2020-03-11 |
fconf: necessary modifications to support fconf in BL31 & SP_MIN
...
Necessary infrastructure added to integrate fconf framework in BL31 & SP_MIN.
Created few populator() functions which parse HW_CONFIG device tree
and registered them with fconf framework. Many of the changes are
only applicable for fvp platform.
This patch:
1. Adds necessary symbols and sections in BL31, SP_MIN linker script
2. Adds necessary memory map entry for translation in BL31, SP_MIN
3. Creates an abstraction layer for hardware configuration based on
fconf framework
4. Adds necessary changes to build flow (makefiles)
5. Minimal callback to read hw_config dtb for capturing properties
related to GIC(interrupt-controller node)
6. updates the fconf documentation
Change-Id: Ib6292071f674ef093962b9e8ba0d322b7bf919af
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Madhukar Pappireddy
committed
on 11 Mar 2020
|
2020-02-24 |
Read-only xlat tables for BL31 memory
...
This patch introduces a build flag which allows the xlat tables
to be mapped in a read-only region within BL31 memory. It makes it
much harder for someone who has acquired the ability to write to
arbitrary secure memory addresses to gain control of the
translation tables.
The memory attributes of the descriptors describing the tables
themselves are changed to read-only secure data. This change
happens at the end of BL31 runtime setup. Until this point, the
tables have read-write permissions. This gives a window of
opportunity for changes to be made to the tables with the MMU on
(e.g. reclaiming init code). No changes can be made to the tables
with the MMU turned on from this point onwards. This change is also
enabled for sp_min and tspd.
To make all this possible, the base table was moved to .rodata. The
penalty we pay is that now .rodata must be aligned to the size of
the base table (512B alignment). Still, this is better than putting
the base table with the higher level tables in the xlat_table
section, as that would cost us a full 4KB page.
Changing the tables from read-write to read-only cannot be done with
the MMU on, as the break-before-make sequence would invalidate the
descriptor which resolves the level 3 page table where that very
descriptor is located. This would make the translation required for
writing the changes impossible, generating an MMU fault.
The caches are also flushed.
Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>
Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
Petre-Ionut Tudor
committed
on 24 Feb 2020
|
2020-02-18 |
Add Matterhorn CPU lib
...
Also update copyright statements
Change-Id: Iba0305522ac0f2ddc4da99127fd773f340e67300
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Jimmy Brisson
committed
on 18 Feb 2020
|
Add CPULib for Klein Core
...
Change-Id: I686fd623b8264c85434853a2a26ecd71e9eeac01
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Jimmy Brisson
committed
on 18 Feb 2020
|
2020-02-11 |
Merge changes from topic "lm/fconf" into integration
...
* changes:
arm-io: Panic in case of io setup failure
MISRA fix: Use boolean essential type
fconf: Add documentation
fconf: Move platform io policies into fconf
fconf: Add mbedtls shared heap as property
fconf: Add TBBR disable_authentication property
fconf: Add dynamic config DTBs info as property
fconf: Populate properties from dtb during bl2 setup
fconf: Load config dtb from bl1
fconf: initial commit
Sandrine Bailleux
authored
on 11 Feb 2020
TrustedFirmware Code Review
committed
on 11 Feb 2020
|
Merge changes from topic "spmd" into integration
...
* changes:
SPMD: enable SPM dispatcher support
SPMD: hook SPMD into standard services framework
SPMD: add SPM dispatcher based upon SPCI Beta 0 spec
SPMD: add support to run BL32 in TDRAM and BL31 in secure DRAM on Arm FVP
SPMD: add support for an example SPM core manifest
SPMD: add SPCI Beta 0 specification header file
Olivier Deprez
authored
on 11 Feb 2020
TrustedFirmware Code Review
committed
on 11 Feb 2020
|
2020-02-10 |
SPMD: add support for an example SPM core manifest
...
This patch repurposes the TOS FW configuration file as the manifest for
the SPM core component which will reside at the secure EL adjacent to
EL3. The SPM dispatcher component will use the manifest to determine how
the core component must be initialised. Routines and data structure to
parse the manifest have also been added.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: Id94f8ece43b4e05609f0a1d364708a912f6203cb
Achin Gupta
authored
on 11 Oct 2019
Max Shvetsov
committed
on 10 Feb 2020
|
2020-02-07 |
fconf: Move platform io policies into fconf
...
