2018-06-07 |
ARM platforms: Move BL31 below BL2 to enable BL2 overlay
...
The patch changes the layout of BL images in memory to enable
more efficient use of available space. Previously BL31 was loaded
with the expectation that BL2 memory would be reclaimed by BL32
loaded in SRAM. But with increasing memory requirements in the
firmware, we can no longer fit BL32 in SRAM anymore which means the
BL2 memory is not reclaimed by any runtime image. Positioning BL2
below BL1-RW and above BL31 means that the BL31 NOBITS can be
overlaid on BL2 and BL1-RW.
This patch also propogates the same memory layout to BL32 for AArch32
mode. The reset addresses for the following configurations are also
changed :
* When RESET_TO_SP_MIN=1 for BL32 in AArch32 mode
* When BL2_AT_EL3=1 for BL2
The restriction on BL31 to be only in DRAM when SPM is enabled
is now removed with this change. The update to the firmware design
guide for the BL memory layout is done in the following patch.
Change-Id: Icca438e257abe3e4f5a8215f945b9c3f9fbf29c9
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 7 Jun 2018
|
2018-05-29 |
Merge pull request #1392 from dp-arm/dp/cve_2018_3639
...
Implement workaround for CVE-2018-3639 on Cortex A57/A72/A73 and A75
Dimitris Papastamos
authored
on 29 May 2018
GitHub
committed
on 29 May 2018
|
2018-05-25 |
Remove rt_svc_descs pointer from inner scope
...
A pointer to rt_svc_desc_t was defined both in the
function and globally. The innermost definition
hid the global definition which is the one we want
to use so remove the innermost definition to prevent
this
Change-Id: Idabdbc0947178ae83224bd17a9b170df7c278d51
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Daniel Boulby
committed
on 25 May 2018
|
Remove duplicate weak definition
...
The weak pragma was assigned twice to the bl2_plat_handle_post_image_load
definition both in plat/common/ and in plat/arm/common/ this was an error as
it should have only have been defined in plat/common
Change-Id: Id85e14c699cb09ed998d1677f2a172e760911918
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Daniel Boulby
committed
on 25 May 2018
|
Merge pull request #1395 from antonio-nino-diaz-arm/an/spm-refactor
...
SPM: Refactor codebase
Dimitris Papastamos
authored
on 25 May 2018
GitHub
committed
on 25 May 2018
|
2018-05-24 |
plat/arm: SPM: Force BL31 to DRAM when SPM is used
...
BL31 is running out of space, and the use-case of SPM doesn't require it
to be in SRAM. To prevent BL31 from running out of space in the future,
move BL31 to DRAM if SPM is enabled.
Secure Partition Manager design document updated to reflect the changes.
Increased the size of the stack of BL31 for builds with SPM.
The translation tables used by SPM in Arm platforms have been moved back
to the 'xlat_tables' region instead of 'arm_el3_tzc_dram'. Everything is
in DRAM now, so it doesn't make sense to treat them in a different way.
Change-Id: Ia6136c8e108b8da9edd90e9d72763dada5e5e5dc
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 24 May 2018
|
2018-05-23 |
SPM: Extract code out of the SMC handler
...
Simplify the code of the SMC handler by extracting the code of
SP_EVENT_COMPLETE and MM_COMMUNICATE.
Change-Id: I9250a3f5e4b807b35c9d044592c1074a45ab9a07
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 23 May 2018
|
SPM: Replace SP init flag by generic state enum
...
Instead of just knowing if the Secure Partition is being initialized or
not, this generic state enum can be used to tell if the Secure Partition
is busy and to add more states in the future if needed.
Also, the spinlock of the secure_partition_context_t structure now only
protects against concurrent accesses to the state of the secure
partition. Previously, it used to lock down the whole structure, thus
preventing one CPU to access any of its fields while another CPU was
executing the partition.
Change-Id: I51215328e2ca8ea2452f92e4a1cb237415958b22
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 23 May 2018
|
SPM: Shorten names of types and functions
...
The current internal names are too long, which makes it hard to write
code as many lines overflow the limit and need to be split, which may
not help the reader.
Change-Id: I072bdc8f3dd125255063ffa7f02500e5228fc9a1
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 23 May 2018
|
SPM: Move xlat-related functions to separate file
...
This is done in order to make it easier to read the file spm_main.c.
