2015-03-17 |
Merge pull request #269 from vikramkanigiri/vk/common-cci
...
Common driver for ARM cache coherent Interconnects
danh-arm
committed
on 17 Mar 2015
|
Merge pull request #268 from vikramkanigiri/vk/move_init_cpu_ops
...
Initialise cpu ops after enabling data cache
danh-arm
committed
on 17 Mar 2015
|
2015-03-16 |
Use ARM CCI driver on FVP and Juno platforms
...
This patch updates the FVP and Juno platform ports to use the common
driver for ARM Cache Coherent Interconnects.
Change-Id: Ib142f456b9b673600592616a2ec99e9b230d6542
Vikram Kanigiri
committed
on 16 Mar 2015
|
Common driver for ARM Cache Coherent Interconnects
...
Even though both CCI-400 and CCI-500 IPs have different configurations
with respect to the number and types of supported interfaces, their
register offsets and programming sequences are similar. This patch
creates a common driver for enabling and disabling snoop transactions
and DVMs with both the IPs.
New platform ports which implement one of these IPs should use this
common driver. Existing platform ports which implement CCI-400 should
migrate to the common driver as the standalone CCI-400 will be
deprecated in the future.
Change-Id: I3ccd0eb7b062922d2e4a374ff8c21e79fa357556
Vikram Kanigiri
committed
on 16 Mar 2015
|
Add macro to calculate number of elements in an array
...
This patch defines the ARRAY_SIZE macro for calculating number of elements
in an array and uses it where appropriate.
Change-Id: I72746a9229f0b259323972b498b9a3999731bc9b
Vikram Kanigiri
committed
on 16 Mar 2015
|
2015-03-13 |
Initialise cpu ops after enabling data cache
...
The cpu-ops pointer was initialized before enabling the data cache in the cold
and warm boot paths. This required a DCIVAC cache maintenance operation to
invalidate any stale cache lines resident in other cpus.
This patch moves this initialization to the bl31_arch_setup() function
which is always called after the data cache and MMU has been enabled.
This change removes the need:
1. for the DCIVAC cache maintenance operation.
2. to initialise the CPU ops upon resumption from a PSCI CPU_SUSPEND
call since memory contents are always preserved in this case.
Change-Id: Ibb2fa2f7460d1a1f1e721242025e382734c204c6
Vikram Kanigiri
committed
on 13 Mar 2015
|
2015-03-06 |
Enable type-checking of arguments passed to printf() et al.
...
This patch modifies the declarations of the functions printf() et al.
and adds the right GCC attribute to request the compiler to check
the type of the arguments passed to these functions against the given
format string. This will ensure that the compiler outputs warning
messages like the following whenever it detects an inconsistency:
file.c:42: warning: format ‘%d’ expects type ‘int’, but argument 3 has type ‘long int’
It also fixes the type mismatch inconsistencies that it revealed
across the code base.
NOTE: THIS PATCH MAY FORCE PLATFORM PORTS OR SP/SPDS THAT USE THE
PRINTF FAMILY OF FUNCTIONS TO FIX ANY TYPE MISMATCH INCONSISTENCIES.
Change-Id: If36bb54ec7d6dd2cb4791d89b02a24ac13fd2df6
Sandrine Bailleux
committed
on 6 Mar 2015
|
2015-02-12 |
Export maximum affinity using PLATFORM_MAX_AFFLVL macro
...
This patch removes the plat_get_max_afflvl() platform API
and instead replaces it with a platform macro PLATFORM_MAX_AFFLVL.
This is done because the maximum affinity level for a platform
is a static value and it is more efficient for it to be defined
as a platform macro.
NOTE: PLATFORM PORTS NEED TO BE UPDATED ON MERGE OF THIS COMMIT
Fixes ARM-Software/tf-issues#265
Change-Id: I31d89b30c2ccda30d28271154d869060d50df7bf
Soby Mathew
committed
on 12 Feb 2015
|
2015-01-28 |
TBB: add authentication module interface
...
