Neoverse N1 erratum 1800710 is a Cat B erratum, present in older
revisions of the Neoverse N1 processor core. The workaround is to
set a bit in the ECTLR_EL1 system register, which disables allocation
of splintered pages in the L2 TLB.
This errata is explained in this SDEN:
https://static.docs.arm.com/sden885747/f/Arm_Neoverse_N1_MP050_Software_Developer_Errata_Notice_v21.pdf
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ie5b15c8bc3235e474a06a57c3ec70684361857a6
Cortex A77 erratum 1800714 is a Cat B erratum, present in older
revisions of the Cortex A77 processor core. The workaround is to
set a bit in the ECTLR_EL1 system register, which disables allocation
of splintered pages in the L2 TLB.
Since this is the first errata workaround implemented for Cortex A77,
this patch also adds the required cortex_a77_reset_func in the file
lib/cpus/aarch64/cortex_a77.S.
This errata is explained in this SDEN:
https://static.docs.arm.com/101992/0010/Arm_Cortex_A77_MP074_Software_Developer_Errata_Notice_v10.pdf
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I844de34ee1bd0268f80794e2d9542de2f30fd3ad
Captured the increase in firmware configuration area from
4KB to 8kB in memory layout document. Updated the documentation
to provide details about fw_config separately.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ifbec443ced479301be65827b49ff4fe447e9109f
All projects under the TrustedFirmware.org project now use the same
security incident process, therefore update the disclosure/vulnerability
reporting information in the TF-A documentation.
------------------------------------------------------------------------
/!\ IMPORTANT /!\
Please note that the email address to send these reports to has changed.
Please do *not* use trusted-firmware-security@arm.com anymore.
Similarly, the PGP key provided to encrypt emails to the security email
alias has changed as well. Please do *not* use the former one provided
in the TF-A source tree. It is recommended to remove it from your
keyring to avoid any mistake. Please use the new key provided on
TrustedFirmware.org from now on.
------------------------------------------------------------------------
Change-Id: I14eb61017ab99182f1c45d1e156b96d5764934c1
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Added a binding document for COT descriptors which is going
to be used in order to create COT desciptors at run-time.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ic54519b0e16d145cd1609274a00b137a9194e8dd
Cortex A76 erratum 1800710 is a Cat B erratum, present in older
revisions of the Cortex A76 processor core. The workaround is to
set a bit in the ECTLR_EL1 system register, which disables allocation
of splintered pages in the L2 TLB.
This errata is explained in this SDEN:
https://static.docs.arm.com/sden885749/g/Arm_Cortex_A76_MP052_Software_Developer_Errata_Notice_v20.pdf
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ifc34f2e9e053dcee6a108cfb7df7ff7f497c9493
Cortex A76 erratum 1791580 is a Cat B erratum present in earlier
revisions of the Cortex A76. The workaround is to set a bit in the
implementation defined CPUACTLR2 register, which forces atomic store
operations to write-back memory to be performed in the L1 data cache.
This errata is explained in this SDEN:
https://static.docs.arm.com/sden885749/g/Arm_Cortex_A76_MP052_Software_Developer_Errata_Notice_v20.pdf
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Iefd58159b3f2e2286138993317b98e57dc361925
Add llc_sram_enable() and llc_sram_disable() APIs to Marvell
cache_lls driver.
Add LLC_SRAM definition to Marvell common makefile - disabled
by the default.
Add description of LLC_SRAM flag to the build documentation.
Change-Id: Ib348e09752ce1206d29268ef96c9018b781db182
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
* changes:
ddr: a80x0: add DDR 32-bit ECC mode support
ble: ap807: improve PLL configuration sequence
ble: ap807: clean-up PLL configuration sequence
ddr: a80x0: add DDR 32-bit mode support
plat: marvell: mci: perform mci link tuning for all mci interfaces
plat: marvell: mci: use more meaningful name for mci link tuning
plat: marvell: a8k: remove wrong or unnecessary comments
plat: marvell: ap807: enable snoop filter for ap807
plat: marvell: ap807: update configuration space of each CP
plat: marvell: ap807: use correct address for MCIx4 register
plat: marvell: add support for PLL 2.2GHz mode
plat: marvell: armada: make a8k_common.mk and mss_common.mk more generic
marvell: armada: add extra level in marvell platform hierarchy
This patch adds a build config 'RAS_TRAP_LOWER_EL_ERR_ACCESS' to set
SCR_EL3.TERR during CPU boot. This bit enables trapping RAS register
accesses from EL1 or EL2 to EL3.
RAS_TRAP_LOWER_EL_ERR_ACCESS is disabled by default.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ifb0fb0afedea7dd2a29a0b0491a1161ecd241438
Using the fconf framework, the Group 0 and Group 1 secure interrupt
descriptors are moved to device tree and retrieved in runtime. This
feature is enabled by the build flag SEC_INT_DESC_IN_FCONF.
Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The only difference between GIC-500 and GIC-600 relevant to TF-A is the
differing power management sequence.
A certain GIC implementation is detectable at runtime, for instance by
checking the IIDR register. Let's add that test before initiating the
GIC-600 specific sequence, so the code can be used on both GIC-600 and
GIC-500 chips alike, without deciding on a GIC chip at compile time.
This means that the GIC-500 "driver" is now redundant. To allow minimal
platform support, add a switch to disable GIC-600 support.
Change-Id: I17ea97d9fb05874772ebaa13e6678b4ba3415557
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This commit introduces 32-bit DDR topology map initialization.
For that purpose a new DDR32 build flag is added, with
according documentation update.
Change-Id: I169ff358c2923afd984e27bc126dc551dcaefc01
Signed-off-by: Alex Leibovich <alexl@marvell.com>
This commit is a preparation for upcoming support for OcteonTX and
OcteonTX2 product families. Armada platform related files (docs,
plat, include/plat) are moved to the new "armada" sub-folder.
Change-Id: Icf03356187078ad6a2e56c9870992be3ca4c9655
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
As per the trustedfirmware.org Project Maintenance Process [1], the
current maintainers of the TF-A project have nominated some contributors
to become maintainers themselves. List them in the maintainers.rst file
to make this official.
[1] https://developer.trustedfirmware.org/w/collaboration/project-maintenance-process/
Change-Id: Id4e3cfd12a9074f4e255087fa5dd6fa5f902845f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Extend the list of modules and assign code owners to each of them.
Change-Id: I267b87d8e239c7eff143b4c7e6ce9712fcf7101e
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
This patch adds support for Total Compute (TC0) platform. It is an
initial port and additional features are expected to be added later.
TC0 has a SCP which brings the primary Cortex-A out of reset
which starts executing BL1. TF-A optionally authenticates the SCP
ram-fw available in FIP and makes it available for SCP to copy.
Some of the major features included and tested in this platform
port include TBBR, PSCI, MHUv2 and DVFS.
Change-Id: I1675e9d200ca7687c215009eef483d9b3ee764ef
Signed-off-by: Usama Arif <usama.arif@arm.com>
Document the second argument of the function.
Minor rewording.
Change-Id: I190794b8cc74c99db4cfe6efc225217c32dd0774
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
- Fix possible run-time ELs value and xlat-granule size.
- Remove mandatory field for stream-ids.
- Define interrupts attributes to <u32>.
- Remove mem-manage field.
- Add description for memory/device region attributes.
Co-authored-by: Manish Pandey <manish.pandey2@arm.com>
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I71cf4406c78eaf894fa6532f83467a6f4110b344
SPCI is renamed as PSA FF-A which stands for Platform Security
Architecture Firmware Framework for A class processors.
This patch replaces the occurrence of SPCI with PSA FF-A(in documents)
or simply FFA(in code).
Change-Id: I4ab10adb9ffeef1ff784641dfafd99f515133760
Signed-off-by: J-Alves <joao.alves@arm.com>
This patch enables the v8.6 extension to add a delay before WFE traps
are taken. A weak hook plat_arm_set_twedel_scr_el3 has been added in
plat/common/aarch64/plat_common.c that disables this feature by default
but platform-specific code can override it when needed.
The only hook provided sets the TWED fields in SCR_EL3, there are similar
fields in HCR_EL2, SCTLR_EL2, and SCTLR_EL1 to control WFE trap delays in
lower ELs but these should be configured by code running at EL2 and/or EL1
depending on the platform configuration and is outside the scope of TF-A.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I0a9bb814205efeab693a3d0a0623e62144abba2d
CoT used for BL1 and BL2 are moved to tbbr_cot_bl1.c
and tbbr_cot_bl2.c respectively.
Common CoT used across BL1 and BL2 are moved to
tbbr_cot_common.c.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I2252ac8a6960b3431bcaafdb3ea4fb2d01b79cf5
This patch introduces dynamic configuration for SDEI setup and is supported
when the new build flag SDEI_IN_FCONF is enabled. Instead of using C arrays
and processing the configuration at compile time, the config is moved to
dts files. It will be retrieved at runtime during SDEI init, using the fconf
layer.
Change-Id: If5c35a7517ba00a9f258d7f3e7c8c20cee169a31
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Co-authored-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
During context switching from higher EL (EL2 or higher)
to lower EL can cause incorrect translation in TLB due to
speculative execution of AT instruction using out-of-context
translation regime.
Workaround is implemented as below during EL's (EL1 or EL2)
"context_restore" operation:
1. Disable page table walk using SCTLR.M and TCR.EPD0 & EPD1
bits for EL1 or EL2 (stage1 and stage2 disabled)
2. Save all system registers except TCR and SCTLR (for EL1 and EL2)
3. Do memory barrier operation (isb) to ensure all
system register writes are done.
4. Restore TCR and SCTLR registers (for EL1 and EL2)
Errata details are available for various CPUs as below:
Cortex-A76: 1165522
Cortex-A72: 1319367
Cortex-A57: 1319537
Cortex-A55: 1530923
Cortex-A53: 1530924
More details can be found in mail-chain:
https://lists.trustedfirmware.org/pipermail/tf-a/2020-April/000445.html
Currently, Workaround is implemented as build option which is default
disabled.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: If8545e61f782cb0c2dda7ffbaf50681c825bd2f0
The maintainers.rst file provides the list of all TF-A modules and their
code owners. As there are quite a lot of modules (and more to come) in
TF-A, it is sometimes hard to find the information.
Introduce categories (core code, drivers/libraries/framework, ...) and
classify each module in the right one.
Note that the core code category is pretty much empty right now but the
plan would be to expand it with further modules (e.g. PSCI, SDEI, TBBR,
...) in a future patch.
Change-Id: Id68a2dd79a8f6b68af5364bbf1c59b20c05f8fe7
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Complete the documentation with information on how to write a DTS for
fconf. This patch adds the bindings information for dynamic
configuration properties.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: Ic6d9f927df53bb87315c23ec5a8943d0c3258d45
'make doc' will now fail if Sphinx outputs any warning messages during
documentation generation.
Change-Id: I3e466af58ccf29b14a7e61037539b79ab6fc6037
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
This is a fixup for patch 3ba55a3c5f
("docs: Update SMCCC doc, other changes for release"), where some
links names got changed but their references didn't.
Change-Id: I980d04dde338f3539a2ec1ae2e807440587b1cf5
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Following the messages on the mailing list regarding the possible issue around
reading DTB's information, we decided to flag the fconf feature as experimental.
A uniform approach should be used to handle properties miss and DTB validation.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: Ib3c86e81fb2e89452c593f68d825d3d8f505e1fb
Updating the change log for the v2.3 release and the upcoming change log
template for v2.4 release.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ice875d3c93227069738a429d4b945512af8470e9
A small set of misc changes to ensure correctness before the v2.3
release.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I5b4e35b3b46616df0453cecff61f5a414951cd62
- Include the platform documentation in the table of contents.
- Add a title for the document. Without this, the platform
documentation was listed under a 'Description' title on page
https://trustedfirmware-a.readthedocs.io/en/latest/plat/index.html
- Change TF-A git repository URL to point to tf.org (rather than the
deprecated read-only mirror on Github).
- Fix the restructuredText syntax for the FIP command line. It was
not displayed at all on the rendered version.
Change-Id: I7a0f062bcf8e0dfc65e8f8bdd6775c497a47e619
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
This patch adds support for GICv4 extension.
New `GIC_ENABLE_V4_EXTN` option passed to gicv3.mk makefile
was added, and enables GICv4 related changes when set to 1.
This option defaults to 0.
Change-Id: I30ebe1b7a98d3a54863900f37eda4589c707a288
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch provides support for GICv3.1 extended PPI and SPI
range. The option is enabled by setting to 1 and passing
`GIC_EXT_INTID` build flag to gicv3.mk makefile.
This option defaults to 0 with no extended range support.
Change-Id: I7d09086fe22ea531c5df51a8a1efd8928458d394
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
* changes:
doc: brcm: Add documentation file for brcm stingray platform
drivers: Add SPI Nor flash support
drivers: Add iproc spi driver
drivers: Add emmc driver for Broadcom platforms
Add BL31 support for Broadcom stingray platform
Add BL2 support for Broadcom stingray platform
Add bl31 support common across Broadcom platforms
Add bl2 setup code common across Broadcom platforms
drivers: Add support to retrieve plat_toc_flags
Update the plantuml diagrams to match the latest modification in fconf.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: I90f55bba0fd039a3f7e1bd39661cf849fccd64f5
Enable MTE support by adding memory tag option in Makefile
This option is available only when ARMv8.5-MemTag is implemented
MTE options are added in latest clang and armclang compiler which
support below options:
for clang <version 11.0.0>
1. -march=arm8.5-a+memtag
2. -fsanitize=memtag
for armclang <version 6.12>
1. -march=arm8.5-a+memtag
2. -mmemtag-stack
Set the option SUPPORT_STACK_MEMTAG=yes to enable memory stack tagging.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I4e0bbde4e9769ce03ead6f550158e22f32c1c413
The file README.odroid-c2 has been moved in the U-Boot repository.
Reference the official uplink repository.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Change-Id: Ie72c7aefd6363a406f88ad2c87faee1c7a2125a3
This patch moves all GICv3 driver files into new added
'gicv3.mk' makefile for the benefit of the generic driver
which can evolve in the future without affecting platforms.
The patch adds GICv3 driver configuration flags
'GICV3_IMPL', 'GICV3_IMPL_GIC600_MULTICHIP' and
'GICV3_OVERRIDE_DISTIF_PWR_OPS' described in
'GICv3 driver options' section of 'build-option.rst'
document.
NOTE: Platforms with GICv3 driver need to be modified to
include 'drivers/arm/gic/v3/gicv3.mk' in their makefiles.
Change-Id: If055f6770ff20f5dee5a3c99ae7ced7cdcac5c44
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Fix below warnings appeared in porting-guide.rst
WARNING: Title underline too short.
Change-Id: Ibc0eba0da72a53a5f9b61c49a8bf7a10b17bc3b8
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
The manifest binding document defines the expected properties and their formats
to represent a partition manifest in device tree.
Change-Id: I5eb250c7b89e0d828e1fcfce32b121e4081879ec
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
* changes:
rpi: docs: Update maintainers file to new RPi directory scheme
rpi: console: Autodetect Mini-UART vs. PL011 configuration
rpi3: build: Include GPIO driver in all BL stages
rpi: Allow using PL011 UART for RPi3/RPi4
rpi3: console: Use same "clock-less" setup scheme as RPi4
rpi3: gpio: Simplify GPIO setup
With the addition of the Raspberry Pi 4 port the directory structure
changed a bit, also the new port didn't have a separate entry.
Add a new entry for the RPi4 port and adjust the path names.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: I04b60e729a19bb0cc3dd6ce6899ec6480356b1f1
Implemented SMCCC_ARCH_SOC_ID call in order to get below
SOC information:
1. SOC revision
2. SOC version
Implementation done using below SMCCC specification document:
https://developer.arm.com/docs/den0028/c
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ie0595f1c345a6429a6fb4a7f05534a0ca9c9a48b
Merge the previously introduced arm_fconf_io_storage into arm_io_storage. This
removes the duplicate io_policies and functions definition.
This patch:
- replace arm_io_storage.c with the content of arm_fconf_io_storage.c
- rename the USE_FCONF_BASED_IO option into ARM_IO_IN_DTB.
- use the ARM_IO_IN_DTB option to compile out io_policies moved in dtb.
- propagate DEFINES when parsing dts.
- use ARM_IO_IN_DTB to include or not uuid nodes in fw_config dtb.
- set the ARM_IO_IN_DTB to 0 by default for fvp. This ensure that the behavior
of fvp stays the same as it was before the introduction of fconf.
Change-Id: Ia774a96d1d3a2bccad29f7ce2e2b4c21b26c080e
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Since uefi-tools isn't used any more in hikey and hikey960, update the
documents.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Change-Id: I0843d27610e241d442e58b6cd71967998730a35d
Since commit 3bff910dc1 ("Introduce COT
build option"), it is now possible to select a different Chain of Trust
than the TBBR-Client one.
Make a few adjustments in the documentation to reflect that. Also make
some minor improvements (fixing typos, better formatting, ...) along
the way.
Change-Id: I3bbadc441557e1e13311b6fd053fdab6b10b1ba2
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The TBBR documentation has been written along with an early
implementation of the code. At that time, the range of supported
encryption and hash algorithms was failry limited. Since then, support
for other algorithms has been added in TF-A but the documentation has
not been updated.
Instead of listing them all, which would clutter this document while
still leaving it at risk of going stale in the future, remove specific
references to the original algorithms and point the reader at the
relevant comprehensive document for further details.
Change-Id: I29dc50bc1d53b728091a1fbaa1c3970fb999f7d5
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
To accommodate the increasing size of the SCP_BL2 binary, the base
address of the memory region allocated to SCP_BL2 has been moved
downwards from its current (mostly) arbitrary address to the beginning
of the non-shared trusted SRAM.
Change-Id: I086a3765bf3ea88f45525223d765dc0dbad6b434
Signed-off-by: Chris Kay <chris.kay@arm.com>
Necessary infrastructure added to integrate fconf framework in BL31 & SP_MIN.
Created few populator() functions which parse HW_CONFIG device tree
and registered them with fconf framework. Many of the changes are
only applicable for fvp platform.
This patch:
1. Adds necessary symbols and sections in BL31, SP_MIN linker script
2. Adds necessary memory map entry for translation in BL31, SP_MIN
3. Creates an abstraction layer for hardware configuration based on
fconf framework
4. Adds necessary changes to build flow (makefiles)
5. Minimal callback to read hw_config dtb for capturing properties
related to GIC(interrupt-controller node)
6. updates the fconf documentation
Change-Id: Ib6292071f674ef093962b9e8ba0d322b7bf919af
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Update qemu documentation with instructions to boot using FIP image.
