2017-03-31 |
Add and use plat_crash_console_flush() API
...
This API makes sure that all the characters sent to the crash console
are output before returning from it.
Porting guide updated.
Change-Id: I1785f970a40f6aacfbe592b6a911b1f249bb2735
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 31 Mar 2017
|
2017-03-08 |
Simplify translation tables headers dependencies
...
The files affected by this patch don't really depend on `xlat_tables.h`.
By changing the included file it becomes easier to switch between the
two versions of the translation tables library.
Change-Id: Idae9171c490e0865cb55883b19eaf942457c4ccc
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 8 Mar 2017
|
2017-02-06 |
Introduce unified API to zero memory
...
Introduce zeromem_dczva function on AArch64 that can handle unaligned
addresses and make use of DC ZVA instruction to zero a whole block at a
time. This zeroing takes place directly in the cache to speed it up
without doing external memory access.
Remove the zeromem16 function on AArch64 and replace it with an alias to
zeromem. This zeromem16 function is now deprecated.
Remove the 16-bytes alignment constraint on __BSS_START__ in
firmware-design.md as it is now not mandatory anymore (it used to comply
with zeromem16 requirements).
Change the 16-bytes alignment constraints in SP min's linker script to a
8-bytes alignment constraint as the AArch32 zeromem implementation is now
more efficient on 8-bytes aligned addresses.
Introduce zero_normalmem and zeromem helpers in platform agnostic header
that are implemented this way:
* AArch32:
* zero_normalmem: zero using usual data access
* zeromem: alias for zero_normalmem
* AArch64:
* zero_normalmem: zero normal memory using DC ZVA instruction
(needs MMU enabled)
* zeromem: zero using usual data access
Usage guidelines: in most cases, zero_normalmem should be preferred.
There are 2 scenarios where zeromem (or memset) must be used instead:
* Code that must run with MMU disabled (which means all memory is
considered device memory for data accesses).
* Code that fills device memory with null bytes.
Optionally, the following rule can be applied if performance is
important:
* Code zeroing small areas (few bytes) that are not secrets should use
memset to take advantage of compiler optimizations.
Note: Code zeroing security-related critical information should use
zero_normalmem/zeromem instead of memset to avoid removal by
compilers' optimizations in some cases or misbehaving versions of GCC.
Fixes ARM-software/tf-issues#408
Change-Id: Iafd9663fc1070413c3e1904e54091cf60effaa82
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Douglas Raillard
committed
on 6 Feb 2017
|
2016-12-20 |
Merge pull request #791 from jeenu-arm/asm-assert-32
...
AArch32: Print ASM_ASSERT and panic messages
danh-arm
authored
on 20 Dec 2016
GitHub
committed
on 20 Dec 2016
|
Export is_mem_free() function
...
The is_mem_free() function used to be local to bl_common.c.
This patch exports it so that it can be used outside of bl_common.c.
Change-Id: I01dcb4229f3a36f56a4724b567c5e6c416dc5e98
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Sandrine Bailleux
authored
on 8 Nov 2016
Dan Handley
committed
on 20 Dec 2016
|
2016-12-19 |
AArch32: Print ASM_ASSERT and panic messages
...
ASM_ASSERT failure and panic messages are suppressed at present. This
patch enables printing the PC location for panic messages, and file name
and line number upon assembly assert failure.
Change-Id: I80cb715988e7ce766f64da1e1d7065a74a096a0c
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan
committed
on 19 Dec 2016
|
2016-12-12 |
Merge pull request #774 from jeenu-arm/no-return-macro
...
Define and use no_ret macro where no return is expected
danh-arm
authored
on 12 Dec 2016
GitHub
committed
on 12 Dec 2016
|
2016-12-05 |
Define and use no_ret macro where no return is expected
...
There are many instances in ARM Trusted Firmware where control is
transferred to functions from which return isn't expected. Such jumps
are made using 'bl' instruction to provide the callee with the location
from which it was jumped to. Additionally, debuggers infer the caller by
examining where 'lr' register points to. If a 'bl' of the nature
described above falls at the end of an assembly function, 'lr' will be
left pointing to a location outside of the function range. This misleads
the debugger back trace.
This patch defines a 'no_ret' macro to be used when jumping to functions
from which return isn't expected. The macro ensures to use 'bl'
instruction for the jump, and also, for debug builds, places a 'nop'
instruction immediately thereafter (unless instructed otherwise) so as
to leave 'lr' pointing within the function range.
Change-Id: Ib34c69fc09197cfd57bc06e147cc8252910e01b0
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan
committed
on 5 Dec 2016
|
2016-11-29 |
Optimize cache flush when authenticating images
...
When loading and authenticating an image, all parent images must also
be authenticated. The parent images are just certificates that don't
need to be used by any other CPU except the one loading the image, and
so there is no need to flush the cache of memory regions where they
are loaded.
