Due to differences in the bitfields of the SMC IDs, it is not possible
to support SMCCC 1.X and 2.0 at the same time.
The behaviour of `SMCCC_MAJOR_VERSION` has changed. Now, it is a build
option that specifies the major version of the SMCCC that the Trusted
Firmware supports. The only two allowed values are 1 and 2, and it
defaults to 1. The value of `SMCCC_MINOR_VERSION` is derived from it.
Note: Support for SMCCC v2.0 is an experimental feature to enable
prototyping of secure partition specifications. Support for this
convention is disabled by default and could be removed without notice.
Change-Id: I88abf9ccf08e9c66a13ce55c890edea54d9f16a7
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Add TZMP1 support on Juno and increase the BL2 size accordingly due to the
extra data structures to describe the TZC regions and the additional code.
Signed-off-by: Summer Qin <summer.qin@arm.com>
This patch introduce TF-A support for NXP's ls1043a platform.
more details information of ls1043a chip and ls1043ardb board
can be found at docs/plat/ls1043a.rst.
Boot sequence on ls1043a is: bootrom loads bl1 firstly, then bl1
loads bl2, bl2 will load bl31, bl32 and bl33, bl31 will boot
bl32(tee os) and bl33(u-boot or uefi), bl33 boot Linux kernel.
Now TF-A on ls1043ardb platform has the following features in this patch:
* Support boot from Nor flash.
* TF-A can boot bl33 which runs in el2 of non-secure world.
* TF-A boot OPTee OS.
* Support PSCI
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Signed-off-by: Chenyin.Ha <Chenyin.Ha@nxp.com>
Signed-off-by: Chenhui Zhao <chenhui.zhao@nxp.com>
Signed-off-by: jiaheng.fan <jiaheng.fan@nxp.com>
Signed-off-by: Wen He <wen.he_1@nxp.com>
In some use-cases BL2 will be stored in eXecute In Place (XIP) memory,
like BL1. In these use-cases, it is necessary to initialize the RW sections
in RAM, while leaving the RO sections in place. This patch enable this
use-case with a new build option, BL2_IN_XIP_MEM. For now, this option
is only supported when BL2_AT_EL3 is 1.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Only return -1 if the workaround for CVE-2017-5715 is not compiled in.
Change-Id: I1bd07c57d22b4a13cf51b35be141a1f1ffb065ff
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Switch to the new console APIs enabled by setting MULTI_CONSOLE_API=1.
The crash console doesn't use this API, it uses internally the core
functions of the 16550 console.
`bl31_plat_runtime_setup` is no longer needed. When this platform port
was introduced, that function used to disable the console. It was needed
to override that behaviour. The new behaviour is to switch to the
runtime console. The console is registered for all scopes (boot, crash
and runtime) in `rpi3_console_init` so it is not needed to override the
default behaviour anymore.
Update documentation.
Change-Id: If2ee8f91044216183b7ef142e5c05ad6220ae92f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
When the source code says 'SMCC' it is talking about the SMC Calling
Convention. The correct acronym is SMCCC. This affects a few definitions
and file names.
Some files have been renamed (smcc.h, smcc_helpers.h and smcc_macros.S)
but the old files have been kept for compatibility, they include the
new ones with an ERROR_DEPRECATED guard.
Change-Id: I78f94052a502436fdd97ca32c0fe86bd58173f2f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Following Out of Box testing for v1.5 release:
Update host OS version to Ubuntu 16.04
Clarify configuration files needed for checkpatch
Add note on using Linaro precompiled binaries
Change-Id: Ia4ae61e01128ddff1a288972ddf84b79370fa52c
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
The CI has been updated to run tests against the AEMv8-A RevC
model, FVP_Base_RevC-2xAEMv8A, which is available from the Fast
Model releases on Connected Community [1].
Additionally, the CI now also includes the Cortex-A55x4, Cortex-A75x4
and Cortex-A55x4-A75x4 Base models.
[1] https://developer.arm.com/products/system-design/fixed-virtual-platforms
Change-Id: I57806f3b2a8121211490a7aa0089dcae566d8635
Signed-off-by: David Cunado <david.cunado@arm.com>
Updated change-log.rst with summary of changes since
release v1.4.
Change-Id: I56b5a30d13a5a7099942535cbaeff0e2a5c5804e
Signed-off-by: David Cunado <david.cunado@arm.com>
Update Arm Trusted Firmware references in the upstream documents to
Trusted Firmware-A (TF-A). This is for consistency with and
disambiguation from Trusted Firmware-M (TF-M).