Also, add option to build TF-A with TBBR and firmware encryption
enabled.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: Ib3af485d413cd595352034c82c2268d7f4cb120a
This patch provides a fix for incorrect crash dump data for
lower EL when TF-A is built with HANDLE_EA_EL3_FIRST=1 option
which enables routing of External Aborts and SErrors to EL3.
Change-Id: I9d5e6775e6aad21db5b78362da6c3a3d897df977
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Add framework for autheticated decryption of data. Currently this
patch optionally imports mbedtls library as a backend if build option
"DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption
using AES-GCM algorithm.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271
In commit 516beb585c ("TBB: apply TBBR naming
convention to certificates and extensions"), some of the variables used in the
TBBR chain of trust got renamed but the documentation did not get properly
updated everywhere to reflect these changes.
Change-Id: Ie8e2146882c2d3538c5b8c968d1bdaf5ea2a6e53
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Cortex-A65x4 and Cortex-A65AEx8 is now included in the list of the
supported Arm Fixed Virtual Platforms.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: Ibfcaec11bc75549d60455e96858d79b679e71e5e
The maintainers.rst file lists files and directories that each contributor looks
after in the TF-A source tree. As files and directories move around over time,
some pathnames had become invalid. Fix them, either by updating the path if
it has just moved, or deleting it altogether if it doesn't seem to exist
anymore.
Change-Id: Idb6ff4d8d0b593138d4f555ec206abcf68b0064f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
It is needed to make it appear in the table of contents. Right now,
all Amlogic documentation pages appear under the "Platform ports"
section, except the AXG one.
Change-Id: Ibcfc3b156888d2a9574953578978b629e185c708
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Till now TF-A allows limited number of external images to be made part
of FIP. With SPM coming along, there may exist multiple SP packages
which need to be inserted into FIP. To achieve this we need a more
scalable approach to feed SP packages to FIP.
This patch introduces changes in build system to generate and add SP
packages into FIP based on information provided by platform.
Platform provides information in form of JSON which contains layout
description of available Secure Partitions.
JSON parser script is invoked by build system early on and generates
a makefile which updates FIP, SPTOOL and FDT arguments which will be
used by build system later on for final packaging.
"SP_LAYOUT_FILE" passed as a build argument and can be outside of TF-A
tree. This option will be used only when SPD=spmd.
For each SP, generated makefile will have following entries
- FDT_SOURCES += sp1.dts
- SPTOOL_ARGS += -i sp1.img:sp1.dtb -o sp1.pkg
- FIP_ARGS += --blob uuid=XXXX-XXX...,file=SP1.pkg
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib6a9c064400caa3cd825d9886008a3af67741af7
The CPUACTLR_EL1 register on Cortex-A57 CPUs supports a bit to enable
non-cacheable streaming enhancement. Platforms can set this bit only
if their memory system meets the requirement that cache line fill
requests from the Cortex-A57 processor are atomic.
This patch adds support to enable higher performance non-cacheable load
forwarding for such platforms. Platforms must enable this support by
setting the 'A57_ENABLE_NONCACHEABLE_LOAD_FWD' flag from their
makefiles. This flag is disabled by default.
Change-Id: Ib27e55dd68d11a50962c0bbc5b89072208b4bac5
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
When TF-A is built with RESET_TO_BL31=1 option, BL31 is the
first image to be run and should have all the memory allocated
to it except for the memory reserved for Shared RAM at the start
of Trusted SRAM.
This patch fixes FVP BL31 load address and its image size for
RESET_TO_BL31=1 option. BL31 startup address should be set to
0x400_1000 and its maximum image size to the size of Trusted SRAM
minus the first 4KB of shared memory.
Loading BL31 at 0x0402_0000 as it is currently stated in
'\docs\plat\arm\fvp\index.rst' causes EL3 exception when the
image size gets increased (i.e. building with LOG_LEVEL=50)
but doesn't exceed 0x3B000 not causing build error.
Change-Id: Ie450baaf247f1577112f8d143b24e76c39d33e91
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch:
- Add the __COHERENT_RAM_START__ and __COHERENT_RAM_END__ symbols.
- Improve how the symbols are found with a regex.
- Add a build option to revert the memory layout output.
Change-Id: I54ec660261431bc98d78acb0f80e3d95bc5397ac
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
This patch adds information on the PMU configuration registers
and security considerations related to the PMU.
Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>
Change-Id: I36b15060b9830a77d3f47f293c0a6dafa3c581fb
At the moment, address demangling is only used by the backtrace
functionality. However, at some point, other parts of the TF-A
codebase may want to use it.
The 'demangle_address' function is replaced with a single XPACI
instruction which is also added in 'do_crash_reporting()'.
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Change-Id: I4424dcd54d5bf0a5f9b2a0a84c4e565eec7329ec
Introduce macro 'CSS_SGI_CHIP_COUNT' to allow Arm CSS platforms with
multi-chip support to define number of chiplets on the platform. By
default, this flag is set to 1 and does not affect the existing single
chip platforms.
For multi-chip platforms, override the default value of
CSS_SGI_CHIP_COUNT with the number of chiplets supported on the
platform. As an example, the command below sets the number of chiplets
to two on the RD-N1-Edge multi-chip platform:
export CROSS_COMPILE=<path-to-cross-compiler>
make PLAT=rdn1edge CSS_SGI_CHIP_COUNT=2 ARCH=aarch64 all
Change-Id: If364dc36bd34b30cc356f74b3e97633933e6c8ee
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Use the firmware configuration framework to store the io_policies
information inside the configuration device tree instead of the static
structure in the code base.
The io_policies required by BL1 can't be inside the dtb, as this one is
loaded by BL1, and only available at BL2.
This change currently only applies to FVP platform.
Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Enables usage of ARM_ROTPK_LOCATION=regs for FVP board.
Removes hard-coded developer keys. Instead, setting
ARM_ROTPK_LOCATION=devel_* takes keys from default directory.
In case of ROT_KEY specified - generates a new hash and replaces the
original.
Note: Juno board was tested by original feature author and was not tested
for this patch since we don't have access to the private key. Juno
implementation was moved to board-specific file without changing
functionality. It is not known whether byte-swapping is still needed
for this platform.
Change-Id: I0fdbaca0415cdcd78f3a388551c2e478c01ed986
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
This patch expands the coding style documentation, splitting it
into two documents: the core style rules and extended guidelines.
Note that it does not redefine or change the coding style (aside
from section 4.6.2) - generally, it is only documenting the
existing style in more detail.
The aim is for the coding style to be more readable and, in turn,
for it to be followed by more people. We can use this as a more
concrete reference when discussing the accepted style with external
contributors.
Change-Id: I87405ace9a879d7f81e6b0b91b93ca69535e50ff
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>
BL2 is unconditionally setting 0 (OPTEE_AARCH64) in arg0 even when the
BL32 image is 32bit (OPTEE_AARCH32). This is causing the boot to hang
when ATOS (32bit Amlogic BL32 binary-only TEE OS) is used.
Since we are not aware of any Amlogic platform shipping a 64bit version
of ATOS we can hardcode OPTEE_AARCH32 / MODE_RW_32 when using ATOS.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Iaea47cf6dc48bf8a646056761f02fb81b41c78a3
Introduce the preliminary support for the Amlogic A113D (AXG) SoC.
This port is a minimal implementation of BL31 capable of booting
mainline U-Boot, Linux and chainloading BL32 (ATOS).
Tested on a A113D board.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ic4548fa2f7c48d61b485b2a6517ec36c53c20809
Since Sphinx 2.3.0 backquotes are replaced to \textasciigrave{} during
building latexpdf. Using this element in a \sphinxhref{} breaks the
build. In order to avoid this error backquotes must not be used in
external hyperlinks.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: Ie3cf454427e3d5a7b7f9829b42be45aebda7f0dd
The current URL for QEMU_EFI.fd is not found. Update the link to
point to the new one.
If you run the shell command as instructed, you will see this error:
qemu-system-aarch64: keep_bootcon: Could not open 'keep_bootcon': No such file or directory
The part "console=ttyAMA0,38400 keep_bootcon root=/dev/vda2" is the
kernel parameter, so it must be quoted.
As of writing, QEMU v4.2.0 is the latest, but it does not work for
TF-A (It has been fixed in the mainline.) QEMU v4.1.0 works fine.
With those issues addressed, I succeeded in booting the latest kernel.
Tested with QEMU v4.1.0 and Linux 5.5 (defconfig with no modification).
Update the tested versions.
Change-Id: Ic85db0e688d67b1803ff890047d37de3f3db2daa
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Allows to select the chain of trust to use when the Trusted Boot feature
is enabled. This affects both the cert_create tool and the firmware
itself.
Right now, the only available CoT is TBBR.
Change-Id: I7ab54e66508a1416cb3fcd3dfb0f055696763b3d
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Command to build HTML-formatted pages from docs:
make doc
Change-Id: I4103c804b3564fe67d8fc5a3373679daabf3f2e9
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This patch adds 'calc_hash' function using Mbed TLS library
required for Measured Boot support.
Change-Id: Ifc5aee0162d04db58ec6391e0726a526f29a52bb
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
CPUECTLR_EL1.EXTLLC bit indicates the presense of internal or external
last level cache(LLC) in the system, the reset value is internal LLC.
To cater for the platforms(like N1SDP) which has external LLC present
introduce a new build option 'NEOVERSE_N1_EXTERNAL_LLC' which can be
enabled by platform port.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ibf475fcd6fd44401897a71600f4eafe989921363
This implementation simply mimics that of BL31.
Change-Id: Ibbaa4ca012d38ac211c52b0b3e97449947160e07
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This implementation simply mimics that of BL31.
I did not implement the ENABLE_PIE support for BL2_IN_XIP_MEM=1 case.
It would make the linker script a bit uglier.
Change-Id: If3215abd99f2758dfb232e44b50320d04eba808b
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This lets the Linux kernel or any other image which expects an FDT in x0 be
loaded directly as BL33 without a separate bootloader on QEMU.
Signed-off-by: Andrew Walbran <qwandor@google.com>
Change-Id: Ia8eb4710a3d97cdd877af3b8aae36a2de7cfc654
Out of two possible implementation of Secure Partition Manager(SPM)
currently only Management mode (MM) design is supported and the support
for SPM based on SPCI Alpha 1 prototype has been removed.
Earlier both implementation used common build flag "ENABLE_SPM" but it
has since been decoupled and MM uses a separate build FLAG "SPM_MM".
Instructions to build it for FVP was still using "ENABLE_SPM", which has
beend corrected in this patch.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I505b98173d6051816436aa602ced6dbec4efc776
Parse the parameter structure the PLM populates, to populate the
bl32 and bl33 image structures.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I317072d1086f6cc6f90883c1b8b6d086ff57b443
* changes:
plat: xilinx: Move pm_client.h to common directory
plat: xilinx: versal: Make silicon default build target
xilinx: versal: Wire silicon default setup
versal: Increase OCM memory size for DEBUG builds
plat: xilinx: versal: Dont set IOU switch clock
arm64: versal: Adjust cpu clock for versal virtual
xilinx: versal: Add support for PM_GET_OPERATING_CHARACTERISTIC EEMI call
plat: versal: Add Get_ChipID API
plat: xilinx: versal: Add load Pdi API support
xilinx: versal: Add feature check API
xilinx: versal: Implement set wakeup source for client
plat: xilinx: versal: Add GET_CALLBACK_DATA function
xilinx: versal: Add PSCI APIs for system shutdown & reset
xilinx: versal: Add PSCI APIs for suspend/resume
xilinx: versal: Remove no_pmc ops to ON power domain
xilinx: versal: Add set wakeup source API
xilinx: versal: Add client wakeup API
xilinx: versal: Add query data API
xilinx: versal: Add request wakeup API
xilinx: versal: Add PM_INIT_FINALIZE API for versal
xilinx: versal: Add support of PM_GET_TRUSTZONE_VERSION API
xilinx: versal: enable ipi mailbox service
xilinx: move ipi mailbox svc to xilinx common
plat: xilinx: versal: Implement PM IOCTL API
xilinx: versal: Implement power down/restart related EEMI API
xilinx: versal: Add SMC handler for EEMI API
xilinx: versal: Implement PLL related PM APIs
xilinx: versal: Implement clock related PM APIs
xilinx: versal: Implement pin control related PM APIs
xilinx: versal: Implement reset related PM APIs
xilinx: versal: Implement device related PM APIs
xilinx: versal: Add support for suspend related APIs
xilinx: versal: Add get_api_version support
xilinx: Add support to send PM API to PMC using IPI for versal
plat: xilinx: versal: Move versal_def.h to include directory
plat: xilinx: versal: Move versal_private.h to include directory
plat: xilinx: zynqmp: Use GIC framework for warm restart
Add new flags for storage support that must be used in the build
command line. Add the complete build steps for an OP-TEE configuration.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I0c682f6eb0aab83aa929f4ba734d3151c264aeed
The LLVM linker replaces the GNU linker as default for the link on Clang
builds. It is possible to override the default linker by setting the LD build
flag.
The patch also updates the TF-A doc.
Change-Id: Ic08552b9994d4fa8f0d4863e67a2726c1dce2e35
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
This patch makes default build target as silicon instead of QEMU.
The default can be overwritten by specifying it through build flag
VERSAL_PLATFORM.
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Jolly Shah <jolly.shah@xilinx.com>
Change-Id: Ia4cb1df1f206db3e514e8ce969acca875e973ace
It's in fact mandatory. Seen with RPi firmware 1.20190925.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Change-Id: I80739b74f25817294adc52cfd26a3ec59c06f892
This toolchain provides multiple cross compilers and are publicly
available on developer.arm.com
We build TF-A in CI using:
AArch32 bare-metal target (arm-none-eabi)
AArch64 ELF bare-metal target (aarch64-none-elf)
Change-Id: I910200174d5bad985504d1af4a1ae5819b524003
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
NOTE for platform integrators:
API `plat_psci_stat_get_residency()` third argument
`last_cpu_idx` is changed from "signed int" to the
"unsigned int" type.
Issue / Trouble points
1. cpu_idx is used as mix of `unsigned int` and `signed int` in code
with typecasting at some places leading to coverity issues.
2. Underlying platform API's return cpu_idx as `unsigned int`
and comparison is performed with platform specific defines
`PLAFORM_xxx` which is not consistent
Misra Rule 10.4:
The value of a complex expression of integer type may only be cast to
a type that is narrower and of the same signedness as the underlying
type of the expression.
Based on above points, cpu_idx is kept as `unsigned int` to match
the API's and low-level functions and platform defines are updated
where ever required
Signed-off-by: Deepika Bhavnani <deepika.bhavnani@arm.com>
Change-Id: Ib26fd16e420c35527204b126b9b91e8babcc3a5c
Creating a Change Log Template for ALL to update with relevant
new features, changes, fixes and known issues for each upcoming
release of Trusted Firmware-A.
The contents of this file should be added to the collective change log
at the time of release code freeze.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Idfbdcef0d40b10312dc88b6e1cbe31856fda887e
Some platforms are extremely memory constrained and must split BL31
between multiple non-contiguous areas in SRAM. Allow the NOBITS
sections (.bss, stacks, page tables, and coherent memory) to be placed
in a separate region of RAM from the loaded firmware image.
Because the NOBITS region may be at a lower address than the rest of
BL31, __RW_{START,END}__ and __BL31_{START,END}__ cannot include this
region, or el3_entrypoint_common would attempt to invalidate the dcache
for the entire address space. New symbols __NOBITS_{START,END}__ are
added when SEPARATE_NOBITS_REGION is enabled, and the dcached for the
NOBITS region is invalidated separately.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: Idedfec5e4dbee77e94f2fdd356e6ae6f4dc79d37
Erratum 1688305 is a Cat B erratum present in r0p0, r0p1 versions
of Hercules core. The erratum can be avoided by setting bit 1 of the
implementation defined register CPUACTLR2_EL1 to 1 to prevent store-
release from being dispatched before it is the oldest.
Change-Id: I2ac04f5d9423868b6cdd4ceb3d0ffa46e570efed
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Before adding any new SPM-related components we should first do
some cleanup around the existing SPM-MM implementation. The aim
is to make sure that any SPM-MM components have names that clearly
indicate that they are MM-related. Otherwise, when adding new SPM
code, it could quickly become confusing as it would be unclear to
which component the code belongs.
The secure_partition.h header is a clear example of this, as the
name is generic so it could easily apply to any SPM-related code,
when it is in fact SPM-MM specific.
This patch renames the file and the two structures defined within
it, and then modifies any references in files that use the header.
Change-Id: I44bd95fab774c358178b3e81262a16da500fda26
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The Secure Partition Manager (SPM) prototype implementation is
being removed. This is preparatory work for putting in place a
dispatcher component that, in turn, enables partition managers
at S-EL2 / S-EL1.
This patch removes:
- The core service files (std_svc/spm)
- The Resource Descriptor headers (include/services)
- SPRT protocol support and service definitions
- SPCI protocol support and service definitions
Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
There are two different implementations of Secure Partition
management in TF-A. One is based on the "Management Mode" (MM)
design, the other is based on the Secure Partition Client Interface
(SPCI) specification. Currently there is a dependency between their
build flags that shouldn't exist, making further development
harder than it should be. This patch removes that
dependency, making the two flags function independently.
Before: ENABLE_SPM=1 is required for using either implementation.
By default, the SPCI-based implementation is enabled and
this is overridden if SPM_MM=1.
After: ENABLE_SPM=1 enables the SPCI-based implementation.
SPM_MM=1 enables the MM-based implementation.
The two build flags are mutually exclusive.
Note that the name of the ENABLE_SPM flag remains a bit
ambiguous - this will be improved in a subsequent patch. For this
patch the intention was to leave the name as-is so that it is
easier to track the changes that were made.
Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Provide an SMC interface to the 9p filesystem. This permits
accessing firmware drivers through a common interface, using
standardized read/write/control operations.
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I9314662314bb060f6bc02714476574da158b2a7d
Sphinx was showing the following warning message:
docs/getting_started/build-options.rst:200: WARNING: Bullet list ends
without a blank line; unexpected unindent.
Change-Id: Iad5d49c1e0d25dd623ad15bce1af31babf860c03
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-Wpadded warns whenever the C compiler automatically includes any
padding in a structure. Because TF-A has a large number of structures,
this occurs fairly frequently and is incredibly verbose, and as such is
unlikely to ever be fixed.
The utility of this warning is also extremely limited - knowing that a
structure includes padding does not point to the existence of an error,
and is probably quite unlikely to indicate actually buggy behaviour.
Therefore, it's probably best to keep this warning off at all times.
