In some use-cases BL2 will be stored in eXecute In Place (XIP) memory,
like BL1. In these use-cases, it is necessary to initialize the RW sections
in RAM, while leaving the RO sections in place. This patch enable this
use-case with a new build option, BL2_IN_XIP_MEM. For now, this option
is only supported when BL2_AT_EL3 is 1.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Only return -1 if the workaround for CVE-2017-5715 is not compiled in.
Change-Id: I1bd07c57d22b4a13cf51b35be141a1f1ffb065ff
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Switch to the new console APIs enabled by setting MULTI_CONSOLE_API=1.
The crash console doesn't use this API, it uses internally the core
functions of the 16550 console.
`bl31_plat_runtime_setup` is no longer needed. When this platform port
was introduced, that function used to disable the console. It was needed
to override that behaviour. The new behaviour is to switch to the
runtime console. The console is registered for all scopes (boot, crash
and runtime) in `rpi3_console_init` so it is not needed to override the
default behaviour anymore.
Update documentation.
Change-Id: If2ee8f91044216183b7ef142e5c05ad6220ae92f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
When the source code says 'SMCC' it is talking about the SMC Calling
Convention. The correct acronym is SMCCC. This affects a few definitions
and file names.
Some files have been renamed (smcc.h, smcc_helpers.h and smcc_macros.S)
but the old files have been kept for compatibility, they include the
new ones with an ERROR_DEPRECATED guard.
Change-Id: I78f94052a502436fdd97ca32c0fe86bd58173f2f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Following Out of Box testing for v1.5 release:
Update host OS version to Ubuntu 16.04
Clarify configuration files needed for checkpatch
Add note on using Linaro precompiled binaries
Change-Id: Ia4ae61e01128ddff1a288972ddf84b79370fa52c
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
The CI has been updated to run tests against the AEMv8-A RevC
model, FVP_Base_RevC-2xAEMv8A, which is available from the Fast
Model releases on Connected Community [1].
Additionally, the CI now also includes the Cortex-A55x4, Cortex-A75x4
and Cortex-A55x4-A75x4 Base models.
[1] https://developer.arm.com/products/system-design/fixed-virtual-platforms
Change-Id: I57806f3b2a8121211490a7aa0089dcae566d8635
Signed-off-by: David Cunado <david.cunado@arm.com>
Updated change-log.rst with summary of changes since
release v1.4.
Change-Id: I56b5a30d13a5a7099942535cbaeff0e2a5c5804e
Signed-off-by: David Cunado <david.cunado@arm.com>
Update Arm Trusted Firmware references in the upstream documents to
Trusted Firmware-A (TF-A). This is for consistency with and
disambiguation from Trusted Firmware-M (TF-M).
Also update other Arm trademarks, e.g. ARM->Arm, ARMv8->Armv8-A.
Change-Id: I8bb0e18af29c6744eeea2dc6c08f2c10b20ede22
Signed-off-by: Dan Handley <dan.handley@arm.com>
Signed-off-by: David Cunado <david.cunado@arm.com>
This patch updates the `firmware-design.rst` document for
changes in ARM-TF for supporting dynamic configuration features
as presented in `Secure Firmware BoF SFO'17`[1].
The patch also updates the user-guide for 2 build options for FVP
pertaining to dynamic config.
[1] https://www.slideshare.net/linaroorg/bof-device-tree-and-secure-firmware-bof-sfo17310
Change-Id: Ic099cf41e7f1a98718c39854e6286d884011d445
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Since non-TF ROM is used in HiKey960 platform (Hisilicon Hi3660 SoC),
replace BL1 by BL2_EL3 in normal boot mode.
When flush images in recovery mode, keep to use BL1.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Since non-TF ROM is used in HiKey platform (Hisilicon Hi6220 SoC),
replace BL1 by BL2_EL3 in normal boot mode.
When we recovery images in recovery mode, keep to use BL1.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
FVPs that model DynamIQ configuration implements all CPUs in a single
cluster. I.e., such models have a single cluster with more than 4 CPUs.
This differs from existing default build configuration for FVP where up
to 4 CPUs are assumed per cluster.
To allow building for DynamIQ configuration, promote the macro
FVP_MAX_CPUS_PER_CLUSTER as a build option to have it set from the build
command line. The value of the build option defaults to 4.
