The TBBR documentation has been written along with an early
implementation of the code. At that time, the range of supported
encryption and hash algorithms was failry limited. Since then, support
for other algorithms has been added in TF-A but the documentation has
not been updated.
Instead of listing them all, which would clutter this document while
still leaving it at risk of going stale in the future, remove specific
references to the original algorithms and point the reader at the
relevant comprehensive document for further details.
Change-Id: I29dc50bc1d53b728091a1fbaa1c3970fb999f7d5
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
To accommodate the increasing size of the SCP_BL2 binary, the base
address of the memory region allocated to SCP_BL2 has been moved
downwards from its current (mostly) arbitrary address to the beginning
of the non-shared trusted SRAM.
Change-Id: I086a3765bf3ea88f45525223d765dc0dbad6b434
Signed-off-by: Chris Kay <chris.kay@arm.com>
Necessary infrastructure added to integrate fconf framework in BL31 & SP_MIN.
Created few populator() functions which parse HW_CONFIG device tree
and registered them with fconf framework. Many of the changes are
only applicable for fvp platform.
This patch:
1. Adds necessary symbols and sections in BL31, SP_MIN linker script
2. Adds necessary memory map entry for translation in BL31, SP_MIN
3. Creates an abstraction layer for hardware configuration based on
fconf framework
4. Adds necessary changes to build flow (makefiles)
5. Minimal callback to read hw_config dtb for capturing properties
related to GIC(interrupt-controller node)
6. updates the fconf documentation
Change-Id: Ib6292071f674ef093962b9e8ba0d322b7bf919af
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Update qemu documentation with instructions to boot using FIP image.
Also, add option to build TF-A with TBBR and firmware encryption
enabled.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: Ib3af485d413cd595352034c82c2268d7f4cb120a
This patch provides a fix for incorrect crash dump data for
lower EL when TF-A is built with HANDLE_EA_EL3_FIRST=1 option
which enables routing of External Aborts and SErrors to EL3.
Change-Id: I9d5e6775e6aad21db5b78362da6c3a3d897df977
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Add framework for autheticated decryption of data. Currently this
patch optionally imports mbedtls library as a backend if build option
"DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption
using AES-GCM algorithm.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271
In commit 516beb585c ("TBB: apply TBBR naming
convention to certificates and extensions"), some of the variables used in the
TBBR chain of trust got renamed but the documentation did not get properly
updated everywhere to reflect these changes.
Change-Id: Ie8e2146882c2d3538c5b8c968d1bdaf5ea2a6e53
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Cortex-A65x4 and Cortex-A65AEx8 is now included in the list of the
supported Arm Fixed Virtual Platforms.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: Ibfcaec11bc75549d60455e96858d79b679e71e5e
The maintainers.rst file lists files and directories that each contributor looks
after in the TF-A source tree. As files and directories move around over time,
some pathnames had become invalid. Fix them, either by updating the path if
it has just moved, or deleting it altogether if it doesn't seem to exist
anymore.
Change-Id: Idb6ff4d8d0b593138d4f555ec206abcf68b0064f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
It is needed to make it appear in the table of contents. Right now,
all Amlogic documentation pages appear under the "Platform ports"
section, except the AXG one.
Change-Id: Ibcfc3b156888d2a9574953578978b629e185c708
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Till now TF-A allows limited number of external images to be made part
of FIP. With SPM coming along, there may exist multiple SP packages
which need to be inserted into FIP. To achieve this we need a more
scalable approach to feed SP packages to FIP.
This patch introduces changes in build system to generate and add SP
packages into FIP based on information provided by platform.
Platform provides information in form of JSON which contains layout
description of available Secure Partitions.
JSON parser script is invoked by build system early on and generates
a makefile which updates FIP, SPTOOL and FDT arguments which will be
used by build system later on for final packaging.
"SP_LAYOUT_FILE" passed as a build argument and can be outside of TF-A
tree. This option will be used only when SPD=spmd.
For each SP, generated makefile will have following entries
- FDT_SOURCES += sp1.dts
- SPTOOL_ARGS += -i sp1.img:sp1.dtb -o sp1.pkg
- FIP_ARGS += --blob uuid=XXXX-XXX...,file=SP1.pkg
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib6a9c064400caa3cd825d9886008a3af67741af7
The CPUACTLR_EL1 register on Cortex-A57 CPUs supports a bit to enable
non-cacheable streaming enhancement. Platforms can set this bit only
if their memory system meets the requirement that cache line fill
requests from the Cortex-A57 processor are atomic.
This patch adds support to enable higher performance non-cacheable load
forwarding for such platforms. Platforms must enable this support by
setting the 'A57_ENABLE_NONCACHEABLE_LOAD_FWD' flag from their
makefiles. This flag is disabled by default.
Change-Id: Ib27e55dd68d11a50962c0bbc5b89072208b4bac5
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
When TF-A is built with RESET_TO_BL31=1 option, BL31 is the
first image to be run and should have all the memory allocated
to it except for the memory reserved for Shared RAM at the start
of Trusted SRAM.
This patch fixes FVP BL31 load address and its image size for
RESET_TO_BL31=1 option. BL31 startup address should be set to
0x400_1000 and its maximum image size to the size of Trusted SRAM
minus the first 4KB of shared memory.
Loading BL31 at 0x0402_0000 as it is currently stated in
'\docs\plat\arm\fvp\index.rst' causes EL3 exception when the
image size gets increased (i.e. building with LOG_LEVEL=50)
but doesn't exceed 0x3B000 not causing build error.
Change-Id: Ie450baaf247f1577112f8d143b24e76c39d33e91
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch:
- Add the __COHERENT_RAM_START__ and __COHERENT_RAM_END__ symbols.
- Improve how the symbols are found with a regex.
- Add a build option to revert the memory layout output.
Change-Id: I54ec660261431bc98d78acb0f80e3d95bc5397ac
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
This patch adds information on the PMU configuration registers
and security considerations related to the PMU.
Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>
Change-Id: I36b15060b9830a77d3f47f293c0a6dafa3c581fb
At the moment, address demangling is only used by the backtrace
functionality. However, at some point, other parts of the TF-A
codebase may want to use it.
The 'demangle_address' function is replaced with a single XPACI
instruction which is also added in 'do_crash_reporting()'.
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Change-Id: I4424dcd54d5bf0a5f9b2a0a84c4e565eec7329ec
Introduce macro 'CSS_SGI_CHIP_COUNT' to allow Arm CSS platforms with
multi-chip support to define number of chiplets on the platform. By
default, this flag is set to 1 and does not affect the existing single
chip platforms.
For multi-chip platforms, override the default value of
CSS_SGI_CHIP_COUNT with the number of chiplets supported on the
platform. As an example, the command below sets the number of chiplets
to two on the RD-N1-Edge multi-chip platform:
export CROSS_COMPILE=<path-to-cross-compiler>
make PLAT=rdn1edge CSS_SGI_CHIP_COUNT=2 ARCH=aarch64 all
Change-Id: If364dc36bd34b30cc356f74b3e97633933e6c8ee
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Use the firmware configuration framework to store the io_policies
information inside the configuration device tree instead of the static
structure in the code base.