Change-Id: I0797cb75f06b4fea0d2fdc16fd5ad978a31d76ec
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Add the support needed to enable using CryptoCell integration with
with RSA 3K support.
Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com>
Change-Id: I95527cb0c41ae012109e8968dd20a4ae9fe67f17
This patch adds the Tegra194 SoC information to the nvidia-tegra.rst
file.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Id649a5ff1b3f70eeee34b508edb7965e7b7a2454
This patch enables LTO for TF-A when compiled with GCC.
LTO is disabled by default and is enabled by
ENABLE_LTO=1 build option.
LTO is enabled only for aarch64 as there seem to be
a bug in the aarch32 compiler when LTO is enabled.
The changes in the makefiles include:
- Adding -flto and associated flags to enable LTO.
- Using gcc as a wrapper at link time instead of ld.
This is recommended when using LTO as gcc internally
takes care of invoking the necessary plugins for LTO.
- Adding switches to pass options to ld.
- Adding a flag to disable fix for erratum cortex-a53-843419
unless explicitly enabled. This is needed because GCC
seem to automatically add the erratum fix when used
as a wrapper for LD.
Additionally, this patch updates the TF-A user guide with
the new build option.
Signed-off-by: zelalem-aweke <zelalem.aweke@arm.com>
Change-Id: I1188c11974da98434b7dc9344e058cd1eacf5468
The User Guide document has grown organically over time and
now covers a wide range of topics, making it difficult to
skim read and extract information from. Currently, it covers
these topics and maybe a couple more:
- Requirements (hardware, tools, libs)
- Checking out the repo
- Basic build instructions
- A comprehensive list of build flags
- FIP packaging
- Building specifically for Juno
- Firmware update images
- EL3 payloads
- Preloaded BL33 boot flow
- Running on FVPs
- Running on Juno
I have separated these out into a few groups that become new
documents. Broadly speaking, build instructions for the tools,
for TF-A generally, and for specific scenarios are separated.
Content relating to specific platforms (Juno and the FVPs are
Arm-specific platforms, essentially) has been moved into the
documentation that is specific to those platforms, under
docs/plat/arm.
Change-Id: Ica87c52d8cd4f577332be0b0738998ea3ba3bbec
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
From AArch64 state, arguments are passed in registers W0-W7(X0-X7)
and results are returned in W0-W7(X0-X7) for SMC32(SMC64) calls.
From AArch32 state, arguments are passed in registers R0-R7 and
results are returned in registers R0-R7 for SMC32 calls.
Most of the functions and macros already existed to support using
upto 8 registers for passing/returning parameters/results. Added
few helper macros for SMC calls from AArch32 state.
Link to the specification:
https://developer.arm.com/docs/den0028/c
Change-Id: I87976b42454dc3fc45c8343e9640aa78210e9741
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Both -Wmissing-field-initializers and -Wsign-compare are both covered by
-Wextra which is enabled at W=1 anyway. Therefore, the explicit options
are not required.
Change-Id: I2e7d95b5fc14af7c70895859a7ebbeac5bc0d2a4
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Complete the Library at ROM documentation with information regarding
the memory impact of the feature.
Change-Id: I5a10620a8e94f123021bb19523a36d558b330deb
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Some of the plantuml diagrams in the I/O storage abstraction layer
documentation are absent from the rendered version of the porting
guide. The build log (see [1] for example) reports a syntax error in
these files. This is due to the usage of the 'order' keyword on the
participants list, which does not seem to be supported by the version
of plantuml installed on the ReadTheDocs server.
Fix these syntax errors by removing the 'order' keyword altogether. We
simply rely on the participants being declared in the desired order,
which will be the order of display, according to the plantuml
documentation.
[1] https://readthedocs.org/api/v2/build/9870345.txt
Change-Id: Ife35c74cb2f1dac28bda07df395244639a8d6a2b
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
A small set of misc changes to ensure correctness before the v2.2
release tagging.
Change-Id: I888840b9483ea1a1633d204fbbc0f9594072101e
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Removed deprecated interfaces that have been removed from the TF-A
project, updated the deprecated list with new deprecations for v2.2
Release, added upcoming release information, remove mentions of PR from
github.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Change-Id: I2b59d351cde9860ad0dcb6520a8bd2827ad403cf
Giving a bit more background information about the issue tracker
and mailing lists.
Change-Id: I68921d54e3113d348f1e16c685f74d32df2ca19f
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The list of upstream platforms on the index page is growing
quite long, especially with all the FVP variants being listed
individually.
This patch leverages the "Platform Ports" chapter in the docs
table of contents to condense this information. Almost all
platform ports now have documentation, so the table of
contents serves as the list of upstream platforms by itself.
For those upstream platforms that do not have corresponding
documentation, the top-level "Platform Ports" page mentions
them individually. It also mentions each Arm FVP, just as
the index page did before.
Note that there is an in-progress patch that creates new
platform port documentation for the Arm Juno and Arm FVP
platforms, so this list of "other platforms" will soon be
reduced further as those platforms become part of the
table of contents as well.
Change-Id: I6b1eab8cba71a599d85a6e22553a34b07f213268
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The index.rst page is now the primary landing page for the TF-A
documentation. It contains quite a lot of content these days,
including:
- The project purpose and general intro
- A list of functionality
- A list of planned functionality
- A list of supported platforms
- "Getting started" links to other documents
- Contact information for raising issues
This patch creates an "About" chapter in the table
of contents and moves some content there. In order,
the above listed content:
- Stayed where it is. This is the right place for it.
- Moved to About->Features
- Moved to About->Features (in subsection)
- Stayed where it is. Moved in a later patch.
- Was expanded in-place
- Moved to About->Contact
Change-Id: I254bb87560fd09140b9e485cf15246892aa45943
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
We would need to update this version for the release but, in fact,
it is not required for our publishing workflow; the hosted version
of the docs uses git commit/tag information in place of these
variables anyway.
Instead of updating the version, just remove these variables
entirely.
Change-Id: I424c4e45786e87604e91c7197b7983579afe4806
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
User guide:
1. Remove obsolete note saying only FVP is supported with AArch32
2. Switch compiler for Juno AArch32 to arm-eabi
3. Mention SOFTWARE folder in Juno Linaro release
Index.rst:
1. Switch default FVP model to Version 11.6 Build 45
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: Ib47a2ea314e2b8394a20189bf91796de0e17de53
The version of the Linaro release that is used for testing was
updated in 35010bb8 and the user guide was updated with the
correct version, however the version is also mentioned on the
index page and that was missed. Update the index page with the
new version.
We can come back and de-duplicate this content later, to ease
future maintenance.
Change-Id: I3fe83d7a1c59ab8d3ce2b18bcc23e16c93f7af97
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Tidying up a few Sphinx warnings that had built-up over time.
None of these are critical but it cleans up the Sphinx output.
At the same time, fixing some spelling errors that were detected.
Change-Id: I38209e235481eed287f8008c6de9dedd6b12ab2e
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
This new page contains instructions for doing a local
build of the documentation, plus information on the environment
setup that needs to be done beforehand.
Change-Id: If563145ab40639cabbe25d0f62759981a33692c6
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The readme.rst and license.rst files in the project root overlap
with the index.rst and license.rst files in the docs/ folder. We
need to use the latter when building the documentation, as Sphinx
requires all included files to be under a common root. However,
the files in the root are currently used by the cgit and Github
viewers.
Using symlinks in Git presents some difficulties so the best
course of action is likely to leave these files but in stub form.
The license.rst file in the root will simply tell the reader to
refer to docs/license.rst.
The readme.rst file will contain a small amount of content that
is derived from the docs/index.rst file, so that the Github main
page will have something valid to show, but it will also contain
a link to the full documentation on ReadTheDocs.
Change-Id: I6dc46f08777e8d7ecb32ca7afc07a28486c9f77a
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Currently links between documents are using the format:
<path/to/><filename>.rst
This was required for services like GitHub because they render each
document in isolation - linking to another document is like linking
to any other file, just provide the full path.
However, with the new approach, the .rst files are only the raw
source for the documents. Once the documents have been rendered
the output is now in another format (HTML in our case) and so,
when linking to another document, the link must point to the
rendered version and not the .rst file.
The RST spec provides a few methods for linking between content.
The parent of this patch enabled the automatic creation of anchors
for document titles - we will use these anchors as the targets for
our links. Additional anchors can be added by hand if needed, on
section and sub-section titles, for example.
An example of this new format, for a document with the title
"Firmware Design" is :ref:`Firmware Design`.
One big advantage of this is that anchors are not dependent on
paths. We can then move documents around, even between directories,
without breaking any links between documents. Links will need to be
updated only if the title of a document changes.
Change-Id: I9e2340a61dd424cbd8fd1ecc2dc166f460d81703
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Add meson-g12a, qemu-sbsa and rpi4 to the documentation index so
that they will have their docs rendered and integrated into the
table of contents.
Change-Id: Id972bf2fee67312dd7bff29f92bea67842e62431
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Coherent I-cache is causing a prefetch violation where when the core
executes an instruction that has recently been modified, the core might
fetch a stale instruction which violates the ordering of instruction
fetches.
The workaround includes an instruction sequence to implementation
defined registers to trap all EL0 IC IVAU instructions to EL3 and a trap
handler to execute a TLB inner-shareable invalidation to an arbitrary
address followed by a DSB.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ic3b7cbb11cf2eaf9005523ef5578a372593ae4d6
Make the spinlock implementation use ARMv8.1-LSE CAS instruction based
on a platform build option. The CAS-based implementation used to be
unconditionally selected for all ARM8.1+ platforms.
The previous CAS spinlock implementation had a bug wherein the spin_unlock()
implementation had an `sev` after `stlr` which is not sufficient. A dsb is
needed to ensure that the stlr completes prior to the sev. Having a dsb is
heavyweight and a better solution would be to use load exclusive semantics
to monitor the lock and wake up from wfe when a store happens to the lock.
The patch implements the same.
Change-Id: I5283ce4a889376e4cc01d1b9d09afa8229a2e522
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
This patch introduces Qemu SBSA platform.
Both platform specific files where copied from qemu/qemu with changes for
DRAM base above 32bit and removal of ARMv7 conditional defines/code.
Documentation is aligned to rest of SBSA patches along the series and
planed changes in edk2-platform repo.
FixesARM-software/tf-issues#602
Signed-off-by: Radoslaw Biernacki <radoslaw.biernacki@linaro.org>
Change-Id: I8ebc34eedb2268365e479ef05654b2df1b99128c
- Updated Linaro release version number to 19.06
- Updated links to Linaro instructions and releases
- Removed the Linaro old releases link
Signed-off-by: zelalem-aweke <zelalem.aweke@arm.com>
Change-Id: Ib786728106961e89182b42183e7b889f6fc74190
* changes:
amlogic: g12a: Add support for the S905X2 (G12A) platform
amlogic: makefile: Use PLAT variable when possible
amlogic: sha_dma: Move register mappings to platform header
* changes:
rpi4: Add initial documentation file
rpi4: Add stdout-path to device tree
rpi4: Add GIC maintenance interrupt to GIC DT node
rpi4: Cleanup memory regions, move pens to first page
rpi4: Reserve resident BL31 region from non-secure world
rpi4: Amend DTB to advertise PSCI
rpi4: Determine BL33 entry point at runtime
rpi4: Accommodate "armstub8.bin" header at the beginning of BL31 image
Add basic support for Raspberry Pi 4
rpi3: Allow runtime determination of UART base clock rate
FDT helper functions: Respect architecture in PSCI function IDs
FDT helper functions: Add function documentation
* changes:
Migrate ARM platforms to use the new GICv3 API
Adding new optional PSCI hook pwr_domain_on_finish_late
GICv3: Enable multi socket GIC redistributor frame discovery
Introduce the preliminary support for the Amlogic S905X2 (G12A) SoC.
This port is a minimal implementation of BL31 capable of booting
mainline U-Boot and Linux. Tested on a SEI510 board.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ife958f10e815a4530292c45446adb71239f3367f
This PSCI hook is similar to pwr_domain_on_finish but is
guaranteed to be invoked with the respective core and cluster are
participating in coherency. This will be necessary to safely invoke
the new GICv3 API which modifies shared GIC data structures concurrently.
Change-Id: I8e54f05c9d4ef5712184c9c18ba45ac97a29eb7a
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This patch:
- Adds any leftover platform ports that were not having their
documentation built (not in the index.rst table of contents)
- Corrects a handful of RST formatting errors that cause poor
rendering
- Reorders the list of platforms so that they are displayed
in alphabetical order
Change-Id: If8c135a822d581c3c5c4fca2936d501ccfd2e94c
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
As the Raspberry Pi4 port is now in a usable state, add the build
instructions together with some background information to the
documentation directory.
The port differs quite a bit from the Raspberry Pi 3, so we use a
separate file for that.
Change-Id: I7d9f5967fdf3ec3bfe97d78141f59cbcf03388d4
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The documentation for Marvell platforms was not included in the
rendered document output until now because, while it was mostly
valid RST format, the files were saved with a .txt extension.
This patch corrects some RST formatting errors, creates a document
tree (index page) for the Marvell documents, and adds the Marvell
subtree to the main index.
Change-Id: Id7d4ac37eded636f8f62322a153e1e5f652ff51a
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The block size of some storage device is 4096-byte long, such as UFS. But
PARTITION_BLOCK_SIZE is defined as 512-byte long. So replace it by
PLAT_PARTITION_BLOCK_SIZE. Make it configurable in platform.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Change-Id: Iada05f7c646d0a0f2c0d3b8545540b3cb7153de3
This patch provides the following features and makes modifications
listed below:
- Individual APIAKey key generation for each CPU.
- New key generation on every BL31 warm boot and TSP CPU On event.
- Per-CPU storage of APIAKey added in percpu_data[]
of cpu_data structure.
- `plat_init_apiakey()` function replaced with `plat_init_apkey()`
which returns 128-bit value and uses Generic timer physical counter
value to increase the randomness of the generated key.
The new function can be used for generation of all ARMv8.3-PAuth keys
- ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`.
- New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions
generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively;
pauth_disable_el1()` and `pauth_disable_el3()` functions disable
PAuth for EL1 and EL3 respectively;
`pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from
cpu-data structure.
- Combined `save_gp_pauth_registers()` function replaces calls to
`save_gp_registers()` and `pauth_context_save()`;
`restore_gp_pauth_registers()` replaces `pauth_context_restore()`
and `restore_gp_registers()` calls.
- `restore_gp_registers_eret()` function removed with corresponding
code placed in `el3_exit()`.
- Fixed the issue when `pauth_t pauth_ctx` structure allocated space
for 12 uint64_t PAuth registers instead of 10 by removal of macro
CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h`
and assigning its value to CTX_PAUTH_REGS_END.
- Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions
in `msr spsel` instruction instead of hard-coded values.
- Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI.
Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
* changes:
Remove RSA PKCS#1 v1.5 support from cert_tool
Add documentation for new KEY_SIZE option
Add cert_create tool support for RSA key sizes
Support larger RSA key sizes when using MBEDTLS
Support for PKCS#1 v1.5 was deprecated in SHA 1001202 and fully removed
in SHA fe199e3, however, cert_tool is still able to generate
certificates in that form. This patch fully removes the ability for
cert_tool to generate these certificates.
Additionally, this patch also fixes a bug where the issuing certificate
was a RSA and the issued certificate was EcDSA. In this case, the issued
certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per
PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now
that PKCS#1 v1.5 support is removed, all certificates that are signed
with RSA now use the more modern padding scheme.
Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
This patch adds documentation for the new KEY_SIZE build option that is
exposed by cert_create, and instructions on how to use it.
Change-Id: I09b9b052bfdeeaca837e0f0026e2b01144f2472c
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Some of the platform (ie. Agilex) make use of CCU IPs which will only be
initialized during bl2_el3_early_platform_setup. Any operation to the
cache beforehand will crash the platform. Hence, this will provide an
option to skip the data cache invalidation upon bl2 entry at EL3
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I2c924ed0589a72d0034714c31be8fe57237d1f06
* changes:
amlogic: Fix includes order
amlogic: Fix header guards
amlogic: Fix prefixes in the SoC specific files
amlogic: Fix prefixes in the PM code
amlogic: Fix prefixes in the SCPI related code
amlogic: Fix prefixes in the MHU code
amlogic: Fix prefixes in the SIP/SVC code
amlogic: Fix prefixes in the thermal driver
amlogic: Fix prefixes in the private header file
amlogic: Fix prefixes in the efuse driver
amlogic: Fix prefixes in the platform macros file
amlogic: Fix prefixes in the helpers file
amlogic: Rework Makefiles
amlogic: Move the SIP SVC code to common directory
amlogic: Move topology file to common directory
amlogic: Move thermal code to common directory
amlogic: Move MHU code to common directory
amlogic: Move efuse code to common directory
amlogic: Move platform macros assembly file to common directory
amlogic: Introduce unified private header file
amlogic: Move SCPI code to common directory
amlogic: Move the SHA256 DMA driver to common directory
amlogic: Move assembly helpers to common directory
amlogic: Introduce directory parameters in the makefiles
meson: Rename platform directory to amlogic
This patch adds support for the Undefined Behaviour sanitizer. There are
two types of support offered - minimalistic trapping support which
essentially immediately crashes on undefined behaviour and full support
with full debug messages.
The full support relies on ubsan.c which has been adapted from code used
by OPTEE.
Change-Id: I417c810f4fc43dcb56db6a6a555bfd0b38440727
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
A new build flag, CTX_INCLUDE_MTE_REGS, has been added; this patch adds
documentation for it in the User Guide along with instructions of what
different values mean.
Change-Id: I430a9c6ced06b1b6be317edbeff4f5530e30f63a
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Meson is the internal code name for the SoC family. The correct name for
the platform should be Amlogic. Change the name of the platform
directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Icc140e1ea137f12117acbf64c7dcb1a8b66b345d
At the time of writting, GCC 8.3-2019.03 is the latest version available
on developer.arm.com.
Switch to bare-metal toolchain (arm-eabi-) for AArch32. This allows to
have a finer control on the use of floating-point and SIMD instructions.
Change-Id: I4438401405eae1e5f6d531b0162e8fa06f69135e
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
The features of the previously existing gentbl, genvar and genwrappers
scripts were reimplemented in the romlib_generator.py Python script.
This resulted in more readable and maintainable code and the script
introduces additional features that help dependency handling in
makefiles. The assembly templates were separated from the script logic
and were collected in the 'templates' directory.
The targets and their dependencies were reorganized in the makefile and
the dependency handling of included index files is possible now.