This patch provides an API to access the authentication module that
will be used to verify the authenticity of the images loaded into
memory as part of the Trusted Board Boot process.
To include the authentication module as part of the build, set the
boolean build option TRUSTED_BOARD_BOOT. One single authentication
module must be registered at build time by setting the build option
AUTH_MOD=<mod_name>. All authentication modules will be located in
'common/auth/<mod_name>' and must present the <mod_name>.mk file that
will be included by the build system to compile the module sources.
To create an authentication module, an instance of auth_mod_t called
'auth_mod' must be declared in the module sources. The initialization
and verification functions provided by the module will be exported
through the function pointers specified when declaring this instance.
If an authentication module includes third party sources that do not
adhere to the C99 standard, the -pedantic option may be removed from
the build options by setting the flag DISABLE_PEDANTIC in the module
file <mod_name>.mk.
Change-Id: I080bb04bd421029bcdf22ec2c63807afbf061dcd
Juan Castillo
authored
on 13 Jan 2015
Dan Handley
committed
on 28 Jan 2015
|
stdlib: add missing features to build PolarSSL
...
This patch adds the missing features to the C library included
in the Trusted Firmware to build PolarSSL:
- strcasecmp() function
- exit() function
- sscanf()* function
- time.h header file (and its dependencies)
* NOTE: the sscanf() function is not a real implementation. It just
returns the number of expected arguments by counting the number of
'%' characters present in the formar string. This return value is
good enough for PolarSSL because during the certificate parsing
only the return value is checked. The certificate validity period
is ignored.
Change-Id: I43bb3742f26f0bd458272fccc3d72a7f2176ab3d
Juan Castillo
authored
on 17 Nov 2014
Dan Handley
committed
on 28 Jan 2015
|
TBB: add a platform specific function to validate the ROTPK
...
This patch adds the function plat_match_rotpk() to the platform
porting layer to provide a Root Of Trust Public key (ROTPK)
verification mechanism. This function is called during the
Trusted Board Boot process and receives a supposed valid copy
of the ROTPK as a parameter, usually obtained from an external
source (for instance, a certificate). It returns 0 (success) if
that key matches the actual ROTPK stored in the system or any
other value otherwise.
The mechanism to access the actual ROTPK stored in the system
is platform specific and should be implemented as part of this
function. The format of the ROTPK is also platform specific
(to save memory, some platforms might store a hash of the key
instead of the whole key).
TRUSTED_BOARD_BOOT build option has been added to allow the user
to enable the Trusted Board Boot features. The implementation of
the plat_match_rotpk() funtion is mandatory when Trusted Board
Boot is enabled.
For development purposes, FVP and Juno ports provide a dummy
function that returns always success (valid key). A safe trusted
boot implementation should provide a proper matching function.
Documentation updated accordingly.
Change-Id: I74ff12bc2b041556c48533375527d9e8c035b8c3
Juan Castillo
authored
on 7 Jan 2015
Dan Handley
committed
on 28 Jan 2015
|
TBB: add support to include certificates in a FIP image
...
This patch extends the FIP tool to include the certificates
generated by the 'cert_create' tool.
If GENERATE_COT build option is enabled, the Makefile adds the
certificates as dependencies to create the FIP file. Thus, make
target 'fip' will also build the certificates as part of the
Trusted Firmware build process.
Change-Id: I5eee500da7f7be6cfb6e3df0423599739d260074
Juan Castillo
authored
on 4 Nov 2014
Dan Handley
committed
on 28 Jan 2015
|
2015-01-26 |
Call reset handlers upon BL3-1 entry.
...
This patch adds support to call the reset_handler() function in BL3-1 in the
cold and warm boot paths when another Boot ROM reset_handler() has already run.
This means the BL1 and BL3-1 versions of the CPU and platform specific reset
handlers may execute different code to each other. This enables a developer to
perform additional actions or undo actions already performed during the first
call of the reset handlers e.g. apply additional errata workarounds.
