andrius
/
arm-trusted-firmware
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge "Update change log for v2.2 Release" into integration

This commit is contained in:
Paul Beesley 2019-10-22 13:35:44 +00:00 committed by TrustedFirmware Code Review
parent e654a0e381 77caea2960
commit c381ab6897
1 changed files with 416 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

416
docs/change-log.rst
View File

@ -4,6 +4,422 @@ Change Log & Release Notes
This document contains a summary of the new features, changes, fixes and known
issues in each release of Trusted Firmware-A.
Version 2.2
-----------
New Features
^^^^^^^^^^^^
- Architecture
- Enable Pointer Authentication (PAuth) support for Secure World
- Adds support for ARMv8.3-PAuth in BL1 SMC calls and
BL2U image for firmware updates.
- Enable Memory Tagging Extension (MTE) support in both secure and non-secure
worlds
- Adds support for the new Memory Tagging Extension arriving in
ARMv8.5. MTE support is now enabled by default on systems that
support it at EL0.
- To enable it at ELx for both the non-secure and the secure
world, the compiler flag ``CTX_INCLUDE_MTE_REGS`` includes register
saving and restoring when necessary in order to prevent information
leakage between the worlds.
- Add support for Branch Target Identification (BTI)
- Build System
- Modify FVP makefile for CPUs that support both AArch64/32
- AArch32: Allow compiling with soft-float toolchain
- Makefile: Add default warning flags
- Add Makefile check for PAuth and AArch64
- Add compile-time errors for HW_ASSISTED_COHERENCY flag
- Apply compile-time check for AArch64-only CPUs
- build_macros: Add mechanism to prevent bin generation.
- Add support for default stack-protector flag
- spd: opteed: Enable NS_TIMER_SWITCH
- plat/arm: Skip BL2U if RESET_TO_SP_MIN flag is set
- Add new build option to let each platform select which implementation of spinlocks
it wants to use
- CPU Support
- DSU: Workaround for erratum 798953 and 936184
- Neoverse N1: Force cacheable atomic to near atomic
- Neoverse N1: Workaround for erratum 1073348, 1130799, 1165347, 1207823,
1220197, 1257314, 1262606, 1262888, 1275112, 1315703, 1542419
- Neoverse Zeus: Apply the MSR SSBS instruction
- cortex-a76AE: Support added for Cortex-A76AE CPU
- cortex-a76: Workaround for erratum 1257314, 1262606, 1262888, 1275112,
1286807
- cortex-a65/a65AE: Support added for Cortex-A65 and Cortex-A65AE CPUs
- cortex-a65: Enable AMU for Cortex-A65
- cortex-a55: Workaround for erratum 1221012
- cortex-a35: Workaround for erratum 855472
- cortex-a9: Workaround for erratum 794073
- Drivers
- console: Allow the console to register multiple times
- delay: Timeout detection support
- gicv3: Enabled multi-socket GIC redistributor frame discovery and migrated
ARM platforms to the new API
- Adds ``gicv3_rdistif_probe`` function that delegates the responsibility
of discovering the corresponding redistributor base frame to each CPU
itself.
