| 2015-06-25 |
Use numbers to identify images instead of names
...
The Trusted firmware code identifies BL images by name. The platform
port defines a name for each image e.g. the IO framework uses this
mechanism in the platform function plat_get_image_source(). For
a given image name, it returns the handle to the image file which
involves comparing images names. In addition, if the image is
packaged in a FIP, a name comparison is required to find the UUID
for the image. This method is not optimal.
This patch changes the interface between the generic and platform
code with regard to identifying images. The platform port must now
allocate a unique number (ID) for every image. The generic code will
use the image ID instead of the name to access its attributes.
As a result, the plat_get_image_source() function now takes an image
ID as an input parameter. The organisation of data structures within
the IO framework has been rationalised to use an image ID as an index
into an array which contains attributes of the image such as UUID and
name. This prevents the name comparisons.
A new type 'io_uuid_spec_t' has been introduced in the IO framework
to specify images identified by UUID (i.e. when the image is contained
in a FIP file). There is no longer need to maintain a look-up table
[iname_name --> uuid] in the io_fip driver code.
Because image names are no longer mandatory in the platform port, the
debug messages in the generic code will show the image identifier
instead of the file name. The platforms that support semihosting to
load images (i.e. FVP) must provide the file names as definitions
private to the platform.
The ARM platform ports and documentation have been updated accordingly.
All ARM platforms reuse the image IDs defined in the platform common
code. These IDs will be used to access other attributes of an image in
subsequent patches.
IMPORTANT: applying this patch breaks compatibility for platforms that
use TF BL1 or BL2 images or the image loading code. The platform port
must be updated to match the new interface.
Change-Id: I9c1b04cb1a0684c6ee65dee66146dd6731751ea5
Juan Castillo
committed
on 25 Jun 2015
|
TBB: replace assert() with runtime checks in PolarSSL module
...
Using assert() to check the length of keys and hashes included in
a certificate is not a safe approach because assert() only applies
to debug builds. A malformed certificate could exploit security
flaws in release binaries due to buffer overflows.
This patch replaces assert() with runtime checkings in the PolarSSL
authentication module, so malformed certificates can not cause a
memory overflow.
Change-Id: I42ba912020595752c806cbd242fe3c74077d993b
Juan Castillo
committed
on 25 Jun 2015
|
TBB: use ASN.1 type DigestInfo to represent hashes
...
The cert_create tool calculates the hash of each BL image and includes
it as an ASN.1 OCTET STRING in the corresponding certificate extension.
Without additional information, the firmware running on the platform
has to know in advance the algorithm used to generate the hash.
This patch modifies the cert_create tool so the certificate extensions
that include an image hash are generated according to the following
ASN.1 structure:
DigestInfo ::= SEQUENCE {
digestAlgorithm AlgorithmIdentifier,
digest OCTET STRING
}
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}
The PolarSSL module has been updated to extract the image hash
from the certificate extension according to this structure.
Change-Id: I6d83430f12a8a0eea8447bec7c936e903f644c85
Juan Castillo
committed
on 25 Jun 2015
|
TBB: add build option to save private keys
...
This patch adds a boolean build option 'SAVE_KEYS' to indicate the
certificate generation tool that it must save the private keys used
to establish the chain of trust. This option depends on 'CREATE_KEYS'
to be enabled. Default is '0' (do not save).
Because the same filenames are used as outputs to save the keys,
they are no longer a dependency to the cert_tool. This dependency
has been removed from the Makefile.
Documentation updated accordingly.
Change-Id: I67ab1c2b1f8a25793f0de95e8620ce7596a6bc3b
Juan Castillo
committed
on 25 Jun 2015
|
| 2015-06-24 |
Merge pull request #325 from sandrine-bailleux/sb/fix-rw-data-relocation
...
Bug fix: Build time condition to relocate RW data
danh-arm
committed
on 24 Jun 2015
|
Bug fix: Build time condition to relocate RW data
...
This patch fixes the build time condition deciding whether the
read-write data should be relocated from ROM to RAM. It was incorrectly
using __DATA_ROM_START__, which is a linker symbol and not a compiler
build flag. As a result, the relocation code was always compiled out.
This bug has been introduced by the following patch:
"Rationalize reset handling code"
Change-Id: I1c8d49de32f791551ab4ac832bd45101d6934045
Sandrine Bailleux
committed
on 24 Jun 2015
|
Merge pull request #321 from vwadekar/tegra-gic-implementation-v1
...
Add missing features to the Tegra GIC driver
danh-arm
committed
on 24 Jun 2015
|
Merge pull request #310 from sandrine-bailleux/sb/tf-issue-304-phase1
...
Enhance BL3-1 entrypoint handling to support non-TF boot firmware - Phase 1
danh-arm
committed
on 24 Jun 2015
|
| 2015-06-22 |
Add missing features to the Tegra GIC driver
...