Change-Id: Idc3853bc95f680869b434b011c2dbd733e40c6ce
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
MISRA C-2012 Rule 7.3 violation: lowercase l shall not be used as literal suffixes.
This patch resolves this for the ULL() macro by using ULL suffix instead
of the ull suffix.
Change-Id: Ia8183c399e74677e676956e8653e82375d0e0a01
Signed-off-by: David Cunado <david.cunado@arm.com>
To make exception handling amongst Secure components, require that SDEI
exception priorities must be assigned the lowest among Secure
priorities. Clarify documentation to this effect.
Change-Id: I92524b7b7e9b3fa06a10c86372bc3c4dd18c00ad
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The `bl1_init_bl2_mem_layout()` API is now deprecated. The default weak
implementation of `bl1_plat_handle_post_image_load()` calculates the
BL2 memory layout and populates the same in x1(r1). This ensures
compatibility for the deprecated API.
Change-Id: Id44bdc1f572dc42ee6ceef4036b3a46803689315
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch adds an argument to bl1_plat_post/pre_image_load() APIs
to make it more future proof. The default implementation of
these are moved to `plat_bl1_common.c` file.
These APIs are now invoked appropriately in the FWU code path prior
to or post image loading by BL1 and are not restricted
to LOAD_IMAGE_V2.
The patch also reorganizes some common platform files. The previous
`plat_bl2_el3_common.c` and `platform_helpers_default.c` files are
merged into a new `plat_bl_common.c` file.
NOTE: The addition of an argument to the above mentioned platform APIs
is not expected to have a great impact because these APIs were only
recently added and are unlikely to be used.
Change-Id: I0519caaee0f774dd33638ff63a2e597ea178c453
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The Arm Trusted Firmware is built by default for ARMv8-A version 8.0.
However, the Foundation FVP runs by default in the highest version of
the architecture it supports. This causes problems when trying to run
the Arm Trusted Firmware on it.
This patch adds a note to the User Guide about this problem.
Change-Id: I0220fe1a9c66c2292149ad4a7ffe5e27ba08ab28
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
At present, the build option TSP_NS_INTR_ASYNC_PREEMPT controls how
Non-secure interrupt affects TSPs execution. When TSP is executing:
1. When TSP_NS_INTR_ASYNC_PREEMPT=0, Non-secure interrupts are received
at the TSP's exception vector, and TSP voluntarily preempts itself.
2. When TSP_NS_INTR_ASYNC_PREEMPT=1, Non-secure interrupts causes a
trap to EL3, which preempts TSP execution.
When EL3 exception handling is in place (i.e.,
EL3_EXCEPTION_HANDLING=1), FIQs are always trapped to EL3. On a system
with GICv3, pending NS interrupts while TSP is executing will be
signalled as FIQ (which traps to EL3). This situation necessitates the
same treatment applied to case (2) above.
Therefore, when EL3 exception handling is in place, additionally
require that TSP_NS_INTR_ASYNC_PREEMPT is set to one 1.
Strictly speaking, this is not required on a system with GICv2, but the
same model is uniformly followed regardless, for simplicity.
Relevant documentation updated.
Change-Id: I928a8ed081fb0ac96e8b1dfe9375c98384da1ccd
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
When ARM Trusted Firmware is built with EL3_EXCEPTION_HANDLING=1,
EL3 interrupts (INTR_TYPE_EL3) will always preempt both Non-secure and
secure execution.
The interrupt management framework currently treats EL3 interrupt
routing as valid. For the above reason, this patch makes them invalid
when EL3_EXCEPTION_HANDLING is in effect.
Change-Id: I95bca8f5dc8df8eb0ff6f305cfba098611522a39
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Just like bl2_, add pre/post image load handlers for BL1. No argument
is needed since BL2 is the only image loaded by BL1.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
There are cases where we need to manipulate image information before
the load. For example, for decompressing data, we cannot load the
compressed images to their final destination. Instead, we need to
load them to the temporary buffer for the decompressor.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The CnP bit documentation in the Firmware Design Guide incorrectly
used the term "Page Entries" instead of "Processing Elements".
Fix that.
Change-Id: Ie44ee99c281b7b1a9ad90fba2c7d109f12425507
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
UniPhier platform implements non-TF boot ROM. Prior to the BL2-AT-EL3
support, BL1 (worked as a pseudo ROM) was needed just for ensuring BL2
is entered at EL1-S. Now, this platform is able to avoid this waste.
