2015-03-05 |
Fix violations to the coding style
...
All coding style violations have been fixed in a previous patch and
since then, each individual patch has been checked in this regard.
However, the latest version of the checkpatch.pl script from the Linux
kernel is more advanced and it is able to flag new errors in the
Trusted Firmware codebase. This patch fixes them.
Change-Id: I1f332f2440984be85d36b231bb83260368987077
Sandrine Bailleux
committed
on 5 Mar 2015
|
2015-01-28 |
TBB: add authentication module interface
...
This patch provides an API to access the authentication module that
will be used to verify the authenticity of the images loaded into
memory as part of the Trusted Board Boot process.
To include the authentication module as part of the build, set the
boolean build option TRUSTED_BOARD_BOOT. One single authentication
module must be registered at build time by setting the build option
AUTH_MOD=<mod_name>. All authentication modules will be located in
'common/auth/<mod_name>' and must present the <mod_name>.mk file that
will be included by the build system to compile the module sources.
To create an authentication module, an instance of auth_mod_t called
'auth_mod' must be declared in the module sources. The initialization
and verification functions provided by the module will be exported
through the function pointers specified when declaring this instance.
If an authentication module includes third party sources that do not
adhere to the C99 standard, the -pedantic option may be removed from
the build options by setting the flag DISABLE_PEDANTIC in the module
file <mod_name>.mk.
Change-Id: I080bb04bd421029bcdf22ec2c63807afbf061dcd
Juan Castillo
authored
on 13 Jan 2015
Dan Handley
committed
on 28 Jan 2015
|
TBB: add PolarSSL based authentication module
...
This patch implements an authentication module based on the
PolarSSL library (v1.3.9) to verify the Chain of Trust when
Trusted Boot is enabled.
PolarSSL sources must be fetched separately. The POLARSSL_DIR
build option may be used to indicate the path to the PolarSSL
main directory (this directory must contain the 'include' and
'library' subdirectories).
To be able to build PolarSSL sources as a part of the Trusted
Firmware build process, the DISABLE_PEDANTIC flag in polarssl.mk
will tell the build system to remove the -pedantic option from
the CFLAGS.
Inclusion of PolarSSL increases the memory requirements of the BL1
and BL2 images. The following are the changes made to the FVP and
Juno platforms to cater for this when TRUSTED_BOARD_BOOT is
defined:
Changes on FVP:
- BL1 and BL2 stacks have been increased to 4 KB
- BL1(rw) section has been increased to 32 KB.
- BL2 memory region has been increased to 112 KB
Changes on Juno:
- BL1 and BL2 stacks have been increased to 4 KB
- BL1(rw) section has been increased to 32 KB.
- Trusted ROM region in Flash has been increased to 128 KB.
- BL2 memory region has been increased to 116 KB
Change-Id: Ie87d80d43408eb6239c4acd0ec5ab2120e4e9e80
Juan Castillo
authored
on 13 Jan 2015
Dan Handley
committed
on 28 Jan 2015
|
Skip reserving memory for non-executable and BL3-0 images
...
This patch adds support to not reserve the memory where an image is
loaded if the image is:
1. A non-executable image e.g. a certificate
2. An executable image which is not meant to run on the
application CPU (e.g. BL3-0)
Both types of images are characterized by a NULL entrypoint argument
to the load_image() function. It is used to distinguish them from
other type of images.
Important: Use this feature carefully. The caller is responsible for
providing a valid entrypoint while loading images which will execute
on the application CPU to prevent a potential overwrite of the
corresponding memory region.
Change-Id: Ied482280d9db714c529ec12c33a6c1d918d77a4e
Juan Castillo
authored
on 19 Jan 2015
Dan Handley
committed
on 28 Jan 2015
|
2014-08-19 |
Rework use of labels in assembly macros.
...
This patch provides a workaround for the ASM_ASSERT label issue
and also reworks the use of labels in assembly macros.
If the caller of the ASM_ASSERT macro happened to use the
label '1' to jump past the ASM_ASSERT macro, it would not have
worked since the ASM_ASSERT macro internally used the same label.
Hence, as a workaround, this patch makes the label a high
number in the expectation that the caller will never use it.
Also updated the other assembly macros using numerical labels to
named lables.
Change-Id: Iec892359db84f2391ad2a83a92141c4d7049776a
Soby Mathew
committed
on 19 Aug 2014
|
2014-08-12 |
Rationalize console log output
...
Fix the following issues with the console log output:
* Make sure the welcome string is the first thing in the log output
(during normal boot).
