ASM_ASSERT failure and panic messages are suppressed at present. This
patch enables printing the PC location for panic messages, and file name
and line number upon assembly assert failure.
Change-Id: I80cb715988e7ce766f64da1e1d7065a74a096a0c
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Various CPU drivers in ARM Trusted Firmware register functions to handle
power-down operations. At present, separate functions are registered to
power down individual cores and clusters.
This scheme operates on the basis of core and cluster, and doesn't cater
for extending the hierarchy for power-down operations. For example,
future CPUs might support multiple threads which might need powering
down individually.
This patch therefore reworks the CPU operations framework to allow for
registering power down handlers on specific level basis. Henceforth:
- Generic code invokes CPU power down operations by the level
required.
- CPU drivers explicitly mention CPU_NO_RESET_FUNC when the CPU has no
reset function.
- CPU drivers register power down handlers as a list: a mandatory
handler for level 0, and optional handlers for higher levels.
All existing CPU drivers are adapted to the new CPU operations framework
without needing any functional changes within.
Also update firmware design guide.
Change-Id: I1826842d37a9e60a9e85fdcee7b4b8f6bc1ad043
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The previous code required that a certificate be signed with the ROT
key before the platform's NV counter could be updated with the value
in the certificate. This implies that the Non-Trusted NV counter was
not being updated for Non-Trusted content certificates, as they cannot
be signed with the ROT key in the TBBR CoT scheme.
The code is reworked to only allow updating the platform's Trusted NV
counter when a certificate protected by the Trusted NV counter is
signed with the ROT key.
Content certificates protected by the Non-Trusted NV counter are
allowed to update the platform's Non-Trusted NV counter, assuming
that the certificate value is higher than the platform's value.
A new optional platform API has been introduced, named
plat_set_nv_ctr2(). Platforms may choose to implement it and perform
additional checks based on the authentication image descriptor before
modifying the NV counters. A default weak implementation is available
that just calls into plat_set_nv_ctr().
FixesARM-software/tf-issues#426
Change-Id: I4fc978fd28a3007bc0cef972ff1f69ad0413b79c
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
As with other ARM platform GIC APIs, these directly invoke the GICv3
driver APIs for Redistributor power management.
For the sake of uniform GIC API, empty stubs are placed for those GIC
drivers that lack Redistributor component.
Change-Id: Iad0d760d4dbca790998f7768cda621ff3b15a864
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Some GICv3 implementations have provision for power management
operations at Redistributor level. This patch introduces and provides
place-holders for Redistributor power management. The default
implementations are empty stubs, but are weakly bound so as to enable
implementation-specific drivers to override them.
Change-Id: I4fec1358693d3603ca5dce242a2f7f0e730516d8
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch enables TRUSTED_BOARD_BOOT (Authentication and FWU)
support, for AArch64, when LOAD_IMAGE_V2 is enabled.
This patch also enables LOAD_IMAGE_V2 for ARM platforms.
Change-Id: I294a2eebce7a30b6784c80c9d4ac7752808ee3ad
Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>
Some files have incorrect copyright notices, this patch fixes all
files with deviations from the standard notice.
Change-Id: I66b73e78a50a235acb55f1e2ec2052a42c0570d2
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Testing showed that the time spent in a cluster power down
operation is dominated by cache flushes. Add two more timestamps
in runtime instrumentation to keep track of the time spent
flushing the L1/L2 caches.
Change-Id: I4c5a04e7663543225a85d3c6b271d7b706deffc4
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
The now deprecated ADDR_SPACE_SIZE has been replaced by the two
defines PLAT_PHY_ADDR_SPACE_SIZE and PLAT_VIRT_ADDR_SPACE_SIZE.
Change-Id: I027a2f02f47ab2f679b8979a6dbfb0f08270a1a4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Added the definitions `PLAT_PHY_ADDR_SPACE_SIZE` and
`PLAT_VIRT_ADDR_SPACE_SIZE` which specify respectively the physical
and virtual address space size a platform can use.
`ADDR_SPACE_SIZE` is now deprecated. To maintain compatibility, if any
of the previous defines aren't present, the value of `ADDR_SPACE_SIZE`
will be used instead.
For AArch64, register ID_AA64MMFR0_EL1 is checked to calculate the
max PA supported by the hardware and to verify that the previously
mentioned definition is valid. For AArch32, a 40 bit physical
address space is considered.
Added asserts to check for overflows.
Porting guide updated.
Change-Id: Ie8ce1da5967993f0c94dbd4eb9841fc03d5ef8d6
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Each translation table level entry can only map a given virtual
address onto physical addresses of the same granularity. For example,
with the current configuration, a level 2 entry maps blocks of 2 MB,
so the physical address must be aligned to 2 MB. If the address is not
aligned, the MMU will just ignore the lower bits.
This patch adds an assertion to make sure that physical addresses are
always aligned to the correct boundary.
Change-Id: I0ab43df71829d45cdbe323301b3053e08ca99c2c
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The AArch32 Procedure call Standard mandates that the stack must be aligned
to 8 byte boundary at external interfaces. This patch does the required
changes.
This problem was detected when a crash was encountered in
`psci_print_power_domain_map()` while printing 64 bit values. Aligning
the stack to 8 byte boundary resolved the problem.
FixesARM-Software/tf-issues#437
Change-Id: I517bd8203601bb88e9311bd36d477fb7b3efb292
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The capabilities exposed by the PSCI generic layer depends on the hooks
populated by the platform in `plat_arm_psci_pm_ops`. Currently ARM
Standard platforms statically define this structure. However, some
platforms may want to modify the hooks at runtime before registering
them with the generic layer.
This patch introduces a new ARM platform layer API
`plat_arm_psci_override_pm_ops` which allows the platform to probe
the power controller and modify `plat_arm_psci_pm_ops` if required.
Consequently, 'plat_arm_psci_pm_ops' is no longer qualified as
`const` on ARM Standard platforms.
Change-Id: I7dbb44b7bd36c20ec14ded5ee45a96816ca2ab9d
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch introduces an additional layer of abstraction between
CSS power management hooks and the SCPI driver. A new set of APIs
are introduced in order to abstract out power management operations
from underlying communication mechanism with the SCP.
The SCPI and the associated MHU drivers are moved into a `drivers`
folder in CSS. The new SCP communication abstraction layer is added
in the `drivers/scp` folder. The existing CSS power management
uses the new APIs to reflect this abstraction.
Change-Id: I7d775129fc0558e9703c2724523fb8f0a916838c
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
There are many instances in ARM Trusted Firmware where control is
transferred to functions from which return isn't expected. Such jumps
are made using 'bl' instruction to provide the callee with the location
from which it was jumped to. Additionally, debuggers infer the caller by
examining where 'lr' register points to. If a 'bl' of the nature
described above falls at the end of an assembly function, 'lr' will be
left pointing to a location outside of the function range. This misleads
the debugger back trace.
This patch defines a 'no_ret' macro to be used when jumping to functions
from which return isn't expected. The macro ensures to use 'bl'
instruction for the jump, and also, for debug builds, places a 'nop'
instruction immediately thereafter (unless instructed otherwise) so as
to leave 'lr' pointing within the function range.
Change-Id: Ib34c69fc09197cfd57bc06e147cc8252910e01b0
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch resets EL2 and EL3 registers that have architecturally
UNKNOWN values on reset and that also provide EL2/EL3 configuration
and trap controls.
Specifically, the EL2 physical timer is disabled to prevent timer
interrups into EL2 - CNTHP_CTL_EL2 and CNTHP_CTL for AArch64 and AArch32,
respectively.
Additionally, for AArch64, HSTR_EL2 is reset to avoid unexpected traps of
non-secure access to certain system registers at EL1 or lower.
For AArch32, the patch also reverts the reset to SDCR which was
incorrectly added in a previous change.
Change-Id: If00eaa23afa7dd36a922265194ccd6223187414f
Signed-off-by: David Cunado <david.cunado@arm.com>
C99 restricts bitfields type is signed and unsigned integer or _Bool.
See section 6.7.2.1 Structure and union specifiers.
"A bit-field shall have a type that is a qualified or unqualified version
of _Bool, signed int, unsigned int, or some other implementation-defined type."
Since the compiler packs bitfields anyways, actual data layout in the structure is unaffected.
Signed-off-by: Alex Nemirovsky <alex.nemirovsky@cortina-access.com>
This patch makes following miscellaneous fixes:
* pl011_console.S: Fixed the bit mask used to check if the
transmit FIFO is full or empty.
* smcc_macros.S: Added `_fsxc` suffix while updating the SPSR.
By default the assembler assumes `_fc` suffix which does not
update all the fields in SPSR. By adding `_fsxc` suffix all
the fields gets updated.
* platform_helpers.S: Removed the weak definition for
`plat_my_core_pos()` as this is a mandatory function which
needs to be defined by all platforms.
Change-Id: I8302292533c943686fff8d7c749a07132c052a3b
Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>
This allows the debugger to print the callstack when there is an
assembly function in the callstack.
It will work as long as the CFA pointer (frame pointer) location is not
modified (i.e. x29 is not touched in AArch64 state). It is the case in
almost all assembly functions, so this patch improves the average
debugging experience. Call stacks from the debugger should still be
interpreted with care. In more complex functions, one could use .cfi*
directives to inform the debugger about the new location of the CFA
pointer.
Change-Id: I9dabfbc033b45e8528e67f4823c17de7bf02fa24
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
In order to avoid unexpected traps into EL3/MON mode, this patch
resets the debug registers, MDCR_EL3 and MDCR_EL2 for AArch64,
and SDCR and HDCR for AArch32.
MDCR_EL3/SDCR is zero'ed when EL3/MON mode is entered, at the
start of BL1 and BL31/SMP_MIN.
For MDCR_EL2/HDCR, this patch zero's the bits that are
architecturally UNKNOWN values on reset. This is done when
exiting from EL3/MON mode but only on platforms that support
EL2/HYP mode but choose to exit to EL1/SVC mode.
