This function scans a string backwards from the end for the first
instance of a character.
Change-Id: I46b21573ed25a0ff222eac340e1e1fb93b040763
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
C99 standard: "What constitutes an access to an object that has
volatile-qualified type is implementation-defined".
GCC is not considering the cast to void of volatile structures as an
access and so is not actually issuing reads.
Clang does read those structures by copying them on the stack, which in
this case creates an overflow because of their large size.
This patch removes the cast to void and instead uses the USED attribute
to tell the compiler to retain the static variables.
Change-Id: I952b5056e3f6e91841e7ef9558434352710ab80d
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Zelalem Aweke <zelalem.aweke@arm.com>
Previously the .init section was created even when the reclaim flag was
manually set to 0.
Change-Id: Ia9e7c7997261f54a4eca725d7ea605192f60bcf8
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Zelalem Aweke <zelalem.aweke@arm.com>
Check that entry point information requesting S-EL2
has AArch64 as an execution state during context setup.
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: I447263692fed6e55c1b076913e6eb73b1ea735b7
This patch adds support for enabling S-EL2 if this EL is specified in the entry
point information being used to initialise a secure context. It is the caller's
responsibility to check if S-EL2 is available on the system before requesting
this EL through the entry point information.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Change-Id: I2752964f078ab528b2e80de71c7d2f35e60569e1
Consolidate the definition of size_t to one header per AArch, and
the definition of NULL to one header
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Change-Id: Iecfbad2cf360cfb705ce7aaa981700fd16219b82
As supporting architectures aside from AArch32 and AArch64 is not a
concern, keeping identical definitions in two places for a large part
of the libc seems counterproductive
The int128 types were left un-unified as __int128 is not supported by
gcc on AArch32
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Change-Id: Idf08e6fab7e4680d9da62d3c57266ea2d80472cf
Conceptually, these are supposed to be the largest integers
representable in C, but GCC and Clang define them as long long for
compatibility.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Change-Id: I7c0117f3be167342814d260a371889120dcf6576
From AArch64 state, arguments are passed in registers W0-W7(X0-X7)
and results are returned in W0-W7(X0-X7) for SMC32(SMC64) calls.
From AArch32 state, arguments are passed in registers R0-R7 and
results are returned in registers R0-R7 for SMC32 calls.
Most of the functions and macros already existed to support using
upto 8 registers for passing/returning parameters/results. Added
few helper macros for SMC calls from AArch32 state.
Link to the specification:
https://developer.arm.com/docs/den0028/c
Change-Id: I87976b42454dc3fc45c8343e9640aa78210e9741
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Add support to configure GIC-600's multichip routing table registers.
Introduce a new gic600 multichip structure in order to support platforms
to pass their GIC-600 multichip information such as routing table owner,
SPI blocks ownership.
This driver is currently experimental and the driver api may change in
the future.
Change-Id: Id409d0bc07843e271ead3fc2f6e3cb38b317878d
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Earlier PIE support was enabled for all arm platforms when
RESET_TO_BL31=1, but later on it was restricted only to FVP with patch
SHA d4580d17 because of n1sdp platform.
Now it has been verified that PIE does work for n1sdp platform also, so
enabling it again for all arm platforms.
Change-Id: I05ad4f1775ef72e7cb578ec9245cde3fbce971a5
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
ARM platform can have a non-contiguous GICR frames. For instance, a
multi socket platform can have two or more GIC Redistributor frames
which are 4TB apart. Hence it is necessary for the `gicv3_rdistif_probe`
function to probe all the GICR frames available in the platform.
Introduce `plat_arm_override_gicr_frames` function which platforms can
use to override the default gicr_frames which holds the GICR base
address of the primary cpu.
Change-Id: I1f537b0d871a679cb256092944737f2e55ab866e
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
The function has to use read_cntpct_el0() to update the counter, and not
read_cntfrq_el0().
Change-Id: I9c676466e784c3122e9ffc2d87e66708797086e7
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Currently the MDCR_EL3 initialisation implicitly disables
MDCR_EL3.SPME by using mov_imm.
