2020-05-15 |
plat/arm/fvp: Support performing SDEI platform setup in runtime
...
This patch introduces dynamic configuration for SDEI setup and is supported
when the new build flag SDEI_IN_FCONF is enabled. Instead of using C arrays
and processing the configuration at compile time, the config is moved to
dts files. It will be retrieved at runtime during SDEI init, using the fconf
layer.
Change-Id: If5c35a7517ba00a9f258d7f3e7c8c20cee169a31
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Co-authored-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Balint Dobszay
authored
on 18 Dec 2019
Madhukar Pappireddy
committed
on 15 May 2020
|
2020-05-14 |
Implement workaround for AT speculative behaviour
...
During context switching from higher EL (EL2 or higher)
to lower EL can cause incorrect translation in TLB due to
speculative execution of AT instruction using out-of-context
translation regime.
Workaround is implemented as below during EL's (EL1 or EL2)
"context_restore" operation:
1. Disable page table walk using SCTLR.M and TCR.EPD0 & EPD1
bits for EL1 or EL2 (stage1 and stage2 disabled)
2. Save all system registers except TCR and SCTLR (for EL1 and EL2)
3. Do memory barrier operation (isb) to ensure all
system register writes are done.
4. Restore TCR and SCTLR registers (for EL1 and EL2)
Errata details are available for various CPUs as below:
Cortex-A76: 1165522
Cortex-A72: 1319367
Cortex-A57: 1319537
Cortex-A55: 1530923
Cortex-A53: 1530924
More details can be found in mail-chain:
https://lists.trustedfirmware.org/pipermail/tf-a/2020-April/000445.html
Currently, Workaround is implemented as build option which is default
disabled.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: If8545e61f782cb0c2dda7ffbaf50681c825bd2f0
Manish V Badarkhe
authored
on 27 Apr 2020
Manish V Badarkhe
committed
on 14 May 2020
|
2020-04-01 |
Enable MTE support
...
Enable MTE support by adding memory tag option in Makefile
This option is available only when ARMv8.5-MemTag is implemented
MTE options are added in latest clang and armclang compiler which
support below options:
for clang <version 11.0.0>
1. -march=arm8.5-a+memtag
2. -fsanitize=memtag
for armclang <version 6.12>
1. -march=arm8.5-a+memtag
2. -mmemtag-stack
Set the option SUPPORT_STACK_MEMTAG=yes to enable memory stack tagging.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I4e0bbde4e9769ce03ead6f550158e22f32c1c413
Manish V Badarkhe
authored
on 22 Mar 2020
Sandrine Bailleux
committed
on 1 Apr 2020
|
2020-03-31 |
Build: introduce per-BL CPPFLAGS and ASFLAGS
...
Currently, BL*_CFLAGS and BL*_LDFLAGS are supported.
For completion, this adds BL*_CPPFLAGS and BL*_ASFLAGS.
My main motivation is to pass -D<macro> to BL*_CPPFLAGS so that
the macro can be used from all source files.
Change-Id: I0ca1e4e26386bef7fed999af140ee7cce7c2f8ef
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada
committed
on 31 Mar 2020
|
2020-03-16 |
fconf: Clean Arm IO
...
Merge the previously introduced arm_fconf_io_storage into arm_io_storage. This
removes the duplicate io_policies and functions definition.
This patch:
- replace arm_io_storage.c with the content of arm_fconf_io_storage.c
- rename the USE_FCONF_BASED_IO option into ARM_IO_IN_DTB.
- use the ARM_IO_IN_DTB option to compile out io_policies moved in dtb.
- propagate DEFINES when parsing dts.
- use ARM_IO_IN_DTB to include or not uuid nodes in fw_config dtb.
- set the ARM_IO_IN_DTB to 0 by default for fvp. This ensure that the behavior
of fvp stays the same as it was before the introduction of fconf.
Change-Id: Ia774a96d1d3a2bccad29f7ce2e2b4c21b26c080e
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Louis Mayencourt
committed
on 16 Mar 2020
|
2020-03-10 |
Merge changes from topic "sb/dualroot" into integration
...
* changes:
Build system: Changes to drive cert_create for dualroot CoT
cert_create: Define the dualroot CoT
Introduce a new "dualroot" chain of trust
Sandrine Bailleux
authored
on 10 Mar 2020
TrustedFirmware Code Review
committed
on 10 Mar 2020
|
2020-03-06 |
Makefile: Add support to optionally encrypt BL31 and BL32
...