Incremental build is available in case of modifying the index files.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I79f65fab9dc5c70d1f6fc8f57b2a3009bf842dc5
Add uml sequence and class diagram to illustrate the behavior of the
storage abstraction layer.
Change-Id: I338262729f8034cc3d3eea1d0ce19cca973a91bb
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Currently we have some pre-rendered versions of certain diagrams
in SVG format. These diagrams have corresponding PlantUML source
that can be rendered automatically as part of the documentation
build, removing the need for any intermediate files.
This patch adds the Sphinx "plantuml" extension, replaces
references to the pre-rendered SVG files within the documents,
and finally removes the SVG files and helper script.
New requirements for building the docs are the
"sphinxcontrib-plantuml" Python module (added to the pip
requirements.txt file) and the Graphviz package (provides the
"dot" binary) which is in the Ubuntu package repositories.
Change-Id: I24b52ee40ff79676212ed7cff350294945f1b50d
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The project has been renamed from "Arm Trusted Firmware (ATF)" to
"Trusted Firmware-A (TF-A)" long ago. A few references to the old
project name that still remained in various places have now been
removed.
This change doesn't affect any platform files. Any "ATF" references
inside platform files, still remain.
Change-Id: Id97895faa5b1845e851d4d50f5750de7a55bf99e
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
px30 is a Quad-core soc and Cortex-a53 inside.
This patch supports the following functions:
1. basic platform setup
2. power up/off cpus
3. suspend/resume cpus
4. suspend/resume system
5. reset system
6. power off system
Change-Id: I73d55aa978096c078242be921abe0ddca9e8f67e
Signed-off-by: XiaoDong Huang <derrick.huang@rock-chips.com>
Neoverse N1 erratum 1275112 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR_EL1 system register, which delays instruction fetch after
branch misprediction.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: If7fe55fe92e656fa6aea12327ab297f2e6119833
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Neoverse N1 erratum 1262888 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUECTLR_EL1 system register, which disables the MMU hardware prefetcher.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: Ib733d748e32a7ea6a2783f3d5a9c5e13eee01105
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Neoverse N1 erratum 1262606 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR_EL1 system register, which delays instruction fetch after
branch misprediction.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: Idd980e9d5310232d38f0ce272862e1fb0f02ce9a
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Neoverse N1 erratum 1257314 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR3_EL1 system register, which prevents parallel
execution of divide and square root instructions.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: I54f0f40ff9043efee40d51e796b92ed85b394cbb
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Neoverse N1 erratum 1220197 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set two bits in the implementation defined
CPUECTLR_EL1 system register, which disables write streaming to the L2.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: I9c3373f1b6d67d21ee71b2b80aec5e96826818e8
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Neoverse N1 erratum 1207823 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR2_EL1 system register.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: Ia932337821f1ef0d644db3612480462a8d924d21
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Neoverse N1 erratum 1165347 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set two bits in the implementation defined
CPUACTLR2_EL1 system register.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: I163d0ea00578245c1323d2340314cdc3088c450d
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Neoverse N1 erratum 1130799 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR2_EL1 system register.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: I252bc45f9733443ba0503fefe62f50fdea61da6d
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Neoverse N1 erratum 1073348 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR_EL1 system register, which disables static prediction.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: I674126c0af6e068eecb379a190bcf7c75dcbca8e
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Credit to sam.ellis@arm.com for the input to create the list.
Change-Id: Id70a8eddc5f2490811bebb278482c61950f10cce
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
U-Boot should be compiled with stm32mp15_trusted_defconfig which is
supported since tag v2019.07-rc1 with commit [1].
The creation of the U-Boot binary with stm32 header is done at U-Boot
compilation step, it is no more required to call the extra command.
[1] https://git.denx.de/?p=u-boot.git;a=commit;h=015289580f81
Change-Id: Ia875c22184785fc2e02ad07993a649069cd5ce34
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Reference security specific build options from the user guide.
Change-Id: I0e1efbf47d914cf3c473104175c702ff1a80eb67
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Also sort alphabetically the links at the bottom, a couple of them were
not sorted.
Change-Id: I49a1dbe9e56a36c5fdbace8e4c8b9a5270bc2984
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
Neoverse N1 erratum 1315703 is a Cat A (rare) erratum [1], present in
older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined CPUACTLR2_EL1
system register, which will disable the load-bypass-store feature.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdocpjdoc-466751330-1032/index.html
Change-Id: I5c708dbe0efa4daa0bcb6bd9622c5efe19c03af9
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Automatic labelling of document titles is a prerequisite for
converting the format of cross-document links. Sphinx will
generate (via the enabled extension) a hidden link target for
each document title and this can be referred to later, from
another page, to link to the target.
The plugin options being used require Sphinx >= 2.0.0 so a
requirements.txt file has been added. This file is used with
the pip package manager for Python so that the correct
dependencies are installed.
Change-Id: Ic2049db5804aa4a6447608ba4299de958ce0a87d
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The workaround is added to the Cortex-A55 cpu specific file. The
workaround is disabled by default and have to be explicitly enabled by
the platform integrator.
Change-Id: I3e6fd10df6444122a8ee7d08058946ff1cc912f8
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
This patch adds the functionality needed for platforms to provide
Branch Target Identification (BTI) extension, introduced to AArch64
in Armv8.5-A by adding BTI instruction used to mark valid targets
for indirect branches. The patch sets new GP bit [50] to the stage 1
Translation Table Block and Page entries to denote guarded EL3 code
pages which will cause processor to trap instructions in protected
pages trying to perform an indirect branch to any instruction other
than BTI.
BTI feature is selected by BRANCH_PROTECTION option which supersedes
the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication
and is disabled by default. Enabling BTI requires compiler support
and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0.
The assembly macros and helpers are modified to accommodate the BTI
instruction.
This is an experimental feature.
Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3
is now made as an internal flag and BRANCH_PROTECTION flag should be
used instead to enable Pointer Authentication.
Note. USE_LIBROM=1 option is currently not supported.
Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
1) Fix links in "about" page
2) Put back the "contents" page with adjusted links
Change-Id: Id09140b91df5cf0a275149801d05d8cfeeda1c6e
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
1) Replace references to "Arm Trusted Firmware" with "TF-A"
2) Update issue tracker link
Change-Id: I12d827d49f6cc34e46936d7f7ccf44e32b26a0bd
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
The documentation contains plenty of notes and warnings. Enable
special rendering of these blocks by converting the note prefix
into a .. note:: annotation.
Change-Id: I34e26ca6bf313d335672ab6c2645741900338822
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
- Make the list of contributors into an actual list
- Use note syntax for the note
- Remove the Individuals heading since there are none
This file could be considered for removal as it is a legacy
document, as its note explains.
Change-Id: Idf984bc192af7a0ec367a6642ab99ccccf5df1a8
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Several code blocks do not specify a language for syntax
highlighting. This results in Sphinx using a default highlighter
which is Python.
This patch adds the correct language to each code block that doesn't
already specify it.
Change-Id: Icce1949aabfdc11a334a42d49edf55fa673cddc3
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
One of the current issues with the documentation is that terms and
abbreviations are frequently redefined. For example, we might have
a sentence like "... the SCP (System Control Processor) will ...".
These definitions might be repeated several times across pages, or
even within the same document. Equally, some of these abbreviations
are missed and are never expanded.
Sphinx provides a :term: keyword that takes some text and,
if that text is defined in a glossary document, links to its glossary
entry. Using this functionality will prevent repeated definitions
and will make the docs more maintainable by using a single
definition source.
The glossary added in this patch was created from a quick scrub of
the source code - there may be missing entries. The SDEI abbreviation
was used as an example.
Note that a global_substitutions file was created. This file contains
the RST 'replace' statements that convert plain text terms into linked
terms (by adding the ':term:' keyword to them). An example is:
.. |TF-A| replace:: :term:`TF-A`
The 'rst_prolog' variable in conf.py is used to inject this list of
replacements into each page. Terms must be surrounded with the pipe
character to be turned into links - this means that we can still
prevent certain terms from being linked if we don't want them to be.
Change-Id: I87010ed9cfa4a60011a9b4a431b98cb4bb7baa28
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
These are no longer needed as there will always be a table of contents
rendered to the left of every page.
Some of these lists can be quite long and, when opening a page, the
reader sees nothing but a huge list of contents! After this patch,
the document contents are front-and-centre and the contents are
nicely rendered in the sidebar without duplication.
Change-Id: I444754d548ec91d00f2b04e861de8dde8856aa62
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Required so that the advisory documents are all valid RST files (with a
header) and that they all integrate into the document tree.
Change-Id: I68ca2b0b9e648e24b460deb772c471a38518da26
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The platform port documents are not very standardised right now and
they don't integrate properly into the document tree so:
1) Make sure each port has a proper name and title (incl. owner)
2) Correct use of headings, subheadings, etc in each port
3) Resolve any naming conflicts between documents
Change-Id: I4c2da6f57172b7f2af3512e766ae9ce3b840b50f
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Required work to make all documents sit at the correct levels within
the document tree and any derived content like the table of contents
and the categories in the sidebar.
Change-Id: I4885fbe30864a87c8822ee67482b71fb46a8fbc6
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
This patch attempts to standardise the document titles as well as
adding titles to documents that were missing one. The aim is to
remove needless references to "TF-A" or "Trusted Firmware" in the
title of every document and to make sure that the title matches
with the document content.
Change-Id: I9b93ccf43b5d57e8dc793a5311b8ed7c4dd245cc
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Previously the readme.rst file served as the entrypoint for the
documentation. With a Sphinx build the top-level document is set
to be index.rst as it contains the primary document index.
This patch moves some content from readme.rst into index.rst and
splits the license information out into license.rst.
Change-Id: I5c50250b81136fe36aa9ceedaae302b44ec11e47
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
This change creates the following directories under docs/
in order to provide a grouping for the content:
- components
- design
- getting_started
- perf
- process
In each of these directories an index.rst file is created
and this serves as an index / landing page for each of the
groups when the pages are compiled. Proper layout of the
top-level table of contents relies on this directory/index
structure.
Without this patch it is possible to build the documents
correctly with Sphinx but the output looks messy because
there is no overall hierarchy.
Change-Id: I3c9f4443ec98571a56a6edf775f2c8d74d7f429f
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Add the essentials for supporting a Sphinx documentation build:
- A makefile under docs/ to invoke Sphinx with the desired output
format
- A Sphinx master configuration file (conf.py)
- A single, top-level index page (index.rst)
- The TF.org logo that is integrated in the the sidebar of the
rendered output
Change-Id: I85e67e939658638337ca7972936a354878083a25
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
1) One space was missing from the indentation and, hence, rendering error
was generated in the user guide.
2) Partially reword Pointer Authentication related info.
Change-Id: Id5e65d419ec51dd7764f24d1b96b6c9942d63ba4
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
The workarounds for errata 1257314, 1262606, 1262888 and 1275112 are
added to the Cortex-A76 cpu specific file. The workarounds are disabled
by default and have to be explicitly enabled by the platform integrator.
Change-Id: I70474927374cb67725f829d159ddde9ac4edc343
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch fixes this issue:
https://github.com/ARM-software/tf-issues/issues/660
The introduced changes are the following:
1) Some cores implement cache coherency maintenance operation on the
hardware level. For those cores, such as - but not only - the DynamIQ
cores, it is mandatory that TF-A is compiled with the
HW_ASSISTED_COHERENCY flag. If not, the core behaviour at runtime is
unpredictable. To prevent this, compile time checks have been added and
compilation errors are generated, if needed.
2) To enable this change for FVP, a logical separation has been done for
the core libraries. A system cannot contain cores of both groups, i.e.
cores that manage coherency on hardware and cores that don't do it. As
such, depending on the HW_ASSISTED_COHERENCY flag, FVP includes the
libraries only of the relevant cores.
3) The neoverse_e1.S file has been added to the FVP sources.
Change-Id: I787d15819b2add4ec0d238249e04bf0497dc12f3
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
On certain platforms it does not make sense to generate
TF-A binary images. For example a platform could make use of serveral
memory areas, which are non-continuous and the resulting binary
therefore would suffer from the padding-bytes.
Typically these platforms use the ELF image.
This patch introduces a variable DISABLE_BIN_GENERATION, which
can be set to '1' in the platform makefile to prevent the binary
generation.
Signed-off-by: Christoph Müllner <christophm30@gmail.com>
Change-Id: I62948e88bab685bb055fe6167d9660d14e604462
The current stack-protector support is for none, "strong" or "all".
The default use of the flag enables the stack-protection to all
functions that declare a character array of eight bytes or more in
length on their stack.
This option can be tuned with the --param=ssp-buffer-size=N option.
Change-Id: I11ad9568187d58de1b962b8ae04edd1dc8578fb0
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Since STM32MP1 platform supports different boards, it is necessary
to build for a particular board. With the current instructions, the
user has to modify the DTB_FILE_NAME variable in platform.mk for
building for a particular board, but this can be avoided by passing
the appropriate board DTB name via DTB_FILE_NAME make variable.
Hence document the same in platform doc.
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Change-Id: I16797e7256c7eb699a7b8846356fe430d0fe0aa1
* changes:
rockchip: document platform
rockchip: add support for rk3288
rockchip: add common aarch32 support
rockchip: rk3328: drop double declaration of entry_point storage
rockchip: Allow socs with undefined wfe check bits
rockchip: move pmusram assembler code to a aarch64 subdir
sp_min: allow inclusion of a platform-specific linker script
sp_min: make sp_min_warm_entrypoint public
drivers: ti: uart: add a aarch32 variant
This adds a rockchip.rst to docs/plat documenting the general
approach to using the Rockchip ATF platforms together with the
supported bootloaders and also adds myself as maintainer after
making sure Tony Xie is ok with that.
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Change-Id: Idce53d15eff4ac6de05bbb35d86e57ed50d0cbb9
Support booting OP-TEE as BL32 boot stage and secure runtime
service.
OP-TEE executes in internal RAM and uses a secure DDR area to store
the pager pagestore. Memory mapping and TZC are configured accordingly
prior OP-TEE boot. OP-TEE image is expected in OP-TEE v2 format where
a header file describes the effective boot images. This change
post processes header file content to get OP-TEE load addresses
and set OP-TEE boot arguments.
Change-Id: I02ef8b915e4be3e95b27029357d799d70e01cd44
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Under certain near idle conditions, DSU may miss response transfers on
the ACE master or Peripheral port, leading to deadlock. This workaround
disables high-level clock gating of the DSU to prevent this.
Change-Id: I820911d61570bacb38dd325b3519bc8d12caa14b
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Under specific conditions, the processor might issue an eviction and an
L2 cache clean operation to the interconnect in the wrong order. Set
the CPUACTLR.ENDCCASCI bit to 1 to avoid this.
Change-Id: Ide7393adeae04581fa70eb9173b742049fc3e050
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
On Cortex A9 an errata can cause the processor to violate the rules for
speculative fetches when the MMU is off but branch prediction has not
been disabled. The workaround for this is to execute an Invalidate
Entire Branch Prediction Array (BPIALL) followed by a DSB.
see:http://arminfo.emea.arm.com/help/topic/com.arm.doc.uan0009d/UAN0009_cortex_a9_errata_r4.pdf
for more details.
Change-Id: I9146c1fa7563a79f4e15b6251617b9620a587c93
Signed-off-by: Joel Hutton <Joel.Hutton@arm.com>
The implementation of the heap function plat_get_mbedtls_heap() becomes
mandatory for platforms supporting TRUSTED_BOARD_BOOT.
The shared Mbed TLS heap default weak function implementation is
converted to a helper function get_mbedtls_heap_helper() which can be
used by the platforms for their own function implementation.
Change-Id: Ic8f2994e25e3d9fcd371a21ac459fdcafe07433e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
The user guide documentation for the cert_create tool needs to
mention that a platform must have a platform_oid.h header file
in order to successfully build the cert_create tool when
USE_TBBR_DEFS is 0.
Change-Id: I77f86a022d207e88a79c97741be3eafbfa0c86f1
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The data structures in the auth-framework were changed by the previous
patch, and need to be updated.
Change-Id: Icfad2ac688d03d32aa93e45f930a375abbc164a9
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
The change-log.rst file does not use the same symbols
as the other documents when organising its headings,
sub-headings and so on. In order to compile these
documents together with Sphinx, forming a top-level
index and a consistent structure, it is necessary to
normalise these.
Change-Id: Ib4620ff03a9e76fec9e36e95549016c7b3fe12bb
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Update the documentation for trustedfirmware.org migration
Change-Id: Ibb7052b0becbec3326164f1503806ca2c2fd4dcc
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
These SPM-related specifications are mentioned in the readme and
the change log. Update references to these specs to make it clear
that they are in draft form and are expected to change.
Change-Id: Ia2791c48c371a828246d96f102a402747cd69f96
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The latest version of GCC are required to use the new features of TF-A.
Suggest to use the latest version available on developer.arm.com instead
of the version specified on the Linaro Release notes.
At the time of writing, GCC 8.2-2019.01 is the latest version available.
Change-Id: Idd5c00749e39ca9dc8b7c5623b5d64356c9ce6e5
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Update both the readme and user guide on their shared "platform"
section.
Change-Id: Ia1f30acda45ac8facdcb7d540800191cdf6cdacf
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Make sure the steps in the user guide are up to date and can be
performed out of the box.
Change-Id: Ib4d959aa771cf515f74e150aaee2fbad24c18c38
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
This is the temporary contents page that links
to all other documents (except platform ports).
This page is needed during the
trustedfirmware.org migration, before we have a
Sphinx rendering pipeline set up, because cgit
doesn't offer a good way to view rendered docs
while browsing the tree. We need to have a links
page that can be opened from the cgit 'about'
view.
Change-Id: I3ad87a9fa8a14dc8e371aac7ee473575fed316bf
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Fixed the below bugs:
1) Bug related to build flag V=1: if the flag was V=0, building with
ROMLIB would fail.
2) Due to a syntax bug in genwrappers.sh, index file entries marked as
"patch" or "reserved" were ignored.
3) Added a prepending hash to constants that genwrappers is generating.
4) Due to broken dependencies, currently the inclusion functionality is
intentionally not utilised. This is why the contents of romlib/jmptbl.i
have been copied to platform specific jmptbl.i files. As a result of the
broken dependencies, when changing the index files, e.g. patching
functions, a clean build is always required. This is a known issue that
will be fixed in the future.
Change-Id: I9d92aa9724e86d8f90fcd3e9f66a27aa3cab7aaa
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
Declare ENABLE_PAUTH and CTX_INCLUDE_PAUTH_REGS
build options as experimental.
Pointer Authentication is enabled for Non-secure world
irrespective of the value of these build flags if the
CPU supports it.
The patch also fixes the description of fiptool 'help' command.