Change-Id: Ice8d6979d1c02eabf1a543281ae1a07d098e4a99
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 29 Nov 2016
|
2016-09-21 |
AArch32: Common changes needed for BL1/BL2
...
This patch adds common changes to support AArch32 state in
BL1 and BL2. Following are the changes:
* Added functions for disabling MMU from Secure state.
* Added AArch32 specific SMC function.
* Added semihosting support.
* Added reporting of unhandled exceptions.
* Added uniprocessor stack support.
* Added `el3_entrypoint_common` macro that can be
shared by BL1 and BL32 (SP_MIN) BL stages. The
`el3_entrypoint_common` is similar to the AArch64
counterpart with the main difference in the assembly
instructions and the registers that are relevant to
AArch32 execution state.
* Enabled `LOAD_IMAGE_V2` flag in Makefile for
`ARCH=aarch32` and added check to make sure that
platform has not overridden to disable it.
Change-Id: I33c6d8dfefb2e5d142fdfd06a0f4a7332962e1a3
Yatharth Kochar
committed
on 21 Sep 2016
|
2016-09-20 |
Add new version of image loading.
...
This patch adds capability to load BL images based on image
descriptors instead of hard coded way of loading BL images.
This framework is designed such that it can be readily adapted
by any BL stage that needs to load images.
In order to provide the above capability the following new
platform functions are introduced:
bl_load_info_t *plat_get_bl_image_load_info(void);
This function returns pointer to the list of images that the
platform has populated to load.
bl_params_t *plat_get_next_bl_params(void);
This function returns a pointer to the shared memory that the
platform has kept aside to pass trusted firmware related
information that next BL image needs.
void plat_flush_next_bl_params(void);
This function flushes to main memory all the params that
are passed to next image.
int bl2_plat_handle_post_image_load(unsigned int image_id)
This function can be used by the platforms to update/use
image information for given `image_id`.
`desc_image_load.c` contains utility functions which can be used
by the platforms to generate, load and executable, image list
based on the registered image descriptors.
This patch also adds new version of `load_image/load_auth_image`
functions in-order to achieve the above capability.
Following are the changes for the new version as compared to old:
- Refactor the signature and only keep image_id and image_info_t
arguments. Removed image_base argument as it is already passed
through image_info_t. Given that the BL image base addresses and
limit/size are already provided by the platforms, the meminfo_t
and entry_point_info arguments are not needed to provide/reserve
the extent of free memory for the given BL image.
- Added check for the image size against the defined max size.
This is needed because the image size could come from an
unauthenticated source (e.g. the FIP header).
To make this check, new member is added to the image_info_t
struct for identifying the image maximum size.
New flag `LOAD_IMAGE_V2` is added in the Makefile.
Default value is 0.
NOTE: `TRUSTED_BOARD_BOOT` is currently not supported when
`LOAD_IMAGE_V2` is enabled.
Change-Id: Ia7b643f4817a170d5a2fbf479b9bc12e63112e79
Yatharth Kochar
committed
on 20 Sep 2016
|
2016-08-31 |
AArch32: resolve build error when LOG_LEVEL=50
...
This patch resolves a build error in Trusted Firmware when `ARCH=aarch32`
and LOG_LEVEL >= 50.
Change-Id: I62a23ded4a25304533cdcc5ff11442aee041709b
Soby Mathew
committed
on 31 Aug 2016
|
Merge pull request #689 from yatharth-arm/yk/plat_report_expn
...
Remove looping around `plat_report_exception`
davidcunado-arm
authored
on 31 Aug 2016
GitHub
committed
on 31 Aug 2016
|
2016-08-22 |
Remove looping around `plat_report_exception`
...
This patch removes the tight loop that calls `plat_report_exception`
in unhandled exceptions in AArch64 state.
The new behaviour is to call the `plat_report_exception` only
once followed by call to `plat_panic_handler`.
This allows platforms to take platform-specific action when
there is an unhandled exception, instead of always spinning
in a tight loop.
Note: This is a subtle break in behaviour for platforms that
expect `plat_report_exception` to be continuously executed
when there is an unhandled exception.
Change-Id: Ie2453804b9b7caf9b010ee73e1a90eeb8384e4e8
Yatharth Kochar
committed
on 22 Aug 2016
|
2016-08-18 |
Merge pull request #686 from danh-arm/dh/remove-inv-dcache-after-auth
...
Remove dcache invalidation after image authentication
danh-arm
authored
on 18 Aug 2016
GitHub
committed
on 18 Aug 2016
|
2016-08-17 |
Remove dcache invalidation after image authentication
...
At the end of successful image authentication in load_auth_image(),
the data cache for the virtual address range corresponding to the
image is invalidated (by a call to inv_dcache_range()). The intent
seems to be to ensure the data caches do not contain any sensitive
data used during authentication, which subsequent code can read.
