2020-02-07 |
fconf: Move platform io policies into fconf
...
Use the firmware configuration framework to store the io_policies
information inside the configuration device tree instead of the static
structure in the code base.
The io_policies required by BL1 can't be inside the dtb, as this one is
loaded by BL1, and only available at BL2.
This change currently only applies to FVP platform.
Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Louis Mayencourt
committed
on 7 Feb 2020
|
2020-01-30 |
Merge changes from topic "sb/select-cot" into integration
...
* changes:
Introduce COT build option
cert_create: Remove references to TBBR in common code
cert_create: Introduce COT build option
cert_create: Introduce TBBR CoT makefile
Sandrine Bailleux
authored
on 30 Jan 2020
TrustedFirmware Code Review
committed
on 30 Jan 2020
|
2020-01-29 |
Introduce COT build option
...
Allows to select the chain of trust to use when the Trusted Boot feature
is enabled. This affects both the cert_create tool and the firmware
itself.
Right now, the only available CoT is TBBR.
Change-Id: I7ab54e66508a1416cb3fcd3dfb0f055696763b3d
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Sandrine Bailleux
committed
on 29 Jan 2020
|
2020-01-28 |
Measured Boot: add function for hash calculation
...
This patch adds 'calc_hash' function using Mbed TLS library
required for Measured Boot support.
Change-Id: Ifc5aee0162d04db58ec6391e0726a526f29a52bb
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Alexei Fedorov
committed
on 28 Jan 2020
|
2020-01-24 |
Build: support per-BL LDFLAGS
...
make_helpers/build_macros.mk supports per-BL CFLAGS. For example,
you can pass compiler flags only to BL31 by using BL31_CFLAGS.
This commit adds per-BL LDFLAGS support, which is useful as well.
My main motivation of this addition is to use it for ENABLE_PIE.
When ENABLE_PIE is enabled, some linker flags are added to TF_LDFLAGS,
which affects all the TF images. It will make more sense to pass the
relevant options only to BL images that support it.
Change-Id: I203acaab0091db5ae0ea6e66460ee7dc8d9c4d75
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada
committed
on 24 Jan 2020
|
2020-01-14 |
Replace dts includes with C preprocessor syntax
...
Using the /include/ syntax, the include was evaluated by dtc, only after running
the preprocessor, therefore the .dtsi files were not preprocessed. This patch
adds the #include syntax instead. Evaluating this and preprocessing the files
now happens in a single step, done by the C preprocessor.
Change-Id: I6d0104b6274316fc736e84973502a4d6c2c9d6e0
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Balint Dobszay
committed
on 14 Jan 2020
|
2019-12-29 |
bl31: Split into two separate memory regions
...
Some platforms are extremely memory constrained and must split BL31
between multiple non-contiguous areas in SRAM. Allow the NOBITS
sections (.bss, stacks, page tables, and coherent memory) to be placed
in a separate region of RAM from the loaded firmware image.
Because the NOBITS region may be at a lower address than the rest of
BL31, __RW_{START,END}__ and __BL31_{START,END}__ cannot include this
region, or el3_entrypoint_common would attempt to invalidate the dcache
for the entire address space. New symbols __NOBITS_{START,END}__ are
added when SEPARATE_NOBITS_REGION is enabled, and the dcached for the
NOBITS region is invalidated separately.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: Idedfec5e4dbee77e94f2fdd356e6ae6f4dc79d37
Samuel Holland
committed
on 29 Dec 2019
|
2019-12-20 |
Merge "debugfs: add 9p device interface" into integration
Mark Dykes
authored
on 20 Dec 2019
TrustedFirmware Code Review
committed
on 20 Dec 2019
|
spm: Remove SPM Alpha 1 prototype and support files
...
The Secure Partition Manager (SPM) prototype implementation is
being removed. This is preparatory work for putting in place a
dispatcher component that, in turn, enables partition managers
at S-EL2 / S-EL1.