- sbsa: Add SBSA watchdog driver
- st/stm32_hash: Add HASH driver
- ti/uart: Add an AArch32 variant
- Library at ROM (romlib)
- Introduce BTI support in Library at ROM (romlib)
- New Platforms Support
- amlogic: g12a: New platform support added for the S905X2 (G12A) platform
- amlogic: meson/gxl: New platform support added for Amlogic Meson
S905x (GXL)
- arm/a5ds: New platform support added for A5 DesignStart
- arm/corstone: New platform support added for Corstone-700
- intel: New platform support added for Agilex
- mediatek: New platform support added for MediaTek mt8183
- qemu/qemu_sbsa: New platform support added for QEMU SBSA platform
- renesas/rcar_gen3: plat: New platform support added for D3
- rockchip: New platform support added for px30
- rockchip: New platform support added for rk3288
- rpi: New platform support added for Raspberry Pi 4
- Platforms
- arm/common: Introduce wrapper functions to setup secure watchdog
- arm/fvp: Add Delay Timer driver to BL1 and BL31 and option for defining
platform DRAM2 base
- arm/fvp: Add Linux DTS files for 32 bit threaded FVPs
- arm/n1sdp: Add code for DDR ECC enablement and BL33 copy to DDR, Initialise CNTFRQ
in Non Secure CNTBaseN
- arm/juno: Use shared mbedtls heap between BL1 and BL2 and add basic support for
dynamic config
- imx: Basic support for PicoPi iMX7D, rdc module init, caam module init,
aipstz init, IMX_SIP_GET_SOC_INFO, IMX_SIP_BUILDINFO added
- intel: Add ncore ccu driver
- mediatek/mt81*: Use new bl31_params_parse() helper
- nvidia: tegra: Add support for multi console interface
- qemu/qemu_sbsa: Adding memory mapping for both FLASH0/FLASH1
- qemu: Added gicv3 support, new console interface in AArch32, and sub-platforms
- renesas/rcar_gen3: plat: Add R-Car V3M support, new board revision for H3ULCB, DBSC4
setting before self-refresh mode
- socionext/uniphier: Support console based on multi-console
- st: stm32mp1: Add OP-TEE, Avenger96, watchdog, LpDDR3, authentication support
and general SYSCFG management
- ti/k3: common: Add support for J721E, Use coherent memory for shared data, Trap all
asynchronous bus errors to EL3
- xilinx/zynqmp: Add support for multi console interface, Initialize IPI table from
zynqmp_config_setup()
- PSCI
- Adding new optional PSCI hook ``pwr_domain_on_finish_late``
- This PSCI hook ``pwr_domain_on_finish_late`` is similar to
``pwr_domain_on_finish`` but is guaranteed to be invoked when the
respective core and cluster are participating in coherency.
- Security
- Speculative Store Bypass Safe (SSBS): Further enhance protection against Spectre
variant 4 by disabling speculative loads/stores (SPSR.SSBS bit) by default.
- UBSAN support and handlers
- Adds support for the Undefined Behaviour sanitizer. There are two types of
support offered - minimalistic trapping support which essentially immediately
crashes on undefined behaviour and full support with full debug messages.
- Tools
- cert_create: Add support for bigger RSA key sizes (3KB and 4KB),
previously the maximum size was 2KB.
- fiptool: Add support to build fiptool on Windows.
Changed
^^^^^^^
- Architecture
- Refactor ARMv8.3 Pointer Authentication support code
- backtrace: Strip PAC field when PAUTH is enabled
- Prettify crash reporting output on AArch64.
- Rework smc_unknown return code path in smc_handler
- Leverage the existing ``el3_exit()`` return routine for smc_unknown return
path rather than a custom set of instructions.
