Having these definitions in board_arm_def.h forces to
all the arm platforms to use the same definition for
PLAT_ARM_MEM_PROT_ADDR.
This macro also enables the mem-protect mechanism,
which means that all the arm platform has enabled
mem-protect and they cannot get rid of it.
Change-Id: Id29d2c51cbe6edc15f010a9f5a20c42266c48a08
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
The upcoming patch that adds dynamic mitigation for Cortex-A76
requires that DYNAMIC_WORKAROUND_CVE_2018_3639=1. On FVP, we pull in
all the CPU files into the build which means there will be a build
failure if DYNAMIC_WORKAROUND_CVE_2018_3639=0.
Change-Id: I2e781cbeafbf5d16eaabf76a1677e0c9f81269d2
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Both Cortex-Ares and Cortex-A76 CPUs use the ARM DynamIQ Shared Unit
(DSU). The power-down and power-up sequences are therefore mostly
managed in hardware, and required software operations are simple.
Change-Id: I3a9447b5bdbdbc5ed845b20f6564d086516fa161
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
This patch bumps up the BL1-RW size for Juno and at the same time reduces
the BL2 size when TBB is enabled, TF_MBEDTLS_KEY_ALG=rsa+ecdsa. The BL2
size for this config is reduced as it was observed that the peak memory
usage is only reached when SPD=opteed and the dual rsa+ecdsa support is
not needed for this case.
Change-Id: Ia9009771b5cfd805e9cc75410aabb7db99fc2fbc
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The patch changes the layout of BL images in memory to enable
more efficient use of available space. Previously BL31 was loaded
with the expectation that BL2 memory would be reclaimed by BL32
loaded in SRAM. But with increasing memory requirements in the
firmware, we can no longer fit BL32 in SRAM anymore which means the
BL2 memory is not reclaimed by any runtime image. Positioning BL2
below BL1-RW and above BL31 means that the BL31 NOBITS can be
overlaid on BL2 and BL1-RW.
This patch also propogates the same memory layout to BL32 for AArch32
mode. The reset addresses for the following configurations are also
changed :
* When RESET_TO_SP_MIN=1 for BL32 in AArch32 mode
* When BL2_AT_EL3=1 for BL2
The restriction on BL31 to be only in DRAM when SPM is enabled
is now removed with this change. The update to the firmware design
guide for the BL memory layout is done in the following patch.
Change-Id: Icca438e257abe3e4f5a8215f945b9c3f9fbf29c9
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
BL31 is running out of space, and the use-case of SPM doesn't require it
to be in SRAM. To prevent BL31 from running out of space in the future,
move BL31 to DRAM if SPM is enabled.
Secure Partition Manager design document updated to reflect the changes.
Increased the size of the stack of BL31 for builds with SPM.
The translation tables used by SPM in Arm platforms have been moved back
to the 'xlat_tables' region instead of 'arm_el3_tzc_dram'. Everything is
in DRAM now, so it doesn't make sense to treat them in a different way.
Change-Id: Ia6136c8e108b8da9edd90e9d72763dada5e5e5dc
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch adds soc_fw_config, tos_fw_config and nt_fw_config to the FVP.
The config files are placeholders and do not have any useful bindings
defined. The tos_fw_config is packaged in FIP and loaded by BL2 only
if SPD=tspd. The load address of these configs are specified in tb_fw_config
via new bindings defined for these configs. Currently, in FVP, the
soc_fw_config and tos_fw_config is loaded in the page between BL2_BASE
and ARM_SHARED_RAM. This memory was typically used for BL32 when
ARM_TSP_RAM_LOCATION=tsram but since we cannot fit BL32 in that
space anymore, it should be safe to use this memory for these configs.
There is also a runtime check in arm_bl2_dyn_cfg_init() which ensures
that this overlap doesn't happen.
The previous arm_dyn_get_hwconfig_info() is modified to accept configs
other than hw_config and hence renamed to arm_dyn_get_config_load_info().
The patch also corrects the definition of ARM_TB_FW_CONFIG_LIMIT to be
BL2_BASE.
Change-Id: I03a137d9fa1f92c862c254be808b8330cfd17a5a
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch adds capability to FVP to disable authentication dynamically
via the `disable_auth` property in TB_FW_CONFIG. Both BL1 and BL2 parses
the TB_FW_CONFIG for the `disable_auth` property and invokes the
`load_dyn_disable_auth()` API to disable authentication if the
property is set to 1. The DYN_DISABLE_AUTH is enabled by default for
FVP as it is a development platform. Note that the TB_FW_CONFIG has to
be authenticated by BL1 irrespective of these settings.
The arm_bl2_dyn_cfg_init() is now earlier in bl2_plat_preload_setup()
rather than in bl2_platform_setup() as we need to get the value of
`disable_auth` property prior to authentication of any image by BL2.
Change-Id: I734acd59572849793e5020ec44c6ac51f654a4d1
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
SGI-575's NSRAM is neither in the same place nor the same size as Juno's.
Change-Id: Id6d692e9c7e9c1360014bb525eda966ebe29c823
Signed-off-by: Chris Kay <chris.kay@arm.com>
Previously mem_protect used to be only supported from BL2. This is not
helpful in the case when ARM TF-A BL2 is not used. This patch demonstrates
mem_protect from el3_runtime firmware on ARM Platforms specifically
when RESET_TO_BL31 or RESET_TO_SP_MIN flag is set as BL2 may be absent
in these cases. The Non secure DRAM is dynamically mapped into EL3 mmap
tables temporarily and then the protected regions are then cleared. This
avoids the need to map the non secure DRAM permanently to BL31/sp_min.
The stack size is also increased, because DYNAMIC_XLAT_TABLES require
a bigger stack.
Change-Id: Ia44c594192ed5c5adc596c0cff2c7cc18c001fde
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined
Fixed for:
make DEBUG=1 PLAT=fvp SPD=tspd all
Change-Id: I0a16cf68fef29cf00ec0a52e47786f61d02ca4ae
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Add TZMP1 support on Juno and increase the BL2 size accordingly due to the
extra data structures to describe the TZC regions and the additional code.
Signed-off-by: Summer Qin <summer.qin@arm.com>
This patch allows the ARM Platforms to specify the TZC regions to be
specified to the ARM TZC helpers in arm_tzc400.c and arm_tzc_dmc500.c.
If the regions are not specified then the default TZC region will be
configured by these helpers.
This override mechanism allows specifying special regions for TZMP1
usecase.
Signed-off-by: Summer Qin <summer.qin@arm.com>
Building TBBR(SPD=opteed) and non-TBBR TF-A images is breaking for
Juno for different configurations listed below:
* Overflow error of 4096 bytes for rsa algorithm.
* Overflow error of 8192 bytes for ecdsa algorithm.
* Overflow error of 4096 bytes for rsa+ecdsa algorithm.
* Overflow error of 4096 bytes for non-TBBR case.
So this patch increments macro PLAT_ARM_MAX_BL2_SIZE for all the above
cases accordingly.
Change-Id: I75ec6c0a718181d34553fe55437f0496f467683f
Signed-off-by: Amit Daniel Kachhap <amit.kachhap@arm.com>
The current AArch32 version of plat_arm_calc_core_pos uses an incorrect
algorithm to calculate the linear position of a core / PE from its
MPIDR.
This patch corrects the algorithm to:
(ClusterId * FVP_MAX_CPUS_PER_CLUSTER) * FVP_MAX_PE_PER_CPU
+ (CPUId * FVP_MAX_PE_PER_CPU)
+ ThreadId
which supports cores where there are more than 1 PE per CPU.
NOTE: the AArch64 version was fixed in 39b21d1
Change-Id: I72aea89d8f72f8b1fef54e2177a0fa6fef0f5513
Signed-off-by: David Cunado <david.cunado@arm.com>
Add support for System Guidance for Infrastructure platform SGI575.
Change-Id: I0125c2ed4469fbc8367dafcc8adce770b6b3147d
Signed-off-by: Nariman Poushin <nariman.poushin@linaro.org>
x3 will be assigned by the folloing instructions.
So the first instruction is not needed any more.
old method:
(ClusterId * FVP_MAX_CPUS_PER_CLUSTER)
+ (CPUId * FVP_MAX_PE_PER_CPU)
+ ThreadId
it should be
(ClusterId * FVP_MAX_CPUS_PER_CLUSTER) * FVP_MAX_PE_PER_CPU
+ (CPUId * FVP_MAX_PE_PER_CPU)
+ ThreadId
which can be simplified as:
(ClusterId * FVP_MAX_CPUS_PER_CLUSTER + CPUId) * FVP_MAX_PE_PER_CPU + ThreadId
Signed-off-by: Wang Feng <feng_feng.wang@spreadtrum.com>
The FVP platform port for SP_MIN (BL32) didn't map the flash memory
in BL32 for stroring the mem_protect enable state information leading
to synchronous exception. The patch fixes it by adding the region to
the BL32 mmap tables.