Also update other Arm trademarks, e.g. ARM->Arm, ARMv8->Armv8-A.
Change-Id: I8bb0e18af29c6744eeea2dc6c08f2c10b20ede22
Signed-off-by: Dan Handley <dan.handley@arm.com>
Signed-off-by: David Cunado <david.cunado@arm.com>
This patch updates the `firmware-design.rst` document for
changes in ARM-TF for supporting dynamic configuration features
as presented in `Secure Firmware BoF SFO'17`[1].
The patch also updates the user-guide for 2 build options for FVP
pertaining to dynamic config.
[1] https://www.slideshare.net/linaroorg/bof-device-tree-and-secure-firmware-bof-sfo17310
Change-Id: Ic099cf41e7f1a98718c39854e6286d884011d445
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Since non-TF ROM is used in HiKey960 platform (Hisilicon Hi3660 SoC),
replace BL1 by BL2_EL3 in normal boot mode.
When flush images in recovery mode, keep to use BL1.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Since non-TF ROM is used in HiKey platform (Hisilicon Hi6220 SoC),
replace BL1 by BL2_EL3 in normal boot mode.
When we recovery images in recovery mode, keep to use BL1.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
FVPs that model DynamIQ configuration implements all CPUs in a single
cluster. I.e., such models have a single cluster with more than 4 CPUs.
This differs from existing default build configuration for FVP where up
to 4 CPUs are assumed per cluster.
To allow building for DynamIQ configuration, promote the macro
FVP_MAX_CPUS_PER_CLUSTER as a build option to have it set from the build
command line. The value of the build option defaults to 4.
Change-Id: Idc3853bc95f680869b434b011c2dbd733e40c6ce
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
MISRA C-2012 Rule 7.3 violation: lowercase l shall not be used as literal suffixes.
This patch resolves this for the ULL() macro by using ULL suffix instead
of the ull suffix.
Change-Id: Ia8183c399e74677e676956e8653e82375d0e0a01
Signed-off-by: David Cunado <david.cunado@arm.com>
To make exception handling amongst Secure components, require that SDEI
exception priorities must be assigned the lowest among Secure
priorities. Clarify documentation to this effect.
Change-Id: I92524b7b7e9b3fa06a10c86372bc3c4dd18c00ad
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The `bl1_init_bl2_mem_layout()` API is now deprecated. The default weak
implementation of `bl1_plat_handle_post_image_load()` calculates the
BL2 memory layout and populates the same in x1(r1). This ensures
compatibility for the deprecated API.
Change-Id: Id44bdc1f572dc42ee6ceef4036b3a46803689315
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch adds an argument to bl1_plat_post/pre_image_load() APIs
to make it more future proof. The default implementation of
these are moved to `plat_bl1_common.c` file.
These APIs are now invoked appropriately in the FWU code path prior
to or post image loading by BL1 and are not restricted
to LOAD_IMAGE_V2.
The patch also reorganizes some common platform files. The previous
`plat_bl2_el3_common.c` and `platform_helpers_default.c` files are
merged into a new `plat_bl_common.c` file.
NOTE: The addition of an argument to the above mentioned platform APIs
is not expected to have a great impact because these APIs were only
recently added and are unlikely to be used.
Change-Id: I0519caaee0f774dd33638ff63a2e597ea178c453
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The Arm Trusted Firmware is built by default for ARMv8-A version 8.0.
However, the Foundation FVP runs by default in the highest version of
the architecture it supports. This causes problems when trying to run
the Arm Trusted Firmware on it.
This patch adds a note to the User Guide about this problem.
Change-Id: I0220fe1a9c66c2292149ad4a7ffe5e27ba08ab28
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
At present, the build option TSP_NS_INTR_ASYNC_PREEMPT controls how
Non-secure interrupt affects TSPs execution. When TSP is executing:
1. When TSP_NS_INTR_ASYNC_PREEMPT=0, Non-secure interrupts are received
at the TSP's exception vector, and TSP voluntarily preempts itself.
2. When TSP_NS_INTR_ASYNC_PREEMPT=1, Non-secure interrupts causes a
trap to EL3, which preempts TSP execution.
When EL3 exception handling is in place (i.e.,
EL3_EXCEPTION_HANDLING=1), FIQs are always trapped to EL3. On a system
with GICv3, pending NS interrupts while TSP is executing will be
signalled as FIQ (which traps to EL3). This situation necessitates the
same treatment applied to case (2) above.