In order to handle secure/non-secure interrupts, overload the plat_ic_*
functions and copy GIC helper functions from arm_gic.c. Use arm_gic.c
as the reference to add Tegra's GIC helper functions.
Now that Tegra has its own GIC implementation, we have no use for
plat_gic.c and arm_gic.c files.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Varun Wadekar
committed
on 22 Jun 2015
|
| 2015-06-19 |
Merge pull request #322 from athoelke/at/fix-bl1-assertions
...
Fix incorrect assertions in bl1_main()
danh-arm
committed
on 19 Jun 2015
|
Merge pull request #323 from athoelke/at/fix-aff-inst-overflow
...
Fix integer extension in mpidr_set_aff_inst()
danh-arm
committed
on 19 Jun 2015
|
Fix incorrect assertions in bl1_main()
...
The validation of the caching enable state in bl1_main() was
incorrect resulting in the state not being checked. Using the right
operator fixes this.
Change-Id: I2a99478f420281a1dcdf365d3d4fd8394cd21b51
Andrew Thoelke
committed
on 19 Jun 2015
|
Fix integer extension in mpidr_set_aff_inst()
...
mpidr_set_aff_inst() is left shifting an int constant and an
unsigned char value to construct an MPIDR. For affinity level 3 a
shift of 32 would result in shifting out of the 32-bit type and
have no effect on the MPIDR.
These values need to be extended to unsigned long before shifting
to ensure correct results for affinity level 3.
Change-Id: I1ef40afea535f14cfd820c347a065a228e8f4536
Andrew Thoelke
committed
on 19 Jun 2015
|
| 2015-06-18 |
Merge pull request #320 from danh-arm/rh/timer-api-v10
...
Add delay timer API v10
danh-arm
committed
on 18 Jun 2015
|
FVP: Add SP804 delay timer
...
Add SP804 delay timer support to the FVP BSP.
This commit simply provides the 3 constants needed by the SP804
delay timer driver and calls sp804_timer_init() in
bl2_platform_setup(). The BSP does not currently use the delay
timer functions.
Note that the FVP SP804 is a normal world accessible peripheral
and should not be used by the secure world after transition
to the normal world.
Change-Id: I5f91d2ac9eb336fd81943b3bb388860dfb5f2b39
Co-authored-by: Dan Handley <dan.handley@arm.com>
Ryan Harkin
authored
on 17 Mar 2015
Dan Handley
committed
on 18 Jun 2015
|
Add SP804 delay timer driver
...
Add a delay timer driver for the ARM SP804 dual timer.
This driver only uses the first timer, called timer 1 in the
SP804 Technical Reference Manual (ARM DDI 0271D).
To use this driver, the BSP must provide three constants:
* The base address of the SP804 dual timer
* The clock multiplier
* The clock divider
The BSP is responsible for calling sp804_timer_init(). The SP804
driver instantiates a constant timer_ops_t and calls the generic
timer_init().
Change-Id: I49ba0a52bdf6072f403d1d0a20e305151d4bc086
Co-authored-by: Dan Handley <dan.handley@arm.com>
Ryan Harkin
authored
on 17 Mar 2015
Dan Handley
committed
on 18 Jun 2015
|
Merge pull request #319 from vwadekar/tegra-video-mem-aperture-v3
...
Reserve a Video Memory aperture in DRAM memory
danh-arm
committed
on 18 Jun 2015
|
| 2015-06-17 |
Add a simple delay timer driver API
...
The API is simple. The BSP or specific timer driver creates an
instance of timer_ops_t, fills in the timer specific data, then calls
timer_init(). The timer specific data includes a function pointer
to return the timer value and a clock multiplier/divider. The ratio
of the multiplier and the divider is the clock frequency in MHz.
After that, mdelay() or udelay() can be called to delay execution for
the specified time (milliseconds or microseconds, respectively).
Change-Id: Icf8a295e1d25874f789bf28b7412156329dc975c
Co-authored-by: Dan Handley <dan.handley@arm.com>
Ryan Harkin
authored
on 17 Mar 2015
Dan Handley
committed
on 17 Jun 2015
|
| 2015-06-12 |
Merge pull request #317 from vwadekar/run-bl32-on-tegra-v3
...
Run bl32 on tegra v3
Achin Gupta
committed
on 12 Jun 2015
|
Reserve a Video Memory aperture in DRAM memory
...
This patch adds support to reserve a memory carveout region in the
DRAM on Tegra SoCs. The memory controller provides specific registers
to specify the aperture's base and size. This aperture can also be
changed dynamically in order to re-size the memory available for
DRM video playback. In case of the new aperture not overlapping
the previous one, the previous aperture has to be cleared before
setting up the new one. This means we do not "leak" any video data
to the NS world.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Varun Wadekar
committed
on 12 Jun 2015
|
| 2015-06-11 |
Move dispatcher documents to the docs/spd folder
...
