- Use the TrustZone controller on Base FVP to program DRAM access
permissions. By default no access to DRAM is allowed if
'secure memory' is enabled on the Base FVP.
- The Foundation FVP does not have a TrustZone controller but instead
has fixed access permissions.
- Update FDTs for Linux to use timers at the correct security level.
- Starting the FVPs with 'secure memory' disabled is also supported.
Limitations:
Virtio currently uses a reserved NSAID. This will be corrected in
future FVP releases.
Change-Id: I0b6c003a7b5982267815f62bcf6eb82aa4c50a31
The TZC-400 performs security checks on transactions to memory or
peripherals. Separate regions can be created in the address space each
with individual security settings.
Limitations:
This driver does not currently support raising an interrupt on access
violation.
Change-Id: Idf8ed64b4d8d218fc9b6f9d75acdb2cd441d2449
Remove redundant code in plat_secondary_cold_boot_setup() in
plat/fvp/aarch64/bl1_plat_helpers.S.
FixesARM-software/tf-issues#136
Change-Id: I98c0a46d95cfea33125e34e609c83dc2c97cd86e
The BL images share common stack management code which provides
one coherent and one cacheable stack for every CPU. BL1 and BL2
just execute on the primary CPU during boot and do not require
the additional CPU stacks. This patch provides separate stack
support code for UP and MP images, substantially reducing the
RAM usage for BL1 and BL2 for the FVP platform.
This patch also provides macros for declaring stacks and
calculating stack base addresses to improve consistency where
this has to be done in the firmware.
The stack allocation source files are now included via
platform.mk rather than the common BLx makefiles. This allows
each platform to select the appropriate MP/UP stack support
for each BL image.
Each platform makefile must be updated when including this
commit.
FixesARM-software/tf-issues#76
Change-Id: Ia251f61b8148ffa73eae3f3711f57b1ffebfa632
Rename the array "mmap" in plat/fvp/aarch64/plat_common.c to
"fvp_mmap", to avoid confusion with the array of the same name
in lib/arch/aarch64/xlat_tables.c
FixesARM-software/tf-issues#114
Change-Id: I61478c0070aa52d5dcf5d85af2f353f56c060cfb
Rename drivers/console/console.c to
drivers/arm/peripherals/pl011/pl011_console.c. This makes it clear
that this is a pl011 specific console implementation.
FixesARM-software/tf-issues#129
Change-Id: Ie2f8109602134c5b86993e32452c70734c45a3ed
BL3-1 architecture setup code programs the system counter frequency
into the CNTFRQ_EL0 register. This frequency is defined by the
platform, though. This patch introduces a new platform hook that
the architecture setup code can call to retrieve this information.
In the ARM FVP port, this returns the first entry of the frequency
modes table from the memory mapped generic timer.
All system counter setup code has been removed from BL1 as some
platforms may not have initialized the system counters at this stage.
The platform specific settings done exclusively in BL1 have been moved
to BL3-1. In the ARM FVP port, this consists in enabling and
initializing the System level generic timer. Also, the frequency change
request in the counter control register has been set to 0 to make it
explicit it's using the base frequency. The CNTCR_FCREQ() macro has been
fixed in this context to give an entry number rather than a bitmask.
In future, when support for firmware update is implemented, there
is a case where BL1 platform specific code will need to program
the counter frequency. This should be implemented at that time.
This patch also updates the relevant documentation.
It properly fixesARM-software/tf-issues#24
Change-Id: If95639b279f75d66ac0576c48a6614b5ccb0e84b
This reverts commit 1c297bf015
because it introduced a bug: the CNTFRQ_EL0 register was no
longer programmed by all CPUs. bl31_platform_setup() function
is invoked only in the cold boot path and consequently only
on the primary cpu.
A subsequent commit will correctly implement the necessary changes
to the counter frequency setup code.
FixesARM-software/tf-issues#125
Conflicts:
docs/firmware-design.md
plat/fvp/bl31_plat_setup.c
Change-Id: Ib584ad7ed069707ac04cf86717f836136ad3ab54
This extends the --gc-sections behaviour to the many assembler
support functions in the firmware images by placing each function
into its own code section. This is achieved by creating a 'func'
macro used to declare each function label.
FixesARM-software/tf-issues#80
Change-Id: I301937b630add292d2dec6d2561a7fcfa6fec690
All common functions are being built into all binary images,
whether or not they are actually used. This change enables the
use of -ffunction-sections, -fdata-sections and --gc-sections
in the compiler and linker to remove unused code and data from
the images.
