2020-02-11 |
Merge changes from topic "lm/fconf" into integration
...
* changes:
arm-io: Panic in case of io setup failure
MISRA fix: Use boolean essential type
fconf: Add documentation
fconf: Move platform io policies into fconf
fconf: Add mbedtls shared heap as property
fconf: Add TBBR disable_authentication property
fconf: Add dynamic config DTBs info as property
fconf: Populate properties from dtb during bl2 setup
fconf: Load config dtb from bl1
fconf: initial commit
Sandrine Bailleux
authored
on 11 Feb 2020
TrustedFirmware Code Review
committed
on 11 Feb 2020
|
Merge changes from topic "spmd" into integration
...
* changes:
SPMD: enable SPM dispatcher support
SPMD: hook SPMD into standard services framework
SPMD: add SPM dispatcher based upon SPCI Beta 0 spec
SPMD: add support to run BL32 in TDRAM and BL31 in secure DRAM on Arm FVP
SPMD: add support for an example SPM core manifest
SPMD: add SPCI Beta 0 specification header file
Olivier Deprez
authored
on 11 Feb 2020
TrustedFirmware Code Review
committed
on 11 Feb 2020
|
2020-02-10 |
Merge "coverity: Fix MISRA null pointer violations" into integration
Mark Dykes
authored
on 10 Feb 2020
TrustedFirmware Code Review
committed
on 10 Feb 2020
|
SPMD: add support for an example SPM core manifest
...
This patch repurposes the TOS FW configuration file as the manifest for
the SPM core component which will reside at the secure EL adjacent to
EL3. The SPM dispatcher component will use the manifest to determine how
the core component must be initialised. Routines and data structure to
parse the manifest have also been added.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: Id94f8ece43b4e05609f0a1d364708a912f6203cb
Achin Gupta
authored
on 11 Oct 2019
Max Shvetsov
committed
on 10 Feb 2020
|
2020-02-07 |
Make PAC demangling more generic
...
At the moment, address demangling is only used by the backtrace
functionality. However, at some point, other parts of the TF-A
codebase may want to use it.
The 'demangle_address' function is replaced with a single XPACI
instruction which is also added in 'do_crash_reporting()'.
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Change-Id: I4424dcd54d5bf0a5f9b2a0a84c4e565eec7329ec
Alexei Fedorov
committed
on 7 Feb 2020
|
fconf: Add TBBR disable_authentication property
...
Use fconf to retrieve the `disable_authentication` property.
Move this access from arm dynamic configuration to bl common.
Change-Id: Ibf184a5c6245d04839222f5457cf5e651f252b86
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Louis Mayencourt
committed
on 7 Feb 2020
|
2020-02-05 |
coverity: Fix MISRA null pointer violations
...
Fix code that violates the MISRA rule:
MISRA C-2012 Rule 11.9: Literal "0" shall not be used as
null pointer constant.
The fix explicitly checks whether a pointer is NULL.
Change-Id: Ibc318dc0f464982be9a34783f24ccd1d44800551
Signed-off-by: Zelalem <zelalem.aweke@arm.com>
Zelalem
committed
on 5 Feb 2020
|
2020-02-03 |
FDT wrappers: add functions for read/write bytes
...
This patch adds 'fdtw_read_bytes' and 'fdtw_write_inplace_bytes'
functions for read/write array of bytes from/to a given property.
It also adds 'fdt_setprop_inplace_namelen_partial' to jmptbl.i
files for builds with USE_ROMLIB=1 option.
Change-Id: Ied7b5c8b38a0e21d508aa7bcf5893e656028b14d
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Alexei Fedorov
committed
on 3 Feb 2020
|
2020-01-22 |
FDT helper functions: Fix MISRA issues
...
Moving the FDT helper functions to the common/ directory exposed the file
to MISRA checking, which is mandatory for common code.
Fix the complaints that the test suite reported.
Change-Id: Ica8c8a95218bba5a3fd92a55407de24df58e8476
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara
authored
on 16 Sep 2019
Sandrine Bailleux
committed
on 22 Jan 2020
|
2019-11-14 |
Refactor load_auth_image_internal().
...
The pre-processor directives make it hard to read the non-TBB version of
this function. Refactor the code to improve readability. No functional
change introduced.