This patch makes the SPME bit more visible by explicitly
disabling it and documenting its use in different versions
of the architecture.
Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>
Change-Id: I221fdf314f01622f46ac5aa43388f59fa17a29b3
Coherent I-cache is causing a prefetch violation where when the core
executes an instruction that has recently been modified, the core might
fetch a stale instruction which violates the ordering of instruction
fetches.
The workaround includes an instruction sequence to implementation
defined registers to trap all EL0 IC IVAU instructions to EL3 and a trap
handler to execute a TLB inner-shareable invalidation to an arbitrary
address followed by a DSB.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ic3b7cbb11cf2eaf9005523ef5578a372593ae4d6
Introduce timeout_init_us/timeout_elapsed() delay tracking with CNTPCT.
timeout_init_us(some_timeout_us); returns a reference to detect
timeout for the provided microsecond delay value from current time.
timeout_elapsed(reference) return true/false whether the reference
timeout is elapsed.
Cherry picked from OP-TEE implementation [1].
[1] commit 33d30a74502b ("core: timeout detection support")
Minor:
- Remove stm32mp platform duplicated implementation.
- Add new include in marvell ble.mk
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: Iaef6d43c11a2e6992fb48efdc674a0552755ad9c
Use size_t for length parameter in header file, as in .c file.
Change-Id: I310f2a6159cde1c069b4f814f6558c2488c203ec
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add the missing flag for aarch32 XIP memory mode. It was
previously added in aarch64 only.
Minor: Correct the aarch64 missing flag.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: Iac0a7581a1fd580aececa75f97deb894858f776f
* changes:
stm32mp1: add authentication support for stm32image
bsec: move bsec_mode_is_closed_device() service to platform
crypto: stm32_hash: Add HASH driver
* changes:
Migrate ARM platforms to use the new GICv3 API
Adding new optional PSCI hook pwr_domain_on_finish_late
GICv3: Enable multi socket GIC redistributor frame discovery
This patch changes implementation for disabling Secure Cycle
Counter. For ARMv8.5 the counter gets disabled by setting
SDCR.SCCD bit on CPU cold/warm boot. For the earlier
architectures PMCR register is saved/restored on secure
world entry/exit from/to Non-secure state, and cycle counting
gets disabled by setting PMCR.DP bit.
In 'include\aarch32\arch.h' header file new
ARMv8.5-PMU related definitions were added.
Change-Id: Ia8845db2ebe8de940d66dff479225a5b879316f8
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch invokes the new function gicv3_rdistif_probe() in the
ARM platform specific gicv3 driver. Since this API modifies the
shared GIC related data structure, it must be invoked coherently
by using the platform specific pwr_domain_on_finish_late hook.
Change-Id: I6efb17d5da61545a1c5a6641b8f58472b31e62a8
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This PSCI hook is similar to pwr_domain_on_finish but is
guaranteed to be invoked with the respective core and cluster are
participating in coherency. This will be necessary to safely invoke
the new GICv3 API which modifies shared GIC data structures concurrently.
Change-Id: I8e54f05c9d4ef5712184c9c18ba45ac97a29eb7a
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This patch provides declaration and definition of new GICv3 driver
API: gicv3_rdistif_probe().This function delegates the responsibility
of discovering the corresponding Redistributor base frame to each CPU
itself. It is a modified version of gicv3_rdistif_base_addrs_probe()
and is executed by each CPU in the platform unlike the previous
approach in which only the Primary CPU did the discovery of all the
Redistributor frames for every CPU.
The flush operations as part of gicv3_driver_init() function are
made necessary even for platforms with WARMBOOT_ENABLE_DCACHE_EARLY
because the GICv3 driver data structure contents are accessed by CPU
with D-Cache turned off during power down operations.