FixesARM-software/tf-issues#430
Change-Id: Idb992232163c072faa08892251b5626ae4c3a5b6
Signed-off-by: David Cunado <david.cunado@arm.com>
The values of CP15BEN, nTWI & nTWE bits in SCTLR_EL1 are architecturally
unknown if EL3 is AARCH64 whereas they reset to 1 if EL3 is AArch32. This
might be a compatibility break for legacy AArch32 normal world software if
these bits are not set to 1 when EL3 is AArch64. This patch enables the
CP15BEN, nTWI and nTWE bits in the SCTLR_EL1 if the lower non-secure EL is
AArch32. This unifies the SCTLR settings for lower non-secure EL in AArch32
mode for both AArch64 and AArch32 builds of Trusted Firmware.
FixesARM-software/tf-issues#428
Change-Id: I3152d1580e4869c0ea745c5bd9da765f9c254947
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This include provides nothing useful for TF and prevents building
the fiptool using musl libc[0].
[0] https://www.musl-libc.org/
Change-Id: Ied35e16b9ea2b40213433f2a8185dddc59077884
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
In order to quantify the overall time spent in the PSCI software
implementation, an initial collection of PMF instrumentation points
has been added.
Instrumentation has been added to the following code paths:
- Entry to PSCI SMC handler. The timestamp is captured as early
as possible during the runtime exception and stored in memory
before entering the PSCI SMC handler.
- Exit from PSCI SMC handler. The timestamp is captured after
normal return from the PSCI SMC handler or if a low power state
was requested it is captured in the bl31 warm boot path before
return to normal world.
- Entry to low power state. The timestamp is captured before entry
to a low power state which implies either standby or power down.
As these power states are mutually exclusive, only one timestamp
is defined to describe both. It is possible to differentiate between
the two power states using the PSCI STAT interface.
- Exit from low power state. The timestamp is captured after a standby
or power up operation has completed.
To calculate the number of cycles spent running code in Trusted Firmware
one can perform the following calculation:
(exit_psci - enter_psci) - (exit_low_pwr - enter_low_pwr).
The resulting number of cycles can be converted to time given the
frequency of the counter.
Change-Id: Ie3b8f3d16409b6703747093b3a2d5c7429ad0166
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
This patch adds ARM SiP service for use by ARM standard platforms.
This service is added to support the SMC interface for the Performance
measurement framework(PMF).
Change-Id: I26f5712f9ab54f5f721dd4781e35a16f40aacc44
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
At present the `el3_entrypoint_common` macro uses `memcpy`
function defined in lib/stdlib/mem.c file, to copy data
from ROM to RAM for BL1. Depending on the compiler being
used the stack could potentially be used, in `memcpy`,
for storing the local variables. Since the stack is
initialized much later in `el3_entrypoint_common` it
may result in unknown behaviour.
This patch adds `memcpy4` function definition in assembly so
that it can be used before the stack is initialized and it
also replaces `memcpy` by `memcpy4` in `el3_entrypoint_common`
macro, to copy data from ROM to RAM for BL1.
Change-Id: I3357a0e8095f05f71bbbf0b185585d9499bfd5e0
This patch moves the invocation of `psci_setup()` from BL31 and SP_MIN
into `std_svc_setup()` as part of ARM Standard Service initialization.
This allows us to consolidate ARM Standard Service initializations which
will be added to in the future. A new function `get_arm_std_svc_args()`
is introduced to get arguments corresponding to each standard service.
This function must be implemented by the EL3 Runtime Firmware and both
SP_MIN and BL31 implement it.
Change-Id: I38e1b644f797fa4089b20574bd4a10f0419de184
This patch introduces a `psci_lib_args_t` structure which must be
passed into `psci_setup()` which is then used to initialize the PSCI
library. The `psci_lib_args_t` is a versioned structure so as to enable
compatibility checks during library initialization. Both BL31 and SP_MIN
are modified to use the new structure.
SP_MIN is also modified to add version string and build message as part
of its cold boot log just like the other BLs in Trusted Firmware.
NOTE: Please be aware that this patch modifies the prototype of
`psci_setup()`, which breaks compatibility with EL3 Runtime Firmware
(excluding BL31 and SP_MIN) integrated with the PSCI Library.
Change-Id: Ic3761db0b790760a7ad664d8a437c72ea5edbcd6
This patch adds ARM Cortex-A32 MPCore Processor support
in the CPU specific operations framework. It also includes
this support for the Base FVP port.
Change-Id: If3697b88678df737c29f79cf3fa1ea2cb6fa565d
This patch adds support in SP_MIN to receive generic and
platform specific arguments from BL2.
The new signature is as following:
void sp_min_early_platform_setup(void *from_bl2,
void *plat_params_from_bl2);
ARM platforms have been modified to use this support.
Note: Platforms may break if using old signature.
Default value for RESET_TO_SP_MIN is changed to 0.
Change-Id: I008d4b09fd3803c7b6231587ebf02a047bdba8d0
This patch adds generic changes in BL1 to support AArch32 state.
New AArch32 specific assembly/C files are introduced and
some files are moved to AArch32/64 specific folders.
BL1 for AArch64 is refactored but functionally identical.
BL1 executes in Secure Monitor mode in AArch32 state.
NOTE: BL1 in AArch32 state ONLY handles BL1_RUN_IMAGE SMC.
Change-Id: I6e2296374c7efbf3cf2aa1a0ce8de0732d8c98a5
This patch adds common changes to support AArch32 state in
BL1 and BL2. Following are the changes:
* Added functions for disabling MMU from Secure state.
* Added AArch32 specific SMC function.
* Added semihosting support.
* Added reporting of unhandled exceptions.
* Added uniprocessor stack support.
* Added `el3_entrypoint_common` macro that can be
shared by BL1 and BL32 (SP_MIN) BL stages. The
`el3_entrypoint_common` is similar to the AArch64
counterpart with the main difference in the assembly
instructions and the registers that are relevant to
AArch32 execution state.
* Enabled `LOAD_IMAGE_V2` flag in Makefile for
`ARCH=aarch32` and added check to make sure that
platform has not overridden to disable it.
Change-Id: I33c6d8dfefb2e5d142fdfd06a0f4a7332962e1a3
This patch adds changes in ARM platform code to use new
version of image loading.
Following are the major changes:
-Refactor the signatures for bl31_early_platform_setup()
and arm_bl31_early_platform_setup() function to use
`void *` instead of `bl31_params_t *`.
-Introduce `plat_arm_bl2_handle_scp_bl2()` to handle
loading of SCP_BL2 image from BL2.
-Remove usage of reserve_mem() function from
`arm_bl1_early_platform_setup()`
-Extract BL32 & BL33 entrypoint info, from the link list
passed by BL2, in `arm_bl31_early_platform_setup()`
-Provides weak definitions for following platform functions:
plat_get_bl_image_load_info
plat_get_next_bl_params
plat_flush_next_bl_params
bl2_plat_handle_post_image_load
-Instantiates a descriptor array for ARM platforms
describing image and entrypoint information for
`SCP_BL2`, `BL31`, `BL32` and `BL33` images.
All the above changes are conditionally compiled using the
`LOAD_IMAGE_V2` flag.
Change-Id: I5e88b9785a3df1a2b2bbbb37d85b8e353ca61049
This patch adds changes in BL1 & BL2 to use new version
of image loading to load the BL images.
Following are the changes in BL1:
-Use new version of load_auth_image() to load BL2
-Modified `bl1_init_bl2_mem_layout()` to remove using
`reserve_mem()` and to calculate `bl2_mem_layout`.
`bl2_mem_layout` calculation now assumes that BL1 RW
data is at the top of the bl1_mem_layout, which is more
restrictive than the previous BL1 behaviour.
Following are the changes in BL2:
-The `bl2_main.c` is refactored and all the functions
for loading BLxx images are now moved to `bl2_image_load.c`
`bl2_main.c` now calls a top level `bl2_load_images()` to
load all the images that are applicable in BL2.
-Added new file `bl2_image_load_v2.c` that uses new version
of image loading to load the BL images in BL2.
All the above changes are conditionally compiled using the
`LOAD_IMAGE_V2` flag.
Change-Id: Ic6dcde5a484495bdc05526d9121c59fa50c1bf23
This patch adds capability to load BL images based on image
descriptors instead of hard coded way of loading BL images.
This framework is designed such that it can be readily adapted
by any BL stage that needs to load images.
In order to provide the above capability the following new
platform functions are introduced:
bl_load_info_t *plat_get_bl_image_load_info(void);
This function returns pointer to the list of images that the
platform has populated to load.
bl_params_t *plat_get_next_bl_params(void);
This function returns a pointer to the shared memory that the
platform has kept aside to pass trusted firmware related
information that next BL image needs.
void plat_flush_next_bl_params(void);
This function flushes to main memory all the params that
are passed to next image.
int bl2_plat_handle_post_image_load(unsigned int image_id)
This function can be used by the platforms to update/use
image information for given `image_id`.
`desc_image_load.c` contains utility functions which can be used
by the platforms to generate, load and executable, image list
based on the registered image descriptors.
This patch also adds new version of `load_image/load_auth_image`
functions in-order to achieve the above capability.
Following are the changes for the new version as compared to old:
- Refactor the signature and only keep image_id and image_info_t
arguments. Removed image_base argument as it is already passed
through image_info_t. Given that the BL image base addresses and
limit/size are already provided by the platforms, the meminfo_t
and entry_point_info arguments are not needed to provide/reserve
the extent of free memory for the given BL image.
- Added check for the image size against the defined max size.
This is needed because the image size could come from an
unauthenticated source (e.g. the FIP header).
To make this check, new member is added to the image_info_t
struct for identifying the image maximum size.
New flag `LOAD_IMAGE_V2` is added in the Makefile.
Default value is 0.
NOTE: `TRUSTED_BOARD_BOOT` is currently not supported when
`LOAD_IMAGE_V2` is enabled.