In particular, introduce a new helper function load_image_flush(),
that simply loads an image and flushes it out to main memory. This is
the only thing load_auth_image_internal() needs to do when TBB is
disabled or when authentication is dynamically disabled.
In other cases, we need to recursively authenticate the parent images up
to the root of trust. To make this clearer, this code gets moved to a
TBB-specific helper function called load_auth_image_recursive().
As a result, load_auth_image_internal() now boils down to calling the
right helper function (depending on TBB enablement and dynamic
authentication status).
Change-Id: I20a39a3b833810b97ecf4219358e7d2cac263890
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Sandrine Bailleux
committed
on 14 Nov 2019
|
2019-09-25 |
FDT helper functions: Respect architecture in PSCI function IDs
...
PSCI uses different function IDs for CPU_SUSPEND and CPU_ON, depending on
the architecture used (AArch64 or AArch32).
For recent PSCI versions the client will determine the right version,
but for PSCI v0.1 we need to put some ID in the DT node. At the moment
we always add the 64-bit IDs, which is not correct if TF-A is built for
AArch32.
Use the function IDs matching the TF-A build architecture, for the two
IDs where this differs. This only affects legacy OSes using PSCI v0.1.
On the way remove the sys_poweroff and sys_reset properties, which were
never described in the official PSCI DT binding.
Change-Id: If77bc6daec215faeb2dc67112e765aacafd17f33
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara
committed
on 25 Sep 2019
|
FDT helper functions: Add function documentation
...
Since we moved some functions that amend a DT blob in memory to common
code, let's add proper function documentation.
This covers the three exported functions in common/fdt_fixup.c.
Change-Id: I67d7d27344e62172c789d308662f78d54903cf57
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara
committed
on 25 Sep 2019
|
2019-09-16 |
Merge changes from topic "raspberry-pi-4-support" into integration
...
* changes:
Add fdt_add_reserved_memory() helper function
qemu: Move and generalise FDT PSCI fixup
Sandrine Bailleux
authored
on 16 Sep 2019
TrustedFirmware Code Review
committed
on 16 Sep 2019
|
2019-09-13 |
Add fdt_add_reserved_memory() helper function
...
If a firmware component like TF-A reserves special memory regions for
its own or secure payload services, it should announce the location and
size of those regions to the non-secure world. This will avoid
disappointment when some rich OS tries to acccess this memory, which
will likely end in a crash.
The traditional way of advertising reserved memory using device tree is
using the special memreserve feature of the device tree blob (DTB).
However by definition those regions mentioned there do not prevent the
rich OS to map this memory, which may lead to speculative accesses to
this memory and hence spurious bus errors.
A safer way of carving out memory is to use the /reserved-memory node as
part of the normal DT structure. Besides being easier to setup, this
also defines an explicit "no-map" property to signify the secure-only
nature of certain memory regions, which avoids the rich OS to
accidentally step on it.
Add a helper function to allow platform ports to easily add a region.
Change-Id: I2b92676cf48fd3bdacda05b5c6b1c7952ebed68c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara
committed
on 13 Sep 2019
|
qemu: Move and generalise FDT PSCI fixup
...
The QEMU platform port scans its device tree to advertise PSCI as the
CPU enable method. It does this by scanning *every* node in the DT and
check whether its compatible string starts with "arm,cortex-a". Then it
sets the enable-method to PSCI, if it doesn't already have one.
Other platforms might want to use this functionality as well, so let's
move it out of the QEMU platform directory and make it more robust by
fixing some shortcomings:
- A compatible string starting with a certain prefix is not a good way
to find the CPU nodes. For instance a "arm,cortex-a72-pmu" node will
match as well and is in turn favoured with an enable-method.
- If the DT already has an enable-method, we won't change this to PSCI.
Those two issues will for instance fail on the Raspberry Pi 4 DT.
To fix those problems, we adjust the scanning method:
The DT spec says that all CPU nodes are subnodes of the mandatory
/cpus node, which is a subnode of the root node. Also each CPU node has
to have a device_type = "cpu" property. So we find the /cpus node, then
scan for a subnode with the proper device_type, forcing the
enable-method to "psci".
We have to restart this search after a property has been patched, as the
node offsets might have changed meanwhile.
This allows this routine to be reused for the Raspberry Pi 4 later.
Change-Id: I00cae16cc923d9f8bb96a9b2a2933b9a79b06139
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara
committed
on 13 Sep 2019
|
Refactor ARMv8.3 Pointer Authentication support code
...
