2015-12-14 |
Remove dashes from image names: 'BL3-x' --> 'BL3x'
...
This patch removes the dash character from the image name, to
follow the image terminology in the Trusted Firmware Wiki page:
https://github.com/ARM-software/arm-trusted-firmware/wiki
Changes apply to output messages, comments and documentation.
non-ARM platform files have been left unmodified.
Change-Id: Ic2a99be4ed929d52afbeb27ac765ceffce46ed76
Juan Castillo
committed
on 14 Dec 2015
|
Replace all SCP FW (BL0, BL3-0) references
...
This patch replaces all references to the SCP Firmware (BL0, BL30,
BL3-0, bl30) with the image terminology detailed in the TF wiki
(https://github.com/ARM-software/arm-trusted-firmware/wiki):
BL0 --> SCP_BL1
BL30, BL3-0 --> SCP_BL2
bl30 --> scp_bl2
This change affects code, documentation, build system, tools and
platform ports that load SCP firmware. ARM plaforms have been
updated to the new porting API.
IMPORTANT: build option to specify the SCP FW image has changed:
BL30 --> SCP_BL2
IMPORTANT: This patch breaks compatibility for platforms that use BL2
to load SCP firmware. Affected platforms must be updated as follows:
BL30_IMAGE_ID --> SCP_BL2_IMAGE_ID
BL30_BASE --> SCP_BL2_BASE
bl2_plat_get_bl30_meminfo() --> bl2_plat_get_scp_bl2_meminfo()
bl2_plat_handle_bl30() --> bl2_plat_handle_scp_bl2()
Change-Id: I24c4c1a4f0e4b9f17c9e4929da815c4069549e58
Juan Castillo
committed
on 14 Dec 2015
|
TBB: apply TBBR naming convention to certificates and extensions
...
This patch applies the TBBR naming convention to the certificates
and the corresponding extensions defined by the CoT:
* Certificate UUID names
* Certificate identifier names
* OID names
Changes apply to:
* Generic code (variables and defines)
* The default certificate identifiers provided in the generic
code
* Build system
* ARM platforms port
* cert_create tool internal definitions
* fip_create and cert_create tools command line options
* Documentation
IMPORTANT: this change breaks the compatibility with platforms
that use TBBR. The platform will need to adapt the identifiers
and OIDs to the TBBR naming convention introduced by this patch:
Certificate UUIDs:
UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT --> UUID_TRUSTED_BOOT_FW_CERT
UUID_SCP_FIRMWARE_BL30_KEY_CERT --> UUID_SCP_FW_KEY_CERT
UUID_SCP_FIRMWARE_BL30_CERT --> UUID_SCP_FW_CONTENT_CERT
UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT --> UUID_SOC_FW_KEY_CERT
UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT --> UUID_SOC_FW_CONTENT_CERT
UUID_SECURE_PAYLOAD_BL32_KEY_CERT --> UUID_TRUSTED_OS_FW_KEY_CERT
UUID_SECURE_PAYLOAD_BL32_CERT --> UUID_TRUSTED_OS_FW_CONTENT_CERT
UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT --> UUID_NON_TRUSTED_FW_KEY_CERT
UUID_NON_TRUSTED_FIRMWARE_BL33_CERT --> UUID_NON_TRUSTED_FW_CONTENT_CERT
Certificate identifiers:
BL2_CERT_ID --> TRUSTED_BOOT_FW_CERT_ID
BL30_KEY_CERT_ID --> SCP_FW_KEY_CERT_ID
BL30_CERT_ID --> SCP_FW_CONTENT_CERT_ID
BL31_KEY_CERT_ID --> SOC_FW_KEY_CERT_ID
BL31_CERT_ID --> SOC_FW_CONTENT_CERT_ID
BL32_KEY_CERT_ID --> TRUSTED_OS_FW_KEY_CERT_ID
BL32_CERT_ID --> TRUSTED_OS_FW_CONTENT_CERT_ID
