2020-02-24 |
Read-only xlat tables for BL31 memory
...
This patch introduces a build flag which allows the xlat tables
to be mapped in a read-only region within BL31 memory. It makes it
much harder for someone who has acquired the ability to write to
arbitrary secure memory addresses to gain control of the
translation tables.
The memory attributes of the descriptors describing the tables
themselves are changed to read-only secure data. This change
happens at the end of BL31 runtime setup. Until this point, the
tables have read-write permissions. This gives a window of
opportunity for changes to be made to the tables with the MMU on
(e.g. reclaiming init code). No changes can be made to the tables
with the MMU turned on from this point onwards. This change is also
enabled for sp_min and tspd.
To make all this possible, the base table was moved to .rodata. The
penalty we pay is that now .rodata must be aligned to the size of
the base table (512B alignment). Still, this is better than putting
the base table with the higher level tables in the xlat_table
section, as that would cost us a full 4KB page.
Changing the tables from read-write to read-only cannot be done with
the MMU on, as the break-before-make sequence would invalidate the
descriptor which resolves the level 3 page table where that very
descriptor is located. This would make the translation required for
writing the changes impossible, generating an MMU fault.
The caches are also flushed.
Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>
Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
Petre-Ionut Tudor
committed
on 24 Feb 2020
|
2020-02-04 |
Merge "Coverity: remove unnecessary header file includes" into integration
Mark Dykes
authored
on 4 Feb 2020
TrustedFirmware Code Review
committed
on 4 Feb 2020
|
Coverity: remove unnecessary header file includes
...
This patch removes unnecessary header file includes
discovered by Coverity HFA option.
Change-Id: I2827c37c1c24866c87db0e206e681900545925d4
Signed-off-by: Zelalem <zelalem.aweke@arm.com>
Zelalem
committed
on 4 Feb 2020
|
2020-01-27 |
plat/arm: Add support for SEPARATE_NOBITS_REGION
...
In order to support SEPARATE_NOBITS_REGION for Arm platforms, we need to load
BL31 PROGBITS into secure DRAM space and BL31 NOBITS into SRAM. Hence mandate
the build to require that ARM_BL31_IN_DRAM is enabled as well.
Naturally with SEPARATE_NOBITS_REGION enabled, the BL31 initialization code
cannot be reclaimed to be used for runtime data such as secondary cpu stacks.
Memory map for BL31 NOBITS region also has to be created.
Change-Id: Ibbc8c9499a32e63fd0957a6e254608fbf6fa90c9
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Madhukar Pappireddy
committed
on 27 Jan 2020
|
2020-01-23 |
Revert "plat/arm: Add support for SEPARATE_NOBITS_REGION"
...
This reverts commit d433bbd .
Change-Id: I46c69dce704a1ce1b50452dd4d62425c4a67f7f0
Mark Dykes
committed
on 23 Jan 2020
|
2020-01-21 |
plat/arm: Add support for SEPARATE_NOBITS_REGION
...
In order to support SEPARATE_NOBITS_REGION for Arm platforms, we need to load
BL31 PROGBITS into secure DRAM space and BL31 NOBITS into SRAM. Hence mandate
the build to require that ARM_BL31_IN_DRAM is enabled as well.
Naturally with SEPARATE_NOBITS_REGION enabled, the BL31 initialization code
cannot be reclaimed to be used for runtime data such as secondary cpu stacks.
Memory map for BL31 NOBITS region also has to be created.
Change-Id: Ibd480f82c1dc74e9cbb54eec07d7a8fecbf25433
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Madhukar Pappireddy
committed
on 21 Jan 2020
|
2019-12-18 |
debugfs: add SMC channel
...
Provide an SMC interface to the 9p filesystem. This permits
accessing firmware drivers through a common interface, using
standardized read/write/control operations.
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I9314662314bb060f6bc02714476574da158b2a7d
Ambroise Vincent
authored
on 12 Jul 2019
Olivier Deprez
committed
on 18 Dec 2019
|
2019-06-28 |
Remove MULTI_CONSOLE_API flag and references to it
...
The new API becomes the default one.
Change-Id: Ic1d602da3dff4f4ebbcc158b885295c902a24fec
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Ambroise Vincent
committed
on 28 Jun 2019
|
2019-01-25 |
plat/arm: Sanitise includes
...
Use full include paths like it is done for common includes.
This cleanup was started in commit d40e0e08283a ("Sanitise includes
across codebase"), but it only cleaned common files and drivers. This
patch does the same to Arm platforms.
Change-Id: If982e6450bbe84dceb56d464e282bcf5d6d9ab9b
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 25 Jan 2019
|
2019-01-15 |
plat/arm: Fix header dependencies
...
From now on, platform_def.h must include any header with definitions that
are platform-specific (like arm_def.h) and the included headers mustn't
include back platform_def.h, and shouldn't be used by other files. Only
platform_def.h should be included in other files. This will ensure that all
needed definitions are present, rather than needing to include all the
headers in all the definitions' headers just in case.
