These APIs allow the GIC implementation to categorize interrupt numbers
into SPIs, PPIs, and SGIs. The default implementations for GICv2 and
GICv3 follows interrupt numbering as specified by the ARM GIC
architecture.
The PE target mask is used to translate linear PE index (returned by
platform core position) to a bit mask used when targeting interrupts to
a PE, viz. when raising SGIs and routing SPIs.
The platform shall:
- Populate the driver data with a pointer to array that's to contain
per-PE target masks.
- Invoke the new driver API 'gicv2_set_pe_target_mask()' during
per-CPU initialization so that the driver populates the target mask
for that CPU.
Platforms that don't intend to target interrupts or raise SGIs need not
populate this.
Evan Lloyd [Thu, 25 May 2017 18:06:47 +0000 (19:06 +0100)]
fiptool: Precursor changes for Visual Studio
In order to compile the source of Fiptool using Visual Studio a number
of adjustments are required to the source. This commit modifies the
source with changes that will be required, but makes no functional
modification. The intent is to allow confirmation that the GCC build
is unaffected.
Michalis Pappas [Fri, 6 Oct 2017 08:11:44 +0000 (16:11 +0800)]
cert_tool: update for compatibility with OpenSSL v1.1
This patch fixes incompatibility issues that prevent building the cert_tool
with OpenSSL >= v1.1.0. The changes introduced are still backwards
compatible with OpenSSL v1.0.2.
David Cunado [Thu, 5 Oct 2017 20:24:14 +0000 (21:24 +0100)]
Increase PLAT_ARM_MMAP_ENTRIES and MAX_XLAT_TABLES
The MEM_PROTECT support adds a MMAP region for DRAM2, which when
building with TBBR support and OP-TEE tsp requires an additional
entry in the MMAP region array in BL2 - PLAT_ARM_MMAP_ENTRIES is
increased.
The MEM_PROTECT support also adds a new region in BL31, and when
BL31 is placed in DRAM, the memory mappings require an additional
translation table - MAX_XLAT_TABLES is increased.
Change-Id: I0b76260da817dcfd0b8f73a7193c36efda977625 Signed-off-by: David Cunado <david.cunado@arm.com>
This patch adds functions to save and restore GICv3 ITS registers during
system suspend. Please note that the power management of GIC ITS is
implementation defined. These functions only implements the
architectural part of the ITS power management and they do not restore
memory structures or register content required to support ITS. Even if
the ITS implementation stores structures in memory, an implementation
defined power down sequence is likely to be required to flush some
internal ITS caches to memory. If such implementation defined sequence
is not followed, the platform must ensure that the ITS is not power
gated during system suspend.
Change-Id: I5f31e5541975aa7dcaab69b0b7f67583c0e27678 Signed-off-by: Soby Mathew <soby.mathew@arm.com> Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
During system suspend, the GICv3 Distributor and Redistributor context
can be lost due to power gating of the system power domain. This means
that the GICv3 context needs to be saved prior to system suspend and
restored on wakeup. Currently the consensus is that the Firmware should
be in charge of this. See tf-issues#464 for more details.
This patch introduces helper APIs in the GICv3 driver to save and
restore the Distributor and Redistributor contexts. The GICv3 ITS
context is not considered in this patch because the specification says
that the details of ITS power management is implementation-defined.
These APIs are expected to be appropriately invoked by the platform
layer during system suspend.
Fixes ARM-software/tf-issues#464
Change-Id: Iebb9c6770ab8c4d522546f161fa402d2fe02ec00 Signed-off-by: Soby Mathew <soby.mathew@arm.com> Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Douglas Raillard [Wed, 26 Jul 2017 12:51:00 +0000 (13:51 +0100)]
GICv3: turn some macros into inline functions
Tidy up the code a bit by turning some macros into inline functions
which allows to remove the do/while(0) idiom and backslashes at the end
of the line.
Change-Id: Ie41a4ea4a4da507f7b925247b53e85019101d717 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Reindent the file using tabs as the mix of spaces and tabs confuses some
editors and leads them to use spaces instead of tabs for new code
although the coding style mandates tabs.
Change-Id: I87fa4a5d368a048340054b9b3622325f3f7befba Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
This patch introduces the ability of the xlat tables library to manage
EL0 and EL1 mappings from a higher exception level.
Attributes MT_USER and MT_PRIVILEGED have been added to allow the user
specify the target EL in the translation regime EL1&0.
