Due to differences in the bitfields of the SMC IDs, it is not possible
to support SMCCC 1.X and 2.0 at the same time.
The behaviour of `SMCCC_MAJOR_VERSION` has changed. Now, it is a build
option that specifies the major version of the SMCCC that the Trusted
Firmware supports. The only two allowed values are 1 and 2, and it
defaults to 1. The value of `SMCCC_MINOR_VERSION` is derived from it.
Note: Support for SMCCC v2.0 is an experimental feature to enable
prototyping of secure partition specifications. Support for this
convention is disabled by default and could be removed without notice.
Change-Id: I88abf9ccf08e9c66a13ce55c890edea54d9f16a7
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined
Fixed for:
make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \
GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all
Change-Id: Ie4cd6011b3e4fdcdd94ccb97a7e941f3b5b7aeb8
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.3: All declarations of an object or function shall
use the same names and type qualifiers
Fixed for:
make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \
GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all
Change-Id: Ia34fe1ae1f142e89c9a6c19831e3daf4d28f5831
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.5: An external object or function shall be declared
once in one and only one file.
Change-Id: I7c3d4ec7d3ba763fdb4600008ba10b4b93ecdfce
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
A fix for errata 843419 may be available in revision r0p4 of the
Cortex-A53 processor. The presence of the fix is determined by checking
bit 8 in the REVIDR register.
If the fix is present we report ERRATA_NOT_APPLIES which silences the
erroneous 'missing workaround' warning.
Change-Id: Ibd2a478df3e2a6325442a6a48a0bb0259dcfc1d7
Signed-off-by: Jonathan Wright <jonathan.wright@arm.com>
This patch allows the ARM Platforms to specify the TZC regions to be
specified to the ARM TZC helpers in arm_tzc400.c and arm_tzc_dmc500.c.
If the regions are not specified then the default TZC region will be
configured by these helpers.
This override mechanism allows specifying special regions for TZMP1
usecase.
Signed-off-by: Summer Qin <summer.qin@arm.com>
Some low end platforms using DMC500 memory controller do not have
CCI(Cache Coherent Interconnect) interface and only have non-coherent
system interface support. Hence this patch makes the system interface
count configurable from the platforms.
Change-Id: I6d54c90eb72fd18026c6470c1f7fd26c59dc4b9a
Signed-off-by: Amit Daniel Kachhap <amit.kachhap@arm.com>
For the adr instruction, it require the label's offset from the
address of this instruction must be in the range +/-1MB. If the
option "BL2_IN_XIP_MEM" is set to '1', in some cases, BL2's RW
memory will not in the range of +/-1MB from BL2's RO memory region.
so we need to use ldr instruction to cover this case.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
In some use-cases BL2 will be stored in eXecute In Place (XIP) memory,
like BL1. In these use-cases, it is necessary to initialize the RW sections
in RAM, while leaving the RO sections in place. This patch enable this
use-case with a new build option, BL2_IN_XIP_MEM. For now, this option
is only supported when BL2_AT_EL3 is 1.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Use the console_pl011_core_* functions directly in the crash console
callbacks.
This bypasses the MULTI_CONSOLE_API for the crash console (UART1), but
allows using the crash console before the C runtime has been initialized
(eg to call ASM_ASSERT). This retains backwards compatibility with respect
to functionality when the old API is used.
Use the MULTI_CONSOLE_API to register UART0 as the boot and runtime
console.
FixesARM-software/tf-issues#572
Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>
Void pointers have been used to access linker symbols, by declaring an
extern pointer, then taking the address of it. This limits symbols
values to aligned pointer values. To remove this restriction an
IMPORT_SYM macro has been introduced, which declares it as a char
pointer and casts it to the required type.
Change-Id: I89877fc3b13ed311817bb8ba79d4872b89bfd3b0
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
- Interrupt configuration is a 2-bit field, so the field shift has to
be double that of the bit number.
