Double fault is when the PE receives another error whilst one is being
handled. To detect double fault condition, a per-CPU flag is introduced
to track the status of error handling. The flag is checked/modified
while temporarily masking external aborts on the PE.
This patch routes double faults to a separate platform-defined handler.
Change-Id: I70e9b7ba4c817273c55a0af978d9755ff32cc702
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Uncontainable errors are the most severe form of errors, which typically
mean that the system state can't be trusted any more. This further means
that normal error recovery process can't be followed, and an orderly
shutdown of the system is often desirable.
This patch allows for the platform to define a handler for Uncontainable
errors received. Due to the nature of Uncontainable error, the handler
is expected to initiate an orderly shutdown of the system, and therefore
is not expected to return. A default implementation is added which falls
back to platform unhandled exception.
Also fix ras_arch.h header guards.
Change-Id: I072e336a391a0b382e77e627eb9e40729d488b55
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
RAS handling flows might involve using setjmp/longjump calls introduced
in earlier patches; therefore, it'd be good to make sure the stack has
been unwound completely after the handling.
This patch inserts ASM assertions on the RAS handling path to validate
stack.
Change-Id: I59d40d3122010c977cdeab3cce3160f3909e7e69
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
A new file ea_delegate.S is introduced, and all EA-related functions are
moved into it. This makes runtime_exceptions.S less crowded and reads
better.
No functional changes.
Change-Id: I64b653b3931984cffd420563f8e8d1ba263f329f
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Running optee_test failed because SEC_DRAM0_SIZE is too small. Previous
is 2 MB. We enlarge it to 11 MB for passing the test. Also we reduce
the NS_DRAM0_SIZE from 13MB to 4MB so that the whole section is still
fit in 16MB.
This commit also modified the document to reflect the changes we've
made in code.
Tested-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Implement minimal interrupt routing functions. All interrupts are
treated as non-secure interrupts to be handled by the non-secure world.
Add note to the documentation about disabling FIQs qhen using OP-TEE
with Linux.
Change-Id: I937096542d973925e43ae946c5d0b306d0d95a94
Tested-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The ARM_INSTANTIATE_LOCK macro defines a lock meant to be further
manipulated using the arm_lock_init/get/release() macros. It has 2
variants, depending on the BL image it is compiled for. One version
defines the lock variable with internal linkage whereas the other one,
with external linkage.
Code that uses these macros is not compliant with MISRA rule 8.4 because
when using the external linkage version, there is no visible declaration
for the lock variable.
This patch defines the arm_lock variable with internal linkage in both
cases. This fits well the way these macros are used in the code today,
where the lock is not used outside of the translation unit it is
defined in.
Change-Id: I213a74a2a6088a4f1e9a61a319ca7579c2001320
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The plat_arm_mmap variable is already declared in plat_arm.h, which is
included from plat/arm/common/arm_common.c.
Similarly, plat_arm.h declares the 'plat_arm_psci_pm_ops' variable, which
does not need to be declared again in plat/arm/common/arm_pm.c.
The duplication was not compliant with MISRA rule 8.5.
Change-Id: Icc42547cc025023226b1078a7ec4f06d093364b7
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
This check was added to ensure the correct behaviour of fill_constants
macro. This macro has been verified and it is known his correct
behaviour. The check generates an error when the clang assembler is
used, so it is better to remove the check.
Change-Id: I3447ff9e9e5ee5cf0502f65e53c3d105d9396b8b
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
This directive is not implemented by clang assembler. The traditional
way to implement structs in assembly is using two macros for every field,
one for the offset, and another one for the size. For every field, the
offset can be calculated using the size and offset of the previous field.
Change-Id: Iacc6781e8f302fb925898737b8e85ab4e88a51cc
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Check_vector_size checks if the size of the vector fits
in the size reserved for it. This check creates problems in
the Clang assembler. A new macro, end_vector_entry, is added
and check_vector_size is deprecated.
This new macro fills the current exception vector until the next
exception vector. If the size of the current vector is bigger
than 32 instructions then it gives an error.
Change-Id: Ie8545cf1003a1e31656a1018dd6b4c28a4eaf671
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
These directives are only used when stabs debugging information
is used, but we use ELF which uses DWARF debugging information.
Clang assembler doesn't support these directives, and removing
them makes the code more compatible with clang.
Change-Id: I2803f22ebd24c0fe248e04ef1b17de9cec5f89c4
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
This patch allows the user to override the value of the LD Makefile
variable. This feature can be used to force the use of the new Clang
linker.
Change-Id: I97ffeb18e48fa75346702a479d7dc1e8abcb3621
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
These sections are required by clang when the code is compiled for
aarch32. These sections are related to the unwind of the stack in
exceptions, but in the way that clang defines and uses them, the
garbage collector cannot get rid of them.
Change-Id: I085efc0cf77eae961d522472f72c4b5bad2237ab
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Clang linker doesn't support NEXT. As we are not using the MEMORY command
to define discontinuous memory for the output file in any of the linker
scripts, ALIGN and NEXT are equivalent.
Change-Id: I867ffb9c9a76d4e81c9ca7998280b2edf10efea0
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
The user guide didn't contain any information about the
requirements of the clang version needed by TF, which is
at least 4.0.
Change-Id: I1ea120aca0fb2c0950fbeaf6978c654ec277afde
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined
Fixed for:
make DEBUG=1 PLAT=juno SPD=tspd CSS_USE_SCMI_SDS_DRIVER=1 all
Change-Id: Id732c8df12ef3e20903c41b7ab9a9b55341d68ac
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.3: All declarations of an object or function shall
use the same names and type qualifiers.
Fixed for:
make DEBUG=1 PLAT=juno SPD=tspd CSS_USE_SCMI_SDS_DRIVER=1 all
Change-Id: Id9dcc6238b39fac6046abc28141e3ef5e7aa998d
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined
Fixed for:
make DEBUG=1 PLAT=juno ARCH=aarch32 AARCH32_SP=sp_min RESET_TO_SP_MIN=1 JUNO_AARCH32_EL3_RUNTIME=1 bl32
Change-Id: I3ac25096b55774689112ae37bdf1222f9a9ecffb
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.3: All declarations of an object or function shall
use the same names and type qualifiers.
Fixed for:
make DEBUG=1 PLAT=juno ARCH=aarch32 AARCH32_SP=sp_min RESET_TO_SP_MIN=1 JUNO_AARCH32_EL3_RUNTIME=1 bl32
Change-Id: Ia34f5155e1cdb67161191f69e8d1248cbaa39e1a
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Add paragraph for how to enable Trusted Board Boot for rpi3
Tested-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
For Trusted Board Boot we enlarge the BL1 size from 64k to 128k.
Tested-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
This patch adds support for TBB to rpi3. The ROTPK is generated at build
time and is included into BL1/BL2. The key and content certificates are
read over semihosting.
Tested-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
A proper link to Samuel's github page was missing. Add this to make
the link actually work.
Change-Id: I68b116935bf045df60b2e9309b5fd58a1c694d47
Signed-off-by: Andre Przywara <andre.przywara@arm.com>