Change-Id: I37eec83c3e1ea43d1b5504d3683eebc32a57eadf
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
Previously, Juno used to depend on the SSC_GPRETN register to inform
about the reset syndrome. This method was removed when SCP migrated
to the SDS framework. But even the SDS framework doesn't report the
reset syndrome correctly and hence Juno failed to enter Firmware
update mode if BL2 authentication failed.
In addition to that, the error code populated in V2M_SYS_NVFLAGS register
does not seem to be retained any more on Juno across resets. This could
be down to the motherboard firmware not doing the necessary to preserve
the value.
Hence this patch modifies the Juno platform to use the same mechanism to
trigger firmware update as FVP which is to corrupt the FIP TOC on
authentication failure. The implementation in `fvp_err.c` is made common
for ARM platforms and is moved to the new `arm_err.c` file in
plat/arm/common folder. The BL1 and BL2 mmap table entries for Juno
are modified to allow write to the Flash memory address.
Change-Id: Ica7d49a3e8a46a90efd4cf340f19fda3b549e945
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch removes default platform implementations of sp_min
platform APIs from plat/common/aarch32/plat_common.c. The APIs
are now implemented in `plat_sp_min_common.c` file within the
same folder.
The ARM platform layer had a weak definition of sp_min_platform_setup2()
which conflicted with the weak definition in the common file. Hence this
patch fixes that by introducing a `plat_arm_` version of the API thus
allowing individual boards within ARM platforms to override it if they
wish to.
FixesARM-software/tf-issues#559
Change-Id: I11a74ecae8191878ccc7ea03f12bdd5ae88faba5
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This was correct according to the model specifications , but it seems
that FVP doesn't implement it. It is safer to use the size exposed by
the DTB which is currently used by Linux.
Change-Id: I9aabe3284a50ec2a36ed94966eb7e4ddf37cec3b
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined
Fixed for:
make DEBUG=1 PLAT=juno LOG_LEVEL=50 all
Change-Id: Ic8f611da734f356566e8208053296e6c62b54709
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined
Fixed for:
make DEBUG=1 PLAT=fvp LOG_LEVEL=50 all
Change-Id: I7c2ad3f5c015411c202605851240d5347e4cc8c7
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.3: All declarations of an object or function shall
use the same names and type qualifiers.
Fixed for:
make DEBUG=1 PLAT=fvp LOG_LEVEL=50 all
Change-Id: I48201c9ef022f6bd42ea8644529afce70f9b3f22
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
FVPs that model DynamIQ configuration implements all CPUs in a single
cluster. I.e., such models have a single cluster with more than 4 CPUs.
This differs from existing default build configuration for FVP where up
to 4 CPUs are assumed per cluster.
To allow building for DynamIQ configuration, promote the macro
FVP_MAX_CPUS_PER_CLUSTER as a build option to have it set from the build
command line. The value of the build option defaults to 4.
Change-Id: Idc3853bc95f680869b434b011c2dbd733e40c6ce
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The SCP binaries provided in the 17.10 Linaro release (and onwards)
have migrated to the SCMI/SDS protocols. Therefore, the ARM TF should
now use the corresponding drivers by default.
This patch changes the default value of the CSS_USE_SCMI_SDS_DRIVER
build option to 1 for Juno.
Change-Id: Idb7e3c6af582f49e332167a2158703c2d781b437
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
MISRA C-2012 Rule 7.3 violation: lowercase l shall not be used as literal suffixes.
This patch resolves this for the ULL() macro by using ULL suffix instead
of the ull suffix.
Change-Id: Ia8183c399e74677e676956e8653e82375d0e0a01
Signed-off-by: David Cunado <david.cunado@arm.com>
This patch restricts building the dynamic config DTBs to the Unix
build environment as the Device Tree compiler may not be available
on other build environments.
Change-Id: Ie690e80010a174300e966240fd977b37561156e0
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch also fixes the assumption that the counters are disabled on
the resume path. This is incorrect as the AMU counters are enabled
early in the CPU reset function before `cpuamu_context_restore()`
runs.
Change-Id: I38a94eb166a523f00de18e86860434ffccff2131
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
This patch also fixes `cpuamu_write_cpuamcntenclr_el0()` to use an MSR
instruction instead of an MRS instruction.
Change-Id: Ia6531f64b5ebc60ba432124eaa8d8eaccba40ed0
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
This patch adds TB_FW_CONFIG for FVP and allows FVP
to select the appropriate HW_CONFIG to include in the
fip. The HW_CONFIG for FVP is selected via `FVP_HW_CONFIG_DTS`
build option. The TB_FW_CONFIG specifies the load address of
HW_CONFIG to BL2. Since currently the load address is different
between AARCH32 and AARCH64, 2 separate TB_FW_CONFIGs are
maintained for the 2 modes.
Change-Id: Ide8581e752dfa900087f5895c775073c841c0daf
Signed-Off-By: Soby Mathew <soby.mathew@arm.com>
The patch adds the necessary changes to load HW_CONFIG in BL2 for
ARM Platforms :
1. The load address of HW_CONFIG is specified via the `hw_config_addr`
property in TB_FW_CONFIG is loaded by BL1. The `hw_config_max_size`
property defines the maximum size to be expected for the HW_CONFIG.
The `arm_dyn_cfg_helpers.c` and corresponding header implements
utility functions to parse these DT properties defined.
The `arm_dyn_cfg.c` implements wrappers to these helpers to enable
them to be invoked from ARM platform layer.
2. `HW_CONFIG` is added to the `bl2_mem_params_descs[]` array which is
the list of images to be loaded by BL2.
3. The `libfdt` sources are now included when BL2 is built
4. A new helper `populate_next_bl_params_config()` is introduced in
desc_image_load.c to populate the subsequent executable BL images
with the `hw_config` and the corresponding `fw_config` if available.
The `plat_get_next_bl_params()` API for ARM platforms is modified to
invoke this new helper.
5. The implementation of `bl2_early_platform_setup2()` is modified to
consider `arg0` as well in addition to `arg1` passed from BL1.
6. Bump up the BL2 size for Juno to accommodate the inclusion of libfdt.
Change-Id: I80f1554adec41753e0d179a5237364f04fe13a3f
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch modifies the bl1_platform_setup() API to load and authenticate
TB_FW_CONFIG in BL1. The load address of the same is passed on to BL2 in
`arg0` of entrypoint info. The fvp_io_storage.c and arm_io_storage.c also
adds entries corresponding to TB_FW_CONFIG. A helper function
`arm_load_tb_fw_config()` is added to load and authenticate TB_FW_CONFIG
if present.
Change-Id: Ie7bce667b3fad2b1a083bbcbc0a773f9f04254b1
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch migrates the ARM Standard platforms to the new BL
handover interface. The arm_blx_early_platform_setup() functions
are also modified to take in 4 arguments. The `ARM_BL31_PLAT_PARAM_VAL`
value passed to BL31 from BL2 is now in arg3 in preparation of dynamic
configuration arguments.
Change-Id: I33e8e61325a19e7a7127b1ff203c3b86921bf153
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch maps the devices in the first GB of the system address map
on the FVP into the S-EL1&0 translation regime when SPM support is
enabled. This grants the Secure Partition access to the devices in
this region, for example the memory-mapped Generic Timer device.
Change-Id: I3aeea65f859ecbe83efde2acee20c55500c451bc
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
This patch modifies the makefiles to avoid the definition
of BL1_SOURCES and BL2_SOURCES in the tbbr makefiles, and
it lets to the platform makefiles to define them if they
actually need these images. In the case of BL2_AT_EL3
BL1 will not be needed usually because the Boot ROM will
jump directly to BL2.
Change-Id: Ib6845a260633a22a646088629bcd7387fe35dcf9
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
This patch add supports for the new API added for BL2 at EL3 for
FVP. We don't have a non-TF Boot ROM for FVP, but this option can be
tested setting specific parameters in the model.
The bl2 image is loaded directly in memory instead of being loaded
by a non-TF Boot ROM and the reset address is changed:
--data cluster0.cpu0=bl2.bin@0x4001000
-C cluster0.cpu0.RVBAR=0x4001000
These parameters mean that in the cold boot path the processor will
jump to BL2 again. For this reason, BL2 is loaded in dram in this
case, to avoid other images reclaiming BL2 memory.