This patch removes:
- The core service files (std_svc/spm)
- The Resource Descriptor headers (include/services)
- SPRT protocol support and service definitions
- SPCI protocol support and service definitions
Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Paul Beesley
authored
on 14 Oct 2019
Manish Pandey
committed
on 20 Dec 2019
|
Remove dependency between SPM_MM and ENABLE_SPM build flags
...
There are two different implementations of Secure Partition
management in TF-A. One is based on the "Management Mode" (MM)
design, the other is based on the Secure Partition Client Interface
(SPCI) specification. Currently there is a dependency between their
build flags that shouldn't exist, making further development
harder than it should be. This patch removes that
dependency, making the two flags function independently.
Before: ENABLE_SPM=1 is required for using either implementation.
By default, the SPCI-based implementation is enabled and
this is overridden if SPM_MM=1.
After: ENABLE_SPM=1 enables the SPCI-based implementation.
SPM_MM=1 enables the MM-based implementation.
The two build flags are mutually exclusive.
Note that the name of the ENABLE_SPM flag remains a bit
ambiguous - this will be improved in a subsequent patch. For this
patch the intention was to leave the name as-is so that it is
easier to track the changes that were made.
Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Paul Beesley
authored
on 16 Sep 2019
Manish Pandey
committed
on 20 Dec 2019
|
2019-12-17 |
debugfs: add 9p device interface
...
The 9p interface provides abstraction layers allowing the software
that uses devices to be independent from the hardware.
This patch provides a file system abstraction to link drivers to their
devices and propose a common interface to expose driver operations to
higher layers. This file system can be used to access and configure a
device by doing read/write operations.
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ia9662393baf489855dc0c8f389fe4a0afbc9c255
Olivier Deprez
committed
on 17 Dec 2019
|
2019-12-02 |
Enable Link Time Optimization in GCC
...
This patch enables LTO for TF-A when compiled with GCC.
LTO is disabled by default and is enabled by
ENABLE_LTO=1 build option.
LTO is enabled only for aarch64 as there seem to be
a bug in the aarch32 compiler when LTO is enabled.
The changes in the makefiles include:
- Adding -flto and associated flags to enable LTO.
- Using gcc as a wrapper at link time instead of ld.
This is recommended when using LTO as gcc internally
takes care of invoking the necessary plugins for LTO.
- Adding switches to pass options to ld.
- Adding a flag to disable fix for erratum cortex-a53-843419
unless explicitly enabled. This is needed because GCC
seem to automatically add the erratum fix when used
as a wrapper for LD.
Additionally, this patch updates the TF-A user guide with
the new build option.
Signed-off-by: zelalem-aweke <zelalem.aweke@arm.com>
Change-Id: I1188c11974da98434b7dc9344e058cd1eacf5468
zelalem-aweke
committed
on 2 Dec 2019
|
2019-10-04 |
Fix the CAS spinlock implementation
...
Make the spinlock implementation use ARMv8.1-LSE CAS instruction based
on a platform build option. The CAS-based implementation used to be
unconditionally selected for all ARM8.1+ platforms.
The previous CAS spinlock implementation had a bug wherein the spin_unlock()
implementation had an `sev` after `stlr` which is not sufficient. A dsb is
needed to ensure that the stlr completes prior to the sev. Having a dsb is
heavyweight and a better solution would be to use load exclusive semantics
to monitor the lock and wake up from wfe when a store happens to the lock.
The patch implements the same.
Change-Id: I5283ce4a889376e4cc01d1b9d09afa8229a2e522
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Soby Mathew
authored
on 25 Sep 2019
Olivier Deprez
committed
on 4 Oct 2019
|
2019-09-13 |
Merge changes from topic "jc/rsa-pkcs" into integration
...
* changes:
Remove RSA PKCS#1 v1.5 support from cert_tool
Add documentation for new KEY_SIZE option
Add cert_create tool support for RSA key sizes
Support larger RSA key sizes when using MBEDTLS
Soby Mathew
authored
on 13 Sep 2019
TrustedFirmware Code Review
committed
on 13 Sep 2019
|
2019-09-12 |
Add cert_create tool support for RSA key sizes
...
cert_tool is now able to accept a command line option for specifying the
key size. It now supports the following options: 1024, 2048 (default),
3072 and 4096. This is also modifiable by TFA using the build flag
KEY_SIZE.