However, this same address range is already flushed (cleaned and
invalidated by a call to flush_dcache_range()) at the end of
load_image(), and the subsequent invalidate has no functional
effect.
This patch removes the redundant call to inv_dcache_range(). It
also moves the flush_dcache_range() call from the end of load_image()
to the end of load_auth_image(), so the image data will remain in
the caches during authentication, improving performance.
This also improves the comments that explain the rationale for
calling flush_dcache_range() after image loading/authentication.
Change-Id: I14f17ad2935075ef6f3d1327361c5088bfb2d284
Dan Handley
committed
on 17 Aug 2016
|
2016-08-10 |
AArch32: Add API to invoke runtime service handler
...
This patch adds an API in runtime service framework to
invoke the registered handler corresponding to the SMC function
identifier. This is helpful for AArch32 because the number of
arguments required by the handler is more than registers
available as per AArch32 program calling conventions and
requires the use of stack. Hence this new API will do the
necessary argument setup and invoke the appropriate
handler. Although this API is primarily intended for AArch32,
it can be used for AArch64 as well.
Change-Id: Iefa15947fe5a1df55b0859886e677446a0fd7241
Soby Mathew
committed
on 10 Aug 2016
|
AArch32: Add tf_printf support
...
The tf_printf library uses 64 bit division to print numbers
in appropriate formats but AArch32 mode cannot do 64 bit division
natively. Hence this patch adds additional number printing routines
to handle AArch32 mode in tf_printf library. The decimal format
printing capability is limited to 32 bit integers whereas 64 bits
are supported in hexadecimal format. The library assumes that
secure world is running in Little-Endian mode to do bit
manipulations on 64 bit. Suitable assertions are present to
enforce this assumption.
Change-Id: I55a21e448cef4915d1834d76e48a84ccf0bec36d
Soby Mathew
committed
on 10 Aug 2016
|
AArch32: Add assembly helpers
...
This patch adds various assembly helpers for AArch32 like :
* cache management : Functions to flush, invalidate and clean
cache by MVA. Also helpers to do cache operations by set-way
are also added.
* stack management: Macros to declare stack and get the current
stack corresponding to current CPU.
* Misc: Macros to access co processor registers in AArch32,
macros to define functions in assembly, assert macros, generic
`do_panic()` implementation and function to zero block of memory.
Change-Id: I7b78ca3f922c0eda39beb9786b7150e9193425be
Soby Mathew
committed
on 10 Aug 2016
|
2016-07-28 |
Merge pull request #673 from soby-mathew/sm/coverity_issue
...
Improve debug assertion for runtime svc number
danh-arm
authored
on 28 Jul 2016
GitHub
committed
on 28 Jul 2016
|
2016-07-26 |
Improve debug assertion for runtime svc number
...
This patch improves the debug assertion for runtime svc number
- Remove useless comparison ensuring that the number of descriptors
is a positive number. The variable is an unsigned integer so can't
be negative.
- Check that the end address of the descriptors is sane relative
to the start address.
Change-Id: Iea7be6b34e33b8b1cbd394eb923cc834ea964831
Soby Mathew
committed
on 26 Jul 2016
|
2016-07-25 |
Ensure addresses in is_mem_free() don't overflow
...
This patch adds some runtime checks to prevent some potential
pointer overflow issues in the is_mem_free() function. The overflow
could happen in the case where the end addresses, computed as the
sum of a base address and a size, results in a value large enough
to wrap around. This, in turn, could lead to unpredictable behaviour.
If such an overflow is detected, the is_mem_free() function will now
declare the memory region as not free. The overflow is detected using
a new macro, called check_uptr_overflow().
This patch also modifies all other places in the 'bl_common.c' file
where an end address was computed as the sum of a base address and a
size and instead keeps the two values separate. This avoids the need
to handle pointer overflows everywhere. The code doesn't actually need
to compute any end address before the is_mem_free() function is called
other than to print information message to the serial output.
This patch also introduces 2 slight changes to the reserve_mem()
function:
- It fixes the end addresses passed to choose_mem_pos(). It was
incorrectly passing (base + size) instead of (base + size - 1).
- When the requested allocation size is 0, the function now exits
straight away and says so using a warning message.
Previously, it used to actually reserve some memory. A zero-byte
allocation was not considered as a special case so the function
was using the same top/bottom allocation mechanism as for any
other allocation. As a result, the smallest area of memory starting
from the requested base address within the free region was
reserved.
Change-Id: I0e695f961e24e56ffe000718014e0496dc6e1ec6
Sandrine Bailleux
committed
on 25 Jul 2016
|
Make runtime_svc_init() function more robust
...
- Added some debug assertions checking that the runtime services
indexes computed by get_unique_oen() are sane.