Change-Id: I46de3228fbcce774a2624cd387798680d8504c38
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This erratum can only be worked around on revisions >= r3p0 because the
register that needs to be accessed only exists in those revisions[1].
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0438g/CIHEAAAD.html
Change-Id: I5d773547d7a09b5bd01dabcd19ceeaf53c186faa
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
The i.MX8M Mini is new SOC of the i.MX8M family. it is
focused on delivering the latest and greatest video and
audio experience combining state-of-the-art media-specific
features with high-performance processing while optimized
for lowest power consumption. The i.MX 8M Mini Media Applications
Processor is 14nm FinFET product of the growing i.MX8M family
targeting the consumer & industrial market. It is built in 14LPP
to achieve both high performance and low power consumption
and relies on a powerful fully coherent core complex based on
a quad Cortex-A53 cluster with video and graphics accelerators
this patch add the basic support for i.MX8MM.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Some files imported from the wiki are missing RST section headers and
other files are using inconsistent characters for the same header level.
Change-Id: I318c843f9bc8fb40074ef90827b9acac06463662
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Some security advisories did not contain a direct link to the CVE page
on mitre.org.
Change-Id: I80f8f27a25da3a76b564a3e49cafe5e253379f37
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
This patch covers two changes:
- Links that refer to GitHub are updated to point to the
relevant content on trustedfirmware.org
- Internal links between documents have been updated,
with the required .rst suffix being added or due
to a change in the relative locations of the files.
Change-Id: Ibf87da7d2ece726d1c94a9b33a2bbc3129de7779
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
With the TF wiki being migrated from GitHub to trustedfirmware.org,
some documents will be moved into the docs/ directory within the
repository rather than remaining as external content. The
appropriate action has been decided on a per-document basis.
Change-Id: Id0f615f3418369256f30d2e34e354a115389d105
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Some of the sections numbers have been incorrect since the document
structure has changed. Using references to sections rather than
hard-coded section numbers fixes the issue while making it more
future-proof to updates.
Change-Id: I80f5ab6a55a0073b1562a02ce2c9ec7d67cddfff
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
While converting the interrupt framework design document from Markdown
to reStructuredText format, see commit 6f62574767 ("Convert
documentation to reStructuredText"), the structure of the document was
changed and one of the titles got lost. Fix that.
Change-Id: Ib3e6c1f9f01f16108fde3b89ceb624bd54049d2f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Fix some typos and clarify some sentences.
Change-Id: Id276d1ced9a991b4eddc5c47ad9a825e6b29ef74
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
In AArch32, execution of 2 instructions with opposite condition code
might lead to either a data corruption or a CPU deadlock. Set the bit
12 of the Diagnostic Register to prevent this.
Change-Id: I22b4f25fe933e2942fd785e411e7c0aa39d5c1f4
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
The workarounds for these errata are so closely related that it is
better to only have one patch to make it easier to understand.
Change-Id: I0287fa69aefa8b72f884833f6ed0e7775ca834e9
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
This patch provides support for using the scatterfile format as
the linker script with the 'armlink' linker for Tegra platforms.
In order to enable the scatterfile usage the following changes
have been made:
* provide mapping for ld.S symbols in bl_common.h
* include bl_common.h from all the affected files
* update the makefile rules to use the scatterfile and armlink
to compile BL31
* update pubsub.h to add sections to the scatterfile
NOTE: THIS CHANGE HAS BEEN VERIFIED WITH TEGRA PLATFORMS ONLY.
Change-Id: I7bb78b991c97d74a842e5635c74cb0b18e0fce67
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The previous commit added the infrastructure to load and save
ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
didn't actually enable pointer authentication in the firmware.
This patch adds the functionality needed for platforms to provide
authentication keys for the firmware, and a new option (ENABLE_PAUTH) to
enable pointer authentication in the firmware itself. This option is
disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be
enabled.
Change-Id: I35127ec271e1198d43209044de39fa712ef202a5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
ARMv8.3-PAuth adds functionality that supports address authentication of
the contents of a register before that register is used as the target of
an indirect branch, or as a load.
This feature is supported only in AArch64 state.
This feature is mandatory in ARMv8.3 implementations.
This feature adds several registers to EL1. A new option called
CTX_INCLUDE_PAUTH_REGS has been added to select if the TF needs to save
them during Non-secure <-> Secure world switches. This option must be
enabled if the hardware has the registers or the values will be leaked
during world switches.
To prevent leaks, this patch also disables pointer authentication in the
Secure world if CTX_INCLUDE_PAUTH_REGS is 0. Any attempt to use it will
be trapped in EL3.
Change-Id: I27beba9907b9a86c6df1d0c5bf6180c972830855
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Concurrent instruction TLB miss and mispredicted return instruction
might fetch wrong instruction stream. Set bit 6 of CPUACTLR_EL1 to
prevent this.
Change-Id: I2da4f30cd2df3f5e885dd3c4825c557492d1ac58
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Streaming store under specific conditions might cause deadlock or data
corruption. Set bit 25:24 of CPUECTLR_EL1, which disables write
streaming to the L2 to prevent this.
Change-Id: Ib5cabb997b35ada78b27e75787afd610ea606dcf
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
TLBI VAAE1 or TLBI VAALE1 targeting a page within hardware page
aggregated address translation data in the L2 TLB might cause
corruption of address translation data. Set bit 59 of CPUACTLR2_EL1 to
prevent this.
Change-Id: I59f3edea54e87d264e0794f5ca2a8c68a636e586
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Internal timing conditions might cause the CPU to stop processing
interrupts. Set bit 13 of CPUACTLR_EL1 to prevent this.
Change-Id: Ifdd19dbcdb71bb0d9609cab1315c478aaedb03ba
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Implicit Error Synchronization Barrier (IESB) might not be correctly
generated in Cortex-A75 r0p0. To prevent this, IESB are enabled at all
expection levels.
Change-Id: I2a1a568668a31e4f3f38d0fba1d632ad9939e5ad
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Broadcast maintainance operations might not be correctly synchronized
between cores. Set bit 7 of S3_0_C15_C0_2 to prevent this.
Change-Id: I67fb62c0b458d44320ebaedafcb8495ff26c814b
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
This adds BL31 support to Intel Stratix10 SoCFPGA platform. BL31 in TF-A
supports:
- PSCI calls to enable 4 CPU cores
- PSCI mailbox calls for FPGA reconfiguration
Signed-off-by: Loh Tien Hock <tien.hock.loh@intel.com>
A link to st.com page describing STM32MP1 is added.
Add the information about Cortex-M4 embedded in STM32MP1.
Correct typo for u-boot command.
Change-Id: Ie900f6ee59461c5e7ad8a8b06854abaf41fca3ce
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This documentation contains information about the boot sequence,
code location and build procedure for fvp_ve platform.
Change-Id: I339903f663cc625cfabc75ed8e4accb8b2c3917c
Signed-off-by: Usama Arif <usama.arif@arm.com>
Change-Id: I2b75be16f452a8ab7c2445ccd519fb057a135812
Co-authored-by: John Tsichritzis <john.tsichritzis@arm.com>
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
Commit 2559b2c825 ("xlat v2: Dynamically detect need for CnP bit")
modified the code to convert the compile-time check for ARMv8.2-TTCNP to
a runtime check, but forgot to update the documentation associated to it.
Change-Id: I6d33a4de389d976dbdcce65d8fdf138959530669
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Platforms are not allowed to use any file inside include/plat/arm or
plat/arm to prevent dependencies between Arm platforms and non-Arm
platforms.
Change-Id: I6dc336ab71134c8d2758761fac0e4716e2d7e6ff
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Using Sphinx linkcheck on the TF-A docs revealed some broken
or permanently-redirected links. These have been updated where
possible.
Change-Id: Ie1fead47972ede3331973759b50ee466264bd2ee
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Just like has been done in the porting guide a couple of patches
earlier, kill all escaped underscore characters in all documents.
Change-Id: I7fb5b806412849761d9221a6ce3cbd95ec43d611
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Fix links to SCC and FreeBSD. Direct links do not need any special
formatting.
Change-Id: I00f7343d029a30ec02dfaa0ef393b3197260cab9
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Replace all occurences of escaped underscore characters by plain ones.
This makes the text version of the porting guide easier to read and
grep into.
Change-Id: I7bf3b292b686be4c6d847a467b6708ac16544c90
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
This patch adds information about the Tegra186 platforms to the
docs.
Change-Id: I69525c60a0126030dc15505ec7f02ccf8250be6f
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch introduces a build option 'OVERRIDE_LIBC' that platforms
can set to override libc from the BL image. The default value is '0'
to keep the library.
Change-Id: I10a0b247f6a782eeea4a0359e30a8d79b1e9e4e1
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Also, update platform_def.h guidelines about includes in the porting
guide.
Change-Id: I1ae338c9dd3242b309f6d53687ba2cb755d488c3
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
ARM_PLAT_MT build flag is specific to Arm platforms so should not
be classified as a common build option.
Change-Id: I79e411958846759a5b60d770e53f44bbec5febe6
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Commit ed51b51f7a ("Remove build option LOAD_IMAGE_V2") intended
to remove all code related to LOAD_IMAGE_V2=0 but missed a few things.
Change-Id: I16aaf52779dd4af1e134e682731328c5f1e5d622
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Sections 2.2, 2.3 and 2.4 contained example code blocks that were not
being formatted properly due to missing newlines.
Change-Id: I0dbce90c931cf69e4f47d2ccbcc8bc0e20f8fd66
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
This reverts commit 2f37046524 ("Add support for the SMC Calling
Convention 2.0").
SMCCC v2.0 is no longer required for SPM, and won't be needed in the
future. Removing it makes the SMC handling code less complicated.
The SPM implementation based on SPCI and SPRT was using it, but it has
been adapted to SMCCC v1.0.
Change-Id: I36795b91857b2b9c00437cfbfed04b3c1627f578
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch adds more details on #include directive use, including (pun
not intended) the desired ordering, grouping and variants (<> or "").
Change-Id: Ib024ffc4d3577c63179e1bbc408f0d0462026312
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
This patch attempts to make the guidelines clearer by reordering
the sections and grouping similar topics.
Change-Id: I1418d6fc060d6403fe3e1978f32fd54b8793ad5b
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Adds a link from user-guide.rst to coding-guidelines.rst and merges
the information about using checkpatch from both files into the user
guide document.
Change-Id: Iffbb4225836a042d20024faf28b8bdd6b2c4043e
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
This content has been imported and adapted from the TF GitHub wiki
article 'ARM-Trusted-Firmware-Coding-Guidelines'.
The aim is to increase the visibility of the coding guidelines by
including them as part of the documentation that is within the TF
repository.
Additionally, the documentation can then be linked to by other
documents in the docs/ directory without worrying about broken links
to, for example, the external wiki.
Change-Id: I9d8cd6b5117b707c1a113baeba7fc5e1b4bf33bc
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
On ARM platforms, the BL2 memory can be overlaid by BL31/BL32. The memory
descriptors describing the list of executable images are created in BL2
R/W memory, which could be possibly corrupted later on by BL31/BL32 due
to overlay. This patch creates a reserved location in SRAM for these
descriptors and are copied over by BL2 before handing over to next BL
image.
Also this patch increases the PLAT_ARM_MAX_BL2_SIZE for juno when TBBR
is enabled.
FixesARM-Software/tf-issues#626
Change-Id: I755735706fa702024b4032f51ed4895b3687377f
Signed-off-by: Sathees Balya <sathees.balya@arm.com>
The non secure world would like to profile the boot path for
the EL3 and S-EL1 firmwares. To allow it to do that, a non-secure
DRAM region (4K) is allocated and the base address is passed to
the EL3 firmware.
This patch adds a library to allow the platform code to store the
tag:timestamp pair to the shared memory. The tegra platform code
then uses the `record` method to add timestamps.
Original change by Akshay Sharan <asharan@nvidia.com>
Change-Id: Idbbef9c83ed84a508b04d85a6637775960dc94ba
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch updates the WaRP7 build descriptions for booting WaRP7 in
Trusted Board Boot mode. TBB is the only mode we really intend to support
for this board so rather than maintain documentation for the old way of
doing it, this patch updates the description for TBB mode only.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
This patch adds capability to read the boot flag to enable L2 ECC
and Parity Protection bit for the Cortex-A57 CPUs. The previous
bootloader sets this flag value for the platform.
* with some coverity fix:
MISRA C-2012 Directive 4.6
MISRA C-2012 Rule 2.5
MISRA C-2012 Rule 10.3
MISRA C-2012 Rule 10.4
Change-Id: Id7303bbbdc290b52919356c31625847b8904b073
Signed-off-by: Harvey Hsieh <hhsieh@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Corrects typos in core code, documentation files, drivers, Arm
platforms and services.
None of the corrections affect code; changes are limited to comments
and other documentation.
Change-Id: I5c1027b06ef149864f315ccc0ea473e2a16bfd1d
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Enforce full include path for includes. Deprecate old paths.
The following folders inside include/lib have been left unchanged:
- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}
The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).
For example, this patch had to be created because two headers were
called the same way: e0ea0928d5 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3a2 ("drivers: add tzc380 support").
This problem was introduced in commit 4ecca33988 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.
Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.
Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch updates the user guide instructions for
RESET_TO_SP_MIN and RESET_TO_BL31 cases. The load
address for BL31 had to be updated because of increase
in code size. Also, information about PIE support when
RESET_TO_BL31=1 for FVP is added.
In the case of RESET_TO_SP_MIN, the RVBAR address
was wrong in the instruction. This is also corrected
in the patch.
Change-Id: I65fe6d28c5cf79bee0a11fbde320d49fcc1aacf5
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Crash reporting via the default consoles registered by MULTI_CONSOLE_API
has been broken since commit d35cc34 (Console: Use callee-saved
registers), which was introduced to allow console drivers written in C.
It's not really possible with the current crash reporting framework to
support console drivers in C, however we should make sure that the
existing assembly drivers that do support crash reporting continue to
work through the MULTI_CONSOLE_API.
This patch fixes the problem by creating custom console_putc() and
console_flush() implementations for the crash reporting case that do not
use the stack. Platforms that want to use this feature will have to link
plat/common/aarch64/crash_console_helpers.S explicitly.
Also update the documentation to better reflect the new reality (of this
being an option rather than the expected default for most platforms).
Change-Id: Id0c761e5e2fddaf25c277bc7b8ab603946ca73cb
Signed-off-by: Julius Werner <jwerner@chromium.org>
i.MX8MQ is new SOC of NXP's i.MX8M family based on
A53. It can provide industry-leading audio, voice
and video processing for applications that scale
from consumer home audio to industrial building
automation and mobile computers
this patchset add the basic supoort to boot up
the 4 X A53. more feature will be added later.
Signed-off-by: Bai Ping <ping.bai@nxp.com>
Add description for memory layouts used by EspressoBin v7 (DDR4)
Change-Id: I199d8b52580b26e560f14b503a6e99d32de4f284
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Reviewed-on: http://vgitil04.il.marvell.com:8080/61279
Reviewed-by: Stefan Chulski <stefanc@marvell.com>
Tested-by: iSoC Platform CI <ykjenk@marvell.com>
The default Raspberry Pi 3 memory mapping for ATF is geared towards
the use of uboot + Linux. This creates issues when trying to use
ATF with an UEFI payload and Windows on ARM64.
We therefore introduce new build option RPI3_USE_UEFI_MAP, that
enables the build process to use an alternate memory mapping that
is compatible with UEFI + Windows (as well as UEFI + Linux).
FixesARM-software/tf-issues#649
Signed-off-by: Pete Batard <pete@akeo.ie>
Add a dependency for building EL3 exception handling framework(EHF)
module with the secure partition manager(SPM).
The EHF module is needed for raising the core's running priority
before the core enters the secure partition, and lowering it
subsequently on exit from the secure partition.
Change-Id: Icbe2d0a63f00b46dc593ff3d86b676c9333506c3
Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>
Some OSes (e.g. Ubuntu 18.04 LTS on Raspberry Pi 3) may disable the
runtime UART in a manner that prevents the system from rebooting if
ATF tries to send runtime messages there.
Also, we don't want the firmware to share the UART with normal
world, as this can be a DoS attack vector into the secure world.
This patch fixes these 2 issues by introducing new build option
RPI3_RUNTIME_UART, that disables the runtime UART by default.
FixesARM-software/tf-issues#647
Signed-off-by: Pete Batard <pete@akeo.ie>
Xilinx is introducing Versal, an adaptive compute acceleration platform
(ACAP), built on 7nm FinFET process technology. Versal ACAPs combine Scalar
Processing Engines, Adaptable Hardware Engines, and Intelligent Engines with
leading-edge memory and interfacing technologies to deliver powerful
heterogeneous acceleration for any application. The Versal AI Core series has
five devices, offering 128 to 400 AI Engines. The series includes dual-core Arm
Cortex-A72 application processors, dual-core Arm Cortex-R5 real-time
processors, 256KB of on-chip memory with ECC, more than 1,900 DSP engines
optimized for high-precision floating point with low latency.
This patch adds Virtual QEMU platform support for
this SoC "versal_virt".
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
This option allows the Trusted Firmware to directly jump to Linux
kernel for aarch32 without the need of an intermediate loader such
as U-Boot.
Similar to AArch64 ARM_LINUX_KERNEL_AS_BL33 only available with
RESET_TO_SP_MIN=1 as well as BL33 and DTB are preloaded in memory.
Change-Id: I908bc1633696be1caad0ce2f099c34215c8e0633
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Platforms that wish to use the sample functions have to add the file to
their Makefile. It is not included by default.
Change-Id: I713617bb58dc218967199248f68da86241d7ec40
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
When a device tree blob is present at a known address, instead of, for
example, relying on the user modifying the Linux command line to warn
about the memory reserved for the Trusted Firmware, pass it on the DTB.
The current code deletes the memory reserved for the default bootstrap
of the Raspberry Pi and adds the region used by the Trusted Firmware.
This system replaces the previous one consisting on adding
``memmap=16M$256M`` to the Linux command line. It's also meant to be
used by U-Boot and any other bootloader that understands DTB files.
Change-Id: I13ee528475fb043d6e8d9e9f24228e37ac3ac436
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Some of COMPHY parameters depends on the hw connection between the SoC
and the PHY, which can vary on different boards e.g. due to different
wires length. Define the "porting layer" with some defaults
parameters. It ease updating static values which needs to be updated due
to board differences, which are now grouped in one place.
Example porting layer for a8k-db is under:
plat/marvell/a8k/a80x0/board/phy-porting-layer.h
If for some boards parameters are not defined (missing
phy-porting-layer.h), the default values are used
(drivers/marvell/comphy/phy-default-porting-layer.h)
and the following compilation warning is show:
"Using default comphy params - you may need to suit them to your board".