* Prefix each message with the BL image name so it's clear which
BL the output is coming from.
* Ensure all output is wrapped in one of the log output macros so it can
be easily compiled out if necessary. Change some of the INFO() messages
to VERBOSE(), especially in the TSP.
* Create some extra NOTICE() and INFO() messages during cold boot.
* Remove all usage of \r in log output.
Fixes ARM-software/tf-issues#231
Change-Id: Ib24f7acb36ce64bbba549f204b9cde2dbb46c8a3
Dan Handley
committed
on 12 Aug 2014
|
2014-07-28 |
Merge pull request #177 from jcastillo-arm/jc/tf-issues/096
...
Rework incorrect use of assert() and panic() in codebase
danh-arm
committed
on 28 Jul 2014
|
Rework incorrect use of assert() and panic() in codebase
...
Assert a valid security state using the macro sec_state_is_valid().
Replace assert() with panic() in those cases that might arise
because of runtime errors and not programming errors.
Replace panic() with assert() in those cases that might arise
because of programming errors.
Fixes ARM-software/tf-issues#96
Change-Id: I51e9ef0439fd5ff5e0edfef49050b69804bf14d5
Juan Castillo
committed
on 28 Jul 2014
|
Rework the crash reporting in BL3-1 to use less stack
...
This patch reworks the crash reporting mechanism to further
optimise the stack and code size. The reporting makes use
of assembly console functions to avoid calling C Runtime
to report the CPU state. The crash buffer requirement is
reduced to 64 bytes with this implementation. The crash
buffer is now part of per-cpu data which makes retrieving
the crash buffer trivial.
Also now panic() will use crash reporting if
invoked from BL3-1.
Fixes ARM-software/tf-issues#199
Change-Id: I79d27a4524583d723483165dc40801f45e627da5
Soby Mathew
committed
on 28 Jul 2014
|
Implement an assert() callable from assembly code
...
The patch implements a macro ASM_ASSERT() which can
be invoked from assembly code. When assertion happens,
file name and line number of the check is written
to the crash console.
Fixes ARM-software/tf-issues#95
Change-Id: I6f905a068e1c0fa4f746d723f18df60daaa00a86
Soby Mathew
committed
on 28 Jul 2014
|
2014-07-25 |
Implement a leaner printf for Trusted Firmware
...
This patch implements a "tf_printf" which supports only the commonly
used format specifiers in Trusted Firmware, which uses a lot less
stack space than the stdlib printf function.
Fixes ARM-software/tf-issues#116
Change-Id: I7dfa1944f4c1e634b3e2d571f49afe02d109a351
Soby Mathew
committed
on 25 Jul 2014
|
2014-07-01 |
Remove concept of top/bottom image loading
...
This concept is no longer required since we now support loading of
images at fixed addresses only.
The image loader now automatically detects the position of the image
inside the current memory layout and updates the layout such that
memory fragmentation is minimised.
The 'attr' field of the meminfo data structure, which used to hold
the bottom/top loading information, has been removed. Also the 'next'
field has been removed as it wasn't used anywhere.
The 'init_bl2_mem_layout()' function has been moved out of common
code and put in BL1-specific code. It has also been renamed into
'bl1_init_bl2_mem_layout'.
Fixes ARM-software/tf-issues#109
Change-Id: I3f54642ce7b763d5ee3b047ad0ab59eabbcf916d
Sandrine Bailleux
committed
on 1 Jul 2014
|
2014-06-05 |
Make the entry point argument optional in load_image()
...
There are cases where the entry point information is useless to the
caller, e.g. when an image just needs to be loaded in memory but won't
ever be executed.
This patch allows load_image() function to take a NULL pointer as the
entry point argument. In this case, it won't be populated.
Change-Id: Ie9394b054457706c6699926c5e0206e0c3851c56
Sandrine Bailleux
committed
on 5 Jun 2014
|
2014-05-23 |
Move BL porting functions into platform.h
...
Some platform porting functions were in BL specific header files.
These have been moved to platform.h so that all porting functions
are in the same place. The functions are now grouped by BL.
Obsolete BL headers files have been removed.
Also, the weak declaration of the init_bl2_mem_layout() function
has been moved out the header file and into the source file
(bl_common.c) using the more succinct #pragma syntax. This
mitigates the risk of 2 weak definitions being created and the
wrong one being picked up by the compiler.