The io_policies required by BL1 can't be inside the dtb, as this one is
loaded by BL1, and only available at BL2.
This change currently only applies to FVP platform.
Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Enables usage of ARM_ROTPK_LOCATION=regs for FVP board.
Removes hard-coded developer keys. Instead, setting
ARM_ROTPK_LOCATION=devel_* takes keys from default directory.
In case of ROT_KEY specified - generates a new hash and replaces the
original.
Note: Juno board was tested by original feature author and was not tested
for this patch since we don't have access to the private key. Juno
implementation was moved to board-specific file without changing
functionality. It is not known whether byte-swapping is still needed
for this platform.
Change-Id: I0fdbaca0415cdcd78f3a388551c2e478c01ed986
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
This patch expands the coding style documentation, splitting it
into two documents: the core style rules and extended guidelines.
Note that it does not redefine or change the coding style (aside
from section 4.6.2) - generally, it is only documenting the
existing style in more detail.
The aim is for the coding style to be more readable and, in turn,
for it to be followed by more people. We can use this as a more
concrete reference when discussing the accepted style with external
contributors.
Change-Id: I87405ace9a879d7f81e6b0b91b93ca69535e50ff
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>
BL2 is unconditionally setting 0 (OPTEE_AARCH64) in arg0 even when the
BL32 image is 32bit (OPTEE_AARCH32). This is causing the boot to hang
when ATOS (32bit Amlogic BL32 binary-only TEE OS) is used.
Since we are not aware of any Amlogic platform shipping a 64bit version
of ATOS we can hardcode OPTEE_AARCH32 / MODE_RW_32 when using ATOS.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Iaea47cf6dc48bf8a646056761f02fb81b41c78a3
Introduce the preliminary support for the Amlogic A113D (AXG) SoC.
This port is a minimal implementation of BL31 capable of booting
mainline U-Boot, Linux and chainloading BL32 (ATOS).
Tested on a A113D board.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ic4548fa2f7c48d61b485b2a6517ec36c53c20809
Since Sphinx 2.3.0 backquotes are replaced to \textasciigrave{} during
building latexpdf. Using this element in a \sphinxhref{} breaks the
build. In order to avoid this error backquotes must not be used in
external hyperlinks.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: Ie3cf454427e3d5a7b7f9829b42be45aebda7f0dd
The current URL for QEMU_EFI.fd is not found. Update the link to
point to the new one.
If you run the shell command as instructed, you will see this error:
qemu-system-aarch64: keep_bootcon: Could not open 'keep_bootcon': No such file or directory
The part "console=ttyAMA0,38400 keep_bootcon root=/dev/vda2" is the
kernel parameter, so it must be quoted.
As of writing, QEMU v4.2.0 is the latest, but it does not work for
TF-A (It has been fixed in the mainline.) QEMU v4.1.0 works fine.
With those issues addressed, I succeeded in booting the latest kernel.
Tested with QEMU v4.1.0 and Linux 5.5 (defconfig with no modification).
Update the tested versions.
Change-Id: Ic85db0e688d67b1803ff890047d37de3f3db2daa
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Allows to select the chain of trust to use when the Trusted Boot feature
is enabled. This affects both the cert_create tool and the firmware
itself.
Right now, the only available CoT is TBBR.
Change-Id: I7ab54e66508a1416cb3fcd3dfb0f055696763b3d
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Command to build HTML-formatted pages from docs:
make doc
Change-Id: I4103c804b3564fe67d8fc5a3373679daabf3f2e9
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This patch adds 'calc_hash' function using Mbed TLS library
required for Measured Boot support.
Change-Id: Ifc5aee0162d04db58ec6391e0726a526f29a52bb
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
CPUECTLR_EL1.EXTLLC bit indicates the presense of internal or external
last level cache(LLC) in the system, the reset value is internal LLC.
To cater for the platforms(like N1SDP) which has external LLC present
introduce a new build option 'NEOVERSE_N1_EXTERNAL_LLC' which can be
enabled by platform port.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ibf475fcd6fd44401897a71600f4eafe989921363
This implementation simply mimics that of BL31.
Change-Id: Ibbaa4ca012d38ac211c52b0b3e97449947160e07
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This implementation simply mimics that of BL31.
I did not implement the ENABLE_PIE support for BL2_IN_XIP_MEM=1 case.
It would make the linker script a bit uglier.
Change-Id: If3215abd99f2758dfb232e44b50320d04eba808b
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This lets the Linux kernel or any other image which expects an FDT in x0 be
loaded directly as BL33 without a separate bootloader on QEMU.
Signed-off-by: Andrew Walbran <qwandor@google.com>
Change-Id: Ia8eb4710a3d97cdd877af3b8aae36a2de7cfc654
Out of two possible implementation of Secure Partition Manager(SPM)
currently only Management mode (MM) design is supported and the support
for SPM based on SPCI Alpha 1 prototype has been removed.
Earlier both implementation used common build flag "ENABLE_SPM" but it
has since been decoupled and MM uses a separate build FLAG "SPM_MM".
Instructions to build it for FVP was still using "ENABLE_SPM", which has
beend corrected in this patch.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I505b98173d6051816436aa602ced6dbec4efc776
Parse the parameter structure the PLM populates, to populate the
bl32 and bl33 image structures.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I317072d1086f6cc6f90883c1b8b6d086ff57b443
* changes:
plat: xilinx: Move pm_client.h to common directory
plat: xilinx: versal: Make silicon default build target
xilinx: versal: Wire silicon default setup
versal: Increase OCM memory size for DEBUG builds
plat: xilinx: versal: Dont set IOU switch clock
arm64: versal: Adjust cpu clock for versal virtual
xilinx: versal: Add support for PM_GET_OPERATING_CHARACTERISTIC EEMI call
plat: versal: Add Get_ChipID API
plat: xilinx: versal: Add load Pdi API support
xilinx: versal: Add feature check API
xilinx: versal: Implement set wakeup source for client
plat: xilinx: versal: Add GET_CALLBACK_DATA function
xilinx: versal: Add PSCI APIs for system shutdown & reset
xilinx: versal: Add PSCI APIs for suspend/resume
xilinx: versal: Remove no_pmc ops to ON power domain
xilinx: versal: Add set wakeup source API
xilinx: versal: Add client wakeup API
xilinx: versal: Add query data API
xilinx: versal: Add request wakeup API
xilinx: versal: Add PM_INIT_FINALIZE API for versal
xilinx: versal: Add support of PM_GET_TRUSTZONE_VERSION API
xilinx: versal: enable ipi mailbox service
xilinx: move ipi mailbox svc to xilinx common
plat: xilinx: versal: Implement PM IOCTL API
xilinx: versal: Implement power down/restart related EEMI API
xilinx: versal: Add SMC handler for EEMI API
xilinx: versal: Implement PLL related PM APIs
xilinx: versal: Implement clock related PM APIs
xilinx: versal: Implement pin control related PM APIs
xilinx: versal: Implement reset related PM APIs
xilinx: versal: Implement device related PM APIs
xilinx: versal: Add support for suspend related APIs
xilinx: versal: Add get_api_version support
xilinx: Add support to send PM API to PMC using IPI for versal
plat: xilinx: versal: Move versal_def.h to include directory
plat: xilinx: versal: Move versal_private.h to include directory
plat: xilinx: zynqmp: Use GIC framework for warm restart
Add new flags for storage support that must be used in the build
command line. Add the complete build steps for an OP-TEE configuration.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I0c682f6eb0aab83aa929f4ba734d3151c264aeed
The LLVM linker replaces the GNU linker as default for the link on Clang
builds. It is possible to override the default linker by setting the LD build
flag.