Following build flags have been added to support optional firmware
encryption:
- FW_ENC_STATUS: Top level firmware's encryption numeric flag, values:
0: Encryption is done with Secret Symmetric Key (SSK) which is
common for a class of devices.
1: Encryption is done with Binding Secret Symmetric Key (BSSK) which
is unique per device.
- ENC_KEY: A 32-byte (256-bit) symmetric key in hex string format. It
could be SSK or BSSK depending on FW_ENC_STATUS flag.
- ENC_NONCE: A 12-byte (96-bit) encryption nonce or Initialization Vector
(IV) in hex string format.
- ENCRYPT_BL31: Binary flag to enable encryption of BL31 firmware.
- ENCRYPT_BL32: Binary flag to enable encryption of Secure BL32 payload.
Similar flags can be added to encrypt other firmwares as well depending
on use-cases.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I94374d6830ad5908df557f63823e58383d8ad670
Sumit Garg
committed
on 6 Mar 2020
|
drivers: crypto: Add authenticated decryption framework
...
Add framework for autheticated decryption of data. Currently this
patch optionally imports mbedtls library as a backend if build option
"DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption
using AES-GCM algorithm.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271
Sumit Garg
committed
on 6 Mar 2020
|
2020-03-03 |
SPMD: add command line parameter to run SPM at S-EL2 or S-EL1
...
Added SPMD_SPM_AT_SEL2 build command line parameter.
Set to 1 to run SPM at S-EL2.
Set to 0 to run SPM at S-EL1 (pre-v8.4 or S-EL2 is disabled).
Removed runtime EL from SPM core manifest.
Change-Id: Icb4f5ea4c800f266880db1d410d63fe27a1171c0
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Max Shvetsov
committed
on 3 Mar 2020
|
2020-03-02 |
SPMD: save/restore EL2 system registers.
...
NOTE: Not all EL-2 system registers are saved/restored.
This subset includes registers recognized by ARMv8.0
Change-Id: I9993c7d78d8f5f8e72d1c6c8d6fd871283aa3ce0
Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Max Shvetsov
committed
on 2 Mar 2020
|
2020-02-26 |
Build: fix 'BL stage' comment for build macros
...
The MAKE_BL macro is invoked for 1, 2, 2u, 31, 32.
Fix the comments.
Change-Id: I35dd25cc2ea13885c184fb9c8229a322b33f7e71
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada
committed
on 26 Feb 2020
|
2020-02-24 |
Read-only xlat tables for BL31 memory
...
This patch introduces a build flag which allows the xlat tables
to be mapped in a read-only region within BL31 memory. It makes it
much harder for someone who has acquired the ability to write to
arbitrary secure memory addresses to gain control of the
translation tables.
The memory attributes of the descriptors describing the tables
themselves are changed to read-only secure data. This change
happens at the end of BL31 runtime setup. Until this point, the
tables have read-write permissions. This gives a window of
opportunity for changes to be made to the tables with the MMU on
(e.g. reclaiming init code). No changes can be made to the tables
with the MMU turned on from this point onwards. This change is also
enabled for sp_min and tspd.
To make all this possible, the base table was moved to .rodata. The
penalty we pay is that now .rodata must be aligned to the size of
the base table (512B alignment). Still, this is better than putting
the base table with the higher level tables in the xlat_table
section, as that would cost us a full 4KB page.
Changing the tables from read-write to read-only cannot be done with
the MMU on, as the break-before-make sequence would invalidate the
descriptor which resolves the level 3 page table where that very
descriptor is located. This would make the translation required for
writing the changes impossible, generating an MMU fault.
The caches are also flushed.
Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>
Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
Petre-Ionut Tudor
committed
on 24 Feb 2020
|
Build system: Changes to drive cert_create for dualroot CoT
...
The build system needs to drive the cert_create tool in a slightly
different manner when using the dualroot chain of trust.
- It needs to pass it the platform root of trust key file.
- It must not try to generate the Non-Trusted Firmware Key Certificate,
which is not part of the dualroot CoT.
Change-Id: Ibcc821c5735765523730f861ae8230208f41302b
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Sandrine Bailleux
committed
on 24 Feb 2020
|
2020-02-18 |
build_macros: add create sequence helper function
...
Add `CREATE_SEQ` function to generate sequence of numbers starting from
1 to allow easy comparison of a user defined macro with non-zero
positive numbers.
Change-Id: Ibcb336a223d958154b1007d08c428fbaf1e48664
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Vijayenthiran Subramaniam
authored
on 8 Feb 2020
Manish Pandey
committed
on 18 Feb 2020
|
2020-02-07 |
fconf: Move platform io policies into fconf
...