Change-Id: I21e765154c1682a319a3bc47a19a42fd736e910e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 23 May 2018
|
SPM: Move all SP-related info to SP context struct
...
Move all information related to a Secure Partition to the struct
secure_partition_context_t.
This requires an in-depth refactor because most of the previous code of
SPM relied on global information.
Change-Id: I0a23e93817dcc191ce1d7506b8bc671d376123c4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 23 May 2018
|
context_mgmt: Make cm_init_context_common public
...
This function can be currently accessed through the wrappers
cm_init_context_by_index() and cm_init_my_context(). However, they only
work on contexts that are associated to a CPU.
By making this function public, it is possible to set up a context that
isn't associated to any CPU. For consistency, it has been renamed to
cm_setup_context().
Change-Id: Ib2146105abc8137bab08745a8adb30ca2c4cedf4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 23 May 2018
|
Add support for dynamic mitigation for CVE-2018-3639
...
Some CPUS may benefit from using a dynamic mitigation approach for
CVE-2018-3639. A new SMC interface is defined to allow software
executing in lower ELs to enable or disable the mitigation for their
execution context.
It should be noted that regardless of the state of the mitigation for
lower ELs, code executing in EL3 is always mitigated against
CVE-2018-3639.
NOTE: This change is a compatibility break for any platform using
the declare_cpu_ops_workaround_cve_2017_5715 macro. Migrate to
the declare_cpu_ops_wa macro instead.
Change-Id: I3509a9337ad217bbd96de9f380c4ff8bf7917013
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos
committed
on 23 May 2018
|
aarch32: Implement static workaround for CVE-2018-3639
...
Implement static mitigation for CVE-2018-3639 on
Cortex A57 and A72.
Change-Id: I83409a16238729b84142b19e258c23737cc1ddc3
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos
committed
on 23 May 2018
|
Implement static workaround for CVE-2018-3639
...
For affected CPUs, this approach enables the mitigation during EL3
initialization, following every PE reset. No mechanism is provided to
disable the mitigation at runtime.
This approach permanently mitigates the entire software stack and no
additional mitigation code is required in other software components.
TF-A implements this approach for the following affected CPUs:
* Cortex-A57 and Cortex-A72, by setting bit 55 (Disable load pass store) of
`CPUACTLR_EL1` (`S3_1_C15_C2_0`).
* Cortex-A73, by setting bit 3 of `S3_0_C15_C0_0` (not documented in the
Technical Reference Manual (TRM)).
* Cortex-A75, by setting bit 35 (reserved in TRM) of `CPUACTLR_EL1`
(`S3_0_C15_C1_0`).
Additionally, a new SMC interface is implemented to allow software
executing in lower ELs to discover whether the system is mitigated
against CVE-2018-3639.
Refer to "Firmware interfaces for mitigating cache speculation
vulnerabilities System Software on Arm Systems"[0] for more
information.
[0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification
Change-Id: I084aa7c3bc7c26bf2df2248301270f77bed22ceb
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos
committed
on 23 May 2018
|
Rename symbols and files relating to CVE-2017-5715
...
This patch renames symbols and files relating to CVE-2017-5715 to make
it easier to introduce new symbols and files for new CVE mitigations.
Change-Id: I24c23822862ca73648c772885f1690bed043dbc7
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos
committed
on 23 May 2018
|
Merge pull request #1386 from soby-mathew/sm/dyn_bl31
...
Extend dynamic configuration
Dimitris Papastamos
authored
on 23 May 2018
GitHub
committed
on 23 May 2018
|
2018-05-22 |
Merge pull request #1393 from geesun/correct_comment
...
Correct some typo errors in comment
Dimitris Papastamos
authored
on 22 May 2018
GitHub
committed
on 22 May 2018
|
Merge pull request #1390 from soby-mathew/sm/fvp_rm_dtb
...
Remove the DTBs and update userguide for FVP
Dimitris Papastamos
authored
on 22 May 2018
GitHub
committed
on 22 May 2018
|
Correct some typo errors in comment
...
File: include/common/aarch64/el3_common_macros.S
Change-Id: I619401e961a3f627ad8864781b5f90bc747c3ddb
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
Qixiang Xu
committed
on 22 May 2018
|
2018-05-21 |
Merge pull request #1359 from danielboulby-arm/db/match_flags_type
...