The patch also updates the TF-A doc.
Change-Id: Ic08552b9994d4fa8f0d4863e67a2726c1dce2e35
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
This patch makes default build target as silicon instead of QEMU.
The default can be overwritten by specifying it through build flag
VERSAL_PLATFORM.
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Jolly Shah <jolly.shah@xilinx.com>
Change-Id: Ia4cb1df1f206db3e514e8ce969acca875e973ace
It's in fact mandatory. Seen with RPi firmware 1.20190925.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Change-Id: I80739b74f25817294adc52cfd26a3ec59c06f892
This toolchain provides multiple cross compilers and are publicly
available on developer.arm.com
We build TF-A in CI using:
AArch32 bare-metal target (arm-none-eabi)
AArch64 ELF bare-metal target (aarch64-none-elf)
Change-Id: I910200174d5bad985504d1af4a1ae5819b524003
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
NOTE for platform integrators:
API `plat_psci_stat_get_residency()` third argument
`last_cpu_idx` is changed from "signed int" to the
"unsigned int" type.
Issue / Trouble points
1. cpu_idx is used as mix of `unsigned int` and `signed int` in code
with typecasting at some places leading to coverity issues.
2. Underlying platform API's return cpu_idx as `unsigned int`
and comparison is performed with platform specific defines
`PLAFORM_xxx` which is not consistent
Misra Rule 10.4:
The value of a complex expression of integer type may only be cast to
a type that is narrower and of the same signedness as the underlying
type of the expression.
Based on above points, cpu_idx is kept as `unsigned int` to match
the API's and low-level functions and platform defines are updated
where ever required
Signed-off-by: Deepika Bhavnani <deepika.bhavnani@arm.com>
Change-Id: Ib26fd16e420c35527204b126b9b91e8babcc3a5c
Creating a Change Log Template for ALL to update with relevant
new features, changes, fixes and known issues for each upcoming
release of Trusted Firmware-A.
The contents of this file should be added to the collective change log
at the time of release code freeze.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Idfbdcef0d40b10312dc88b6e1cbe31856fda887e
Some platforms are extremely memory constrained and must split BL31
between multiple non-contiguous areas in SRAM. Allow the NOBITS
sections (.bss, stacks, page tables, and coherent memory) to be placed
in a separate region of RAM from the loaded firmware image.
Because the NOBITS region may be at a lower address than the rest of
BL31, __RW_{START,END}__ and __BL31_{START,END}__ cannot include this
region, or el3_entrypoint_common would attempt to invalidate the dcache
for the entire address space. New symbols __NOBITS_{START,END}__ are
added when SEPARATE_NOBITS_REGION is enabled, and the dcached for the
NOBITS region is invalidated separately.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: Idedfec5e4dbee77e94f2fdd356e6ae6f4dc79d37
Erratum 1688305 is a Cat B erratum present in r0p0, r0p1 versions
of Hercules core. The erratum can be avoided by setting bit 1 of the
implementation defined register CPUACTLR2_EL1 to 1 to prevent store-
release from being dispatched before it is the oldest.
Change-Id: I2ac04f5d9423868b6cdd4ceb3d0ffa46e570efed
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Before adding any new SPM-related components we should first do
some cleanup around the existing SPM-MM implementation. The aim
is to make sure that any SPM-MM components have names that clearly
indicate that they are MM-related. Otherwise, when adding new SPM
code, it could quickly become confusing as it would be unclear to
which component the code belongs.
The secure_partition.h header is a clear example of this, as the
name is generic so it could easily apply to any SPM-related code,
when it is in fact SPM-MM specific.
This patch renames the file and the two structures defined within
it, and then modifies any references in files that use the header.
Change-Id: I44bd95fab774c358178b3e81262a16da500fda26
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The Secure Partition Manager (SPM) prototype implementation is
being removed. This is preparatory work for putting in place a
dispatcher component that, in turn, enables partition managers
at S-EL2 / S-EL1.
This patch removes:
- The core service files (std_svc/spm)
- The Resource Descriptor headers (include/services)
- SPRT protocol support and service definitions
- SPCI protocol support and service definitions
Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
There are two different implementations of Secure Partition
management in TF-A. One is based on the "Management Mode" (MM)
design, the other is based on the Secure Partition Client Interface
(SPCI) specification. Currently there is a dependency between their
build flags that shouldn't exist, making further development
harder than it should be. This patch removes that
dependency, making the two flags function independently.
Before: ENABLE_SPM=1 is required for using either implementation.
By default, the SPCI-based implementation is enabled and
this is overridden if SPM_MM=1.
After: ENABLE_SPM=1 enables the SPCI-based implementation.
SPM_MM=1 enables the MM-based implementation.
The two build flags are mutually exclusive.
Note that the name of the ENABLE_SPM flag remains a bit
ambiguous - this will be improved in a subsequent patch. For this
patch the intention was to leave the name as-is so that it is
easier to track the changes that were made.
Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Provide an SMC interface to the 9p filesystem. This permits
accessing firmware drivers through a common interface, using
standardized read/write/control operations.
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I9314662314bb060f6bc02714476574da158b2a7d
Sphinx was showing the following warning message:
docs/getting_started/build-options.rst:200: WARNING: Bullet list ends
without a blank line; unexpected unindent.
Change-Id: Iad5d49c1e0d25dd623ad15bce1af31babf860c03
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-Wpadded warns whenever the C compiler automatically includes any
padding in a structure. Because TF-A has a large number of structures,
this occurs fairly frequently and is incredibly verbose, and as such is
unlikely to ever be fixed.
The utility of this warning is also extremely limited - knowing that a
structure includes padding does not point to the existence of an error,
and is probably quite unlikely to indicate actually buggy behaviour.
Therefore, it's probably best to keep this warning off at all times.
Change-Id: I0797cb75f06b4fea0d2fdc16fd5ad978a31d76ec
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Add the support needed to enable using CryptoCell integration with
with RSA 3K support.
Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com>
Change-Id: I95527cb0c41ae012109e8968dd20a4ae9fe67f17
This patch adds the Tegra194 SoC information to the nvidia-tegra.rst
file.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Id649a5ff1b3f70eeee34b508edb7965e7b7a2454
This patch enables LTO for TF-A when compiled with GCC.
LTO is disabled by default and is enabled by
ENABLE_LTO=1 build option.
LTO is enabled only for aarch64 as there seem to be
a bug in the aarch32 compiler when LTO is enabled.