Typically, the reset handler will be first called from the BL1 Boot ROM. Any
additional functionality can be added to the reset handler when it is called
from BL3-1 resident in RW memory. The constant FIRST_RESET_HANDLER_CALL is used
to identify whether this is the first version of the reset handler code to be
executed or an overridden version of the code.
The Cortex-A57 errata workarounds are applied only if they have not already been
applied.
Fixes ARM-software/tf-issue#275
Change-Id: Id295f106e4fda23d6736debdade2ac7f2a9a9053
Yatharth Kochar
authored
on 20 Nov 2014
Achin Gupta
committed
on 26 Jan 2015
|
Demonstrate model for routing IRQs to EL3
...
This patch provides an option to specify a interrupt routing model
where non-secure interrupts (IRQs) are routed to EL3 instead of S-EL1.
When such an interrupt occurs, the TSPD arranges a return to
the normal world after saving any necessary context. The interrupt
routing model to route IRQs to EL3 is enabled only during STD SMC
processing. Thus the pre-emption of S-EL1 is disabled during Fast SMC
and Secure Interrupt processing.
A new build option TSPD_ROUTE_NS_INT_EL3 is introduced to change
the non secure interrupt target execution level to EL3.
Fixes ARM-software/tf-issues#225
Change-Id: Ia1e779fbbb6d627091e665c73fa6315637cfdd32
Soby Mathew
committed
on 26 Jan 2015
|
Increment the PSCI VERSION to 1.0
...
This patch:
* Bumps the PSCI VERSION to 1.0. This means that
the PSCI_VERSION API will now return the value 0x00010000
to indicate the version as 1.0. The firmware remains
compatible with PSCI v0.2 clients.
* The firmware design guide is updated to document the
APIs supported by the Trusted Firmware generic code.
* The FVP Device Tree Sources (dts) and Blobs(dtb) are also
updated to add "psci-1.0" and "psci-0.2" to the list of
compatible PSCI versions.
Change-Id: Iafc2f549c92651dcd65d7e24a8aae35790d00f8a
Soby Mathew
authored
on 15 Jan 2015
Dan Handley
committed
on 26 Jan 2015
|
Implement PSCI_FEATURES API
...
This patch implements the PSCI_FEATURES function which is a mandatory
API in the PSCI 1.0 specification. A capability variable is
constructed during initialization by examining the plat_pm_ops and
spd_pm_ops exported by the platform and the Secure Payload Dispatcher.
This is used by the PSCI FEATURES function to determine which
PSCI APIs are supported by the platform.
Change-Id: I147ffc1bd5d90b469bd3cc4bbe0a20e95c247df7
Soby Mathew
authored
on 7 Jan 2015
Dan Handley
committed
on 26 Jan 2015
|
Rework the PSCI migrate APIs
...
This patch reworks the PSCI MIGRATE, MIGRATE_INFO_TYPE and
MIGRATE_INFO_UP_CPU support for Trusted Firmware. The
implementation does the appropriate validation of parameters
and invokes the appropriate hook exported by the SPD.
The TSP is a MP Trusted OS. Hence the ability to actually
migrate a Trusted OS has not been implemented. The
corresponding function is not populated in the spd_pm_hooks
structure for the TSPD.
The `spd_pm_ops_t` has undergone changes with this patch.
SPD PORTS MAY NEED TO BE UPDATED.
Fixes ARM-software/tf-issues#249
Change-Id: Iabd87521bf7c530a5e4506b6d3bfd4f1bf87604f
Soby Mathew
authored
on 23 Oct 2014
Dan Handley
committed
on 26 Jan 2015
|
2015-01-23 |
Return success if an interrupt is seen during PSCI CPU_SUSPEND
...
This patch adds support to return SUCCESS if a pending interrupt is
detected during a CPU_SUSPEND call to a power down state. The check
is performed as late as possible without losing the ability to return
to the caller. This reduces the overhead incurred by a CPU in
undergoing a complete power cycle when a wakeup interrupt is already
pending.
