Following Out of Box testing for v1.5 release:
Update host OS version to Ubuntu 16.04
Clarify configuration files needed for checkpatch
Add note on using Linaro precompiled binaries
Change-Id: Ia4ae61e01128ddff1a288972ddf84b79370fa52c
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
Allow qemu users to enable stack protection. Since the virt platform
does not provide an RNG, use a basic, timer-based, canary generation,
similarly to FVP.
Increase SRAM size and BL2 size to fit images when stack protection is
enabled.
Notice that stack protection is not enabled by default in qemu.
FixesARM-software/tf-issues#568
Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>
Include stack_protector's makefile after including platform.mk
to allow platforms override ENABLE_STACK_PROTECTOR
FixesARM-software/tf-issues#567
Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>
there are two fix for save/restore watchdog register:
1. watchdog plck will shutdown after secure_watchdog_disable(), so need
to save register before it and restore after secure_watchdog_enable().
2. need write 0x76 to cnt_restart to keep watchdog alive when restore
watchdog register.
Change-Id: I1f6fbceae22186e3b72a87df6332a110adf37479
Signed-off-by: Lin Huang <hl@rock-chips.com>
x3 will be assigned by the folloing instructions.
So the first instruction is not needed any more.
old method:
(ClusterId * FVP_MAX_CPUS_PER_CLUSTER)
+ (CPUId * FVP_MAX_PE_PER_CPU)
+ ThreadId
it should be
(ClusterId * FVP_MAX_CPUS_PER_CLUSTER) * FVP_MAX_PE_PER_CPU
+ (CPUId * FVP_MAX_PE_PER_CPU)
+ ThreadId
which can be simplified as:
(ClusterId * FVP_MAX_CPUS_PER_CLUSTER + CPUId) * FVP_MAX_PE_PER_CPU + ThreadId
Signed-off-by: Wang Feng <feng_feng.wang@spreadtrum.com>
The CI has been updated to run tests against the AEMv8-A RevC
model, FVP_Base_RevC-2xAEMv8A, which is available from the Fast
Model releases on Connected Community [1].
Additionally, the CI now also includes the Cortex-A55x4, Cortex-A75x4
and Cortex-A55x4-A75x4 Base models.
[1] https://developer.arm.com/products/system-design/fixed-virtual-platforms
Change-Id: I57806f3b2a8121211490a7aa0089dcae566d8635
Signed-off-by: David Cunado <david.cunado@arm.com>
Updated change-log.rst with summary of changes since
release v1.4.
Change-Id: I56b5a30d13a5a7099942535cbaeff0e2a5c5804e
Signed-off-by: David Cunado <david.cunado@arm.com>
Update Arm Trusted Firmware references in the upstream documents to
Trusted Firmware-A (TF-A). This is for consistency with and
disambiguation from Trusted Firmware-M (TF-M).
Also update other Arm trademarks, e.g. ARM->Arm, ARMv8->Armv8-A.
Change-Id: I8bb0e18af29c6744eeea2dc6c08f2c10b20ede22
Signed-off-by: Dan Handley <dan.handley@arm.com>
Signed-off-by: David Cunado <david.cunado@arm.com>
The FVP platform port for SP_MIN (BL32) didn't map the flash memory
in BL32 for stroring the mem_protect enable state information leading
to synchronous exception. The patch fixes it by adding the region to
the BL32 mmap tables.
Change-Id: I37eec83c3e1ea43d1b5504d3683eebc32a57eadf
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
When querying `SMCCC_ARCH_WORKAROUND_1` through `SMCCC_ARCH_FEATURES`,
return either:
* -1 to indicate the PE on which `SMCCC_ARCH_FEATURES` is called
requires firmware mitigation for CVE-2017-5715 but the mitigation
is not compiled in.
* 0 to indicate that firmware mitigation is required, or
* 1 to indicate that no firmware mitigation is required.
This patch complies with v1.2 of the firmware interfaces
specification (ARM DEN 0070A).
Change-Id: Ibc32d6620efdac6c340758ec502d95554a55f02a
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
If the CSV2 field reads as 1 then branch targets trained in one
context cannot affect speculative execution in a different context.
In that case skip the workaround on Cortex A72 and A73.
Change-Id: Ide24fb6efc77c548e4296295adc38dca87d042ee
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
This patch updates the `firmware-design.rst` document for
changes in ARM-TF for supporting dynamic configuration features
as presented in `Secure Firmware BoF SFO'17`[1].
The patch also updates the user-guide for 2 build options for FVP
pertaining to dynamic config.
[1] https://www.slideshare.net/linaroorg/bof-device-tree-and-secure-firmware-bof-sfo17310
Change-Id: Ic099cf41e7f1a98718c39854e6286d884011d445
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Boot memory layout is specific for a platform, but should not be
mixed up with other platform specific attributes. A separate file is
much cleaner and better to compare with other platforms. Take a look
at plat/poplar where it is done the same way.
