This patch adds support for TBB to rpi3. The ROTPK is generated at build
time and is included into BL1/BL2. The key and content certificates are
read over semihosting.
Tested-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
It is useful to have LOG_LEVEL_VERBOSE because it prints the memory map
of each image, but that also means that the change_mem_attributes and
get_mem_attributes functions have verbose prints, and generate a too
long text output that hides other useful information.
As they were mostly there for debug purposes, this patch removes them.
Change-Id: I2986537377d1f78be2b79cc8a6cf230c380bdb55
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The previous debug output for EL1&0 translation regimes was too verbose,
which makes it hard to read and hides the intent behind the parameters
assigned to each region. This patch simplifies this output and makes the
outputs for EL3 and EL1&0 mostly the same. The difference is that in
EL1&0 it is specified whether the region is exclusively accessible from
EL1 (PRIV) or both EL0 and EL1 (USER).
For example:
MEM-RW(PRIV)-NOACCESS(USER)-XN(PRIV)-XN(USER)-S
MEM-RO(PRIV)-NOACCESS(USER)-EXEC(PRIV)-EXEC(USER)-S
After the change, it becomes this:
MEM-RW-XN-PRIV-S
MEM-RO-EXEC-PRIV-S
Change-Id: I15f4b99058429d42107fbf89e15f4838a9b559a5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Instead of having one big file with all the code, it's better to have
a few smaller files that are more manageable:
- xlat_tables_core.c: Code related to the core functionality of the
library (map and unmap regions, initialize xlat context).
- xlat_tables_context.c: Instantiation of the active image context
as well as APIs to manipulate it.
- xlat_tables_utils.c: Helper code that isn't part of the core
functionality (change attributes, debug print messages).
Change-Id: I3ea956fc1afd7473c0bb5e7c6aab3b2e5d88c711
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
To wake a core from wfi interrupts must be enabled, in some cases they
may not be and so we can lock up here. Unconditionally enable interrupts
before wfi and then restore interrupt state.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Actions may need to be taken by the last core when all clusters
have been shutdown. Add a top level root domain node to coordinate
this between clusters.
Signed-off-by: Andrew F. Davis <afd@ti.com>
As Samuel contributed most of the original code and he has an interest
in that, add him as a second maintainer for the Allwinner port.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
So far we already support booting on two different SoCs, and we will
shortly add a third, so add some code to determine the current SoC type.
This can be later used to runtime detect certain properties.
Also print the SoC name to the console, to give valuable debug information.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
There is nothing we need from the BootROM area, so we also don't need
to map it in EL3.
Remove the mapping and reduce the number of MMAP regions by one.
Reported-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The DRAM controller supports up to 4GB of DRAM, and there are actually
boards out there where we can use at least 3GB of this.
Relax the PSCI entry point check, to be not restricted to 2GB of DRAM.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The "#ifdef SUNXI_SPC_BASE" guard was meant to allow the build on SoCs
without a Secure Peripherals Controller, so that we skip that part of
the security setup. But in the current position this will trigger a
warning about an unused variable.
Simply move the guard one line up to cover the variable as well.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The "INFO" output in sunxi_cpu_ops.c is quite verbose, so make this more
obvious by changing the log level to "VERBOSE" and so avoiding it to
be printed in a normal (even debug) build.
Reported-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The relative VER_REG *offset* is the same across all known SoCs, so we
can define this offset near it's user.
Remove it from the memory map.
Reported-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Add two empty lines to denote the paragraphs properly and improve
readability.
Reported-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Some code in sunxi_common.c requires symbols defined in sunxi_private.h,
so add the header to that file.
It was included via another header before, but let's make this explicit.
Reported-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch is an attempt to run Trusted OS (OP-TEE OS being one of them) along
side BL31 image.
ATF supports multiple SPD's that can take dispatcher name (opteed for OP-TEE OS)
as an input using the 'SPD=<dispatcher name>' option during bl31 build.
Signed-off-by: Amit Singh Tomar <amittomer25@gmail.com>
The previous format was not very practical and hard to parse by
scripts. The current format is easier as it uses more tokens that can be
identified by scripts, while maintaining a reasonably good result when
it is rendered.
Some maintainers maintain more than one subsystem but they were all
part of the same entry. In cases like this the entry has been split
into two to clarify what file belongs to which subsystem.
The list of maintainers of the Trusted Firmware has been updated.
Change-Id: I4be2d527c5171e8d2d86fb49e45e1d9dbcbd2d80
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Previously, data caches were disabled while enabling MMU only because of
active stack. Now that we can enable MMU without using stack, we can
enable both MMU and data caches at the same time.
Change-Id: I73f3b8bae5178610e17e9ad06f81f8f6f97734a6
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Having an active stack while enabling MMU has shown coherency problems.
This patch builds on top of translation library changes that introduces
MMU-enabling without using stacks.
Previously, with HW_ASSISTED_COHERENCY, data caches were disabled while
enabling MMU only because of active stack. Now that we can enable MMU
without using stack, we can enable both MMU and data caches at the same
time.