The common COMPHY driver code is extracted in order to be shared with
future COMPHY driver for A3700 SoC platforms
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
Signed-off-by: Igal Liberman <igall@marvell.com>
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Reference code:
==============
rar_gen3: IPL and Secure Monitor Rev1.0.22
https://github.com/renesas-rcar/arm-trusted-firmware [rcar_gen3]
Author: Takuya Sakata <takuya.sakata.wz@bp.renesas.com>
Date: Thu Aug 30 21:26:41 2018 +0900
Update IPL and Secure Monitor Rev1.0.22
General Information:
===================
This port has been tested on the Salvator-X Soc_id r8a7795 revision
ES1.1 (uses an SPD).
Build Tested:
-------------
ATFW_OPT="LSI=H3 RCAR_DRAM_SPLIT=1 RCAR_LOSSY_ENABLE=1"
MBEDTLS_DIR=$mbedtls
$ make clean bl2 bl31 rcar PLAT=rcar ${ATFW_OPT} SPD=opteed
Other dependencies:
------------------
* mbed_tls:
git@github.com:ARMmbed/mbedtls.git [devel]
Merge: 68dbc94 f34a4c1
Author: Simon Butcher <simon.butcher@arm.com>
Date: Thu Aug 30 00:57:28 2018 +0100
* optee_os:
https://github.com/BayLibre/optee_os
Until it gets merged into OP-TEE, the port requires Renesas' Trusted
Environment with a modification to support power management.
Author: Jorge Ramirez-Ortiz <jramirez@baylibre.com>
Date: Thu Aug 30 16:49:49 2018 +0200
plat-rcar: cpu-suspend: handle the power level
Signed-off-by: Jorge Ramirez-Ortiz <jramirez@baylibre.com>
* u-boot:
The port has beent tested using mainline uboot.
Author: Fabio Estevam <festevam@gmail.com>
Date: Tue Sep 4 10:23:12 2018 -0300
*linux:
The port has beent tested using mainline kernel.
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Sun Sep 16 11:52:37 2018 -0700
Linux 4.19-rc4
Overview
---------
BOOTROM starts the cpu at EL3; In this port BL2 will therefore be entered
at this exception level (the Renesas' ATF reference tree [1] resets into
EL1 before entering BL2 - see its bl2.ld.S)
BL2 initializes DDR (and i2c to talk to the PMIC on some platforms)
before determining the boot reason (cold or warm).
During suspend all CPUs are switched off and the DDR is put in
backup mode (some kind of self-refresh mode). This means that BL2 is
always entered in a cold boot scenario.
Once BL2 boots, it determines the boot reason, writes it to shared
memory (BOOT_KIND_BASE) together with the BL31 parameters
(PARAMS_BASE) and jumps to BL31.
To all effects, BL31 is as if it is being entered in reset mode since
it still needs to initialize the rest of the cores; this is the reason
behind using direct shared memory access to BOOT_KIND_BASE and
PARAMS_BASE instead of using registers to get to those locations (see
el3_common_macros.S and bl31_entrypoint.S for the RESET_TO_BL31 use
case).
Depending on the boot reason BL31 initializes the rest of the cores:
in case of suspend, it uses a MBOX memory region to recover the
program counters.
[1] https://github.com/renesas-rcar/arm-trusted-firmware
Tests
-----
* cpuidle
-------
enable kernel's cpuidle arm_idle driver and boot
* system suspend
--------------
$ cat suspend.sh
#!/bin/bash
i2cset -f -y 7 0x30 0x20 0x0F
read -p "Switch off SW23 and press return " foo
echo mem > /sys/power/state
* cpu hotplug:
------------
$ cat offline.sh
#!/bin/bash
nbr=$1
echo 0 > /sys/devices/system/cpu/cpu$nbr/online
printf "ONLINE: " && cat /sys/devices/system/cpu/online
printf "OFFLINE: " && cat /sys/devices/system/cpu/offline
$ cat online.sh
#!/bin/bash
nbr=$1
echo 1 > /sys/devices/system/cpu/cpu$nbr/online
printf "ONLINE: " && cat /sys/devices/system/cpu/online
printf "OFFLINE: " && cat /sys/devices/system/cpu/offline
Signed-off-by: ldts <jramirez@baylibre.com>
Pointer authentication is an Armv8.3 feature that introduces
instructions that can be used to authenticate and verify pointers.
Pointer authentication instructions are allowed to be accessed from all
ELs but only when EL3 explicitly allows for it; otherwise, their usage
will trap to EL3. Since EL3 doesn't have trap handling in place, this
patch unconditionally disables all related traps to EL3 to avoid
potential misconfiguration leading to an unhandled EL3 exception.
FixesARM-software/tf-issues#629
Change-Id: I9bd2efe0dc714196f503713b721ffbf05672c14d
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The BLE is the pre-TF-A boot stage required by Marvell Armada
BootROM for bringing up DRAM and allow the boot image copy to it.
Since this is not a standard boot level and only uses the TF-A
as a build environment, it was introduced out of source tree.
However it turns out that such remote location introduces additional
complexity to the upstream TF-A build process.
In order to simplify the build environment the BLE source folder
is relocated from the external repository to A8K platform directory.
The build documentation is updated accordingly.
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
This patch introduces a build flag "RECLAIM_INIT_CODE" to mark boot time
code which allows platforms to place this memory in an appropriate
section to be reclaimed later. This features is primarily targeted for
BL31. Appropriate documentation updates are also done.
Change-Id: If0ca062851614805d769c332c771083d46599194
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
This option makes it hard to optimize the memory definitions of all Arm
platforms because any change in the common defines must work in all of
them. The best thing to do is to remove it and move the definition to
each platform's header.
FVP, SGI and SGM were using the definitions in board_arm_def.h. The
definitions have been copied to each platform's platform_def.h. Juno
was already using the ones in platform_def.h, so there have been no
changes.
Change-Id: I9aecd11bbc72a3d0d7aad1ef9934d8df21dcfaf2
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Information regarding platform compatibility policy
is added to the documentation.
Change-Id: If9f2a11160f81354ee2c678f0fca9d67fc7366e6
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The code of LOAD_IMAGE_V2=0 has been removed.
Change-Id: Iea03e5bebb90c66889bdb23f85c07d0c9717fffe
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
A compatibility script has been provided for about 2 years. Users should
have migrated to fiptool by now so remove the compat script.
Change-Id: I643e0c40a9e3fb428bad3be04a82cb431aad74dc
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
- Linaro binaries: 18.04
- mbed TLS library: 2.12.0
- FVP model versions: 11.4 build 37
This patch updates the user guide documentation to reflect these
changes to the dependencies.
Change-Id: I454782ca43a0db43aeeef2ab3622f4dea9dfec55
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch describes the boot-flow and building of the WaRP7 TF-A port.
What it describes is booting and unsigned TF-A.
A very brief section has been added on signing BL2 which is in no-way
comprehensive. For a comprehensive description of the signing process try
the Boundary Devices blog on the matter.
https://boundarydevices.com/high-assurance-boot-hab-dummies/
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
This patch introduces the shared Mbed TLS heap optimisation for Arm
platforms. The objective is the Mbed TLS heap to be shared between BL1
and BL2 so as to not allocate the heap memory twice. To achieve that,
the patch introduces all the necessary helpers for implementing this
optimisation. It also applies it for FVP.
Change-Id: I6d85eaa1361517b7490956b2ac50f5fa0d0bb008
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
The Mbed TLS drivers, in order to work, need a heap for internal usage.
This heap, instead of being directly referenced by the drivers, now it
is being accessed indirectly through a pointer. Also, the heap, instead
of being part of the drivers, now it is being received through the
plat_get_mbedtls_heap() function. This function requests a heap from the
current BL image which utilises the Mbed TLS drivers.
Those changes create the opportunity for the Mbed TLS heap to be shared
among different images, thus saving memory. A default heap
implementation is provided but it can be overridden by a platform
specific, optimised implemenetation.
Change-Id: I286a1f10097a9cdcbcd312201eea576c18d157fa
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
Update build manual
- remove irrelevant platforms and environemnt variables
- add links to BLE and mv_ddr Github repositories
Change-Id: Ie389c61f014751cdc0459b3f78c70ede694d27b8
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
This function diplays the backtrace, the current EL and security state
to allow a post-processing tool to choose the right binary to interpret
the dump.
The output can be fed to GNU addr2line to resolve function names given
an ELF binary compiled with debug information. The "-i" flag is
recommended to improve display in case of inlined functions. The *.dump
files generated during the build process can also be used.
The function works in AArch64 and AArch32. In AArch32 it only works in
A32 mode (without T32 interworking), which is enforced in the Makefile.
Sample output of a backtrace at EL3:
BACKTRACE: START: function_name
0: EL3: 0x798
1: EL3: 0x538
2: EL3: 0x550
3: EL3: 0x55c
4: EL3: 0x568
5: EL3: 0x5a8
6: EL3: 0xf4
BACKTRACE: END: function_name
In order to enable it the new option ENABLE_BACKTRACE must be set to 1.
This option is set to 1 by default only in AArch64 debug builds. As
usual, it can be overridden by the platform makefile and in the build
command line.
Change-Id: Icaff39b0e5188329728be2f3c72b868b2368e794
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
At the moment the AArch32 instruction set isn't specified in the command
line, which means that the compiler is free to choose the one it sees
fit. This decision may change between compiler versions, so it is better
to specify it manually.
The build option AARCH32_INSTRUCTION_SET has been introduced for this
reason. This option can be set to T32 or A32 to pass the correct flags
to the compiler.
The current behaviour is to default to T32 due to it's smaller size.
Change-Id: I02297eb1d9404b5868ff7c054fbff9b3cda7fdb6
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch fixes a bug in the context management code that causes it to
ignore the HANDLE_EA_EL3_FIRST compile-time option and instead always
configure SCR_EL3 to force all external aborts to trap into EL3. The
code used #ifdef to read compile-time option declared with add_define in
the Makefile... however, those options are always defined, they're just
defined to either 0 or 1, so #if is the correct syntax to check for
them. Also update the documentation to match.
This bug has existed since the Nov 2017 commit 76454abf4 (AArch64:
Introduce External Abort handling), which changed the
HANDLE_EA_EL3_FIRST option to use add_define.
Change-Id: I7189f41d0daee78fa2fcf4066323e663e1e04d3d
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change their names to printf and snprintf. They are much smaller than
the previous versions we had, which makes them better suited for the
Trusted Firmware.
Change-Id: Ia872af91b7b967c47fce012eccecede7873a3daf
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Taken from http://git.simple-cc.org/scc/ from the following commit:
67508ad14af314cea2229783d3c084f28c41daf0
Permission has been granted from the author to use them under the
license BSD-3-Clause instead of ISC.
Change-Id: I65c0ce3ab60c49d34a57533af12a74bd7bde88e5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Memory Partitioning And Monitoring is an Armv8.4 feature that enables
various memory system components and resources to define partitions.
Software running at various ELs can then assign themselves to the
desired partition to control their performance aspects.
With this patch, when ENABLE_MPAM_FOR_LOWER_ELS is set to 1, EL3 allows
lower ELs to access their own MPAM registers without trapping to EL3.
This patch however doesn't make use of partitioning in EL3; platform
initialisation code should configure and use partitions in EL3 if
required.
Change-Id: I5a55b6771ccaa0c1cffc05543d2116b60cbbcdcd
Co-authored-by: James Morse <james.morse@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
If the system is in near idle conditions, this erratum could cause a
deadlock or data corruption. This patch applies the workaround that
prevents this.
This DSU erratum affects only the DSUs that contain the ACP interface
and it was fixed in r2p0. The workaround is applied only to the DSUs
that are actually affected.
Link to respective Arm documentation:
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.epm138168/index.html
Change-Id: I033213b3077685130fc1e3f4f79c4d15d7483ec9
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
Change-Id: I341440701b7e5e3555e604dd9d0a356795e6c4fb
Signed-off-by: Hanna Hawa <hannah@marvell.com>
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Add address decoding unit drivers for Marvell SoCs.
Address decoding flow and address translation units chart
are located at docs/marvell/misc/mvebu-a8k-addr-map.txt
Change-Id: Id6ce311fa1f4f112df3adfac5d20449f495f71ed
Signed-off-by: Hanna Hawa <hannah@marvell.com>
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
The Non-secure DRAM region shouldn't be protected in the range specified
in the Linux command line with memmap.
This change also increases the size of the Secure DRAM region.
Change-Id: I306e9e443a84b834c99739f54a534a3ca3be2424
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
In the memory map of the documentation the kernel only had 16MiB of
allocated space. This leaves very little room for growth, so the
addresses of the DTB and the kernel have been interchanged.
The documentation has been updated to reflect this change.
Change-Id: Ib6eab69f047fa88561fb755397ce3a0b356c8860
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Add information about direct Linux kernel boot for kernels that support
PSCI.
Change-Id: I05f76aa36398edabf411cb25a646437af1862e6e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
It uses the hardware RNG in a similar way as Juno (it gets 128 bits of
entropy and does xor on them).
It is disabled by default.
Change-Id: I8b3adb61f5a5623716e0e8b6799404c68dd94c60
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
There is no way to boot BL31 at the addresses specified in the platform
memory map unless an extra loader is used at address 0x00000000. It is
better to remove it to prevent confusion. Having it enabled was a bug.
Change-Id: I3229fbc080f5996cff47efce8e799bae94e0d5cb
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Add a new default makefile target to concatenate BL1 and the FIP and
generate armstub8.bin. This way it isn't needed to do it manually.
Documentation updated to reflect the changes.
Change-Id: Id5b5b1b7b9f87767db63fd01180ddfea855a7207
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Running optee_test failed because SEC_DRAM0_SIZE is too small. Previous
is 2 MB. We enlarge it to 11 MB for passing the test. Also we reduce
the NS_DRAM0_SIZE from 13MB to 4MB so that the whole section is still
fit in 16MB.
This commit also modified the document to reflect the changes we've
made in code.
Tested-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Implement minimal interrupt routing functions. All interrupts are
treated as non-secure interrupts to be handled by the non-secure world.
Add note to the documentation about disabling FIQs qhen using OP-TEE
with Linux.
Change-Id: I937096542d973925e43ae946c5d0b306d0d95a94
Tested-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The user guide didn't contain any information about the
requirements of the clang version needed by TF, which is
at least 4.0.
Change-Id: I1ea120aca0fb2c0950fbeaf6978c654ec277afde
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Add paragraph for how to enable Trusted Board Boot for rpi3
Tested-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
For Trusted Board Boot we enlarge the BL1 size from 64k to 128k.
Tested-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
The H6 is Allwinner's most recent SoC. It shares most peripherals with the
other ARMv8 Allwinner SoCs (A64/H5), but has a completely different memory
map.
Introduce a separate platform target, which includes a different header
file to cater for the address differences. Also add the new build target
to the documentation.
The new ATF platform name is "sun50i_h6".
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Update documentation to reflect the current state of the library.
Change-Id: Ic72f90ee322d2ebd6ea7f4296315700d6bc434e6
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Add two empty lines to denote the paragraphs properly and improve
readability.
Reported-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch is an attempt to run Trusted OS (OP-TEE OS being one of them) along
side BL31 image.
ATF supports multiple SPD's that can take dispatcher name (opteed for OP-TEE OS)
as an input using the 'SPD=<dispatcher name>' option during bl31 build.
Signed-off-by: Amit Singh Tomar <amittomer25@gmail.com>
Having an active stack while enabling MMU has shown coherency problems.
This patch builds on top of translation library changes that introduces
MMU-enabling without using stacks.
Previously, with HW_ASSISTED_COHERENCY, data caches were disabled while
enabling MMU only because of active stack. Now that we can enable MMU
without using stack, we can enable both MMU and data caches at the same
time.
NOTE: Since this feature depends on using translation table library v2,
disallow using translation table library v1 with HW_ASSISTED_COHERENCY.
FixesARM-software/tf-issues#566
Change-Id: Ie55aba0c23ee9c5109eb3454cb8fa45d74f8bbb2
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Currenly the CNTFRQ register and system timer is initialized in BL31 for
use by the normal world. During firmware update, the NS-BL1 or NS-BL2U
may need to access the system timer. Hence this patch duplicates the
CNTFRQ and system timer initialization in BL1 as well.
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I1ede78b4ae64080fb418cb93f3e48b26d7b724dc
In the porting guide, there are blue boxes that describe the argument
types and the return type of each function. A small typo caused some of
these boxes not being properly rendered.
In the user guide, small typos were fixed that caused random text being
unintentionally rendered as bold. Also, a slight rewording was done in
the section describing the DYN_DISABLE_AUTH flag.
Change-Id: I57303ca609436a82162fa9b42c06b0d5a63da6df
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
The values defined in this type are used in logical operations, which
goes against MISRA Rule 10.1: "Operands shall not be of an inappropriate
essential type".
Now, `unsigned int` is used instead. This also allows us to move the
dynamic mapping bit from 30 to 31. It was an undefined behaviour in the
past because an enum is signed by default, and bit 31 corresponds to the
sign bit. It is undefined behaviour to modify the sign bit. Now, bit 31
is free to use as it was originally meant to be.
mmap_attr_t is now defined as an `unsigned int` for backwards
compatibility.
Change-Id: I6b31218c14b9c7fdabebe432de7fae6e90a97f34
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
SDEI event dispatches currently only sets up the Non-secure context
before returning to the caller. The actual dispatch only happens upon
exiting EL3 next time.
However, for various error handling scenarios, it's beneficial to have
the dispatch happen synchronously. I.e. when receiving SDEI interrupt,
or for a successful sdei_dispatch_event() call, the event handler is
executed; and upon the event completion, dispatcher execution resumes
after the point of dispatch. The jump primitives introduced in the
earlier patch facilitates this feature.
With this patch:
- SDEI interrupts and calls to sdei_dispatch_event prepares the NS
context for event dispatch, then sets a jump point, and immediately
exits EL3. This results in the client handler executing in
Non-secure.
- When the SDEI client completes the dispatched event, the SDEI
dispatcher does a longjmp to the jump pointer created earlier. For
the caller of the sdei_dispatch_event() in particular, this would
appear as if call returned successfully.
The dynamic workaround for CVE_2018_3639 is slightly shifted around as
part of related minor refactoring. It doesn't affect the workaround
functionality.
Documentation updated.
NOTE: This breaks the semantics of the explicit dispatch API, and any
exiting usages should be carefully reviewed.