This patch provides the following features and makes modifications
listed below:
- Individual APIAKey key generation for each CPU.
- New key generation on every BL31 warm boot and TSP CPU On event.
- Per-CPU storage of APIAKey added in percpu_data[]
of cpu_data structure.
- `plat_init_apiakey()` function replaced with `plat_init_apkey()`
which returns 128-bit value and uses Generic timer physical counter
value to increase the randomness of the generated key.
The new function can be used for generation of all ARMv8.3-PAuth keys
- ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`.
- New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions
generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively;
pauth_disable_el1()` and `pauth_disable_el3()` functions disable
PAuth for EL1 and EL3 respectively;
`pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from
cpu-data structure.
- Combined `save_gp_pauth_registers()` function replaces calls to
`save_gp_registers()` and `pauth_context_save()`;
`restore_gp_pauth_registers()` replaces `pauth_context_restore()`
and `restore_gp_registers()` calls.
- `restore_gp_registers_eret()` function removed with corresponding
code placed in `el3_exit()`.
- Fixed the issue when `pauth_t pauth_ctx` structure allocated space
for 12 uint64_t PAuth registers instead of 10 by removal of macro
CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h`
and assigning its value to CTX_PAUTH_REGS_END.
- Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions
in `msr spsel` instruction instead of hard-coded values.
- Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI.
Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Alexei Fedorov
committed
on 13 Sep 2019
|
2019-08-29 |
Move assembly newline function into common debug code
...
Printing a newline is a relatively common functionality for code to want
to do. Therefore, this patch now moves this function into a common part
of the code that anyone can use.
Change-Id: I2cad699fde00ef8d2aabf8bf35742ddd88d090ba
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Justin Chadwell
authored
on 20 Aug 2019
Paul Beesley
committed
on 29 Aug 2019
|
2019-08-15 |
AArch64: Align crash reporting output
...
This patch modifies crash reporting for AArch64 to provide
aligned output of register dump and GIC registers.
Change-Id: I8743bf1d2d6d56086e735df43785ef28051c5fc3
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Alexei Fedorov
authored
on 29 Jul 2019
Paul Beesley
committed
on 15 Aug 2019
|
2019-08-01 |
Switch AARCH32/AARCH64 to __aarch64__
...
NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__.
All common C compilers pre-define the same macros to signal which
architecture the code is being compiled for: __arm__ for AArch32 (or
earlier versions) and __aarch64__ for AArch64. There's no need for TF-A
to define its own custom macros for this. In order to unify code with
the export headers (which use __aarch64__ to avoid another dependency),
let's deprecate the AARCH32 and AARCH64 macros and switch the code base
over to the pre-defined standard macro. (Since it is somewhat
unintuitive that __arm__ only means AArch32, let's standardize on only
using __aarch64__.)
Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200
Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner
committed
on 1 Aug 2019
|
2019-07-25 |
Merge changes I0d17ba6c,I540741d2,I9e6475ad,Ifd769320,I12c04a85, ... into integration
...
* changes:
plat/mediatek/mt81*: Use new bl31_params_parse() helper
plat/rockchip: Use new bl31_params_parse_helper()
Add helper to parse BL31 parameters (both versions)
Factor out cross-BL API into export headers suitable for 3rd party code
Use explicit-width data types in AAPCS parameter structs
plat/rockchip: Switch to use new common BL aux parameter library
Introduce lightweight BL platform parameter library
Soby Mathew
authored
on 25 Jul 2019
TrustedFirmware Code Review
committed
on 25 Jul 2019
|
2019-07-23 |
Add helper to parse BL31 parameters (both versions)
...
BL31 used to take a single bl31_params_t parameter structure with entry
point information in arg0. In commit 726002263 (Add new version of image
loading.) this API was changed to a more flexible linked list approach,
and the old parameter structure was copied into all platforms that still
used the old format. This duplicated code unnecessarily among all these
platforms.
This patch adds a helper function that platforms can optionally link to
outsource the task of interpreting arg0. Many platforms are just
interested in the BL32 and BL33 entry point information anyway. Since
some platforms still need to support the old version 1 parameters, the
helper will support both formats when ERROR_DEPRECATED == 0. This allows
those platforms to drop a bunch of boilerplate code and asynchronously
update their BL2 implementation to the newer format.