Change-Id: Ia7b643f4817a170d5a2fbf479b9bc12e63112e79
This patch implements CSS platform hook to support NODE_HW_STATE PSCI
API. The platform hook queries SCP to obtain CSS power state. Power
states returned by SCP are then converted to expected PSCI return codes.
Juno's PSCI operation structure is modified to use the CSS
implementation.
Change-Id: I4a5edac0e5895dd77b51398cbd78f934831dafc0
This patch adds support for NODE_HW_STATE PSCI API by introducing a new
PSCI platform hook (get_node_hw_state). The implementation validates
supplied arguments, and then invokes this platform-defined hook and
returns its result to the caller. PSCI capabilities are updated
accordingly.
Also updates porting and firmware design guides.
Change-Id: I808e55bdf0c157002a7c104b875779fe50a68a30
This patch adds a couple of missing forward declarations in plat_arm.h
so that all types it references are known within this header file,
without relying on previous header inclusions. This concerns the
meminfo and bl31_params structures, which are defined in bl_common.h.
Other external types referenced from plat_arm.h (e.g. mmap_region_t)
get declared through header files included by arm_plat.h so they
don't need forward declarations.
Change-Id: I471d5aa487919aff3fa979fc65e053f4f5b0ef32
Commit e8719552a2 removed some definitions related to translation
tables from the xlat_tables.h header file, based on the assumption
that they weren't used by any platform. These are actually used by
some partners so this patch restores them.
FixesARM-software/tf-issues#425
Change-Id: Idafa5f00bb0bd9c2847b5ae6541cf8db93c7b89a
When using more than a single service in PMF, it is necessary that the
per-service timestamps begin on a cache line boundary. Previously it
was possible that two services shared a cache line for their
timestamps. This made it difficult to reason about cache maintenance
operations within a single service and required a global understanding
of how all services operate.
Change-Id: Iacaae5154a7e19ad4107468e56df9ad082ee371c
Given the service name and timestamp id, this assembler macro
calculates the offset into a memory region where the per-cpu timestamp
value is located.
Change-Id: I47f6dfa2a17be182675e2ca0489d6eed42433209
More headers will be needed soon so better to move these to their own
directory to avoid cluttering include/lib.
Change-Id: I6a72dc5b602d6f51954cf60aadd1beb52a268670
Instead of hardcoding a level 1 table as the base translation level
table, let the code decide which level is the most appropriate given
the virtual address space size.
As the table granularity is 4 KB, this allows the code to select
level 0, 1 or 2 as base level for AArch64. This way, instead of
limiting the virtual address space width to 39-31 bits, widths of
48-25 bit can be used.
For AArch32, this change allows the code to select level 1 or 2
as the base translation level table and use virtual address space
width of 32-25 bits.
Also removed some unused definitions related to translation tables.
FixesARM-software/tf-issues#362
Change-Id: Ie3bb5d6d1a4730a26700b09827c79f37ca3cdb65
Support CMD23. When CMD23 is used, CMD12 could be avoided.
Two scenarios:
1. CMD17 for single block, CMD18 + CMD12 for multiple blocks.
2. CMD23 + CMD18 for both single block and multiple blocks.
The emmc_init() should initialize whether CMD23 is supported
or not.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
This patch implements the support for SP_MIN in FVP. The SP_MIN platform
APIs are implemented and the required makefile support is added for FVP.
Change-Id: Id50bd6093eccbd5e38894e3fd2b20d5baeac5452
This patch adds AArch32 support for FVP and implements common platform APIs
like `plat_get_my_stack`, `plat_set_my_stack`, `plat_my_core_cos` for AArch32.
Only Multi Processor(MP) implementations of these functions are considered in
this patch. The ARM Standard platform layer helpers are implemented for
AArch32 and the common makefiles are modified to cater for both AArch64 and
AArch32 builds. Compatibility with the deprecated platform API is not
supported for AArch32.
Change-Id: Iad228400613eec91abf731b49e21a15bcf2833ea
This patch adds a minimal AArch32 secure payload SP_MIN. It relies on PSCI
library to initialize the normal world context. It runs in Monitor mode
and uses the runtime service framework to handle SMCs. It is added as
a BL32 component in the Trusted Firmware source tree.
Change-Id: Icc04fa6b242025a769c1f6c7022fde19459c43e9
This patch adds AArch32 support to PSCI library, as follows :
* The `psci_helpers.S` is implemented for AArch32.
* AArch32 version of internal helper function `psci_get_ns_ep_info()` is
defined.
* The PSCI Library is responsible for the Non Secure context initialization.
Hence a library interface `psci_prepare_next_non_secure_ctx()` is introduced
to enable EL3 runtime firmware to initialize the non secure context without
invoking context management library APIs.
Change-Id: I25595b0cc2dbfdf39dbf7c589b875cba33317b9d
This patch adds AArch32 support to cpu ops, context management,
per-cpu data and spinlock libraries. The `entrypoint_info`
structure is modified to add support for AArch32 register
arguments. The CPU operations for AEM generic cpu in AArch32
mode is also added.
Change-Id: I1e52e79f498661d8f31f1e7b3a29e222bc7a4483
This patch defines a SMCC context to save and restore
registers during a SMC call. It also adds appropriate helpers
to save and restore from this context for use by AArch32
secure payload and BL stages.
Change-Id: I64c8d6fe1d6cac22e1f1f39ea1b54ee1b1b72248
This patch adds an API in runtime service framework to
invoke the registered handler corresponding to the SMC function
identifier. This is helpful for AArch32 because the number of
arguments required by the handler is more than registers
available as per AArch32 program calling conventions and
requires the use of stack. Hence this new API will do the
necessary argument setup and invoke the appropriate
handler. Although this API is primarily intended for AArch32,
it can be used for AArch64 as well.
Change-Id: Iefa15947fe5a1df55b0859886e677446a0fd7241
This patch adds translation library supports for AArch32 platforms.
The library only supports long descriptor formats for AArch32.
The `enable_mmu_secure()` enables the MMU for secure world with
`TTBR0` pointing to the populated translation tables.
Change-Id: I061345b1779391d098e35e7fe0c76e3ebf850e08
This patch adds various assembly helpers for AArch32 like :
* cache management : Functions to flush, invalidate and clean
cache by MVA. Also helpers to do cache operations by set-way
are also added.
* stack management: Macros to declare stack and get the current
stack corresponding to current CPU.
* Misc: Macros to access co processor registers in AArch32,
macros to define functions in assembly, assert macros, generic
`do_panic()` implementation and function to zero block of memory.
Change-Id: I7b78ca3f922c0eda39beb9786b7150e9193425be
This patch adds the essential AArch32 architecture helpers
arch.h and arch_helpers.h and modifies `_types.h` to add AArch32
support.
A new build option `ARCH` is defined in the top level makefile to
enable the component makefiles to choose the right files based on the
Architecture it is being build for. Depending on this flag, either
`AARCH32` or `AARCH64` flag is defined by the Makefile. The default
value of `ARCH` flag is `aarch64`. The AArch32 build support will be
added in a later patch.
Change-Id: I405e5fac02db828a55cd25989b572b64cb005241
This patch moves the macro SIZE_FROM_LOG2_WORDS() defined in
`arch.h` to `utils.h` as it is utility macro.
Change-Id: Ia8171a226978f053a1ee4037f80142c0a4d21430
This patch fixes the offset of GICD_IROUTER register defined in gicv3.h.
Although the GICv3 documention mentions that the offset for this register
is 0x6100-0x7FD8, the offset calculation for an interrupt id `n` is :
0x6000 + 8n, where n >= 32
This requires the offset for GICD_IROUTER to be defined as 0x6000.
FixesARM-software/tf-issues#410
Change-Id: If9e91e30d946afe7f1f60fea4f065c7567093fa8
This patch adds some runtime checks to prevent some potential
pointer overflow issues in the is_mem_free() function. The overflow
could happen in the case where the end addresses, computed as the
sum of a base address and a size, results in a value large enough
to wrap around. This, in turn, could lead to unpredictable behaviour.
If such an overflow is detected, the is_mem_free() function will now
declare the memory region as not free. The overflow is detected using
a new macro, called check_uptr_overflow().
This patch also modifies all other places in the 'bl_common.c' file
where an end address was computed as the sum of a base address and a
size and instead keeps the two values separate. This avoids the need
to handle pointer overflows everywhere. The code doesn't actually need
to compute any end address before the is_mem_free() function is called
other than to print information message to the serial output.
This patch also introduces 2 slight changes to the reserve_mem()
function:
- It fixes the end addresses passed to choose_mem_pos(). It was
incorrectly passing (base + size) instead of (base + size - 1).
- When the requested allocation size is 0, the function now exits
straight away and says so using a warning message.
Previously, it used to actually reserve some memory. A zero-byte
allocation was not considered as a special case so the function
was using the same top/bottom allocation mechanism as for any
other allocation. As a result, the smallest area of memory starting
from the requested base address within the free region was
reserved.
Change-Id: I0e695f961e24e56ffe000718014e0496dc6e1ec6
Compile option `ARM_BOARD_OPTIMISE_MMAP` has been renamed to
`ARM_BOARD_OPTIMISE_MEM` because it now applies not only to defines
related to the translation tables but to the image size as well.
The defines `PLAT_ARM_MAX_BL1_RW_SIZE`, `PLAT_ARM_MAX_BL2_SIZE` and
`PLAT_ARM_MAX_BL31_SIZE` have been moved to the file board_arm_def.h.
This way, ARM platforms no longer have to set their own values if
`ARM_BOARD_OPTIMISE_MEM=0` and they can specify optimized values
otherwise. The common sizes have been set to the highest values used
for any of the current build configurations.
This is needed because in some build configurations some images are
running out of space. This way there is a common set of values known
to work for all of them and it can be optimized for each particular
platform if needed.
The space reserved for BL2 when `TRUSTED_BOARD_BOOT=0` has been
increased. This is needed because when memory optimisations are
disabled the values for Juno of `PLAT_ARM_MMAP_ENTRIES` and
`MAX_XLAT_TABLES` are higher. If in this situation the code is
compiled in debug mode and with "-O0", the code won't fit.