Change-Id: Ieb2ff8535a9e67ccebcd8c2212cad366e7776422
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
With this patch, ARM platforms are expected to define the macros
PLAT_ARM_SDEI_PRIVATE_EVENTS and PLAT_ARM_SDEI_SHARED_EVENTS as a list
of private and shared events, respectively. This allows for individual
platforms to define their own events.
Change-Id: I66851fdcbff83fd9568c2777ade9eb12df284b49
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
After returning from SYSTEM_SUSPEND state, BL31 reconfigures the
TrustZone Controller during the boot sequence. If BL31 is placed in
TZC-secured DRAM, it will try to change the permissions of the memory it
is being executed from, causing an exception.
The solution is to disable SYSTEM_SUSPEND when the Trusted Firmware has
been compiled with ``ARM_BL31_IN_DRAM=1``.
Change-Id: I96dc50decaacd469327c6b591d07964726e58db4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Common code mustn't include ARM platforms headers.
Change-Id: Ib6e4f5a77c2d095e6e8c3ad89c89cb1959cd3043
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Pre-v8.2 platforms such as the Juno platform does not have
the Scalable Vector Extensions implemented and so the build
option ENABLE_SVE is set to zero.
This has a minor performance improvement with no functional
impact.
Change-Id: Ib072735db7a0247406f8b60e325b7e28b1e04ad1
Signed-off-by: David Cunado <david.cunado@arm.com>
The bl2_early_platform_setup() and bl2_platform_setup() were
redefined for Juno AArch32 eventhough CSS platform layer had
same definition for them. The CSS definitions definitions were
previously restricted to EL3_PAYLOAD_BASE builds and this is now
modified to include the Juno AArch32 builds as well thus
allowing us to remove the duplicate definitions in Juno platform
layer.
Change-Id: Ibd1d8c1428cc1d51ac0ba90f19f5208ff3278ab5
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch fixes a couple of issues for AArch32 builds on ARM reference
platforms :
1. The arm_def.h previously defined the same BL32_BASE value for AArch64 and
AArch32 build. Since BL31 is not present in AArch32 mode, this meant that
the BL31 memory is empty when built for AArch32. Hence this patch allocates
BL32 to the memory region occupied by BL31 for AArch32 builds.
As a side-effect of this change, the ARM_TSP_RAM_LOCATION macro cannot
be used to control the load address of BL32 in AArch32 mode which was
never the intention of the macro anyway.
2. A static assert is added to sp_min linker script to check that the progbits
are within the bounds expected when overlaid with other images.
3. Fix specifying `SPD` when building Juno for AArch32 mode. Due to the quirks
involved when building Juno for AArch32 mode, the build option SPD needed to
specifed. This patch corrects this and also updates the documentation in the
user-guide.
4. Exclude BL31 from the build and FIP when building Juno for AArch32 mode. As
a result the previous assumption that BL31 must be always present is removed
and the certificates for BL31 is only generated if `NEED_BL31` is defined.
Change-Id: I1c39bbc0abd2be8fbe9f2dea2e9cb4e3e3e436a8
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Factor out SPE operations in a separate file. Use the publish
subscribe framework to drain the SPE buffers before entering secure
world. Additionally, enable SPE before entering normal world.
A side effect of this change is that the profiling buffers are now
only drained when a transition from normal world to secure world
happens. Previously they were drained also on return from secure
world, which is unnecessary as SPE is not supported in S-EL1.
Change-Id: I17582c689b4b525770dbb6db098b3a0b5777b70a
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
The function arm_validate_ns_entrypoint() validates a given non-secure
physical address. This function however specifically returns PSCI error
codes.
Non-secure physical address validation is potentially useful across ARM
platforms, even for non-PSCI use cases. Therefore make this function
common by returning 0 for success or -1 otherwise.
Having made the function common, make arm_validate_psci_entrypoint() a
wrapper around arm_validate_ns_entrypoint() which only translates return
value into PSCI error codes. This wrapper is now used where
arm_validate_ns_entrypoint() was currently used for PSCI entry point
validation.
Change-Id: Ic781fc3105d6d199fd8f53f01aba5baea0ebc310
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This initial port of the Secure Partitions Manager to FVP supports BL31
in both SRAM and Trusted DRAM.
A document with instructions to build the SPM has been added.
Change-Id: I4ea83ff0a659be77f2cd72eaf2302cdf8ba98b32
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Achin Gupta <achin.gupta@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
For Trusted Board Boot, BL2 needs more space to support the ECDSA
and ECDSA+RSA algorithms.
Change-Id: Ie7eda9a1315ce836dbc6d18d6588f8d17891a92d
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
An earlier patch added provision for the platform to provide secure
interrupt properties. ARM platforms already has a list of interrupts
that fall into different secure groups.
This patch defines macros that enumerate interrupt properties in the
same fashion, and points the driver driver data to a list of interrupt
properties rather than list of secure interrupts on ARM platforms. The
deprecated interrupt list definitions are however retained to support
legacy builds.
Configuration applied to individual interrupts remain unchanged, so no
runtime behaviour change expected.
NOTE: Platforms that use the arm/common function
plat_arm_gic_driver_init() must replace their PLAT_ARM_G1S_IRQS and
PLAT_ARM_G0_IRQS macro definitions with PLAT_ARM_G1S_IRQ_PROPS and
PLAT_ARM_G0_IRQ_PROPS macros respectively, using the provided
INTR_PROP_DESC macro.
Change-Id: I24d643b83e3333753a3ba97d4b6fb71e16bb0952
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Provides GICv3 save/restore feature to arm_system_pwr_domain_resume and
arm_system_pwr_domain_save functions.
Introduce FVP PSCI power level 3 (System level) support. This is solely
done to provide example code on how to use the GICv3 save and restore
helpers.
Also make CSS GICv3 platforms power off the Redistributor on SYSTEM
SUSPEND as its state is saved and restored.
Change-Id: I0d852f3af8824edee1a17c085cf593ddd33a4e77
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Co-Authored-by: Douglas Raillard <douglas.raillard@arm.com>
Some recent enhancements to EL3 runtime firmware like support for
save and restoring GICv3 register context during system_suspend
necessitates additional data memory for the firmware. This patch
introduces support for creating a TZC secured DDR carveout for use
by ARM reference platforms. A new linker section `el3_tzc_dram` is
created using platform supplied linker script and data marked with
the attribute `arm_el3_tzc_dram` will be placed in this section.
The FVP makefile now defines the `PLAT_EXTRA_LD_SCRIPT` variable to
allow inclusion of the platform linker script by the top level BL31
linker script.
Change-Id: I0e7f4a75a6ac51419c667875ff2677043df1585d
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
During system suspend, the GICv3 Distributor and Redistributor context
can be lost due to power gating of the system power domain. This means
that the GICv3 context needs to be saved prior to system suspend and
restored on wakeup. Currently the consensus is that the Firmware should
be in charge of this. See tf-issues#464 for more details.
This patch introduces helper APIs in the GICv3 driver to save and
restore the Distributor and Redistributor contexts. The GICv3 ITS
context is not considered in this patch because the specification says
that the details of ITS power management is implementation-defined.
These APIs are expected to be appropriately invoked by the platform
layer during system suspend.
FixesARM-software/tf-issues#464
Change-Id: Iebb9c6770ab8c4d522546f161fa402d2fe02ec00
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Commit 11ad8f208d added supporting
multi-threaded CPUs on FVP platform, including modifications for
calculating CPU IDs. This patch imports the strong definition of the
same CPU ID calculation on FVP platform for TSP.
Without this patch, TSP on FVP was using the default CPU ID calculation,
which would end up being wrong on CPUs with multi-threading.
Change-Id: If67fd492dfce1f57224c9e693988c4b0f89a9a9a
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
On ARM platforms, the maximum size of the address space is limited
to 32-bits as defined in arm_def.h. In order to access DRAM2, which
is defined beyond the 32-bit address space, the maximum address space
is increased to 36-bits in AArch64. It is possible to increase the
virtual space for AArch32, but it is more difficult and not supported
for now.
NOTE - the actual maximum memory address space is platform dependent
and is checked at run-time by querying the PARange field in the
ID_AA64MMFR0_EL1 register.
Change-Id: I6cb05c78a63b1fed96db9a9773faca04a5b93d67
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
mem_protect needs some kind of non-volatile memory because it has
to remember its state across reset and power down events.
