2018-01-29 |
Implement support for SMCCC v1.1
...
SMCCC v1.1 comes with a relaxed calling convention for AArch64
callers. The caller only needs to save x0-x3 before doing an SMC
call.
This patch adds support for SMCCC_VERSION and SMCCC_ARCH_FEATURES.
Refer to "Firmware Interfaces for mitigating CVE_2017_5715 System
Software on Arm Systems"[0] for more information.
[0] https://developer.arm.com/-/media/developer/pdf/ARM%20DEN%200070A%20Firmware%20interfaces%20for%20mitigating%20CVE-2017-5715_V1.0.pdf
Change-Id: If5b1c55c17d6c5c7cb9c2c3ed355d3a91cdad0a9
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos
committed
on 29 Jan 2018
|
2018-01-15 |
Merge pull request #1219 from antonio-nino-diaz-arm/an/mm-version
...
SPM: Fix version header definitions
davidcunado-arm
authored
on 15 Jan 2018
GitHub
committed
on 15 Jan 2018
|
2018-01-10 |
SPM: Fix version header definitions
...
Rename SP_VERSION macros to MM_VERSION, which is the name used in the MM
specification [1]. Also, a few more helper macros have been added.
MM-specific definitions have been moved to their own header file.
[1] http://infocenter.arm.com/help/topic/com.arm.doc.den0060a/DEN0060A_ARM_MM_Interface_Specification.pdf
Change-Id: Ia10e48c7e81a7a1f5eeca29a5270cae740a4a88a
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 10 Jan 2018
|
2018-01-08 |
spd: tlkd: support for "NS memory ranges" function ID
...
This patch adds support to receive function ID with NS world's
memory ranges to provide the memory snapshot to TLK.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Varun Wadekar
committed
on 8 Jan 2018
|
SPM: Allow secondary CPUs to use the Secure Partition
...
The Secure Partition should be able to be used from any CPU, not just
the lead one. This patch point the secure contexts of all secondary
CPUs to the same one used by the lead CPU for the Secure Partition. This
way, they can also use it.
In order to prevent more than one CPU from using the Secure Partition at
the same time, a lock has been added.
Change-Id: Ica76373127c3626498b06c558a4874ce72201ff7
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 8 Jan 2018
|
SPM: Move initialization flag to context struct
...
Whether a Secure Partition is being initialized or not is something
related to that specific partition, so it should be saved with the
rest of the information related to it.
Change-Id: Ie8a780f70df83fb03ef9c01ba37960208d9b5319
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 8 Jan 2018
|
2017-12-12 |
SPM: Fix MM_COMMUNICATE_AARCH32/64 parameters
...
This partially reverts commit d6b532b50f8, keeping only the fixes to
the assertions. The changes related to the order of arguments passed
to the secure partition were not correct and violated the
specification of the SP_EVENT_COMPLETE SMC.
This patch also improves the MM_COMMUNICATE argument validation. The
cookie argument, as it comes from normal world, can't be trusted and thus
needs to always be validated at run time rather than using an assertion.
Also validate the communication buffer address and return
INVALID_PARAMETER if it is zero, as per the MM specification.
Fix a few typos in comments and use the "secure partition" terminology
rather than "secure payload".
Change-Id: Ice6b7b5494b729dd44611f9a93d362c55ab244f7
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Sandrine Bailleux
committed
on 12 Dec 2017
|
2017-12-10 |
Merge pull request #1187 from antonio-nino-diaz-arm/an/spm-xlat-dram
...
SPM: Move S-EL1/S-EL0 xlat tables to TZC DRAM
davidcunado-arm
authored
on 10 Dec 2017
GitHub
committed
on 10 Dec 2017
|
2017-12-09 |
Merge pull request #1184 from antonio-nino-diaz-arm/an/bl31-in-dram
...
fvp: Disable SYSTEM_SUSPEND when ARM_BL31_IN_DRAM
davidcunado-arm
authored
on 9 Dec 2017
GitHub
committed
on 9 Dec 2017
|
Merge pull request #1183 from jeenu-arm/sdei-reset-fix
...
SDEI: Fix return value of reset calls
davidcunado-arm
authored
on 9 Dec 2017
GitHub
committed
on 9 Dec 2017
|
2017-12-06 |
SPM: Move S-EL1/S-EL0 xlat tables to TZC DRAM
...
A new platform define, `PLAT_SP_IMAGE_XLAT_SECTION_NAME`, has been
introduced to select the section where the translation tables used by
the S-EL1/S-EL0 are placed.
This define has been used to move the translation tables to DRAM secured
by TrustZone.