The changes in the makefiles include:
- Adding -flto and associated flags to enable LTO.
- Using gcc as a wrapper at link time instead of ld.
This is recommended when using LTO as gcc internally
takes care of invoking the necessary plugins for LTO.
- Adding switches to pass options to ld.
- Adding a flag to disable fix for erratum cortex-a53-843419
unless explicitly enabled. This is needed because GCC
seem to automatically add the erratum fix when used
as a wrapper for LD.
Additionally, this patch updates the TF-A user guide with
the new build option.
Signed-off-by: zelalem-aweke <zelalem.aweke@arm.com>
Change-Id: I1188c11974da98434b7dc9344e058cd1eacf5468
The User Guide document has grown organically over time and
now covers a wide range of topics, making it difficult to
skim read and extract information from. Currently, it covers
these topics and maybe a couple more:
- Requirements (hardware, tools, libs)
- Checking out the repo
- Basic build instructions
- A comprehensive list of build flags
- FIP packaging
- Building specifically for Juno
- Firmware update images
- EL3 payloads
- Preloaded BL33 boot flow
- Running on FVPs
- Running on Juno
I have separated these out into a few groups that become new
documents. Broadly speaking, build instructions for the tools,
for TF-A generally, and for specific scenarios are separated.
Content relating to specific platforms (Juno and the FVPs are
Arm-specific platforms, essentially) has been moved into the
documentation that is specific to those platforms, under
docs/plat/arm.
Change-Id: Ica87c52d8cd4f577332be0b0738998ea3ba3bbec
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
From AArch64 state, arguments are passed in registers W0-W7(X0-X7)
and results are returned in W0-W7(X0-X7) for SMC32(SMC64) calls.
From AArch32 state, arguments are passed in registers R0-R7 and
results are returned in registers R0-R7 for SMC32 calls.
Most of the functions and macros already existed to support using
upto 8 registers for passing/returning parameters/results. Added
few helper macros for SMC calls from AArch32 state.
Link to the specification:
https://developer.arm.com/docs/den0028/c
Change-Id: I87976b42454dc3fc45c8343e9640aa78210e9741
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Both -Wmissing-field-initializers and -Wsign-compare are both covered by
-Wextra which is enabled at W=1 anyway. Therefore, the explicit options
are not required.
Change-Id: I2e7d95b5fc14af7c70895859a7ebbeac5bc0d2a4
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Complete the Library at ROM documentation with information regarding
the memory impact of the feature.
Change-Id: I5a10620a8e94f123021bb19523a36d558b330deb
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Some of the plantuml diagrams in the I/O storage abstraction layer
documentation are absent from the rendered version of the porting
guide. The build log (see [1] for example) reports a syntax error in
these files. This is due to the usage of the 'order' keyword on the
participants list, which does not seem to be supported by the version
of plantuml installed on the ReadTheDocs server.
Fix these syntax errors by removing the 'order' keyword altogether. We
simply rely on the participants being declared in the desired order,
which will be the order of display, according to the plantuml
documentation.
[1] https://readthedocs.org/api/v2/build/9870345.txt
Change-Id: Ife35c74cb2f1dac28bda07df395244639a8d6a2b
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
A small set of misc changes to ensure correctness before the v2.2
release tagging.
Change-Id: I888840b9483ea1a1633d204fbbc0f9594072101e
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Removed deprecated interfaces that have been removed from the TF-A
project, updated the deprecated list with new deprecations for v2.2
Release, added upcoming release information, remove mentions of PR from
github.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Change-Id: I2b59d351cde9860ad0dcb6520a8bd2827ad403cf
Giving a bit more background information about the issue tracker
and mailing lists.
Change-Id: I68921d54e3113d348f1e16c685f74d32df2ca19f
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The list of upstream platforms on the index page is growing
quite long, especially with all the FVP variants being listed
individually.
This patch leverages the "Platform Ports" chapter in the docs
table of contents to condense this information. Almost all
platform ports now have documentation, so the table of
contents serves as the list of upstream platforms by itself.
For those upstream platforms that do not have corresponding
documentation, the top-level "Platform Ports" page mentions
them individually. It also mentions each Arm FVP, just as
the index page did before.
Note that there is an in-progress patch that creates new
platform port documentation for the Arm Juno and Arm FVP
platforms, so this list of "other platforms" will soon be
reduced further as those platforms become part of the
table of contents as well.
Change-Id: I6b1eab8cba71a599d85a6e22553a34b07f213268
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The index.rst page is now the primary landing page for the TF-A
documentation. It contains quite a lot of content these days,
including:
- The project purpose and general intro
- A list of functionality
- A list of planned functionality
- A list of supported platforms
- "Getting started" links to other documents
- Contact information for raising issues
This patch creates an "About" chapter in the table
of contents and moves some content there. In order,
the above listed content:
- Stayed where it is. This is the right place for it.
- Moved to About->Features
- Moved to About->Features (in subsection)
- Stayed where it is. Moved in a later patch.
- Was expanded in-place
- Moved to About->Contact
Change-Id: I254bb87560fd09140b9e485cf15246892aa45943
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
We would need to update this version for the release but, in fact,
it is not required for our publishing workflow; the hosted version
of the docs uses git commit/tag information in place of these
variables anyway.
Instead of updating the version, just remove these variables
entirely.
Change-Id: I424c4e45786e87604e91c7197b7983579afe4806
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
User guide:
1. Remove obsolete note saying only FVP is supported with AArch32
2. Switch compiler for Juno AArch32 to arm-eabi
3. Mention SOFTWARE folder in Juno Linaro release
Index.rst:
1. Switch default FVP model to Version 11.6 Build 45
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: Ib47a2ea314e2b8394a20189bf91796de0e17de53
The version of the Linaro release that is used for testing was
updated in 35010bb8 and the user guide was updated with the
correct version, however the version is also mentioned on the
index page and that was missed. Update the index page with the
new version.
We can come back and de-duplicate this content later, to ease
future maintenance.
Change-Id: I3fe83d7a1c59ab8d3ce2b18bcc23e16c93f7af97
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Tidying up a few Sphinx warnings that had built-up over time.
None of these are critical but it cleans up the Sphinx output.
At the same time, fixing some spelling errors that were detected.
Change-Id: I38209e235481eed287f8008c6de9dedd6b12ab2e
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
This new page contains instructions for doing a local
build of the documentation, plus information on the environment
setup that needs to be done beforehand.
Change-Id: If563145ab40639cabbe25d0f62759981a33692c6
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The readme.rst and license.rst files in the project root overlap
with the index.rst and license.rst files in the docs/ folder. We
need to use the latter when building the documentation, as Sphinx
requires all included files to be under a common root. However,
the files in the root are currently used by the cgit and Github
viewers.
Using symlinks in Git presents some difficulties so the best
course of action is likely to leave these files but in stub form.
The license.rst file in the root will simply tell the reader to
refer to docs/license.rst.
The readme.rst file will contain a small amount of content that
is derived from the docs/index.rst file, so that the Github main
page will have something valid to show, but it will also contain
a link to the full documentation on ReadTheDocs.