The most suitable electronic part for this feature is a NVRAM
which should be only accesible from the secure world. Juno and
FVP lack such hardware and for this reason the MEM_PROTECT
functionality is implemented with Flash EEPROM memory on both
boards, even though this memory is accesible from the non-secure
world. This is done only to show a full implementation of
these PSCI features, but an actual system shouldn't use a
non-secure NVRAM to implement it.
The EL3 runtime software will write the mem_protect flag and BL2
will read and clear the memory ranges if enabled. It is done in
BL2 because it reduces the time that TF needs access to the full
non-secure memory.
The memory layout of both boards is defined using macros which
take different values in Juno and FVP platforms. Generic platform
helpers are added that use the platform specific macros to generate
a mem_region_t that is valid for the platform.
Change-Id: I2c6818ac091a2966fa07a52c5ddf8f6fde4941e9
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
For Trusted Board Boot, BL1 RW section and BL2 need more space to
support the ECDSA algorithm. Specifically, PLAT_ARM_MAX_BL1_RW_SIZE
is increased on ARM platforms.
And on the Juno platform:
- BL2 size, PLAT_ARM_MAX_BL2_SIZE is increased.
- SCP_BL2 is loaded into the space defined by BL31_BASE ->
BL31_RW_BASE. In order to maintain the same size space for
SCP_BL2,PLAT_ARM_MAX_BL31_SIZE is increased.
Change-Id: I379083f918b40ab1c765da4e71780d89f0058040
Co-Authored-By: David Cunado <david.cunado@arm.com>
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
platform_def.h doesn't need all the definitions in utils.h,
the ones in utils_def.h are enough. This patch is related
to the changes introduced by commit 53d9c9c85b.
Change-Id: I4b2ff237a2d7fe07a7230e0e49b44b3fc2ca8abe
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Earlier patches added errata workarounds 859972 for Cortex-A72, and
859972 for Cortex-A57 CPUs. Explicitly disable the workaround for Juno.
Also reorganize errata workaround flags.
No functional changes.
Change-Id: I3fe3745de57d77e5bf52012826d3969fe5d4844e
Signed-off-by: Eleanor Bonnici <Eleanor.bonnici@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch does the required changes to enable CSS platforms
to build and use the SDS framework. Since SDS is always coupled with
SCMI protocol, the preexisting SCMI build flag is now renamed to
`CSS_USE_SCMI_SDS_DRIVER` which will enable both SCMI and SDS on
CSS platforms. Also some of the workarounds applied for SCMI are
now removed with SDS in place.
Change-Id: I94e8b93f05e3fe95e475c5501c25bec052588a9c
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch factors out common files required for sp_min for all CSS
platforms from the JUNO specific makefile to a the new `css_sp_min.mk`
makefile. This also allows the common build options that affect CSS
platforms to be configured in a central makefile for sp_min.
Change-Id: Ida952d8833b1aa5eda77ae0a6664a4632aeab24c
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
plat_get_my_entrypoint was branching to juno_do_reset_to_aarch_32_state,
which is not supposed to return, and in case of returning it implemented
an infinite loop. The problem was that plat_get_my_entrypoint was using
"b" instead of "bl", so juno_do_reset_to_aarch_32_state was returning to
the caller of plat_get_my_entrypoint instead of stop the system with a
panic.
To avoid this problem juno_do_reset_to_aarch_32_state was modified to
call directly to plat_panic_handler if it tries to return.
Change-Id: I591cf2dd78d27d8568fb15b91366e4b3dce027b5
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
The commit 3eb2d67 optimizes the memory map for BL2 when TSP
is not present. But this also broke OP-TEE as it was reusing
the TSP mapping. This patch fixes this problem by adding a
separate mapping for OP-TEE in the BL2 memory map table.
Change-Id: I130a2ea552b7b62d8478081feb1f4ddf5292a118
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch ensures that the ARM_MAP_TSP_SEC_MEM memory region is mapped
in BL2 only if the TSPD has been included in the build. This saves one
entry in the plat_arm_mmap[] array and avoids to map extra memory when
it's not needed.
Change-Id: I6ae60822ff8f0de198145925b0b0d45355179a94
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
This patch fixes the PLAT_LOG_LEVEL_ASSERT to 40 which corresponds
to LOG_LEVEL_INFO. Having this level of log for assertions means that the
`assert()` will not generate the strings implied in the expression taken
as parameter. This allows to save some memory when Juno is built for
LOG_LEVEL = LOG_LEVEL_VERBOSE and DEBUG = 1.
FixesARM-software/tf-issues#511
Change-Id: Id84a40f803ab07a5a8f6e587167af96694a07d04
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The current definition of ARM_INSTANTIATE_LOCK macro includes a
semicolon, which means it's omitted where it's used. This is anomalous
for a C statement in global scope.
Fix this by removing semicolon from the definition; and where it's a
NOP, declare a file-scoped variable explicitly tagged as unused to avoid
compiler warning.
No functional changes.
Change-Id: I2c1d92ece4777e272a025011e03b8003f3543335
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
If SPD_opteed is defined map ARM_OPTEE_PAGEABLE_LOAD_MEM in bl2 to
allow loading of OP-TEE paged part.
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
At present, the MPIDR validation on FVP relies on MT bit set along
with shifted affinities. This currently is additionally dependent
on the FVP model being of variant C. This however should be based
on the presence of MT bit alone.
This patch makes the change to always assume that the affinities
are shifted in the FVP model when MT bit is present.
Change-Id: I09fcb0126e1b38d29124bdeaf3450a60b95d485d
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
The nor_XXXXX functions may fail due to different reasons, and it
is convenient to do a full check to detect any failure. It is also
a good idea to have a specific function to do a full status check,
because new checks can be added to this function and they will be
incorporated automatically to any function calling it.
Change-Id: I54fed913e37ef574c1608e94139a519426348d12
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
NOR memory only supports setting bits to 1. To clear a bit, set to zero,
the NOR memory needs to be erased.
Change-Id: Ia82eb15a5af9a6d4fc7e5ea2b58e6db87226b351
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
The status register bits remain until explicitly cleared, which means
that a command can be incorrectly considered to have generated an error -
for example, after reset the status register contents may be unknown or
if a previous command had failed.
This patch clears the status register before beginning any command to
be sure that the status register only represents information about the
current operation.
Change-Id: I9e98110ee24179937215461c00b6543a3467b350
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
lock/unlock operation must wait until WSM bit
is set. Since we do not allow to loop forever then these functions
must return an error if WSM bit isn't enabled after a number of tries.
Change-Id: I21c9e292b514b28786ff4a225128bcd8c1bfa999
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Trusted OS may have extra images to be loaded. Load them one by one
and do the parsing. In this patch, ARM TF need to load up to 3 images
for optee os: header, pager and paged images. Header image is the info
about optee os and images. Pager image include pager code and data.
Paged image include the paging parts using virtual memory.
Change-Id: Ia3bcfa6d8a3ed7850deb5729654daca7b00be394
Signed-off-by: Summer Qin <summer.qin@arm.com>
Revision C of the Base FVP has the same memory map as earlier revisions,
but has the following differences:
- Implements CCI550 instead of CCI400,
- Has a single instantiation of SMMUv3,
- CPU MPIDs are shifted left by one level, and has MT bit set in them.
The correct interconnect to program is chosen at run time based on the
FVP revision. Therefore, this patch implements FVP functions for
interconnect programming, rather than depending on ARM generic ones. The
macros used have been renamed to reflect this change.
Additionally, this patch initializes SMMUv3 as part of FVP early
platform setup.
New ARM config flags are introduced for feature queries at run time.
Change-Id: Ic7b7f080953a51fceaf62ce7daa6de0573801f09
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The CCI crash dump macros assumes CCI base at build time. Since this
can't be the case for CCI on FVP, choose not to register dump CCI
registers for FVP.
Change-Id: I7374a037e7fd0a85b138e84b3cf0aa044262da97
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
ARM CPUs with multi-threading implementation has more than one
Processing Element in a single physical CPU. Such an implementation will
reflect the following changes in the MPIDR register:
- The MT bit set;
- Affinity levels pertaining to cluster and CPUs occupy one level
higher than in a single-threaded implementation, and the lowest
affinity level pertains to hardware threads. MPIDR affinity level
fields essentially appear shifted to left than otherwise.
The FVP port henceforth assumes that both properties above to be
concomitant on a given FVP platform.
To accommodate for varied MPIDR formats at run time, this patch
re-implements the FVP platform-specific functions that translates MPIDR
values to a linear indices, along with required validation. The same
treatment is applied for GICv3 MPIDR hashing function as well.