Most of the extra needed space in BL31 when SPM is enabled is due to the
large size of the translation tables. By moving them to this memory
region we can save 44 KiB.
A new argument has been added to REGISTER_XLAT_CONTEXT2() to specify the
region where the translation tables have to be placed by the linker.
Change-Id: Ia81709b4227cb8c92601f0caf258f624c0467719
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 6 Dec 2017
|
SPM: Remove ARM platforms header from SPM common code
...
Common code mustn't include ARM platforms headers.
Change-Id: Ib6e4f5a77c2d095e6e8c3ad89c89cb1959cd3043
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 6 Dec 2017
|
SDEI: Fix return value of reset calls
...
At present, both SDEI_PRIVATE_RESET and SDEI_SHARED_RESET returns
SDEI_PENDING if they fail to unregister an event. The SDEI specification
however requires that the APIs return SDEI_EDENY in these cases. This
patch fixes the return codes for the reset APIs.
Change-Id: Ic14484c91fa8396910387196c256d1ff13d03afd
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan
committed
on 6 Dec 2017
|
2017-12-05 |
SPM: Rename SP_COMMUNICATE macros
...
Rename SP_COMMUNICATE_AARCH32/AARCH64 into MM_COMMUNICATE_AARCH32/AARCH64
to align with the MM specification [1].
[1] http://infocenter.arm.com/help/topic/com.arm.doc.den0060a/DEN0060A_ARM_MM_Interface_Specification.pdf
Change-Id: I478aa4024ace7507d14a5d366aa8e20681075b03
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Sandrine Bailleux
committed
on 5 Dec 2017
|
SPM: Rename SP_MEM_ATTR*** defines
...
The defines have been renamed to match the names used in the
documentation.
Change-Id: I2f18b65112d2db040a89d5a8522e9790c3e21628
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
authored
on 1 Dec 2017
Sandrine Bailleux
committed
on 5 Dec 2017
|
2017-11-23 |
Merge pull request #1169 from antonio-nino-diaz-arm/an/spm-fixes
...
SPM fixes
davidcunado-arm
authored
on 23 Nov 2017
GitHub
committed
on 23 Nov 2017
|
2017-11-20 |
SDEI: Assert that dynamic events have Normal priority
...
The SDEI specification requires that binding a client interrupt
dispatches SDEI Normal priority event. This means that dynamic events
can't have Critical priority. Add asserts for this.
Change-Id: I0bdd9e0e642fb2b61810cb9f4cbfbd35bba521d1
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan
committed
on 20 Nov 2017
|
SDEI: Fix security state check for explicit dispatch
...
Change-Id: Ic381ab5d03ec68c7f6e8d357ac2e2cbf0cc6b2e8
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan
committed
on 20 Nov 2017
|
2017-11-15 |
SPM: Fix SP_COMMUNICATE_AARCH32/64 parameters
...
The parameters passed to the Secure world from the Secure Partition
Manager when invoking SP_COMMUNICATE_AARCH32/64 were incorrect, as well
as the checks done on them.
Change-Id: I26e8c80cad0b83437db7aaada3d0d9add1c53a78
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 15 Nov 2017
|
SPM: Fix calculation of max page granularity
...
The code was incorrectly reading from ID_AA64PRF0_EL1 instead of
ID_AA64MMFR0_EL1 causing the supported granularity sizes returned by the
code to be wrong.
This wasn't causing any problem because it's just used to check the
alignment of the base of the buffer shared between Non-secure and Secure
worlds, and it was aligned to more than 64 KiB, which is the maximum
granularity supported by the architecture.
Change-Id: Icc0d949d9521cc0ef13afb753825c475ea62d462
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 15 Nov 2017
|
2017-11-13 |
SDEI: Fix build error with logging enabled
...
Change-Id: Iee617a3528225349b6eede2f8abb26da96640678
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan
committed
on 13 Nov 2017
|
SDEI: Add API for explicit dispatch
...
This allows for other EL3 components to schedule an SDEI event dispatch
to Normal world upon the next ERET. The API usage constrains are set out
in the SDEI dispatcher documentation.
Documentation to follow.
Change-Id: Id534bae0fd85afc94523490098c81f85c4e8f019
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan
committed
on 13 Nov 2017
|
BL31: Add SDEI dispatcher
...
The implementation currently supports only interrupt-based SDEI events,
and supports all interfaces as defined by SDEI specification version
1.0 [1].
Introduce the build option SDEI_SUPPORT to include SDEI dispatcher in
BL31.
Update user guide and porting guide. SDEI documentation to follow.