- Interrupt configuration (level- or edge-trigger) is specified in the
MSB of the field, not LSB.
Fixes applied to both GICv2 and GICv3 drivers.
FixesARM-software/tf-issues#570
Change-Id: Ia6ae6ed9ba9fb0e3eb0f921a833af48e365ba359
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Add crash_console_init declaration to console.h
Only enable MULTI_CONSOLE_API for AArch64
FixesARM-software/tf-issues#571
Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>
When the source code says 'SMCC' it is talking about the SMC Calling
Convention. The correct acronym is SMCCC. This affects a few definitions
and file names.
Some files have been renamed (smcc.h, smcc_helpers.h and smcc_macros.S)
but the old files have been kept for compatibility, they include the
new ones with an ERROR_DEPRECATED guard.
Change-Id: I78f94052a502436fdd97ca32c0fe86bd58173f2f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
When querying `SMCCC_ARCH_WORKAROUND_1` through `SMCCC_ARCH_FEATURES`,
return either:
* -1 to indicate the PE on which `SMCCC_ARCH_FEATURES` is called
requires firmware mitigation for CVE-2017-5715 but the mitigation
is not compiled in.
* 0 to indicate that firmware mitigation is required, or
* 1 to indicate that no firmware mitigation is required.
This patch complies with v1.2 of the firmware interfaces
specification (ARM DEN 0070A).
Change-Id: Ibc32d6620efdac6c340758ec502d95554a55f02a
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
If the CSV2 field reads as 1 then branch targets trained in one
context cannot affect speculative execution in a different context.
In that case skip the workaround on Cortex A72 and A73.
Change-Id: Ide24fb6efc77c548e4296295adc38dca87d042ee
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
This patch removes default platform implementations of sp_min
platform APIs from plat/common/aarch32/plat_common.c. The APIs
are now implemented in `plat_sp_min_common.c` file within the
same folder.
The ARM platform layer had a weak definition of sp_min_platform_setup2()
which conflicted with the weak definition in the common file. Hence this
patch fixes that by introducing a `plat_arm_` version of the API thus
allowing individual boards within ARM platforms to override it if they
wish to.
FixesARM-software/tf-issues#559
Change-Id: I11a74ecae8191878ccc7ea03f12bdd5ae88faba5
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Emit runtime warnings when intializing the GIC drivers using the
deprecated method of defining integer interrupt arrays in the GIC driver
data structures; interrupt_prop_t arrays should be used instead. This
helps platforms detect that they have migration work to do. Previously,
no warning was emitted in this case. This affects both the GICv2 and GICv3
drivers.
Also use the __deprecated attribute to emit a build time warning if these
deprecated fields are used. These warnings are suppressed in the GIC
driver compatibility functions but will be visible if platforms use them.
Change-Id: I6b6b8f6c3b4920c448b6dcb82fc18442cfdf6c7a
Signed-off-by: Dan Handley <dan.handley@arm.com>
For platforms that have not migrated to MULTI_CONSOLE_API == 1, there
are a lot of confusing deprecated declaration warnings relating to
use of console_init() and console_uninit(). Some of these relate to use
by the generic code, not the platform code. These functions are not really
deprecated but *removed* when MULTI_CONSOLE_API == 1.
This patch consolidates these warnings into a single preprocessor warning.
The __deprecated attribute is removed from the console_init() and
console_uninit() declarations.
For preprocessor warnings like this to not cause fatal build errors,
this patch adds -Wno-error=cpp to the build flags when
ERROR_DEPRECATED == 0.
This option (and -Wno-error=deprecated-declarations) is now added to
CPPFLAGS instead of TF_CFLAGS to ensure the build flags are used in the
assembler as well as the compiler.
This patch also disentangles the MULTI_CONSOLE_API and ERROR_DEPRECATED
build flags by defaulting MULTI_CONSOLE_API to 0 instead of
ERROR_DEPRECATED. This allows platforms that have not migrated to
MULTI_CONSOLE_API to use ERROR_DEPRECATED == 1 to emit a more meaningful
build error.