Use the firmware configuration framework to store the io_policies
information inside the configuration device tree instead of the static
structure in the code base.
The io_policies required by BL1 can't be inside the dtb, as this one is
loaded by BL1, and only available at BL2.
This change currently only applies to FVP platform.
Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Louis Mayencourt
committed
on 7 Feb 2020
|
2020-01-30 |
Merge changes from topic "sb/select-cot" into integration
...
* changes:
Introduce COT build option
cert_create: Remove references to TBBR in common code
cert_create: Introduce COT build option
cert_create: Introduce TBBR CoT makefile
Sandrine Bailleux
authored
on 30 Jan 2020
TrustedFirmware Code Review
committed
on 30 Jan 2020
|
2020-01-29 |
Introduce COT build option
...
Allows to select the chain of trust to use when the Trusted Boot feature
is enabled. This affects both the cert_create tool and the firmware
itself.
Right now, the only available CoT is TBBR.
Change-Id: I7ab54e66508a1416cb3fcd3dfb0f055696763b3d
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Sandrine Bailleux
committed
on 29 Jan 2020
|
2020-01-28 |
Measured Boot: add function for hash calculation
...
This patch adds 'calc_hash' function using Mbed TLS library
required for Measured Boot support.
Change-Id: Ifc5aee0162d04db58ec6391e0726a526f29a52bb
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Alexei Fedorov
committed
on 28 Jan 2020
|
2020-01-24 |
Build: support per-BL LDFLAGS
...
make_helpers/build_macros.mk supports per-BL CFLAGS. For example,
you can pass compiler flags only to BL31 by using BL31_CFLAGS.
This commit adds per-BL LDFLAGS support, which is useful as well.
My main motivation of this addition is to use it for ENABLE_PIE.
When ENABLE_PIE is enabled, some linker flags are added to TF_LDFLAGS,
which affects all the TF images. It will make more sense to pass the
relevant options only to BL images that support it.
Change-Id: I203acaab0091db5ae0ea6e66460ee7dc8d9c4d75
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada
committed
on 24 Jan 2020
|
2020-01-14 |
Replace dts includes with C preprocessor syntax
...
Using the /include/ syntax, the include was evaluated by dtc, only after running
the preprocessor, therefore the .dtsi files were not preprocessed. This patch
adds the #include syntax instead. Evaluating this and preprocessing the files
now happens in a single step, done by the C preprocessor.
Change-Id: I6d0104b6274316fc736e84973502a4d6c2c9d6e0
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Balint Dobszay
committed
on 14 Jan 2020
|
2019-12-29 |
bl31: Split into two separate memory regions
...
Some platforms are extremely memory constrained and must split BL31
between multiple non-contiguous areas in SRAM. Allow the NOBITS
sections (.bss, stacks, page tables, and coherent memory) to be placed
in a separate region of RAM from the loaded firmware image.
Because the NOBITS region may be at a lower address than the rest of
BL31, __RW_{START,END}__ and __BL31_{START,END}__ cannot include this
region, or el3_entrypoint_common would attempt to invalidate the dcache
for the entire address space. New symbols __NOBITS_{START,END}__ are
added when SEPARATE_NOBITS_REGION is enabled, and the dcached for the
NOBITS region is invalidated separately.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: Idedfec5e4dbee77e94f2fdd356e6ae6f4dc79d37
Samuel Holland
committed
on 29 Dec 2019
|
2019-12-20 |
Merge "debugfs: add 9p device interface" into integration
Mark Dykes
authored
on 20 Dec 2019
TrustedFirmware Code Review
committed
on 20 Dec 2019
|
spm: Remove SPM Alpha 1 prototype and support files
...
The Secure Partition Manager (SPM) prototype implementation is
being removed. This is preparatory work for putting in place a
dispatcher component that, in turn, enables partition managers
at S-EL2 / S-EL1.
This patch removes:
- The core service files (std_svc/spm)
- The Resource Descriptor headers (include/services)
- SPRT protocol support and service definitions
- SPCI protocol support and service definitions
Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Paul Beesley
authored
on 14 Oct 2019
Manish Pandey
committed
on 20 Dec 2019
|
Remove dependency between SPM_MM and ENABLE_SPM build flags
...