REGISTER_XLAT_CONTEXT2 macro is introduced to allow creating a
xlat_ctx_t that targets a given translation regime (EL1&0 or EL3).
A new member is added to xlat_ctx_t to represent the translation regime
the xlat_ctx_t manages. The execute_never mask member is removed as it
is computed from existing information.
Change-Id: I95e14abc3371d7a6d6a358cc54c688aa9975c110 Co-authored-by: Douglas Raillard <douglas.raillard@arm.com> Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Douglas Raillard [Mon, 25 Sep 2017 14:23:22 +0000 (15:23 +0100)]
xlat: Introduce function xlat_arch_tlbi_va_regime()
Introduce a variant of the TLB invalidation helper function that
allows the targeted translation regime to be specified, rather than
defaulting to the current one.
This new function is useful in the context of EL3 software managing
translation tables for the S-EL1&0 translation regime, as then it
might need to invalidate S-EL1&0 TLB entries rather than EL3 ones.
Define a new enumeration to be able to represent translation regimes in
the xlat tables library.
Change-Id: Ibe4438dbea2d7a6e7470bfb68ff805d8bf6b07e5 Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Co-authored-by: Douglas Raillard <douglas.raillard@arm.com> Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
TLB invalidation functions used to be conditionally compiled in.
They were enabled only when using the dynamic mapping feature.
because only then would we need to modify page tables on the fly.
Actually there are other use cases where invalidating TLBs is required.
When changing memory attributes in existing translation descriptors for
example. These other use cases do not necessarily depend on the dynamic
mapping feature.
This patch removes this dependency and always compile TLB invalidation
functions in. If they're not used, they will be removed from the binary
at link-time anyway so there's no consequence on the memory footprint
if these functions are not called.
The current implementation of the memory mapping API favours mapping
memory regions using the biggest possible block size in order to
reduce the number of translation tables needed.
In some cases, this behaviour might not be desirable. When translation
tables are edited at run-time, coarse-grain mappings like that might
need splitting into finer-grain tables. This operation has a
performance cost.
The MAP_REGION2() macro allows to specify the granularity of
translation tables used for the initial mapping of a memory region.
This might increase performance for memory regions that are likely to
be edited in the future, at the expense of a potentially increased
memory footprint.
The Translation Tables Library Design Guide has been updated to
explain the use case for this macro. Also added a few intermediate
titles to make the guide easier to digest.
Change-Id: I04de9302e0ee3d326b8877043a9f638766b81b7b Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Commit 11ad8f208db42f7729b0ce2bd16c631c293e665c added supporting
multi-threaded CPUs on FVP platform, including modifications for
calculating CPU IDs. This patch imports the strong definition of the
same CPU ID calculation on FVP platform for TSP.
Without this patch, TSP on FVP was using the default CPU ID calculation,
which would end up being wrong on CPUs with multi-threading.
xlat: remove cast in MAP_REGION to get back building with GCC 4.9
Since commit 769d65da778b ("xlat: Use MAP_REGION macro as compatibility
layer"), building with GCC 4.9 fails.
CC plat/arm/board/fvp/fvp_common.c
plat/arm/board/fvp/fvp_common.c:60:2: error: initializer element is not constant
ARM_MAP_SHARED_RAM,
^
plat/arm/board/fvp/fvp_common.c:60:2: error: (near initialization for 'plat_arm_mmap[0]')
make: *** [Makefile:535: build/fvp/release/bl1/fvp_common.o] Error 1
Taking into account that MAP_REGION(_FLAT) is widely used in array
initializers, do not use cast.
Fixes: 769d65da778b ("xlat: Use MAP_REGION macro as compatibility layer") Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Roberto Vargas [Tue, 8 Aug 2017 10:27:20 +0000 (11:27 +0100)]
mem_protect: Add DRAM2 to the list of mem protected ranges
On ARM platforms, the maximum size of the address space is limited
to 32-bits as defined in arm_def.h. In order to access DRAM2, which
is defined beyond the 32-bit address space, the maximum address space
is increased to 36-bits in AArch64. It is possible to increase the
virtual space for AArch32, but it is more difficult and not supported
for now.
NOTE - the actual maximum memory address space is platform dependent
and is checked at run-time by querying the PARange field in the
ID_AA64MMFR0_EL1 register.
