2018-06-14 |
Make TF UUID RFC 4122 compliant
...
RFC4122 defines that fields are stored in network order (big endian),
but TF-A stores them in machine order (little endian by default in TF-A).
We cannot change the future UUIDs that are already generated, but we can store
all the bytes using arrays and modify fiptool to generate the UUIDs with
the correct byte order.
Change-Id: I97be2d3168d91f4dee7ccfafc533ea55ff33e46f
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas
committed
on 14 Jun 2018
|
2018-04-13 |
Fix MISRA rule 8.4 Part 4
...
Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined
Fixed for:
make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \
GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all
Change-Id: Ie4cd6011b3e4fdcdd94ccb97a7e941f3b5b7aeb8
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas
committed
on 13 Apr 2018
|
Fix MISRA rule 8.3 Part 4
...
Rule 8.3: All declarations of an object or function shall
use the same names and type qualifiers
Fixed for:
make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \
GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all
Change-Id: Ia34fe1ae1f142e89c9a6c19831e3daf4d28f5831
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas
committed
on 13 Apr 2018
|
2018-03-29 |
Merge pull request #1313 from jonathanwright-ARM/jw/MISRA-switch-statements
...
Fix switch statements to comply with MISRA rules
Dimitris Papastamos
authored
on 29 Mar 2018
GitHub
committed
on 29 Mar 2018
|
2018-03-27 |
Clean usage of void pointers to access symbols
...
Void pointers have been used to access linker symbols, by declaring an
extern pointer, then taking the address of it. This limits symbols
values to aligned pointer values. To remove this restriction an
IMPORT_SYM macro has been introduced, which declares it as a char
pointer and casts it to the required type.
Change-Id: I89877fc3b13ed311817bb8ba79d4872b89bfd3b0
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
Joel Hutton
committed
on 27 Mar 2018
|
2018-03-26 |
bl1: fix switch statements to comply with MISRA rules
...
Ensure (where possible) that switch statements in bl1 comply with MISRA
rules 16.1 - 16.7
Return statements inside switch clauses mean that we do not comply with
rule 16.3.
Change-Id: I8342389ba525dfc68b88e67dbb3690a529abfeb1
Signed-off-by: Jonathan Wright <jonathan.wright@arm.com>
Jonathan Wright
committed
on 26 Mar 2018
|
2018-03-21 |
Rename 'smcc' to 'smccc'
...
When the source code says 'SMCC' it is talking about the SMC Calling
Convention. The correct acronym is SMCCC. This affects a few definitions
and file names.
Some files have been renamed (smcc.h, smcc_helpers.h and smcc_macros.S)
but the old files have been kept for compatibility, they include the
new ones with an ERROR_DEPRECATED guard.
Change-Id: I78f94052a502436fdd97ca32c0fe86bd58173f2f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 21 Mar 2018
|
2018-02-28 |
Merge pull request #1282 from robertovargas-arm/misra-changes
...
Misra changes
davidcunado-arm
authored
on 28 Feb 2018
GitHub
committed
on 28 Feb 2018
|
Fix MISRA rule 8.8 in common code
...
Rule 8.8: The static storage class specifier shall be used
in all declarations of objects and functions that
have internal linkage.
Change-Id: I1e94371caaadebb2cec38d0ae0fa5c59e43369e0
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas
committed
on 28 Feb 2018
|
2018-02-27 |
Merge pull request #1286 from antonio-nino-diaz-arm/an/mmu-mismatch
...
Clarify comments in xlat tables lib and fixes related to the TLB
davidcunado-arm
authored
on 27 Feb 2018
GitHub
committed
on 27 Feb 2018
|
Add comments about mismatched TCR_ELx and xlat tables
...
When the MMU is enabled and the translation tables are mapped, data
read/writes to the translation tables are made using the attributes
specified in the translation tables themselves. However, the MMU
performs table walks with the attributes specified in TCR_ELx. They are
completely independent, so special care has to be taken to make sure
that they are the same.
This has to be done manually because it is not practical to have a test
in the code. Such a test would need to know the virtual memory region
that contains the translation tables and check that for all of the
tables the attributes match the ones in TCR_ELx. As the tables may not
even be mapped at all, this isn't a test that can be made generic.
The flags used by enable_mmu_xxx() have been moved to the same header
where the functions are.