Finally, this patch bans use of MULTI_CONSOLE_API == 1 and AARCH32, since
the AArch32 console implementation does not support
MULTI_CONSOLE_API == 1.
Change-Id: If762165ddcb90c28aa7a4951aba70cb15c2b709c
Signed-off-by: Dan Handley <dan.handley@arm.com>
Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined
Fixed for:
make DEBUG=1 PLAT=juno LOG_LEVEL=50 all
Change-Id: Ic8f611da734f356566e8208053296e6c62b54709
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined
Fixed for:
make DEBUG=1 PLAT=fvp LOG_LEVEL=50 all
Change-Id: I7c2ad3f5c015411c202605851240d5347e4cc8c7
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.3: All declarations of an object or function shall
use the same names and type qualifiers.
Fixed for:
make DEBUG=1 PLAT=fvp LOG_LEVEL=50 all
Change-Id: I48201c9ef022f6bd42ea8644529afce70f9b3f22
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined.
Change-Id: I26e042cb251a6f9590afa1340fdac73e42f23979
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.3: All declarations of an object or function shall
use the same names and type qualifiers.
Change-Id: Iff384187c74a598a4e73f350a1893b60e9d16cec
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
MISRA C-2012 Rule 7.3 violation: lowercase l shall not be used as literal suffixes.
This patch resolves this for the ULL() macro by using ULL suffix instead
of the ull suffix.
Change-Id: Ia8183c399e74677e676956e8653e82375d0e0a01
Signed-off-by: David Cunado <david.cunado@arm.com>
When a Yielding SMC is preempted, it's possible that Non-secure world is
resumed afterwards. In this case, Non-secure execution would find itself
in a state where the SMC has returned. However, the dispatcher might not
get an opportunity to populate the corrected return code for having
been preempted, and therefore the caller of the Yielding SMC cannot
reliably determine whether the SMC had successfully completed or had
been preempted.
To solve this, this patch introduces a new parameter to the
ehf_allow_ns_preemption() API. An SPD, through this parameter, would
provide the expected error code when a Yielding SMC is preempted. EHF
can then populate the specified value in x0 of the Non-secure context so
that the caller of the Yielding SMC correctly identifies the SMC return
as a preemption.
Documentation updates to follow.
Change-Id: Ia9c3f8f03f9d72d81aa235eaae2ee0374b972e1e
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch also fixes the assumption that the counters are disabled on
the resume path. This is incorrect as the AMU counters are enabled
early in the CPU reset function before `cpuamu_context_restore()`
runs.
Change-Id: I38a94eb166a523f00de18e86860434ffccff2131
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
This patch also fixes `cpuamu_write_cpuamcntenclr_el0()` to use an MSR
instruction instead of an MRS instruction.
Change-Id: Ia6531f64b5ebc60ba432124eaa8d8eaccba40ed0
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Implement helpers to test if the core supports SPE/SVE. We have a
similar helper for AMU and this patch makes all extensions consistent
in their implementation.
Change-Id: I3e6f7522535ca358259ad142550b19fcb883ca67
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
When the MMU is enabled and the translation tables are mapped, data
read/writes to the translation tables are made using the attributes
specified in the translation tables themselves. However, the MMU
performs table walks with the attributes specified in TCR_ELx. They are
completely independent, so special care has to be taken to make sure
that they are the same.
This has to be done manually because it is not practical to have a test
in the code. Such a test would need to know the virtual memory region
that contains the translation tables and check that for all of the
tables the attributes match the ones in TCR_ELx. As the tables may not
even be mapped at all, this isn't a test that can be made generic.
The flags used by enable_mmu_xxx() have been moved to the same header
where the functions are.
Also, some comments in the linker scripts related to the translation
tables have been fixed.