Change-Id: I70a3d8d3a0b0cad1d6b602c01a7ea334776e718e
This patch moves assembler macros which are not architecture specific
to a new file `asm_macros_common.S` and moves the `el3_common_macros.S`
into `aarch64` specific folder.
Change-Id: I444a1ee3346597bf26a8b827480cd9640b38c826
This patch introduces the PSCI Library interface. The major changes
introduced are as follows:
* Earlier BL31 was responsible for Architectural initialization during cold
boot via bl31_arch_setup() whereas PSCI was responsible for the same during
warm boot. This functionality is now consolidated by the PSCI library
and it does Architectural initialization via psci_arch_setup() during both
cold and warm boots.
* Earlier the warm boot entry point was always `psci_entrypoint()`. This was
not flexible enough as a library interface. Now PSCI expects the runtime
firmware to provide the entry point via `psci_setup()`. A new function
`bl31_warm_entrypoint` is introduced in BL31 and the previous
`psci_entrypoint()` is deprecated.
* The `smc_helpers.h` is reorganized to separate the SMC Calling Convention
defines from the Trusted Firmware SMC helpers. The former is now in a new
header file `smcc.h` and the SMC helpers are moved to Architecture specific
header.
* The CPU context is used by PSCI for context initialization and
restoration after power down (PSCI Context). It is also used by BL31 for SMC
handling and context management during Normal-Secure world switch (SMC
Context). The `psci_smc_handler()` interface is redefined to not use SMC
helper macros thus enabling to decouple the PSCI context from EL3 runtime
firmware SMC context. This enables PSCI to be integrated with other runtime
firmware using a different SMC context.
NOTE: With this patch the architectural setup done in `bl31_arch_setup()`
is done as part of `psci_setup()` and hence `bl31_platform_setup()` will be
invoked prior to architectural setup. It is highly unlikely that the platform
setup will depend on architectural setup and cause any failure. Please be
be aware of this change in sequence.
Change-Id: I7f497a08d33be234bbb822c28146250cb20dab73
This patch moves the PSCI services and BL31 frameworks like context
management and per-cpu data into new library components `PSCI` and
`el3_runtime` respectively. This enables PSCI to be built independently from
BL31. A new `psci_lib.mk` makefile is introduced which adds the relevant
PSCI library sources and gets included by `bl31.mk`. Other changes which
are done as part of this patch are:
* The runtime services framework is now moved to the `common/` folder to
enable reuse.
* The `asm_macros.S` and `assert_macros.S` helpers are moved to architecture
specific folder.
* The `plat_psci_common.c` is moved from the `plat/common/aarch64/` folder
to `plat/common` folder. The original file location now has a stub which
just includes the file from new location to maintain platform compatibility.
Most of the changes wouldn't affect platform builds as they just involve
changes to the generic bl1.mk and bl31.mk makefiles.
NOTE: THE `plat_psci_common.c` FILE HAS MOVED LOCATION AND THE STUB FILE AT
THE ORIGINAL LOCATION IS NOW DEPRECATED. PLATFORMS SHOULD MODIFY THEIR
MAKEFILES TO INCLUDE THE FILE FROM THE NEW LOCATION.
Change-Id: I6bd87d5b59424995c6a65ef8076d4fda91ad5e86
This patch fixes some coding guideline warnings reported by the checkpatch
script. Only files related to upcoming feature development have been fixed.
Change-Id: I26fbce75c02ed62f00493ed6c106fe7c863ddbc5
This patch reworks type usage in generic code, drivers and ARM platform files
to make it more portable. The major changes done with respect to
type usage are as listed below:
* Use uintptr_t for storing address instead of uint64_t or unsigned long.
* Review usage of unsigned long as it can no longer be assumed to be 64 bit.
* Use u_register_t for register values whose width varies depending on
whether AArch64 or AArch32.
* Use generic C types where-ever possible.
In addition to the above changes, this patch also modifies format specifiers
in print invocations so that they are AArch64/AArch32 agnostic. Only files
related to upcoming feature development have been reworked.
Change-Id: I9f8c78347c5a52ba7027ff389791f1dad63ee5f8
This patch adds cpumerrsr_el1 and l2merrsr_el1 to the register dump on
error for applicable CPUs.
These registers hold the ECC errors on L1 and L2 caches.
This patch updates the A53, A57, A72, A73 (l2merrsr_el1 only) CPU libraries.
Signed-off-by: Naga Sureshkumar Relli <nagasure@xilinx.com>
On ARM CSS platforms, the whole flash used to be mapped as executable.
This is not required, given that the flash is used to store the BL1
and FIP images and:
- The FIP is not executed in place, its images are copied to RAM
and executed from there.
- BL1 is executed in place from flash but only its code needs to be
mapped as executable and platform code takes care of re-mapping
BL1's read-only section as executable.
Therefore, this patch now maps the flash as non-executable by default
on these platforms. This increases security by restricting the
executable region to what is strictly needed.
This patch also adds some comments to clarify the memory mapping
attributes on these platforms.
Change-Id: I4db3c145508bea1f43fbe0f6dcd551e1aec1ecd3
The arm_setup_page_tables() function used to expect a single set of
addresses defining the extents of the whole read-only section, code
and read-only data mixed up, which was mapped as executable.
This patch changes this behaviour. arm_setup_page_tables() now
expects 2 separate sets of addresses:
- the extents of the code section;
- the extents of the read-only data section.
The code is mapped as executable, whereas the data is mapped as
execute-never. New #defines have been introduced to identify the
extents of the code and the read-only data section. Given that
all BL images except BL1 share the same memory layout and linker
script structure, these #defines are common across these images.
The slight memory layout differences in BL1 have been handled by
providing values specific to BL1.
Note that this patch also affects the Xilinx platform port, which
uses the arm_setup_page_tables() function. It has been updated
accordingly, such that the memory mappings on this platform are
unchanged. This is achieved by passing null values as the extents
of the read-only data section so that it is ignored. As a result,
the whole read-only section is still mapped as executable.
FixesARM-software/tf-issues#85
Change-Id: I1f95865c53ce6e253a01286ff56e0aa1161abac5
At the moment, all BL images share a similar memory layout: they start
with their code section, followed by their read-only data section.
The two sections are contiguous in memory. Therefore, the end of the
code section and the beginning of the read-only data one might share
a memory page. This forces both to be mapped with the same memory
attributes. As the code needs to be executable, this means that the
read-only data stored on the same memory page as the code are
executable as well. This could potentially be exploited as part of
a security attack.
This patch introduces a new build flag called
SEPARATE_CODE_AND_RODATA, which isolates the code and read-only data
on separate memory pages. This in turn allows independent control of
the access permissions for the code and read-only data.
This has an impact on memory footprint, as padding bytes need to be
introduced between the code and read-only data to ensure the
segragation of the two. To limit the memory cost, the memory layout
of the read-only section has been changed in this case.
- When SEPARATE_CODE_AND_RODATA=0, the layout is unchanged, i.e.
the read-only section still looks like this (padding omitted):
| ... |
+-------------------+
| Exception vectors |
+-------------------+
| Read-only data |
+-------------------+
| Code |
+-------------------+ BLx_BASE
In this case, the linker script provides the limits of the whole
read-only section.
- When SEPARATE_CODE_AND_RODATA=1, the exception vectors and
read-only data are swapped, such that the code and exception
vectors are contiguous, followed by the read-only data. This
gives the following new layout (padding omitted):
| ... |
+-------------------+
| Read-only data |
+-------------------+
| Exception vectors |
+-------------------+
| Code |
+-------------------+ BLx_BASE
In this case, the linker script now exports 2 sets of addresses
instead: the limits of the code and the limits of the read-only
data. Refer to the Firmware Design guide for more details. This
provides platform code with a finer-grained view of the image
layout and allows it to map these 2 regions with the appropriate
access permissions.
Note that SEPARATE_CODE_AND_RODATA applies to all BL images.
Change-Id: I936cf80164f6b66b6ad52b8edacadc532c935a49
This patch introduces the round_up() and round_down() macros,
which round up (respectively down) a value to a given boundary.
The boundary must be a power of two.
Change-Id: I589dd1074aeb5ec730dd523b4ebf098d55a7e967
This patch introduces a new header file: include/lib/utils.h.
Its purpose is to provide generic macros and helper functions that
are independent of any BL image, architecture, platform and even
not specific to Trusted Firmware.
For now, it contains only 2 macros: ARRAY_SIZE() and
IS_POWER_OF_TWO(). These were previously defined in bl_common.h and
xlat_tables.c respectively.
bl_common.h includes utils.h to retain compatibility for platforms
that relied on bl_common.h for the ARRAY_SIZE() macro. Upstream
platform ports that use this macro have been updated to include
utils.h.
Change-Id: I960450f54134f25d1710bfbdc4184f12c049a9a9
This patch introduces the MT_EXECUTE/MT_EXECUTE_NEVER memory mapping
attributes in the translation table library to specify the
access permissions for instruction execution of a memory region.
These new attributes should be used only for normal, read-only
memory regions. For other types of memory, the translation table
library still enforces the following rules, regardless of the
MT_EXECUTE/MT_EXECUTE_NEVER attribute:
- Device memory is always marked as execute-never.
- Read-write normal memory is always marked as execute-never.
Change-Id: I8bd27800a8c1d8ac1559910caf4a4840cf25b8b0
This patch introduces the arm_setup_page_tables() function to
set up page tables on ARM platforms. It replaces the
arm_configure_mmu_elx() functions and does the same thing except
that it doesn't enable the MMU at the end. The idea is to reduce
the amount of per-EL code that is generated by the C preprocessor
by splitting the memory regions definitions and page tables creation
(which is generic) from the MMU enablement (which is the only per-EL
configuration).
As a consequence, the call to the enable_mmu_elx() function has been
moved up into the plat_arch_setup() hook. Any other ARM standard
platforms that use the functions `arm_configure_mmu_elx()` must be
updated.