- BL-Specific
- Invalidate dcache build option for BL2 entry at EL3
- Add missing support for BL2_AT_EL3 in XIP memory
- Boot Flow
- Add helper to parse BL31 parameters (both versions)
- Factor out cross-BL API into export headers suitable for 3rd party code
- Introduce lightweight BL platform parameter library
- Drivers
- auth: Memory optimization for Chain of Trust (CoT) description
- bsec: Move bsec_mode_is_closed_device() service to platform
- cryptocell: Move Cryptocell specific API into driver
- gicv3: Prevent pending G1S interrupt from becoming G0 interrupt
- mbedtls: Remove weak heap implementation
- mmc: Increase delay between ACMD41 retries
- mmc: stm32_sdmmc2: Correctly manage block size
- mmc: stm32_sdmmc2: Manage max-frequency property from DT
- synopsys/emmc: Do not change FIFO TH as this breaks some platforms
- synopsys: Update synopsys drivers to not rely on undefined overflow behaviour
- ufs: Extend the delay after reset to wait for some slower chips
- Platforms
- amlogic/meson/gxl: Remove BL2 dependency from BL31
- arm/common: Shorten the Firmware Update (FWU) process
- arm/fvp: Remove GIC initialisation from secondary core cold boot
- arm/sgm: Temporarily disable shared Mbed TLS heap for SGM
- hisilicon: Update hisilicon drivers to not rely on undefined overflow behaviour
- imx: imx8: Replace PLAT_IMX8* with PLAT_imx8*, remove duplicated linker symbols and
deprecated code include, keep only IRQ 32 unmasked, enable all power domain by default
- marvell: Prevent SError accessing PCIe link, Switch to xlat_tables_v2, do not rely on
argument passed via smc, make sure that comphy init will use correct address
- mediatek: mt8173: Refactor RTC and PMIC drivers
- mediatek: mt8173: Apply MULTI_CONSOLE framework
- nvidia: Tegra: memctrl_v2: fix "overflow before widen" coverity issue
- qemu: Simplify the image size calculation, Move and generalise FDT PSCI fixup, move
gicv2 codes to separate file
- renesas/rcar_gen3: Convert to multi-console API, update QoS setting, Update IPL and
Secure Monitor Rev2.0.4, Change to restore timer counter value at resume, Update DDR
setting rev.0.35, qos: change subslot cycle, Change periodic write DQ training option.
- rockchip: Allow SOCs with undefined wfe check bits, Streamline and complete UARTn_BASE
macros, drop rockchip-specific imported linker symbols for bl31, Disable binary generation
for all SOCs, Allow console device to be set by DTB, Use new bl31_params_parse functions
- rpi/rpi3: Move shared rpi3 files into common directory
- socionext/uniphier: Set CONSOLE_FLAG_TRANSLATE_CRLF and clean up console driver
- socionext/uniphier: Replace DIV_ROUND_UP() with div_round_up() from utils_def.h
- st/stm32mp: Split stm32mp_io_setup function, move stm32_get_gpio_bank_clock() to private
file, correctly handle Clock Spreading Generator, move oscillator functions to generic file,
realign device tree files with internal devs, enable RTCAPB clock for dual-core chips, use a
common function to check spinlock is available, move check_header() to common code
- ti/k3: Enable SEPARATE_CODE_AND_RODATA by default, Remove shared RAM space,
Drop _ADDRESS from K3_USART_BASE to match other defines, Remove MSMC port
definitions, Allow USE_COHERENT_MEM for K3, Set L2 latency on A72 cores
- PSCI
- PSCI: Lookup list of parent nodes to lock only once
- Secure Partition Manager (SPM): SPCI Prototype
- Fix service UUID lookup
- Adjust size of virtual address space per partition
- Refactor xlat context creation
- Move shim layer to TTBR1_EL1
- Ignore empty regions in resource description
- Security
- Refactor SPSR initialisation code
- SMMUv3: Abort DMA transactions
- For security DMA should be blocked at the SMMU by default unless explicitly
enabled for a device. SMMU is disabled after reset with all streams bypassing
the SMMU, and abortion of all incoming transactions implements a default deny
policy on reset.
- Moves ``bl1_platform_setup()`` function from arm_bl1_setup.c to FVP platforms'
fvp_bl1_setup.c and fvp_ve_bl1_setup.c files.
- Tools
- cert_create: Remove RSA PKCS#1 v1.5 support
Resolved Issues
^^^^^^^^^^^^^^^
- Architecture
- Fix the CAS spinlock implementation by adding a missing DSB in ``spin_unlock()``
- AArch64: Fix SCTLR bit definitions
- Removes incorrect ``SCTLR_V_BIT`` definition and adds definitions for
ARMv8.3-Pauth `EnIB`, `EnDA` and `EnDB` bits.