Change-Id: I6dc46f08777e8d7ecb32ca7afc07a28486c9f77a
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Currently links between documents are using the format:
<path/to/><filename>.rst
This was required for services like GitHub because they render each
document in isolation - linking to another document is like linking
to any other file, just provide the full path.
However, with the new approach, the .rst files are only the raw
source for the documents. Once the documents have been rendered
the output is now in another format (HTML in our case) and so,
when linking to another document, the link must point to the
rendered version and not the .rst file.
The RST spec provides a few methods for linking between content.
The parent of this patch enabled the automatic creation of anchors
for document titles - we will use these anchors as the targets for
our links. Additional anchors can be added by hand if needed, on
section and sub-section titles, for example.
An example of this new format, for a document with the title
"Firmware Design" is :ref:`Firmware Design`.
One big advantage of this is that anchors are not dependent on
paths. We can then move documents around, even between directories,
without breaking any links between documents. Links will need to be
updated only if the title of a document changes.
Change-Id: I9e2340a61dd424cbd8fd1ecc2dc166f460d81703
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Add meson-g12a, qemu-sbsa and rpi4 to the documentation index so
that they will have their docs rendered and integrated into the
table of contents.
Change-Id: Id972bf2fee67312dd7bff29f92bea67842e62431
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Coherent I-cache is causing a prefetch violation where when the core
executes an instruction that has recently been modified, the core might
fetch a stale instruction which violates the ordering of instruction
fetches.
The workaround includes an instruction sequence to implementation
defined registers to trap all EL0 IC IVAU instructions to EL3 and a trap
handler to execute a TLB inner-shareable invalidation to an arbitrary
address followed by a DSB.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ic3b7cbb11cf2eaf9005523ef5578a372593ae4d6
Make the spinlock implementation use ARMv8.1-LSE CAS instruction based
on a platform build option. The CAS-based implementation used to be
unconditionally selected for all ARM8.1+ platforms.
The previous CAS spinlock implementation had a bug wherein the spin_unlock()
implementation had an `sev` after `stlr` which is not sufficient. A dsb is
needed to ensure that the stlr completes prior to the sev. Having a dsb is
heavyweight and a better solution would be to use load exclusive semantics
to monitor the lock and wake up from wfe when a store happens to the lock.
The patch implements the same.
Change-Id: I5283ce4a889376e4cc01d1b9d09afa8229a2e522
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
This patch introduces Qemu SBSA platform.
Both platform specific files where copied from qemu/qemu with changes for
DRAM base above 32bit and removal of ARMv7 conditional defines/code.
Documentation is aligned to rest of SBSA patches along the series and
planed changes in edk2-platform repo.
FixesARM-software/tf-issues#602
Signed-off-by: Radoslaw Biernacki <radoslaw.biernacki@linaro.org>
Change-Id: I8ebc34eedb2268365e479ef05654b2df1b99128c
- Updated Linaro release version number to 19.06
- Updated links to Linaro instructions and releases
- Removed the Linaro old releases link
Signed-off-by: zelalem-aweke <zelalem.aweke@arm.com>
Change-Id: Ib786728106961e89182b42183e7b889f6fc74190
* changes:
amlogic: g12a: Add support for the S905X2 (G12A) platform
amlogic: makefile: Use PLAT variable when possible
amlogic: sha_dma: Move register mappings to platform header
* changes:
rpi4: Add initial documentation file
rpi4: Add stdout-path to device tree
rpi4: Add GIC maintenance interrupt to GIC DT node
rpi4: Cleanup memory regions, move pens to first page
rpi4: Reserve resident BL31 region from non-secure world
rpi4: Amend DTB to advertise PSCI
rpi4: Determine BL33 entry point at runtime
rpi4: Accommodate "armstub8.bin" header at the beginning of BL31 image
Add basic support for Raspberry Pi 4
rpi3: Allow runtime determination of UART base clock rate
FDT helper functions: Respect architecture in PSCI function IDs
FDT helper functions: Add function documentation
* changes:
Migrate ARM platforms to use the new GICv3 API
Adding new optional PSCI hook pwr_domain_on_finish_late
GICv3: Enable multi socket GIC redistributor frame discovery
Introduce the preliminary support for the Amlogic S905X2 (G12A) SoC.
This port is a minimal implementation of BL31 capable of booting
mainline U-Boot and Linux. Tested on a SEI510 board.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ife958f10e815a4530292c45446adb71239f3367f
This PSCI hook is similar to pwr_domain_on_finish but is
guaranteed to be invoked with the respective core and cluster are
participating in coherency. This will be necessary to safely invoke
the new GICv3 API which modifies shared GIC data structures concurrently.
Change-Id: I8e54f05c9d4ef5712184c9c18ba45ac97a29eb7a
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This patch:
- Adds any leftover platform ports that were not having their
documentation built (not in the index.rst table of contents)
- Corrects a handful of RST formatting errors that cause poor
rendering
- Reorders the list of platforms so that they are displayed
in alphabetical order
Change-Id: If8c135a822d581c3c5c4fca2936d501ccfd2e94c
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
As the Raspberry Pi4 port is now in a usable state, add the build
instructions together with some background information to the
documentation directory.
The port differs quite a bit from the Raspberry Pi 3, so we use a
separate file for that.
Change-Id: I7d9f5967fdf3ec3bfe97d78141f59cbcf03388d4
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The documentation for Marvell platforms was not included in the
rendered document output until now because, while it was mostly
valid RST format, the files were saved with a .txt extension.
This patch corrects some RST formatting errors, creates a document
tree (index page) for the Marvell documents, and adds the Marvell
subtree to the main index.
Change-Id: Id7d4ac37eded636f8f62322a153e1e5f652ff51a
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The block size of some storage device is 4096-byte long, such as UFS. But
PARTITION_BLOCK_SIZE is defined as 512-byte long. So replace it by
PLAT_PARTITION_BLOCK_SIZE. Make it configurable in platform.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Change-Id: Iada05f7c646d0a0f2c0d3b8545540b3cb7153de3
This patch provides the following features and makes modifications
listed below:
- Individual APIAKey key generation for each CPU.
- New key generation on every BL31 warm boot and TSP CPU On event.
- Per-CPU storage of APIAKey added in percpu_data[]
of cpu_data structure.
- `plat_init_apiakey()` function replaced with `plat_init_apkey()`
which returns 128-bit value and uses Generic timer physical counter
value to increase the randomness of the generated key.
The new function can be used for generation of all ARMv8.3-PAuth keys
- ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`.
- New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions
generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively;
pauth_disable_el1()` and `pauth_disable_el3()` functions disable
PAuth for EL1 and EL3 respectively;
`pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from
cpu-data structure.
- Combined `save_gp_pauth_registers()` function replaces calls to
`save_gp_registers()` and `pauth_context_save()`;
`restore_gp_pauth_registers()` replaces `pauth_context_restore()`
and `restore_gp_registers()` calls.
- `restore_gp_registers_eret()` function removed with corresponding
code placed in `el3_exit()`.