This also prevents problems like cyclic dependencies.
Change-Id: I9d3cf4d1de4b956fa035c79545222697acdaf5ca
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 15 Jan 2019
|
2019-01-04 |
Sanitise includes across codebase
...
Enforce full include path for includes. Deprecate old paths.
The following folders inside include/lib have been left unchanged:
- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}
The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).
For example, this patch had to be created because two headers were
called the same way: e0ea0928d5b7 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3a282 ("drivers: add tzc380 support").
This problem was introduced in commit 4ecca33988b9 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.
Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.
Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 4 Jan 2019
|
2018-10-29 |
FVP: Enable PIE for RESET_TO_BL31=1
...
This patch enabled PIE for FVP when RESET_TO_BL31=1. The references
to BL31_BASE are replaced by BL31_START as being a symbol exported by
the linker, will create a dynamic relocation entry in .rela.dyn and
hence will be fixed up by dynamic linker at runtime. Also, we disable
RECLAIM_INIT_CODE when PIE is enabled as the init section overlay
creates some static relocations which cannot be handled by the
dynamic linker currently.
Change-Id: I86df1b0a8b2a8bbbe7c3f3c0b9a08c86c2963ec0
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 29 Oct 2018
|
2018-10-26 |
Convert arm_setup_page_tables into a generic helper
...
This function is not related to Arm platforms and can be reused by other
platforms if needed.
Change-Id: Ia9c328ce57ce7e917b825a9e09a42b0abb1a53e8
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Roberto Vargas
authored
on 19 Oct 2018
Antonio Nino Diaz
committed
on 26 Oct 2018
|
xlat: Fix compatibility between v1 and v2
...
There are several platforms using arm_setup_page_tables(), which is
supposed to be Arm platform only. This creates several dependency
problems between platforms.
This patch adds the definition XLAT_TABLES_LIB_V2 to the xlat tables lib
v2 makefile. This way it is possible to detect from C code which version
is being used and include the correct header.
The file arm_xlat_tables.h has been renamed to xlat_tables_compat.h and
moved to a common folder. This way, when in doubt, this header can be
used to guarantee compatibility, as it includes the correct header based
on XLAT_TABLES_LIB_V2.
This patch also removes the usage of ARM_XLAT_TABLES_V1 from QEMU (so
that is now locked in xlat lib v2) and ZynqMP (where it was added as a
workaround).
Change-Id: Ie1e22a23b44c549603d1402a237a70d0120d3e04
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 26 Oct 2018
|
2018-10-10 |
Replace S-EL3 references by EL3
...
The "Secure" prefix (S-ELx) is valid only for S-EL0 and S-EL1 but is
meaningless for EL3, since EL3 is always secure. Hence, the "S" prefix
has been removed from wherever it was used as "S-EL3".
Change-Id: Icdeac9506d763f9f83d7297c7113aec7b85e9dbe
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
John Tsichritzis
committed
on 10 Oct 2018
|
2018-10-03 |
FVP: Reclaim init code for the stack
...
Map the initialization code for BL31 to overlap with the memory
required for the secondary cores stack. Once BL31 has been
initialized the memory can be remapped to RW data so that it can
be used for secondary cores stacks. By moving code from .text to
.text.init the size of the BL31 image is decreased by a page.
Split arm_common.ld.S into two linker scripts, one for tzc_dram
(arm_tzc_dram.ld.S) and one for reclaiming initialization code
(arm_reclaim_init.ld.S) so that platforms can chose which memory
regions they wish to include.
Change-Id: I648e88f3eda1aa71765744cf34343ecda9320b32
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Daniel Boulby
authored
on 18 Sep 2018
Antonio Nino Diaz
committed
on 3 Oct 2018
|
plat/arm: Mark arm platform initialization functions
...
Mark the initialization functions found in the BL31 boot sequence
as __init so they can be reclaimed when no longer needed.
Change-Id: I687a89346419c7710ef5097feaa325d83c527697
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Daniel Boulby
authored
on 18 Sep 2018
Antonio Nino Diaz
committed
on 3 Oct 2018
|
Remove unused ROMLIB memory region macro
...
Remove ARM_MAP_BL_ROMLIB memory region macro as it is now split
into two regions for code and data
Change-Id: Ic17b5b584933c196db29fe83051d7e0a8e92911c
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Daniel Boulby
authored
on 19 Sep 2018
Antonio Nino Diaz
committed
on 3 Oct 2018
|
2018-09-28 |
plat/arm: Migrate to new interfaces
...
- Remove references to removed build options.
- Remove support for legacy GIC driver.
- Remove support for LOAD_IMAGE_V2=0.
Change-Id: I72f8c05620bdf4a682765e6e53e2c04ca749a3d5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 28 Sep 2018
|
2018-08-30 |
Fix MISRA defects in BL31 common code
...
Change-Id: I5993b425445ee794e6d2a792c244c0af53640655
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 30 Aug 2018
|
2018-08-06 |
Add librom support in FVP
...