Change-Id: Ifadecf84ade3763249ee8cc7123a8178f606f0e5
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Justin Chadwell
committed
on 12 Sep 2019
|
Invalidate dcache build option for bl2 entry at EL3
...
Some of the platform (ie. Agilex) make use of CCU IPs which will only be
initialized during bl2_el3_early_platform_setup. Any operation to the
cache beforehand will crash the platform. Hence, this will provide an
option to skip the data cache invalidation upon bl2 entry at EL3
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I2c924ed0589a72d0034714c31be8fe57237d1f06
Hadi Asyrafi
authored
on 20 Aug 2019
Soby Mathew
committed
on 12 Sep 2019
|
Merge changes from topic "jc/mte_enable" into integration
...
* changes:
Add documentation for CTX_INCLUDE_MTE_REGS
Enable MTE support in both secure and non-secure worlds
Soby Mathew
authored
on 12 Sep 2019
TrustedFirmware Code Review
committed
on 12 Sep 2019
|
2019-09-11 |
Add UBSAN support and handlers
...
This patch adds support for the Undefined Behaviour sanitizer. There are
two types of support offered - minimalistic trapping support which
essentially immediately crashes on undefined behaviour and full support
with full debug messages.
The full support relies on ubsan.c which has been adapted from code used
by OPTEE.
Change-Id: I417c810f4fc43dcb56db6a6a555bfd0b38440727
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Justin Chadwell
committed
on 11 Sep 2019
|
2019-09-09 |
Enable MTE support in both secure and non-secure worlds
...
This patch adds support for the new Memory Tagging Extension arriving in
ARMv8.5. MTE support is now enabled by default on systems that support
at EL0. To enable it at ELx for both the non-secure and the secure
world, the compiler flag CTX_INCLUDE_MTE_REGS includes register saving
and restoring when necessary in order to prevent register leakage
between the worlds.
Change-Id: I2d4ea993d6b11654ea0d4757d00ca20d23acf36c
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Justin Chadwell
committed
on 9 Sep 2019
|
2019-08-01 |
Switch AARCH32/AARCH64 to __aarch64__
...
NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__.
All common C compilers pre-define the same macros to signal which
architecture the code is being compiled for: __arm__ for AArch32 (or
earlier versions) and __aarch64__ for AArch64. There's no need for TF-A
to define its own custom macros for this. In order to unify code with
the export headers (which use __aarch64__ to avoid another dependency),
let's deprecate the AARCH32 and AARCH64 macros and switch the code base
over to the pre-defined standard macro. (Since it is somewhat
unintuitive that __arm__ only means AArch32, let's standardize on only
using __aarch64__.)
Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200
Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner
committed
on 1 Aug 2019
|
Replace __ASSEMBLY__ with compiler-builtin __ASSEMBLER__
...
NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__.
All common C compilers predefine a macro called __ASSEMBLER__ when
preprocessing a .S file. There is no reason for TF-A to define it's own
__ASSEMBLY__ macro for this purpose instead. To unify code with the
export headers (which use __ASSEMBLER__ to avoid one extra dependency),
let's deprecate __ASSEMBLY__ and switch the code base over to the
predefined standard.
Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417
Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner
committed
on 1 Aug 2019
|
2019-06-28 |
Remove MULTI_CONSOLE_API flag and references to it
...
The new API becomes the default one.
Change-Id: Ic1d602da3dff4f4ebbcc158b885295c902a24fec
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Ambroise Vincent
committed
on 28 Jun 2019
|
2019-06-26 |
Console: removed legacy console API
...
This interface has been deprecated in favour of MULTI_CONSOLE_API.
Change-Id: I6170c1c8c74a890e5bd6d05396743fe62024a08a
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Ambroise Vincent
committed
on 26 Jun 2019
|
2019-05-24 |
Add support for Branch Target Identification
...