Change-Id: Ib9c876d27ea2af7fb22de49832e55a0da83da3f9
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The current macros only allow to define dynamic and statically-bound
SDEI events. However, there ought be a mechanism to define SDEI events
that are explicitly dispatched; i.e., events that are dispatched as a
result of a previous secure interrupt or other exception
This patch introduces SDEI_EXPLICIT_EVENT() macro to define an explicit
event. They must be placed under private mappings. Only the priority
flags are allowed to be additionally specified.
Documentation updated.
Change-Id: I2e12f5571381195d6234c9dfbd5904608ad41db3
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Add Makefile and plaform definations file.
My thanks to Daniel Thompson and Ard Biesheuvel for the bits and pieces
I've taken from their earlier work regarding build and deploy steps for
Developerbox based on Synquacer SoCs. They deserve much of the credit
for this work although, since I assembled and tested things, any blame
is probably mine.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Tested-by: Daniel Thompson <daniel.thompson@linaro.org>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Create the baseline Makefile, platform definitions file and platform
specific assembly macros file. This includes first set of constants
for the platform including cache sizes and linker format and a stub for
BL31 and the basic memory layout
K3 SoC family of processors do not use require a BL1 or BL2 binary,
since such functions are provided by an system controller on the SoC.
This lowers the burden of ATF to purely managing the local ARM cores
themselves.
Signed-off-by: Benjamin Fair <b-fair@ti.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Andrew F. Davis <afd@ti.com>
NXP's i.MX8QM is an ARMv8 SoC with 2 clusters, 2 Cortex-A72
cores in one cluster and 4 Cortex-A53 in the other cluster,
and also has system controller (Cortex-M4) inside, documentation
can be found in below link:
https://www.nxp.com/products/processors-and-microcontrollers/
applications-processors/i.mx-applications-processors/i.mx-8-processors:IMX8-SERIES
This patch adds support for booting up SMP linux kernel (v4.9).
Signed-off-by: Anson Huang <Anson.Huang@nxp.com>
NXP's i.MX8QX is an ARMv8 SoC with 4 Cortex-A35 cores and
system controller (Cortex-M4) inside, documentation can
be found in below link:
https://www.nxp.com/products/processors-and-microcontrollers/
applications-processors/i.mx-applications-processors/i.mx-8-processors:IMX8-SERIES
This patch adds support for booting up SMP linux kernel (v4.9).
Signed-off-by: Anson Huang <Anson.Huang@nxp.com>
To build with the new release, we pick couple of more files from mbedTLS
library.
Change-Id: I77dfe5723284cb26d4e5c717fb0e6f6dd803cb6b
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The Allwinner A64 SoC is quite popular on single board computers.
It comes with four Cortex-A53 cores in a singe cluster and the usual
peripherals for set-top box/tablet SoC.
The ATF platform target is called "sun50i_a64".
[Andre: adapted to amended directory layout, removed unneeded definitions ]
Signed-off-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Changed the ordering of the log levels in the documentation to
mate the code
Change-Id: Ief1930b73d833fdf675b039c98046591c0c264c1
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
The order of the arguments of memmap was swapped. The old command was
reserving 256 MiB from the 16 MiB barrier, it should be reserving only
16 MiB at the 256 MiB barrier.
It worked because the memory used by the Trusted Firmware was reserved
anyway.
Change-Id: I3fefcfc0105ecf05ba5606517bc3236f4eb24ceb
Tested-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
For the BL2_AT_EL3 configuration, move BL2 higher up to make more
space for BL31. Adjust the BL31 limit to be up to BL2 base. This is
because BL2 is always resident for the BL2_AT_EL3 configuration and
thus we cannot overlay it with BL31.
Change-Id: I71e89863ed48f5159e8b619f49c7c73b253397aa
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
This patch updates the firmware design guide for the BL memory
layout change on ARM platforms.
Change-Id: Icbfe7249484bb8b4ba3c94421172d42f27605c52
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The patch changes the layout of BL images in memory to enable
more efficient use of available space. Previously BL31 was loaded
with the expectation that BL2 memory would be reclaimed by BL32
loaded in SRAM. But with increasing memory requirements in the
firmware, we can no longer fit BL32 in SRAM anymore which means the
BL2 memory is not reclaimed by any runtime image. Positioning BL2
below BL1-RW and above BL31 means that the BL31 NOBITS can be
overlaid on BL2 and BL1-RW.
This patch also propogates the same memory layout to BL32 for AArch32
mode. The reset addresses for the following configurations are also
changed :
* When RESET_TO_SP_MIN=1 for BL32 in AArch32 mode
* When BL2_AT_EL3=1 for BL2
The restriction on BL31 to be only in DRAM when SPM is enabled
is now removed with this change. The update to the firmware design
guide for the BL memory layout is done in the following patch.
Change-Id: Icca438e257abe3e4f5a8215f945b9c3f9fbf29c9
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
BL31 is running out of space, and the use-case of SPM doesn't require it
to be in SRAM. To prevent BL31 from running out of space in the future,
move BL31 to DRAM if SPM is enabled.
Secure Partition Manager design document updated to reflect the changes.
Increased the size of the stack of BL31 for builds with SPM.
The translation tables used by SPM in Arm platforms have been moved back
to the 'xlat_tables' region instead of 'arm_el3_tzc_dram'. Everything is
in DRAM now, so it doesn't make sense to treat them in a different way.
Change-Id: Ia6136c8e108b8da9edd90e9d72763dada5e5e5dc
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Some CPUS may benefit from using a dynamic mitigation approach for
CVE-2018-3639. A new SMC interface is defined to allow software
executing in lower ELs to enable or disable the mitigation for their
execution context.
It should be noted that regardless of the state of the mitigation for
lower ELs, code executing in EL3 is always mitigated against
CVE-2018-3639.
NOTE: This change is a compatibility break for any platform using
the declare_cpu_ops_workaround_cve_2017_5715 macro. Migrate to
the declare_cpu_ops_wa macro instead.
Change-Id: I3509a9337ad217bbd96de9f380c4ff8bf7917013
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
For affected CPUs, this approach enables the mitigation during EL3
initialization, following every PE reset. No mechanism is provided to
disable the mitigation at runtime.
This approach permanently mitigates the entire software stack and no
additional mitigation code is required in other software components.
TF-A implements this approach for the following affected CPUs:
* Cortex-A57 and Cortex-A72, by setting bit 55 (Disable load pass store) of
`CPUACTLR_EL1` (`S3_1_C15_C2_0`).
* Cortex-A73, by setting bit 3 of `S3_0_C15_C0_0` (not documented in the
Technical Reference Manual (TRM)).
* Cortex-A75, by setting bit 35 (reserved in TRM) of `CPUACTLR_EL1`
(`S3_0_C15_C1_0`).
Additionally, a new SMC interface is implemented to allow software
executing in lower ELs to discover whether the system is mitigated
against CVE-2018-3639.
Refer to "Firmware interfaces for mitigating cache speculation
vulnerabilities System Software on Arm Systems"[0] for more
information.
[0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification
Change-Id: I084aa7c3bc7c26bf2df2248301270f77bed22ceb
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
From TF-A v1.5, FVP supports loading the kernel FDT through
firmware as part of dynamic configuration feature. This means
that the FDT no longer needs to be loaded via Model parameters.
This patch updates the user guide to reflect the same.
Change-Id: I79833beeaae44a1564f6512c3a473625e5959f65
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch allows platforms to dynamically disable authentication of
images during cold boot. This capability is controlled via the
DYN_DISABLE_AUTH build flag and is only meant for development
purposes.
Change-Id: Ia3df8f898824319bb76d5cc855b5ad6c3d227260
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
In the porting guide, fix the function name and the argument type to
reflect the code.
Change-Id: Iac8d69af403194de5586bc0d5890da531e3c8da2
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The instructions to boot the bootwrapped kernel were outdated.
Also, the bootwrapped kernel boot flow isn't really useful. It was meant
to be a replacement for the Trusted Firmware-A, not to be used as the next
step during boot.
The instructions have been removed in favour of the new build option
ARM_LINUX_KERNEL_AS_BL33. This new system directly boots the Linux
kernel from BL31, and requires RESET_TO_BL31 to be 1. Also, the kernel
has to be preloaded in memory, so PRELOADED_BL33_BASE has to be set to its
address. This way, the runtime services of the Trusted Firmware-A are
available for the kernel in the least possible amount of time.
This new system requires the DTB to be patched so that the kernel knows
where the ramdisk is. A short script to add this information to the DTB
has been added to the User Guide. The information related to it can be
found in the following file in the Linux kernel tree:
``Documentation/devicetree/bindings/chosen.txt``
Change-Id: Ide135580959e09f6aa8e4425f37ea55d97439178
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Normally, BL33 needs to contain a boot loader like U-Boot or UEFI that
eventually gives control to the OS. However, in some cases, this boot
sequence may be too slow. For example, when doing tests in a
cycle-accurate emulator, the user may only be interested in the
interaction between the Trusted Firmware and the OS, not in the boot
process itself.
The new option ARM_LINUX_KERNEL_AS_BL33 allows BL33 to contain the Linux
kernel image by changing the value of registers x0-x3 to the values
expected by the kernel. This option requires the device tree blob (DTB)
to be present in memory. Its address must be specified in the newly
introduced ARM_PRELOADED_DTB_BASE build option. For now, it only supports
AArch64 kernels.
This option is only available when RESET_TO_BL31=1. For this reason
the BL33 binary must be preloaded in memory and PRELOADED_BL33_BASE must
be used.
For example, if the kernel is loaded at 0x80080000 and the DTB is loaded
at address 0x82000000, the firmware could be built like this:
CROSS_COMPILE=aarch64-linux-gnu- \
make PLAT=fvp DEBUG=1 \
RESET_TO_BL31=1 \
ARM_LINUX_KERNEL_AS_BL33=1 \
PRELOADED_BL33_BASE=0x80080000 \
ARM_PRELOADED_DTB_BASE=0x82000000 \
all fip
Change-Id: If9dc847c65ae2d0c27b51f0fd44fc06b28497db9
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The ARMv8.4 RAS extensions introduce architectural support for software
to inject faults into the system in order to test fault-handling
software. This patch introduces the build option FAULT_HANDLING_SUPPORT
to allow for lower ELs to use registers in the Standard Error Record to
inject fault. The build option RAS_EXTENSIONS must also be enabled along
with fault injection.
This feature is intended for testing purposes only, and is advisable to
keep disabled for production images.
Change-Id: I6f7a4454b15aec098f9505a10eb188c2f928f7ea
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
RAS extensions are mandatory for ARMv8.2 CPUs, but are also optional
extensions to base ARMv8.0 architecture.
This patch adds build system support to enable RAS features in ARM
Trusted Firmware. A boolean build option RAS_EXTENSION is introduced for
this.
With RAS_EXTENSION, an Exception Synchronization Barrier (ESB) is
inserted at all EL3 vector entry and exit. ESBs will synchronize pending
external aborts before entering EL3, and therefore will contain and
attribute errors to lower EL execution. Any errors thus synchronized are
detected via. DISR_EL1 register.
When RAS_EXTENSION is set to 1, HANDLE_EL3_EA_FIRST must also be set to 1.
Change-Id: I38a19d84014d4d8af688bd81d61ba582c039383a
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Due to differences in the bitfields of the SMC IDs, it is not possible
to support SMCCC 1.X and 2.0 at the same time.
The behaviour of `SMCCC_MAJOR_VERSION` has changed. Now, it is a build
option that specifies the major version of the SMCCC that the Trusted
Firmware supports. The only two allowed values are 1 and 2, and it
defaults to 1. The value of `SMCCC_MINOR_VERSION` is derived from it.
Note: Support for SMCCC v2.0 is an experimental feature to enable
prototyping of secure partition specifications. Support for this
convention is disabled by default and could be removed without notice.
Change-Id: I88abf9ccf08e9c66a13ce55c890edea54d9f16a7
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Add TZMP1 support on Juno and increase the BL2 size accordingly due to the
extra data structures to describe the TZC regions and the additional code.
Signed-off-by: Summer Qin <summer.qin@arm.com>
This patch introduce TF-A support for NXP's ls1043a platform.
more details information of ls1043a chip and ls1043ardb board
can be found at docs/plat/ls1043a.rst.
Boot sequence on ls1043a is: bootrom loads bl1 firstly, then bl1
loads bl2, bl2 will load bl31, bl32 and bl33, bl31 will boot
bl32(tee os) and bl33(u-boot or uefi), bl33 boot Linux kernel.
Now TF-A on ls1043ardb platform has the following features in this patch:
* Support boot from Nor flash.
* TF-A can boot bl33 which runs in el2 of non-secure world.
* TF-A boot OPTee OS.
* Support PSCI
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Signed-off-by: Chenyin.Ha <Chenyin.Ha@nxp.com>
Signed-off-by: Chenhui Zhao <chenhui.zhao@nxp.com>
Signed-off-by: jiaheng.fan <jiaheng.fan@nxp.com>
Signed-off-by: Wen He <wen.he_1@nxp.com>
In some use-cases BL2 will be stored in eXecute In Place (XIP) memory,
like BL1. In these use-cases, it is necessary to initialize the RW sections
in RAM, while leaving the RO sections in place. This patch enable this
use-case with a new build option, BL2_IN_XIP_MEM. For now, this option
is only supported when BL2_AT_EL3 is 1.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Only return -1 if the workaround for CVE-2017-5715 is not compiled in.
Change-Id: I1bd07c57d22b4a13cf51b35be141a1f1ffb065ff
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Switch to the new console APIs enabled by setting MULTI_CONSOLE_API=1.
The crash console doesn't use this API, it uses internally the core
functions of the 16550 console.
`bl31_plat_runtime_setup` is no longer needed. When this platform port
was introduced, that function used to disable the console. It was needed
to override that behaviour. The new behaviour is to switch to the
runtime console. The console is registered for all scopes (boot, crash
and runtime) in `rpi3_console_init` so it is not needed to override the
default behaviour anymore.
Update documentation.
Change-Id: If2ee8f91044216183b7ef142e5c05ad6220ae92f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
When the source code says 'SMCC' it is talking about the SMC Calling
Convention. The correct acronym is SMCCC. This affects a few definitions
and file names.
Some files have been renamed (smcc.h, smcc_helpers.h and smcc_macros.S)
but the old files have been kept for compatibility, they include the
new ones with an ERROR_DEPRECATED guard.
Change-Id: I78f94052a502436fdd97ca32c0fe86bd58173f2f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Following Out of Box testing for v1.5 release:
Update host OS version to Ubuntu 16.04
Clarify configuration files needed for checkpatch
Add note on using Linaro precompiled binaries
Change-Id: Ia4ae61e01128ddff1a288972ddf84b79370fa52c
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
The CI has been updated to run tests against the AEMv8-A RevC
model, FVP_Base_RevC-2xAEMv8A, which is available from the Fast
Model releases on Connected Community [1].
Additionally, the CI now also includes the Cortex-A55x4, Cortex-A75x4
and Cortex-A55x4-A75x4 Base models.
[1] https://developer.arm.com/products/system-design/fixed-virtual-platforms
Change-Id: I57806f3b2a8121211490a7aa0089dcae566d8635
Signed-off-by: David Cunado <david.cunado@arm.com>
Updated change-log.rst with summary of changes since
release v1.4.
Change-Id: I56b5a30d13a5a7099942535cbaeff0e2a5c5804e
Signed-off-by: David Cunado <david.cunado@arm.com>
Update Arm Trusted Firmware references in the upstream documents to
Trusted Firmware-A (TF-A). This is for consistency with and
disambiguation from Trusted Firmware-M (TF-M).
Also update other Arm trademarks, e.g. ARM->Arm, ARMv8->Armv8-A.
Change-Id: I8bb0e18af29c6744eeea2dc6c08f2c10b20ede22
Signed-off-by: Dan Handley <dan.handley@arm.com>
Signed-off-by: David Cunado <david.cunado@arm.com>
This patch updates the `firmware-design.rst` document for
changes in ARM-TF for supporting dynamic configuration features
as presented in `Secure Firmware BoF SFO'17`[1].
The patch also updates the user-guide for 2 build options for FVP
pertaining to dynamic config.
[1] https://www.slideshare.net/linaroorg/bof-device-tree-and-secure-firmware-bof-sfo17310
Change-Id: Ic099cf41e7f1a98718c39854e6286d884011d445
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Since non-TF ROM is used in HiKey960 platform (Hisilicon Hi3660 SoC),
replace BL1 by BL2_EL3 in normal boot mode.
When flush images in recovery mode, keep to use BL1.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Since non-TF ROM is used in HiKey platform (Hisilicon Hi6220 SoC),
replace BL1 by BL2_EL3 in normal boot mode.
When we recovery images in recovery mode, keep to use BL1.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
FVPs that model DynamIQ configuration implements all CPUs in a single
cluster. I.e., such models have a single cluster with more than 4 CPUs.
This differs from existing default build configuration for FVP where up
to 4 CPUs are assumed per cluster.
To allow building for DynamIQ configuration, promote the macro
FVP_MAX_CPUS_PER_CLUSTER as a build option to have it set from the build
command line. The value of the build option defaults to 4.
Change-Id: Idc3853bc95f680869b434b011c2dbd733e40c6ce
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
MISRA C-2012 Rule 7.3 violation: lowercase l shall not be used as literal suffixes.
This patch resolves this for the ULL() macro by using ULL suffix instead
of the ull suffix.
Change-Id: Ia8183c399e74677e676956e8653e82375d0e0a01
Signed-off-by: David Cunado <david.cunado@arm.com>
To make exception handling amongst Secure components, require that SDEI
exception priorities must be assigned the lowest among Secure
priorities. Clarify documentation to this effect.
Change-Id: I92524b7b7e9b3fa06a10c86372bc3c4dd18c00ad
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The `bl1_init_bl2_mem_layout()` API is now deprecated. The default weak
implementation of `bl1_plat_handle_post_image_load()` calculates the
BL2 memory layout and populates the same in x1(r1). This ensures
compatibility for the deprecated API.
Change-Id: Id44bdc1f572dc42ee6ceef4036b3a46803689315
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch adds an argument to bl1_plat_post/pre_image_load() APIs
to make it more future proof. The default implementation of
these are moved to `plat_bl1_common.c` file.
These APIs are now invoked appropriately in the FWU code path prior
to or post image loading by BL1 and are not restricted
to LOAD_IMAGE_V2.
The patch also reorganizes some common platform files. The previous
`plat_bl2_el3_common.c` and `platform_helpers_default.c` files are
merged into a new `plat_bl_common.c` file.
NOTE: The addition of an argument to the above mentioned platform APIs
is not expected to have a great impact because these APIs were only
recently added and are unlikely to be used.