BL33_KEY_CERT_ID --> NON_TRUSTED_FW_KEY_CERT_ID
BL33_CERT_ID --> NON_TRUSTED_FW_CONTENT_CERT_ID
OIDs:
TZ_FW_NVCOUNTER_OID --> TRUSTED_FW_NVCOUNTER_OID
NTZ_FW_NVCOUNTER_OID --> NON_TRUSTED_FW_NVCOUNTER_OID
BL2_HASH_OID --> TRUSTED_BOOT_FW_HASH_OID
TZ_WORLD_PK_OID --> TRUSTED_WORLD_PK_OID
NTZ_WORLD_PK_OID --> NON_TRUSTED_WORLD_PK_OID
BL30_CONTENT_CERT_PK_OID --> SCP_FW_CONTENT_CERT_PK_OID
BL30_HASH_OID --> SCP_FW_HASH_OID
BL31_CONTENT_CERT_PK_OID --> SOC_FW_CONTENT_CERT_PK_OID
BL31_HASH_OID --> SOC_AP_FW_HASH_OID
BL32_CONTENT_CERT_PK_OID --> TRUSTED_OS_FW_CONTENT_CERT_PK_OID
BL32_HASH_OID --> TRUSTED_OS_FW_HASH_OID
BL33_CONTENT_CERT_PK_OID --> NON_TRUSTED_FW_CONTENT_CERT_PK_OID
BL33_HASH_OID --> NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID
BL2U_HASH_OID --> AP_FWU_CFG_HASH_OID
SCP_BL2U_HASH_OID --> SCP_FWU_CFG_HASH_OID
NS_BL2U_HASH_OID --> FWU_HASH_OID
Change-Id: I1e047ae046299ca913911c39ac3a6e123bd41079
Juan Castillo
committed
on 14 Dec 2015
|
2015-12-09 |
FWU: Add FWU support to `fip_create` tool
...
Firmware Update (FWU) introduces a new set of images called
SCP_BL2U, BL2U and NS_BL2U, which can be packed in a FWU FIP file.
This patch introduces new UUIDs for the Firmware Update images
and extends the 'fip'create' tool so that these new images can be
packed in a FIP file.
Change-Id: I7c60211b4f3cc265411efb131e6d3c624768f522
Yatharth Kochar
committed
on 9 Dec 2015
|
FWU: Add Generic BL2U FWU image support in BL2
...
The Firmware Update (FWU) feature needs support for an optional
secure world image, BL2U, to allow additional secure world
initialization required by FWU, for example DDR initialization.
This patch adds generic framework support to create BL2U.
NOTE: A platform makefile must supply additional `BL2U_SOURCES`
to build the bl2u target. A subsequent patch adds bl2u
support for ARM platforms.
Change-Id: If2ce036199bb40b39b7f91a9332106bcd4e25413
Yatharth Kochar
committed
on 9 Dec 2015
|
FWU: Add Generic Firmware Update framework support in BL1
...
Firmware update(a.k.a FWU) feature is part of the TBB architecture.
BL1 is responsible for carrying out the FWU process if platform
specific code detects that it is needed.
This patch adds support for FWU feature support in BL1 which is
included by enabling `TRUSTED_BOARD_BOOT` compile time flag.
This patch adds bl1_fwu.c which contains all the core operations
of FWU, which are; SMC handler, image copy, authentication, execution
and resumption. It also adds bl1.h introducing #defines for all
BL1 SMCs.
Following platform porting functions are introduced:
int bl1_plat_mem_check(uintptr_t mem_base, unsigned int mem_size,
unsigned int flags);
This function can be used to add platform specific memory checks
for the provided base/size for the given security state.
The weak definition will invoke `assert()` and return -ENOMEM.
__dead2 void bl1_plat_fwu_done(void *cookie, void *reserved);
This function can be used to initiate platform specific procedure
to mark completion of the FWU process.
The weak definition waits forever calling `wfi()`.
plat_bl1_common.c contains weak definitions for above functions.
