Use the new __deprecated macro from the generic cdefs header and remove
the deprecated __warn_deprecated.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
This patch adds a brief description of 'MAX_MMAP_REGIONS' and
'ADDR_SPACE_SIZE' to the Porting Guide. These fields must be defined
by the platform in order to use the translation table library.
Change-Id: Ida366458fe2bc01979091a014dc38da0fae5991e
This patch rearranges fields of the `image_desc_t` & `auth_img_desc_t`
data structures to reduce padding between the fields and thereby
save memory.
NOTE: Platform ports which anonymously initialize these structures
should be aware of the rearrangement and do the required
modification.
Change-Id: I428b5429632797b31d5bd306174599c07e24c060
This patch changes the anonymous initialization of `rt_svc_desc_t` structure
by the `DECLARE_RT_SVC` macro to designated initialization. This makes the
code more robust and less sensitive to potential changes to the
`rt_svc_desc_t` structure.
Change-Id: If6f1586730c0d29d92ef09e07eff7dd0d22857c7
This patch enables the ARM Cortex-A72 support in BL1 and BL31 on FVP.
This allows the same TF binaries to run on a Cortex-A72 based FVP
without recompiling them.
Change-Id: I4eb6bbad9f0e5d8704613f7c685c3bd22b45cf47
This patch adds support for ARM Cortex-A35 processor in the CPU
specific framework, as described in the Cortex-A35 TRM (r0p0).
Change-Id: Ief930a0bdf6cd82f6cb1c3b106f591a71c883464
This patch fixes a couple of issues in the "CPU specific operations
framework" section in the Firmware Design document.
* Fix broken link to the CPU Specific Build Macros document.
* Fix the path to the cortex_a53.S file.
* Fix power levels terminology.
Change-Id: Ib610791eaba13dab2823b7699bb63534bcd1c8fb
The help message printed by the cert_create tool using the command
line option -h (or --help) does not correctly list all the available
command line options.
This patch reworks the print_help() function to print the help
messages in a data driven approach. For each command line option
registered, an optional help message can be specified, which will
be printed by print_help().
Help messages for the TBBR options (certificates, keys and images)
are also provided.
Fix a small bug in the short options string passed to getopt_long:
the ':' was missing in the '-a' option (this option must take an
argument).
FixesARM-software/tf-issues#337
Change-Id: I9d08c2dfd349022808fcc884724f677eefdc1452
The fip_create tool specifies images in the command line using the
ARM TF naming convention (--bl2, --bl31, etc), while the cert_create
tool uses the TBBR convention (--tb-fw, --soc-fw, etc). This double
convention is confusing and should be aligned.
This patch updates the fip_create command line options to follow the
TBBR naming convention. Usage examples in the User Guide have been
also updated.
NOTE: users that build the FIP by calling the fip_create tool directly
from the command line must update the command line options in their
scripts. Users that build the FIP by invoking the main ARM TF Makefile
should not notice any difference.
Change-Id: I84d602630a2585e558d927b50dfde4dd2112496f
By default ARM TF is built with the '-pedantic' compiler flag, which
helps detecting violations of the C standard. However, the mbed TLS
library and its associated authentication module in TF used to fail
building with this compiler flag. As a workaround, the mbed TLS
authentication module makefile used to set the 'DISABLE_PEDANTIC'
TF build flag.
The compiler errors flagged by '-pedantic' in the mbed TLS library
have been fixed between versions 1.3.9 and 2.2.0 and the library now
properly builds with this compiler flag.
This patch fixes the remaining compiler errors in the mbed TLS
authentication module in TF and unsets the 'DISABLE_PEDANTIC' TF
build flag. This means that TF is now always built with '-pedantic'.
In particular, this patch:
* Removes the final semi-colon in REGISTER_COT() macro.