- Fixed the issue when `pauth_t pauth_ctx` structure allocated space
for 12 uint64_t PAuth registers instead of 10 by removal of macro
CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h`
and assigning its value to CTX_PAUTH_REGS_END.
- Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions
in `msr spsel` instruction instead of hard-coded values.
- Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI.
Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
* changes:
Remove RSA PKCS#1 v1.5 support from cert_tool
Add documentation for new KEY_SIZE option
Add cert_create tool support for RSA key sizes
Support larger RSA key sizes when using MBEDTLS
Support for PKCS#1 v1.5 was deprecated in SHA 1001202 and fully removed
in SHA fe199e3, however, cert_tool is still able to generate
certificates in that form. This patch fully removes the ability for
cert_tool to generate these certificates.
Additionally, this patch also fixes a bug where the issuing certificate
was a RSA and the issued certificate was EcDSA. In this case, the issued
certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per
PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now
that PKCS#1 v1.5 support is removed, all certificates that are signed
with RSA now use the more modern padding scheme.
Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
This patch adds documentation for the new KEY_SIZE build option that is
exposed by cert_create, and instructions on how to use it.
Change-Id: I09b9b052bfdeeaca837e0f0026e2b01144f2472c
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Some of the platform (ie. Agilex) make use of CCU IPs which will only be
initialized during bl2_el3_early_platform_setup. Any operation to the
cache beforehand will crash the platform. Hence, this will provide an
option to skip the data cache invalidation upon bl2 entry at EL3
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I2c924ed0589a72d0034714c31be8fe57237d1f06
* changes:
amlogic: Fix includes order
amlogic: Fix header guards
amlogic: Fix prefixes in the SoC specific files
amlogic: Fix prefixes in the PM code
amlogic: Fix prefixes in the SCPI related code
amlogic: Fix prefixes in the MHU code
amlogic: Fix prefixes in the SIP/SVC code
amlogic: Fix prefixes in the thermal driver
amlogic: Fix prefixes in the private header file
amlogic: Fix prefixes in the efuse driver
amlogic: Fix prefixes in the platform macros file
amlogic: Fix prefixes in the helpers file
amlogic: Rework Makefiles
amlogic: Move the SIP SVC code to common directory
amlogic: Move topology file to common directory
amlogic: Move thermal code to common directory
amlogic: Move MHU code to common directory
amlogic: Move efuse code to common directory
amlogic: Move platform macros assembly file to common directory
amlogic: Introduce unified private header file
amlogic: Move SCPI code to common directory
amlogic: Move the SHA256 DMA driver to common directory
amlogic: Move assembly helpers to common directory
amlogic: Introduce directory parameters in the makefiles
meson: Rename platform directory to amlogic
This patch adds support for the Undefined Behaviour sanitizer. There are
two types of support offered - minimalistic trapping support which
essentially immediately crashes on undefined behaviour and full support
with full debug messages.
The full support relies on ubsan.c which has been adapted from code used
by OPTEE.
Change-Id: I417c810f4fc43dcb56db6a6a555bfd0b38440727
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
A new build flag, CTX_INCLUDE_MTE_REGS, has been added; this patch adds
documentation for it in the User Guide along with instructions of what
different values mean.
Change-Id: I430a9c6ced06b1b6be317edbeff4f5530e30f63a
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Meson is the internal code name for the SoC family. The correct name for
the platform should be Amlogic. Change the name of the platform
directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Icc140e1ea137f12117acbf64c7dcb1a8b66b345d
At the time of writting, GCC 8.3-2019.03 is the latest version available
on developer.arm.com.
Switch to bare-metal toolchain (arm-eabi-) for AArch32. This allows to
have a finer control on the use of floating-point and SIMD instructions.
Change-Id: I4438401405eae1e5f6d531b0162e8fa06f69135e
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
The features of the previously existing gentbl, genvar and genwrappers
scripts were reimplemented in the romlib_generator.py Python script.
This resulted in more readable and maintainable code and the script
introduces additional features that help dependency handling in
makefiles. The assembly templates were separated from the script logic
and were collected in the 'templates' directory.
The targets and their dependencies were reorganized in the makefile and
the dependency handling of included index files is possible now.
Incremental build is available in case of modifying the index files.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I79f65fab9dc5c70d1f6fc8f57b2a3009bf842dc5
Add uml sequence and class diagram to illustrate the behavior of the
storage abstraction layer.
Change-Id: I338262729f8034cc3d3eea1d0ce19cca973a91bb
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Currently we have some pre-rendered versions of certain diagrams
in SVG format. These diagrams have corresponding PlantUML source
that can be rendered automatically as part of the documentation
build, removing the need for any intermediate files.
This patch adds the Sphinx "plantuml" extension, replaces
references to the pre-rendered SVG files within the documents,
and finally removes the SVG files and helper script.
New requirements for building the docs are the
"sphinxcontrib-plantuml" Python module (added to the pip
requirements.txt file) and the Graphviz package (provides the
"dot" binary) which is in the Ubuntu package repositories.
Change-Id: I24b52ee40ff79676212ed7cff350294945f1b50d
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The project has been renamed from "Arm Trusted Firmware (ATF)" to
"Trusted Firmware-A (TF-A)" long ago. A few references to the old
project name that still remained in various places have now been
removed.
This change doesn't affect any platform files. Any "ATF" references
inside platform files, still remain.
Change-Id: Id97895faa5b1845e851d4d50f5750de7a55bf99e
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
px30 is a Quad-core soc and Cortex-a53 inside.
This patch supports the following functions:
1. basic platform setup
2. power up/off cpus
3. suspend/resume cpus
4. suspend/resume system
5. reset system
6. power off system
Change-Id: I73d55aa978096c078242be921abe0ddca9e8f67e
Signed-off-by: XiaoDong Huang <derrick.huang@rock-chips.com>
Neoverse N1 erratum 1275112 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR_EL1 system register, which delays instruction fetch after
branch misprediction.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: If7fe55fe92e656fa6aea12327ab297f2e6119833
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Neoverse N1 erratum 1262888 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUECTLR_EL1 system register, which disables the MMU hardware prefetcher.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: Ib733d748e32a7ea6a2783f3d5a9c5e13eee01105
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Neoverse N1 erratum 1262606 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR_EL1 system register, which delays instruction fetch after
branch misprediction.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: Idd980e9d5310232d38f0ce272862e1fb0f02ce9a
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Neoverse N1 erratum 1257314 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR3_EL1 system register, which prevents parallel
execution of divide and square root instructions.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: I54f0f40ff9043efee40d51e796b92ed85b394cbb
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Neoverse N1 erratum 1220197 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set two bits in the implementation defined
CPUECTLR_EL1 system register, which disables write streaming to the L2.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: I9c3373f1b6d67d21ee71b2b80aec5e96826818e8
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Neoverse N1 erratum 1207823 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR2_EL1 system register.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: Ia932337821f1ef0d644db3612480462a8d924d21
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Neoverse N1 erratum 1165347 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set two bits in the implementation defined
CPUACTLR2_EL1 system register.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: I163d0ea00578245c1323d2340314cdc3088c450d
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Neoverse N1 erratum 1130799 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR2_EL1 system register.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: I252bc45f9733443ba0503fefe62f50fdea61da6d
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Neoverse N1 erratum 1073348 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR_EL1 system register, which disables static prediction.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: I674126c0af6e068eecb379a190bcf7c75dcbca8e
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Credit to sam.ellis@arm.com for the input to create the list.