Also, some comments in the linker scripts related to the translation
tables have been fixed.
Change-Id: I1754768bffdae75f53561b1c4a5baf043b45a304
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 27 Feb 2018
|
2018-02-26 |
BL1: Deprecate the `bl1_init_bl2_mem_layout()` API
...
The `bl1_init_bl2_mem_layout()` API is now deprecated. The default weak
implementation of `bl1_plat_handle_post_image_load()` calculates the
BL2 memory layout and populates the same in x1(r1). This ensures
compatibility for the deprecated API.
Change-Id: Id44bdc1f572dc42ee6ceef4036b3a46803689315
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 26 Feb 2018
|
Add image_id to bl1_plat_handle_post/pre_image_load()
...
This patch adds an argument to bl1_plat_post/pre_image_load() APIs
to make it more future proof. The default implementation of
these are moved to `plat_bl1_common.c` file.
These APIs are now invoked appropriately in the FWU code path prior
to or post image loading by BL1 and are not restricted
to LOAD_IMAGE_V2.
The patch also reorganizes some common platform files. The previous
`plat_bl2_el3_common.c` and `platform_helpers_default.c` files are
merged into a new `plat_bl_common.c` file.
NOTE: The addition of an argument to the above mentioned platform APIs
is not expected to have a great impact because these APIs were only
recently added and are unlikely to be used.
Change-Id: I0519caaee0f774dd33638ff63a2e597ea178c453
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 26 Feb 2018
|
2018-02-21 |
Ensure the correct execution of TLBI instructions
...
After executing a TLBI a DSB is needed to ensure completion of the
TLBI.
rk3328: The MMU is allowed to load TLB entries for as long as it is
enabled. Because of this, the correct place to execute a TLBI is right
after disabling the MMU.
Change-Id: I8280f248d10b49a8c354a4ccbdc8f8345ac4c170
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 21 Feb 2018
|
2018-02-06 |
Merge pull request #1173 from etienne-lms/armv7-qemu
...
support to boot OP-TEE on AArch32/Armv7+example with Cortex-A15/Qemu
davidcunado-arm
authored
on 6 Feb 2018
GitHub
committed
on 6 Feb 2018
|
2018-02-02 |
aarch32: use lr as bl32 boot argument on aarch32 only systems
...
Add 'lr_svc' as a boot parameter in AArch32 bl1. This is used by Optee
and Trusty to get the non-secure entry point on AArch32 platforms.
This change is not ported in AArch64 mode where the BL31, not BL32,
is in charge of booting the non secure image (BL33).
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Etienne Carriere
committed
on 2 Feb 2018
|
2018-02-01 |
bl1: add bl1_plat_handle_{pre,post}_image_load()
...
Just like bl2_, add pre/post image load handlers for BL1. No argument
is needed since BL2 is the only image loaded by BL1.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada
committed
on 1 Feb 2018
|
2018-01-18 |
bl2-el3: Don't compile BL1 when BL2_AT_EL3 is defined in FVP
...
This patch modifies the makefiles to avoid the definition
of BL1_SOURCES and BL2_SOURCES in the tbbr makefiles, and
it lets to the platform makefiles to define them if they
actually need these images. In the case of BL2_AT_EL3
BL1 will not be needed usually because the Boot ROM will
jump directly to BL2.
Change-Id: Ib6845a260633a22a646088629bcd7387fe35dcf9
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas
committed
on 18 Jan 2018
|
2017-11-29 |
Replace magic numbers in linkerscripts by PAGE_SIZE
...
When defining different sections in linker scripts it is needed to align
them to multiples of the page size. In most linker scripts this is done
by aligning to the hardcoded value 4096 instead of PAGE_SIZE.
This may be confusing when taking a look at all the codebase, as 4096
is used in some parts that aren't meant to be a multiple of the page
size.
Change-Id: I36c6f461c7782437a58d13d37ec8b822a1663ec1
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 29 Nov 2017
|
2017-07-12 |
Fix order of #includes
...
This fix modifies the order of system includes to meet the ARM TF coding
standard. There are some exceptions in order to retain header groupings,
minimise changes to imported headers, and where there are headers within
the #if and #ifndef statements.
Change-Id: I65085a142ba6a83792b26efb47df1329153f1624
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
Isla Mitchell
committed
on 12 Jul 2017
|
2017-06-28 |
Merge pull request #978 from etienne-lms/minor-build
...