This patch moves the optee-dispatcher.md and tlk-dispatcher.md to
docs/spd.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Varun Wadekar
committed
on 11 Jun 2015
|
Boot Trusted OS' on Tegra SoCs
...
This patch adds support to run a Trusted OS during boot time. The
previous stage bootloader passes the entry point information in
the 'bl32_ep_info' structure, which is passed over to the SPD.
The build system expects the dispatcher to be passed as an input
parameter using the 'SPD=<dispatcher>' option. The Tegra docs have
also been updated with this information.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Varun Wadekar
committed
on 11 Jun 2015
|
| 2015-06-09 |
Merge pull request #314 from sandrine-bailleux/sb/css-data-structs
...
Clarify some CSS data structures
danh-arm
committed
on 9 Jun 2015
|
Merge pull request #312 from jcastillo-arm/jc/tf-issues/308
...
Fix build option 'ARM_TSP_RAM_LOCATION' in user guide
danh-arm
committed
on 9 Jun 2015
|
CSS: Remove the constants MHU_SECURE_BASE/SIZE
...
For CSS based platforms, the constants MHU_SECURE_BASE and
MHU_SECURE_SIZE used to define the extents of the Trusted Mailboxes.
As such, they were misnamed because the mailboxes are completely
unrelated to the MHU hardware.
This patch removes the MHU_SECURE_BASE and MHU_SECURE_SIZE #defines.
The address of the Trusted Mailboxes is now relative to the base of
the Trusted SRAM.
This patch also introduces a new constant, SCP_COM_SHARED_MEM_BASE,
which is the address of the first memory region used for communication
between AP and SCP. This is used by the BOM and SCPI protocols.
Change-Id: Ib200f057b19816bf05e834d111271c3ea777291f
Sandrine Bailleux
committed
on 9 Jun 2015
|
CSS: Clarify what the SCP boot config is
...
Add a comment explaining what the SCP boot configuration information
is on CSS based platforms like Juno. Also express its address
relatively to the base of the Trusted SRAM rather than hard-coding it.
Change-Id: I82cf708a284c8b8212933074ea8c37bdf48b403b
Sandrine Bailleux
committed
on 9 Jun 2015
|
| 2015-06-08 |
Fix build option 'ARM_TSP_RAM_LOCATION' in user guide
...
The 'ARM_TSP_RAM_LOCATION_ID' option specified in the user guide
corresponds to the internal definition not visible to the final
user. The proper build option is 'ARM_TSP_RAM_LOCATION'. This
patch fixes it.
Fixes ARM-software/tf-issues#308
Change-Id: Ica8cb72c0c5e8b3503f60b5357d16698e869b1bd
Juan Castillo
committed
on 8 Jun 2015
|
| 2015-06-05 |
Merge pull request #309 from soby-mathew/sm/fix_fvp_get_entry
...
FVP: Correct the PSYSR_WK bit width in platform_get_entrypoint
danh-arm
committed
on 5 Jun 2015
|
| 2015-06-04 |
Introduce PROGRAMMABLE_RESET_ADDRESS build option
...
This patch introduces a new platform build option, called
PROGRAMMABLE_RESET_ADDRESS, which tells whether the platform has
a programmable or fixed reset vector address.
If the reset vector address is fixed then the code relies on the
platform_get_entrypoint() mailbox mechanism to figure out where
it is supposed to jump. On the other hand, if it is programmable
then it is assumed that the platform code will program directly
the right address into the RVBAR register (instead of using the
mailbox redirection) so the mailbox is ignored in this case.
Change-Id: If59c3b11fb1f692976e1d8b96c7e2da0ebfba308
Sandrine Bailleux
committed
on 4 Jun 2015
|
Rationalize reset handling code
...
The attempt to run the CPU reset code as soon as possible after reset
results in highly complex conditional code relating to the
RESET_TO_BL31 option.
This patch relaxes this requirement a little. In the BL1, BL3-1 and
PSCI entrypoints code, the sequence of operations is now as follows:
1) Detect whether it is a cold or warm boot;
2) For cold boot, detect whether it is the primary or a secondary
CPU. This is needed to handle multiple CPUs entering cold reset
simultaneously;
3) Run the CPU init code.
This patch also abstracts the EL3 registers initialisation done by
the BL1, BL3-1 and PSCI entrypoints into common code.
This improves code re-use and consolidates the code flows for
different types of systems.
NOTE: THE FUNCTION plat_secondary_cold_boot() IS NOW EXPECTED TO
NEVER RETURN. THIS PATCH FORCES PLATFORM PORTS THAT RELIED ON THE
FORMER RETRY LOOP AT THE CALL SITE TO MODIFY THEIR IMPLEMENTATION.
OTHERWISE, SECONDARY CPUS WILL PANIC.
Change-Id: If5ecd74d75bee700b1bd718d23d7556b8f863546
Sandrine Bailleux
committed
on 4 Jun 2015
|