Change-Id: I1754768bffdae75f53561b1c4a5baf043b45a304
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The patch adds the necessary changes to load HW_CONFIG in BL2 for
ARM Platforms :
1. The load address of HW_CONFIG is specified via the `hw_config_addr`
property in TB_FW_CONFIG is loaded by BL1. The `hw_config_max_size`
property defines the maximum size to be expected for the HW_CONFIG.
The `arm_dyn_cfg_helpers.c` and corresponding header implements
utility functions to parse these DT properties defined.
The `arm_dyn_cfg.c` implements wrappers to these helpers to enable
them to be invoked from ARM platform layer.
2. `HW_CONFIG` is added to the `bl2_mem_params_descs[]` array which is
the list of images to be loaded by BL2.
3. The `libfdt` sources are now included when BL2 is built
4. A new helper `populate_next_bl_params_config()` is introduced in
desc_image_load.c to populate the subsequent executable BL images
with the `hw_config` and the corresponding `fw_config` if available.
The `plat_get_next_bl_params()` API for ARM platforms is modified to
invoke this new helper.
5. The implementation of `bl2_early_platform_setup2()` is modified to
consider `arg0` as well in addition to `arg1` passed from BL1.
6. Bump up the BL2 size for Juno to accommodate the inclusion of libfdt.
Change-Id: I80f1554adec41753e0d179a5237364f04fe13a3f
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch modifies the bl1_platform_setup() API to load and authenticate
TB_FW_CONFIG in BL1. The load address of the same is passed on to BL2 in
`arg0` of entrypoint info. The fvp_io_storage.c and arm_io_storage.c also
adds entries corresponding to TB_FW_CONFIG. A helper function
`arm_load_tb_fw_config()` is added to load and authenticate TB_FW_CONFIG
if present.
Change-Id: Ie7bce667b3fad2b1a083bbcbc0a773f9f04254b1
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The `bl1_init_bl2_mem_layout()` API is now deprecated. The default weak
implementation of `bl1_plat_handle_post_image_load()` calculates the
BL2 memory layout and populates the same in x1(r1). This ensures
compatibility for the deprecated API.
Change-Id: Id44bdc1f572dc42ee6ceef4036b3a46803689315
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch migrates the ARM Standard platforms to the new BL
handover interface. The arm_blx_early_platform_setup() functions
are also modified to take in 4 arguments. The `ARM_BL31_PLAT_PARAM_VAL`
value passed to BL31 from BL2 is now in arg3 in preparation of dynamic
configuration arguments.
Change-Id: I33e8e61325a19e7a7127b1ff203c3b86921bf153
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch introduces a new BL handover interface. It essentially allows
passing 4 arguments between the different BL stages. Effort has been made
so as to be compatible with the previous handover interface. The previous
blx_early_platform_setup() platform API is now deprecated and the new
blx_early_platform_setup2() variant is introduced. The weak compatiblity
implementation for the new API is done in the `plat_bl_common.c` file.
Some of the new arguments in the new API will be reserved for generic
code use when dynamic configuration support is implemented. Otherwise
the other registers are available for platform use.
Change-Id: Ifddfe2ea8e32497fe1beb565cac155ad9d50d404
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch adds image IDs to `hw_config` and `tb_fw_config` and
includes them in the default Chain Of Trust (CoT).
Change-Id: If7bb3e9be8a5e48be76614b35bf43d58fc7fed12
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch updates the `fiptool` and `cert_create` for the
`hw_config` and `tb_fw_config` dynamic configuration files.
The necessary UUIDs and OIDs are assigned to these files and
the `cert_create` is updated to generate appropriate hashes
and include them in the "Trusted Boot FW Certificate". The
`fiptool` is updated to allow the configs to be specified
via cmdline and included in the generated FIP.