FWU process starts when platform detects it and return the image_id
other than BL2_IMAGE_ID by using `bl1_plat_get_next_image_id()` in
`bl1_main()`.
NOTE: User MUST provide platform specific real definition for
bl1_plat_mem_check() in order to use it for Firmware update.
Change-Id: Ice189a0885d9722d9e1dd03f76cac1aceb0e25ed
Yatharth Kochar
committed
on 9 Dec 2015
|
Add descriptor based image management support in BL1
...
As of now BL1 loads and execute BL2 based on hard coded information
provided in BL1. But due to addition of support for upcoming Firmware
Update feature, BL1 now require more flexible approach to load and
run different images using information provided by the platform.
This patch adds new mechanism to load and execute images based on
platform provided image id's. BL1 now queries the platform to fetch
the image id of the next image to be loaded and executed. In order
to achieve this, a new struct image_desc_t was added which holds the
information about images, such as: ep_info and image_info.
This patch introduces following platform porting functions:
unsigned int bl1_plat_get_next_image_id(void);
This is used to identify the next image to be loaded
and executed by BL1.
struct image_desc *bl1_plat_get_image_desc(unsigned int image_id);
This is used to retrieve the image_desc for given image_id.
void bl1_plat_set_ep_info(unsigned int image_id,
struct entry_point_info *ep_info);
This function allows platforms to update ep_info for given
image_id.
The plat_bl1_common.c file provides default weak implementations of
all above functions, the `bl1_plat_get_image_desc()` always return
BL2 image descriptor, the `bl1_plat_get_next_image_id()` always return
BL2 image ID and `bl1_plat_set_ep_info()` is empty and just returns.
These functions gets compiled into all BL1 platforms by default.
Platform setup in BL1, using `bl1_platform_setup()`, is now done
_after_ the initialization of authentication module. This change
provides the opportunity to use authentication while doing the
platform setup in BL1.
In order to store secure/non-secure context, BL31 uses percpu_data[]
to store context pointer for each core. In case of BL1 only the
primary CPU will be active hence percpu_data[] is not required to
store the context pointer.
This patch introduce bl1_cpu_context[] and bl1_cpu_context_ptr[] to
store the context and context pointers respectively. It also also
re-defines cm_get_context() and cm_set_context() for BL1 in
bl1/bl1_context_mgmt.c.
BL1 now follows the BL31 pattern of using SP_EL0 for the C runtime
environment, to support resuming execution from a previously saved
context.
NOTE: THE `bl1_plat_set_bl2_ep_info()` PLATFORM PORTING FUNCTION IS
NO LONGER CALLED BY BL1 COMMON CODE. PLATFORMS THAT OVERRIDE
THIS FUNCTION MAY NEED TO IMPLEMENT `bl1_plat_set_ep_info()`
INSTEAD TO MAINTAIN EXISTING BEHAVIOUR.
Change-Id: Ieee4c124b951c2e9bc1c1013fa2073221195d881
Yatharth Kochar
committed
on 9 Dec 2015
|
Move context management code to common location
...
The upcoming Firmware Update feature needs transitioning across
Secure/Normal worlds to complete the FWU process and hence requires
context management code to perform this task.
Currently context management code is part of BL31 stage only.
This patch moves the code from (include)/bl31 to (include)/common.
Some function declarations/definitions and macros have also moved
to different files to help code sharing.
Change-Id: I3858b08aecdb76d390765ab2b099f457873f7b0c
Yatharth Kochar
committed
on 9 Dec 2015
|
Remove `RUN_IMAGE` usage as opcode passed to next EL.
...
The primary usage of `RUN_IMAGE` SMC function id, used by BL2 is to
make a request to BL1 to execute BL31. But BL2 also uses it as
opcode to check if it is allowed to execute which is not the
intended usage of `RUN_IMAGE` SMC.
This patch removes the usage of `RUN_IMAGE` as opcode passed to
next EL to check if it is allowed to execute.