- Fix restoration of PAuth context
- Replace call to ``pauth_context_save()`` with ``pauth_context_restore()`` in
case of unknown SMC call.
- BL-Specific Issues
- Fix BL31 crash reporting on AArch64 only platforms
- Build System
- Remove several warnings reported with W=2 and W=1
- Code Quality Issues
- SCTLR and ACTLR are 32-bit for AArch32 and 64-bit for AArch64
- Unify type of "cpu_idx" across PSCI module.
- Assert if power level value greater then PSCI_INVALID_PWR_LVL
- Unsigned long should not be used as per coding guidelines
- Reduce the number of memory leaks in cert_create
- Fix type of cot_desc_ptr
- Use explicit-width data types in AAPCS parameter structs
- Add python configuration for editorconfig
- BL1: Fix type consistency
- Enable -Wshift-overflow=2 to check for undefined shift behavior
- Updated upstream platforms to not rely on undefined overflow behaviour
- Coverity Quality Issues
- Remove GGC ignore -Warray-bounds
- Fix Coverity #261967, Infinite loop
- Fix Coverity #343017, Missing unlock
- Fix Coverity #343008, Side affect in assertion
- Fix Coverity #342970, Uninitialized scalar variable
- CPU Support
- cortex-a12: Fix MIDR mask
- Drivers
- console: Remove Arm console unregister on suspend
- gicv3: Fix support for full SPI range
- scmi: Fix wrong payload length
- Library Code
- libc: Fix sparse warning for __assert()
- libc: Fix memchr implementation
- Platforms
- rpi: rpi3: Fix compilation error when stack protector is enabled
- socionext/uniphier: Fix compilation fail for SPM support build config
- st/stm32mp1: Fix TZC400 configuration against non-secure DDR
- ti/k3: common: Fix RO data area size calculation
- Security
- AArch32: Disable Secure Cycle Counter
- Changes the implementation for disabling Secure Cycle Counter.
For ARMv8.5 the counter gets disabled by setting ``SDCR.SCCD`` bit on
CPU cold/warm boot. For the earlier architectures PMCR register is
saved/restored on secure world entry/exit from/to Non-secure state,
and cycle counting gets disabled by setting PMCR.DP bit.
- AArch64: Disable Secure Cycle Counter
- For ARMv8.5 the counter gets disabled by setting ``MDCR_El3.SCCD`` bit on
CPU cold/warm boot. For the earlier architectures PMCR_EL0 register is
saved/restored on secure world entry/exit from/to Non-secure state,
and cycle counting gets disabled by setting PMCR_EL0.DP bit.
Deprecations
^^^^^^^^^^^^
- Common Code
- Remove MULTI_CONSOLE_API flag and references to it
- Remove deprecated `plat_crash_console_*`
- Remove deprecated interfaces `get_afflvl_shift`, `mpidr_mask_lower_afflvls`, `eret`
- AARCH32/AARCH64 macros are now deprecated in favor of ``__aarch64__``
- ``__ASSEMBLY__`` macro is now deprecated in favor of ``__ASSEMBLER__``
- Drivers
- console: Removed legacy console API
- console: Remove deprecated finish_console_register
- tzc: Remove deprecated types `tzc_action_t` and `tzc_region_attributes_t`
- Secure Partition Manager (SPM):
- Prototype SPCI-based SPM (services/std_svc/spm) will be replaced with alternative
methods of secure partitioning support.
Known Issues
^^^^^^^^^^^^
- Build System Issues
- dtb: DTB creation not supported when building on a Windows host.
This step in the build process is skipped when running on a Windows host. A
known issue from the 1.6 release.
- Platform Issues
- arm/juno: System suspend from Linux does not function as documented in the
user guide
Following the instructions provided in the user guide document does not
result in the platform entering system suspend state as expected. A message
relating to the hdlcd driver failing to suspend will be emitted on the
Linux terminal.
- mediatek/mt6795: This platform does not build in this release
Version 2.1
-----------