Allows to select the chain of trust to use when the Trusted Boot feature
is enabled. This affects both the cert_create tool and the firmware
itself.
Right now, the only available CoT is TBBR.
Change-Id: I7ab54e66508a1416cb3fcd3dfb0f055696763b3d
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
In preparation of supporting alternate chains of trust, reword comments
and error messages that explicitly mentioned TBBR.
Change-Id: I85a0b08e16d0cd82f3b767fcc092d1f20f45939f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
It allows to select the desired chain of trust. Right now, only the TBBR
CoT is available.
At this stage, this build option only affects the tool itself. It is not
plugged into the rest of the build system yet. To use it:
> make -C tools/cert_create COT=tbbr
Change-Id: I4484418f76d3c7b330d8653c978499a181534dcd
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Move all TBBR-specific stuff out of the tool's makefile into a
sub-makefile. This will make it easier to define and select an alternate
chain of trust in the future.
Change-Id: I92e366a1999b74cf51127d1771b64b807cd94b29
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
* changes:
uniphier: make all BL images completely position-independent
uniphier: make uniphier_mmap_setup() work with PIE
uniphier: pass SCP base address as a function parameter
uniphier: set buffer offset and length for io_block dynamically
uniphier: use more mmap_add_dynamic_region() for loading images
bl_common: add BL_END macro
uniphier: turn on ENABLE_PIE
TSP: add PIE support
BL2_AT_EL3: add PIE support
BL31: discard .dynsym .dynstr .hash sections to make ENABLE_PIE work
PIE: pass PIE options only to BL31
Build: support per-BL LDFLAGS
CPUECTLR_EL1.EXTLLC bit indicates the presense of internal or external
last level cache(LLC) in the system, the reset value is internal LLC.
To cater for the platforms(like N1SDP) which has external LLC present
introduce a new build option 'NEOVERSE_N1_EXTERNAL_LLC' which can be
enabled by platform port.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ibf475fcd6fd44401897a71600f4eafe989921363
As on SGI platforms, SCPI is unsupported on SGM platforms.
Change-Id: I556ed095b9eb55b72447230ee2725d3c76160a08
Signed-off-by: Chris Kay <chris.kay@arm.com>
This platform supports multiple SoCs. The next SoC will still keep
quite similar architecture, but the memory base will be changed.
The ENABLE_PIE improves the maintainability and usability. You can reuse
a single set of BL images for other SoC/board without re-compiling TF-A
at all. This will also keep the code cleaner because it avoids #ifdef
around various base addresses.
By defining ENABLE_PIE, BL2_AT_EL3, BL31, and BL32 (TSP) are really
position-independent now. You can load them anywhere irrespective of
their link address.
Change-Id: I8d5e3124ee30012f5b3bfa278b0baff8efd2fff7
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
BL2_BASE, BL31_BASE, and BL32_BASE are defined in platform_def.h,
that is, determined at link-time.
On the other hand, BL2_END, BL31_END, and BL32_END are derived from
the symbols produced by the linker scripts. So, they are fixed-up
at run-time if ENABLE_PIE is enabled.
To make it work in a position-indepenent manner, use BL_CODE_BASE and
BL_END, both of which are relocatable.
Change-Id: Ic179a7c60eb64c5f3024b178690b3ac7cbd7521b
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Currently, UNIPHIER_SCP_BASE is hard-coded in uniphier_scp_start(),
which is not handy for PIE.
Towards the goal of making this really position-independent, pass in
image_info->image_base.
Change-Id: I88e020a1919c607b1d5ce70b116201d95773bb63
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Currently, the .buffer field in io_block_dev_spec is statically set,
which is not handy for PIE.
Towards the goal of making this really position-independent, set the
buffer length and length in the uniphier_io_block_setup() function.
Change-Id: I22b20d7b58d6ffd38f64f967a2820fca4bd7dade
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Currently, uniphier_bl2_mmap hard-codes the memory region needed for
loading other images.
Towards the goal of making this really position-independent, call
mmap_add_dynamic_region() before that region gets accessed.
Change-Id: Ieb505b91ccf2483e5f1a280accda564b33f19f11
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Currently, the end address macros are defined per BL, like BL2_END,
BL31_END, BL32_END. They are not handy in the common code shared
between multiple BL stages.
This commit introduces BL_END, which is equivalent to BL{2,31,32}_END,
and will be useful for the BL-common code.
Change-Id: I3c39bf6096d99ce920a5b9fa21c0f65456fbfe8a
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Now that various issues in the PIE support have been fixed,
this platform can enable ENABLE_PIE.
I tested BL2_AT_EL3, BL31, TSP, and all of them worked.