Change-Id: I6aebe0415ade3f43401a4c8a323457f032673657
Yatharth Kochar
committed
on 9 Dec 2015
|
2015-11-24 |
Replace build macro WARN_DEPRECATED with ERROR_DEPRECATED
...
This patch changes the build time behaviour when using deprecated API within
Trusted Firmware. Previously the use of deprecated APIs would only trigger a
build warning (which was always treated as a build error), when
WARN_DEPRECATED = 1. Now, the use of deprecated C declarations will always
trigger a build time warning. Whether this warning is treated as error or not
is determined by the build flag ERROR_DEPRECATED which is disabled by default.
When the build flag ERROR_DEPRECATED=1, the invocation of deprecated API or
inclusion of deprecated headers will result in a build error.
Also the deprecated context management helpers in context_mgmt.c are now
conditionally compiled depending on the value of ERROR_DEPRECATED flag
so that the APIs themselves do not result in a build error when the
ERROR_DEPRECATED flag is set.
NOTE: Build systems that use the macro WARN_DEPRECATED must migrate to
using ERROR_DEPRECATED, otherwise deprecated API usage will no longer
trigger a build error.
Change-Id: I843bceef6bde979af7e9b51dddf861035ec7965a
Soby Mathew
committed
on 24 Nov 2015
|
2015-11-02 |
Introduce print_entry_point_info() function
...
This patch introduces a new function called 'print_entry_point_info'
that prints an entry_point_t structure for debugging purposes.
As such, it can be used to display the entry point address, SPSR and
arguments passed from a firmware image to the next one.
This function is now called in the following images transitions:
- BL1 to BL2
- BL1 to BL31
- BL31 to the next image (typically BL32 or BL33)
The following changes have been introduced:
- Fix the output format of the SPSR value : SPSR is a 32-bit value,
not a 64-bit one.
- Print all arguments values.
The entry_point_info_t structure allows to pass up to 8 arguments.
In most cases, only the first 2 arguments were printed.
print_entry_point_info() now prints all of them as 'VERBOSE'
traces.
Change-Id: Ieb384bffaa7849e6cb95a01a47c0b7fc2308653a
Sandrine Bailleux
committed
on 2 Nov 2015
|
2015-10-23 |
Use standard errno definitions in load_auth_image()
...
This patch replaces custom definitions used as return values for
the load_auth_image() function with standard error codes defined
in errno.h. The custom definitions have been removed.
It also replaces the usage of IO framework error custom definitions,
which have been deprecated. Standard errno definitions are used
instead.
Change-Id: I1228477346d3876151c05b470d9669c37fd231be
Juan Castillo
authored
on 1 Oct 2015
Juan Castillo
committed
on 23 Oct 2015
|
2015-09-14 |
Make generic code work in presence of system caches
...
On the ARMv8 architecture, cache maintenance operations by set/way on the last
level of integrated cache do not affect the system cache. This means that such a
flush or clean operation could result in the data being pushed out to the system
cache rather than main memory. Another CPU could access this data before it
enables its data cache or MMU. Such accesses could be serviced from the main
memory instead of the system cache. If the data in the sysem cache has not yet
been flushed or evicted to main memory then there could be a loss of
coherency. The only mechanism to guarantee that the main memory will be updated
is to use cache maintenance operations to the PoC by MVA(See section D3.4.11
(System level caches) of ARMv8-A Reference Manual (Issue A.g/ARM DDI0487A.G).
This patch removes the reliance of Trusted Firmware on the flush by set/way
operation to ensure visibility of data in the main memory. Cache maintenance
operations by MVA are now used instead. The following are the broad category of
changes:
1. The RW areas of BL2/BL31/BL32 are invalidated by MVA before the C runtime is
initialised. This ensures that any stale cache lines at any level of cache
are removed.
2. Updates to global data in runtime firmware (BL31) by the primary CPU are made
visible to secondary CPUs using a cache clean operation by MVA.