Change-Id: I1833e81d3974b32a3e4a3df4766a33d070982268
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This BSEC service is a platform specific service. Implementation
moved to the platform part.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I1f70ed48a446860498ed111acce01187568538c9
The driver manages the HASH processor IP on STM32MP1
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I3b67c80c16d819f86b951dae29a6c465e51ad585
The block size of some storage device is 4096-byte long, such as UFS. But
PARTITION_BLOCK_SIZE is defined as 512-byte long. So replace it by
PLAT_PARTITION_BLOCK_SIZE. Make it configurable in platform.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Change-Id: Iada05f7c646d0a0f2c0d3b8545540b3cb7153de3
If a firmware component like TF-A reserves special memory regions for
its own or secure payload services, it should announce the location and
size of those regions to the non-secure world. This will avoid
disappointment when some rich OS tries to acccess this memory, which
will likely end in a crash.
The traditional way of advertising reserved memory using device tree is
using the special memreserve feature of the device tree blob (DTB).
However by definition those regions mentioned there do not prevent the
rich OS to map this memory, which may lead to speculative accesses to
this memory and hence spurious bus errors.
A safer way of carving out memory is to use the /reserved-memory node as
part of the normal DT structure. Besides being easier to setup, this
also defines an explicit "no-map" property to signify the secure-only
nature of certain memory regions, which avoids the rich OS to
accidentally step on it.
Add a helper function to allow platform ports to easily add a region.
Change-Id: I2b92676cf48fd3bdacda05b5c6b1c7952ebed68c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
To allow sharing the driver between the RPi3 and RPi4, move the random
number generator driver into the generic driver directory.
Change-Id: Iae94d7cb22c6bce3af9bff709d76d4caf87b14d1
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The QEMU platform port scans its device tree to advertise PSCI as the
CPU enable method. It does this by scanning *every* node in the DT and
check whether its compatible string starts with "arm,cortex-a". Then it
sets the enable-method to PSCI, if it doesn't already have one.
Other platforms might want to use this functionality as well, so let's
move it out of the QEMU platform directory and make it more robust by
fixing some shortcomings:
- A compatible string starting with a certain prefix is not a good way
to find the CPU nodes. For instance a "arm,cortex-a72-pmu" node will
match as well and is in turn favoured with an enable-method.
- If the DT already has an enable-method, we won't change this to PSCI.
Those two issues will for instance fail on the Raspberry Pi 4 DT.
To fix those problems, we adjust the scanning method:
The DT spec says that all CPU nodes are subnodes of the mandatory
/cpus node, which is a subnode of the root node. Also each CPU node has
to have a device_type = "cpu" property. So we find the /cpus node, then
scan for a subnode with the proper device_type, forcing the
enable-method to "psci".
We have to restart this search after a property has been patched, as the
node offsets might have changed meanwhile.
This allows this routine to be reused for the Raspberry Pi 4 later.
Change-Id: I00cae16cc923d9f8bb96a9b2a2933b9a79b06139
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
To allow sharing the driver between the RPi3 and RPi4, move the mailbox
driver into the generic driver directory.
Change-Id: I463e49acf82b02bf004f3d56482b7791f3020bc0
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch provides the following features and makes modifications
listed below:
- Individual APIAKey key generation for each CPU.
- New key generation on every BL31 warm boot and TSP CPU On event.
- Per-CPU storage of APIAKey added in percpu_data[]
of cpu_data structure.
- `plat_init_apiakey()` function replaced with `plat_init_apkey()`
which returns 128-bit value and uses Generic timer physical counter
value to increase the randomness of the generated key.
The new function can be used for generation of all ARMv8.3-PAuth keys
- ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`.
- New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions
generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively;
pauth_disable_el1()` and `pauth_disable_el3()` functions disable
PAuth for EL1 and EL3 respectively;
`pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from
cpu-data structure.
- Combined `save_gp_pauth_registers()` function replaces calls to
`save_gp_registers()` and `pauth_context_save()`;
`restore_gp_pauth_registers()` replaces `pauth_context_restore()`
and `restore_gp_registers()` calls.
- `restore_gp_registers_eret()` function removed with corresponding
code placed in `el3_exit()`.
- Fixed the issue when `pauth_t pauth_ctx` structure allocated space
for 12 uint64_t PAuth registers instead of 10 by removal of macro
CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h`
and assigning its value to CTX_PAUTH_REGS_END.
- Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions
in `msr spsel` instruction instead of hard-coded values.
- Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI.
Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
* changes:
Remove RSA PKCS#1 v1.5 support from cert_tool
Add documentation for new KEY_SIZE option
Add cert_create tool support for RSA key sizes
Support larger RSA key sizes when using MBEDTLS
* changes:
mediatek: mt8183: Support coreboot configuration
mediatek: mt8183: support system reset
mediatek: mt8183: pass platform parameters
mediatek: mt8183: add GPIO driver
mediatek: mt8183: support system off
mediatek: mt8183: support CPU hotplug
mediatek: mt8183: refine GIC driver
Previously, TF-A could not support large RSA key sizes as the
configuration options passed to MBEDTLS prevented storing and performing
calculations with the larger, higher-precision numbers required. With
these changes to the arguments passed to MBEDTLS, TF-A now supports
using 3072 (3K) and 4096 (4K) keys in certificates.
Change-Id: Ib73a6773145d2faa25c28d04f9a42e86f2fd555f
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Some of the platform (ie. Agilex) make use of CCU IPs which will only be
initialized during bl2_el3_early_platform_setup. Any operation to the
cache beforehand will crash the platform. Hence, this will provide an
option to skip the data cache invalidation upon bl2 entry at EL3
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I2c924ed0589a72d0034714c31be8fe57237d1f06
* changes:
amlogic: Fix includes order
amlogic: Fix header guards
amlogic: Fix prefixes in the SoC specific files
amlogic: Fix prefixes in the PM code
amlogic: Fix prefixes in the SCPI related code
amlogic: Fix prefixes in the MHU code
amlogic: Fix prefixes in the SIP/SVC code
amlogic: Fix prefixes in the thermal driver
amlogic: Fix prefixes in the private header file
amlogic: Fix prefixes in the efuse driver
amlogic: Fix prefixes in the platform macros file
amlogic: Fix prefixes in the helpers file
amlogic: Rework Makefiles
amlogic: Move the SIP SVC code to common directory
amlogic: Move topology file to common directory
amlogic: Move thermal code to common directory
amlogic: Move MHU code to common directory
amlogic: Move efuse code to common directory
amlogic: Move platform macros assembly file to common directory
amlogic: Introduce unified private header file
amlogic: Move SCPI code to common directory
amlogic: Move the SHA256 DMA driver to common directory
amlogic: Move assembly helpers to common directory
amlogic: Introduce directory parameters in the makefiles
meson: Rename platform directory to amlogic
This patch adds support for the Undefined Behaviour sanitizer. There are
two types of support offered - minimalistic trapping support which
essentially immediately crashes on undefined behaviour and full support
with full debug messages.
The full support relies on ubsan.c which has been adapted from code used
by OPTEE.
Change-Id: I417c810f4fc43dcb56db6a6a555bfd0b38440727
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Sparse warns this:
lib/libc/assert.c:29:6: error: symbol '__assert' redeclared with different type (originally declared at include/lib/libc/assert.h:36) - different modifiers
Add __dead2 to match the header declaration and C definition.
I also changed '__dead2 void' to 'void __dead2' for the consistency
with other parts.
Change-Id: Iefa4f0e787c24fa7e7e499d2e7baf54d4deb49ef
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Add plat parameter structs to support BL2 to pass
variable-length, variable-type parameters to BL31.
The parameters are structured as a link list.
During BL31 setup time, we traverse the list to process
each parameter.
Signed-off-by: kenny liang <kenny.liang@mediatek.com>
Change-Id: Ie84cfc9606656fb1d2780a68cadf27e09afa6628
This patch adds support for the new Memory Tagging Extension arriving in
ARMv8.5. MTE support is now enabled by default on systems that support
at EL0. To enable it at ELx for both the non-secure and the secure
world, the compiler flag CTX_INCLUDE_MTE_REGS includes register saving
and restoring when necessary in order to prevent register leakage
between the worlds.
