2020-03-31 |
Makefile: don't use $(CC) before value is explicit set
...
Unless specified in the environment, $(CC) expands to some generic
host C compiler like cc or c99. We set our own value for $(CC), but
only few lines later.
Move the first use of the $(CC) variable behind the definition to
correct this.
Change-Id: I45344e063d21ddfe22b7ad77954e85c1c46087bd
Fixes: 1684b8733 ("Use clang assembler when clang compiler is used")
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Ahmad Fatoum
authored
on 25 Feb 2020
Sandrine Bailleux
committed
on 31 Mar 2020
|
2020-03-25 |
FVP: Add BL2 hash calculation in BL1
...
This patch provides support for measured boot by adding calculation
of BL2 image hash in BL1 and writing these data in TB_FW_CONFIG DTB.
Change-Id: Ic074a7ed19b14956719c271c805b35d147b7cec1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Alexei Fedorov
committed
on 25 Mar 2020
|
2020-03-24 |
Merge "fconf: Clean Arm IO" into integration
Mark Dykes
authored
on 24 Mar 2020
TrustedFirmware Code Review
committed
on 24 Mar 2020
|
2020-03-23 |
spmd: skip loading of secure partitions on pre-v8.4 platforms
...
When SPD=spmd and SPMD_SPM_AT_SEL2=0, that is SPMC sits at S-EL1
then there is no need for TF-A to load secure partitions individually.
In this configuration, SPMC handles secure partition loading at
S-EL1/EL0 levels.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I06a0d88a4811274a8c347ce57b56bb5f64e345df
Olivier Deprez
authored
on 19 Mar 2020
Manish Pandey
committed
on 23 Mar 2020
|
2020-03-16 |
fconf: Clean Arm IO
...
Merge the previously introduced arm_fconf_io_storage into arm_io_storage. This
removes the duplicate io_policies and functions definition.
This patch:
- replace arm_io_storage.c with the content of arm_fconf_io_storage.c
- rename the USE_FCONF_BASED_IO option into ARM_IO_IN_DTB.
- use the ARM_IO_IN_DTB option to compile out io_policies moved in dtb.
- propagate DEFINES when parsing dts.
- use ARM_IO_IN_DTB to include or not uuid nodes in fw_config dtb.
- set the ARM_IO_IN_DTB to 0 by default for fvp. This ensure that the behavior
of fvp stays the same as it was before the introduction of fconf.
Change-Id: Ia774a96d1d3a2bccad29f7ce2e2b4c21b26c080e
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Louis Mayencourt
committed
on 16 Mar 2020
|
2020-03-11 |
fconf: necessary modifications to support fconf in BL31 & SP_MIN
...
Necessary infrastructure added to integrate fconf framework in BL31 & SP_MIN.
Created few populator() functions which parse HW_CONFIG device tree
and registered them with fconf framework. Many of the changes are
only applicable for fvp platform.
This patch:
1. Adds necessary symbols and sections in BL31, SP_MIN linker script
2. Adds necessary memory map entry for translation in BL31, SP_MIN
3. Creates an abstraction layer for hardware configuration based on
fconf framework
4. Adds necessary changes to build flow (makefiles)
5. Minimal callback to read hw_config dtb for capturing properties
related to GIC(interrupt-controller node)
6. updates the fconf documentation
Change-Id: Ib6292071f674ef093962b9e8ba0d322b7bf919af
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Madhukar Pappireddy
committed
on 11 Mar 2020
|
2020-03-06 |
Makefile: Add support to optionally encrypt BL31 and BL32
...
Following build flags have been added to support optional firmware
encryption:
- FW_ENC_STATUS: Top level firmware's encryption numeric flag, values:
0: Encryption is done with Secret Symmetric Key (SSK) which is
common for a class of devices.
1: Encryption is done with Binding Secret Symmetric Key (BSSK) which
is unique per device.