Fixes ARM-Software/tf-issues#102
Change-Id: I1aff04a74b704a2f529734428030d1d10750fd4b
Soby Mathew
committed
on 23 Jan 2015
|
Validate power_state and entrypoint when executing PSCI calls
...
This patch allows the platform to validate the power_state and
entrypoint information from the normal world early on in PSCI
calls so that we can return the error safely. New optional
pm_ops hooks `validate_power_state` and `validate_ns_entrypoint`
are introduced to do this.
As a result of these changes, all the other pm_ops handlers except
the PSCI_ON handler are expected to be successful. Also, the PSCI
implementation will now assert if a PSCI API is invoked without the
corresponding pm_ops handler being registered by the platform.
NOTE : PLATFORM PORTS WILL BREAK ON MERGE OF THIS COMMIT. The
pm hooks have 2 additional optional callbacks and the return type
of the other hooks have changed.
Fixes ARM-Software/tf-issues#229
Change-Id: I036bc0cff2349187c7b8b687b9ee0620aa7e24dc
Soby Mathew
committed
on 23 Jan 2015
|
Save 'power_state' early in PSCI CPU_SUSPEND call
...
This patch adds support to save the "power state" parameter before the
affinity level specific handlers are called in a CPU_SUSPEND call.
This avoids the need to pass the power_state as a parameter to the
handlers and Secure Payload Dispatcher (SPD) suspend spd_pm_ops.
The power_state arguments in the spd_pm_ops operations are now reserved
and must not be used. The SPD can query the relevant power_state fields
by using the psci_get_suspend_afflvl() & psci_get_suspend_stateid() APIs.
NOTE: THIS PATCH WILL BREAK THE SPD_PM_OPS INTERFACE. HENCE THE SECURE
PAYLOAD DISPATCHERS WILL NEED TO BE REWORKED TO USE THE NEW INTERFACE.
Change-Id: I1293d7dc8cf29cfa6a086a009eee41bcbf2f238e
Soby Mathew
committed
on 23 Jan 2015
|
Remove `ns_entrypoint` and `mpidr` from parameters in pm_ops
...
This patch removes the non-secure entry point information being passed
to the platform pm_ops which is not needed. Also, it removes the `mpidr`
parameter for platform pm hooks which are meant to do power management
operations only on the current cpu.
NOTE: PLATFORM PORTS MUST BE UPDATED AFTER MERGING THIS COMMIT.
Change-Id: If632376a990b7f3b355f910e78771884bf6b12e7
Soby Mathew
committed
on 23 Jan 2015
|
2015-01-22 |
Move bakery algorithm implementation out of coherent memory
...
This patch moves the bakery locks out of coherent memory to normal memory.
This implies that the lock information needs to be placed on a separate cache
line for each cpu. Hence the bakery_lock_info_t structure is allocated in the
per-cpu data so as to minimize memory wastage. A similar platform per-cpu
data is introduced for the platform locks.
As a result of the above changes, the bakery lock api is completely changed.
Earlier, a reference to the lock structure was passed to the lock implementation.
Now a unique-id (essentially an index into the per-cpu data array) and an offset
into the per-cpu data for bakery_info_t needs to be passed to the lock
implementation.
Change-Id: I1e76216277448713c6c98b4c2de4fb54198b39e0
Soby Mathew
authored
on 8 Jan 2015
Dan Handley
committed
on 22 Jan 2015
|
Add macros for domain specific barriers.
...
This patch adds helper macros for barrier operations that specify
the type of barrier (dmb, dsb) and the shareability domain (system,
inner-shareable) it affects.
Change-Id: I4bf95103e79da212c4fbdbc13d91ad8ac385d9f5
Soby Mathew
authored
on 30 Dec 2014
Dan Handley
committed
on 22 Jan 2015
|
2015-01-16 |
Merge pull request #235 from soby-mathew/sm/inv_cpu_ops
...