This semi-colon was causing the following error message:
drivers/auth/tbbr/tbbr_cot.c:544:23: error: ISO C does not allow
extra ';' outside of a function [-Werror=pedantic]
This has been fixed both in the mbed TLS authentication module
as well as in the certificate generation tool. Note that the latter
code didn't need fixing since it is not built with '-pedantic' but
the change has been propagated for consistency.
Also fixed the REGISTER_KEYS() and REGISTER_EXTENSIONS() macros,
which were suffering from the same issue.
* Fixes a pointer type.
It was causing the following error message:
drivers/auth/mbedtls/mbedtls_crypto.c: In function 'verify_hash':
drivers/auth/mbedtls/mbedtls_crypto.c:177:42: error: pointer of
type 'void *' used in arithmetic [-Werror=pointer-arith]
Change-Id: I7b7a04ef711efd65e17b5be26990d1a0d940257d
The 'ret' was missing in console_uninit() implementation, so the
program doesn't return from console_uninit(). Instead, it keeps
executing the following instructions which is not expected.
Change-Id: I810684f37f61c41c6f95a3bb36914d0765da8571
Signed-off-by: Jimmy Huang <jimmy.huang@mediatek.com>
Remove the following redundant sentence from the user guide, which
implies the user should use the TF version from the Linaro release,
which was not the intention:
"However, the rest of this document assumes that you got the
Trusted Firmware as part of the Linaro release."
Also, tidied up the grammar in this section.
Change-Id: I5dae0b68d3683e2a85a7b3c6a31222182a66f6c8
Update `contributing.md` to make it clear that contributors should
wait for ARM to confirm acceptance of the completed CLA before
making contributions.
Change-Id: Ide62d893ad8cc0d2a0949c16605cd8689d9624bf
fvp_pwr_domain_on() used to program the CPUs mailbox. This changed
with commit 804040d10 but the comment documenting this code still
refers to the mailbox programming. This patch removes this out-dated
information.
Change-Id: Ibfe2a426bdda6e71f20c83a99cb223ceca9c559c
This patch adds design documentation for the Firmware Update (FWU)
feature in `firmware-update.md`. It provides an overview of FWU,
describes the BL1 SMC interface, and includes diagrams showing
an example FWU boot flow and the FWU state machine.
This patch also updates the existing TF documents where needed:
* `porting-guide.md`
* `user-guide.md`
* `firmware-design.md`
* `rt-svc-writers-guide.md`
* `trusted_board_boot.md`
Change-Id: Ie6de31544429b18f01327bd763175e218299a4ce
Co-Authored-By: Dan Handley <dan.handley@arm.com>
This patch introduces a new document presenting the ARM Trusted
Firmware Reset Design. It shows the reset code flow, lists the
different build options that affect it, in which case to use them
and what their exact effect is.
The section about using BL31 entrypoint as the reset address has
been moved from the general firmware design document to this one.
It's also been improved to explain why the FVP port supports the
RESET_TO_BL31 configuration, even though the reset vector address
can't be programmed dynamically.
This document includes some images, which have been generated using
Dia version 0.97.2. This tool can be obtained from:
https://wiki.gnome.org/Apps/Dia/Download
This patch provides:
- the image files describing the different reset flow diagrams;
- the source '.dia' file;
- a script automating the generation of the images from the '.dia'
file.
Note that the 2 latter files are not actually needed for the document
and are provided for convenience only, in case the reset images need
to be modified.
Change-Id: Ib6302e8209d418a5b31c4e85e55fd9e83caf2ca2
The current FWU_SMC_UPDATE_DONE implementation incorrectly passes
an unused framework cookie through to the 1st argument in the
platform function `bl1_plat_fwu_done`. The intent is to allow
the SMC caller to pass a cookie through to this function.
This patch fixes FWU_SMC_UPDATE_DONE to pass x1 from the caller
through to `bl1_plat_fwu_done`. The argument names are updated
for clarity.
Upstream platforms currently do not use this argument so no
impact is expected.