- ENC_KEY: A 32-byte (256-bit) symmetric key in hex string format. It
could be SSK or BSSK depending on FW_ENC_STATUS flag.
- ENC_NONCE: A 12-byte (96-bit) encryption nonce or Initialization Vector
(IV) in hex string format.
- ENCRYPT_BL31: Binary flag to enable encryption of BL31 firmware.
- ENCRYPT_BL32: Binary flag to enable encryption of Secure BL32 payload.
Similar flags can be added to encrypt other firmwares as well depending
on use-cases.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I94374d6830ad5908df557f63823e58383d8ad670
Sumit Garg
committed
on 6 Mar 2020
|
tools: Add firmware authenticated encryption tool
...
Add firmware authenticated encryption tool which utilizes OpenSSL
library to encrypt firmwares using a key provided via cmdline. Currently
this tool supports AES-GCM as an authenticated encryption algorithm.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I60e296af1b98f1912a19d5f91066be7ea85836e4
Sumit Garg
committed
on 6 Mar 2020
|
drivers: crypto: Add authenticated decryption framework
...
Add framework for autheticated decryption of data. Currently this
patch optionally imports mbedtls library as a backend if build option
"DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption
using AES-GCM algorithm.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271
Sumit Garg
committed
on 6 Mar 2020
|
2020-03-03 |
SPMD: add command line parameter to run SPM at S-EL2 or S-EL1
...
Added SPMD_SPM_AT_SEL2 build command line parameter.
Set to 1 to run SPM at S-EL2.
Set to 0 to run SPM at S-EL1 (pre-v8.4 or S-EL2 is disabled).
Removed runtime EL from SPM core manifest.
Change-Id: Icb4f5ea4c800f266880db1d410d63fe27a1171c0
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Max Shvetsov
committed
on 3 Mar 2020
|
2020-03-02 |
SPMD: save/restore EL2 system registers.
...
NOTE: Not all EL-2 system registers are saved/restored.
This subset includes registers recognized by ARMv8.0
Change-Id: I9993c7d78d8f5f8e72d1c6c8d6fd871283aa3ce0
Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Max Shvetsov
committed
on 2 Mar 2020
|
2020-02-26 |
Merge "tools: Small improvement to print_memory_map script" into integration
Sandrine Bailleux
authored
on 26 Feb 2020
TrustedFirmware Code Review
committed
on 26 Feb 2020
|
2020-02-25 |
Merge "Read-only xlat tables for BL31 memory" into integration
Mark Dykes
authored
on 25 Feb 2020
TrustedFirmware Code Review
committed
on 25 Feb 2020
|
2020-02-24 |
Read-only xlat tables for BL31 memory
...
This patch introduces a build flag which allows the xlat tables
to be mapped in a read-only region within BL31 memory. It makes it
much harder for someone who has acquired the ability to write to
arbitrary secure memory addresses to gain control of the
translation tables.
The memory attributes of the descriptors describing the tables
themselves are changed to read-only secure data. This change
happens at the end of BL31 runtime setup. Until this point, the
tables have read-write permissions. This gives a window of
opportunity for changes to be made to the tables with the MMU on
(e.g. reclaiming init code). No changes can be made to the tables
with the MMU turned on from this point onwards. This change is also
enabled for sp_min and tspd.
To make all this possible, the base table was moved to .rodata. The
penalty we pay is that now .rodata must be aligned to the size of
the base table (512B alignment). Still, this is better than putting
the base table with the higher level tables in the xlat_table
section, as that would cost us a full 4KB page.
Changing the tables from read-write to read-only cannot be done with
the MMU on, as the break-before-make sequence would invalidate the
descriptor which resolves the level 3 page table where that very
descriptor is located. This would make the translation required for
writing the changes impossible, generating an MMU fault.
The caches are also flushed.
Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>
Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
Petre-Ionut Tudor
committed
on 24 Feb 2020
|
2020-02-20 |
SPMD: generate and add Secure Partition blobs into FIP
...