An FVP-specific build option FVP_MAX_PE_PER_CPU is introduced which
specifies the maximum number of threads implemented per CPU. For
backwards compatibility, its value defaults to 1.
Change-Id: I729b00d3e121d16ce9a03de4f9db36dfac580e3f
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The DEVICE2 memory range is needed to access the Root of Trust Public
Key registers. This is not needed when Trusted Board Boot is disabled
so it's safer to not map it in this case. This also saves one level-2
page table in each of BL1 and BL2 images.
Also add some comments.
Change-Id: I67456b44f3fd5e145f6510a8499b7fdf720a7273
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Recent patches to reduce the memory footprint of BL images have
resulted in saving several pages of memory. This patch reduces
the BL2 size limit by 20KB for Juno when ARM_BOARD_OPTIMISE_MEM=1
so that more free space can be freed up for Trusted OS (BL32). Also
SCP_BL2/SCP_BL2U size is now restricted to 80K.
Change-Id: I1573d7a34e24d15e4abce8a14da40dbb5dc81e37
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This fix modifies the order of #includes in ARM standard platforms
to meet the ARM TF coding standard.
Change-Id: Ide19aad6233babda4eea2d17d49e523645fed1b2
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
This patch implements the platform APIs plat_get_rotpk_info,
plat_get_nv_ctr, plat_set_nv_ctr to invoke CryptoCell SBROM
APIs when ARM_CRYPTOCELL_INT is set.
Change-Id: I693556b3c7f42eceddd527abbe6111e499f55c45
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch makes the necessary changes to enable ARM platform to
successfully integrate CryptoCell during Trusted Board Boot. The
changes are as follows:
* A new build option `ARM_CRYPTOCELL_INTEG` is introduced to select
the CryptoCell crypto driver for Trusted Board boot.
* The TrustZone filter settings for Non Secure DRAM is modified
to allow CryptoCell to read this memory. This is required to
authenticate BL33 which is loaded into the Non Secure DDR.
* The CSS platforms are modified to use coherent stacks in BL1 and BL2
when CryptoCell crypto is selected. This is because CryptoCell makes
use of DMA to transfer data and the CryptoCell SBROM library allocates
buffers on the stack during signature/hash verification.
Change-Id: I1e6f6dcd1899784f1edeabfa2a9f279bbfb90e31
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
On Juno AArch32, the L2 cache may contain garbage after the warm reset
from AArch64 to AArch32. This is all fine until the MMU is configured
and the data caches enabled. To avoid fetching stale data from the L2
unified cache, invalidate it before the warm reset to AArch32 state.
Change-Id: I7d27e810692c02c3e83c9f31de67f6bae59a960a
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Before BL2 loads the SCP ram firmware, `SCP_BOOT_CFG_ADDR` specifies
the primary core. After the SCP ram firmware has started executing,
`SCP_BOOT_CFG_ADDR` is modified. This is not normally an issue but
the Juno AArch32 boot flow is a special case. BL1 does a warm reset
into AArch32 and the core jumps to the `sp_min` entrypoint. This is
effectively a `RESET_TO_SP_MIN` configuration. `sp_min` has to be
able to determine the primary core and hence we need to restore
`SCP_BOOT_CFG_ADDR` to the cold boot value before `sp_min` runs.
This magically worked when booting on A53 because the core index was
zero and it just so happened to match with the new value in
`SCP_BOOT_CFG_ADDR`.
Change-Id: I105425c680cf6238948625c1d1017b01d3517c01
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
These errata are only applicable to AArch64 state. See the errata notice
for more details:
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.epm048406/index.html
Introduce the build options ERRATA_A53_835769 and ERRATA_A53_843419.
Enable both of them for Juno.
Apply the 835769 workaround as following:
* Compile with -mfix-cortex-a53-835769
* Link with --fix-cortex-a53-835769
Apply the 843419 workaround as following:
* Link with --fix-cortex-a53-843419
The erratum 843419 workaround can lead the linker to create new sections
suffixed with "*.stub*" and 4KB aligned. The erratum 835769 can lead the
linker to create new "*.stub" sections with no particular alignment.
Also add support for LDFLAGS_aarch32 and LDFLAGS_aarch64 in Makefile for
architecture-specific linker options.
Change-Id: Iab3337e338b7a0a16b0d102404d9db98c154f8f8
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
SPE is only supported in non-secure state. Accesses to SPE specific
registers from SEL1 will trap to EL3. During a world switch, before
`TTBR` is modified the SPE profiling buffers are drained. This is to
avoid a potential invalid memory access in SEL1.
SPE is architecturally specified only for AArch64.
Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
On ARM platforms before exiting from SP_MIN ensure that
the default console is switched to the runtime serial port.
Change-Id: I0ca0d42cc47e345d56179eac16aa3d6712767c9b
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
This patch makes all the defines in the CPU libraries unique,
by prefixing them with the CPU name.
NOTE: PLATFORMS USING THESE MACROS WILL HAVE TO UPDATE THEIR CODE
TO START USING THE UPDATED NAMES
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds the memory map region for the SCMI payload memory
and maps the Juno core indices to SCMI power domains via the
`plat_css_core_pos_to_scmi_dmn_id_map` array.
Change-Id: I0d2bb2a719ff5b6a9d8e22e91e1625ab14453665
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
ARM GIC-600 IP complies with ARM GICv3 architecture, but among others,
implements a power control register in the Redistributor frame. This
register must be programmed to mark the frame as powered on, before
accessing other registers in the frame. Rest of initialization sequence
remains the same.
The driver provides APIs for Redistributor power management, and
overrides those in the generic GICv3 driver. The driver data is shared
between generic GICv3 driver and that of GIC-600.
For FVP platform, the GIC-600 driver is chosen when FVP_USE_GIC_DRIVER
is set to FVP_GIC600. Also update user guide.
Change-Id: I321b2360728d69f6d4b0a747b2cfcc3fe5a20d67
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Both Cortex-A75 and Cortex-A55 CPUs use the ARM DynamIQ Shared Unit
(DSU). The power-down and power-up sequences are therefore mostly
managed in hardware, and required software operations are considerably
simpler.
Change-Id: I68b30e6e1ebe7c041d5e67f39c59f08575fc7ecc
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This function was removed long ago. Remove remaining
pragma reference.
Change-Id: I66c556863d47dc17d2ffdc6c23aa524df6aade80
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
The default case is impossible to hit as the `power_level`
is already checked earlier. Avoids a clang warning.
Change-Id: I707463c843adc748ee9aa1d2313f9ab7dab3a8ab
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
The header tbbr_oid.h contains OIDs obtained by ARM Ltd.
so there is no good reason to use platform_oid.h
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Platforms aligned with TBBR are supposed to use their own OIDs, but
defining the same macros with different OIDs does not provide any
value (at least technically).
For easier use of TBBR, this commit allows platforms to reuse the OIDs
obtained by ARM Ltd. This will be useful for non-ARM vendors that
do not need their own extension fields in their certificate files.
The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h
Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by
defining USE_TBBR_DEFS as 1. USE_TBBR_DEFS is 0 by default to keep the
backward compatibility.
For clarification, I inserted a blank line between headers from the
include/ directory (#include <...>) and ones from a local directory
(#include "..." ).
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The commit abd2aba99e introduced a
regression to the AArch32 sp_min Juno build. This patch fixes that.
Change-Id: I4b141717684d6aee60c761ea17f23170aa6708c3
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch adds `TRUSTED_BOARD_BOOT` support for AArch32 mode.
To build this patch the "mbedtls/include/mbedtls/bignum.h"
needs to be modified to remove `#define MBEDTLS_HAVE_UDBL`
when `MBEDTLS_HAVE_INT32` is defined. This is a workaround
for "https://github.com/ARMmbed/mbedtls/issues/708"
NOTE: TBBR support on Juno AArch32 is not currently supported.
Change-Id: I86d80e30b9139adc4d9663f112801ece42deafcf
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Co-Authored-By: Yatharth Kochar <yatharth.kochar@arm.com>
We used to have the following circular dependency in the FVP platform
header files:
+-> arm_def.h ---> platform_def.h ---> fvp_def.h --+
|__________________________________________________|
This patch breaks it by not including 'arm_def.h' from 'fvp_def.h'.
Change-Id: I280d906559e3343dd38764029e77c0ea768b4fec
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.
NOTE: Files that have been imported by FreeBSD have not been modified.
[0]: https://spdx.org/
Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
utils.h is included in various header files for the defines in it.