Roberto Vargas [Thu, 3 Aug 2017 08:16:43 +0000 (09:16 +0100)]
mem_protect: Add mem_protect support in Juno and FVP for DRAM1
mem_protect needs some kind of non-volatile memory because it has
to remember its state across reset and power down events.
The most suitable electronic part for this feature is a NVRAM
which should be only accesible from the secure world. Juno and
FVP lack such hardware and for this reason the MEM_PROTECT
functionality is implemented with Flash EEPROM memory on both
boards, even though this memory is accesible from the non-secure
world. This is done only to show a full implementation of
these PSCI features, but an actual system shouldn't use a
non-secure NVRAM to implement it.
The EL3 runtime software will write the mem_protect flag and BL2
will read and clear the memory ranges if enabled. It is done in
BL2 because it reduces the time that TF needs access to the full
non-secure memory.
The memory layout of both boards is defined using macros which
take different values in Juno and FVP platforms. Generic platform
helpers are added that use the platform specific macros to generate
a mem_region_t that is valid for the platform.
Roberto Vargas [Thu, 3 Aug 2017 07:16:16 +0000 (08:16 +0100)]
mem_protect: Add mem_protect API
This patch adds the generic code that links the psci smc handler
with the platform function that implements the mem_protect and
mem_check_range functionalities. These functions are optional
APIs added in PSCI v1.1 (ARM DEN022D).
Qixiang Xu [Thu, 24 Aug 2017 07:12:20 +0000 (15:12 +0800)]
Add support for TBBR using ECDSA keys in ARM platforms
- fixed compile error when KEY_ALG=ecdsa
- add new option ecdsa for TF_MBEDTLS_KEY_ALG
- add new option devel_ecdsa for ARM_ROTPK_LOCATION
- add ecdsa key at plat/arm/board/common/rotpk/
- reduce the mbedtls heap memory size to 13k
Qixiang Xu [Thu, 24 Aug 2017 06:28:08 +0000 (14:28 +0800)]
plat/arm : update BL size macros to give BL1 and BL2 more space for TBB
For Trusted Board Boot, BL1 RW section and BL2 need more space to
support the ECDSA algorithm. Specifically, PLAT_ARM_MAX_BL1_RW_SIZE
is increased on ARM platforms.
And on the Juno platform:
- BL2 size, PLAT_ARM_MAX_BL2_SIZE is increased.
- SCP_BL2 is loaded into the space defined by BL31_BASE ->
BL31_RW_BASE. In order to maintain the same size space for
SCP_BL2,PLAT_ARM_MAX_BL31_SIZE is increased.
Change-Id: I379083f918b40ab1c765da4e71780d89f0058040 Co-Authored-By: David Cunado <david.cunado@arm.com> Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
platform_def.h doesn't need all the definitions in utils.h,
the ones in utils_def.h are enough. This patch is related
to the changes introduced by commit 53d9c9c85b.
The type `unsigned long` is 32 bit wide in AArch32, but 64 bit wide in
AArch64. This is inconsistent and that's why we avoid using it as per
the Coding Guidelines. This patch changes all `UL` occurrences to `U`
or `ULL` depending on the context so that the size of the constant is
clear.
This problem affected the macro `BIT(nr)`. As long as this macro is used
to fill fields of registers, that's not a problem, since all registers
are 32 bit wide in AArch32 and 64 bit wide in AArch64. However, if the
macro is used to fill the fields of a 64-bit integer, it won't be able
to set the upper 32 bits in AArch32.
By changing the type of this macro to `unsigned long long` the behaviour
is always the same regardless of the architecture, as this type is
64-bit wide in both cases.
Some Tegra platform files have been modified by this patch.
Change-Id: I918264c03e7d691a931f0d1018df25a2796cc221 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
In the S-EL1&0 translation regime we aren't using the higher VA range,
whose translation table base address is held in TTBR1_EL1. The bit
TCR_EL1.EPD1 can be used to disable translations using TTBR1_EL1, but
the code wasn't setting it to 1. Additionally, other fields in TCR1_EL1
associated with the higher VA range (TBI1, TG1, SH1, ORGN1, IRGN1 and
A1) weren't set correctly as they were left as 0. In particular, 0 is a
reserved value for TG1. Also, TBBR1_EL1 was not explicitly set and its
reset value is UNKNOWN.
Therefore memory accesses to the higher VA range would result in
unpredictable behaviour as a translation table walk would be attempted
using an UNKNOWN value in TTBR1_EL1.