Till now TF-A allows limited number of external images to be made part
of FIP. With SPM coming along, there may exist multiple SP packages
which need to be inserted into FIP. To achieve this we need a more
scalable approach to feed SP packages to FIP.
This patch introduces changes in build system to generate and add SP
packages into FIP based on information provided by platform.
Platform provides information in form of JSON which contains layout
description of available Secure Partitions.
JSON parser script is invoked by build system early on and generates
a makefile which updates FIP, SPTOOL and FDT arguments which will be
used by build system later on for final packaging.
"SP_LAYOUT_FILE" passed as a build argument and can be outside of TF-A
tree. This option will be used only when SPD=spmd.
For each SP, generated makefile will have following entries
- FDT_SOURCES += sp1.dts
- SPTOOL_ARGS += -i sp1.img:sp1.dtb -o sp1.pkg
- FIP_ARGS += --blob uuid=XXXX-XXX...,file=SP1.pkg
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib6a9c064400caa3cd825d9886008a3af67741af7
Manish Pandey
committed
on 20 Feb 2020
|
2020-02-14 |
tools: Small improvement to print_memory_map script
...
This patch:
- Add the __COHERENT_RAM_START__ and __COHERENT_RAM_END__ symbols.
- Improve how the symbols are found with a regex.
- Add a build option to revert the memory layout output.
Change-Id: I54ec660261431bc98d78acb0f80e3d95bc5397ac
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Louis Mayencourt
committed
on 14 Feb 2020
|
2020-02-12 |
Fix clang build if CC is not in the path.
...
If CC points to clang the linker was set to ld.lld. Copy the diectory
name from CC is it has one.
Change-Id: I50aef5dddee4d2540b12b6d4e68068ad004446f7
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Arve Hjønnevåg
committed
on 12 Feb 2020
|
2020-02-11 |
Merge changes from topic "lm/fconf" into integration
...
* changes:
arm-io: Panic in case of io setup failure
MISRA fix: Use boolean essential type
fconf: Add documentation
fconf: Move platform io policies into fconf
fconf: Add mbedtls shared heap as property
fconf: Add TBBR disable_authentication property
fconf: Add dynamic config DTBs info as property
fconf: Populate properties from dtb during bl2 setup
fconf: Load config dtb from bl1
fconf: initial commit
Sandrine Bailleux
authored
on 11 Feb 2020
TrustedFirmware Code Review
committed
on 11 Feb 2020
|
2020-02-10 |
SPMD: enable SPM dispatcher support
...
This patch adds support to the build system to include support for the SPM
dispatcher when the SPD configuration option is spmd.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: Ic1ae50ecd7403fcbcf1d318abdbd6ebdc642f732
Achin Gupta
authored
on 11 Oct 2019
Max Shvetsov
committed
on 10 Feb 2020
|
2020-02-07 |
fconf: Move platform io policies into fconf
...
Use the firmware configuration framework to store the io_policies
information inside the configuration device tree instead of the static
structure in the code base.
The io_policies required by BL1 can't be inside the dtb, as this one is
loaded by BL1, and only available at BL2.
This change currently only applies to FVP platform.
Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Louis Mayencourt
committed
on 7 Feb 2020
|
2020-01-31 |
Merge "Add support for documentation build as a target in Makefile" into integration
Sandrine Bailleux
authored
on 31 Jan 2020
TrustedFirmware Code Review
committed
on 31 Jan 2020
|
2020-01-30 |
Merge changes from topic "sb/select-cot" into integration
...
* changes:
Introduce COT build option
cert_create: Remove references to TBBR in common code
cert_create: Introduce COT build option
cert_create: Introduce TBBR CoT makefile
Sandrine Bailleux
authored
on 30 Jan 2020
TrustedFirmware Code Review
committed
on 30 Jan 2020
|
2020-01-29 |
Introduce COT build option
...
Allows to select the chain of trust to use when the Trusted Boot feature
is enabled. This affects both the cert_create tool and the firmware
itself.