Moved hikey_def.h to system include folder and moved includes from
hikey_def.h to more general platform_def.h.
Signed-off-by: Michael Brandl <git@fineon.pw>
Previously, Juno used to depend on the SSC_GPRETN register to inform
about the reset syndrome. This method was removed when SCP migrated
to the SDS framework. But even the SDS framework doesn't report the
reset syndrome correctly and hence Juno failed to enter Firmware
update mode if BL2 authentication failed.
In addition to that, the error code populated in V2M_SYS_NVFLAGS register
does not seem to be retained any more on Juno across resets. This could
be down to the motherboard firmware not doing the necessary to preserve
the value.
Hence this patch modifies the Juno platform to use the same mechanism to
trigger firmware update as FVP which is to corrupt the FIP TOC on
authentication failure. The implementation in `fvp_err.c` is made common
for ARM platforms and is moved to the new `arm_err.c` file in
plat/arm/common folder. The BL1 and BL2 mmap table entries for Juno
are modified to allow write to the Flash memory address.
Change-Id: Ica7d49a3e8a46a90efd4cf340f19fda3b549e945
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This issue was detected when testing FWU on Juno. The Timer
`timer_ops` was not being initialized before being used by
the SDS driver on Juno. This patch adds the call to
`generic_delay_timer_init()` during bl2u_early_platform_setup().
This is done generically for all ARM platforms because the
cost involved is minimal.
Change-Id: I349cf0bd1db68406eb2298b65f9c729f792cabdc
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
plat/hisilicon/hikey/hikey_bl1_setup.c:565:47:
error: value size does not match register size specified by the
constraint and modifier [-Werror,-Wasm-operand-widths]
__asm__ volatile ("mrs %0, cpacr_el1" : "=r"(data));
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
When using BL2_EL3, we need to ensure that lr_svc is
properly given to bl32 as it was previously made by bl1.
FixesARM-Software/tf-issues#562
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Include missing plat_helpers.S into pl011_console.S, to build successfully
when MULTI_CONSOLE_API is enabled.
Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>
This patch modifies the common utility function
`populate_next_bl_params_config()` to only modify the entrypoint arguments
to an executable image only if they are not initialized earlier.
This issue was detected while testing Optee on ARM platforms which needed
the current arguments to be preserved in the absence of corresponding
config files.
Change-Id: I1e3fb4be8176fc173959e72442396dd33a99a316
Signed-off-by: Amit Daniel Kachhap <amit.kachhap@arm.com>
Signed-off-by: David Cunado <david.cunado@arm.com>
Since we use "?=" to set PLATFORM_ROOT, it is better to change the
name to be more special, or else it may be overridden by some
environment variables, such as in some CI build environments.
Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
It's unnecessary to call platform driver initialization in image
load driver. We could make bl2_platform_setup() to executing
just before SCP_BL2 by setting flag IMAGE_ATTRIB_PLAT_SETUP.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Since non-TF ROM is used in HiKey960 platform (Hisilicon Hi3660 SoC),
replace BL1 by BL2_EL3 in normal boot mode.
When flush images in recovery mode, keep to use BL1.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Since LOAD_IMAGE_V2 is always enabled in HiKey960 platform. Drop
LOAD_IMAGE v1 to simplify code.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
MAP_TSP_MEM could be either in SRAM or DRAM. When MAP_TSP_MEM is in
DRAM, it's overlapped with MAP_DDR.
Since TSP_MEM is always configured in DRAM case, it means
MAP_OPTEE_PAGEABLE is always disabled. Just remove it.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
The main difference between HiKey960 v1 hardware and HiKey960 v2
hardware is on UART console.
But the function of detecting boardid dumps message before console
ready. So fix it by removing those messages.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Since non-TF ROM is used in HiKey platform (Hisilicon Hi6220 SoC),
replace BL1 by BL2_EL3 in normal boot mode.
When we recovery images in recovery mode, keep to use BL1.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Although SRAM is initialized, DCACHE should be cleaned too.
Because MCU is a parrallel core to access SRAM. We need to make
sure that initialized value is really written to SRAM before
MCU using it.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Since LOAD_IMAGE_V2 is always enabled in HiKey platform. Drop
LOAD_IMAGE v1 to simplify code.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
The register address range of UART1 (crash console) are outside the
address ranges mapped for MMIO, resulting to an MMU abort when the
device registers are accessed.
Increase the size of DEVICE1 memory to include the range of UART1.
FixesARM-software/tf-issues#560
Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>
Joel Hutton
Michalis Pappas
Lin Huang
Dan Handley
Wang Feng
David Cunado
Jonathan Wright
Dimitris Papastamos
Soby Mathew
Michael Brandl
Antonio Nino Diaz
Haojian Zhuang
Arve Hjønnevåg
Lionel Debieve
Amit Daniel Kachhap
Heyi Guo