- Do not print the name of the service when its descriptor is
invalid. If the descriptor is corrupted then its name field
could be corrupted as well and we would end up reading an
arbitrary amount of invalid memory.
Change-Id: I16f61065277d01fe1555d5a9cf743f7b52ccaa60
Sandrine Bailleux
committed
on 25 Jul 2016
|
Improvements to runtime service init code
...
Light refactoring of the code in runtime_svc.c file.
- Declare validate_rt_svc_desc()'s argument as const.
- Remove 'goto' path in runtime_svc_init(). It was used in one
place only.
- Improve code readability by declaring a local variable holding the
service pointer.
Change-Id: I3b15c5adb9f37b786b5b993a9be70ea9dd017a83
Sandrine Bailleux
committed
on 25 Jul 2016
|
2016-07-18 |
Introduce `el3_runtime` and `PSCI` libraries
...
This patch moves the PSCI services and BL31 frameworks like context
management and per-cpu data into new library components `PSCI` and
`el3_runtime` respectively. This enables PSCI to be built independently from
BL31. A new `psci_lib.mk` makefile is introduced which adds the relevant
PSCI library sources and gets included by `bl31.mk`. Other changes which
are done as part of this patch are:
* The runtime services framework is now moved to the `common/` folder to
enable reuse.
* The `asm_macros.S` and `assert_macros.S` helpers are moved to architecture
specific folder.
* The `plat_psci_common.c` is moved from the `plat/common/aarch64/` folder
to `plat/common` folder. The original file location now has a stub which
just includes the file from new location to maintain platform compatibility.
Most of the changes wouldn't affect platform builds as they just involve
changes to the generic bl1.mk and bl31.mk makefiles.
NOTE: THE `plat_psci_common.c` FILE HAS MOVED LOCATION AND THE STUB FILE AT
THE ORIGINAL LOCATION IS NOW DEPRECATED. PLATFORMS SHOULD MODIFY THEIR
MAKEFILES TO INCLUDE THE FILE FROM THE NEW LOCATION.
Change-Id: I6bd87d5b59424995c6a65ef8076d4fda91ad5e86
Soby Mathew
committed
on 18 Jul 2016
|
Rework type usage in Trusted Firmware
...
This patch reworks type usage in generic code, drivers and ARM platform files
to make it more portable. The major changes done with respect to
type usage are as listed below:
* Use uintptr_t for storing address instead of uint64_t or unsigned long.
* Review usage of unsigned long as it can no longer be assumed to be 64 bit.
* Use u_register_t for register values whose width varies depending on
whether AArch64 or AArch32.
* Use generic C types where-ever possible.
In addition to the above changes, this patch also modifies format specifiers
in print invocations so that they are AArch64/AArch32 agnostic. Only files
related to upcoming feature development have been reworked.
Change-Id: I9f8c78347c5a52ba7027ff389791f1dad63ee5f8
Soby Mathew
committed
on 18 Jul 2016
|
2016-06-15 |
Merge pull request #650 from Xilinx/zynqmp-updates
...
Zynqmp updates
danh-arm
authored
on 15 Jun 2016
GitHub
committed
on 15 Jun 2016
|
2016-06-07 |
Update comments in load_image()
...
- Fix the function documentation.
Since commit 16948ae1, load_image() uses image IDs rather than image
names.
- Clarify the consequences of a null entry point argument.
- Slightly reorganize the code to remove an unnecessary 'if' statement.
Change-Id: Iebea3149a37f23d3b847a37a206ed23f7e8ec717
Sandrine Bailleux
committed
on 7 Jun 2016
|
2016-06-03 |
Merge pull request #636 from soby-mathew/sm/cpu_ctx_rem_aarch32_regs
...
Build option to include AArch32 registers in cpu context
danh-arm
committed
on 3 Jun 2016
|
Build option to include AArch32 registers in cpu context
...
The system registers that are saved and restored in CPU context include
AArch32 systems registers like SPSR_ABT, SPSR_UND, SPSR_IRQ, SPSR_FIQ,
DACR32_EL2, IFSR32_EL2 and FPEXC32_EL2. Accessing these registers on an
AArch64-only (i.e. on hardware that does not implement AArch32, or at
least not at EL1 and higher ELs) platform leads to an exception. This patch
introduces the build option `CTX_INCLUDE_AARCH32_REGS` to specify whether to
include these AArch32 systems registers in the cpu context or not. By default
this build option is set to 1 to ensure compatibility. AArch64-only platforms
must set it to 0. A runtime check is added in BL1 and BL31 cold boot path to
verify this.
Fixes ARM-software/tf-issues#386
Change-Id: I720cdbd7ed7f7d8516635a2ec80d025f478b95ee
Soby Mathew
committed
on 3 Jun 2016
|