2019-10-04 |
Fix the CAS spinlock implementation
...
Make the spinlock implementation use ARMv8.1-LSE CAS instruction based
on a platform build option. The CAS-based implementation used to be
unconditionally selected for all ARM8.1+ platforms.
The previous CAS spinlock implementation had a bug wherein the spin_unlock()
implementation had an `sev` after `stlr` which is not sufficient. A dsb is
needed to ensure that the stlr completes prior to the sev. Having a dsb is
heavyweight and a better solution would be to use load exclusive semantics
to monitor the lock and wake up from wfe when a store happens to the lock.
The patch implements the same.
Change-Id: I5283ce4a889376e4cc01d1b9d09afa8229a2e522
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Soby Mathew
authored
on 25 Sep 2019
Olivier Deprez
committed
on 4 Oct 2019
|
2019-09-13 |
Merge changes from topic "jc/rsa-pkcs" into integration
...
* changes:
Remove RSA PKCS#1 v1.5 support from cert_tool
Add documentation for new KEY_SIZE option
Add cert_create tool support for RSA key sizes
Support larger RSA key sizes when using MBEDTLS
Soby Mathew
authored
on 13 Sep 2019
TrustedFirmware Code Review
committed
on 13 Sep 2019
|
2019-09-12 |
Support larger RSA key sizes when using MBEDTLS
...
Previously, TF-A could not support large RSA key sizes as the
configuration options passed to MBEDTLS prevented storing and performing
calculations with the larger, higher-precision numbers required. With
these changes to the arguments passed to MBEDTLS, TF-A now supports
using 3072 (3K) and 4096 (4K) keys in certificates.
Change-Id: Ib73a6773145d2faa25c28d04f9a42e86f2fd555f
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Justin Chadwell
committed
on 12 Sep 2019
|
Invalidate dcache build option for bl2 entry at EL3
...
Some of the platform (ie. Agilex) make use of CCU IPs which will only be
initialized during bl2_el3_early_platform_setup. Any operation to the
cache beforehand will crash the platform. Hence, this will provide an
option to skip the data cache invalidation upon bl2 entry at EL3
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I2c924ed0589a72d0034714c31be8fe57237d1f06
Hadi Asyrafi
authored
on 20 Aug 2019
Soby Mathew
committed
on 12 Sep 2019
|
Merge changes from topic "jc/mte_enable" into integration
...
* changes:
Add documentation for CTX_INCLUDE_MTE_REGS
Enable MTE support in both secure and non-secure worlds
Soby Mathew
authored
on 12 Sep 2019
TrustedFirmware Code Review
committed
on 12 Sep 2019
|
2019-09-11 |
Add UBSAN support and handlers
...
This patch adds support for the Undefined Behaviour sanitizer. There are
two types of support offered - minimalistic trapping support which
essentially immediately crashes on undefined behaviour and full support
with full debug messages.
The full support relies on ubsan.c which has been adapted from code used
by OPTEE.
Change-Id: I417c810f4fc43dcb56db6a6a555bfd0b38440727
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Justin Chadwell
committed
on 11 Sep 2019
|
2019-09-09 |
Enable MTE support in both secure and non-secure worlds
...
This patch adds support for the new Memory Tagging Extension arriving in
ARMv8.5. MTE support is now enabled by default on systems that support
at EL0. To enable it at ELx for both the non-secure and the secure
world, the compiler flag CTX_INCLUDE_MTE_REGS includes register saving
and restoring when necessary in order to prevent register leakage
between the worlds.
Change-Id: I2d4ea993d6b11654ea0d4757d00ca20d23acf36c
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Justin Chadwell
committed
on 9 Sep 2019
|
2019-08-01 |
Switch AARCH32/AARCH64 to __aarch64__
...
NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__.
All common C compilers pre-define the same macros to signal which
architecture the code is being compiled for: __arm__ for AArch32 (or
earlier versions) and __aarch64__ for AArch64. There's no need for TF-A
to define its own custom macros for this. In order to unify code with
the export headers (which use __aarch64__ to avoid another dependency),
let's deprecate the AARCH32 and AARCH64 macros and switch the code base
over to the pre-defined standard macro. (Since it is somewhat
unintuitive that __arm__ only means AArch32, let's standardize on only
using __aarch64__.)
Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200
Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner
committed
on 1 Aug 2019
|
Replace __ASSEMBLY__ with compiler-builtin __ASSEMBLER__
...
NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__.