Change-Id: I940e751a49621ae681d14e162aa1f5697eb0cb15
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch adds an argument to bl1_plat_post/pre_image_load() APIs
to make it more future proof. The default implementation of
these are moved to `plat_bl1_common.c` file.
These APIs are now invoked appropriately in the FWU code path prior
to or post image loading by BL1 and are not restricted
to LOAD_IMAGE_V2.
The patch also reorganizes some common platform files. The previous
`plat_bl2_el3_common.c` and `platform_helpers_default.c` files are
merged into a new `plat_bl_common.c` file.
NOTE: The addition of an argument to the above mentioned platform APIs
is not expected to have a great impact because these APIs were only
recently added and are unlikely to be used.
Change-Id: I0519caaee0f774dd33638ff63a2e597ea178c453
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Hynix ufs has deviations on hi36xx platform which will result
in ufs bursts transfer failures at a very low probability.
To fix the problem, the Hynix device must set the register
VS_DebugSaveConfigTime to 0x10, which will set time reference
for SaveConfigTime is 250 ns. The time reference for SaveConfigTime
is 40 ns by default.
Signed-off-by: fengbaopeng <fengbaopeng@hisilicon.com>
According to the SMC Calling Convention (ARM DEN0028B):
The Unknown SMC Function Identifier is a sign-extended value of
(-1) that is returned in R0, W0 or X0 register.
The value wasn't sign-extended because it was defined as a 32-bit
unsigned value (0xFFFFFFFF).
SMC_PREEMPT has been redefined as -2 for the same reason.
NOTE: This might be a compatibility break for some AArch64 platforms
that don't follow the previous version of the SMCCC (ARM DEN0028A)
correctly. That document specifies that only the bottom 32 bits of the
returned value must be checked. If a platform relies on the top 32 bits
of the result being 0 (so that SMC_UNK is 0x00000000FFFFFFFF), it will
have to fix its code to comply with the SMCCC.
Change-Id: I7f7b109f6b30c114fe570aa0ead3c335383cb54d
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
When ARM Trusted Firmware is built with EL3_EXCEPTION_HANDLING=1,
EL3 interrupts (INTR_TYPE_EL3) will always preempt both Non-secure and
secure execution.
The interrupt management framework currently treats EL3 interrupt
routing as valid. For the above reason, this patch makes them invalid
when EL3_EXCEPTION_HANDLING is in effect.
Change-Id: I95bca8f5dc8df8eb0ff6f305cfba098611522a39
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Add 'lr_svc' as a boot parameter in AArch32 bl1. This is used by Optee
and Trusty to get the non-secure entry point on AArch32 platforms.
This change is not ported in AArch64 mode where the BL31, not BL32,
is in charge of booting the non secure image (BL33).
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
These APIs are used by platforms that need to decompress images.
image_decompress_init():
This registers a temporary buffer and a decompressor callback.
This should be called from platform init code.
image_decompress_prepare():
This should be called before each compressed image is loaded. The
best location to call this will be bl*_plat_handle_pre_image_load().
image_decompress():
This should be called after each compressed image is loaded. The
best location to call this will be bl*_plat_handle_post_image_load().
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Just like bl2_, add pre/post image load handlers for BL1. No argument
is needed since BL2 is the only image loaded by BL1.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
There are cases where we need to manipulate image information before
the load. For example, for decompressing data, we cannot load the
compressed images to their final destination. Instead, we need to
load them to the temporary buffer for the decompressor.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This commit adds some more files to use zlib from TF.
To use zlib, ->zalloc and ->zfree hooks are needed. The implementation
depends on the system. For user-space, the libc provides malloc() and
friends. Unfortunately, ARM Trusted Firmware does not provide malloc()
or any concept of dynamic memory allocation.
I implemented very simple calloc() and free() for this. Stupidly,
zfree() never frees memory, but it works enough for this.
