On ARM CSS platforms, the whole flash used to be mapped as executable.
This is not required, given that the flash is used to store the BL1
and FIP images and:
- The FIP is not executed in place, its images are copied to RAM
and executed from there.
- BL1 is executed in place from flash but only its code needs to be
mapped as executable and platform code takes care of re-mapping
BL1's read-only section as executable.
Therefore, this patch now maps the flash as non-executable by default
on these platforms. This increases security by restricting the
executable region to what is strictly needed.
This patch also adds some comments to clarify the memory mapping
attributes on these platforms.
Change-Id: I4db3c145508bea1f43fbe0f6dcd551e1aec1ecd3
This patch adds some verbose traces in the arm_setup_page_tables()
function to print the extents of the different memory regions it maps.
Change-Id: Ia3ae1053e7ebf3579601ff9238b0e3791eb1e9e4
The arm_setup_page_tables() function used to expect a single set of
addresses defining the extents of the whole read-only section, code
and read-only data mixed up, which was mapped as executable.
This patch changes this behaviour. arm_setup_page_tables() now
expects 2 separate sets of addresses:
- the extents of the code section;
- the extents of the read-only data section.
The code is mapped as executable, whereas the data is mapped as
execute-never. New #defines have been introduced to identify the
extents of the code and the read-only data section. Given that
all BL images except BL1 share the same memory layout and linker
script structure, these #defines are common across these images.
The slight memory layout differences in BL1 have been handled by
providing values specific to BL1.
Note that this patch also affects the Xilinx platform port, which
uses the arm_setup_page_tables() function. It has been updated
accordingly, such that the memory mappings on this platform are
unchanged. This is achieved by passing null values as the extents
of the read-only data section so that it is ignored. As a result,
the whole read-only section is still mapped as executable.
FixesARM-software/tf-issues#85
Change-Id: I1f95865c53ce6e253a01286ff56e0aa1161abac5
This patch changes the base address of the "total" Trusted SRAM region
seen by the BL2U image. It used to start just after BL2U's read-only
section (i.e. at address BL2U_RO_LIMIT), it now starts from the base
address of the BL2U image (i.e. at address BL2U_BASE). In other words,
the "total" memory region now includes BL2U's own read-only section.
This does not change BL2U's resulting memory mappings because the
read-only section was already mapped in BL2U, it just wasn't part of
this total memory region.
Change-Id: I2da16ac842469023b41904eaa8d13ed678d65671
At the moment, on ARM platforms, BL1 maps everything from BL1_RO_BASE
to BL1_RO_LIMIT. BL1_RO_LIMIT, as defined in the porting guide, is
the maximum address in Trusted ROM that BL1's actual content _can_
occupy. The actual portion of ROM occupied by BL1 can be less than
that, which means that BL1 might map more Trusted ROM than it actually
needs to.
This patch changes BL1's memory mappings on ARM platforms to restrict
the region of Trusted ROM it maps. It uses the symbols exported by
the linker to figure out the actual extents of BL1's ROM footprint.
This change increases the number of page tables used on FVP by 1.
On FVP, we used to map the whole Trusted ROM. As it is 64MB large,
we used to map it as blocks of 2MB using level-2 translation table
entries. We now need a finer-grained mapping, which requires an
additional level-3 translation table.
On ARM CSS platforms, the number of translation tables is unchanged.
The BL1 image resides in flash at address 0x0BEC0000. This address is
not aligned on a 2MB-boundary so a level-3 translation table was
already required to map this memory.
Change-Id: I317a93fd99c40e70d0f13cc3d7a570f05c6c61eb
This patch introduces a new header file: include/lib/utils.h.
Its purpose is to provide generic macros and helper functions that
are independent of any BL image, architecture, platform and even
not specific to Trusted Firmware.
For now, it contains only 2 macros: ARRAY_SIZE() and
IS_POWER_OF_TWO(). These were previously defined in bl_common.h and
xlat_tables.c respectively.
bl_common.h includes utils.h to retain compatibility for platforms
that relied on bl_common.h for the ARRAY_SIZE() macro. Upstream
platform ports that use this macro have been updated to include
utils.h.
Change-Id: I960450f54134f25d1710bfbdc4184f12c049a9a9
This patch introduces the arm_setup_page_tables() function to
set up page tables on ARM platforms. It replaces the
arm_configure_mmu_elx() functions and does the same thing except
that it doesn't enable the MMU at the end. The idea is to reduce
the amount of per-EL code that is generated by the C preprocessor
by splitting the memory regions definitions and page tables creation
(which is generic) from the MMU enablement (which is the only per-EL
configuration).
As a consequence, the call to the enable_mmu_elx() function has been
moved up into the plat_arch_setup() hook. Any other ARM standard
platforms that use the functions `arm_configure_mmu_elx()` must be
updated.
Change-Id: I6f12a20ce4e5187b3849a8574aac841a136de83d
This patch enables optional PSCI functions `PSCI_STAT_COUNT` and
`PSCI_STAT_RESIDENCY` for ARM standard platforms. The optional platform
API 'translate_power_state_by_mpidr()' is implemented for the Juno
platform. 'validate_power_state()' on Juno downgrades PSCI CPU_SUSPEND
requests for the system power level to the cluster power level.
Hence, it is not suitable for validating the 'power_state' parameter
passed in a PSCI_STAT_COUNT/RESIDENCY call.