Use the firmware configuration framework to store the io_policies
information inside the configuration device tree instead of the static
structure in the code base.
The io_policies required by BL1 can't be inside the dtb, as this one is
loaded by BL1, and only available at BL2.
This change currently only applies to FVP platform.
Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Louis Mayencourt
committed
on 7 Feb 2020
|
fconf: Add dynamic config DTBs info as property
...
This patch introduces a better separation between the trusted-boot
related properties, and the dynamic configuration DTBs loading
information.
The dynamic configuration DTBs properties are moved to a new node:
`dtb-registry`. All the sub-nodes present will be provided to the
dynamic config framework to be loaded. The node currently only contains
the already defined configuration DTBs, but can be extended for future
features if necessary.
The dynamic config framework is modified to use the abstraction provided
by the fconf framework, instead of directly accessing the DTBs.
The trusted-boot properties are kept under the "arm,tb_fw" compatible
string, but in a separate `tb_fw-config` node.
The `tb_fw-config` property of the `dtb-registry` node simply points
to the load address of `fw_config`, as the `tb_fw-config` is currently
part of the same DTB.
Change-Id: Iceb6c4c2cb92b692b6e28dbdc9fb060f1c46de82
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Louis Mayencourt
committed
on 7 Feb 2020
|
2020-02-06 |
Adds option to read ROTPK from registers for FVP
...
Enables usage of ARM_ROTPK_LOCATION=regs for FVP board.
Removes hard-coded developer keys. Instead, setting
ARM_ROTPK_LOCATION=devel_* takes keys from default directory.
In case of ROT_KEY specified - generates a new hash and replaces the
original.
Note: Juno board was tested by original feature author and was not tested
for this patch since we don't have access to the private key. Juno
implementation was moved to board-specific file without changing
functionality. It is not known whether byte-swapping is still needed
for this platform.
Change-Id: I0fdbaca0415cdcd78f3a388551c2e478c01ed986
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Max Shvetsov
committed
on 6 Feb 2020
|
2020-01-07 |
FVP: Stop reclaiming init code with Clang builds
...
The reclaim init code functionality relies on forward reference in the
linker script. The LLVM linker does not process it correctly.
Change-Id: I993aeb9587bfa07af25b60ed823a6a2c5e970c94
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Ambroise Vincent
authored
on 17 Jul 2019
Zelalem
committed
on 7 Jan 2020
|
2019-12-20 |
Merge "debugfs: add SMC channel" into integration
Mark Dykes
authored
on 20 Dec 2019
TrustedFirmware Code Review
committed
on 20 Dec 2019
|
spm: Remove SPM Alpha 1 prototype and support files
...
The Secure Partition Manager (SPM) prototype implementation is
being removed. This is preparatory work for putting in place a
dispatcher component that, in turn, enables partition managers
at S-EL2 / S-EL1.
This patch removes:
- The core service files (std_svc/spm)
- The Resource Descriptor headers (include/services)
- SPRT protocol support and service definitions
- SPCI protocol support and service definitions
Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Paul Beesley
authored
on 14 Oct 2019
Manish Pandey
committed
on 20 Dec 2019
|
Remove dependency between SPM_MM and ENABLE_SPM build flags
...
There are two different implementations of Secure Partition
management in TF-A. One is based on the "Management Mode" (MM)
design, the other is based on the Secure Partition Client Interface
(SPCI) specification. Currently there is a dependency between their
build flags that shouldn't exist, making further development
harder than it should be. This patch removes that
dependency, making the two flags function independently.
Before: ENABLE_SPM=1 is required for using either implementation.
By default, the SPCI-based implementation is enabled and
this is overridden if SPM_MM=1.
After: ENABLE_SPM=1 enables the SPCI-based implementation.
SPM_MM=1 enables the MM-based implementation.
The two build flags are mutually exclusive.
Note that the name of the ENABLE_SPM flag remains a bit
ambiguous - this will be improved in a subsequent patch. For this
patch the intention was to leave the name as-is so that it is
easier to track the changes that were made.
Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Paul Beesley
authored
on 16 Sep 2019
Manish Pandey
committed
on 20 Dec 2019
|
2019-12-18 |
debugfs: add SMC channel
...
Provide an SMC interface to the 9p filesystem. This permits
accessing firmware drivers through a common interface, using
standardized read/write/control operations.
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I9314662314bb060f6bc02714476574da158b2a7d
Ambroise Vincent
authored
on 12 Jul 2019
Olivier Deprez
committed
on 18 Dec 2019
|
2019-11-07 |
plat/arm: Re-enable PIE when RESET_TO_BL31=1
...
Earlier PIE support was enabled for all arm platforms when
RESET_TO_BL31=1, but later on it was restricted only to FVP with patch
SHA d4580d17 because of n1sdp platform.
Now it has been verified that PIE does work for n1sdp platform also, so
enabling it again for all arm platforms.
Change-Id: I05ad4f1775ef72e7cb578ec9245cde3fbce971a5
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Manish Pandey
committed
on 7 Nov 2019
|
2019-10-03 |
Introducing support for Cortex-A65AE
...
Change-Id: I1ea2bf088f1e001cdbd377cbfb7c6a2866af0422
Signed-off-by: Imre Kis <imre.kis@arm.com>
Imre Kis
committed
on 3 Oct 2019
|
2019-10-02 |
Introducing support for Cortex-A65
...
Change-Id: I645442d52a295706948e2cac88c36c1a3cb0bc47
Signed-off-by: Imre Kis <imre.kis@arm.com>
Imre Kis
committed
on 2 Oct 2019
|
2019-09-30 |
Cortex_hercules: Add support for Hercules-AE
...
Not tested on FVP Model.
Change-Id: Iedebc5c1fbc7ea577e94142b7feafa5546f1f4f9
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Artsem Artsemenka
committed
on 30 Sep 2019
|
2019-09-11 |
Modify FVP makefile for cores that support both AArch64/32
...
Some cores support only AArch64 from EL1 and above, e.g. A76, N1 etc. If
TF-A is compiled with CTX_INCLUDE_AARCH32_REGS=0 so as to properly
handle those cores, only the AArch64 cores' assembly is included in the
TF-A binary. In other words, for FVP, TF-A assumes that AArch64 only
cores will never exist in the same cluster with cores that also support
AArch32.
However, A55 and A75 can be used as AArch64 only cores, despite
supporting AArch32, too. This patch enables A55 and A75 to exist in
clusters together with AArch64 cores.
Change-Id: I58750ad6c3d76ce77eb354784c2a42f2c179031d
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
John Tsichritzis
committed
on 11 Sep 2019
|
2019-08-16 |
FVP: Add Delay Timer driver to BL1 and BL31
...
SMMUv3 driver functions which are called from BL1 and BL31
currently use counter-based poll method for testing status
bits. Adding Delay Timer driver to BL1 and BL31 is required
for timeout-based implementation using timer delay functions
for SMMU and other drivers.
This patch adds new function `fvp_timer_init()` which
initialises either System level generic or SP804 timer based on
FVP_USE_SP804_TIMER build flag.
In BL2U `bl2u_early_platform_setup()` function the call to
`arm_bl2u_early_platform_setup()` (which calls
`generic_delay_timer_init()` ignoring FVP_USE_SP804_TIMER flag),
is replaced with `arm_console_boot_init()` and `fvp_timer_init()`.
Change-Id: Ifd8dcebf4019e877b9bc5641551deef77a44c0d1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Alexei Fedorov
committed
on 16 Aug 2019
|
2019-07-23 |
Merge "arm: Shorten the Firmware Update (FWU) process" into integration
Soby Mathew
authored
on 23 Jul 2019
TrustedFirmware Code Review
committed
on 23 Jul 2019
|
arm: Shorten the Firmware Update (FWU) process
...
The watchdog is configured with a default value of 256 seconds in order
to implement the Trusted Board Boot Requirements.
For the FVP and Juno platforms, the FWU process relies on a watchdog
reset. In order to automate the test of FWU, the length of this process
needs to be as short as possible. Instead of waiting for those 4 minutes
to have a reset by the watchdog, tell it to reset immediately.