On the FVP and Juno platforms accessing the higher VA range resulted in
a translation fault, but this may not always be the case on all
platforms.
This patch sets the bit TCR_EL1.EPD1 to 1 so that any kind of
unpredictable behaviour is prevented.
This bug only affects the AArch64 version of the code, the AArch32
version sets this bit to 1 as expected.
Change-Id: I481c000deda5bc33a475631301767b9e0474a303 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Use a mmap_region_t as parameter instead of getting a parameter for each
structure member. This reduces the scope of changes when adding members
to mmap_region_t.
Also align on the convention of using mm_cursor as a variable name for
the currently inspected region when iterating on the region array.
Change-Id: If40bc4351b56c64b214e60dda27276d11ce9dbb3 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Aijun Sun [Tue, 19 Sep 2017 08:52:08 +0000 (16:52 +0800)]
trusty: save/restore FPU registers in world switch
Currently, Trusty OS/LK implemented FPU context switch in internal
thread switch but does not implement the proper mechanism for world
switch. This commit just simply saves/restores FPU registes in world
switch to prevent FPU context from being currupted when Trusty OS uses
VFP in its applications.
It should be noted that the macro *CTX_INCLUDE_FPREGS* must be defined
in trusty.mk if Trusty OS uses VFP
Signed-off-by: Aijun Sun <aijun.sun@spreadtrum.com>
Douglas Raillard [Tue, 12 Sep 2017 09:31:49 +0000 (10:31 +0100)]
xlat: fix mm copy when adding a region
mmap_add_region_ctx and mmap_add_dynamic_region_ctx are clearing members
that they are not aware of by copying each member one by one. Replace
this by structure assignment.
Change-Id: I7c70cb408c8a8eb551402a5d8d956c1fb7f32b55 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Victor Chong [Wed, 13 Sep 2017 16:27:19 +0000 (01:27 +0900)]
hikey*: Undef BL32_BASE when building without SPD
Otherwise, BL2 tries to load a BL32 image and triggers
assert(result == 0)
in
plat_get_image_source()
in hikey{960}_io_storage.c
in a debug build, or displays
ERROR: BL2: Failed to load image
in a release build.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Qixiang Xu [Thu, 31 Aug 2017 03:45:32 +0000 (11:45 +0800)]
plat/arm: Fix BL31_BASE when RESET_TO_BL31=1
The value of BL31_BASE currently depends on the size of BL31. This
causes problems in the RESET_TO_BL31 case because the value of
BL31_BASE is used in the model launch parameters, which often changes.
Therefore, this patch fixes BL31_BASE to the middle of Trusted SRAM,
to avoid further model parameter changes in future.
Change-Id: I6d7fa4fe293717d84768974679539c0e0cb6d935 Signed-off-by: David Cunado <david.cunado@arm.com>
This patch provides helper macros for both Device and Normal memory MAIR
encodings as defined by the ARM Architecture Reference Manual for ARMv8-A
(ARM DDI0487B.A).
Change-Id: I5faae7f2cf366390ad4ba1d9253c6f3b60fd5e20 Signed-off-by: David Cunado <david.cunado@arm.com>
Using the OIDs defined in tbbr_oids.h is the recommended way to build
the cert_create tool. This patch hence sets default value of the build
flag USE_TBBR_DEFS to 1 in the Makefile in `tools/cert_create` folder
when cert_create is built from this folder.
Douglas Raillard [Thu, 31 Aug 2017 15:20:25 +0000 (16:20 +0100)]
xlat: Use MAP_REGION macro as compatibility layer
Use the MAP_REGION to build the mmap_region_t argument in wrappers like
mmap_add_region(). Evolution of the mmap_region_t might require adding
new members with a non-zero default value. Users of MAP_REGION are
protected against such evolution. This commit also protects users of
mmap_add_region() and mmap_add_dynamic_region() functions against these
evolutions.
Also make the MAP_REGION macro implementation more explicit and make it
a mmap_region_t compound literal to make it useable as a function
parameter on its own and to prevent using it in initialization of
variables of different type.
Change-Id: I7bfc4689f6dd4dd23c895b65f628d8ee991fc161 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
This patch gives users control over logging messages printed from the C
code using the LOG macros defined in debug.h Users now have the ability
to reduce the log_level at run time using the tf_log_set_max_level()
function. The default prefix string can be defined by platform by
overriding the `plat_log_get_prefix()` platform API which is also
introduced in this patch.