Change-Id: I6f12a20ce4e5187b3849a8574aac841a136de83d
The per-cpu stacks should be aligned to the cache-line size and
the `declare_stack` helper in asm_macros.S macro assumed a
cache-line size of 64 bytes. The platform defines the cache-line
size via CACHE_WRITEBACK_GRANULE macro. This patch modifies
`declare_stack` helper macro to derive stack alignment from the
platform defined macro.
Change-Id: I1e1b00fc8806ecc88190ed169f4c8d3dd25fe95b
This patch adds following optional PSCI STAT functions:
- PSCI_STAT_RESIDENCY: This call returns the amount of time spent
in power_state in microseconds, by the node represented by the
`target_cpu` and the highest level of `power_state`.
- PSCI_STAT_COUNT: This call returns the number of times a
`power_state` has been used by the node represented by the
`target_cpu` and the highest power level of `power_state`.
These APIs provides residency statistics for power states that has
been used by the platform. They are implemented according to v1.0
of the PSCI specification.
By default this optional feature is disabled in the PSCI
implementation. To enable it, set the boolean flag
`ENABLE_PSCI_STAT` to 1. This also sets `ENABLE_PMF` to 1.
Change-Id: Ie62e9d37d6d416ccb1813acd7f616d1ddd3e8aff
This patch adds Performance Measurement Framework(PMF) in the
ARM Trusted Firmware. PMF is implemented as a library and the
SMC interface is provided through ARM SiP service.
The PMF provides capturing, storing, dumping and retrieving the
time-stamps, by enabling the development of services by different
providers, that can be easily integrated into ARM Trusted Firmware.
The PMF capture and retrieval APIs can also do appropriate cache
maintenance operations to the timestamp memory when the caller
indicates so.
`pmf_main.c` consists of core functions that implement service
registration, initialization, storing, dumping and retrieving
the time-stamp.
`pmf_smc.c` consists SMC handling for registered PMF services.
`pmf.h` consists of the macros that can be used by the PMF service
providers to register service and declare time-stamp functions.
`pmf_helpers.h` consists of internal macros that are used by `pmf.h`
By default this feature is disabled in the ARM trusted firmware.
To enable it set the boolean flag `ENABLE_PMF` to 1.
NOTE: The caller is responsible for specifying the appropriate cache
maintenance flags and for acquiring/releasing appropriate locks
before/after capturing/retrieving the time-stamps.
Change-Id: Ib45219ac07c2a81b9726ef6bd9c190cc55e81854
A production ROM with TBB enabled must have the ability to boot test software
before a real ROTPK is deployed (e.g. manufacturing mode). Previously the
function plat_get_rotpk_info() must return a valid ROTPK for TBB to succeed.
This patch adds an additional bit `ROTPK_NOT_DEPLOYED` in the output `flags`
parameter from plat_get_rotpk_info(). If this bit is set, then the ROTPK
in certificate is used without verifying against the platform value.
FixesARM-software/tf-issues#381
Change-Id: Icbbffab6bff8ed76b72431ee21337f550d8fdbbb
* Move libfdt API headers to include/lib/libfdt
* Add libfdt.mk helper makefile
* Remove unused libfdt files
* Minor changes to fdt.h and libfdt.h to make them C99 compliant
Co-Authored-By: Jens Wiklander <jens.wiklander@linaro.org>
Change-Id: I425842c2b111dcd5fb6908cc698064de4f77220e
* Move stdlib header files from include/stdlib to include/lib/stdlib for
consistency with other library headers.
* Fix checkpatch paths to continue excluding stdlib files.
* Create stdlib.mk to define the stdlib source files and include directories.
* Include stdlib.mk from the top level Makefile.
* Update stdlib header path in the fip_create Makefile.
* Update porting-guide.md with the new paths.
Change-Id: Ia92c2dc572e9efb54a783e306b5ceb2ce24d27fa
The system registers that are saved and restored in CPU context include
AArch32 systems registers like SPSR_ABT, SPSR_UND, SPSR_IRQ, SPSR_FIQ,
DACR32_EL2, IFSR32_EL2 and FPEXC32_EL2. Accessing these registers on an
AArch64-only (i.e. on hardware that does not implement AArch32, or at
least not at EL1 and higher ELs) platform leads to an exception. This patch
introduces the build option `CTX_INCLUDE_AARCH32_REGS` to specify whether to
include these AArch32 systems registers in the cpu context or not. By default
this build option is set to 1 to ensure compatibility. AArch64-only platforms
must set it to 0. A runtime check is added in BL1 and BL31 cold boot path to
verify this.
FixesARM-software/tf-issues#386
Change-Id: I720cdbd7ed7f7d8516635a2ec80d025f478b95ee
As of commit e1ea9290bb, if the attributes of an inner memory region
are different than the outer region, new page tables are generated
regardless of how "restrictive" they are. This patch removes an
out-dated comment still referring to the old priority system based
on which attributes were more restrictive.
Change-Id: Ie7fc1629c90ea91fe50315145f6de2f3995e5e00
This patch adds ARM Cortex-A73 MPCore Processor support
in the CPU specific operations framework. It also includes
this support for the Base FVP port.
Change-Id: I0e26b594f2ec1d28eb815db9810c682e3885716d
On some platform gpio can set/get pull status when input, add these
function so we can set/get gpio pull status when need it. And they are
optional function.
The documentation of the GNU assembler specifies the following about
the .align assembler directive:
"the padding bytes are normally zero. However, on some systems, if
the section is marked as containing code and the fill value is
omitted, the space is filled with no-op instructions."
(see https://sourceware.org/binutils/docs/as/Align.html)
When building Trusted Firmware, the AArch64 GNU assembler uses a
mix of zero bytes and no-op instructions as the padding bytes to
align exception vectors.
This patch mandates to use zero bytes to be stored in the padding
bytes in the exception vectors. In the AArch64 instruction set, no
valid instruction encodes as zero so this effectively inserts
illegal instructions. Should this code end up being executed for
any reason, it would crash immediately. This gives us an extra
protection against misbehaving code at no extra cost.
Change-Id: I4f2abb39d0320ca0f9d467fc5af0cb92ae297351
This patch introduces some assembler macros to simplify the
declaration of the exception vectors. It abstracts the section
the exception code is put into as well as the alignments
constraints mandated by the ARMv8 architecture. For all TF images,
the exception code has been updated to make use of these macros.
This patch also updates some invalid comments in the exception
vector code.
Change-Id: I35737b8f1c8c24b6da89b0a954c8152a4096fa95
This patch adds a new optional platform hook `pwr_domain_pwr_down_wfi()` in
the plat_psci_ops structure. This hook allows the platform to perform platform
specific actions including the wfi invocation to enter powerdown. This hook
is invoked by both psci_do_cpu_off() and psci_cpu_suspend_start() functions.
The porting-guide.md is also updated for the same.
This patch also modifies the `psci_power_down_wfi()` function to invoke
`plat_panic_handler` incase of panic instead of the busy while loop.
FixesARM-Software/tf-issues#375
Change-Id: Iba104469a1445ee8d59fb3a6fdd0a98e7f24dfa3
This patch adds the API `ccn_get_part0_id` to query the PART0 ID from the
PERIPHERAL_ID 0 register in the CCN driver. This ID allows to distinguish
the variant of CCN present on the system and possibly enable dynamic
configuration of the IP based on the variant. Also added an assert in
`ccn_master_to_rn_id_map()` to ensure that the master map bitfield provided
by the platform is within the expected interface id.
Change-Id: I92d2db7bd93a9be8a7fbe72a522cbcba0aba2d0e
Add delay timer implementation based on the system generic counter.
This either uses the platform's implementation of
`plat_get_syscnt_freq()` or explicit clock multiplier/divider values
provided by the platform.
The current implementation of udelay has been modified to avoid
unnecessary calculations while waiting on the loop and to make it
easier to check for overflows.
Change-Id: I9062e1d506dc2f68367fd9289250b93444721732
Added plat_get_syscnt_freq2, which is a 32 bit variant of the 64 bit
plat_get_syscnt_freq. The old one has been flagged as deprecated.
Common code has been updated to use this new version. Porting guide
has been updated.
Change-Id: I9e913544926c418970972bfe7d81ee88b4da837e
Allow to handle cases where some images are pre-loaded (by debugger for
instance) without introducing many switches in files calling load_* functions.
Fixes: arm-software/tf-issues#398
Signed-off-by: Gerald Lejeune <gerald.lejeune@st.com>
In a lot of embedded platforms, eMMC device is the only one storage
device. So loading content from eMMC device is required in ATF.
Create the emmc stack that could co-work with IO block driver.
Support to read/write/erase eMMC blocks on both rpmb and normal
user area. Support to change the IO speed and bus width.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
FIP is accessed as memory-mapped type. eMMC is block device type.
In order to support FIP based on eMMC, add the new io_block layer.
io_block always access eMMC device as block size. And it'll only
copy the required data into buffer in io_block driver. So preparing
an temporary buffer is required.
When use io_block device, MAX_IO_BLOCK_DEVICES should be declared
in platform_def.h. It's used to support multiple block devices.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
This patch moves the definition for `plat_get_syscnt_freq()`
from arm_bl31_setup.c to arm_common.c. This could be useful
in case a delay timer needs to be installed based on the
generic timer in other BLs.
This patch also modifies the return type for this function
from `uint64_t` to `unsigned long long` within ARM and other
platform files.
Change-Id: Iccdfa811948e660d4fdcaae60ad1d700e4eda80d
It is up to the platform to implement the new plat_crash_print_regs macro to
report all relevant platform registers helpful for troubleshooting.
plat_crash_print_regs merges or calls previously defined plat_print_gic_regs
and plat_print_interconnect_regs macros for each existing platforms.
NOTE: THIS COMMIT REQUIRES ALL PLATFORMS THAT ENABLE THE `CRASH_REPORTING`
BUILD FLAG TO MIGRATE TO USE THE NEW `plat_crash_print_regs()` MACRO. BY
DEFAULT, `CRASH_REPORTING` IS ENABLED IN DEBUG BUILDS FOR ALL PLATFORMS.