There are no side effects as the value of the watchdog's load register
resets to 0xFFFFFFFF.
Tested on Juno.
Change-Id: Ib1aea80ceddc18ff1e0813a5b98dd141ba8a3ff2
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Ambroise Vincent
committed
on 23 Jul 2019
|
2019-07-16 |
Cortex_hercules: Introduce preliminary cpu support
...
Change-Id: Iab767e9937f5c6c8150953fcdc3b37e8ee83fa63
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Louis Mayencourt
committed
on 16 Jul 2019
|
2019-07-10 |
Rename Cortex-Deimos to Cortex-A77
...
Change-Id: I755e4c42242d9a052570fd1132ca3d937acadb13
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Balint Dobszay
committed
on 10 Jul 2019
|
2019-06-04 |
Apply compile-time check for AArch64-only cores
...
Some cores support only AArch64 mode. In those cores, only a limited
subset of the AArch32 system registers are implemented. Hence, if TF-A
is supposed to run on AArch64-only cores, it must be compiled with
CTX_INCLUDE_AARCH32_REGS=0.
Currently, the default settings for compiling TF-A are with the AArch32
system registers included. So, if we compile TF-A the default way and
attempt to run it on an AArch64-only core, we only get a runtime panic.
Now a compile-time check has been added to ensure that this flag has the
appropriate value when AArch64-only cores are included in the build.
Change-Id: I298ec550037fafc9347baafb056926d149197d4c
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
John Tsichritzis
committed
on 4 Jun 2019
|
2019-05-10 |
SMMUv3: Abort DMA transactions
...
For security DMA should be blocked at the SMMU by default
unless explicitly enabled for a device. SMMU is disabled
after reset with all streams bypassing the SMMU, and
abortion of all incoming transactions implements a default
deny policy on reset.
This patch also moves "bl1_platform_setup()" function from
arm_bl1_setup.c to FVP platforms' fvp_bl1_setup.c and
fvp_ve_bl1_setup.c files.
Change-Id: Ie0ffedc10219b1b884eb8af625bd4b6753749b1a
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Alexei Fedorov
committed
on 10 May 2019
|
2019-05-03 |
Add compile-time errors for HW_ASSISTED_COHERENCY flag
...
This patch fixes this issue:
https://github.com/ARM-software/tf-issues/issues/660
The introduced changes are the following:
1) Some cores implement cache coherency maintenance operation on the
hardware level. For those cores, such as - but not only - the DynamIQ
cores, it is mandatory that TF-A is compiled with the
HW_ASSISTED_COHERENCY flag. If not, the core behaviour at runtime is
unpredictable. To prevent this, compile time checks have been added and
compilation errors are generated, if needed.
2) To enable this change for FVP, a logical separation has been done for
the core libraries. A system cannot contain cores of both groups, i.e.
cores that manage coherency on hardware and cores that don't do it. As
such, depending on the HW_ASSISTED_COHERENCY flag, FVP includes the
libraries only of the relevant cores.
3) The neoverse_e1.S file has been added to the FVP sources.
Change-Id: I787d15819b2add4ec0d238249e04bf0497dc12f3
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
John Tsichritzis
committed
on 3 May 2019
|
2019-04-17 |
plat/arm: introduce wrapper functions to setup secure watchdog
...
The BL1 stage setup code for ARM platforms sets up the SP805 watchdog
controller as the secure watchdog. But not all ARM platforms use SP805
as the secure watchdog controller.
So introduce two new ARM platform code specific wrapper functions to
start and stop the secure watchdog. These functions then replace the
calls to SP805 driver in common BL1 setup code. All the ARM platforms
implement these wrapper functions by either calling into SP805 driver
or the SBSA watchdog driver.
Change-Id: I1a9a11b124cf3fac2a84f22ca40acd440a441257
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Aditya Angadi
committed
on 17 Apr 2019
|
2019-04-08 |
Add support for Cortex-A76AE CPU
...
Change-Id: I0a81f4ea94d41245cd5150de341b51fc70babffe
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Alexei Fedorov
committed
on 8 Apr 2019
|