Right now, the only available CoT is TBBR.
Change-Id: I7ab54e66508a1416cb3fcd3dfb0f055696763b3d
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Sandrine Bailleux
committed
on 29 Jan 2020
|
Add support for documentation build as a target in Makefile
...
Command to build HTML-formatted pages from docs:
make doc
Change-Id: I4103c804b3564fe67d8fc5a3373679daabf3f2e9
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Madhukar Pappireddy
committed
on 29 Jan 2020
|
Merge "Enable -Wredundant-decls warning check" into integration
Soby Mathew
authored
on 29 Jan 2020
TrustedFirmware Code Review
committed
on 29 Jan 2020
|
2020-01-28 |
Enable -Wredundant-decls warning check
...
This flag warns if anything is declared more than once in the same
scope, even in cases where multiple declaration is valid and changes
nothing.
Consequently, this patch also fixes the issues reported by this
flag. Consider the following two lines of code from two different source
files(bl_common.h and bl31_plat_setup.c):
IMPORT_SYM(uintptr_t, __RO_START__, BL_CODE_BASE);
IMPORT_SYM(unsigned long, __RO_START__, BL2_RO_BASE);
The IMPORT_SYM macro which actually imports a linker symbol as a C expression.
The macro defines the __RO_START__ as an extern variable twice, one for each
instance. __RO_START__ symbol is defined by the linker script to mark the start
of the Read-Only area of the memory map.
Essentially, the platform code redefines the linker symbol with a different
(relevant) name rather than using the standard symbol. A simple solution to
fix this issue in the platform code for redundant declarations warning is
to remove the second IMPORT_SYM and replace it with following assignment
static const unsigned long BL2_RO_BASE = BL_CODE_BASE;
Change-Id: If4835d1ee462d52b75e5afd2a59b64828707c5aa
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Madhukar Pappireddy
committed
on 28 Jan 2020
|
Measured Boot: add function for hash calculation
...
This patch adds 'calc_hash' function using Mbed TLS library
required for Measured Boot support.
Change-Id: Ifc5aee0162d04db58ec6391e0726a526f29a52bb
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Alexei Fedorov
committed
on 28 Jan 2020
|
2020-01-24 |
TSP: add PIE support
...
This implementation simply mimics that of BL31.
Change-Id: Ibbaa4ca012d38ac211c52b0b3e97449947160e07
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada
committed
on 24 Jan 2020
|
BL2_AT_EL3: add PIE support
...
This implementation simply mimics that of BL31.
I did not implement the ENABLE_PIE support for BL2_IN_XIP_MEM=1 case.
It would make the linker script a bit uglier.
Change-Id: If3215abd99f2758dfb232e44b50320d04eba808b
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada
committed
on 24 Jan 2020
|
PIE: pass PIE options only to BL31
...
docs/getting_started/build-options.rst clearly says ENABLE_PIE is
currently only supported in BL31, but in fact, it has a stronger
limitation:
Defining ENABLE_PIE may corrupt BL1 and BL2. So, ENABLE_PIE is
supported only for platforms where BL31 is the only image built
in the TF-A tree.
Currently, ENABLE_PIE is enabled by two platforms,
plat/arm/common/arm_common.mk and ti/k3/common/plat_common.mk,
both of which enable ENABLE_PIE together with RESET_TO_BL31.
For platforms with the full boot sequence, ENABLE_PIE may break earlier
BL stages. For example, if I build PLAT=qemu with ENABLE_PIE=1, it
fails in BL1.
When ENABLE_PIE is enabled, PIE options are added to TF_CFLAGS and
TF_LDFLAGS, so all BL images are affected. It is problematic because
currently only the BL31 linker script handles it. Even if BL1/BL2
works, the image size would increase needlessly, at least.
Pass the PIE options only to BL images that support it.
Change-Id: I550e95148aa3c63571c8ad2081082c554a848f57
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada
committed
on 24 Jan 2020
|