Change-Id: I2d4ea993d6b11654ea0d4757d00ca20d23acf36c
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
The SHA256 DMA driver can be used by multiple SoCs. Move it to the
common directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I96319eeeeeebd503ef0dcb07c0e4ff6a67afeaa5
Meson is the internal code name for the SoC family. The correct name for
the platform should be Amlogic. Change the name of the platform
directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Icc140e1ea137f12117acbf64c7dcb1a8b66b345d
The #include "mbedtls/check_config.h" directive first searches for
the header in the relative path to mbedtls_config.h, i.e.
include/drivers/auth/mbedtls/mbedtls/check_config.h
Obviously, it does not exist since check_config.h is located in
the mbedtls project.
It is more sensible to use #include <...> form.
Change-Id: If72a71381f84e7748a2c9f07dd1176559d9bb1d2
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
If the max-frequency property is provided in the device tree mmc node,
it should be managed. The max allowed frequency will be the min between
this property value and what the card can support.
Change-Id: I885b676c3300d2670a0fe4c6ecab87758b5893ad
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Introduce driver for STM32 IWDG peripheral (Independent Watchdog).
It is configured according to device tree content and should be enabled
from there.
The watchdog is not started by default. It can be started after an HW
reset if the dedicated OTP is fused.
The watchdog also needs to be frozen if a debugger is attached.
This is done by configuring the correct bits in DBGMCU.
This configuration is allowed by checking BSEC properties.
An increase of BL2 size is also required when adding this new code.
Change-Id: Ide7535d717885ce2f9c387cf17afd8b5607f3e7f
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
This patch fixes an issue when secure world timing information
can be leaked because Secure Cycle Counter is not disabled.
For ARMv8.5 the counter gets disabled by setting MDCR_El3.SCCD
bit on CPU cold/warm boot.
For the earlier architectures PMCR_EL0 register is saved/restored
on secure world entry/exit from/to Non-secure state, and cycle
counting gets disabled by setting PMCR_EL0.DP bit.
'include\aarch64\arch.h' header file was tided up and new
ARMv8.5-PMU related definitions were added.
Change-Id: I6f56db6bc77504634a352388990ad925a69ebbfa
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Currently, console drivers prepend '\r' to '\n' by themselves. This is
common enough to be supported in the framework.
Add a new flag, CONSOLE_FLAG_TRANSLATE_CRLF. A driver can set this
flag to ask the framework to transform LF into CRLF instead of doing
it by itself.
Change-Id: I4f5c5887591bc0a8749a105abe62b6562eaf503b
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This patch fixes FVP_Base_AEMv8A model hang issue with
ARMv8.4+ with cache modelling enabled configuration.
Incorrect L1 cache flush operation to PoU, using CLIDR_EL1
LoUIS field, which is required by the architecture to be
zero for ARMv8.4-A with ARMv8.4-S2FWB feature is replaced
with L1 to L2 and L2 to L3 (if L3 is present) cache flushes.
FVP_Base_AEMv8A model can be configured with L3 enabled by
setting `cluster0.l3cache-size` and `cluster1.l3cache-size`
to non-zero values, and presence of L3 is checked in
`aem_generic_core_pwr_dwn` function by reading
CLIDR_EL1.Ctype3 field value.
Change-Id: If3de3d4eb5ed409e5b4ccdbc2fe6d5a01894a9af
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch modifies crash reporting for AArch64 to provide
aligned output of register dump and GIC registers.
Change-Id: I8743bf1d2d6d56086e735df43785ef28051c5fc3
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__.
All common C compilers pre-define the same macros to signal which
architecture the code is being compiled for: __arm__ for AArch32 (or
earlier versions) and __aarch64__ for AArch64. There's no need for TF-A
to define its own custom macros for this. In order to unify code with
the export headers (which use __aarch64__ to avoid another dependency),
let's deprecate the AARCH32 and AARCH64 macros and switch the code base
over to the pre-defined standard macro. (Since it is somewhat
unintuitive that __arm__ only means AArch32, let's standardize on only
using __aarch64__.)
Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200
Signed-off-by: Julius Werner <jwerner@chromium.org>
NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__.
All common C compilers predefine a macro called __ASSEMBLER__ when
preprocessing a .S file. There is no reason for TF-A to define it's own
__ASSEMBLY__ macro for this purpose instead. To unify code with the
export headers (which use __ASSEMBLER__ to avoid one extra dependency),
let's deprecate __ASSEMBLY__ and switch the code base over to the
predefined standard.
Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417
Signed-off-by: Julius Werner <jwerner@chromium.org>
Add support for multiple Cryptocell revisions which
use different APIs.
This commit only refactors the existing code in preperation to the addition
of another Cryptocell revisions later on.
Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com>
Change-Id: I16d80b31afb6edd56dc645fee5ea619cc74f09b6
Code using Cryptocell specific APIs was used as part of the
arm common board ROT support, instead of being abstracted
in Cryptocell specific driver code, creating two problems:
- Any none arm board that uses Cryptocell wuld need to
copy and paste the same code.
- Inability to cleanly support multiple versions of Cryptocell
API and products.
Move over Cryptocell specific API calls into the Cryptocell
driver, creating abstraction API where needed.
Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com>
Change-Id: I9e03ddce90fcc47cfdc747098bece86dbd11c58e
* changes:
plat/mediatek/mt81*: Use new bl31_params_parse() helper
plat/rockchip: Use new bl31_params_parse_helper()
Add helper to parse BL31 parameters (both versions)
Factor out cross-BL API into export headers suitable for 3rd party code
Use explicit-width data types in AAPCS parameter structs
plat/rockchip: Switch to use new common BL aux parameter library
Introduce lightweight BL platform parameter library
This patch introduces an additional precautionary step to further
enhance protection against variant 4. During the context initialisation
before we enter the various BL stages, the SPSR.SSBS bit is explicitly
set to zero. As such, speculative loads/stores are by default disabled
for all BL stages when they start executing. Subsequently, each BL
stage, can choose to enable speculative loads/stores or keep them
disabled.
This change doesn't affect the initial execution context of BL33 which
is totally platform dependent and, thus, it is intentionally left up to
each platform to initialise.
For Arm platforms, SPSR.SSBS is set to zero for BL33 too. This means
that, for Arm platforms, all BL stages start with speculative
loads/stores disabled.
Change-Id: Ie47d39c391d3f20fc2852fc59dbd336f8cacdd6c
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
BL31 used to take a single bl31_params_t parameter structure with entry
point information in arg0. In commit 726002263 (Add new version of image
loading.) this API was changed to a more flexible linked list approach,
and the old parameter structure was copied into all platforms that still
used the old format. This duplicated code unnecessarily among all these
platforms.
This patch adds a helper function that platforms can optionally link to
outsource the task of interpreting arg0. Many platforms are just
interested in the BL32 and BL33 entry point information anyway. Since
some platforms still need to support the old version 1 parameters, the
helper will support both formats when ERROR_DEPRECATED == 0. This allows
those platforms to drop a bunch of boilerplate code and asynchronously
update their BL2 implementation to the newer format.
Change-Id: I9e6475adb1a7d4bccea666118bd1c54962e9fc38
Signed-off-by: Julius Werner <jwerner@chromium.org>
This patch adds a new include/export/ directory meant for inclusion in
third-party code. This is useful for cases where third-party code needs
to interact with TF-A interfaces and data structures (such as a custom
BL2-implementation like coreboot handing off to BL31). Directly
including headers from the TF-A repository avoids having to duplicate
all these definitions (and risk them going stale), but with the current
header structure this is not possible because handoff API definitions
are too deeply intertwined with other TF code/headers and chain-include
other headers that will not be available in the other environment.
The new approach aims to solve this by separating only the parts that
are really needed into these special headers that are self-contained and
will not chain-include other (non-export) headers. TF-A code should
never include them directly but should instead always include the
respective wrapper header, which will include the required prerequisites
(like <stdint.h>) before including the export header. Third-party code
can include the export headers via its own wrappers that make sure the
necessary definitions are available in whatever way that environment can
provide them.