Minor build fixes
danh-arm
authored
on 28 Jun 2017
GitHub
committed
on 28 Jun 2017
|
2017-06-26 |
Merge pull request #994 from soby-mathew/sm/fwu_fix
...
Fix FWU and cache helper optimization
davidcunado-arm
authored
on 26 Jun 2017
GitHub
committed
on 26 Jun 2017
|
2017-06-23 |
bl1: include bl1_private.h in aarch* files
...
This change avoids warnings when setting -Wmissing-prototypes or when
using sparse tool.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Etienne Carriere
committed
on 23 Jun 2017
|
context_mgmt: declare extern cm_set_next_context() for AArch32
...
This change avoids warning when setting -Wmissing-prototypes to
compile bl1_context_mgmt.c.
Reported-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Etienne Carriere
committed
on 23 Jun 2017
|
bl: security_state should be of type unsigned int
...
security_state is either 0 or 1. Prevent sign conversion potential
error (setting -Werror=sign-conversion results in a build error).
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Etienne Carriere
committed
on 23 Jun 2017
|
2017-06-21 |
Fully initialise essential control registers
...
This patch updates the el3_arch_init_common macro so that it fully
initialises essential control registers rather then relying on hardware
to set the reset values.
The context management functions are also updated to fully initialise
the appropriate control registers when initialising the non-secure and
secure context structures and when preparing to leave EL3 for a lower
EL.
This gives better alignement with the ARM ARM which states that software
must initialise RES0 and RES1 fields with 0 / 1.
This patch also corrects the following typos:
"NASCR definitions" -> "NSACR definitions"
Change-Id: Ia8940b8351dc27bc09e2138b011e249655041cfc
Signed-off-by: David Cunado <david.cunado@arm.com>
David Cunado
committed
on 21 Jun 2017
|
Fix issues in FWU code
...
This patch fixes the following issues in Firmware Update (FWU) code:
1. The FWU layer maintains a list of loaded image ids and
while checking for image overlaps, INVALID_IMAGE_IDs were not
skipped. The patch now adds code to skip INVALID_IMAGE_IDs.
2. While resetting the state corresponding to an image, the code
now resets the memory used by the image only if the image were
copied previously via IMAGE_COPY smc. This prevents the invalid
zeroing of image memory which are not copied but are directly
authenticated via IMAGE_AUTH smc.
Change-Id: Idf18e69bcba7259411c88807bd0347d59d9afb8f
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 21 Jun 2017
|
2017-06-01 |
FWU: Introduce FWU_SMC_IMAGE_RESET
...
This SMC is as a means for the image loading state machine to go from
COPYING, COPIED or AUTHENTICATED states to RESET state. Previously, this
was only done when the authentication of an image failed or when the
execution of the image finished.
Documentation updated.
Change-Id: Ida6d4c65017f83ae5e27465ec36f54499c6534d9
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 1 Jun 2017
|
FWU: Check for overlaps when loading images
...
Added checks to FWU_SMC_IMAGE_COPY to prevent loading data into a
memory region where another image data is already loaded.
Without this check, if two images are configured to be loaded in
overlapping memory regions, one of them can be loaded and
authenticated and the copy function is still able to load data from
the second image on top of the first one. Since the first image is
still in authenticated state, it can be executed, which could lead to
the execution of unauthenticated arbitrary code of the second image.
Firmware update documentation updated.
Change-Id: Ib6871e569794c8e610a5ea59fe162ff5dcec526c
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 1 Jun 2017
|
2017-05-15 |
AArch32: Add `TRUSTED_BOARD_BOOT` support
...
This patch adds `TRUSTED_BOARD_BOOT` support for AArch32 mode.
To build this patch the "mbedtls/include/mbedtls/bignum.h"
needs to be modified to remove `#define MBEDTLS_HAVE_UDBL`
when `MBEDTLS_HAVE_INT32` is defined. This is a workaround
for "https://github.com/ARMmbed/mbedtls/issues/708"
NOTE: TBBR support on Juno AArch32 is not currently supported.
Change-Id: I86d80e30b9139adc4d9663f112801ece42deafcf
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Co-Authored-By: Yatharth Kochar <yatharth.kochar@arm.com>
dp-arm
committed
on 15 May 2017
|