3. Cache maintenance by set/way operations are only used prior to power down.
NOTE: NON-UPSTREAM TRUSTED FIRMWARE CODE SHOULD MAKE EQUIVALENT CHANGES IN
ORDER TO FUNCTION CORRECTLY ON PLATFORMS WITH SUPPORT FOR SYSTEM CACHES.
Fixes ARM-software/tf-issues#205
Change-Id: I64f1b398de0432813a0e0881d70f8337681f6e9a
Achin Gupta
committed
on 14 Sep 2015
|
2015-09-02 |
Ensure BL2 security state is secure
...
BL2 loads secure runtime code(BL3-1, BL3-2) and hence it has to
run in secure world otherwise BL3-1/BL3-2 have to execute from
non-secure memory. Hence, This patch removes the change_security_state()
call in bl1_run_bl2() and replaces it with an assert to confirm
the BL2 as secure.
Fixes ARM-software/tf-issues#314
Change-Id: I611b83f5c4090e58a76a2e950b0d797b46df3c29
Vikram Kanigiri
committed
on 2 Sep 2015
|
2015-08-21 |
Merge pull request #368 from jcastillo-arm/jc/genfw/1126
...
TBB: abort boot if BL3-2 cannot be authenticated
danh-arm
committed
on 21 Aug 2015
|
2015-08-20 |
TBB: abort boot if BL3-2 cannot be authenticated
...
BL3-2 image (Secure Payload) is optional. If the image cannot be
loaded a warning message is printed and the boot process continues.
According to the TBBR document, this behaviour should not apply in
case of an authentication error, where the boot process should be
aborted.
This patch modifies the load_auth_image() function to distinguish
between a load error and an authentication error. The caller uses
the return value to abort the boot process or continue.
In case of authentication error, the memory region used to store
the image is wiped clean.
Change-Id: I534391d526d514b2a85981c3dda00de67e0e7992
Juan Castillo
committed
on 20 Aug 2015
|
2015-08-13 |
PSCI: Add documentation and fix plat_is_my_cpu_primary()
...
This patch adds the necessary documentation updates to porting_guide.md
for the changes in the platform interface mandated as a result of the new
PSCI Topology and power state management frameworks. It also adds a
new document `platform-migration-guide.md` to aid the migration of existing
platform ports to the new API.
The patch fixes the implementation and callers of
plat_is_my_cpu_primary() to use w0 as the return parameter as implied by
the function signature rather than x0 which was used previously.
Change-Id: Ic11e73019188c8ba2bd64c47e1729ff5acdcdd5b
Soby Mathew
authored
on 8 Jun 2015
Achin Gupta
committed
on 13 Aug 2015
|
PSCI: Migrate TF to the new platform API and CM helpers
...
This patch migrates the rest of Trusted Firmware excluding Secure Payload and
the dispatchers to the new platform and context management API. The per-cpu
data framework APIs which took MPIDRs as their arguments are deleted and only
the ones which take core index as parameter are retained.
Change-Id: I839d05ad995df34d2163a1cfed6baa768a5a595d
Soby Mathew
authored
on 13 Jul 2015
Achin Gupta
committed
on 13 Aug 2015
|
PSCI: Add deprecated API for SPD when compatibility is disabled
...
This patch defines deprecated platform APIs to enable Trusted
Firmware components like Secure Payload and their dispatchers(SPD)
to continue to build and run when platform compatibility is disabled.
This decouples the migration of platform ports to the new platform API
from SPD and enables them to be migrated independently. The deprecated
platform APIs defined in this patch are : platform_get_core_pos(),
platform_get_stack() and platform_set_stack().
The patch also deprecates MPIDR based context management helpers like
cm_get_context_by_mpidr(), cm_set_context_by_mpidr() and cm_init_context().
A mechanism to deprecate APIs and identify callers of these APIs during
build is introduced, which is controlled by the build flag WARN_DEPRECATED.
If WARN_DEPRECATED is defined to 1, the users of the deprecated APIs will be
flagged either as a link error for assembly files or compile time warning
for C files during build.