Change-Id: Ia9f78c01054ac4fa15d145af38b88a0d6fb7d409
This patch fixes a build failure when TSPD support is included. The failure was
due to a missing semi-colon at the end of a C statement in tspd_common.c
Change-Id: I8fbd0d500bd9145b15f862b8686e570b80fcce8c
The Makefile used to specify a blacklist of rules for which
dependency checking must not be triggered. This list included
cleaning rules only, whereas all other non-build targets (e.g.
help, checkpatch, etc.) should also be included.
This approach seems a bit fragile because it is easy to forget
some non-building rules in the blacklist, as the experience
showed us. It is more robust to specify a whitelist of rules
for which dependency checking is required.
FixesARM-software/tf-issues#112
Change-Id: I030c405abb35972a726a5200396430316d18f963
This patch reworks the console driver to ensure that each bootloader stage
initializes it independently. As a result, both BL3-1 and BL2 platform code
now calls console_init() instead of relying on BL1 to perform console setup
FixesARM-software/tf-issues#120
Change-Id: Ic4d66e0375e40a2fc7434afcabc8bbb4715c14ab
This commit isolates the accessor functions in pl011.c and builds
a wrapper layer for console functions.
This also modifies the console driver to use the pl011 FIFO.
FixesARM-software/tf-issues#63
Change-Id: I3b402171cd14a927831bf5e5d4bb310b6da0e9a8
It used to be possible to build all bootloader binaries for all platforms
using 'PLAT=all'. This feature has been removed but there are still some
traces of its existence. This patch removes them.
Change-Id: Ic671a5c20c5b64acbd0a912d2e4db8f9d9574610
This patch fixes a regression failure due to the use of functions by the
TSPD code which access system registers with partially qualified names.
These functions had been removed in an earlier patch. The relevant code
has been updated to access these registers with their fully qualified
names.
FixesARM-software/tf-issues#119
Change-Id: Ide1bc5036e1b8164a42f7b7fe86186ad860e0ef9
bl1/aarch64/early_exceptions.S used to be re-used by BL2, BL3-1 and
BL3-2. There was some early SMC handling code in there that was not
required by the other bootloader stages. Therefore this patch
introduces an even simpler exception vector source file for BL2,
BL3-1 and BL3-2.
FixesARM-software/tf-issues#38
Change-Id: I0244b80e9930b0f8035156a0bf91cc3e9a8f995d
This patch adds support in the generic PSCI implementation to call a
platform specific function to enter a standby state using an example
implementation in ARM FVP port
FixesARM-software/tf-issues#94
Change-Id: Ic1263fcf25f28e09162ad29dca954125f9aa8cc9
Trusted firmware binaries loaded via semihosting used to be
opened using 'r' mode (i.e. read mode). This is fine on POSIX
conforming systems (including Linux) but for Windows it also means
that the file should be opened in text mode. 'rb' mode must be
specified instead for binary mode. On POSIX conforming systems,
'rb' mode is equivalent to 'r' mode so it does no harm.
FixesARM-software/tf-issues#69
Change-Id: Ifa53f2ecfd765f572dea5dd73191f9fe2b2c2011
Each ARM Trusted Firmware image should know in which EL it is running
and it should use the corresponding register directly instead of reading
currentEL and knowing which asm register to read/write
Change-Id: Ief35630190b6f07c8fbb7ba6cb20db308f002945
Remove the hard coding of all the MMU related registers with 0 and disable MMU
by clearing the M and C bit in SCTLR_ELx
Change-Id: I4a0b1bb14a604734b74c32eb31315d8504a7b8d8
The Test Secure-EL1 Payload implementation should always have a
platform-specific component. Therefore, there should always
be a platform-specific sub-makefile for the TSP. If there is
none then assume TSP is not supported on this specific platform
and throw an error at build time if the user tries to compile it.
Change-Id: Ibfbe6e4861cc7786a29f2fc0341035b852925193
This patch fixes a bug in the 'file_to_uuid()' function: it used
to cause an exception by dereferencing a null pointer when
a given UUID was not found in the UUID array. The fix is to delete
the final null entry in the UUID array, which is not needed because
the array is statically declared so its size is known at build time.
FixesARM-software/tf-issues#43
Change-Id: I0a003485b88134564c0d36f57c274215d9e16532
Previously to this path, the FIP tool used to print the following,
misleading error message when called without any argument or with
'--help' option:
ERROR: Too many arguments
This patch fixes this behavior by printing the following error
message instead:
ERROR: Missing FIP filename
If called with '--help', no error message is printed and only the
help message is displayed.