Change-Id: Ibc499c6bad30b7f81a42bfa7e435ce25f820bd9c
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This implementation simply mimics that of BL31.
Change-Id: Ibbaa4ca012d38ac211c52b0b3e97449947160e07
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This implementation simply mimics that of BL31.
I did not implement the ENABLE_PIE support for BL2_IN_XIP_MEM=1 case.
It would make the linker script a bit uglier.
Change-Id: If3215abd99f2758dfb232e44b50320d04eba808b
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
When I tried ENABLE_PIE for my PLAT=uniphier platform, BL31 crashed
at its entry. When it is built with ENABLE_PIE=1, some sections are
inserted before the executable code.
$ make PLAT=uniphier CROSS_COMPILE=aarch64-linux-gnu- ENABLE_PIE=1 bl31
$ aarch64-linux-gnu-objdump -h build/uniphier/release/bl31/bl31.elf | head -n 13
build/uniphier/release/bl31/bl31.elf: file format elf64-littleaarch64
Sections:
Idx Name Size VMA LMA File off Algn
0 .dynsym 000002a0 0000000081000000 0000000081000000 00010000 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
1 .dynstr 000002a0 00000000810002a0 00000000810002a0 000102a0 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
2 .hash 00000124 0000000081000540 0000000081000540 00010540 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
3 ro 0000699c 0000000081000664 0000000081000664 00010664 2**11
CONTENTS, ALLOC, LOAD, CODE
The previous stage loader generally jumps over to the base address of
BL31, where no valid instruction exists.
I checked the linker script of Linux (arch/arm64/kernel/vmlinux.lds.S)
and U-Boot (arch/arm/cpu/armv8/u-boot.lds), both of which support
relocation. They simply discard those sections.
Do similar in TF-A too.
Change-Id: I6c33e9143856765d4ffa24f3924b0ab51a17cde9
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
docs/getting_started/build-options.rst clearly says ENABLE_PIE is
currently only supported in BL31, but in fact, it has a stronger
limitation:
Defining ENABLE_PIE may corrupt BL1 and BL2. So, ENABLE_PIE is
supported only for platforms where BL31 is the only image built
in the TF-A tree.
Currently, ENABLE_PIE is enabled by two platforms,
plat/arm/common/arm_common.mk and ti/k3/common/plat_common.mk,
both of which enable ENABLE_PIE together with RESET_TO_BL31.
For platforms with the full boot sequence, ENABLE_PIE may break earlier
BL stages. For example, if I build PLAT=qemu with ENABLE_PIE=1, it
fails in BL1.
When ENABLE_PIE is enabled, PIE options are added to TF_CFLAGS and
TF_LDFLAGS, so all BL images are affected. It is problematic because
currently only the BL31 linker script handles it. Even if BL1/BL2
works, the image size would increase needlessly, at least.
Pass the PIE options only to BL images that support it.
Change-Id: I550e95148aa3c63571c8ad2081082c554a848f57
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
make_helpers/build_macros.mk supports per-BL CFLAGS. For example,
you can pass compiler flags only to BL31 by using BL31_CFLAGS.
This commit adds per-BL LDFLAGS support, which is useful as well.
My main motivation of this addition is to use it for ENABLE_PIE.
When ENABLE_PIE is enabled, some linker flags are added to TF_LDFLAGS,
which affects all the TF images. It will make more sense to pass the
relevant options only to BL images that support it.
Change-Id: I203acaab0091db5ae0ea6e66460ee7dc8d9c4d75
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
* changes:
Tegra194: mce: remove unused NVG functions
Tegra194: support for NVG interface v6.6
Tegra194: smmu: add PCIE0R1 mc reg to system suspend save list
Tegra194: enable driver for general purpose DMA engine
Tegra194: access XUSB_PADCTL registers on Si/FPGA platforms
Tegra194: organize the memory/mmio map to make it linear
Tegra194: memctrl: enable mc sid OVERRIDE for PCIE0R1
Tegra194: support for boot params wider than 32-bits
Tegra194: memctrl: set reorder depth limit for PCIE blocks
Tegra194: memctrl: program MC_TXN_OVERRIDE reg for PTCR, MPCORE and MIU
Tegra194: memctrl: set CGID_TAG_ADR instead of CGID_TAG_DEFAULT
Tegra194: memctrl: update mss reprogramming as HW PROD settings
Tegra194: memctrl: Disable PVARDC coalescer
Tegra194: memctrl: force seswr/rd transactions as passsthru & coherent
Tegra194: Request CG7 from last core in cluster
Tegra194: toggle SE clock during context save/restore
Tegra: bpmp: fix header file paths
Sandrine Bailleux
Manish Pandey
Soby Mathew
Mark Dykes
Chris Kay
Deepika Bhavnani
Masahiro Yamada