Change-Id: Ib72c7d5dc956e1a74d2294a939205b200f055613
Soby Mathew
authored
on 13 Jul 2015
Achin Gupta
committed
on 13 Aug 2015
|
PSCI: Switch to the new PSCI frameworks
...
This commit does the switch to the new PSCI framework implementation replacing
the existing files in PSCI folder with the ones in PSCI1.0 folder. The
corresponding makefiles are modified as required for the new implementation.
The platform.h header file is also is switched to the new one
as required by the new frameworks. The build flag ENABLE_PLAT_COMPAT defaults
to 1 to enable compatibility layer which let the existing platform ports to
continue to build and run with minimal changes.
The default weak implementation of platform_get_core_pos() is now removed from
platform_helpers.S and is provided by the compatibility layer.
Note: The Secure Payloads and their dispatchers still use the old platform
and framework APIs and hence it is expected that the ENABLE_PLAT_COMPAT build
flag will remain enabled in subsequent patch. The compatibility for SPDs using
the older APIs on platforms migrated to the new APIs will be added in the
following patch.
Change-Id: I18c51b3a085b564aa05fdd98d11c9f3335712719
Soby Mathew
authored
on 13 Jul 2015
Achin Gupta
committed
on 13 Aug 2015
|
PSCI: Introduce new platform and CM helper APIs
...
This patch introduces new platform APIs and context management helper APIs
to support the new topology framework based on linear core position. This
framework will be introduced in the follwoing patch and it removes the
assumption that the MPIDR based affinity levels map directly to levels
in a power domain tree. The new platforms APIs and context management
helpers based on core position are as described below:
* plat_my_core_pos() and plat_core_pos_by_mpidr()
These 2 new mandatory platform APIs are meant to replace the existing
'platform_get_core_pos()' API. The 'plat_my_core_pos()' API returns the
linear index of the calling core and 'plat_core_pos_by_mpidr()' returns
the linear index of a core specified by its MPIDR. The latter API will also
validate the MPIDR passed as an argument and will return an error code (-1)
if an invalid MPIDR is passed as the argument. This enables the caller to
safely convert an MPIDR of another core to its linear index without querying
the PSCI topology tree e.g. during a call to PSCI CPU_ON.
Since the 'plat_core_pos_by_mpidr()' API verifies an MPIDR, which is always
platform specific, it is no longer possible to maintain a default implementation
of this API. Also it might not be possible for a platform port to verify an
MPIDR before the C runtime has been setup or the topology has been initialized.
This would prevent 'plat_core_pos_by_mpidr()' from being callable prior to
topology setup. As a result, the generic Trusted Firmware code does not call
this API before the topology setup has been done.
The 'plat_my_core_pos' API should be able to run without a C runtime.
Since this API needs to return a core position which is equal to the one
returned by 'plat_core_pos_by_mpidr()' API for the corresponding MPIDR,
this too cannot have default implementation and is a mandatory API for
platform ports. These APIs will be implemented by the ARM reference platform
ports later in the patch stack.
* plat_get_my_stack() and plat_set_my_stack()
These APIs are the stack management APIs which set/return stack addresses
appropriate for the calling core. These replace the 'platform_get_stack()' and
'platform_set_stack()' APIs. A default weak MP version and a global UP version
of these APIs are provided for the platforms.
* Context management helpers based on linear core position
A set of new context management(CM) helpers viz cm_get_context_by_index(),
cm_set_context_by_index(), cm_init_my_context() and cm_init_context_by_index()
are defined which are meant to replace the old helpers which took MPIDR
as argument. The old CM helpers are implemented based on the new helpers to
allow for code consolidation and will be deprecated once the switch to the new
framework is done.
Change-Id: I89758632b370c2812973a4b2efdd9b81a41f9b69
Soby Mathew
authored
on 9 Apr 2015
Achin Gupta
committed
on 13 Aug 2015
|
2015-06-25 |
TBB: switch to the new authentication framework
...
