Soby Mathew [Fri, 2 Jun 2017 16:44:07 +0000 (17:44 +0100)]
Use CryptoCell to set/get NVcounters and ROTPK
This patch implements the platform APIs plat_get_rotpk_info,
plat_get_nv_ctr, plat_set_nv_ctr to invoke CryptoCell SBROM
APIs when ARM_CRYPTOCELL_INT is set.
Soby Mathew [Mon, 5 Jun 2017 14:55:59 +0000 (15:55 +0100)]
Do basic CryptoCell LCS check
This patch implements the basic lifecycle state check when CryptoCell
SBROM is initialized. Currently the check ensures that if the lifecycle
state is Security Disabled (SD), the boot process does not proceed
further.
Soby Mathew [Wed, 10 May 2017 10:50:30 +0000 (11:50 +0100)]
ARM plat changes to enable CryptoCell integration
This patch makes the necessary changes to enable ARM platform to
successfully integrate CryptoCell during Trusted Board Boot. The
changes are as follows:
* A new build option `ARM_CRYPTOCELL_INTEG` is introduced to select
the CryptoCell crypto driver for Trusted Board boot.
* The TrustZone filter settings for Non Secure DRAM is modified
to allow CryptoCell to read this memory. This is required to
authenticate BL33 which is loaded into the Non Secure DDR.
* The CSS platforms are modified to use coherent stacks in BL1 and BL2
when CryptoCell crypto is selected. This is because CryptoCell makes
use of DMA to transfer data and the CryptoCell SBROM library allocates
buffers on the stack during signature/hash verification.
Soby Mathew [Wed, 10 May 2017 10:49:58 +0000 (11:49 +0100)]
Add CC crypto driver to the Auth module
This patch adds a crypto driver which utilizes the ARM® TrustZone®
CryptoCell-712 to verify signature and hash during Trusted Board Boot. Along
with this driver, the CryptoCell SBROM library is required to successfully
build the BL image. The path to this library is specified via
the `CCSBROM_LIB_PATH` variable. Please note that, mbedTLS is still required
to do the X509 certificate ASN.1 parsing and CryptoCell is only utilized for
signature and hash verification.
Soby Mathew [Wed, 10 May 2017 10:48:40 +0000 (11:48 +0100)]
Add headers to enable CryptoCell integration
This patch adds header files with required declarations and
macro definitions to enable integration with CryptoCell SBROM
version `CC712 – Release 1.0.0.1061`. These headers enable ARM
Trusted Firmware to build and link with CryptoCell SBROM
library.
Douglas Raillard [Thu, 22 Jun 2017 14:03:50 +0000 (15:03 +0100)]
Document CFLAGS make option
CFLAGS content can be set on the command line to allow passing extra
options to the compiler. Its content is appended after the options set
by the Makefile (TF_CFLAGS).
The Makefiles must use TF_CFLAGS instead of CFLAGS, as the latter can be
completely overriden by setting it on the command line.
Also tell about LDFLAGS in the "Debugging options" section.
Change-Id: Iaf27b424002898ef3040133f78cb133983a37aee Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Douglas Raillard [Thu, 22 Jun 2017 13:44:48 +0000 (14:44 +0100)]
Introduce TF_LDFLAGS
Use TF_LDFLAGS from the Makefiles, and still append LDFLAGS as well to
the compiler's invocation. This allows passing extra options from the
make command line using LDFLAGS.
Document new LDFLAGS Makefile option.
Change-Id: I88c5ac26ca12ac2b2d60a6f150ae027639991f27 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Caesar Wang [Wed, 28 Jun 2017 00:40:26 +0000 (08:40 +0800)]
rockchip: enable A53's erratum 855873 for rk3399
For rk3399, the L2ACTLR[14] is 0 by default, as ACE CCI-500 doesn't
support WriteEvict. and you will hit the condition L2ACTLR[3] with 0,
as the Evict transactions should propagate to CCI-500 since it has
snoop filters.