The new log framework results in saving of some RO data. For example,
when BL1 is built for FVP with LOG_LEVEL=LOG_LEVEL_VERBOSE, resulted
in saving 384 bytes of RO data and increase of 8 bytes of RW data. The
framework also adds about 108 bytes of code to the release build of FVP.
Fixes ARM-software/tf-issues#462
Change-Id: I476013d9c3deedfdd4c8b0b0f125665ba6250554 Co-authored-by: Eleanor Bonnici <Eleanor.bonnici@arm.com> Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Leo Yan [Thu, 7 Sep 2017 06:56:32 +0000 (14:56 +0800)]
Hikey: enable CPU debug module
Every CPU has its own debug module and this module is used by JTAG
debugging and coresight tracing. If without enabling it, it's easily to
introduce lockup issue when we enable debugging features.
This patch is to enable CPU debug module when power on CPU; this allows
connecting to all cores through JTAG and used by kernel coresight
driver.
Signed-off-by: Matthias Welwarsky <maw@sysgo.com> Signed-off-by: Leo Yan <leo.yan@linaro.org>
Soby Mathew [Mon, 12 Jun 2017 11:37:10 +0000 (12:37 +0100)]
CSS: Changes for SDS framework
This patch does the required changes to enable CSS platforms
to build and use the SDS framework. Since SDS is always coupled with
SCMI protocol, the preexisting SCMI build flag is now renamed to
`CSS_USE_SCMI_SDS_DRIVER` which will enable both SCMI and SDS on
CSS platforms. Also some of the workarounds applied for SCMI are
now removed with SDS in place.
Soby Mathew [Mon, 12 Jun 2017 11:13:04 +0000 (12:13 +0100)]
SDS: Introduce the sds drivers
This patch introduces the driver for Shared-Data-Structure (SDS)
framework which will be used for communication between SCP and AP
CPU. The SDS framework is intended to replace the Boot-Over-MHU
(BOM) protocol used currently for the communication
Soby Mathew [Mon, 12 Jun 2017 11:15:01 +0000 (12:15 +0100)]
Split CSS makefile for sp_min on Juno
This patch factors out common files required for sp_min for all CSS
platforms from the JUNO specific makefile to a the new `css_sp_min.mk`
makefile. This also allows the common build options that affect CSS
platforms to be configured in a central makefile for sp_min.
This patch fixes the inconsistency with regards as to how
BL2_BASE/BL2U_BASE and BL2_LIMIT/BL2U_LIMIT macros are defined
when building Juno to run in AArch32 mode at EL3. In this case,
BL32 is compiled for AArch32 whereas BL1 and BL2 are compiled
for AArch64. This resulted in BL32 conditionally compiling a
different definition of the above mentioned macros from BL1/BL2.
This is fixed by taking into consideration the
JUNO_AARCH32_EL3_RUNTIME build flag as well in the conditional
compilation check.
plat_get_my_entrypoint was branching to juno_do_reset_to_aarch_32_state,
which is not supposed to return, and in case of returning it implemented
an infinite loop. The problem was that plat_get_my_entrypoint was using
"b" instead of "bl", so juno_do_reset_to_aarch_32_state was returning to
the caller of plat_get_my_entrypoint instead of stop the system with a
panic.
To avoid this problem juno_do_reset_to_aarch_32_state was modified to
call directly to plat_panic_handler if it tries to return.
David Cunado [Mon, 4 Sep 2017 15:41:37 +0000 (16:41 +0100)]
Set NS version SCTLR during warmboot path
When ARM TF executes in AArch32 state, the NS version of SCTLR
is not being set during warmboot flow. This results in secondary
CPUs entering the Non-secure world with the default reset value
in SCTLR.
This patch explicitly sets the value of the NS version of SCTLR
during the warmboot flow rather than relying on the h/w.
Change-Id: I86bf52b6294baae0a5bd8af0cd0358cc4f55c416 Signed-off-by: David Cunado <david.cunado@arm.com>
Fix BL2 memory map when OP-TEE is the Secure Payload
The commit 3eb2d67 optimizes the memory map for BL2 when TSP
is not present. But this also broke OP-TEE as it was reusing
the TSP mapping. This patch fixes this problem by adding a
separate mapping for OP-TEE in the BL2 memory map table.
projects / arm-tf.git / log