This patch modifies the Trusted Board Boot implementation to use
the new authentication framework, making use of the authentication
module, the cryto module and the image parser module to
authenticate the images in the Chain of Trust.
A new function 'load_auth_image()' has been implemented. When TBB
is enabled, this function will call the authentication module to
authenticate parent images following the CoT up to the root of
trust to finally load and authenticate the requested image.
The platform is responsible for picking up the right makefiles to
build the corresponding cryptographic and image parser libraries.
ARM platforms use the mbedTLS based libraries.
The platform may also specify what key algorithm should be used
to sign the certificates. This is done by declaring the 'KEY_ALG'
variable in the platform makefile. FVP and Juno use ECDSA keys.
On ARM platforms, BL2 and BL1-RW regions have been increased 4KB
each to accommodate the ECDSA code.
REMOVED BUILD OPTIONS:
* 'AUTH_MOD'
Change-Id: I47d436589fc213a39edf5f5297bbd955f15ae867
Juan Castillo
committed
on 25 Jun 2015
|
TBB: add TBBR Chain of Trust
...
This patch adds a CoT based on the Trusted Board Boot Requirements
document*. The CoT consists of an array of authentication image
descriptors indexed by the image identifiers.
A new header file with TBBR image identifiers has been added.
Platforms that use the TBBR (i.e. ARM platforms) may reuse these
definitions as part of their platform porting.
PLATFORM PORT - IMPORTANT:
Default image IDs have been removed from the platform common
definitions file (common_def.h). As a consequence, platforms that
used those common definitons must now either include the IDs
provided by the TBBR header file or define their own IDs.
*The NVCounter authentication method has not been implemented yet.
Change-Id: I7c4d591863ef53bb0cd4ce6c52a60b06fa0102d5
Juan Castillo
committed
on 25 Jun 2015
|
Use numbers to identify images instead of names
...
The Trusted firmware code identifies BL images by name. The platform
port defines a name for each image e.g. the IO framework uses this
mechanism in the platform function plat_get_image_source(). For
a given image name, it returns the handle to the image file which
involves comparing images names. In addition, if the image is
packaged in a FIP, a name comparison is required to find the UUID
for the image. This method is not optimal.
This patch changes the interface between the generic and platform
code with regard to identifying images. The platform port must now
allocate a unique number (ID) for every image. The generic code will
use the image ID instead of the name to access its attributes.
As a result, the plat_get_image_source() function now takes an image
ID as an input parameter. The organisation of data structures within
the IO framework has been rationalised to use an image ID as an index
into an array which contains attributes of the image such as UUID and
name. This prevents the name comparisons.
A new type 'io_uuid_spec_t' has been introduced in the IO framework
to specify images identified by UUID (i.e. when the image is contained
in a FIP file). There is no longer need to maintain a look-up table
[iname_name --> uuid] in the io_fip driver code.
Because image names are no longer mandatory in the platform port, the
debug messages in the generic code will show the image identifier
instead of the file name. The platforms that support semihosting to
load images (i.e. FVP) must provide the file names as definitions
private to the platform.
The ARM platform ports and documentation have been updated accordingly.
All ARM platforms reuse the image IDs defined in the platform common
code. These IDs will be used to access other attributes of an image in
subsequent patches.
IMPORTANT: applying this patch breaks compatibility for platforms that
use TF BL1 or BL2 images or the image loading code. The platform port
must be updated to match the new interface.
Change-Id: I9c1b04cb1a0684c6ee65dee66146dd6731751ea5
Juan Castillo
committed
on 25 Jun 2015
|
2015-06-24 |
Bug fix: Build time condition to relocate RW data
...
This patch fixes the build time condition deciding whether the
read-write data should be relocated from ROM to RAM. It was incorrectly
using __DATA_ROM_START__, which is a linker symbol and not a compiler
build flag. As a result, the relocation code was always compiled out.