Some of the other header files only contain defines. This allows the
header files to be shared between host and target builds for shared defines.
Recently types.h has been included in utils.h as well as some function
prototypes.
Because of the inclusion of types.h conflicts exist building host tools
abd these header files now. To solve this problem,
move the defines to utils_def.h and have this included by utils.h and
change header files to only include utils_def.h and not pick up the new
types.h being introduced.
FixesARM-software/tf-issues#461
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
Remove utils_def.h from utils.h
This patch removes utils_def.h from utils.h as it is not required.
And also makes a minor change to ensure Juno platform compiles.
Change-Id: I10cf1fb51e44a8fa6dcec02980354eb9ecc9fa29
The CSS power management layer previously allowed to suspend system
power domain level via both PSCI CPU_SUSPEND and PSCI SYSTEM_SUSPEND
APIs. System suspend via PSCI CPU_SUSPEND was always problematic to
support because of issues with targeting wakeup interrupts to
suspended cores before the per-cpu GIC initialization is done. This
is not the case for PSCI SYSTEM_SUSPEND API because all the other
cores are expected to be offlined prior to issuing system suspend and
PSCI CPU_ON explicit calls will be made to power them on. Hence the Juno
platform used to downgrade the PSCI CPU_SUSPEND request for system
power domain level to cluster level by overriding the default
`plat_psci_pm_ops` exported by CSS layer.
Given the direction the new CSS platforms are evolving, it is best to
limit the system suspend only via PSCI SYSTEM_SUSPEND API for all
CSS platforms. This patch makes changes to allow system suspend
only via PSCI SYSTEM_SUSPEND API. The override of `plat_psci_ops`
for Juno is removed.
Change-Id: Idb30eaad04890dd46074e9e888caeedc50a4b533
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch adds support for SP_MIN on JUNO platform.
The changes include addition of AArch32 assembly files,
JUNO specific SP_MIN make file and miscellaneous changes
in ARM platform files to enable support for SP_MIN.
Change-Id: Id1303f422fc9b98b9362c757b1a4225a16fffc0b
Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Following steps are required to boot JUNO in AArch32 state:
1> BL1, in AArch64 state, loads BL2.
2> BL2, in AArch64 state, initializes DDR.
Loads SP_MIN & BL33 (AArch32 executable)images.
Calls RUN_IMAGE SMC to go back to BL1.
3> BL1 writes AArch32 executable opcodes, to load and branch
at the entrypoint address of SP_MIN, at HI-VECTOR address and
then request for warm reset in AArch32 state using RMR_EL3.
This patch makes following changes to facilitate above steps:
* Added assembly function to carry out step 3 above.
* Added region in TZC that enables Secure access to the
HI-VECTOR(0xFFFF0000) address space.
* AArch32 image descriptor is used, in BL2, to load
SP_MIN and BL33 AArch32 executable images.
A new flag `JUNO_AARCH32_EL3_RUNTIME` is introduced that
controls above changes. By default this flag is disabled.
NOTE: BL1 and BL2 are not supported in AArch32 state for JUNO.
Change-Id: I091d56a0e6d36663e6d9d2bb53c92c672195d1ec
Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Some header files using the ULL() macro were not directly including
utils.h where the macro definition resides. As a consequence, a linker
script with values using this macro did not see the macro definition
and kept the "ULL(<value>)" call in the preprocessed file, which lead to
link error.
Files using ULL() macro now include utils.h directly.
Change-Id: I433a7f36bd21a156c20e69bc2a2bb406140ebdf9
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
This function fills the buffer (first argument) with the specified
number of bytes (second argument) from the trusted entropy source.
This function will be used to initialize the stack protector canary.
Change-Id: Iff15aaf4778c13fa883ecb5528fcf9b8479d4489
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Introduce new build option ENABLE_STACK_PROTECTOR. It enables
compilation of all BL images with one of the GCC -fstack-protector-*
options.
A new platform function plat_get_stack_protector_canary() is introduced.
It returns a value that is used to initialize the canary for stack
corruption detection. Returning a random value will prevent an attacker
from predicting the value and greatly increase the effectiveness of the
protection.
A message is printed at the ERROR level when a stack corruption is
detected.
To be effective, the global data must be stored at an address
lower than the base of the stacks. Failure to do so would allow an
attacker to overwrite the canary as part of an attack which would void
the protection.
FVP implementation of plat_get_stack_protector_canary is weak as
there is no real source of entropy on the FVP. It therefore relies on a
timer's value, which could be predictable.
Change-Id: Icaaee96392733b721fa7c86a81d03660d3c1bc06
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Juno platform Makefile is responsible for enabling all the relevant
errata. As the Juno platform port does not know which revision of Juno
the TF
is compiled for, the revision of the cores are unknown and so all errata
up to this date are needed on at least one revision of Juno.
Change-Id: I38e1d6efc17e703f2bd55e0714f8d8fa4778f696
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
ARM erratum 855873 applies to all Cortex-A53 CPUs.
The recommended workaround is to promote "data cache clean"
instructions to "data cache clean and invalidate" instructions.
For core revisions of r0p3 and later this can be done by setting a bit
in the CPUACTLR_EL1 register, so that hardware takes care of the promotion.
As CPUACTLR_EL1 is both IMPLEMENTATION DEFINED and can be trapped to EL3,
we set the bit in firmware.
Also we dump this register upon crashing to provide more debug
information.
Enable the workaround for the Juno boards.
Change-Id: I3840114291958a406574ab6c49b01a9d9847fec8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
TLBI instructions for EL3 won't have the desired effect under specific
circumstances in Cortex-A57 r0p0. The workaround is to execute DSB and
TLBI twice each time.
Even though this errata is only needed in r0p0, the current errata
framework is not prepared to apply run-time workarounds. The current one
is always applied if compiled in, regardless of the CPU or its revision.
This errata has been enabled for Juno.
The `DSB` instruction used when initializing the translation tables has
been changed to `DSB ISH` as an optimization and to be consistent with
the barriers used for the workaround.
Change-Id: Ifc1d70b79cb5e0d87e90d88d376a59385667d338
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
On Juno, the secure privileged invasive debug authentication signal
(SPIDEN) is controlled by board SCC registers, which by default enable
SPIDEN. Disable secure privileged external debug in release builds by
programming the appropriate Juno SoC registers.
Change-Id: I61045f09a47dc647bbe95e1b7a60e768f5499f49
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
With GCC 6.2 compiler, more C undefined behaviour is being flagged as
warnings, which result in build errors in ARM TF build.
The specific issue that this patch resolves is the use of (1 << 31),
which is predominantly used in case statements, where 1 is represented
as a signed int. When shifted to msb the behaviour is undefined.
The resolution is to specify 1 as an unsigned int using a convenience
macro ULL(). A duplicate macro MAKE_ULL() is replaced.
FixesARM-software/tf-issues#438
Change-Id: I08e3053bbcf4c022ee2be33a75bd0056da4073e1
Signed-off-by: David Cunado <david.cunado@arm.com>
One nasty part of ATF is some of boolean macros are always defined
as 1 or 0, and the rest of them are only defined under certain
conditions.
For the former group, "#if FOO" or "#if !FOO" must be used because
"#ifdef FOO" is always true. (Options passed by $(call add_define,)
are the cases.)
For the latter, "#ifdef FOO" or "#ifndef FOO" should be used because
checking the value of an undefined macro is strange.
Here, IMAGE_BL* is handled by make_helpers/build_macro.mk like
follows:
$(eval IMAGE := IMAGE_BL$(call uppercase,$(3)))
$(OBJ): $(2)
@echo " CC $$<"
$$(Q)$$(CC) $$(TF_CFLAGS) $$(CFLAGS) -D$(IMAGE) -c $$< -o $$@
This means, IMAGE_BL* is defined when building the corresponding
image, but *undefined* for the other images.
So, IMAGE_BL* belongs to the latter group where we should use #ifdef
or #ifndef.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Earlier patches introduced GIC Redistributor power management for ARM
platforms. This patch modifies FVP power management to power down
Redistributor during CPU power on/off.
Change-Id: I2adb9c50a7dd750019fe3b4e576b5d5fc364bffb
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch enables TRUSTED_BOARD_BOOT (Authentication and FWU)
support, for AArch64, when LOAD_IMAGE_V2 is enabled.
This patch also enables LOAD_IMAGE_V2 for ARM platforms.
Change-Id: I294a2eebce7a30b6784c80c9d4ac7752808ee3ad
Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>
The capabilities exposed by the PSCI generic layer depends on the hooks
populated by the platform in `plat_arm_psci_pm_ops`. Currently ARM
Standard platforms statically define this structure. However, some
platforms may want to modify the hooks at runtime before registering
them with the generic layer.