Invalidate the dcache after initializing cpu-ops
danh-arm
committed
on 16 Jan 2015
|
2015-01-13 |
Invalidate the dcache after initializing cpu-ops
...
This patch fixes a crash due to corruption of cpu_ops
data structure. During the secondary CPU boot, after the
cpu_ops has been initialized in the per cpu-data, the
dcache lines need to invalidated so that the update in
memory can be seen later on when the dcaches are turned ON.
Also, after initializing the psci per cpu data, the dcache
lines are flushed so that they are written back to memory
and dirty dcache lines are avoided.
Fixes ARM-Software/tf-issues#271
Change-Id: Ia90f55e9882690ead61226eea5a5a9146d35f313
Soby Mathew
committed
on 13 Jan 2015
|
2015-01-07 |
Prevent optimisation of sysregs accessors calls
...
Calls to system register read accessors functions may be optimised
out by the compiler if called twice in a row for the same register.
This is because the compiler is not aware that the result from
the instruction may be modified by external agents. Therefore, if
nothing modifies the register between the 2 reads as far as the
compiler knows then it might consider that it is useless to read
it twice and emit only 1 call.
This behaviour is faulty for registers that may not have the same
value if read twice in succession. E.g.: counters, timer
control/countdown registers, GICv3 interrupt status registers and
so on.
The same problem happens for calls to system register write
accessors functions. The compiler might optimise out some calls
if it considers that it will produce the same result. Again, this
behaviour is faulty for cases where intermediate writes to these
registers make a difference in the system.
This patch fixes the problem by making these assembly register
accesses volatile.
Fixes ARM-software/tf-issues#273
Change-Id: I33903bc4cc4eea8a8d87bc2c757909fbb0138925
Sandrine Bailleux
committed
on 7 Jan 2015
|
2014-12-04 |
Fix the array size of mpidr_aff_map_nodes_t.
...
This patch fixes the array size of mpidr_aff_map_nodes_t which
was less by one element.
Fixes ARM-software/tf-issues#264
Change-Id: I48264f6f9e7046a3d0f4cbcd63b9ba49657e8818
Soby Mathew
committed
on 4 Dec 2014
|
2014-11-04 |
Merge pull request #219 from jcastillo-arm/jc/tf-issues/253
...
Improvements to ARM GIC driver
Juno: Use the generic ARM GIC driver
danh-arm
committed
on 4 Nov 2014
|
2014-10-31 |
Improvements to ARM GIC driver
...
This patch introduces several improvements to the ARM GIC driver:
* In function gicd_set_itargetsr(), target CPU is specified using
the same bit mask detailed in the GICD_ITARGETSRn register instead
of the CPU linear ID, removing the dependency between bit position
and linear ID in the platform porting. The current CPU bit mask
may be obtained by reading GICD_ITARGETSR0.
* PPIs and SGIs are initialized in arm_gic_pcpu_distif_setup().
SPIs are initialized in arm_gic_distif_setup().
* By default, non secure interrupts are assigned the maximum
priority allowed to a non secure interrupt (defined by
GIC_HIGHEST_NS_PRIORITY).
* GICR base address is allowed to be NULL for GICv1 and GICv2.
Change-Id: Ie2837fe860d43b2282e582dfdb13c39c6186f232
Juan Castillo
committed
on 31 Oct 2014
|
2014-10-29 |
Apply errata workarounds only when major/minor revisions match.
...
Prior to this patch, the errata workarounds were applied for any version
of the CPU in the release build and in the debug build an assert
failure resulted when the revision did not match. This patch applies
errata workarounds in the Cortex-A57 reset handler only if the 'variant'
and 'revision' fields read from the MIDR_EL1 match. In the debug build,
a warning message is printed for each errata workaround which is not
applied.
The patch modifies the register usage in 'reset_handler` so
as to adhere to ARM procedure calling standards.
Fixes ARM-software/tf-issues#242
Change-Id: I51b1f876474599db885afa03346e38a476f84c29
Soby Mathew
committed
on 29 Oct 2014
|