Change-Id: Ib19934939fd755f3e5a5a5bceec88da684308a83
Dan Handley
authored
on 15 May 2014
Achin Gupta
committed
on 23 May 2014
|
2014-05-22 |
Rework memory information passing to BL3-x images
...
The issues addressed in this patch are:
1. Remove meminfo_t from the common interfaces in BL3-x,
expecting that platform code will find a suitable mechanism
to determine the memory extents in these images and provide
it to the BL3-x images.
2. Remove meminfo_t and bl31_plat_params_t from all FVP BL3-x
code as the images use link-time information to determine
memory extents.
meminfo_t is still used by common interface in BL1/BL2 for
loading images
Change-Id: I4e825ebf6f515b59d84dc2bdddf6edbf15e2d60f
Vikram Kanigiri
committed
on 22 May 2014
|
Populate BL31 input parameters as per new spec
...
This patch is based on spec published at
https://github.com/ARM-software/tf-issues/issues/133
It rearranges the bl31_args struct into
bl31_params and bl31_plat_params which provide the
information needed for Trusted firmware and platform
specific data via x0 and x1
On the FVP platform BL3-1 params and BL3-1 plat params
and its constituents are stored at the start of TZDRAM.
The information about memory availability and size for
BL3-1, BL3-2 and BL3-3 is moved into platform specific data.
Change-Id: I8b32057a3d0dd3968ea26c2541a0714177820da9
Vikram Kanigiri
committed
on 22 May 2014
|
Rework handover interface between BL stages
...
This patch reworks the handover interface from: BL1 to BL2 and
BL2 to BL3-1. It removes the raise_el(), change_el(), drop_el()
and run_image() functions as they catered for code paths that were
never exercised.
BL1 calls bl1_run_bl2() to jump into BL2 instead of doing the same
by calling run_image(). Similarly, BL2 issues the SMC to transfer
execution to BL3-1 through BL1 directly. Only x0 and x1 are used
to pass arguments to BL31. These arguments and parameters for
running BL3-1 are passed through a reference to a
'el_change_info_t' structure. They were being passed value in
general purpose registers earlier.
Change-Id: Id4fd019a19a9595de063766d4a66295a2c9307e1
Vikram Kanigiri
committed
on 22 May 2014
|
Introduce macros to manipulate the SPSR
...
This patch introduces macros (SPSR_64 and SPSR_32) to
create a SPSR for both aarch32 and aarch64 execution
states. These macros allow the user to set fields
in the SPSR depending upon its format.
The make_spsr() function which did not allow
manipulation of all the fields in the aarch32 SPSR
has been replaced by these new macros.
Change-Id: I9425dda0923e8d5f03d03ddb8fa0e28392c4c61e
Vikram Kanigiri
committed
on 22 May 2014
|
2014-05-16 |
Rework BL3-1 unhandled exception handling and reporting
...
This patch implements the register reporting when unhandled exceptions are
taken in BL3-1. Unhandled exceptions will result in a dump of registers
to the console, before halting execution by that CPU. The Crash Stack,
previously called the Exception Stack, is used for this activity.
This stack is used to preserve the CPU context and runtime stack
contents for debugging and analysis.
This also introduces the per_cpu_ptr_cache, referenced by tpidr_el3,
to provide easy access to some of BL3-1 per-cpu data structures.
Initially, this is used to provide a pointer to the Crash stack.
panic() now prints the the error file and line number in Debug mode
and prints the PC value in release mode.
The Exception Stack is renamed to Crash Stack with this patch.
The original intention of exception stack is no longer valid
since we intend to support several valid exceptions like IRQ
and FIQ in the trusted firmware context. This stack is now
utilized for dumping and reporting the system state when a
crash happens and hence the rename.
Fixes ARM-software/tf-issues#79 Improve reporting of unhandled exception
Change-Id: I260791dc05536b78547412d147193cdccae7811a
Soby Mathew
committed
on 16 May 2014
|
2014-05-09 |
Introduce IS_IN_ELX() macros
...
The goal of these macros is to improve code readability by providing
a concise way to check whether we are running in the expected
exception level.
Change-Id: If9aebadfb6299a5196e9a582b442f0971d9909b1
Sandrine Bailleux
committed
on 9 May 2014
|
2014-05-06 |
Remove variables from .data section
...
Update code base to remove variables from the .data section,
mainly by using const static data where possible and adding
the const specifier as required. Most changes are to the IO
subsystem, including the framework APIs. The FVP power
management code is also affected.
Delay initialization of the global static variable,
next_image_type in bl31_main.c, until it is realy needed.