Maybe this erratum applies to all Cortex-A53 cores so far, especially
if RK3399's A53 is a r0p4. we should enable it to avoid data corruption,
Change-Id: Ib86933f1fc84f8919c8e43dac41af60fd0c3ce2f Signed-off-by: Caesar Wang <wxt@rock-chips.com>
Douglas Raillard [Thu, 22 Jun 2017 14:36:02 +0000 (15:36 +0100)]
Fix broken link in documentation
Fix link in docs/firmware-update.md and docs/change-log.md:
https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Image-Terminology
Change-Id: I2d51d373fd0f7da59b548cd6bed52c47772014fd Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
David Cunado [Wed, 21 Jun 2017 15:52:45 +0000 (16:52 +0100)]
Resolve signed-unsigned comparison issues
A recent commit 030567e6f51731982a7e71cbd387de93bc0e35fd added U()/ULL()
macro to TF constants. This has caused some signed-unsigned comparison
warnings / errors in the TF static analysis.
This patch addresses these issues by migrating impacted variables from
signed ints to unsigned ints and vice verse where applicable.
Change-Id: I4b4c739a3fa64aaf13b69ad1702c66ec79247e53 Signed-off-by: David Cunado <david.cunado@arm.com>
juno: Invalidate all caches before warm reset to AArch32 state.
On Juno AArch32, the L2 cache may contain garbage after the warm reset
from AArch64 to AArch32. This is all fine until the MMU is configured
and the data caches enabled. To avoid fetching stale data from the L2
unified cache, invalidate it before the warm reset to AArch32 state.
juno/aarch32: Restore `SCP_BOOT_CFG_ADDR` to the cold boot value
Before BL2 loads the SCP ram firmware, `SCP_BOOT_CFG_ADDR` specifies
the primary core. After the SCP ram firmware has started executing,
`SCP_BOOT_CFG_ADDR` is modified. This is not normally an issue but
the Juno AArch32 boot flow is a special case. BL1 does a warm reset
into AArch32 and the core jumps to the `sp_min` entrypoint. This is
effectively a `RESET_TO_SP_MIN` configuration. `sp_min` has to be
able to determine the primary core and hence we need to restore
`SCP_BOOT_CFG_ADDR` to the cold boot value before `sp_min` runs.
This magically worked when booting on A53 because the core index was
zero and it just so happened to match with the new value in
`SCP_BOOT_CFG_ADDR`.
Etienne Carriere [Thu, 22 Jun 2017 20:10:32 +0000 (22:10 +0200)]
psci: minor fixes in lib
Call svc_suspend_finish if registered.
psci_get_stat() is static to psci_stat.c
Fix types used in comparison.
Fix coding style (empty line between variable definition and instructions
block).
Douglas Raillard [Mon, 19 Jun 2017 14:38:02 +0000 (15:38 +0100)]
Apply workarounds for A53 Cat A Errata 835769 and 843419
These errata are only applicable to AArch64 state. See the errata notice
for more details:
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.epm048406/index.html
Introduce the build options ERRATA_A53_835769 and ERRATA_A53_843419.
Enable both of them for Juno.
Apply the 835769 workaround as following:
* Compile with -mfix-cortex-a53-835769
* Link with --fix-cortex-a53-835769
Apply the 843419 workaround as following:
* Link with --fix-cortex-a53-843419
The erratum 843419 workaround can lead the linker to create new sections
suffixed with "*.stub*" and 4KB aligned. The erratum 835769 can lead the
linker to create new "*.stub" sections with no particular alignment.
Also add support for LDFLAGS_aarch32 and LDFLAGS_aarch64 in Makefile for
architecture-specific linker options.
Change-Id: Iab3337e338b7a0a16b0d102404d9db98c154f8f8 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
aarch32: Apply workaround for errata 813419 of Cortex-A57
TLBI instructions for monitor mode won't have the desired effect under
specific circumstances in Cortex-A57 r0p0. The workaround is to
execute DSB and TLBI twice each time.
Even though this errata is only needed in r0p0, the current errata
framework is not prepared to apply run-time workarounds. The current one
is always applied if compiled in, regardless of the CPU or its revision.
The `DSB` instruction used when initializing the translation tables has
been changed to `DSB ISH` as an optimization and to be consistent with
the barriers used for the workaround.