Change-Id: I9548322676fa468d22912392f2325c2a9f96e4d2
Add build time option 'cadence1' for ZYNQMP_CONSOLE to select the 2nd
UART available in the SoC.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
In GICv3 mode, the non secure group1 interrupts are signalled via the
FIQ line in EL3. To support waking up from CPU_SUSPEND to standby on
these systems, EL3 should route FIQ to EL3 temporarily before wfi and
restore the original setting after resume. This patch makes this change
for the CSS platforms in the `css_cpu_standby` psci pm ops hook.
Change-Id: Ibf3295d16e2f08da490847c1457bc839e1bac144
NODE_IPI_APU is the node ID of APU's IPI device. If APU should be
woken-up on an IPI from FPD power down, this node shall be set as
the wake-up source upon suspend.
Signed-off-by: Mirela Simonovic <mirela.simonovic@aggios.com>
Building TF with ERROR_DEPRECATED=1 fails because of a missing
semi-column. This patch fixes this syntax error.
Change-Id: I98515840ce74245b0a0215805f85c8e399094f68
Replaced placeholder implementation of plat_set_nv_ctr for FVP
platforms by a working one.
On FVP, the mapping of region DEVICE2 has been changed from RO to RW
to prevent exceptions when writing to the NV counter, which is
contained in this region.
Change-Id: I56a49631432ce13905572378cbdf106f69c82f57
This patch adds ARM Cortex-A73 MPCore Processor support
in the CPU specific operations framework. It also includes
this support for the Base FVP port.
Change-Id: I0e26b594f2ec1d28eb815db9810c682e3885716d
We add plat parameter structs to support BL2 to pass variable-length,
variable-type parameters to BL31. The parameters are structured as a
link list. During bl31 setup time, we travse the list to process each
parameter. throuth this way, we can get the reset or power off gpio
parameter, and do hardware control in BL31. This structure also can
pass other parameter to BL31 in future.
There are 5 groups of GPIO (GPIO0~GPIO4), totally have 122 GPIOs
on rk3399 platform.
The pull direction(pullup or pulldown) for all of GPIOs are
software-programmable.
At the moment, we add the gpio basic driver since reset or power off
the devices from gpio configuration for BL31.
Powering up cores didn't wait for the PMUFW to complete the request,
which could result in cores failing to power up in Linux.
Reported-by: Koteswararao Nayudu <kotin@xilinx.com>
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
This patch adds support to select CCN driver for FVP during build.
A new build option `FVP_INTERCONNECT_DRIVER` is added to allow
selection between the CCI and CCN driver. Currently only the CCN-502
variant is supported on FVP.
The common ARM CCN platform helper file now verifies the cluster
count declared by platform is equal to the number of root node
masters exported by the ARM Standard platform.
Change-Id: I71d7b4785f8925ed499c153b2e9b9925fcefd57a
The revision field may change between silicon revisions without changing
the mapping to a part. This avoids errors like:
ERROR: Incorrect XILINX IDCODE 0x14738093, maskid 0x4600093
NOTICE: ATF running on XCZUUNKN/EP108 v3/RTL5.1 at 0xfffe5000
on parts with a newer revision.
Reported-by: Love Kumar <love.kumar@xilinx.com>
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Acked-by: Alistair Francis <alistair.francis@xilinx.com>
Tested-by: Love Kumar <love.kumar@xilinx.com>
Access to APU_PWRCTRL register is protected during suspend/wakeup pocedure
in order to save valid state. If more than one CPU is accessing this register
it can be left in corrupted state during read-modify-write process.
Signed-off-by: Stefan Krsmanovic <stefan.krsmanovic@aggios.com>
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
DEFINE_BAKERY_LOCK() macro is used to put lock in coherent memory region.
ARM Trusted Firmware design guide, chapter 11 states that bakery_lock data
structures should be allocated in coherent memory region because it is
accessed by multiple CPUs with mismatched shareability, cacheability and
memory attributes.
Signed-off-by: Stefan Krsmanovic <stefan.krsmanovic@aggios.com>
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Functions pm_ipi_send and pm_ipi_send_sync are declared in pm_ipi.h
Signed-off-by: Filip Drazic <filip.drazic@aggios.com>
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
The GIC area is specified larger than it needs to be and can be reduced.
Which allows reducing the structures required for the translation tables
as well.
This results in a reduction of memory footprint of ca. 4k.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Added a build flag to select the generic delay timer on FVP instead
of the SP804 timer. By default, the generic one will be selected. The
user guide has been updated.
Change-Id: Ica34425c6d4ed95a187b529c612f6d3b26b78bc6
Added plat_get_syscnt_freq2, which is a 32 bit variant of the 64 bit
plat_get_syscnt_freq. The old one has been flagged as deprecated.
Common code has been updated to use this new version. Porting guide
has been updated.
Change-Id: I9e913544926c418970972bfe7d81ee88b4da837e
Due to the changes in Mediatek platform common code, we need to move
plat related SiP functions to plat folder.
Change-Id: I6b14b988235205a5858b4bf49043bc79d0512b06
Signed-off-by: Jimmy Huang <jimmy.huang@mediatek.com>
This patch adds some debug assertions ensuring that array indices
are within the bounds of the array.
Change-Id: I96ee81d14834c1e92cdfb7e60b49995cdacfd93a
This patch adds to support the suspend/resume for rk3399 SoCs.
Signed-off-by: Shengfei xu <xsf@rock-chips.com>
Signed-off-by: Caesar Wang <wxt@rock-chips.com>