Therefore, when EL3 exception handling is in place, additionally
require that TSP_NS_INTR_ASYNC_PREEMPT is set to one 1.
Strictly speaking, this is not required on a system with GICv2, but the
same model is uniformly followed regardless, for simplicity.
Relevant documentation updated.
Change-Id: I928a8ed081fb0ac96e8b1dfe9375c98384da1ccd
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
When ARM Trusted Firmware is built with EL3_EXCEPTION_HANDLING=1,
EL3 interrupts (INTR_TYPE_EL3) will always preempt both Non-secure and
secure execution.
The interrupt management framework currently treats EL3 interrupt
routing as valid. For the above reason, this patch makes them invalid
when EL3_EXCEPTION_HANDLING is in effect.
Change-Id: I95bca8f5dc8df8eb0ff6f305cfba098611522a39
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Just like bl2_, add pre/post image load handlers for BL1. No argument
is needed since BL2 is the only image loaded by BL1.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
There are cases where we need to manipulate image information before
the load. For example, for decompressing data, we cannot load the
compressed images to their final destination. Instead, we need to
load them to the temporary buffer for the decompressor.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The CnP bit documentation in the Firmware Design Guide incorrectly
used the term "Page Entries" instead of "Processing Elements".
Fix that.
Change-Id: Ie44ee99c281b7b1a9ad90fba2c7d109f12425507
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
UniPhier platform implements non-TF boot ROM. Prior to the BL2-AT-EL3
support, BL1 (worked as a pseudo ROM) was needed just for ensuring BL2
is entered at EL1-S. Now, this platform is able to avoid this waste.
Enable the BL2_AT_EL3 option, and remove BL1.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This patch expands the weak stubs for the plat_crash_console_xxx
functions in common platform code to use the new console API for crash
output. This should make crash console output "just work" for most cases
without the need for the platform to explicitly set up a crash console.
For cases where the normal console framework doesn't work (e.g. very
early crashes, before the platform can register any consoles), platforms
are still able to override the functions just like before.
This feature requires the MULTI_CONSOLE_API compile-time flag to work.
For builds which don't have it set, this patch has no practical effect.
Change-Id: I80dd161cb43f9db59a0bad2dae33c6560cfac584
Signed-off-by: Julius Werner <jwerner@chromium.org>
Update firmware-design.rst, porting-guide.rst and user-guide.rst
with the information about BL2 at EL3. Firmware-design.rst is
also update to explain how to test this feauture with FVP.
Change-Id: I86d64bc64594e13eb041cea9cefa3f7f3fa745bd
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
A new platform macro `PLAT_AMU_GROUP1_COUNTERS_MASK` controls which
group 1 counters should be enabled. The maximum number of group 1
counters supported by AMUv1 is 16 so the mask can be at most 0xffff.
If the platform does not define this mask, no group 1 counters are
enabled.
A related platform macro `PLAT_AMU_GROUP1_NR_COUNTERS` is used by
generic code to allocate an array to save and restore the counters on
CPU suspend.
Change-Id: I6d135badf4846292de931a43bb563077f42bb47b
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Invalidate the Branch Target Buffer (BTB) on entry to EL3 by disabling
and enabling the MMU. To achieve this without performing any branch
instruction, a per-cpu vbar is installed which executes the workaround
and then branches off to the corresponding vector entry in the main
vector table. A side effect of this change is that the main vbar is
configured before any reset handling. This is to allow the per-cpu
reset function to override the vbar setting.
This workaround is enabled by default on the affected CPUs.
Change-Id: I97788d38463a5840a410e3cea85ed297a1678265
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
If boot redundancy is required in BL1 then the initialization
of the boot sequence must be done in bl1_platform_setup. In BL2,
we had to add a new function, bl2_preload_setup, because
bl2_platform_setup is called after the images are loaded, making it
invalid for the boot sequence initialization.
Change-Id: I5c177ff142608ed38b4192288b06614343b2b83b
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Antonio Nino Diaz
Dimitris Papastamos
Summer Qin
Jiafei Pan
Joel Hutton
David Cunado
Dan Handley
Soby Mathew
Arve Hjønnevåg
Haojian Zhuang
Jeenu Viswambharan
Masahiro Yamada
Sandrine Bailleux
Andreas Färber
Julius Werner
Roberto Vargas