This patch adds the functionality needed for platforms to provide
Branch Target Identification (BTI) extension, introduced to AArch64
in Armv8.5-A by adding BTI instruction used to mark valid targets
for indirect branches. The patch sets new GP bit [50] to the stage 1
Translation Table Block and Page entries to denote guarded EL3 code
pages which will cause processor to trap instructions in protected
pages trying to perform an indirect branch to any instruction other
than BTI.
BTI feature is selected by BRANCH_PROTECTION option which supersedes
the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication
and is disabled by default. Enabling BTI requires compiler support
and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0.
The assembly macros and helpers are modified to accommodate the BTI
instruction.
This is an experimental feature.
Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3
is now made as an internal flag and BRANCH_PROTECTION flag should be
used instead to enable Pointer Authentication.
Note. USE_LIBROM=1 option is currently not supported.
Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Alexei Fedorov
committed
on 24 May 2019
|
2019-05-02 |
build_macros: Add mechanism to prevent bin generation.
...
On certain platforms it does not make sense to generate
TF-A binary images. For example a platform could make use of serveral
memory areas, which are non-continuous and the resulting binary
therefore would suffer from the padding-bytes.
Typically these platforms use the ELF image.
This patch introduces a variable DISABLE_BIN_GENERATION, which
can be set to '1' in the platform makefile to prevent the binary
generation.
Signed-off-by: Christoph Müllner <christophm30@gmail.com>
Change-Id: I62948e88bab685bb055fe6167d9660d14e604462
Christoph Müllner
committed
on 2 May 2019
|
2019-03-01 |
Merge pull request #1751 from vwadekar/tegra-scatter-file-support
...
Tegra scatter file support
Antonio Niño Díaz
authored
on 1 Mar 2019
GitHub
committed
on 1 Mar 2019
|
2019-02-28 |
Minor changes to documentation and comments
...
Fix some typos and clarify some sentences.
Change-Id: Id276d1ced9a991b4eddc5c47ad9a825e6b29ef74
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 28 Feb 2019
|
2019-02-27 |
Tegra: Support for scatterfile for the BL31 image
...
This patch provides support for using the scatterfile format as
the linker script with the 'armlink' linker for Tegra platforms.
In order to enable the scatterfile usage the following changes
have been made:
* provide mapping for ld.S symbols in bl_common.h
* include bl_common.h from all the affected files
* update the makefile rules to use the scatterfile and armlink
to compile BL31
* update pubsub.h to add sections to the scatterfile
NOTE: THIS CHANGE HAS BEEN VERIFIED WITH TEGRA PLATFORMS ONLY.
Change-Id: I7bb78b991c97d74a842e5635c74cb0b18e0fce67
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Varun Wadekar
committed
on 27 Feb 2019
|
Add support for pointer authentication
...
The previous commit added the infrastructure to load and save
ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
didn't actually enable pointer authentication in the firmware.
This patch adds the functionality needed for platforms to provide
authentication keys for the firmware, and a new option (ENABLE_PAUTH) to
enable pointer authentication in the firmware itself. This option is
disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be
enabled.
Change-Id: I35127ec271e1198d43209044de39fa712ef202a5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 27 Feb 2019
|
Add ARMv8.3-PAuth registers to CPU context
...
ARMv8.3-PAuth adds functionality that supports address authentication of
the contents of a register before that register is used as the target of
an indirect branch, or as a load.
This feature is supported only in AArch64 state.
This feature is mandatory in ARMv8.3 implementations.
This feature adds several registers to EL1. A new option called
CTX_INCLUDE_PAUTH_REGS has been added to select if the TF needs to save
them during Non-secure <-> Secure world switches. This option must be
enabled if the hardware has the registers or the values will be leaked
during world switches.
To prevent leaks, this patch also disables pointer authentication in the
Secure world if CTX_INCLUDE_PAUTH_REGS is 0. Any attempt to use it will
be trapped in EL3.
Change-Id: I27beba9907b9a86c6df1d0c5bf6180c972830855
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 27 Feb 2019
|