This patch introduces a new ARM platform layer API
`plat_arm_psci_override_pm_ops` which allows the platform to probe
the power controller and modify `plat_arm_psci_pm_ops` if required.
Consequently, 'plat_arm_psci_pm_ops' is no longer qualified as
`const` on ARM Standard platforms.
Change-Id: I7dbb44b7bd36c20ec14ded5ee45a96816ca2ab9d
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
There are many instances in ARM Trusted Firmware where control is
transferred to functions from which return isn't expected. Such jumps
are made using 'bl' instruction to provide the callee with the location
from which it was jumped to. Additionally, debuggers infer the caller by
examining where 'lr' register points to. If a 'bl' of the nature
described above falls at the end of an assembly function, 'lr' will be
left pointing to a location outside of the function range. This misleads
the debugger back trace.
This patch defines a 'no_ret' macro to be used when jumping to functions
from which return isn't expected. The macro ensures to use 'bl'
instruction for the jump, and also, for debug builds, places a 'nop'
instruction immediately thereafter (unless instructed otherwise) so as
to leave 'lr' pointing within the function range.
Change-Id: Ib34c69fc09197cfd57bc06e147cc8252910e01b0
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This prevents a warning being emitted in the console during FVP
configuration setup when using the Foundation FVP 9.6 onwards.
Change-Id: I685b8bd0dbd0119af4b0cb3f7d708fcc08e99561
This patch adds ARM Cortex-A32 MPCore Processor support
in the CPU specific operations framework. It also includes
this support for the Base FVP port.
Change-Id: If3697b88678df737c29f79cf3fa1ea2cb6fa565d
This patch adds support in SP_MIN to receive generic and
platform specific arguments from BL2.
The new signature is as following:
void sp_min_early_platform_setup(void *from_bl2,
void *plat_params_from_bl2);
ARM platforms have been modified to use this support.
Note: Platforms may break if using old signature.
Default value for RESET_TO_SP_MIN is changed to 0.
Change-Id: I008d4b09fd3803c7b6231587ebf02a047bdba8d0
This patch adds ARM platform changes in BL2 for AArch32 state.
It instantiates a descriptor array for ARM platforms describing
image and entrypoint information for `SCP_BL2`, `BL32` and `BL33`.
It also enables building of BL2 for ARCH=aarch32.
Change-Id: I60dc7a284311eceba401fc789311c50ac746c51e
This patch adds ARM platform changes in BL1 for AArch32 state.
It also enables building of BL1 for ARCH=aarch32.
Change-Id: I079be81a93d027f37b0f7d8bb474b1252bb4cf48
This patch adds common changes to support AArch32 state in
BL1 and BL2. Following are the changes:
* Added functions for disabling MMU from Secure state.
* Added AArch32 specific SMC function.
* Added semihosting support.
* Added reporting of unhandled exceptions.
* Added uniprocessor stack support.
* Added `el3_entrypoint_common` macro that can be
shared by BL1 and BL32 (SP_MIN) BL stages. The
`el3_entrypoint_common` is similar to the AArch64
counterpart with the main difference in the assembly
instructions and the registers that are relevant to
AArch32 execution state.
* Enabled `LOAD_IMAGE_V2` flag in Makefile for
`ARCH=aarch32` and added check to make sure that
platform has not overridden to disable it.
Change-Id: I33c6d8dfefb2e5d142fdfd06a0f4a7332962e1a3
This patch adds changes in ARM platform code to use new
version of image loading.
Following are the major changes:
-Refactor the signatures for bl31_early_platform_setup()
and arm_bl31_early_platform_setup() function to use
`void *` instead of `bl31_params_t *`.
-Introduce `plat_arm_bl2_handle_scp_bl2()` to handle
loading of SCP_BL2 image from BL2.
-Remove usage of reserve_mem() function from
`arm_bl1_early_platform_setup()`
-Extract BL32 & BL33 entrypoint info, from the link list
passed by BL2, in `arm_bl31_early_platform_setup()`
-Provides weak definitions for following platform functions:
plat_get_bl_image_load_info
plat_get_next_bl_params
plat_flush_next_bl_params
bl2_plat_handle_post_image_load
-Instantiates a descriptor array for ARM platforms
describing image and entrypoint information for
`SCP_BL2`, `BL31`, `BL32` and `BL33` images.
All the above changes are conditionally compiled using the
`LOAD_IMAGE_V2` flag.
Change-Id: I5e88b9785a3df1a2b2bbbb37d85b8e353ca61049
This patch implements CSS platform hook to support NODE_HW_STATE PSCI
API. The platform hook queries SCP to obtain CSS power state. Power
states returned by SCP are then converted to expected PSCI return codes.
Juno's PSCI operation structure is modified to use the CSS
implementation.
Change-Id: I4a5edac0e5895dd77b51398cbd78f934831dafc0
This patch implements FVP platform hook to support NODE_HW_STATE PSCI
API. The platform hook validates the given MPIDR and reads corresponding
status from FVP power controller, and returns expected values for the
PSCI call.
Change-Id: I286c92637da11858db2c8aba8ba079389032de6d
This patch adds a WFI instruction in the default implementations of
plat_error_handler() and plat_panic_handler(). This potentially reduces
power consumption by allowing the hardware to enter a low-power state.
The same change has been made to the FVP and Juno platform ports.
Change-Id: Ia4e6e1e5bf1ed42efbba7d0ebbad7be8d5f9f173
This patch implements the support for SP_MIN in FVP. The SP_MIN platform
APIs are implemented and the required makefile support is added for FVP.
Change-Id: Id50bd6093eccbd5e38894e3fd2b20d5baeac5452
This patch adds AArch32 support for FVP and implements common platform APIs
like `plat_get_my_stack`, `plat_set_my_stack`, `plat_my_core_cos` for AArch32.
Only Multi Processor(MP) implementations of these functions are considered in
this patch. The ARM Standard platform layer helpers are implemented for
AArch32 and the common makefiles are modified to cater for both AArch64 and
AArch32 builds. Compatibility with the deprecated platform API is not
supported for AArch32.
Change-Id: Iad228400613eec91abf731b49e21a15bcf2833ea
This patch migrates the upstream platform makefiles to include the
console drivers from the new location in ARM Trusted Firmware code
base.
Change-Id: I866d6c4951e475de1f836ce8a8c1d5e6da9577e3
Compile option `ARM_BOARD_OPTIMISE_MMAP` has been renamed to
`ARM_BOARD_OPTIMISE_MEM` because it now applies not only to defines
related to the translation tables but to the image size as well.
The defines `PLAT_ARM_MAX_BL1_RW_SIZE`, `PLAT_ARM_MAX_BL2_SIZE` and
`PLAT_ARM_MAX_BL31_SIZE` have been moved to the file board_arm_def.h.
This way, ARM platforms no longer have to set their own values if
`ARM_BOARD_OPTIMISE_MEM=0` and they can specify optimized values
otherwise. The common sizes have been set to the highest values used
for any of the current build configurations.
This is needed because in some build configurations some images are
running out of space. This way there is a common set of values known
to work for all of them and it can be optimized for each particular
platform if needed.
The space reserved for BL2 when `TRUSTED_BOARD_BOOT=0` has been
increased. This is needed because when memory optimisations are
disabled the values for Juno of `PLAT_ARM_MMAP_ENTRIES` and
`MAX_XLAT_TABLES` are higher. If in this situation the code is
compiled in debug mode and with "-O0", the code won't fit.
Change-Id: I70a3d8d3a0b0cad1d6b602c01a7ea334776e718e
This patch reworks type usage in generic code, drivers and ARM platform files
to make it more portable. The major changes done with respect to
type usage are as listed below:
* Use uintptr_t for storing address instead of uint64_t or unsigned long.
* Review usage of unsigned long as it can no longer be assumed to be 64 bit.
* Use u_register_t for register values whose width varies depending on
whether AArch64 or AArch32.
* Use generic C types where-ever possible.
In addition to the above changes, this patch also modifies format specifiers
in print invocations so that they are AArch64/AArch32 agnostic. Only files
related to upcoming feature development have been reworked.
Change-Id: I9f8c78347c5a52ba7027ff389791f1dad63ee5f8
On ARM CSS platforms, the whole flash used to be mapped as executable.
This is not required, given that the flash is used to store the BL1
and FIP images and:
- The FIP is not executed in place, its images are copied to RAM
and executed from there.