Enable the BL2_AT_EL3 option, and remove BL1.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This patch expands the weak stubs for the plat_crash_console_xxx
functions in common platform code to use the new console API for crash
output. This should make crash console output "just work" for most cases
without the need for the platform to explicitly set up a crash console.
For cases where the normal console framework doesn't work (e.g. very
early crashes, before the platform can register any consoles), platforms
are still able to override the functions just like before.
This feature requires the MULTI_CONSOLE_API compile-time flag to work.
For builds which don't have it set, this patch has no practical effect.
Change-Id: I80dd161cb43f9db59a0bad2dae33c6560cfac584
Signed-off-by: Julius Werner <jwerner@chromium.org>
Update firmware-design.rst, porting-guide.rst and user-guide.rst
with the information about BL2 at EL3. Firmware-design.rst is
also update to explain how to test this feauture with FVP.
Change-Id: I86d64bc64594e13eb041cea9cefa3f7f3fa745bd
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
A new platform macro `PLAT_AMU_GROUP1_COUNTERS_MASK` controls which
group 1 counters should be enabled. The maximum number of group 1
counters supported by AMUv1 is 16 so the mask can be at most 0xffff.
If the platform does not define this mask, no group 1 counters are
enabled.
A related platform macro `PLAT_AMU_GROUP1_NR_COUNTERS` is used by
generic code to allocate an array to save and restore the counters on
CPU suspend.
Change-Id: I6d135badf4846292de931a43bb563077f42bb47b
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Invalidate the Branch Target Buffer (BTB) on entry to EL3 by disabling
and enabling the MMU. To achieve this without performing any branch
instruction, a per-cpu vbar is installed which executes the workaround
and then branches off to the corresponding vector entry in the main
vector table. A side effect of this change is that the main vbar is
configured before any reset handling. This is to allow the per-cpu
reset function to override the vbar setting.
This workaround is enabled by default on the affected CPUs.
Change-Id: I97788d38463a5840a410e3cea85ed297a1678265
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
If boot redundancy is required in BL1 then the initialization
of the boot sequence must be done in bl1_platform_setup. In BL2,
we had to add a new function, bl2_preload_setup, because
bl2_platform_setup is called after the images are loaded, making it
invalid for the boot sequence initialization.
Change-Id: I5c177ff142608ed38b4192288b06614343b2b83b
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
ARM TF has been tested as part of its CI system with the following
dependencies updated:
- Linaro binaries: 17.04 --> 17.10
- mbed TLS library: 2.4.2 --> 2.6.0
The version of AEM, Cortex-A and Foundation models that ARM TF is
tested on has also been updated:
- v11.1 build 11.1:22 --> v11.2 build 11.2:33
- v8.9 build 0.8:8805 --> v9.0 build 0.8:9005
This patch updates the user guide documentation to reflect these
changes to the dependencies.
Additionally, links to Linaro resources have been updated.
Change-Id: I9ea5cb76e7443c9dbb0c9525069f450a02f59e58
Signed-off-by: David Cunado <david.cunado@arm.com>
Commit 6f62574767 ("Convert documentation to reStructuredText")
automatically converted all documents by a tool. I see some parts
were converted in an ugly way (or, at least, it is not my intention).
Also, the footnote is apparently broken.
I checked this document by my eyes, and reformated it so that it looks
nicer both in plain text and reST form.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This patch adds documentation that describes the design of the Secure
Partition Manager and the specific choices in their current
implementation.
The document "SPM User Guide" has been integrated into the design
document.
Change-Id: I0a4f21a2af631c8aa6c739d97a5b634f3cb39991
Co-authored-by: Achin Gupta <achin.gupta@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The document was being rendered incorrectly.
Change-Id: I6e243d17d7cb6247f91698bc195eb0f6efeb7d17
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Added design documentation and usage guide for the AArch64 port of the
Arm Trusted Firmware to the Raspberry Pi 3.
Change-Id: I1be60fbbd54c797b48a1bcebfb944d332616a0de
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch adds a new build option, ENABLE_SVE_FOR_NS, which when set
to one EL3 will check to see if the Scalable Vector Extension (SVE) is
implemented when entering and exiting the Non-secure world.
If SVE is implemented, EL3 will do the following:
- Entry to Non-secure world: SIMD, FP and SVE functionality is enabled.