Change-Id: Ib281b056f5cd3bc2f66d98be0b0cb2a0aed7c6a8
This patch makes use of different values for '--dump' and other
command-line options. This makes the code simpler and also
optimises it a bit (because it avoids a string comparison).
Change-Id: I1c8345f210074fc5f962ea0282fd3625775dec69
Current implementation of Bakery Lock does tight-loop waiting upon lock
contention.
This commit reworks the implementation to use WFE instruction for
waiting, and SEV to signal lock availability. It also adds the rationale
for choosing Bakery Locks instead of exclusion primitives, and more
comments for the lock algorithm.
FixesARM-software/tf-issue#67
Change-Id: Ie351d3dbb27ec8e64dbc9507c84af07bd385a7df
Co-authored-by: Vikram Kanigiri <vikram.kanigiri@arm.com>
At present, the entry point for each BL image is specified via the
Makefiles and provided on the command line to the linker. When using a
link script the entry point should rather be specified via the ENTRY()
directive in the link script.
This patch updates linker scripts of all BL images to specify the entry
point using the ENTRY() directive. It also removes the --entry flag
passed to the linker through Makefile.
Fixes issue ARM-software/tf-issues#66
Change-Id: I1369493ebbacea31885b51185441f6b628cf8da0
This patch adds call count, UID and version information SMC calls for
the Trusted OS, as specified by the SMC calling convention.
Change-Id: I9a3e84ac1bb046051db975d853dcbe9612aba6a9
This patch implements ARM Standard Service as a runtime service and adds
support for call count, UID and revision information SMCs. The existing
PSCI implementation is subsumed by the Standard Service calls and all
PSCI calls are therefore dispatched by the Standard Service to the PSCI
handler.
At present, PSCI is the only specification under Standard Service. Thus
call count returns the number of PSCI calls implemented. As this is the
initial implementation, a revision number of 0.1 is returned for call
revision.
FixesARM-software/tf-issues#62
Change-Id: I6d4273f72ad6502636efa0f872e288b191a64bc1
At present, bl1_arch_setup() and bl31_arch_setup() program the counter
frequency using a value from the memory mapped generic timer. The
generic timer however is not necessarily present on all ARM systems
(although it is architected to be present on all server systems).
This patch moves the timer setup to platform-specific code and updates
the relevant documentation. Also, CNTR.FCREQ is set as the specification
requires the bit corresponding to the counter's frequency to be set when
enabling. Since we intend to use the base frequency, set bit 8.
FixesARM-software/tf-issues#24
Change-Id: I32c52cf882253e01f49056f47c58c23e6f422652
This patch removes the 'CPU present' flag that's being set but not
referred or used anywhere else.
Change-Id: Iaf82bdb354134e0b33af16c7ba88eb2259b2682a
Remove the instructions to update the change log from
contribution.md. The change log no longer contains a
"Detailed changes since last release" section.
Also, update the documentation links following recent
documentation changes.
Change-Id: Id9df43d666f7f9a60dcc6f663a8a85cdd2ff7cc4
FixesARM-software/tf-issues#42
Some callers of load_image() may need to get the size of the image
before/after loading it.
Change-Id: I8dc067b69fc711433651a560ba5a8c3519445857
Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
FixesARM-software/tf-issues#41
The policy functions for each file to be loaded were implemented by
copy/pasting one method and then varying the data checked.
This patch creates a generic function to check the policy based on the
data stored in a table.
This removes the amount of duplicated code but also makes the code
simpler and more efficient.
Change-Id: I1c52eacf6f18a1442dabbb33edd03d4bb8bbeae0
Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
If a platform doesn't specify a BLx_SOURCE variable, then building
of the corresponding bootloader isn't attempted. Also allow BL3-3 to
be omitted from the FIP.
Note, this change also removes support for PLAT=all and the 'fip' target
from the 'all' recipe.
FixesARM-software/tf-issues#30
Change-Id: Ibdfead0440256eaf364617ecff65290ca6fe6240
Signed-off-by: Jon Medhurst <tixy@linaro.org>
So it updates each time a bootloader changes, not just when bl*_main.c
files are recompiled.
FixesARM-software/tf-issues#33
Change-Id: Ie8e1a7bd7e1913d2e96ac268606284f76af8c5ab
Signed-off-by: Jon Medhurst <tixy@linaro.org>
Harry Liebel
danh-arm
Andrew Thoelke
Sandrine Bailleux
Achin Gupta
Vikram Kanigiri
Soby Mathew
Jeenu Viswambharan
Ryan Harkin
Jon Medhurst