic.c to be a generic ARM
GIC driver in drivers/arm/gic/arm_gic.c. Provide the platform
specific inputs in the arm_gic_setup() function so that the driver
has no explicit dependency on platform code.
Provide weak implementations of the platform interrupt controller
API in a new file, plat/common/plat_gic.c. These simply call through
to the ARM GIC driver.
Move the only remaining FVP GIC function, fvp_gic_init() to
plat/fvp/aarch64/fvp_common.c and remove plat/fvp/fvp_gic.c
Dan Handley [Fri, 20 Jun 2014 11:02:01 +0000 (12:02 +0100)]
Refactor fvp_config into common platform header
Changed the fvp_config array in fvp_common.c into a struct and
moved into a new optional common platform header,
include/plat/common/plat_config.h. Removed the config definitions
in fvp_def.h and updated all references to the platform config.
This makes the interface to the platform config cleaner and uses
a little less RAM.
Lin Ma [Fri, 27 Jun 2014 23:56:30 +0000 (16:56 -0700)]
Calculate TCR bits based on VA and PA
Currently the TCR bits are hardcoded in xlat_tables.c. In order to
map higher physical address into low virtual address, the TCR bits
need to be configured accordingly.
This patch is to save the max VA and PA and calculate the TCR.PS/IPS
and t0sz bits in init_xlat_tables function.
There was already a rudimentary mechanism to detect whether BL1
R/W data was loaded at the top or bottom of memory. Basically,
- either BL1 was loaded at the very end of the trusted RAM
- in all other cases BL1 was considered sitting at the bottom of
the memory and the memory usage structure was updated accordingly,
potentially resulting in critical memory waste.
For instance, if BL1 R/W base address was set to
(TZRAM_END - 4096 - bl1_size), it would virtually occupy the whole
memory.
This patch improves the mechanism to detect the location of BL1
to avoid such scenarios.
This concept is no longer required since we now support loading of
images at fixed addresses only.
The image loader now automatically detects the position of the image
inside the current memory layout and updates the layout such that
memory fragmentation is minimised.
The 'attr' field of the meminfo data structure, which used to hold
the bottom/top loading information, has been removed. Also the 'next'
field has been removed as it wasn't used anywhere.
The 'init_bl2_mem_layout()' function has been moved out of common
code and put in BL1-specific code. It has also been renamed into
'bl1_init_bl2_mem_layout'.
Andrew Thoelke [Thu, 26 Jun 2014 13:27:26 +0000 (14:27 +0100)]
Support later revisions of the Foundation FVP
The code in the FVP port which checks the platform type and
revision information in the SYS_ID register strictly supported
only the first revision of the Base and Foundation FVPs.
The current check also does not reflect the fact that the
board revision field is 'local' to the board type (HBI field).
Support for a new Foundation model is required now, and the
checking code is relaxed to allow execution (with a diagnostic)
on unrecognised revisions of the Base and Foundation FVP.
Andrew Thoelke [Mon, 9 Jun 2014 11:44:21 +0000 (12:44 +0100)]
Remove current CPU mpidr from PSCI common code
Many of the interfaces internal to PSCI pass the current CPU
MPIDR_EL1 value from function to function. This is not required,
and with inline access to the system registers is less efficient
than requiring the code to read that register whenever required.
This patch remove the mpidr parameter from the affected interfaces
and reduces code in FVP BL3-1 size by 160 bytes.
Vikram Kanigiri [Mon, 2 Jun 2014 13:59:00 +0000 (14:59 +0100)]
Simplify entry point information generation code on FVP
This patch reworks FVP specific code responsible for determining
the entry point information for BL3-2 and BL3-3 stages when BL3-1
is configured as the reset handler.
fvp: Fix register name in 'plat_print_gic_regs' macro
The 'plat_print_gic_regs' macro was accessing the GICC_CTLR register
using the GICD_CTLR offset. This still generates the right code in
the end because GICD_CTLR == GICC_CTLR but this patch fixes it for
the logic of the code.