Change-Id: I0519caaee0f774dd33638ff63a2e597ea178c453
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The Arm Trusted Firmware is built by default for ARMv8-A version 8.0.
However, the Foundation FVP runs by default in the highest version of
the architecture it supports. This causes problems when trying to run
the Arm Trusted Firmware on it.
This patch adds a note to the User Guide about this problem.
Change-Id: I0220fe1a9c66c2292149ad4a7ffe5e27ba08ab28
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
At present, the build option TSP_NS_INTR_ASYNC_PREEMPT controls how
Non-secure interrupt affects TSPs execution. When TSP is executing:
1. When TSP_NS_INTR_ASYNC_PREEMPT=0, Non-secure interrupts are received
at the TSP's exception vector, and TSP voluntarily preempts itself.
2. When TSP_NS_INTR_ASYNC_PREEMPT=1, Non-secure interrupts causes a
trap to EL3, which preempts TSP execution.
When EL3 exception handling is in place (i.e.,
EL3_EXCEPTION_HANDLING=1), FIQs are always trapped to EL3. On a system
with GICv3, pending NS interrupts while TSP is executing will be
signalled as FIQ (which traps to EL3). This situation necessitates the
same treatment applied to case (2) above.
Therefore, when EL3 exception handling is in place, additionally
require that TSP_NS_INTR_ASYNC_PREEMPT is set to one 1.
Strictly speaking, this is not required on a system with GICv2, but the
same model is uniformly followed regardless, for simplicity.
Relevant documentation updated.
Change-Id: I928a8ed081fb0ac96e8b1dfe9375c98384da1ccd
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
When ARM Trusted Firmware is built with EL3_EXCEPTION_HANDLING=1,
EL3 interrupts (INTR_TYPE_EL3) will always preempt both Non-secure and
secure execution.
The interrupt management framework currently treats EL3 interrupt
routing as valid. For the above reason, this patch makes them invalid
when EL3_EXCEPTION_HANDLING is in effect.
Change-Id: I95bca8f5dc8df8eb0ff6f305cfba098611522a39
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Just like bl2_, add pre/post image load handlers for BL1. No argument
is needed since BL2 is the only image loaded by BL1.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
There are cases where we need to manipulate image information before
the load. For example, for decompressing data, we cannot load the
compressed images to their final destination. Instead, we need to
load them to the temporary buffer for the decompressor.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The CnP bit documentation in the Firmware Design Guide incorrectly
used the term "Page Entries" instead of "Processing Elements".
Fix that.
Change-Id: Ie44ee99c281b7b1a9ad90fba2c7d109f12425507
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
UniPhier platform implements non-TF boot ROM. Prior to the BL2-AT-EL3
support, BL1 (worked as a pseudo ROM) was needed just for ensuring BL2
is entered at EL1-S. Now, this platform is able to avoid this waste.
Enable the BL2_AT_EL3 option, and remove BL1.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This patch expands the weak stubs for the plat_crash_console_xxx
functions in common platform code to use the new console API for crash
output. This should make crash console output "just work" for most cases
without the need for the platform to explicitly set up a crash console.
For cases where the normal console framework doesn't work (e.g. very
early crashes, before the platform can register any consoles), platforms
are still able to override the functions just like before.
This feature requires the MULTI_CONSOLE_API compile-time flag to work.
For builds which don't have it set, this patch has no practical effect.
Change-Id: I80dd161cb43f9db59a0bad2dae33c6560cfac584
Signed-off-by: Julius Werner <jwerner@chromium.org>
Update firmware-design.rst, porting-guide.rst and user-guide.rst
with the information about BL2 at EL3. Firmware-design.rst is
also update to explain how to test this feauture with FVP.
Change-Id: I86d64bc64594e13eb041cea9cefa3f7f3fa745bd
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
A new platform macro `PLAT_AMU_GROUP1_COUNTERS_MASK` controls which
group 1 counters should be enabled. The maximum number of group 1
counters supported by AMUv1 is 16 so the mask can be at most 0xffff.
If the platform does not define this mask, no group 1 counters are
enabled.
A related platform macro `PLAT_AMU_GROUP1_NR_COUNTERS` is used by
generic code to allocate an array to save and restore the counters on
CPU suspend.
Change-Id: I6d135badf4846292de931a43bb563077f42bb47b
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Invalidate the Branch Target Buffer (BTB) on entry to EL3 by disabling
and enabling the MMU. To achieve this without performing any branch
instruction, a per-cpu vbar is installed which executes the workaround
and then branches off to the corresponding vector entry in the main
vector table. A side effect of this change is that the main vbar is
configured before any reset handling. This is to allow the per-cpu
reset function to override the vbar setting.
This workaround is enabled by default on the affected CPUs.
Change-Id: I97788d38463a5840a410e3cea85ed297a1678265
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
If boot redundancy is required in BL1 then the initialization
of the boot sequence must be done in bl1_platform_setup. In BL2,
we had to add a new function, bl2_preload_setup, because
bl2_platform_setup is called after the images are loaded, making it
invalid for the boot sequence initialization.
Change-Id: I5c177ff142608ed38b4192288b06614343b2b83b
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
ARM TF has been tested as part of its CI system with the following
dependencies updated:
- Linaro binaries: 17.04 --> 17.10
- mbed TLS library: 2.4.2 --> 2.6.0
The version of AEM, Cortex-A and Foundation models that ARM TF is
tested on has also been updated:
- v11.1 build 11.1:22 --> v11.2 build 11.2:33
- v8.9 build 0.8:8805 --> v9.0 build 0.8:9005
This patch updates the user guide documentation to reflect these
changes to the dependencies.
Additionally, links to Linaro resources have been updated.
Change-Id: I9ea5cb76e7443c9dbb0c9525069f450a02f59e58
Signed-off-by: David Cunado <david.cunado@arm.com>
Commit 6f62574767 ("Convert documentation to reStructuredText")
automatically converted all documents by a tool. I see some parts
were converted in an ugly way (or, at least, it is not my intention).
Also, the footnote is apparently broken.
I checked this document by my eyes, and reformated it so that it looks
nicer both in plain text and reST form.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This patch adds documentation that describes the design of the Secure
Partition Manager and the specific choices in their current
implementation.
The document "SPM User Guide" has been integrated into the design
document.
Change-Id: I0a4f21a2af631c8aa6c739d97a5b634f3cb39991
Co-authored-by: Achin Gupta <achin.gupta@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The document was being rendered incorrectly.
Change-Id: I6e243d17d7cb6247f91698bc195eb0f6efeb7d17
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Added design documentation and usage guide for the AArch64 port of the
Arm Trusted Firmware to the Raspberry Pi 3.
Change-Id: I1be60fbbd54c797b48a1bcebfb944d332616a0de
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch adds a new build option, ENABLE_SVE_FOR_NS, which when set
to one EL3 will check to see if the Scalable Vector Extension (SVE) is
implemented when entering and exiting the Non-secure world.
If SVE is implemented, EL3 will do the following:
- Entry to Non-secure world: SIMD, FP and SVE functionality is enabled.
- Exit from Non-secure world: SIMD, FP and SVE functionality is
disabled. As SIMD and FP registers are part of the SVE Z-registers
then any use of SIMD / FP functionality would corrupt the SVE
registers.
The build option default is 1. The SVE functionality is only supported
on AArch64 and so the build option is set to zero when the target
archiecture is AArch32.
This build option is not compatible with the CTX_INCLUDE_FPREGS - an
assert will be raised on platforms where SVE is implemented and both
ENABLE_SVE_FOR_NS and CTX_INCLUDE_FPREGS are set to 1.
Also note this change prevents secure world use of FP&SIMD registers on
SVE-enabled platforms. Existing Secure-EL1 Payloads will not work on
such platforms unless ENABLE_SVE_FOR_NS is set to 0.
Additionally, on the first entry into the Non-secure world the SVE
functionality is enabled and the SVE Z-register length is set to the
maximum size allowed by the architecture. This includes the use case
where EL2 is implemented but not used.
Change-Id: Ie2d733ddaba0b9bef1d7c9765503155188fe7dae
Signed-off-by: David Cunado <david.cunado@arm.com>
This patch fixes a couple of issues for AArch32 builds on ARM reference
platforms :
1. The arm_def.h previously defined the same BL32_BASE value for AArch64 and
AArch32 build. Since BL31 is not present in AArch32 mode, this meant that
the BL31 memory is empty when built for AArch32. Hence this patch allocates
BL32 to the memory region occupied by BL31 for AArch32 builds.
As a side-effect of this change, the ARM_TSP_RAM_LOCATION macro cannot
be used to control the load address of BL32 in AArch32 mode which was
never the intention of the macro anyway.
2. A static assert is added to sp_min linker script to check that the progbits
are within the bounds expected when overlaid with other images.
3. Fix specifying `SPD` when building Juno for AArch32 mode. Due to the quirks
involved when building Juno for AArch32 mode, the build option SPD needed to
specifed. This patch corrects this and also updates the documentation in the
user-guide.
4. Exclude BL31 from the build and FIP when building Juno for AArch32 mode. As
a result the previous assumption that BL31 must be always present is removed
and the certificates for BL31 is only generated if `NEED_BL31` is defined.
Change-Id: I1c39bbc0abd2be8fbe9f2dea2e9cb4e3e3e436a8
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The `ENABLE_AMU` build option can be used to enable the
architecturally defined AMU counters. At present, there is no support
for the auxiliary counter group.
Change-Id: I7ea0c0a00327f463199d1b0a481f01dadb09d312
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
The Cortex A75 has 5 AMU counters. The first three counters are fixed
and the remaining two are programmable.
A new build option is introduced, `ENABLE_AMU`. When set, the fixed
counters will be enabled for use by lower ELs. The programmable
counters are currently disabled.
Change-Id: I4bd5208799bb9ed7d2596e8b0bfc87abbbe18740
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
The flag support the following values:
- sha256 (default)
- sha384
- sha512
Change-Id: I7a49d858c361e993949cf6ada0a86575c3291066
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
It is not possible to detect at compile-time whether support for an
optional extension such as SPE should be enabled based on the
ARM_ARCH_MINOR build option value. Therefore SPE is now enabled by
default.
Change-Id: I670db164366aa78a7095de70a0962f7c0328ab7c
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
The explicit event dispatch sequence currently depicts handling done in
Secure EL1, although further error handling is typically done inside a
Secure Partition. Clarify the sequence diagram to that effect.
Change-Id: I53deedc6d5ee0706626890067950c2c541a62c78
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The FPEXC32_EL2 register controls SIMD and FP functionality when the
lower ELs are executing in AArch32 mode. It is architecturally mapped
to AArch32 system register FPEXC.
This patch removes FPEXC32_EL2 register from the System Register context
and adds it to the floating-point context. EL3 only saves / restores the
floating-point context if the build option CTX_INCLUDE_FPREGS is set to 1.
The rationale for this change is that if the Secure world is using FP
functionality and EL3 is not managing the FP context, then the Secure
world will save / restore the appropriate FP registers.
NOTE - this is a break in behaviour in the unlikely case that
CTX_INCLUDE_FPREGS is set to 0 and the platform contains an AArch32
Secure Payload that modifies FPEXC, but does not save and restore
this register
Change-Id: Iab80abcbfe302752d52b323b4abcc334b585c184
Signed-off-by: David Cunado <david.cunado@arm.com>
The document includes SDEI sequence diagrams that are generated using
PlantUML [1].
A shell script is introduced to generate SVG files from PlantUML files
supplied in arguments.
[1] http://plantuml.com/PlantUML_Language_Reference_Guide.pdf
Change-Id: I433897856810bf1927f2800a7b2b1d81827c69b2
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The implementation currently supports only interrupt-based SDEI events,
and supports all interfaces as defined by SDEI specification version
1.0 [1].
Introduce the build option SDEI_SUPPORT to include SDEI dispatcher in
BL31.
Update user guide and porting guide. SDEI documentation to follow.
[1] http://infocenter.arm.com/help/topic/com.arm.doc.den0054a/ARM_DEN0054A_Software_Delegated_Exception_Interface.pdf
Change-Id: I758b733084e4ea3b27ac77d0259705565842241a
Co-authored-by: Yousuf A <yousuf.sait@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
EHF is a framework that allows dispatching of EL3 interrupts to their
respective handlers in EL3.
This framework facilitates the firmware-first error handling policy in
which asynchronous exceptions may be routed to EL3. Such exceptions may
be handed over to respective exception handlers. Individual handlers
might further delegate exception handling to lower ELs.
The framework associates the delegated execution to lower ELs with a
priority value. For interrupts, this corresponds to the priorities
programmed in GIC; for other types of exceptions, viz. SErrors or
Synchronous External Aborts, individual dispatchers shall explicitly
associate delegation to a secure priority. In order to prevent lower
priority interrupts from preempting higher priority execution, the
framework provides helpers to control preemption by virtue of
programming Priority Mask register in the interrupt controller.
This commit allows for handling interrupts targeted at EL3. Exception
handlers own interrupts by assigning them a range of secure priorities,
and registering handlers for each priority range it owns.
Support for exception handling in BL31 image is enabled by setting the
build option EL3_EXCEPTION_HANDLING=1.
Documentation to follow.
NOTE: The framework assumes the priority scheme supported by platform
interrupt controller is compliant with that of ARM GIC architecture (v2
or later).
Change-Id: I7224337e4cea47c6ca7d7a4ca22a3716939f7e42
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Acknowledging interrupt shall return a raw value from the interrupt
controller in which the actual interrupt ID may be encoded. Add a
platform API to extract the actual interrupt ID from the raw value
obtained from interrupt controller.
Document the new function. Also clarify the semantics of interrupt
acknowledge.
Change-Id: I818dad7be47661658b16f9807877d259eb127405
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This initial port of the Secure Partitions Manager to FVP supports BL31
in both SRAM and Trusted DRAM.
A document with instructions to build the SPM has been added.
Change-Id: I4ea83ff0a659be77f2cd72eaf2302cdf8ba98b32
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Achin Gupta <achin.gupta@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
External build environment shall sets directive ARM_ARCH_MAJOR to 7
to specify a target ARMv7-A core.
As ARM-TF expects AARCH to be set, ARM_ARCH_MAJOR==7 mandates
AARCH=aarch32.
The toolchain target architecture/cpu is delegated after the platform
configuration is parsed. Platform shall define target core through
ARM_CORTEX_A<x>=yes, <x> being 5, 7, 9, 12, 15 and/or 17.
Platform can bypass ARM_CORTEX_A<x>=yes directive and provide straight
the toolchain target directive through MARCH32_DIRECTIVE.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Add events that trigger before entry to normal/secure world. The
events trigger after the normal/secure context has been restored.
Similarly add events that trigger after leaving normal/secure world.
The events trigger after the normal/secure context has been saved.
Change-Id: I1b48a7ea005d56b1f25e2b5313d77e67d2f02bc5
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
FWU uses additional images that have to be loaded,
and this patch adds the documentation of how to do
it in FVP and Juno.
Change-Id: I1a40641c11c5a4c8db0aadeaeb2bec30c9279e28
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
On Arm standard platforms, it runs out of SRAM space when TBB is
enabled, so the TSP default location is changed to dram when TBB
is enabled.
Change-Id: I516687013ad436ef454d2055d4e6fce06e467044
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
These hooks are intended to allow one platform to try load
images from alternative places. There is a hook to initialize
the sequence of boot locations and a hook to pass to the next
sequence.
Change-Id: Ia0f84c415208dc4fa4f9d060d58476db23efa5b2
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
This allows other EL3 components to subscribe to CPU on events.
Update Firmware Design guide to list psci_cpu_on_finish as an available
event.
Change-Id: Ida774afe0f9cdce4021933fcc33a9527ba7aaae2
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This light-weight framework enables some EL3 components to publish
events which other EL3 components can subscribe to. Publisher can
optionally pass opaque data for subscribers. The order in which
subscribers are called is not defined.
Firmware design updated.
Change-Id: I24a3a70b2b1dedcb1f73cf48313818aebf75ebb6
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Trusted Firmware has been tested as part of its CI system against Cortex
and Foundation models in the 11.1 Model release available on
developer.arm.com. Trusted Firmware has also been tested against the
v8.7 AEM model. This patch updates the user guide documentation to
reflect the version of the Foundation, AEM and Cortex Models that
Trusted Firmware has been tested against.
Change-Id: Ia0f51469032427b6056567d151bf8144a7cf0e42
Signed-off-by: Eleanor Bonnici <Eleanor.bonnici@arm.com>
The GIC driver initialization currently allows an array of interrupts to
be configured as secure. Future use cases would require more interrupt
configuration other than just security, such as priority.
This patch introduces a new interrupt property array as part of both
GICv2 and GICv3 driver data. The platform can populate the array with
interrupt numbers and respective properties. The corresponding driver
initialization iterates through the array, and applies interrupt
configuration as required.
This capability, and the current way of supplying array (or arrays, in
case of GICv3) of secure interrupts, are however mutually exclusive.
Henceforth, the platform should supply either:
- A list of interrupts to be mapped as secure (the current way).
Platforms that do this will continue working as they were. With this
patch, this scheme is deprecated.
- A list of interrupt properties (properties include interrupt group).
Individual interrupt properties are specified via. descriptors of
type 'interrupt_prop_desc_t', which can be populated with the macro
INTR_PROP_DESC().
A run time assert checks that the platform doesn't specify both.
Henceforth the old scheme of providing list of secure interrupts is
deprecated. When built with ERROR_DEPRECATED=1, GIC drivers will require
that the interrupt properties are supplied instead of an array of secure
interrupts.
Add a section to firmware design about configuring secure interrupts.
FixesARM-software/tf-issues#262
Change-Id: I8eec29e72eb69dbb6bce77879febf32c95376942
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
SPIs can be routed to either a specific PE, or to any one of all
available PEs.
API documentation updated.
Change-Id: I28675f634568aaf4ea1aa8aa7ebf25b419a963ed
Co-authored-by: Yousuf A <yousuf.sait@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The back end GIC driver converts and assigns the interrupt type to
suitable group.
For GICv2, a build option GICV2_G0_FOR_EL3 is introduced, which
determines to which type Group 0 interrupts maps to.
- When the build option is set 0 (the default), Group 0 interrupts are
meant for Secure EL1. This is presently the case.
- Otherwise, Group 0 interrupts are meant for EL3. This means the SPD
will have to synchronously hand over the interrupt to Secure EL1.
The query API allows the platform to query whether the platform supports
interrupts of a given type.
API documentation updated.
Change-Id: I60fdb4053ffe0bd006b3b20914914ebd311fc858
Co-authored-by: Yousuf A <yousuf.sait@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