Ensure read and write of flags defined in the console struct are 32 bit
Dimitris Papastamos
authored
on 21 May 2018
GitHub
committed
on 21 May 2018
|
FVP: Add dummy configs for BL31, BL32 and BL33
...
This patch adds soc_fw_config, tos_fw_config and nt_fw_config to the FVP.
The config files are placeholders and do not have any useful bindings
defined. The tos_fw_config is packaged in FIP and loaded by BL2 only
if SPD=tspd. The load address of these configs are specified in tb_fw_config
via new bindings defined for these configs. Currently, in FVP, the
soc_fw_config and tos_fw_config is loaded in the page between BL2_BASE
and ARM_SHARED_RAM. This memory was typically used for BL32 when
ARM_TSP_RAM_LOCATION=tsram but since we cannot fit BL32 in that
space anymore, it should be safe to use this memory for these configs.
There is also a runtime check in arm_bl2_dyn_cfg_init() which ensures
that this overlap doesn't happen.
The previous arm_dyn_get_hwconfig_info() is modified to accept configs
other than hw_config and hence renamed to arm_dyn_get_config_load_info().
The patch also corrects the definition of ARM_TB_FW_CONFIG_LIMIT to be
BL2_BASE.
Change-Id: I03a137d9fa1f92c862c254be808b8330cfd17a5a
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 21 May 2018
|
Docs: Update user guide for Dynamic Config on FVP
...
From TF-A v1.5, FVP supports loading the kernel FDT through
firmware as part of dynamic configuration feature. This means
that the FDT no longer needs to be loaded via Model parameters.
This patch updates the user guide to reflect the same.
Change-Id: I79833beeaae44a1564f6512c3a473625e5959f65
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 21 May 2018
|
Dynamic_config: remove the FVP dtb files
...
Since FVP enables dynamic configuration by default, the DT blobs are
compiled from source and included in FIP during build. Hence this
patch removes the dtb files from the `fdts` folder.
Change-Id: Ic155ecd257384a33eb2aa38c9b4430e47b09cd31
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 21 May 2018
|
2018-05-18 |
Dynamic cfg: Enable support on CoT for other configs
...
This patch implements support for adding dynamic configurations for
BL31 (soc_fw_config), BL32 (tos_fw_config) and BL33 (nt_fw_config). The
necessary cert tool support and changes to default chain of trust are made
for these configs.
Change-Id: I25f266277b5b5501a196d2f2f79639d838794518
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 18 May 2018
|
FVP: Enable capability to disable auth via dynamic config
...
This patch adds capability to FVP to disable authentication dynamically
via the `disable_auth` property in TB_FW_CONFIG. Both BL1 and BL2 parses
the TB_FW_CONFIG for the `disable_auth` property and invokes the
`load_dyn_disable_auth()` API to disable authentication if the
property is set to 1. The DYN_DISABLE_AUTH is enabled by default for
FVP as it is a development platform. Note that the TB_FW_CONFIG has to
be authenticated by BL1 irrespective of these settings.
The arm_bl2_dyn_cfg_init() is now earlier in bl2_plat_preload_setup()
rather than in bl2_platform_setup() as we need to get the value of
`disable_auth` property prior to authentication of any image by BL2.
Change-Id: I734acd59572849793e5020ec44c6ac51f654a4d1
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 18 May 2018
|
Allow disabling authentication dynamically
...
This patch allows platforms to dynamically disable authentication of
images during cold boot. This capability is controlled via the
DYN_DISABLE_AUTH build flag and is only meant for development
purposes.
Change-Id: Ia3df8f898824319bb76d5cc855b5ad6c3d227260
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 18 May 2018
|
2018-05-17 |
Merge pull request #1369 from sivadur/xilinxdiff
...
Xilinx platform mangement related changes
danh-arm
authored
on 17 May 2018
GitHub
committed
on 17 May 2018
|
Ensure read and write of flags are 32 bit
...
In 'console_set_scope' and when registering a console, field 'flags' of
'console_t' is assigned a 32-bit value. However, when it is actually
used, the functions perform 64-bit reads to access its value. This patch
changes all 64-bit reads to 32-bit reads.
Change-Id: I181349371409e60065335f078857946fa3c32dc1
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Daniel Boulby
committed
on 17 May 2018
|
Merge pull request #1340 from Andre-ARM/sec-irqs-fixes
...
Fix support for systems without secure interrupts
Dimitris Papastamos
authored
on 17 May 2018
GitHub
committed
on 17 May 2018
|