Fixes: arm-software/tf-issues#373
Signed-off-by: Gerald Lejeune <gerald.lejeune@st.com>
If Trusted Firmware is built with optimizations disabled (-O0), the
linker throws the following error:
undefined reference to 'xxx'
Where 'xxx' is a raw inline function defined in a header file. The
reason is that, with optimizations disabled, GCC may decide to skip
the inlining. If that is the case, an external definition to the
compilation unit must be provided. Because no external definition
is present, the linker throws the error.
This patch fixes the problem by declaring the following inline
functions static, so the internal definition is used:
- cm_set_next_context()
- bakery_lock_init()
Note that building the TF with optimizations disabled when Trusted
Board Boot is enabled is currently unsupported, as this makes the BL2
image too big to fit in memory without any adjustment of its base
address. Similarly, disabling optimizations for debug builds on FVP
is unsupported at the moment.
Change-Id: I284a9f84cc8df96a0c1a52dfe05c9e8544c0cefe
The AArch32 long descriptor format and the AArch64 descriptor format
correspond to each other which allows possible sharing of xlat_tables
library code between AArch64 and AArch32. This patch refactors the
xlat_tables library code to seperate the common functionality from
architecture specific code. Prior to this patch, all of the xlat_tables
library code were in `lib/aarch64/xlat_tables.c` file. The refactored code
is now in `lib/xlat_tables/` directory. The AArch64 specific programming
for xlat_tables is in `lib/xlat_tables/aarch64/xlat_tables.c` and the rest
of the code common to AArch64 and AArch32 is in
`lib/xlat_tables/xlat_tables_common.c`. Also the data types used in
xlat_tables library APIs are reworked to make it compatible between AArch64
and AArch32.
The `lib/aarch64/xlat_tables.c` file now includes the new xlat_tables
library files to retain compatibility for existing platform ports.
The macros related to xlat_tables library are also moved from
`include/lib/aarch64/arch.h` to the header `include/lib/xlat_tables.h`.
NOTE: THE `lib/aarch64/xlat_tables.c` FILE IS DEPRECATED AND PLATFORM PORTS
ARE EXPECTED TO INCLUDE THE NEW XLAT_TABLES LIBRARY FILES IN THEIR MAKEFILES.
Change-Id: I3d17217d24aaf3a05a4685d642a31d4d56255a0f
Currently the `tzc400_configure_region` and `tzc_dmc500_configure_region`
functions uses uintptr_t as the data type for `region_top` and `region_base`
variables, which will be converted to 32/64 bits for AArch32/AArch64
respectively. But the expectation is to keep these addresses at least 64 bit.
This patch modifies the data types to make it at least 64 bit by using
unsigned long long instead of uintptr_t for the `region_top` and
`region_base` variables. It also modifies the associated macros
`_tzc##fn_name##_write_region_xxx` accordingly.
Change-Id: I4e3c6a8a39ad04205cf0f3bda336c3970b15a28b
Previously, when building TF without SPD support, BL2 tried to load a
BL32 image from the FIP and fails to find one, which resulted on
warning messages on the console. Even if there is a BL32 image in the
FIP it shouldn't be loaded because there is no way to transfer
control to the Secure Payload without SPD support.
The Makefile has been modified to pass a define of the form
SPD_${SPD} to the source code the same way it's done for PLAT. The
define SPD_none is then used to undefine BL32_BASE when BL32 is not
used to prevent BL2 from trying to load a BL32 image and failing,
thus removing the warning messages mentioned above.
FixesARM-software/tf-issues#287
Change-Id: Ifeb6f1c26935efb76afd353fea88e87ba09e9658
This patch enables the SCR_EL3.SIF (Secure Instruction Fetch) bit in BL1 and
BL31 common architectural setup code. When in secure state, this disables
instruction fetches from Non-secure memory.
NOTE: THIS COULD BREAK PLATFORMS THAT HAVE SECURE WORLD CODE EXECUTING FROM
NON-SECURE MEMORY, BUT THIS IS CONSIDERED UNLIKELY AND IS A SERIOUS SECURITY
RISK.
FixesARM-Software/tf-issues#372
Change-Id: I684e84b8d523c3b246e9a5fabfa085b6405df319
This patch modifies the return type of the platform API
`plat_get_ns_image_entrypoint()` from `unsigned long` to
`uintptr_t` in accordance with the coding guidelines.
Change-Id: Icb4510ca98b706aa4d535fe27e203394184fb4ca
This patch adds support to program TrustZone protection on ARM platforms that
implement a DMC-500. arm_dmc_500.c has been added which implements the
arm_dmc_tzc_setup() function. This function relies on constants related to TZC
programming that are exported by each platform to program TrustZone protection
using the DMC-500 TrustZone controller driver. This function should be called
from plat_arm_security_setup() which is implemented by each platform.
Change-Id: I5400bdee9e4b29155fd11296a40693d512312f29
The ARM CoreLink DMC-500 Dynamic Memory Controller provides the
programmable address region control of a TrustZone Address Space
Controller. The access permissions can be defined for eight
separate address regions plus a background or default region.
This patch adds a DMC-500 driver to define address regions and
program their access permissions as per ARM 100131_0000_02_en
(r0p0) document.
Change-Id: I9d33120f9480d742bcf7937e4b876f9d40c727e6
TrustZone protection can be programmed by both memory and TrustZone
address space controllers like DMC-500 and TZC-400. These peripherals
share a similar programmer's view.
Furthermore, it is possible to have multiple instances of each type of
peripheral in a system resulting in multiple programmer's views.
For example, on the TZC-400 each of the 4 filter units can be enabled
or disabled for each region. There is a single set of registers to
program the region attributes. On the DMC-500, each filter unit has its
own programmer's view resulting in multiple sets of registers to program
the region attributes. The layout of the registers is almost the same
across all these variations.
Hence the existing driver in `tzc400\tzc400.c` is refactored into the
new driver in `tzc\tzc400.c`. The previous driver file is still maintained
for compatibility and it is now deprecated.
Change-Id: Ieabd0528e244582875bc7e65029a00517671216d
lib/aarch64/xlat_helpers.c defines helper functions to build
translation descriptors, but no common code or upstream platform
port uses them. As the rest of the xlat_tables code evolves, there
may be conflicts with these helpers, therefore this code should be
removed.
Change-Id: I9f5be99720f929264818af33db8dada785368711
This patch adds support for non-volatile counter authentication to
the Authentication Module. This method consists of matching the
counter values provided in the certificates with the ones stored
in the platform. If the value from the certificate is lower than
the platform, the boot process is aborted. This mechanism protects
the system against rollback.
The TBBR CoT has been updated to include this method as part of the
authentication process. Two counters are used: one for the trusted
world images and another for the non trusted world images.
** NEW PLATFORM APIs (mandatory when TBB is enabled) **
int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr);
This API returns the non-volatile counter value stored
in the platform. The cookie in the first argument may be
used to select the counter in case the platform provides
more than one (i.e. TBSA compliant platforms must provide
trusted and non-trusted counters). This cookie is specified
in the CoT.
int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr);
This API sets a new counter value. The cookie may be
used to select the counter to be updated.
An implementation of these new APIs for ARM platforms is also
provided. The values are obtained from the Trusted Non-Volatile
Counters peripheral. The cookie is used to pass the extension OID.
This OID may be interpreted by the platform to know which counter
must return. On Juno, The trusted and non-trusted counter values
have been tied to 31 and 223, respectively, and cannot be modified.
** IMPORTANT **
THIS PATCH BREAKS THE BUILD WHEN TRUSTED_BOARD_BOOT IS ENABLED. THE
NEW PLATFORM APIs INTRODUCED IN THIS PATCH MUST BE IMPLEMENTED IN
ORDER TO SUCCESSFULLY BUILD TF.
Change-Id: Ic943b76b25f2a37f490eaaab6d87b4a8b3cbc89a
This patch adds an option to the ARM common platforms to load BL31 in the
TZC secured DRAM instead of the default secure SRAM.
To enable this feature, set `ARM_BL31_IN_DRAM` to 1 in build options.
If TSP is present, then setting this option also sets the TSP location
to DRAM and ignores the `ARM_TSP_RAM_LOCATION` build flag.
To use this feature, BL2 platform code must map in the DRAM used by
BL31. The macro ARM_MAP_BL31_SEC_DRAM is provided for this purpose.
Currently, only the FVP BL2 platform code maps in this DRAM.
Change-Id: If5f7cc9deb569cfe68353a174d4caa48acd78d67
These macros are unused and redundant with other CPU system registers
functions.
Moreover enable_serror() function implementation may not reach its purpose
because it does not handle the value of SCR_EL3.EA.
Signed-off-by: Gerald Lejeune <gerald.lejeune@st.com>
Asynchronous abort exceptions generated by the platform during cold boot are
not taken in EL3 unless SCR_EL3.EA is set.
Therefore EA bit is set along with RES1 bits in early BL1 and BL31 architecture
initialisation. Further write accesses to SCR_EL3 preserve these bits during
cold boot.
A build flag controls SCR_EL3.EA value to keep asynchronous abort exceptions
being trapped by EL3 after cold boot or not.
For further reference SError Interrupts are also known as asynchronous external
aborts.
On Cortex-A53 revisions below r0p2, asynchronous abort exceptions are taken in
EL3 whatever the SCR_EL3.EA value is.
Fixesarm-software/tf-issues#368
Signed-off-by: Gerald Lejeune <gerald.lejeune@st.com>
The assembler helper function `print_revision_warning` is used when a
CPU specific operation is enabled in the debug build (e.g. an errata
workaround) but doesn't apply to the executing CPU's revision/part number.
However, in some cases the system integrator may want a single binary to
support multiple platforms with different IP versions, only some of which
contain a specific erratum. In this case, the warning can be emitted very
frequently when CPUs are being powered on/off.