Change-Id: Id70a8eddc5f2490811bebb278482c61950f10cce
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
U-Boot should be compiled with stm32mp15_trusted_defconfig which is
supported since tag v2019.07-rc1 with commit [1].
The creation of the U-Boot binary with stm32 header is done at U-Boot
compilation step, it is no more required to call the extra command.
[1] https://git.denx.de/?p=u-boot.git;a=commit;h=015289580f81
Change-Id: Ia875c22184785fc2e02ad07993a649069cd5ce34
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Reference security specific build options from the user guide.
Change-Id: I0e1efbf47d914cf3c473104175c702ff1a80eb67
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Also sort alphabetically the links at the bottom, a couple of them were
not sorted.
Change-Id: I49a1dbe9e56a36c5fdbace8e4c8b9a5270bc2984
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
Neoverse N1 erratum 1315703 is a Cat A (rare) erratum [1], present in
older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined CPUACTLR2_EL1
system register, which will disable the load-bypass-store feature.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdocpjdoc-466751330-1032/index.html
Change-Id: I5c708dbe0efa4daa0bcb6bd9622c5efe19c03af9
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Automatic labelling of document titles is a prerequisite for
converting the format of cross-document links. Sphinx will
generate (via the enabled extension) a hidden link target for
each document title and this can be referred to later, from
another page, to link to the target.
The plugin options being used require Sphinx >= 2.0.0 so a
requirements.txt file has been added. This file is used with
the pip package manager for Python so that the correct
dependencies are installed.
Change-Id: Ic2049db5804aa4a6447608ba4299de958ce0a87d
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The workaround is added to the Cortex-A55 cpu specific file. The
workaround is disabled by default and have to be explicitly enabled by
the platform integrator.
Change-Id: I3e6fd10df6444122a8ee7d08058946ff1cc912f8
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
This patch adds the functionality needed for platforms to provide
Branch Target Identification (BTI) extension, introduced to AArch64
in Armv8.5-A by adding BTI instruction used to mark valid targets
for indirect branches. The patch sets new GP bit [50] to the stage 1
Translation Table Block and Page entries to denote guarded EL3 code
pages which will cause processor to trap instructions in protected
pages trying to perform an indirect branch to any instruction other
than BTI.
BTI feature is selected by BRANCH_PROTECTION option which supersedes
the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication
and is disabled by default. Enabling BTI requires compiler support
and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0.
The assembly macros and helpers are modified to accommodate the BTI
instruction.
This is an experimental feature.
Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3
is now made as an internal flag and BRANCH_PROTECTION flag should be
used instead to enable Pointer Authentication.
Note. USE_LIBROM=1 option is currently not supported.
Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
1) Fix links in "about" page
2) Put back the "contents" page with adjusted links
Change-Id: Id09140b91df5cf0a275149801d05d8cfeeda1c6e
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
1) Replace references to "Arm Trusted Firmware" with "TF-A"
2) Update issue tracker link
Change-Id: I12d827d49f6cc34e46936d7f7ccf44e32b26a0bd
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
The documentation contains plenty of notes and warnings. Enable
special rendering of these blocks by converting the note prefix
into a .. note:: annotation.
Change-Id: I34e26ca6bf313d335672ab6c2645741900338822
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
- Make the list of contributors into an actual list
- Use note syntax for the note
- Remove the Individuals heading since there are none
This file could be considered for removal as it is a legacy
document, as its note explains.
Change-Id: Idf984bc192af7a0ec367a6642ab99ccccf5df1a8
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Several code blocks do not specify a language for syntax
highlighting. This results in Sphinx using a default highlighter
which is Python.
This patch adds the correct language to each code block that doesn't
already specify it.
Change-Id: Icce1949aabfdc11a334a42d49edf55fa673cddc3
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
One of the current issues with the documentation is that terms and
abbreviations are frequently redefined. For example, we might have
a sentence like "... the SCP (System Control Processor) will ...".
These definitions might be repeated several times across pages, or
even within the same document. Equally, some of these abbreviations
are missed and are never expanded.
Sphinx provides a :term: keyword that takes some text and,
if that text is defined in a glossary document, links to its glossary
entry. Using this functionality will prevent repeated definitions
and will make the docs more maintainable by using a single
definition source.
The glossary added in this patch was created from a quick scrub of
the source code - there may be missing entries. The SDEI abbreviation
was used as an example.
Note that a global_substitutions file was created. This file contains
the RST 'replace' statements that convert plain text terms into linked
terms (by adding the ':term:' keyword to them). An example is:
.. |TF-A| replace:: :term:`TF-A`
The 'rst_prolog' variable in conf.py is used to inject this list of
replacements into each page. Terms must be surrounded with the pipe
character to be turned into links - this means that we can still
prevent certain terms from being linked if we don't want them to be.
Change-Id: I87010ed9cfa4a60011a9b4a431b98cb4bb7baa28
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
These are no longer needed as there will always be a table of contents
rendered to the left of every page.
Some of these lists can be quite long and, when opening a page, the
reader sees nothing but a huge list of contents! After this patch,
the document contents are front-and-centre and the contents are
nicely rendered in the sidebar without duplication.
Change-Id: I444754d548ec91d00f2b04e861de8dde8856aa62
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Required so that the advisory documents are all valid RST files (with a
header) and that they all integrate into the document tree.
Change-Id: I68ca2b0b9e648e24b460deb772c471a38518da26
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The platform port documents are not very standardised right now and
they don't integrate properly into the document tree so:
1) Make sure each port has a proper name and title (incl. owner)
2) Correct use of headings, subheadings, etc in each port
3) Resolve any naming conflicts between documents
Change-Id: I4c2da6f57172b7f2af3512e766ae9ce3b840b50f
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Required work to make all documents sit at the correct levels within
the document tree and any derived content like the table of contents
and the categories in the sidebar.
Change-Id: I4885fbe30864a87c8822ee67482b71fb46a8fbc6
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
This patch attempts to standardise the document titles as well as
adding titles to documents that were missing one. The aim is to
remove needless references to "TF-A" or "Trusted Firmware" in the
title of every document and to make sure that the title matches
with the document content.
Change-Id: I9b93ccf43b5d57e8dc793a5311b8ed7c4dd245cc
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Previously the readme.rst file served as the entrypoint for the
documentation. With a Sphinx build the top-level document is set
to be index.rst as it contains the primary document index.
This patch moves some content from readme.rst into index.rst and
splits the license information out into license.rst.
Change-Id: I5c50250b81136fe36aa9ceedaae302b44ec11e47
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
This change creates the following directories under docs/
in order to provide a grouping for the content:
- components
- design
- getting_started
- perf
- process
In each of these directories an index.rst file is created
and this serves as an index / landing page for each of the
groups when the pages are compiled. Proper layout of the
top-level table of contents relies on this directory/index
structure.