- Exit from Non-secure world: SIMD, FP and SVE functionality is
disabled. As SIMD and FP registers are part of the SVE Z-registers
then any use of SIMD / FP functionality would corrupt the SVE
registers.
The build option default is 1. The SVE functionality is only supported
on AArch64 and so the build option is set to zero when the target
archiecture is AArch32.
This build option is not compatible with the CTX_INCLUDE_FPREGS - an
assert will be raised on platforms where SVE is implemented and both
ENABLE_SVE_FOR_NS and CTX_INCLUDE_FPREGS are set to 1.
Also note this change prevents secure world use of FP&SIMD registers on
SVE-enabled platforms. Existing Secure-EL1 Payloads will not work on
such platforms unless ENABLE_SVE_FOR_NS is set to 0.
Additionally, on the first entry into the Non-secure world the SVE
functionality is enabled and the SVE Z-register length is set to the
maximum size allowed by the architecture. This includes the use case
where EL2 is implemented but not used.
Change-Id: Ie2d733ddaba0b9bef1d7c9765503155188fe7dae
Signed-off-by: David Cunado <david.cunado@arm.com>
This patch fixes a couple of issues for AArch32 builds on ARM reference
platforms :
1. The arm_def.h previously defined the same BL32_BASE value for AArch64 and
AArch32 build. Since BL31 is not present in AArch32 mode, this meant that
the BL31 memory is empty when built for AArch32. Hence this patch allocates
BL32 to the memory region occupied by BL31 for AArch32 builds.
As a side-effect of this change, the ARM_TSP_RAM_LOCATION macro cannot
be used to control the load address of BL32 in AArch32 mode which was
never the intention of the macro anyway.
2. A static assert is added to sp_min linker script to check that the progbits
are within the bounds expected when overlaid with other images.
3. Fix specifying `SPD` when building Juno for AArch32 mode. Due to the quirks
involved when building Juno for AArch32 mode, the build option SPD needed to
specifed. This patch corrects this and also updates the documentation in the
user-guide.
4. Exclude BL31 from the build and FIP when building Juno for AArch32 mode. As
a result the previous assumption that BL31 must be always present is removed
and the certificates for BL31 is only generated if `NEED_BL31` is defined.
Change-Id: I1c39bbc0abd2be8fbe9f2dea2e9cb4e3e3e436a8
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The `ENABLE_AMU` build option can be used to enable the
architecturally defined AMU counters. At present, there is no support
for the auxiliary counter group.
Change-Id: I7ea0c0a00327f463199d1b0a481f01dadb09d312
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
The Cortex A75 has 5 AMU counters. The first three counters are fixed
and the remaining two are programmable.
A new build option is introduced, `ENABLE_AMU`. When set, the fixed
counters will be enabled for use by lower ELs. The programmable
counters are currently disabled.
Change-Id: I4bd5208799bb9ed7d2596e8b0bfc87abbbe18740
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
The flag support the following values:
- sha256 (default)
- sha384
- sha512
Change-Id: I7a49d858c361e993949cf6ada0a86575c3291066
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
It is not possible to detect at compile-time whether support for an
optional extension such as SPE should be enabled based on the
ARM_ARCH_MINOR build option value. Therefore SPE is now enabled by
default.
Change-Id: I670db164366aa78a7095de70a0962f7c0328ab7c
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
The explicit event dispatch sequence currently depicts handling done in
Secure EL1, although further error handling is typically done inside a
Secure Partition. Clarify the sequence diagram to that effect.
Change-Id: I53deedc6d5ee0706626890067950c2c541a62c78
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The FPEXC32_EL2 register controls SIMD and FP functionality when the
lower ELs are executing in AArch32 mode. It is architecturally mapped
to AArch32 system register FPEXC.
This patch removes FPEXC32_EL2 register from the System Register context
and adds it to the floating-point context. EL3 only saves / restores the
floating-point context if the build option CTX_INCLUDE_FPREGS is set to 1.
The rationale for this change is that if the Secure world is using FP
functionality and EL3 is not managing the FP context, then the Secure
world will save / restore the appropriate FP registers.
NOTE - this is a break in behaviour in the unlikely case that
CTX_INCLUDE_FPREGS is set to 0 and the platform contains an AArch32
Secure Payload that modifies FPEXC, but does not save and restore
this register
Change-Id: Iab80abcbfe302752d52b323b4abcc334b585c184
Signed-off-by: David Cunado <david.cunado@arm.com>
The document includes SDEI sequence diagrams that are generated using
PlantUML [1].