Andrew Thoelke [Mon, 9 Jun 2014 11:54:15 +0000 (12:54 +0100)]
Remove calling CPU mpidr from bakery lock API
The bakery lock code currently expects the calling code to pass
the MPIDR_EL1 of the current CPU.
This is not always done correctly. Also the change to provide
inline access to system registers makes it more efficient for the
bakery lock code to obtain the MPIDR_EL1 directly.
This change removes the mpidr parameter from the bakery lock
interface, and results in a code reduction of 160 bytes for the
ARM FVP port.
Andrew Thoelke [Thu, 19 Jun 2014 23:36:14 +0000 (00:36 +0100)]
Correctly dimension the PSCI aff_map_node array
The array of affinity nodes is currently allocated for 32 entries
with the PSCI_NUM_AFFS value defined in psci.h. This is not enough
for large systems, and will substantially over allocate the array
for small systems.
This patch introduces an optional platform definition
PLATFORM_NUM_AFFS to platform_def.h. If defined this value is
used for PSCI_NUM_AFFS, otherwise a value of two times the number
of CPU cores is used.
The FVP port defines PLATFORM_NUM_AFFS to be 10 which saves
nearly 1.5KB of memory.
Andrew Thoelke [Thu, 19 Jun 2014 23:38:03 +0000 (00:38 +0100)]
Eliminate psci_suspend_context array
psci_suspend_context is an array of cache-line aligned structures
containing the single power_state integer per cpu. This array is
the only structure indexed by the aff_map_node.data integer.
This patch saves 2KB of BL3-1 memory by placing the CPU
power_state value directly in the aff_map_node structure. As a
result, this value is now never cached and the cache clean when
writing the value is no longer required.
Andrew Thoelke [Wed, 4 Jun 2014 20:10:52 +0000 (21:10 +0100)]
Initialise CPU contexts from entry_point_info
Consolidate all BL3-1 CPU context initialization for cold boot, PSCI
and SPDs into two functions:
* The first uses entry_point_info to initialize the relevant
cpu_context for first entry into a lower exception level on a CPU
* The second populates the EL1 and EL2 system registers as needed
from the cpu_context to ensure correct entry into the lower EL
This patch alters the way that BL3-1 determines which exception level
is used when first entering EL1 or EL2 during cold boot - this is now
fully determined by the SPSR value in the entry_point_info for BL3-3,
as set up by the platform code in BL2 (or otherwise provided to BL3-1).
In the situation that EL1 (or svc mode) is selected for a processor
that supports EL2, the context management code will now configure all
essential EL2 register state to ensure correct execution of EL1. This
allows the platform code to run non-secure EL1 payloads directly
without requiring a small EL2 stub or OS loader.
Add the '-Wmissing-include-dirs' flag to the CFLAGS and ASFLAGS
to make the build fail if the compiler or the assembler is given
a nonexistant directory in the list of directories to be searched
for header files.
Also remove 'include/bl1' and 'include/bl2' directories from the
search path for header files as they don't exist anymore.
Soby Mathew [Fri, 6 Jun 2014 09:18:52 +0000 (10:18 +0100)]
Remove re-initialisation of system timers after warm boot for FVP
This patch removes the reinitialisation of memory mapped system timer
registers after a warm boot for the FVP. The system timers in FVP are
in the 'Always ON' power domain which meant the reinitialisation was
redundant and it could have conflicted with the setup the normal
world has done.
The programming of CNTACR(x) and CNTNSAR, the system timer registers,
are removed from the warm boot path with this patch.
Andrew Thoelke [Mon, 2 Jun 2014 11:38:12 +0000 (12:38 +0100)]
Remove early_exceptions from BL3-1
The crash reporting support and early initialisation of the
cpu_data allow the runtime_exception vectors to be used from
the start in BL3-1, removing the need for the additional
early_exception vectors and 2KB of code from BL3-1.
projects / arm-tf.git / log