All common C compilers predefine a macro called __ASSEMBLER__ when
preprocessing a .S file. There is no reason for TF-A to define it's own
__ASSEMBLY__ macro for this purpose instead. To unify code with the
export headers (which use __ASSEMBLER__ to avoid one extra dependency),
let's deprecate __ASSEMBLY__ and switch the code base over to the
predefined standard.
Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417
Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner
committed
on 1 Aug 2019
|
2019-07-16 |
Merge changes from topic "jc/shift-overflow" into integration
...
* changes:
Enable -Wshift-overflow=2 to check for undefined shift behavior
Update base code to not rely on undefined overflow behaviour
Update hisilicon drivers to not rely on undefined overflow behaviour
Update synopsys drivers to not rely on undefined overflow behaviour
Update imx platform to not rely on undefined overflow behaviour
Update mediatek platform to not rely on undefined overflow behaviour
Update layerscape platform to not rely on undefined overflow behaviour
Update intel platform to not rely on undefined overflow behaviour
Update rockchip platform to not rely on undefined overflow behaviour
Update renesas platform to not rely on undefined overflow behaviour
Update meson platform to not rely on undefined overflow behaviour
Update marvell platform to not rely on undefined overflow behaviour
Soby Mathew
authored
on 16 Jul 2019
TrustedFirmware Code Review
committed
on 16 Jul 2019
|
2019-07-12 |
Enable -Wshift-overflow=2 to check for undefined shift behavior
...
The -Wshift-overflow=2 option enables checks for left bit shifts.
Specifically, the option will warn when the result of a shift will be
placed into a signed integer and overflow the sign bit there, which
results in undefined behavior.
To avoid the warnings from these checks, the left operand of a shift can
be made an unsigned integer by using the U() macro or appending the u
suffix.
Change-Id: I50c67bedab86a9fdb6c87cfdc3e784f01a22d560
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Justin Chadwell
committed
on 12 Jul 2019
|
2019-07-10 |
Remove references to old project name from common files
...
The project has been renamed from "Arm Trusted Firmware (ATF)" to
"Trusted Firmware-A (TF-A)" long ago. A few references to the old
project name that still remained in various places have now been
removed.
This change doesn't affect any platform files. Any "ATF" references
inside platform files, still remain.
Change-Id: Id97895faa5b1845e851d4d50f5750de7a55bf99e
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
John Tsichritzis
committed
on 10 Jul 2019
|
2019-06-28 |
Remove MULTI_CONSOLE_API flag and references to it
...
The new API becomes the default one.
Change-Id: Ic1d602da3dff4f4ebbcc158b885295c902a24fec
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Ambroise Vincent
committed
on 28 Jun 2019
|
2019-06-06 |
Merge "Introduce BTI support in ROMLIB" into integration
John Tsichritzis
authored
on 6 Jun 2019
TrustedFirmware Code Review
committed
on 6 Jun 2019
|
2019-05-29 |
Merge "Beautify "make help"" into integration
Paul Beesley
authored
on 29 May 2019
TrustedFirmware Code Review
committed
on 29 May 2019
|
Merge "Makefile: Add default warning flags" into integration
Paul Beesley
authored
on 29 May 2019
TrustedFirmware Code Review
committed
on 29 May 2019
|
2019-05-24 |
Add support for Branch Target Identification
...
This patch adds the functionality needed for platforms to provide
Branch Target Identification (BTI) extension, introduced to AArch64
in Armv8.5-A by adding BTI instruction used to mark valid targets
for indirect branches. The patch sets new GP bit [50] to the stage 1
Translation Table Block and Page entries to denote guarded EL3 code
pages which will cause processor to trap instructions in protected
pages trying to perform an indirect branch to any instruction other
than BTI.
BTI feature is selected by BRANCH_PROTECTION option which supersedes
the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication
and is disabled by default. Enabling BTI requires compiler support
and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0.
The assembly macros and helpers are modified to accommodate the BTI
instruction.
This is an experimental feature.
Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3
is now made as an internal flag and BRANCH_PROTECTION flag should be
used instead to enable Pointer Authentication.
Note. USE_LIBROM=1 option is currently not supported.
Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Alexei Fedorov
committed
on 24 May 2019
|
Makefile: Add default warning flags
...
The flags are taken from the different warning levels of the build
system when they do not generate any error with the current upstreamed
platforms.
Change-Id: Ia70cff83bedefb6d2f0dd266394ef77fe47e7f65
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Ambroise Vincent
committed
on 24 May 2019
|
Introduce BTI support in ROMLIB
...
When TF-A is compiled with BTI enabled, the branches in the ROMLIB
jumptable must be preceded by a "bti j" instruction.
