These SPM-related specifications are mentioned in the readme and
the change log. Update references to these specs to make it clear
that they are in draft form and are expected to change.
Change-Id: Ia2791c48c371a828246d96f102a402747cd69f96
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The latest version of GCC are required to use the new features of TF-A.
Suggest to use the latest version available on developer.arm.com instead
of the version specified on the Linaro Release notes.
At the time of writing, GCC 8.2-2019.01 is the latest version available.
Change-Id: Idd5c00749e39ca9dc8b7c5623b5d64356c9ce6e5
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Update both the readme and user guide on their shared "platform"
section.
Change-Id: Ia1f30acda45ac8facdcb7d540800191cdf6cdacf
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Make sure the steps in the user guide are up to date and can be
performed out of the box.
Change-Id: Ib4d959aa771cf515f74e150aaee2fbad24c18c38
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
This is the temporary contents page that links
to all other documents (except platform ports).
This page is needed during the
trustedfirmware.org migration, before we have a
Sphinx rendering pipeline set up, because cgit
doesn't offer a good way to view rendered docs
while browsing the tree. We need to have a links
page that can be opened from the cgit 'about'
view.
Change-Id: I3ad87a9fa8a14dc8e371aac7ee473575fed316bf
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The relocation fixup code must be called at the beginning of bl31
entrypoint to ensure that CPU specific reset handlers are fixed up for
relocations.
Change-Id: Icb04eacb2d4c26c26b08b768d871d2c82777babb
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
dw_params.mmc_dev_type should be assigned before mmc_init, otherwise SDMMC
initialization will fail as the initialization treats the device as EMMC
instead of SD.
Signed-off-by: Tien Hock, Loh <tien.hock.loh@intel.com>
Fixed the below bugs:
1) Bug related to build flag V=1: if the flag was V=0, building with
ROMLIB would fail.
2) Due to a syntax bug in genwrappers.sh, index file entries marked as
"patch" or "reserved" were ignored.
3) Added a prepending hash to constants that genwrappers is generating.
4) Due to broken dependencies, currently the inclusion functionality is
intentionally not utilised. This is why the contents of romlib/jmptbl.i
have been copied to platform specific jmptbl.i files. As a result of the
broken dependencies, when changing the index files, e.g. patching
functions, a clean build is always required. This is a known issue that
will be fixed in the future.
Change-Id: I9d92aa9724e86d8f90fcd3e9f66a27aa3cab7aaa
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
This commit reverts the following commits:
- c54c7fc358 ("xlat_tables_v2: print xlat tables without recursion")
- db8cac2d98 ("xlat_tables_v2: unmap region without recursion.")
- 0ffe269215 ("xlat_tables_v2: map region without recursion.")
This was part of PR#1843.
A problem has been detected in one of our test run configurations
involving dynamic mapping of regions and it is blocking the next
release. Until the problem can be solved, it is safer to revert
the changes.
Change-Id: I3d5456e4dbebf291c8b74939c6fb02a912e0903b
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Declare ENABLE_PAUTH and CTX_INCLUDE_PAUTH_REGS
build options as experimental.
Pointer Authentication is enabled for Non-secure world
irrespective of the value of these build flags if the
CPU supports it.
The patch also fixes the description of fiptool 'help' command.
Change-Id: I46de3228fbcce774a2624cd387798680d8504c38
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
The Rockchip ATF platform can be entered from both Coreboot and U-Boot.
While Coreboot does submit the list of linked parameter structs as
platform param, upstream u-boot actually always provides a pointer
to a devicetree as parameter.
This results in current ATF not running at all when started from U-Boot.
To fix this, add a stub that checks if the parameter is a fdt so we
can at least boot and not get stuck. Later on we can extend this with
actual parsing of information from the devicetree.
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
When RECLAIM_INIT_CODE is 1, the stack is used to contain the .text.init
section. This is by default enable on FVP. Due to the size increase of
the .text.init section, the stack had to be adjusted contain it.
Change-Id: Ia392341970fb86c0426cf2229b1a7295453e2e32
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
The dummy implementation of the plat_init_apiakey() platform API uses
an internal 128-bit buffer to store the initial key value used for
Pointer Authentication support.
The intent - as stated in the file comments - was for this buffer to
be write-protected by the MMU. Initialization of the buffer would be
performed before enabling the MMU, thus bypassing write protection
checks.
However, the key buffer ended up into its own read-write section by
mistake due to a typo on the section name ('rodata.apiakey' instead of
'.rodata.apiakey', note the leading dot). As a result, the linker
script was not pulling it into the .rodata output section.
One way to address this issue could have been to fix the section
name. However, this approach does not work well for BL1. Being the
first image in the boot flow, it typically is sitting in real ROM
so we don't have the capacity to update the key buffer at any time.
The dummy implementation of plat_init_apiakey() provided at the moment
is just there to demonstrate the Pointer Authentication feature in
action. Proper key management and key generation would have to be a
lot more careful on a production system.
Therefore, the approach chosen here to leave the key buffer in
writable memory but move it to the BSS section. This does mean that
the key buffer could be maliciously updated for intalling unintended
keys on the warm boot path but at the feature is only at an
experimental stage right now, this is deemed acceptable.
Change-Id: I121ccf35fe7bc86c73275a4586b32d4bc14698d6
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Instruction key A was incorrectly restored in the instruction key B
registers.
Change-Id: I4cb81ac72180442c077898509cb696c9d992eda3
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
This patch applies the new MSR instruction to directly set the
PSTATE.SSBS bit which controls speculative loads. This new instruction
is available at Neoverse N1 core so it's utilised.
Change-Id: Iee18a8b042c90fdb72d2b98f364dcfbb17510728
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
Switched from a static check to a runtime assert to make sure a
workaround is implemented for CVE_2018_3639.
This allows platforms that know they have the SSBS hardware workaround
in the CPU to compile out code under DYNAMIC_WORKAROUND_CVE_2018_3639.
The gain in memory size without the dynamic workaround is 4KB in bl31.
Change-Id: I61bb7d87c59964b0c7faac5d6bc7fc5c4651cbf3
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Soby Mathew
Paul Beesley
Louis Mayencourt
Ambroise Vincent
Dimitris Papastamos
Tien Hock, Loh
John Tsichritzis
Antonio Nino Diaz
Alexei Fedorov
Heiko Stuebner
Sandrine Bailleux