- BL1 is executed in place from flash but only its code needs to be
mapped as executable and platform code takes care of re-mapping
BL1's read-only section as executable.
Therefore, this patch now maps the flash as non-executable by default
on these platforms. This increases security by restricting the
executable region to what is strictly needed.
This patch also adds some comments to clarify the memory mapping
attributes on these platforms.
Change-Id: I4db3c145508bea1f43fbe0f6dcd551e1aec1ecd3
This patch introduces the arm_setup_page_tables() function to
set up page tables on ARM platforms. It replaces the
arm_configure_mmu_elx() functions and does the same thing except
that it doesn't enable the MMU at the end. The idea is to reduce
the amount of per-EL code that is generated by the C preprocessor
by splitting the memory regions definitions and page tables creation
(which is generic) from the MMU enablement (which is the only per-EL
configuration).
As a consequence, the call to the enable_mmu_elx() function has been
moved up into the plat_arch_setup() hook. Any other ARM standard
platforms that use the functions `arm_configure_mmu_elx()` must be
updated.
Change-Id: I6f12a20ce4e5187b3849a8574aac841a136de83d
This patch enables optional PSCI functions `PSCI_STAT_COUNT` and
`PSCI_STAT_RESIDENCY` for ARM standard platforms. The optional platform
API 'translate_power_state_by_mpidr()' is implemented for the Juno
platform. 'validate_power_state()' on Juno downgrades PSCI CPU_SUSPEND
requests for the system power level to the cluster power level.
Hence, it is not suitable for validating the 'power_state' parameter
passed in a PSCI_STAT_COUNT/RESIDENCY call.
Change-Id: I9548322676fa468d22912392f2325c2a9f96e4d2
Replaced placeholder implementation of plat_set_nv_ctr for FVP
platforms by a working one.
On FVP, the mapping of region DEVICE2 has been changed from RO to RW
to prevent exceptions when writing to the NV counter, which is
contained in this region.
Change-Id: I56a49631432ce13905572378cbdf106f69c82f57
This patch adds ARM Cortex-A73 MPCore Processor support
in the CPU specific operations framework. It also includes
this support for the Base FVP port.
Change-Id: I0e26b594f2ec1d28eb815db9810c682e3885716d
This patch adds support to select CCN driver for FVP during build.
A new build option `FVP_INTERCONNECT_DRIVER` is added to allow
selection between the CCI and CCN driver. Currently only the CCN-502
variant is supported on FVP.
The common ARM CCN platform helper file now verifies the cluster
count declared by platform is equal to the number of root node
masters exported by the ARM Standard platform.
Change-Id: I71d7b4785f8925ed499c153b2e9b9925fcefd57a
Added a build flag to select the generic delay timer on FVP instead
of the SP804 timer. By default, the generic one will be selected. The
user guide has been updated.
Change-Id: Ica34425c6d4ed95a187b529c612f6d3b26b78bc6
This patch changes the default driver for FVP platform from the deprecated
GICv3 legacy to the GICv3 only driver. This means that the default build of
Trusted Firmware will not be able boot Linux kernel with GICv2 FDT blob. The
user guide is also updated to reflect this change of default GIC driver for
FVP.
Change-Id: Id6fc8c1ac16ad633dabb3cd189b690415a047764
This patch removes support for legacy Versatile Express memory map for the
GIC peripheral in the FVP platform. The user guide is also updated for the
same.
Change-Id: Ib8cfb819083aca359e5b46b5757cb56cb0ea6533
It is up to the platform to implement the new plat_crash_print_regs macro to
report all relevant platform registers helpful for troubleshooting.
plat_crash_print_regs merges or calls previously defined plat_print_gic_regs
and plat_print_interconnect_regs macros for each existing platforms.
NOTE: THIS COMMIT REQUIRES ALL PLATFORMS THAT ENABLE THE `CRASH_REPORTING`
BUILD FLAG TO MIGRATE TO USE THE NEW `plat_crash_print_regs()` MACRO. BY
DEFAULT, `CRASH_REPORTING` IS ENABLED IN DEBUG BUILDS FOR ALL PLATFORMS.
Fixes: arm-software/tf-issues#373
Signed-off-by: Gerald Lejeune <gerald.lejeune@st.com>
This patch modifies the upstream platform port makefiles to use the new
xlat_tables library files. This patch also makes mmap region setup common
between AArch64 and AArch32 for FVP platform port. The file `fvp_common.c`
is moved from the `plat/arm/board/fvp/aarch64` folder to the parent folder
as it is not specific to AArch64.
Change-Id: Id2e9aac45e46227b6f83cccfd1e915404018ea0b
This patch adds support for non-volatile counter authentication to
the Authentication Module. This method consists of matching the
counter values provided in the certificates with the ones stored
in the platform. If the value from the certificate is lower than
the platform, the boot process is aborted. This mechanism protects
the system against rollback.
The TBBR CoT has been updated to include this method as part of the
authentication process. Two counters are used: one for the trusted
world images and another for the non trusted world images.
** NEW PLATFORM APIs (mandatory when TBB is enabled) **
int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr);
This API returns the non-volatile counter value stored
in the platform. The cookie in the first argument may be
used to select the counter in case the platform provides
more than one (i.e. TBSA compliant platforms must provide
trusted and non-trusted counters). This cookie is specified
in the CoT.
int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr);
This API sets a new counter value. The cookie may be
used to select the counter to be updated.
An implementation of these new APIs for ARM platforms is also
provided. The values are obtained from the Trusted Non-Volatile
Counters peripheral. The cookie is used to pass the extension OID.
This OID may be interpreted by the platform to know which counter
must return. On Juno, The trusted and non-trusted counter values
have been tied to 31 and 223, respectively, and cannot be modified.
** IMPORTANT **
THIS PATCH BREAKS THE BUILD WHEN TRUSTED_BOARD_BOOT IS ENABLED. THE
NEW PLATFORM APIs INTRODUCED IN THIS PATCH MUST BE IMPLEMENTED IN
ORDER TO SUCCESSFULLY BUILD TF.
Change-Id: Ic943b76b25f2a37f490eaaab6d87b4a8b3cbc89a
This patch adds an option to the ARM common platforms to load BL31 in the
TZC secured DRAM instead of the default secure SRAM.
To enable this feature, set `ARM_BL31_IN_DRAM` to 1 in build options.
If TSP is present, then setting this option also sets the TSP location
to DRAM and ignores the `ARM_TSP_RAM_LOCATION` build flag.
To use this feature, BL2 platform code must map in the DRAM used by
BL31. The macro ARM_MAP_BL31_SEC_DRAM is provided for this purpose.
Currently, only the FVP BL2 platform code maps in this DRAM.
Change-Id: If5f7cc9deb569cfe68353a174d4caa48acd78d67
Added a new platform porting function plat_panic_handler, to allow
platforms to handle unexpected error situations. It must be
implemented in assembly as it may be called before the C environment
is initialized. A default implementation is provided, which simply
spins.
Corrected all dead loops in generic code to call this function
instead. This includes the dead loop that occurs at the end of the
call to panic().
All unnecesary wfis from bl32/tsp/aarch64/tsp_exceptions.S have
been removed.
Change-Id: I67cb85f6112fa8e77bd62f5718efcef4173d8134
`board_arm_def.h` contains multiple definitions of
`PLAT_ARM_MMAP_ENTRIES` and `MAX_XLAT_TABLES` that are optimised for
memory usage depending upon the chosen build configuration. To ease
maintenance of these constants, this patch replaces their multiple
definitions with a single set of definitions that will work on all ARM
platforms.
Platforms can override the defaults with optimal values by enabling the
`ARM_BOARD_OPTIMISE_MMAP` build option. An example has been provided in
the Juno ADP port.
Additionally, `PLAT_ARM_MMAP_ENTRIES` is increased by one to accomodate
future ARM platforms.
Change-Id: I5ba6490fdd1e118cc9cc2d988ad7e9c38492b6f0
Roberto Vargas
Dimitris Papastamos
Isla Mitchell
Soby Mathew
Antonio Nino Diaz
Chris Kay
Summer Qin
Amit Daniel Kachhap
David Cunado
Nariman Poushin
Jonathan Wright
Wang Feng
Joel Hutton
Jeenu Viswambharan
Sandrine Bailleux
Qixiang Xu
Eleanor Bonnici
danh-arm
Jens Wiklander
Douglas Raillard
Varun Wadekar
David Wang
Masahiro Yamada
Scott Branden
Scott Branden
Yatharth Kochar
Andre Przywara
Gerald Lejeune
Juan Castillo
Vikram Kanigiri