NOTE: Since this feature depends on using translation table library v2,
disallow using translation table library v1 with HW_ASSISTED_COHERENCY.
FixesARM-software/tf-issues#566
Change-Id: Ie55aba0c23ee9c5109eb3454cb8fa45d74f8bbb2
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
An earlier patch split MMU-enabling function for translation library v2.
Although we don't intend to introduce the exact same functionality for
xlat v1, this patch introduces stubs for directly enabling MMU to
maintain API-compatibility.
Change-Id: Id7d56e124c80af71de999fcda10f1734b50bca97
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
At present, the function provided by the translation library to enable
MMU constructs appropriate values for translation library, and programs
them to the right registers. The construction of initial values,
however, is only required once as both the primary and secondaries
program the same values.
Additionally, the MMU-enabling function is written in C, which means
there's an active stack at the time of enabling MMU. On some systems,
like Arm DynamIQ, having active stack while enabling MMU during warm
boot might lead to coherency problems.
This patch addresses both the above problems by:
- Splitting the MMU-enabling function into two: one that sets up
values to be programmed into the registers, and another one that
takes the pre-computed values and writes to the appropriate
registers. With this, the primary effectively calls both functions
to have the MMU enabled, but secondaries only need to call the
latter.
- Rewriting the function that enables MMU in assembly so that it
doesn't use stack.
This patch fixes a bunch of MISRA issues on the way.
Change-Id: I0faca97263a970ffe765f0e731a1417e43fbfc45
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Print_help was used in different contexts and returning no
error in that function was hiding the error when incorrect
options were used.
Change-Id: Ic3f71748be7ff8440c9d54810b986e9f177f4439
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
The meaning of them wasn't clear in the header file, it was needed to
search the code for the places where they are used.
Add parentheses to macros in the same header.
Change-Id: I700bc0fd75ccfc0a34f439cb3b2692861bb73b9b
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Currenly the CNTFRQ register and system timer is initialized in BL31 for
use by the normal world. During firmware update, the NS-BL1 or NS-BL2U
may need to access the system timer. Hence this patch duplicates the
CNTFRQ and system timer initialization in BL1 as well.
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I1ede78b4ae64080fb418cb93f3e48b26d7b724dc
Set the ability to dynamically disable Trusted Boot Board
authentication to be off by default
Change-Id: Ibd2aa179179f7d9b0e7731c6e450f200a8c67529
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
In the case of the platform max power level being less than the system
power level, make sure to not overrun the array of power states.
This fixes Coverity Scan OVERRUN defect CID 267021.
Change-Id: I52646ab9be2fceeb5c331b5dad7a6267991f4197
Signed-off-by: Nariman Poushin <nariman.poushin@linaro.org>
This is to fix a number of Coverity Scan DEADCODE defects, CID numbers
listed below, as reported from
https://scan.coverity.com/projects/arm-software-arm-trusted-firmware
CID 267023
CID 267022
CID 267020
Change-Id: I2963a799b210149e84ccab5c5b9082267ddfe337
Signed-off-by: Nariman Poushin <nariman.poushin@linaro.org>
This patch is an attempt to run Trusted OS (OP-TEE OS being one of them) along
side BL31 image.
ATF supports multiple SPD's that can take dispatcher name (opteed for OP-TEE OS)
as an input using the 'SPD=<dispatcher name>' option during bl31 build.
Signed-off-by: Amit Singh Tomar <amittomer25@gmail.com>
Socionext has multiple product lines. The UniPhier is not the only
platform any more. Correct the maintainership.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
In the porting guide, there are blue boxes that describe the argument
types and the return type of each function. A small typo caused some of
these boxes not being properly rendered.
In the user guide, small typos were fixed that caused random text being
unintentionally rendered as bold. Also, a slight rewording was done in
the section describing the DYN_DISABLE_AUTH flag.
Change-Id: I57303ca609436a82162fa9b42c06b0d5a63da6df
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
The function end_sdei_explicit_dispatch() was intended to be
end_sdei_synchronous_dispatch() which does the opposite of
begin_sdei_synchronous_dispatch(). This patch fixes that.
No functional changes.
Change-Id: I141bd91eb342ecf4ddfd05b49513eee4549e7a56
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
commit 2ccfcb2ea5 ("SDEI: Determine client
EL from NS context's SCR_EL3") intended to read from SCR_EL3, but
wrongly read from SPSR_EL3 instead. This patch fixes that.
Change-Id: I8ffea39cc98ef59cb8e7a4c6ef4cb12011c58536
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The Commit cdb6ac94ec introduced a bug
because of which the SDEI dispatcher wrongly panic when an SDEI event
dispatched earlier as a result of interrupt. This patch fixes the check
for a bound interrupt.
Change-Id: If55c8f0422ff781731248bbbc9c1b59fa0d3c4b0
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Ying-Chun Liu (PaulLiu)
Dimitris Papastamos
Antonio Nino Diaz
Andrew F. Davis
Andre Przywara
Amit Singh Tomar
Jeenu Viswambharan
Roberto Vargas
Soby Mathew
Daniel Boulby
Nariman Poushin
Masahiro Yamada
John Tsichritzis