There are two different implementations of Secure Partition
management in TF-A. One is based on the "Management Mode" (MM)
design, the other is based on the Secure Partition Client Interface
(SPCI) specification. Currently there is a dependency between their
build flags that shouldn't exist, making further development
harder than it should be. This patch removes that
dependency, making the two flags function independently.
Before: ENABLE_SPM=1 is required for using either implementation.
By default, the SPCI-based implementation is enabled and
this is overridden if SPM_MM=1.
After: ENABLE_SPM=1 enables the SPCI-based implementation.
SPM_MM=1 enables the MM-based implementation.
The two build flags are mutually exclusive.
Note that the name of the ENABLE_SPM flag remains a bit
ambiguous - this will be improved in a subsequent patch. For this
patch the intention was to leave the name as-is so that it is
easier to track the changes that were made.
Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Paul Beesley
authored
on 16 Sep 2019
Manish Pandey
committed
on 20 Dec 2019
|
2019-12-17 |
debugfs: add 9p device interface
...
The 9p interface provides abstraction layers allowing the software
that uses devices to be independent from the hardware.
This patch provides a file system abstraction to link drivers to their
devices and propose a common interface to expose driver operations to
higher layers. This file system can be used to access and configure a
device by doing read/write operations.
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ia9662393baf489855dc0c8f389fe4a0afbc9c255
Olivier Deprez
committed
on 17 Dec 2019
|
2019-12-02 |
Enable Link Time Optimization in GCC
...
This patch enables LTO for TF-A when compiled with GCC.
LTO is disabled by default and is enabled by
ENABLE_LTO=1 build option.
LTO is enabled only for aarch64 as there seem to be
a bug in the aarch32 compiler when LTO is enabled.
The changes in the makefiles include:
- Adding -flto and associated flags to enable LTO.
- Using gcc as a wrapper at link time instead of ld.
This is recommended when using LTO as gcc internally
takes care of invoking the necessary plugins for LTO.
- Adding switches to pass options to ld.
- Adding a flag to disable fix for erratum cortex-a53-843419
unless explicitly enabled. This is needed because GCC
seem to automatically add the erratum fix when used
as a wrapper for LD.
Additionally, this patch updates the TF-A user guide with
the new build option.
Signed-off-by: zelalem-aweke <zelalem.aweke@arm.com>
Change-Id: I1188c11974da98434b7dc9344e058cd1eacf5468
zelalem-aweke
committed
on 2 Dec 2019
|
2019-10-04 |
Fix the CAS spinlock implementation
...
Make the spinlock implementation use ARMv8.1-LSE CAS instruction based
on a platform build option. The CAS-based implementation used to be
unconditionally selected for all ARM8.1+ platforms.
The previous CAS spinlock implementation had a bug wherein the spin_unlock()
implementation had an `sev` after `stlr` which is not sufficient. A dsb is
needed to ensure that the stlr completes prior to the sev. Having a dsb is
heavyweight and a better solution would be to use load exclusive semantics
to monitor the lock and wake up from wfe when a store happens to the lock.
The patch implements the same.
Change-Id: I5283ce4a889376e4cc01d1b9d09afa8229a2e522
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Soby Mathew
authored
on 25 Sep 2019
Olivier Deprez
committed
on 4 Oct 2019
|
2019-09-13 |
Merge changes from topic "jc/rsa-pkcs" into integration
...
* changes:
Remove RSA PKCS#1 v1.5 support from cert_tool
Add documentation for new KEY_SIZE option
Add cert_create tool support for RSA key sizes
Support larger RSA key sizes when using MBEDTLS
Soby Mathew
authored
on 13 Sep 2019
TrustedFirmware Code Review
committed
on 13 Sep 2019
|
2019-09-12 |
Add cert_create tool support for RSA key sizes
...
cert_tool is now able to accept a command line option for specifying the
key size. It now supports the following options: 1024, 2048 (default),
3072 and 4096. This is also modifiable by TFA using the build flag
KEY_SIZE.
Change-Id: Ifadecf84ade3763249ee8cc7123a8178f606f0e5
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Justin Chadwell
committed
on 12 Sep 2019
|
Invalidate dcache build option for bl2 entry at EL3
...
Some of the platform (ie. Agilex) make use of CCU IPs which will only be
initialized during bl2_el3_early_platform_setup. Any operation to the
cache beforehand will crash the platform. Hence, this will provide an
option to skip the data cache invalidation upon bl2 entry at EL3
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I2c924ed0589a72d0034714c31be8fe57237d1f06
Hadi Asyrafi
authored
on 20 Aug 2019
Soby Mathew
committed
on 12 Sep 2019
|