The purpose of using zlib is to implement gunzip() - this function
takes compressed data from in_buf, then dumps the decompressed data
to oub_buf. The work_buf is used for memory allocation during the
decompress. Upon exit, it updates in_buf and out_buf. If successful,
in_buf points to the end of input data, out_buf to the end of the
decompressed data.
To use this feature, you need to do:
- include lib/zlib/zlib.mk from your platform.mk
- add $(ZLIB_SOURCES) to your BL*_SOURCES
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Add amu_context_save() and amu_context_restore() functions for aarch32
Change-Id: I4df83d447adeaa9d9f203e16dc5a919ffc04d87a
Signed-off-by: Joel Hutton <joel.hutton@arm.com>
In the initial implementation of this workaround we used a dedicated
workaround context to save/restore state. This patch reduces the
footprint as no additional context is needed.
Additionally, this patch reduces the memory loads and stores by 20%,
reduces the instruction count and exploits static branch prediction to
optimize the SMC path.
Change-Id: Ia9f6bf06fbf8a9037cfe7f1f1fb32e8aec38ec7d
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
SMCCC v1.1 comes with a relaxed calling convention for AArch64
callers. The caller only needs to save x0-x3 before doing an SMC
call.
This patch adds support for SMCCC_VERSION and SMCCC_ARCH_FEATURES.
Refer to "Firmware Interfaces for mitigating CVE_2017_5715 System
Software on Arm Systems"[0] for more information.
[0] https://developer.arm.com/-/media/developer/pdf/ARM%20DEN%200070A%20Firmware%20interfaces%20for%20mitigating%20CVE-2017-5715_V1.0.pdf
Change-Id: If5b1c55c17d6c5c7cb9c2c3ed355d3a91cdad0a9
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
The current div_round_up() implementation relies on round_up() which
only works correctly for boundaries that are a power of 2. It is
documented as such, but this still seems dangerously easy to overlook,
especially since many other environments (e.g. the Linux kernel) have a
similar macro without these limitations.
There is a different way to calculate this that can deal with all kinds
of divisors without other drawbacks, so let's just use that instead.
Change-Id: Id382736683f5d4e880ef00c53cfa23a2f9208440
Signed-off-by: Julius Werner <jwerner@chromium.org>
The secure_partition_boot_info_t structure is used to communicate boot
parameters with the StandaloneMM code executing at S-EL0 through a
shared buffer. Certain data types used for members of this structure
are opaque with their size depending on the toolchain being used.
Declare the members of the structure with explicit width based data
types, which would maintain compatibility across toolchains.
Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>
coreboot supports an in-memory console to store firmware logs even when
no serial console is available. It is widely supported by
coreboot-compatible bootloaders (including SeaBIOS and GRUB) and can be
read by the Linux kernel.
This patch allows BL31 to add its own log messages to this console. The
driver will be registered automatically if coreboot support is compiled
in and detects the presence of a console buffer in the coreboot tables.
Change-Id: I31254dfa0c2fdeb7454634134b5707b4b4154907
Signed-off-by: Julius Werner <jwerner@chromium.org>
This patch adds the foundation for a platform-independent coreboot
support library that can be shared by all platforms that boot BL31 from
coreboot (acting as BL2). It adds code to parse the "coreboot table", a
data structure that coreboot uses to communicate different kinds of
information to later-stage firmware and certain OS drivers.
As a first small use case for this information, allow platforms to
access the serial console configuration used by coreboot, removing the
need to hardcode base address and divisors and allowing Trusted Firmware
to benefit from coreboot's user configuration (e.g. which UART to pick
and which baud rate to use).
Change-Id: I2bfb39cd2609ce6640b844ab68df6c9ae3f28e9e
Signed-off-by: Julius Werner <jwerner@chromium.org>
This patch updates the Cadence CDNS console driver to support the new
console API. The driver will continue to support the old API as well by
checking the MULTI_CONSOLE_API compile-time flag.