Without this patch it is possible to build the documents
correctly with Sphinx but the output looks messy because
there is no overall hierarchy.
Change-Id: I3c9f4443ec98571a56a6edf775f2c8d74d7f429f
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Add the essentials for supporting a Sphinx documentation build:
- A makefile under docs/ to invoke Sphinx with the desired output
format
- A Sphinx master configuration file (conf.py)
- A single, top-level index page (index.rst)
- The TF.org logo that is integrated in the the sidebar of the
rendered output
Change-Id: I85e67e939658638337ca7972936a354878083a25
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
1) One space was missing from the indentation and, hence, rendering error
was generated in the user guide.
2) Partially reword Pointer Authentication related info.
Change-Id: Id5e65d419ec51dd7764f24d1b96b6c9942d63ba4
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
The workarounds for errata 1257314, 1262606, 1262888 and 1275112 are
added to the Cortex-A76 cpu specific file. The workarounds are disabled
by default and have to be explicitly enabled by the platform integrator.
Change-Id: I70474927374cb67725f829d159ddde9ac4edc343
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch fixes this issue:
https://github.com/ARM-software/tf-issues/issues/660
The introduced changes are the following:
1) Some cores implement cache coherency maintenance operation on the
hardware level. For those cores, such as - but not only - the DynamIQ
cores, it is mandatory that TF-A is compiled with the
HW_ASSISTED_COHERENCY flag. If not, the core behaviour at runtime is
unpredictable. To prevent this, compile time checks have been added and
compilation errors are generated, if needed.
2) To enable this change for FVP, a logical separation has been done for
the core libraries. A system cannot contain cores of both groups, i.e.
cores that manage coherency on hardware and cores that don't do it. As
such, depending on the HW_ASSISTED_COHERENCY flag, FVP includes the
libraries only of the relevant cores.
3) The neoverse_e1.S file has been added to the FVP sources.
Change-Id: I787d15819b2add4ec0d238249e04bf0497dc12f3
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
On certain platforms it does not make sense to generate
TF-A binary images. For example a platform could make use of serveral
memory areas, which are non-continuous and the resulting binary
therefore would suffer from the padding-bytes.
Typically these platforms use the ELF image.
This patch introduces a variable DISABLE_BIN_GENERATION, which
can be set to '1' in the platform makefile to prevent the binary
generation.
Signed-off-by: Christoph Müllner <christophm30@gmail.com>
Change-Id: I62948e88bab685bb055fe6167d9660d14e604462
The current stack-protector support is for none, "strong" or "all".
The default use of the flag enables the stack-protection to all
functions that declare a character array of eight bytes or more in
length on their stack.
This option can be tuned with the --param=ssp-buffer-size=N option.
Change-Id: I11ad9568187d58de1b962b8ae04edd1dc8578fb0
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Since STM32MP1 platform supports different boards, it is necessary
to build for a particular board. With the current instructions, the
user has to modify the DTB_FILE_NAME variable in platform.mk for
building for a particular board, but this can be avoided by passing
the appropriate board DTB name via DTB_FILE_NAME make variable.
Hence document the same in platform doc.
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Change-Id: I16797e7256c7eb699a7b8846356fe430d0fe0aa1
* changes:
rockchip: document platform
rockchip: add support for rk3288
rockchip: add common aarch32 support
rockchip: rk3328: drop double declaration of entry_point storage
rockchip: Allow socs with undefined wfe check bits
rockchip: move pmusram assembler code to a aarch64 subdir
sp_min: allow inclusion of a platform-specific linker script
sp_min: make sp_min_warm_entrypoint public
drivers: ti: uart: add a aarch32 variant
This adds a rockchip.rst to docs/plat documenting the general
approach to using the Rockchip ATF platforms together with the
supported bootloaders and also adds myself as maintainer after
making sure Tony Xie is ok with that.
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Change-Id: Idce53d15eff4ac6de05bbb35d86e57ed50d0cbb9
Support booting OP-TEE as BL32 boot stage and secure runtime
service.
OP-TEE executes in internal RAM and uses a secure DDR area to store
the pager pagestore. Memory mapping and TZC are configured accordingly
prior OP-TEE boot. OP-TEE image is expected in OP-TEE v2 format where
a header file describes the effective boot images. This change
post processes header file content to get OP-TEE load addresses
and set OP-TEE boot arguments.
Change-Id: I02ef8b915e4be3e95b27029357d799d70e01cd44
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Under certain near idle conditions, DSU may miss response transfers on
the ACE master or Peripheral port, leading to deadlock. This workaround
disables high-level clock gating of the DSU to prevent this.
Change-Id: I820911d61570bacb38dd325b3519bc8d12caa14b
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Under specific conditions, the processor might issue an eviction and an
L2 cache clean operation to the interconnect in the wrong order. Set
the CPUACTLR.ENDCCASCI bit to 1 to avoid this.
Change-Id: Ide7393adeae04581fa70eb9173b742049fc3e050
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
On Cortex A9 an errata can cause the processor to violate the rules for
speculative fetches when the MMU is off but branch prediction has not
been disabled. The workaround for this is to execute an Invalidate
Entire Branch Prediction Array (BPIALL) followed by a DSB.
see:http://arminfo.emea.arm.com/help/topic/com.arm.doc.uan0009d/UAN0009_cortex_a9_errata_r4.pdf
for more details.
Change-Id: I9146c1fa7563a79f4e15b6251617b9620a587c93
Signed-off-by: Joel Hutton <Joel.Hutton@arm.com>
The implementation of the heap function plat_get_mbedtls_heap() becomes
mandatory for platforms supporting TRUSTED_BOARD_BOOT.
The shared Mbed TLS heap default weak function implementation is
converted to a helper function get_mbedtls_heap_helper() which can be
used by the platforms for their own function implementation.
Change-Id: Ic8f2994e25e3d9fcd371a21ac459fdcafe07433e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Sandrine Bailleux
Mark Dykes
Chris Kay
Madhukar Pappireddy
Balint Dobszay
Louis Mayencourt
Sumit Garg
Alexei Fedorov
Imre Kis
Manish Pandey
Varun Wadekar
Petre-Ionut Tudor
Olivier Deprez
Vijayenthiran Subramaniam
Max Shvetsov
Paul Beesley
György Szing
Carlo Caione
Masahiro Yamada
Soby Mathew
Andrew Walbran
Venkatesh Yadav Abbarapu
Lionel Debieve
Ambroise Vincent
laurenw-arm
Siva Durga Prasad Paladugu
Jan Kiszka
Deepika Bhavnani
Samuel Holland
Justin Chadwell
Gilad Ben-Yossef
zelalem-aweke
Artsem Artsemenka
Radoslaw Biernacki
Andre Przywara
Haojian Zhuang
Hadi Asyrafi
John Tsichritzis
XiaoDong Huang
Peng Donglin
Yann Gautier
kenny liang
Christoph Müllner
Manivannan Sadhasivam
Heiko Stuebner
Antonio Niño Díaz
Joel Hutton