A shell script is introduced to generate SVG files from PlantUML files
supplied in arguments.
[1] http://plantuml.com/PlantUML_Language_Reference_Guide.pdf
Change-Id: I433897856810bf1927f2800a7b2b1d81827c69b2
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The implementation currently supports only interrupt-based SDEI events,
and supports all interfaces as defined by SDEI specification version
1.0 [1].
Introduce the build option SDEI_SUPPORT to include SDEI dispatcher in
BL31.
Update user guide and porting guide. SDEI documentation to follow.
[1] http://infocenter.arm.com/help/topic/com.arm.doc.den0054a/ARM_DEN0054A_Software_Delegated_Exception_Interface.pdf
Change-Id: I758b733084e4ea3b27ac77d0259705565842241a
Co-authored-by: Yousuf A <yousuf.sait@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
EHF is a framework that allows dispatching of EL3 interrupts to their
respective handlers in EL3.
This framework facilitates the firmware-first error handling policy in
which asynchronous exceptions may be routed to EL3. Such exceptions may
be handed over to respective exception handlers. Individual handlers
might further delegate exception handling to lower ELs.
The framework associates the delegated execution to lower ELs with a
priority value. For interrupts, this corresponds to the priorities
programmed in GIC; for other types of exceptions, viz. SErrors or
Synchronous External Aborts, individual dispatchers shall explicitly
associate delegation to a secure priority. In order to prevent lower
priority interrupts from preempting higher priority execution, the
framework provides helpers to control preemption by virtue of
programming Priority Mask register in the interrupt controller.
This commit allows for handling interrupts targeted at EL3. Exception
handlers own interrupts by assigning them a range of secure priorities,
and registering handlers for each priority range it owns.
Support for exception handling in BL31 image is enabled by setting the
build option EL3_EXCEPTION_HANDLING=1.
Documentation to follow.
NOTE: The framework assumes the priority scheme supported by platform
interrupt controller is compliant with that of ARM GIC architecture (v2
or later).
Change-Id: I7224337e4cea47c6ca7d7a4ca22a3716939f7e42
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Acknowledging interrupt shall return a raw value from the interrupt
controller in which the actual interrupt ID may be encoded. Add a
platform API to extract the actual interrupt ID from the raw value
obtained from interrupt controller.
Document the new function. Also clarify the semantics of interrupt
acknowledge.
Change-Id: I818dad7be47661658b16f9807877d259eb127405
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This initial port of the Secure Partitions Manager to FVP supports BL31
in both SRAM and Trusted DRAM.
A document with instructions to build the SPM has been added.
Change-Id: I4ea83ff0a659be77f2cd72eaf2302cdf8ba98b32
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Achin Gupta <achin.gupta@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
External build environment shall sets directive ARM_ARCH_MAJOR to 7
to specify a target ARMv7-A core.
As ARM-TF expects AARCH to be set, ARM_ARCH_MAJOR==7 mandates
AARCH=aarch32.
The toolchain target architecture/cpu is delegated after the platform
configuration is parsed. Platform shall define target core through
ARM_CORTEX_A<x>=yes, <x> being 5, 7, 9, 12, 15 and/or 17.
Platform can bypass ARM_CORTEX_A<x>=yes directive and provide straight
the toolchain target directive through MARCH32_DIRECTIVE.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Add events that trigger before entry to normal/secure world. The
events trigger after the normal/secure context has been restored.
Similarly add events that trigger after leaving normal/secure world.
The events trigger after the normal/secure context has been saved.
Change-Id: I1b48a7ea005d56b1f25e2b5313d77e67d2f02bc5
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
FWU uses additional images that have to be loaded,
and this patch adds the documentation of how to do
it in FVP and Juno.
Change-Id: I1a40641c11c5a4c8db0aadeaeb2bec30c9279e28
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
On Arm standard platforms, it runs out of SRAM space when TBB is
enabled, so the TSP default location is changed to dram when TBB
is enabled.
Change-Id: I516687013ad436ef454d2055d4e6fce06e467044
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
These hooks are intended to allow one platform to try load
images from alternative places. There is a hook to initialize
the sequence of boot locations and a hook to pass to the next
sequence.
Change-Id: Ia0f84c415208dc4fa4f9d060d58476db23efa5b2
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
This allows other EL3 components to subscribe to CPU on events.