Moreover, when the additional "bti" instruction is inserted, the
jumptable entries have a distance of 8 bytes between them instead of 4.
Hence, the wrappers are also modified accordinly.
If TF-A is compiled without BTI enabled, the ROMLIB jumptable and
wrappers are generated as before.
Change-Id: Iaa59897668f8e59888d39046233300c2241d8de7
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
John Tsichritzis
committed
on 24 May 2019
|
Beautify "make help"
...
Changes to make the help text a bit more readable:
1) The "usage" part is now a one-liner
2) The supported platforms list is printed separately
Change-Id: I93e48a6cf1d28f0ef9f3db16ce17725e4dff33c9
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
John Tsichritzis
committed
on 24 May 2019
|
2019-05-22 |
doc: Make checkpatch ignore rst files
...
Previously checkpatch was invoked with options to make it ignore
Markdown (md) files as this was the dominant format for TF-A
documents. Now that rst is being used everywhere this option needs
updating.
Change-Id: I59b5a0bcc45d2386df4f880b8d333baef0bbee77
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Paul Beesley
committed
on 22 May 2019
|
2019-05-09 |
Add Makefile check for PAuth and AArch64
...
Pointer authentication is supported only in AArch64. A relevant check is
added for that in the Makefile.
Change-Id: I021ba65a9bd5764fd33292bee42617015e04a870
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
John Tsichritzis
committed
on 9 May 2019
|
2019-04-03 |
Makefile: remove extra include paths in INCLUDES
...
Now it is needed to use the full path of the common header files.
Commit 09d40e0e0828 ("Sanitise includes across codebase") provides more
information.
Change-Id: Ifedc79d9f664d208ba565f5736612a3edd94c647
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Ambroise Vincent
committed
on 3 Apr 2019
|
2019-03-26 |
Update TF-A version to 2.1
...
Change-Id: I6d8a6419df4d4924214115facbce90715a1a0371
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 26 Mar 2019
|
2019-03-18 |
Declare PAuth for Secure world as experimental
...
Declare ENABLE_PAUTH and CTX_INCLUDE_PAUTH_REGS
build options as experimental.
Pointer Authentication is enabled for Non-secure world
irrespective of the value of these build flags if the
CPU supports it.
The patch also fixes the description of fiptool 'help' command.
Change-Id: I46de3228fbcce774a2624cd387798680d8504c38
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Alexei Fedorov
committed
on 18 Mar 2019
|
2019-03-13 |
Merge pull request #1884 from AlexeiFedorov/af/set_march_to_arch_minor
...
Allow setting compiler's target architecture
Soby Mathew
authored
on 13 Mar 2019
GitHub
committed
on 13 Mar 2019
|
Merge pull request #1880 from lmayencourt/lm/pie
...
PIE: fix linking with pie and binutils > 2.27
Soby Mathew
authored
on 13 Mar 2019
GitHub
committed
on 13 Mar 2019
|
2019-03-12 |
Allow setting compiler's target architecture
...
Change-Id: I56ea088f415bdb9077c385bd3450ff4b2cfa2eac
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Alexei Fedorov
committed
on 12 Mar 2019
|
Makefile: fix linking with pie and binutils > 2.27
...
Since binutils 1a9ccd70f9a7[1] TFA will not link when the PIE option is
used:
aarch64-linux-gnu-ld: build/fvp/debug/bl31/bl31.elf: Not enough room
for program headers, try linking with -N
aarch64-linux-gnu-ld: final link failed: Bad value
This issue was also encountered by u-boot[2] and linux powerpc kernel
[3]. The fix is to provide --no-dynamic-linker for the linker. This
tells the linker that PIE does not need loaded program program headers.
Fix https://github.com/ARM-software/tf-issues/issues/675
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=1a9ccd70f9a7
[2] http://git.denx.de/?p=u-boot.git;a=commit;h=e391b1e
[3] https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next&id=ff45000
Change-Id: Ic3c33c795a9b7bdeab0e87c4345153ce2703a524
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Louis Mayencourt
committed
on 12 Mar 2019
|
2019-03-11 |
Add the possibility to pass options for checkpatch
...
It can be handy for example to add --strict option which can detect more
coding issues, even if not mandated by TF-A coding rules.
To use it:
CHECKPATCH_OPTS="--strict" make checkpatch
Change-Id: I707e4cc2d1250b21f18ff16169b5f1e5ab03a7ed
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Yann Gautier
committed
on 11 Mar 2019
|