This bug has been introduced by the following patch:
"Rationalize reset handling code"
Change-Id: I1c8d49de32f791551ab4ac832bd45101d6934045
Sandrine Bailleux
committed
on 24 Jun 2015
|
2015-06-04 |
Rationalize reset handling code
...
The attempt to run the CPU reset code as soon as possible after reset
results in highly complex conditional code relating to the
RESET_TO_BL31 option.
This patch relaxes this requirement a little. In the BL1, BL3-1 and
PSCI entrypoints code, the sequence of operations is now as follows:
1) Detect whether it is a cold or warm boot;
2) For cold boot, detect whether it is the primary or a secondary
CPU. This is needed to handle multiple CPUs entering cold reset
simultaneously;
3) Run the CPU init code.
This patch also abstracts the EL3 registers initialisation done by
the BL1, BL3-1 and PSCI entrypoints into common code.
This improves code re-use and consolidates the code flows for
different types of systems.
NOTE: THE FUNCTION plat_secondary_cold_boot() IS NOW EXPECTED TO
NEVER RETURN. THIS PATCH FORCES PLATFORM PORTS THAT RELIED ON THE
FORMER RETRY LOOP AT THE CALL SITE TO MODIFY THEIR IMPLEMENTATION.
OTHERWISE, SECONDARY CPUS WILL PANIC.
Change-Id: If5ecd74d75bee700b1bd718d23d7556b8f863546
Sandrine Bailleux
committed
on 4 Jun 2015
|
Remove FIRST_RESET_HANDLER_CALL build option
...
This patch removes the FIRST_RESET_HANDLER_CALL build flag and its
use in ARM development platforms. If a different reset handling
behavior is required between the first and subsequent invocations
of the reset handling code, this should be detected at runtime.
On Juno, the platform reset handler is now always compiled in.
This means it is now executed twice on the cold boot path, first in
BL1 then in BL3-1, and it has the same behavior in both cases. It is
also executed twice on the warm boot path, first in BL1 then in the
PSCI entrypoint code.
Also update the documentation to reflect this change.
NOTE: THIS PATCH MAY FORCE PLATFORM PORTS THAT USE THE
FIRST_RESET_HANDLER_CALL BUILD OPTION TO FIX THEIR RESET HANDLER.
Change-Id: Ie5c17dbbd0932f5fa3b446efc6e590798a5beae2
Sandrine Bailleux
committed
on 4 Jun 2015
|
2015-04-28 |
Add linker symbol declarations to bl_common.h
...
Add extern declarations of linker symbols to bl_common.h. These are
used by platform ports to determine the memory layout of BL images.
Adding the declarations to this file facilitates removal of these
declarations from the platform porting source files in subsequent
patches.
Also remove the linker symbol declarations from common TSP source
code.
Change-Id: I8ed0426bc815317c4536b588e4e78bc15b4fe91c
Dan Handley
committed
on 28 Apr 2015
|
2015-04-27 |
Add header guards to asm macro files
...
Some assembly files containing macros are included like header files
into other assembly files. This will cause assembler errors if they
are included multiple times.
Add header guards to assembly macro files to avoid assembler errors.
Change-Id: Ia632e767ed7df7bf507b294982b8d730a6f8fe69
Dan Handley
committed
on 27 Apr 2015
|
2015-04-08 |
Add support to indicate size and end of assembly functions
...
In order for the symbol table in the ELF file to contain the size of
functions written in assembly, it is necessary to report it to the
assembler using the .size directive.
To fulfil the above requirements, this patch introduces an 'endfunc'
macro which contains the .endfunc and .size directives. It also adds
a .func directive to the 'func' assembler macro.
The .func/.endfunc have been used so the assembler can fail if
endfunc is omitted.
Fixes ARM-Software/tf-issues#295
Change-Id: If8cb331b03d7f38fe7e3694d4de26f1075b278fc
Signed-off-by: Kévin Petit <kevin.petit@arm.com>
Kévin Petit
committed
on 8 Apr 2015
|