Update Firmware Design guide to list psci_cpu_on_finish as an available
event.
Change-Id: Ida774afe0f9cdce4021933fcc33a9527ba7aaae2
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This light-weight framework enables some EL3 components to publish
events which other EL3 components can subscribe to. Publisher can
optionally pass opaque data for subscribers. The order in which
subscribers are called is not defined.
Firmware design updated.
Change-Id: I24a3a70b2b1dedcb1f73cf48313818aebf75ebb6
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Trusted Firmware has been tested as part of its CI system against Cortex
and Foundation models in the 11.1 Model release available on
developer.arm.com. Trusted Firmware has also been tested against the
v8.7 AEM model. This patch updates the user guide documentation to
reflect the version of the Foundation, AEM and Cortex Models that
Trusted Firmware has been tested against.
Change-Id: Ia0f51469032427b6056567d151bf8144a7cf0e42
Signed-off-by: Eleanor Bonnici <Eleanor.bonnici@arm.com>
The GIC driver initialization currently allows an array of interrupts to
be configured as secure. Future use cases would require more interrupt
configuration other than just security, such as priority.
This patch introduces a new interrupt property array as part of both
GICv2 and GICv3 driver data. The platform can populate the array with
interrupt numbers and respective properties. The corresponding driver
initialization iterates through the array, and applies interrupt
configuration as required.
This capability, and the current way of supplying array (or arrays, in
case of GICv3) of secure interrupts, are however mutually exclusive.
Henceforth, the platform should supply either:
- A list of interrupts to be mapped as secure (the current way).
Platforms that do this will continue working as they were. With this
patch, this scheme is deprecated.
- A list of interrupt properties (properties include interrupt group).
Individual interrupt properties are specified via. descriptors of
type 'interrupt_prop_desc_t', which can be populated with the macro
INTR_PROP_DESC().
A run time assert checks that the platform doesn't specify both.
Henceforth the old scheme of providing list of secure interrupts is
deprecated. When built with ERROR_DEPRECATED=1, GIC drivers will require
that the interrupt properties are supplied instead of an array of secure
interrupts.
Add a section to firmware design about configuring secure interrupts.
FixesARM-software/tf-issues#262
Change-Id: I8eec29e72eb69dbb6bce77879febf32c95376942
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
SPIs can be routed to either a specific PE, or to any one of all
available PEs.
API documentation updated.
Change-Id: I28675f634568aaf4ea1aa8aa7ebf25b419a963ed
Co-authored-by: Yousuf A <yousuf.sait@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The back end GIC driver converts and assigns the interrupt type to
suitable group.
For GICv2, a build option GICV2_G0_FOR_EL3 is introduced, which
determines to which type Group 0 interrupts maps to.
- When the build option is set 0 (the default), Group 0 interrupts are
meant for Secure EL1. This is presently the case.
- Otherwise, Group 0 interrupts are meant for EL3. This means the SPD
will have to synchronously hand over the interrupt to Secure EL1.
The query API allows the platform to query whether the platform supports
interrupts of a given type.
API documentation updated.
Change-Id: I60fdb4053ffe0bd006b3b20914914ebd311fc858
Co-authored-by: Yousuf A <yousuf.sait@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
These APIs allow the GIC implementation to categorize interrupt numbers
into SPIs, PPIs, and SGIs. The default implementations for GICv2 and
GICv3 follows interrupt numbering as specified by the ARM GIC
architecture.
API documentation updated.
Change-Id: Ia6aa379dc955994333232e6138f259535d4fa087
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Document the API in separate platform interrupt controller API document.
Change-Id: If18f208e10a8a243f5c59d226fcf48e985941949
Co-authored-by: Yousuf A <yousuf.sait@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch adds documentation about the new PCSI API to the porting guide
and it also update the version and function list in the firmware design.
Change-Id: Ie4edd190926a501922c061f5fcad53c9b389e331
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Jiafei Pan
Dimitris Papastamos
Antonio Nino Diaz
Joel Hutton
David Cunado
Dan Handley
Soby Mathew
Arve Hjønnevåg
Haojian Zhuang
Jeenu Viswambharan
Masahiro Yamada
Sandrine Bailleux
Andreas Färber
Julius Werner
Roberto Vargas
Jett Zhou
Qixiang Xu
Etienne Carriere
Eleanor Bonnici