This patch modifies this warning print behaviour so that it is emitted only
when LOG_LEVEL >= LOG_LEVEL_VERBOSE. The `debug.h` header file now contains
guard macros so that it can be included in assembly code.
Change-Id: Ic6e7a07f128dcdb8498a5bfdae920a8feeea1345
Added a new platform porting function plat_panic_handler, to allow
platforms to handle unexpected error situations. It must be
implemented in assembly as it may be called before the C environment
is initialized. A default implementation is provided, which simply
spins.
Corrected all dead loops in generic code to call this function
instead. This includes the dead loop that occurs at the end of the
call to panic().
All unnecesary wfis from bl32/tsp/aarch64/tsp_exceptions.S have
been removed.
Change-Id: I67cb85f6112fa8e77bd62f5718efcef4173d8134
The previous reset code in BL1 performed the following steps in
order:
1. Warm/Cold boot detection.
If it's a warm boot, jump to warm boot entrypoint.
2. Primary/Secondary CPU detection.
If it's a secondary CPU, jump to plat_secondary_cold_boot_setup(),
which doesn't return.
3. CPU initialisations (cache, TLB...).
4. Memory and C runtime initialization.
For a secondary CPU, steps 3 and 4 are never reached. This shouldn't
be a problem in most cases, since current implementations of
plat_secondary_cold_boot_setup() either panic or power down the
secondary CPUs.
The main concern is the lack of secondary CPU initialization when
bare metal EL3 payloads are used in case they don't take care of this
initialisation themselves.
This patch moves the detection of primary/secondary CPU after step 3
so that the CPU initialisations are performed per-CPU, while the
memory and the C runtime initialisation are only performed on the
primary CPU. The diagrams used in the ARM Trusted Firmware Reset
Design documentation file have been updated to reflect the new boot
flow.
Platforms ports might be affected by this patch depending on the
behaviour of plat_secondary_cold_boot_setup(), as the state of the
platform when entering this function will be different.
FixesARM-software/tf-issues#342
Change-Id: Icbf4a0ee2a3e5b856030064472f9fa6696f2eb9e
At the moment, the memory translation library allows to create memory
mappings of 2 types:
- Device nGnRE memory (named MT_DEVICE in the library);
- Normal, Inner Write-back non-transient, Outer Write-back
non-transient memory (named MT_MEMORY in the library).
As a consequence, the library code treats the memory type field as a
boolean: everything that is not device memory is normal memory and
vice-versa.
In reality, the ARMv8 architecture allows up to 8 types of memory to
be used at a single time for a given exception level. This patch
reworks the memory attributes such that the memory type is now defined
as an integer ranging from 0 to 7 instead of a boolean. This makes it
possible to extend the list of memory types supported by the memory
translation library.
The priority system dictating memory attributes for overlapping
memory regions has been extended to cope with these changes but the
algorithm at its core has been preserved. When a memory region is
re-mapped with different memory attributes, the memory translation
library examines the former attributes and updates them only if
the new attributes create a more restrictive mapping. This behaviour
is unchanged, only the manipulation of the value has been modified
to cope with the new format.
This patch also introduces a new type of memory mapping in the memory
translation library: MT_NON_CACHEABLE, meaning Normal, Inner
Non-cacheable, Outer Non-cacheable memory. This can be useful to map
a non-cacheable memory region, such as a DMA buffer for example.
The rules around the Execute-Never (XN) bit in a translation table
for an MT_NON_CACHEABLE memory mapping have been aligned on the rules
used for MT_MEMORY mappings:
- If the memory is read-only then it is also executable (XN = 0);
- If the memory is read-write then it is not executable (XN = 1).
The shareability field for MT_NON_CACHEABLE mappings is always set as
'Outer-Shareable'. Note that this is not strictly needed since
shareability is only relevant if the memory is a Normal Cacheable
memory type, but this is to align with the existing device memory
mappings setup. All Device and Normal Non-cacheable memory regions
are always treated as Outer Shareable, regardless of the translation
table shareability attributes.
This patch also removes the 'ATTR_SO' and 'ATTR_SO_INDEX' #defines.
They were introduced to map memory as Device nGnRnE (formerly called
"Strongly-Ordered" memory in the ARMv7 architecture) but were not
used anywhere in the code base. Removing them avoids any confusion
about the memory types supported by the library.
Upstream platforms do not currently use the MT_NON_CACHEABLE memory
type.
NOTE: THIS CHANGE IS SOURCE COMPATIBLE BUT PLATFORMS THAT RELY ON THE
BINARY VALUES OF `mmap_attr_t` or the `attr` argument of
`mmap_add_region()` MAY BE BROKEN.
Change-Id: I717d6ed79b4c845a04e34132432f98b93d661d79
This patch fixes inconsistencies in bl1_tbbr_image_descs[]
and miscellaneous fixes in Firmware Update code.
Following are the changes:
* As part of the original FWU changes, a `copied_size`
field was added to `image_info_t`. This was a subtle binary
compatibility break because it changed the size of the
`bl31_params_t` struct, which could cause problems if
somebody used different versions of BL2 or BL31, one with
the old `image_info_t` and one with the new version.
This patch put the `copied_size` within the `image_desc_t`.
* EXECUTABLE flag is now stored in `ep_info.h.attr` in place
of `image_info.h.attr`, associating it to an entrypoint.
* The `image_info.image_base` is only relevant for secure
images that are copied from non-secure memory into secure
memory. This patch removes initializing `image_base` for
non secure images in the bl1_tbbr_image_descs[].
* A new macro `SET_STATIC_PARAM_HEAD` is added for populating
bl1_tbbr_image_descs[].ep_info/image_info.h members statically.
The version, image_type and image attributes are now
populated using this new macro.
* Added PLAT_ARM_NVM_BASE and PLAT_ARM_NVM_SIZE to avoid direct
usage of V2M_FLASH0_XXX in plat/arm/common/arm_bl1_fwu.c.
* Refactoring of code/macros related to SECURE and EXECUTABLE flags.
NOTE: PLATFORM PORTS THAT RELY ON THE SIZE OF `image_info_t`
OR USE the "EXECUTABLE" BIT WITHIN `image_info_t.h.attr`
OR USE THEIR OWN `image_desc_t` ARRAY IN BL1, MAY BE
BROKEN BY THIS CHANGE. THIS IS CONSIDERED UNLIKELY.
Change-Id: Id4e5989af7bf0ed263d19d3751939da1169b561d
`board_arm_def.h` contains multiple definitions of
`PLAT_ARM_MMAP_ENTRIES` and `MAX_XLAT_TABLES` that are optimised for
memory usage depending upon the chosen build configuration. To ease
maintenance of these constants, this patch replaces their multiple
definitions with a single set of definitions that will work on all ARM
platforms.
Platforms can override the defaults with optimal values by enabling the
`ARM_BOARD_OPTIMISE_MMAP` build option. An example has been provided in
the Juno ADP port.
Additionally, `PLAT_ARM_MMAP_ENTRIES` is increased by one to accomodate
future ARM platforms.
Change-Id: I5ba6490fdd1e118cc9cc2d988ad7e9c38492b6f0
The common topology description helper funtions and macros for
ARM Standard platforms assumed a dual cluster system. This is not
flexible enough to scale to multi cluster platforms. This patch does
the following changes for more flexibility in defining topology:
1. The `plat_get_power_domain_tree_desc()` definition is moved from
`arm_topology.c` to platform specific files, that is `fvp_topology.c`
and `juno_topology.c`. Similarly the common definition of the porting
macro `PLATFORM_CORE_COUNT` in `arm_def.h` is moved to platform
specific `platform_def.h` header.
2. The ARM common layer porting macros which were dual cluster specific
are now removed and a new macro PLAT_ARM_CLUSTER_COUNT is introduced
which must be defined by each ARM standard platform.
3. A new mandatory ARM common layer porting API
`plat_arm_get_cluster_core_count()` is introduced to enable the common
implementation of `arm_check_mpidr()` to validate MPIDR.
4. For the FVP platforms, a new build option `FVP_NUM_CLUSTERS` has been
introduced which allows the user to specify the cluster count to be
used to build the topology tree within Trusted Firmare. This enables
Trusted Firmware to be built for multi cluster FVP models.
Change-Id: Ie7a2e38e5661fe2fdb2c8fdf5641d2b2614c2b6b
The shared memory region on ARM platforms contains the mailboxes and,
on Juno, the payload area for communication with the SCP. This shared
memory may be configured as normal memory or device memory at build
time by setting the platform flag 'PLAT_ARM_SHARED_RAM_CACHED' (on
Juno, the value of this flag is defined by 'MHU_PAYLOAD_CACHED').
When set as normal memory, the platform port performs the corresponding
cache maintenance operations. From a functional point of view, this is
the equivalent of setting the shared memory as device memory, so there
is no need to maintain both options.
This patch removes the option to specify the shared memory as normal
memory on ARM platforms. Shared memory is always treated as device
memory. Cache maintenance operations are no longer needed and have
been replaced by data memory barriers to guarantee that payload and
MHU are accessed in the right order.
Change-Id: I7f958621d6a536dd4f0fa8768385eedc4295e79f
ARM Trusted Firmware supports 2 different interconnect peripheral
drivers: CCI and CCN. ARM platforms are implemented using either of the
interconnect peripherals.
This patch adds a layer of abstraction to help ARM platform ports to
choose the right interconnect driver and corresponding platform support.
This is as described below:
1. A set of ARM common functions have been implemented to initialise an
interconnect and for entering/exiting a cluster from coherency. These
functions are prefixed as "plat_arm_interconnect_". Weak definitions of
these functions have been provided for each type of driver.
2.`plat_print_interconnect_regs` macro used for printing CCI registers is
moved from a common arm_macros.S to cci_macros.S.
3. The `ARM_CONFIG_HAS_CCI` flag used in `arm_config_flags` structure
is renamed to `ARM_CONFIG_HAS_INTERCONNECT`.