Change-Id: I107f4b51eb03e7394f66d9a534ffab1cbc09a9b2
The current implementation of FWU_SMC_IMAGE_RESUME when called
from the normal world, uses the provided image_id argument to
determine which secure image to resume into. This implies that
the normal world has a choice of which secure image to resume
into when in fact it is only possible to resume into the
previously interrupted secure image.
This patch removes the argument, tightens up the pre-conditions
for the SMC and adds additional asserts.
The pre-conditions for FWU_SMC_SEC_IMAGE_DONE are also
tightened up.
Change-Id: Ia5a46753bb01e8f8dad8a2999314f90db8f300e8
This patch updates the relevant documentation in ARM Trusted Firmware
for the new GIC drivers. The user-guide.md and porting-guide.md have been
updated as follows:
* The build option to compile Trusted Firmware with different GIC drivers
for FVP has been explained in the user-guide.md.
* The implementation details of interrupt management framework porting
APIs for GICv3 have been added in porting-guide.md.
* The Linaro tracking kernel release does not work OOB in GICv3 mode.
The instructions for changing UEFI configuration in order to run with
the new GICv3 driver in ARM TF have been added to user-guide.md.
The interrupt-framework-design.md has been updated as follows:
* Describes support for registering and handling interrupts targeted to EL3
e.g. Group 0 interrupts in GICv3.
* Describes the build option `TSP_NS_INTR_ASYNC_PREEMPT` in detail.
* Describes preemption of TSP in S-EL1 by non secure interrupts and
also possibly by higher priority EL3 interrupts.
* Describes the normal world sequence for issuing `standard` SMC calls.
* Modifies the document to correspond to the current state of interrupt
handling in TSPD and TSP.
* Modifies the various functions names in the document to reflect
the current names used in code.
Change-Id: I78c9514b5be834f193405aad3c1752a4a9e27a6c
The implementation of FWU_SMC_IMAGE_AUTH performs a number of
pre-condition checks before authenticating the image. One of
these checks calls `bl1_plat_mem_check()` to ensure the image
source is mapped in when authenticating an image in place.
The framework incorrectly passes the security state of the
caller into this function instead of the security state of
the source image.
This patch corrects the defect. The defect would only
manifest itself for secure world callers authenticating
non-secure images in place, which is not done by current
upstream platforms.
Change-Id: I617c7b43e02ac7149f266aeaf3874316e62f3003
This patch removes the dash character from the image name, to
follow the image terminology in the Trusted Firmware Wiki page:
https://github.com/ARM-software/arm-trusted-firmware/wiki
Changes apply to output messages, comments and documentation.
non-ARM platform files have been left unmodified.
Change-Id: Ic2a99be4ed929d52afbeb27ac765ceffce46ed76
This patch replaces all references to the SCP Firmware (BL0, BL30,
BL3-0, bl30) with the image terminology detailed in the TF wiki
(https://github.com/ARM-software/arm-trusted-firmware/wiki):
BL0 --> SCP_BL1
BL30, BL3-0 --> SCP_BL2
bl30 --> scp_bl2
This change affects code, documentation, build system, tools and
platform ports that load SCP firmware. ARM plaforms have been
updated to the new porting API.
IMPORTANT: build option to specify the SCP FW image has changed:
BL30 --> SCP_BL2
IMPORTANT: This patch breaks compatibility for platforms that use BL2
to load SCP firmware. Affected platforms must be updated as follows:
BL30_IMAGE_ID --> SCP_BL2_IMAGE_ID
BL30_BASE --> SCP_BL2_BASE
bl2_plat_get_bl30_meminfo() --> bl2_plat_get_scp_bl2_meminfo()
bl2_plat_handle_bl30() --> bl2_plat_handle_scp_bl2()
Change-Id: I24c4c1a4f0e4b9f17c9e4929da815c4069549e58
Soren Brinkmann
danh-arm
Juan Castillo
Soby Mathew
Sandrine Bailleux
Jimmy Huang
Yatharth Kochar
Olivier Martin