NOTE: This workaround is present in AArch64 TF and already enabled by
default on Juno.
dp-arm [Tue, 23 May 2017 08:32:49 +0000 (09:32 +0100)]
aarch64: Enable Statistical Profiling Extensions for lower ELs
SPE is only supported in non-secure state. Accesses to SPE specific
registers from SEL1 will trap to EL3. During a world switch, before
`TTBR` is modified the SPE profiling buffers are drained. This is to
avoid a potential invalid memory access in SEL1.
SPE is architecturally specified only for AArch64.
David Cunado [Thu, 13 Apr 2017 21:38:29 +0000 (22:38 +0100)]
Fully initialise essential control registers
This patch updates the el3_arch_init_common macro so that it fully
initialises essential control registers rather then relying on hardware
to set the reset values.
The context management functions are also updated to fully initialise
the appropriate control registers when initialising the non-secure and
secure context structures and when preparing to leave EL3 for a lower
EL.
This gives better alignement with the ARM ARM which states that software
must initialise RES0 and RES1 fields with 0 / 1.
This patch also corrects the following typos:
"NASCR definitions" -> "NSACR definitions"
Change-Id: Ia8940b8351dc27bc09e2138b011e249655041cfc Signed-off-by: David Cunado <david.cunado@arm.com>
Soby Mathew [Thu, 15 Jun 2017 15:18:45 +0000 (16:18 +0100)]
Exit early if size zero for cache helpers
This patch enables cache helper functions `flush_dcache_range`,
`clean_dcache_range` and `invalidate_dcache_range` to exit early
if the size argument specified is zero
Soby Mathew [Thu, 15 Jun 2017 15:11:48 +0000 (16:11 +0100)]
Fix issues in FWU code
This patch fixes the following issues in Firmware Update (FWU) code:
1. The FWU layer maintains a list of loaded image ids and
while checking for image overlaps, INVALID_IMAGE_IDs were not
skipped. The patch now adds code to skip INVALID_IMAGE_IDs.
2. While resetting the state corresponding to an image, the code
now resets the memory used by the image only if the image were
copied previously via IMAGE_COPY smc. This prevents the invalid
zeroing of image memory which are not copied but are directly
authenticated via IMAGE_AUTH smc.
Masahiro Yamada [Wed, 14 Jun 2017 11:38:12 +0000 (20:38 +0900)]
uniphier: embed ROTPK hash into BL1/BL2
Currently, ROTPK_NOT_DEPLOYED flag is set in plat_get_rotpk_info().
It is up to users how to retrieve ROTPK if the ROT verification is
desired. This is not nice.
This commit improves plat_get_rotpk_info() implementation and automates
the ROTPK deployment. UniPhier platform has no ROTPK storage, so it
should be embedded in BL1/BL2, like ARM_ROTPK_LOCATION=devel_rsa case.
This makes sense because UniPhier platform implements its internal ROM
i.e. BL1 is used as updatable pseudo ROM.
Things work like this:
- ROT_KEY (default: $(BUILD_PLAT)/rot_key.pem) is created if missing.
Users can override ROT_KEY from the command line if they want to
use a specific ROT key.
- ROTPK_HASH is generated based on ROT_KEY.
- ROTPK_HASH is included by uniphier_rotpk.S and compiled into BL1/BL2.
Varun Wadekar [Fri, 16 Jun 2017 21:15:34 +0000 (14:15 -0700)]
xlat_tables_v2: fix signed/unsigned comparisons
This patch changes input param level in xlat_tables_print_internal() to
an unsigned int to fix the signed/unsigned comparison warnings. The
compiler complains about these warnings, thus halting the build flow
for Tegra platforms.
Change-Id: Ieccc262a63daca7a26ca6a14d81466397af8b89f Signed-off-by: Varun Wadekar <vwadekar@nvidia.com> Signed-off-by: David Cunado <david.cunado@arm.com>
David Cunado [Thu, 1 Jun 2017 11:48:39 +0000 (12:48 +0100)]
Resolve build errors flagged by GCC 6.2
With GCC 6.2 compiler, more C undefined behaviour is being flagged as
warnings, which result in build errors in ARM TF build.