Change-Id: I02f31184fbf79b784175892d5ce1161b65a0066c
Current code mandates loading of SCP_BL2/SCP_BL2U images for all
CSS platforms. On future ARM CSS platforms, the Application
Processor (AP) might not need to load these images. So, these
items can be removed from the FIP on those platforms.
BL2 tries to load SCP_BL2/SCP_BL2U images if their base
addresses are defined causing boot error if the images are not
found in FIP.
This change adds a make flag `CSS_LOAD_SCP_IMAGES` which if set
to `1` does:
1. Adds SCP_BL2, SCP_BL2U images to FIP.
2. Defines the base addresses of these images so that AP loads
them.
And vice-versa if it is set to `0`. The default value is set to
`1`.
Change-Id: I5abfe22d5dc1e9d80d7809acefc87b42a462204a
Current code assumes `SCP_COM_SHARED_MEM_BASE` as the base address
for BOM/SCPI protocol between AP<->SCP on all CSS platforms. To
cater for future ARM platforms this is made platform specific.
Similarly, the bit shifts of `SCP_BOOT_CONFIG_ADDR` are also made
platform specific.
Change-Id: Ie8866c167abf0229a37b3c72576917f085c142e8
Functions to configure the MMU in S-EL1 and EL3 on ARM platforms
expect each platform to export its memory map in the `plat_arm_mmap`
data structure. This approach does not scale well in case the memory
map cannot be determined until runtime. To cater for this possibility,
this patch introduces the plat_arm_get_mmap() API. It returns a
reference to the `plat_arm_mmap` by default but can be overridden
by a platform if required.
Change-Id: Idae6ad8fdf40cdddcd8b992abc188455fa047c74
Each ARM Compute Subsystem based platform implements a System Security
Control (SSC) Registers Unit. The SSC_VERSION register inside it carries
information to identify the platform. This enables ARM Trusted Firmware
to compile in support for multiple ARM platforms and choose one at
runtime. This patch adds macros to enable access to this register.
Each platform is expected to export its PART_NUMBER separately.
Additionally, it also adds juno part number.
Change-Id: I2b1d5f5b65a9c7b76c6f64480cc7cf0aef019422
This patch moves the definition of some macros used only on
ARM platforms from common headers to platform specific headers.
It also forces all ARM standard platforms to have distinct
definitions (even if they are usually the same).
1. `PLAT_ARM_TZC_BASE` and `PLAT_ARM_NSTIMER_FRAME_ID` have been
moved from `css_def.h` to `platform_def.h`.
2. `MHU_BASE` used in CSS platforms is moved from common css_def.h
to platform specific header `platform_def.h` on Juno and
renamed as `PLAT_ARM_MHU_BASE`.
3. To cater for different sizes of BL images, new macros like
`PLAT_ARM_MAX_BL31_SIZE` have been created for each BL image. All
ARM platforms need to define them for each image.
Change-Id: I9255448bddfad734b387922aa9e68d2117338c3f
This patch moves the private GIC common accessors from `gic_common.h` to
a new private header file `gic_common_private.h`. This patch also adds
additional comments to GIC register accessors to highlight the fact
that some of them access register values that correspond to multiple
interrupt IDs. The convention used is that the `set`, `get` and `clr`
accessors access and modify the values corresponding to a single interrupt
ID whereas the `read` and `write` GIC register accessors access the raw
GIC registers and it could correspond to multiple interrupt IDs depending
on the register accessed.
Change-Id: I2643ecb2533f01e3d3219fcedfb5f80c120622f9
The code to set the interrupt priority for secure interrupts in the
new GICv2 and GICv3 drivers is incorrect. The setup code to configure
interrupt priorities of secure interrupts, one interrupt at a time, used
gicd_write_ipriorityr()/gicr_write_ipriority() function affecting
4 interrupts at a time. This bug did not manifest itself because all the
secure interrupts were configured to the highest secure priority(0) during
cold boot and the adjacent non secure interrupt priority would be configured
later by the normal world. This patch introduces new accessors,
gicd_set_ipriorityr() and gicr_set_ipriorityr(), for configuring priority
one interrupt at a time and fixes the the setup code to use the new
accessors.
FixesARM-software/tf-issues#344
Change-Id: I470fd74d2b7fce7058b55d83f604be05a27e1341
The LDNP/STNP instructions as implemented on Cortex-A53 and
Cortex-A57 do not behave in a way most programmers expect, and will
most probably result in a significant speed degradation to any code
that employs them. The ARMv8-A architecture (see Document ARM DDI
0487A.h, section D3.4.3) allows cores to ignore the non-temporal hint
and treat LDNP/STNP as LDP/STP instead.
This patch introduces 2 new build flags:
A53_DISABLE_NON_TEMPORAL_HINT and A57_DISABLE_NON_TEMPORAL_HINT
to enforce this behaviour on Cortex-A53 and Cortex-A57. They are
enabled by default.
The string printed in debug builds when a specific CPU errata
workaround is compiled in but skipped at runtime has been
generalised, so that it can be reused for the non-temporal hint use
case as well.
Change-Id: I3e354f4797fd5d3959872a678e160322b13867a1
The debug prints used to debug translation table setup in xlat_tables.c
used the `printf()` standard library function instead of the stack
optimized `tf_printf()` API. DEBUG_XLAT_TABLE option was used to enable
debug logs within xlat_tables.c and it configured a much larger stack
size for the platform in case it was enabled. This patch modifies these
debug prints within xlat_tables.c to use tf_printf() and modifies the format
specifiers to be compatible with tf_printf(). The debug prints are now enabled
if the VERBOSE prints are enabled in Trusted Firmware via LOG_LEVEL build
option.
The much larger stack size definition when DEBUG_XLAT_TABLE is defined
is no longer required and the platform ports are modified to remove this
stack size definition.
Change-Id: I2f7d77ea12a04b827fa15e2adc3125b1175e4c23
The PL011 TRM (ARM DDI 0183G) specifies that the UART must be
disabled before any of the control registers are programmed. The
PL011 driver included in TF does not disable the UART, so the
initialization in BL2 and BL31 is violating this requirement
(and potentially in BL1 if the UART is enabled after reset).
This patch modifies the initialization function in the PL011
console driver to disable the UART before programming the
control registers.
Register clobber list and documentation updated.
FixesARM-software/tf-issues#300
Change-Id: I839b2d681d48b03f821ac53663a6a78e8b30a1a1
Migrate all direct usage of __attribute__ to usage of their
corresponding macros from cdefs.h.
e.g.:
- __attribute__((unused)) -> __unused
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Use the new __deprecated macro from the generic cdefs header and remove
the deprecated __warn_deprecated.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
This patch rearranges fields of the `image_desc_t` & `auth_img_desc_t`
data structures to reduce padding between the fields and thereby
save memory.
NOTE: Platform ports which anonymously initialize these structures
should be aware of the rearrangement and do the required
modification.
Change-Id: I428b5429632797b31d5bd306174599c07e24c060
This patch changes the anonymous initialization of `rt_svc_desc_t` structure
by the `DECLARE_RT_SVC` macro to designated initialization. This makes the
code more robust and less sensitive to potential changes to the
`rt_svc_desc_t` structure.
Change-Id: If6f1586730c0d29d92ef09e07eff7dd0d22857c7
This patch adds support for ARM Cortex-A35 processor in the CPU
specific framework, as described in the Cortex-A35 TRM (r0p0).
Change-Id: Ief930a0bdf6cd82f6cb1c3b106f591a71c883464
By default ARM TF is built with the '-pedantic' compiler flag, which
helps detecting violations of the C standard. However, the mbed TLS
library and its associated authentication module in TF used to fail
building with this compiler flag. As a workaround, the mbed TLS
authentication module makefile used to set the 'DISABLE_PEDANTIC'
TF build flag.
The compiler errors flagged by '-pedantic' in the mbed TLS library
have been fixed between versions 1.3.9 and 2.2.0 and the library now
properly builds with this compiler flag.
This patch fixes the remaining compiler errors in the mbed TLS
authentication module in TF and unsets the 'DISABLE_PEDANTIC' TF
build flag. This means that TF is now always built with '-pedantic'.
In particular, this patch:
* Removes the final semi-colon in REGISTER_COT() macro.
This semi-colon was causing the following error message:
drivers/auth/tbbr/tbbr_cot.c:544:23: error: ISO C does not allow
extra ';' outside of a function [-Werror=pedantic]
This has been fixed both in the mbed TLS authentication module
as well as in the certificate generation tool. Note that the latter
code didn't need fixing since it is not built with '-pedantic' but
the change has been propagated for consistency.
Also fixed the REGISTER_KEYS() and REGISTER_EXTENSIONS() macros,
which were suffering from the same issue.
* Fixes a pointer type.
It was causing the following error message:
drivers/auth/mbedtls/mbedtls_crypto.c: In function 'verify_hash':
drivers/auth/mbedtls/mbedtls_crypto.c:177:42: error: pointer of
type 'void *' used in arithmetic [-Werror=pointer-arith]
Change-Id: I7b7a04ef711efd65e17b5be26990d1a0d940257d
The current FWU_SMC_UPDATE_DONE implementation incorrectly passes
an unused framework cookie through to the 1st argument in the
platform function `bl1_plat_fwu_done`. The intent is to allow
the SMC caller to pass a cookie through to this function.
This patch fixes FWU_SMC_UPDATE_DONE to pass x1 from the caller
through to `bl1_plat_fwu_done`. The argument names are updated
for clarity.
Upstream platforms currently do not use this argument so no
impact is expected.
Change-Id: I107f4b51eb03e7394f66d9a534ffab1cbc09a9b2
Jeenu Viswambharan
danh-arm
dp-arm
Yatharth Kochar
Antonio Nino Diaz
Soby Mathew
David Cunado
Qixiang.Xu
Douglas Raillard
Haojian Zhuang
Sandrine Bailleux
Leon Chen
Naga Sureshkumar Relli
Caesar Wang
Gerald Lejeune
Soren Brinkmann
Vikram Kanigiri
Juan Castillo
David Wang