[1] http://infocenter.arm.com/help/topic/com.arm.doc.den0054a/ARM_DEN0054A_Software_Delegated_Exception_Interface.pdf
Change-Id: I758b733084e4ea3b27ac77d0259705565842241a
Co-authored-by: Yousuf A <yousuf.sait@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan
committed
on 13 Nov 2017
|
2017-11-10 |
SPM: Fix pointer to MP info in boot info struct
...
The MP info struct is placed right after the boot info struct. However,
when calculating the address of the MP info, the size of the boot info
struct was being multiplied by the size of the MP boot info. This left
a big gap of empty space between the structs.
This didn't break any code because the boot info struct has a pointer to
the MP info struct. It was just wasting space.
Change-Id: I1668e3540d9173261968f6740623549000bd48db
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 10 Nov 2017
|
2017-11-08 |
SPM: Introduce Secure Partition Manager
...
A Secure Partition is a software execution environment instantiated in
S-EL0 that can be used to implement simple management and security
services. Since S-EL0 is an unprivileged exception level, a Secure
Partition relies on privileged firmware e.g. ARM Trusted Firmware to be
granted access to system and processor resources. Essentially, it is a
software sandbox that runs under the control of privileged software in
the Secure World and accesses the following system resources:
- Memory and device regions in the system address map.
- PE system registers.
- A range of asynchronous exceptions e.g. interrupts.
- A range of synchronous exceptions e.g. SMC function identifiers.
A Secure Partition enables privileged firmware to implement only the
absolutely essential secure services in EL3 and instantiate the rest in
a partition. Since the partition executes in S-EL0, its implementation
cannot be overly complex.
The component in ARM Trusted Firmware responsible for managing a Secure
Partition is called the Secure Partition Manager (SPM). The SPM is
responsible for the following:
- Validating and allocating resources requested by a Secure Partition.
- Implementing a well defined interface that is used for initialising a
Secure Partition.
- Implementing a well defined interface that is used by the normal world
and other secure services for accessing the services exported by a
Secure Partition.
- Implementing a well defined interface that is used by a Secure
Partition to fulfil service requests.
- Instantiating the software execution environment required by a Secure
Partition to fulfil a service request.
Change-Id: I6f7862d6bba8732db5b73f54e789d717a35e802f
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Achin Gupta <achin.gupta@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 8 Nov 2017
|
spd: Use `ENABLE_ASSERTIONS` instead of `DEBUG`
...
A line in the upstream SPDs is only compiled in in `DEBUG` builds. This
line is used to help with assertions and so assertion failures can
happen in release builds with assertions enabled. Use
`ENABLE_ASSERTIONS` instead of `DEBUG`.
This bug was introduced in commit aa61368eb5, which introduced the build
option `ENABLE_ASSERTIONS`.
Change-Id: I7977df9c89c68677b00099b2a1926fa3cb0937c6
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 8 Nov 2017
|
2017-09-19 |
trusty: save/restore FPU registers in world switch
...
Currently, Trusty OS/LK implemented FPU context switch in internal
thread switch but does not implement the proper mechanism for world
switch. This commit just simply saves/restores FPU registes in world
switch to prevent FPU context from being currupted when Trusty OS uses
VFP in its applications.
It should be noted that the macro *CTX_INCLUDE_FPREGS* must be defined
in trusty.mk if Trusty OS uses VFP
Signed-off-by: Aijun Sun <aijun.sun@spreadtrum.com>
Aijun Sun
committed
on 19 Sep 2017
|
2017-08-24 |
opteed: pass device tree pointer in x2
...
Pass device tree pointer to OP-TEE in x2. bl2 is expected to fill in the
device tree pointer in args.arg3. Passing 0 means that device tree is
unavailable.
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Jens Wiklander
committed
on 24 Aug 2017
|
2017-08-09 |
Support paging function for OPTEE.
...
ARM TF need transfer information about pageable image load address
and memory limit to OPTEE. OPTEE will relocate the pageable image
to where it's needed.
The legacy OP-TEE images that do not include header information
are not affected.
Change-Id: Id057efbbc894de7c36b2209b391febea4729c455
Signed-off-by: Edison Ai <edison.ai@arm.com>
Edison Ai
committed
on 9 Aug 2017
|
2017-07-12 |
Fix order of #includes
...
This fix modifies the order of system includes to meet the ARM TF coding
standard. There are some exceptions in order to retain header groupings,
minimise changes to imported headers, and where there are headers within
the #if and #ifndef statements.
Change-Id: I65085a142ba6a83792b26efb47df1329153f1624
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
Isla Mitchell
committed
on 12 Jul 2017
|