Doing this moves the variable from the .data to the .bss
section.
Also review the IO interface for inconsistencies, using
uintptr_t where possible instead of void *. Remove the
io_handle and io_dev_handle typedefs, which were
unnecessary, replacing instances with uintptr_t.
Fixes ARM-software/tf-issues#107.
Change-Id: I085a62197c82410b566e4698e5590063563ed304
Dan Handley
committed
on 6 May 2014
|
Reduce deep nesting of header files
...
Reduce the number of header files included from other header
files as much as possible without splitting the files. Use forward
declarations where possible. This allows removal of some unnecessary
"#ifndef __ASSEMBLY__" statements.
Also, review the .c and .S files for which header files really need
including and reorder the #include statements alphabetically.
Fixes ARM-software/tf-issues#31
Change-Id: Iec92fb976334c77453e010b60bcf56f3be72bd3e
Dan Handley
committed
on 6 May 2014
|
Always use named structs in header files
...
Add tag names to all unnamed structs in header files. This
allows forward declaration of structs, which is necessary to
reduce header file nesting (to be implemented in a subsequent
commit).
Also change the typedef names across the codebase to use the _t
suffix to be more conformant with the Linux coding style. The
coding style actually prefers us not to use typedefs at all but
this is considered a step too far for Trusted Firmware.
Also change the IO framework structs defintions to use typedef'd
structs to be consistent with the rest of the codebase.
Change-Id: I722b2c86fc0d92e4da3b15e5cab20373dd26786f
Dan Handley
committed
on 6 May 2014
|
Make use of user/system includes more consistent
...
Make codebase consistent in its use of #include "" syntax for
user includes and #include <> syntax for system includes.
Fixes ARM-software/tf-issues#65
Change-Id: If2f7c4885173b1fd05ac2cde5f1c8a07000c7a33
Dan Handley
committed
on 6 May 2014
|
Move include and source files to logical locations
...
Move almost all system include files to a logical sub-directory
under ./include. The only remaining system include directories
not under ./include are specific to the platform. Move the
corresponding source files to match the include directory
structure.
Also remove pm.h as it is no longer used.
Change-Id: Ie5ea6368ec5fad459f3e8a802ad129135527f0b3
Dan Handley
committed
on 6 May 2014
|
2014-03-26 |
Separate out BL2, BL3-1 and BL3-2 early exception vectors from BL1
...
bl1/aarch64/early_exceptions.S used to be re-used by BL2, BL3-1 and
BL3-2. There was some early SMC handling code in there that was not
required by the other bootloader stages. Therefore this patch
introduces an even simpler exception vector source file for BL2,
BL3-1 and BL3-2.
Fixes ARM-software/tf-issues#38
Change-Id: I0244b80e9930b0f8035156a0bf91cc3e9a8f995d
Sandrine Bailleux
authored
on 24 Mar 2014
Dan Handley
committed
on 26 Mar 2014
|
2014-03-21 |
Remove partially qualified asm helper functions
...
Each ARM Trusted Firmware image should know in which EL it is running
and it should use the corresponding register directly instead of reading
currentEL and knowing which asm register to read/write
Change-Id: Ief35630190b6f07c8fbb7ba6cb20db308f002945
Vikram Kanigiri
authored
on 11 Mar 2014
Dan Handley
committed
on 21 Mar 2014
|
2014-03-05 |
bl_common: add image_size()
...
Fixes ARM-software/tf-issues#42
Some callers of load_image() may need to get the size of the image
before/after loading it.
Change-Id: I8dc067b69fc711433651a560ba5a8c3519445857
Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
Ryan Harkin
authored
on 4 Feb 2014
Dan Handley
committed
on 5 Mar 2014
|
2014-02-26 |
Tolerate runtime service initialization failure
...
At present, the firmware panics if a runtime service fails to
initialize. An earlier patch had implemented late binding for all
runtime service handlers.
With that in place, this patch allows the firmware to proceed even when
a service fails to initialize.
Change-Id: I6cf4de2cecea9719f4cd48272a77cf459b080d4e
Jeenu Viswambharan
authored
on 20 Feb 2014
Dan Handley
committed
on 26 Feb 2014
|
2014-02-20 |
Report recoverable errors as warnings
...
At present many recoverable failures are reported as errors. This patch
modifies all such failures to be reported as warnings instead.
Change-Id: I5141653c82498defcada9b90fdf7498ba496b2f2
Jeenu Viswambharan
authored
on 20 Feb 2014
Dan Handley
committed
on 20 Feb 2014
|