Change-Id: Idb9ba3864d6de3053260724f07172fd32c1523e0
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas
committed
on 6 Aug 2018
|
2018-08-01 |
Fix build for SEPARATE_CODE_AND_RODATA=0
...
TF won't build since no memory region is specified
for when SEPARATE_CODE_AND_RODATA=0 it still relies on
the ARM_MAP_BL_RO_DATA region which is never defined for
this case. Create memory region combining code and RO data for
when the build flag SEPARATE_CODE_AND_RODATA=0 to fix this
Change-Id: I6c129eb0833497710cce55e76b8908ce03e0a638
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Daniel Boulby
committed
on 1 Aug 2018
|
2018-07-25 |
Merge pull request #1472 from danielboulby-arm/db/Reclaim
...
Rework page table setup for varying number of mem regions
danh-arm
authored
on 25 Jul 2018
GitHub
committed
on 25 Jul 2018
|
2018-07-24 |
Rework page table setup for varying number of mem regions
...
Change arm_setup_page_tables() to take a variable number of memory
regions. Remove coherent memory region from BL1, BL2 and BL2U as
their coherent memory region doesn't contain anything and
therefore has a size of 0. Add check to ensure this
doesn't change without us knowing.
Change-Id: I790054e3b20b056dda1043a4a67bd7ac2d6a3bc0
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Daniel Boulby
committed
on 24 Jul 2018
|
2018-07-11 |
Fix some violations to MISRA rule 8.3
...
Wherever we use 'struct foo' and 'foo_t' interchangeably in a
function's declaration and definition, use 'struct foo' consistently
for both, as per the TF-A coding guidelines [1].
[1] https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Coding-Guidelines#avoid-anonymous-typedefs-of-structsenums-in-header-files
Change-Id: I7998eb24a26746e87e9b6425529926406745b721
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Sandrine Bailleux
committed
on 11 Jul 2018
|
2018-06-19 |
plat/arm: Migrate AArch64 port to the multi console driver
...
The old API is deprecated and will eventually be removed.
Arm platforms now use the multi console driver for boot and runtime
consoles. However, the crash console uses the direct console API because
it doesn't need any memory access to work. This makes it more robust
during crashes.
The AArch32 port of the Trusted Firmware doesn't support this new API
yet, so it is only enabled in AArch64 builds. Because of this, the
common code must maintain compatibility with both systems. SP_MIN
doesn't have to be updated because it's only used in AArch32 builds.
The TSP is only used in AArch64, so it only needs to support the new
API without keeping support for the old one.
Special care must be taken because of PSCI_SYSTEM_SUSPEND. In Juno, this
causes the UARTs to reset (except for the one used by the TSP). This
means that they must be unregistered when suspending and re-registered
when resuming. This wasn't a problem with the old driver because it just
restarted the UART, and there were no problems associated with
registering and unregistering consoles.
The size reserved for BL2 has been increased.
Change-Id: Icefd117dd1eb9c498921181a21318c2d2435c441
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 19 Jun 2018
|
2018-06-07 |
ARM platforms: Move BL31 below BL2 to enable BL2 overlay
...
The patch changes the layout of BL images in memory to enable
more efficient use of available space. Previously BL31 was loaded
with the expectation that BL2 memory would be reclaimed by BL32
loaded in SRAM. But with increasing memory requirements in the
firmware, we can no longer fit BL32 in SRAM anymore which means the
BL2 memory is not reclaimed by any runtime image. Positioning BL2
below BL1-RW and above BL31 means that the BL31 NOBITS can be
overlaid on BL2 and BL1-RW.
This patch also propogates the same memory layout to BL32 for AArch32
mode. The reset addresses for the following configurations are also
changed :
* When RESET_TO_SP_MIN=1 for BL32 in AArch32 mode
* When BL2_AT_EL3=1 for BL2
The restriction on BL31 to be only in DRAM when SPM is enabled
is now removed with this change. The update to the firmware design
guide for the BL memory layout is done in the following patch.
Change-Id: Icca438e257abe3e4f5a8215f945b9c3f9fbf29c9
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 7 Jun 2018
|
2018-05-16 |
Merge pull request #1381 from antonio-nino-diaz-arm/an/kernel-boot
...
plat/arm: Introduce ARM_LINUX_KERNEL_AS_BL33 build option
Dimitris Papastamos
authored
on 16 May 2018
GitHub
committed
on 16 May 2018
|
2018-05-15 |
Merge pull request #1373 from jeenu-arm/ras-support
...
RAS support
Dimitris Papastamos
authored
on 15 May 2018
GitHub
committed
on 15 May 2018
|
Revert "plat/arm: Migrate AArch64 port to the multi console driver"
...
This reverts commit 2f18aa1 .
It is causing some tests to fail. Until the cause is found and fixed, it
is needed to remove this commit from master.
Change-Id: Ic5ff7a841903a15613e00379e87cbbd8a0e85152
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 15 May 2018
|