This patch addresses issue caused by enums with values that exceed
maximum value for an int. For these cases the enum is converted to
a set of defines.
Change-Id: I5114164be10d86d5beef3ea1ed9be5863855144d Signed-off-by: David Cunado <david.cunado@arm.com>
Leo Yan [Thu, 15 Jun 2017 05:51:22 +0000 (13:51 +0800)]
plat: Hikey960: fix the CPU hotplug
In CPU off callback function, the old code uses the function
hisi_test_pwrdn_allcores() to check if all CPUs in cluster have been
powered off and if it's valid then power off the whole cluster. But the
function hisi_test_pwrdn_allcores() only maintains the different power
states only for CPU suspend/resume flow, so it cannot return correct
states for CPU on/off flow.
This patch is to change use hisi_test_cpu_down() to check if all CPUs
have been powered off, so that can power off the whole cluster properly
when all CPUs in cluster have been hotplugged off.
Signed-off-by: Tao Wang <kevin.wangtao@hisilicon.com> Signed-off-by: Leo Yan <leo.yan@linaro.org>
jagadeesh ujja [Thu, 11 May 2017 11:02:18 +0000 (16:32 +0530)]
CSS:Fix scpi "get_power_state" when ARM_PLAT_MT is set
The ARM_PLAT_MT bit enables the support for MT bit in
MPIDR format. This means that the level 0 affinity
represents the thread and CPU / Cluster levels are
at affinity level 1 and 2 respectively.
This was not catered for in the scpi 'css_scp_get_power_state, API.
Since the SCPI driver can only cater for single threaded CPUs,
this patch fixes the problem by catering for this shift by
effectively ignoring the Thread (level 0) affinity level.
Anthony Zhou [Mon, 6 Mar 2017 08:06:45 +0000 (16:06 +0800)]
Tegra186: mce: fix MISRA defects
Main fixes:
* Added explicit casts (e.g. 0U) to integers in order for them to be
compatible with whatever operation they're used in [Rule 10.1]
* Force operands of an operator to the same type category [Rule 10.4]
* Added curly braces ({}) around if/while statements in order to
make them compound [Rule 15.6]
* Added parentheses [Rule 12.1]
* Voided non C-library functions whose return types are not used [Rule 17.7]
Change-Id: I91404edec2e2194b1ce2672d2a3fc6a1f5bf41f1 Signed-off-by: Anthony Zhou <anzhou@nvidia.com> Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Varun Wadekar [Fri, 26 May 2017 01:06:59 +0000 (18:06 -0700)]
Tegra: gic: fix MISRA defects
Main fixes:
* Use int32_t replace int, use uint32_t replace unsign int [Rule 4.6]
* Added explicit casts (e.g. 0U) to integers in order for them to be
compatible with whatever operation they're used in [Rule 10.1]
* Force operands of an operator to the same type category [Rule 10.4]
* Fixed assert/if statements conditions to be essentially boolean [Rule 14.4]
* Added curly braces ({}) around if statements in order to
make them compound [Rule 15.6]
* Convert macros form headers to unsigned ints
Change-Id: I8051cc16499cece2039c9751bd347645f40f0901 Signed-off-by: Anthony Zhou <anzhou@nvidia.com> Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds explicit casts (U(x)) to integers in the tegra_def.h
headers, to make them compatible with whatever operation they're used
in [MISRA-C Rule 10.1]
This patch enables the 'sign-compare' flag, to enable warning/errors
for comparisons between signed/unsigned variables. The warning has
been enabled for all the Tegra platforms, to start with.
Soren Brinkmann [Wed, 7 Jun 2017 16:51:26 +0000 (09:51 -0700)]
tegra: Fix build errors
The 'impl' variable is guarded by the symbol DEBUG, but used in an INFO
level print statement. INFO is defined based on LOG_LEVEL. Hence, builds
would fail when
- DEBUG=0 && LOG_LEVEL>=LOG_LEVEL_INFO with a variable used but not defined
- DEBUG=1 && LOG_LEVEL<LOG_LEVEL_INFO with a variable defined but not used
Fixing this by guarding impl with the same condition that guards INFO.
projects / arm-tf.git / log