Change-Id: I9e6475adb1a7d4bccea666118bd1c54962e9fc38
Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner
committed
on 23 Jul 2019
|
2019-07-17 |
Merge "backtrace: Strip PAC field when PAUTH is enabled" into integration
Soby Mathew
authored
on 17 Jul 2019
TrustedFirmware Code Review
committed
on 17 Jul 2019
|
backtrace: Strip PAC field when PAUTH is enabled
...
When pointer authentication is enabled, the LR value saved on the stack
contains a Pointer Authentication Code (PAC). It must be stripped to
retrieve the return address.
The PAC field is stored on the high bits of the address and defined as:
- PAC field = Xn[54:bottom_PAC_bit], when address tagging is used.
- PAC field = Xn[63:56, 54:bottom_PAC_bit], without address tagging.
With bottom_PAC_bit = 64 - TCR_ELx.TnSZ
Change-Id: I21d804e58200dfeca1da4c2554690bed5d191936
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Louis Mayencourt
committed
on 17 Jul 2019
|
2019-07-10 |
Remove references to old project name from common files
...
The project has been renamed from "Arm Trusted Firmware (ATF)" to
"Trusted Firmware-A (TF-A)" long ago. A few references to the old
project name that still remained in various places have now been
removed.
This change doesn't affect any platform files. Any "ATF" references
inside platform files, still remain.
Change-Id: Id97895faa5b1845e851d4d50f5750de7a55bf99e
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
John Tsichritzis
committed
on 10 Jul 2019
|
2019-03-01 |
Correctly check for support of Address Authentication
...
Check for both IMPLEMENTATION_DEFINED and Architected algorithms of
Address Authentication.
Change-Id: I209dcc6087172cfef7baf8d09e0454628f02cbd0
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 1 Mar 2019
|
2019-02-27 |
Add support for pointer authentication
...
The previous commit added the infrastructure to load and save
ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
didn't actually enable pointer authentication in the firmware.
This patch adds the functionality needed for platforms to provide
authentication keys for the firmware, and a new option (ENABLE_PAUTH) to
enable pointer authentication in the firmware itself. This option is
disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be
enabled.
Change-Id: I35127ec271e1198d43209044de39fa712ef202a5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 27 Feb 2019
|
2019-01-31 |
Remove dead code related to LOAD_IMAGE_V2=0
...
Commit ed51b51f7a9163a ("Remove build option LOAD_IMAGE_V2") intended
to remove all code related to LOAD_IMAGE_V2=0 but missed a few things.
Change-Id: I16aaf52779dd4af1e134e682731328c5f1e5d622
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Sandrine Bailleux
committed
on 31 Jan 2019
|
2019-01-30 |
Remove support for the SMC Calling Convention 2.0
...
This reverts commit 2f370465241c ("Add support for the SMC Calling
Convention 2.0").
SMCCC v2.0 is no longer required for SPM, and won't be needed in the
future. Removing it makes the SMC handling code less complicated.
The SPM implementation based on SPCI and SPRT was using it, but it has
been adapted to SMCCC v1.0.
Change-Id: I36795b91857b2b9c00437cfbfed04b3c1627f578
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 30 Jan 2019
|
2019-01-23 |
plat/arm: Save BL2 descriptors to reserved memory.
...
On ARM platforms, the BL2 memory can be overlaid by BL31/BL32. The memory
descriptors describing the list of executable images are created in BL2
R/W memory, which could be possibly corrupted later on by BL31/BL32 due
to overlay. This patch creates a reserved location in SRAM for these
descriptors and are copied over by BL2 before handing over to next BL
image.
Also this patch increases the PLAT_ARM_MAX_BL2_SIZE for juno when TBBR
is enabled.
Fixes ARM-Software/tf-issues#626
Change-Id: I755735706fa702024b4032f51ed4895b3687377f
Signed-off-by: Sathees Balya <sathees.balya@arm.com>
Sathees Balya
committed
on 23 Jan 2019
|
2019-01-15 |
Correct typographical errors
...
Corrects typos in core code, documentation files, drivers, Arm
platforms and services.
None of the corrections affect code; changes are limited to comments
and other documentation.
Change-Id: I5c1027b06ef149864f315ccc0ea473e2a16bfd1d
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Paul Beesley
committed
on 15 Jan 2019
|