Change-Id: I2ef8fb0d6ab72696997db1e0243a533499569d6b
Signed-off-by: Julius Werner <jwerner@chromium.org>
This patch updates the ARM PL011 console driver to support the new
console API. The driver will continue to support the old API as well by
checking the MULTI_CONSOLE_API compile-time flag.
Change-Id: Ic34e4158addbb0c5fae500c9cff899c05a4f4206
Signed-off-by: Julius Werner <jwerner@chromium.org>
This patch updates the TI 16550 console driver to support the new
console API. The driver will continue to support the old API as well by
checking the MULTI_CONSOLE_API compile-time flag.
Change-Id: I60a44b7ba3c35c74561824c04b8dbe3e3039324c
Signed-off-by: Julius Werner <jwerner@chromium.org>
A per-cpu vbar is installed that implements the workaround by
invalidating the branch target buffer (BTB) directly in the case of A9
and A17 and indirectly by invalidating the icache in the case of A15.
For Cortex A57 and A72 there is currently no workaround implemented
when EL3 is in AArch32 mode so report it as missing.
For other vulnerable CPUs (e.g. Cortex A73 and Cortex A75), there are
no changes since there is currently no upstream AArch32 EL3 support
for these CPUs.
Change-Id: Ib42c6ef0b3c9ff2878a9e53839de497ff736258f
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
This patch introduces two workarounds for ARMv7 systems. The
workarounds need to be applied prior to any `branch` instruction in
secure world. This is achieved using a custom vector table where each
entry is an `add sp, sp, #1` instruction.
On entry to monitor mode, once the sequence of `ADD` instructions is
executed, the branch target buffer (BTB) is invalidated. The bottom
bits of `SP` are then used to decode the exception entry type.
A side effect of this change is that the exception vectors are
installed before the CPU specific reset function. This is now
consistent with how it is done on AArch64.
Note, on AArch32 systems, the exception vectors are typically tightly
integrated with the secure payload (e.g. the Trusted OS). This
workaround will need porting to each secure payload that requires it.
The patch to modify the AArch32 per-cpu vbar to the corresponding
workaround vector table according to the CPU type will be done in a
later patch.
Change-Id: I5786872497d359e496ebe0757e8017fa98f753fa
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
This patch change the name of the section containing the functions
defined in assembly files from text.* to text.asm.*. This change
makes possible to select in the linker script the functions
defined in those files.
Change-Id: If35e44ef1b43ffd951dfac5e052db75d7198e2e0
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
This patch add supports for the new API added for BL2 at EL3 for
FVP. We don't have a non-TF Boot ROM for FVP, but this option can be
tested setting specific parameters in the model.
The bl2 image is loaded directly in memory instead of being loaded
by a non-TF Boot ROM and the reset address is changed:
--data cluster0.cpu0=bl2.bin@0x4001000
-C cluster0.cpu0.RVBAR=0x4001000
These parameters mean that in the cold boot path the processor will
jump to BL2 again. For this reason, BL2 is loaded in dram in this
case, to avoid other images reclaiming BL2 memory.
Change-Id: Ieb2ff8535a9e67ccebcd8c2212cad366e7776422
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
This patch enables BL2 to execute at the highest exception level
without any dependancy on TF BL1. This enables platforms which already
have a non-TF Boot ROM to directly load and execute BL2 and subsequent BL
stages without need for BL1. This is not currently possible because
BL2 executes at S-EL1 and cannot jump straight to EL3.
Change-Id: Ief1efca4598560b1b8c8e61fbe26d1f44e929d69
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Add some macros according to JEDEC Standard Embedded Multi-Media
Card (eMMC) Electrical Standard (5.1)": Table 145 - Bus Mode
Selection.
Change-Id: Iaa45e0582653ef4290efd60d039f0bdc420eeb47
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
typedef mem_region_t mem_region_t;
... seems to work because they belong to different name-spaces,
but humans are confused even if compilers are not.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>