Change-Id: Ifd769320ba51371439a8e5dd5b79c2516c3b43ab
Signed-off-by: Julius Werner <jwerner@chromium.org>
It's not a good idea to use u_register_t for the members of
aapcs64_params_t and aapcs32_params_t, since the width of that type
always depends on the current execution environment. This would cause
problems if e.g. we used this structure to set up the entry point of an
AArch32 program from within an AArch64 program. (It doesn't seem like
any code is doing that today, but it's probably still a good idea to
write this defensively. Also, it helps with my next patch.)
Change-Id: I12c04a85611f2b6702589f3362bea3e6a7c9f776
Signed-off-by: Julius Werner <jwerner@chromium.org>
The watchdog is configured with a default value of 256 seconds in order
to implement the Trusted Board Boot Requirements.
For the FVP and Juno platforms, the FWU process relies on a watchdog
reset. In order to automate the test of FWU, the length of this process
needs to be as short as possible. Instead of waiting for those 4 minutes
to have a reset by the watchdog, tell it to reset immediately.
There are no side effects as the value of the watchdog's load register
resets to 0xFFFFFFFF.
Tested on Juno.
Change-Id: Ib1aea80ceddc18ff1e0813a5b98dd141ba8a3ff2
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
This patch adds some common helper code to support a lightweight
platform parameter passing framework between BLs that has already been
used on Rockchip platforms but is more widely useful to others as well.
It can be used as an implementation for the SoC firmware configuration
file mentioned in the docs, and is primarily intended for platforms
that only require a handful of values to be passed and want to get by
without a libfdt dependency. Parameters are stored in a linked list and
the parameter space is split in generic and vendor-specific parameter
types. Generic types will be handled by this code whereas
vendor-specific types have to be handled by a vendor-specific handler
function that gets passed in.
Change-Id: If3413d44e86b99d417294ce8d33eb2fc77a6183f
Signed-off-by: Julius Werner <jwerner@chromium.org>
Update the skeleton implementation of the console interface.
The 32 bit version was outdated and has been copied from the 64 bit
version.
Change-Id: Ib3e4eb09402ffccb1a30c703a53829a7bf064dfe
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
* changes:
Enable -Wshift-overflow=2 to check for undefined shift behavior
Update base code to not rely on undefined overflow behaviour
Update hisilicon drivers to not rely on undefined overflow behaviour
Update synopsys drivers to not rely on undefined overflow behaviour
Update imx platform to not rely on undefined overflow behaviour
Update mediatek platform to not rely on undefined overflow behaviour
Update layerscape platform to not rely on undefined overflow behaviour
Update intel platform to not rely on undefined overflow behaviour
Update rockchip platform to not rely on undefined overflow behaviour
Update renesas platform to not rely on undefined overflow behaviour
Update meson platform to not rely on undefined overflow behaviour
Update marvell platform to not rely on undefined overflow behaviour
This patch enables MTE for Normal world if the CPU suppors it. Enabling
MTE for secure world will be done later.
Change-Id: I9ef64460beaba15e9a9c20ab02da4fb2208b6f7d
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This consists of ensuring that the left operand of each shift is
unsigned when the operation might overflow into the sign bit.
Change-Id: Iddd6f38139a4c6e500468b4fc48d04e0939f574e
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Ambroise Vincent
Sandrine Bailleux
Artsem Artsemenka
Achin Gupta
Soby Mathew
Bence Szépkúti
Madhukar Pappireddy
Paul Beesley
Vijayenthiran Subramaniam
Manish Pandey
Balint Dobszay
Yann Gautier
Petre-Ionut Tudor
laurenw-arm
Lionel Debieve
Imre Kis
Alexei Fedorov
Haojian Zhuang
Andre Przywara
Justin Chadwell
Hadi Asyrafi
Masahiro Yamada
kenny liang
Carlo Caione
Julius Werner
Gilad Ben-Yossef
John Tsichritzis
Louis Mayencourt
Remi Pommarel