2019-10-03 |
Introducing support for Cortex-A65AE
...
Change-Id: I1ea2bf088f1e001cdbd377cbfb7c6a2866af0422
Signed-off-by: Imre Kis <imre.kis@arm.com>
Imre Kis
committed
on 3 Oct 2019
|
Merge "a5ds: Add handler for when user tries to switch off secondary cores" into integration
Soby Mathew
authored
on 3 Oct 2019
TrustedFirmware Code Review
committed
on 3 Oct 2019
|
a5ds: Add handler for when user tries to switch off secondary cores
...
a5ds only has always-on power domain and there is no power control
present. However, without the pwr_domain_off handler, the kernel
panics when the user will try to switch off secondary cores. The
a5ds_pwr_domain_off handler will prevent kernel from crashing,
i.e. the kernel will attempt but fail to shut down the secondary CPUs
if the user tries to switch them offline.
Change-Id: I3c2239a1b6f035113ddbdda063c8495000cbe30c
Signed-off-by: Usama Arif <usama.arif@arm.com>
Usama Arif
committed
on 3 Oct 2019
|
2019-10-02 |
Introducing support for Cortex-A65
...
Change-Id: I645442d52a295706948e2cac88c36c1a3cb0bc47
Signed-off-by: Imre Kis <imre.kis@arm.com>
Imre Kis
committed
on 2 Oct 2019
|
2019-09-30 |
Cortex_hercules: Add support for Hercules-AE
...
Not tested on FVP Model.
Change-Id: Iedebc5c1fbc7ea577e94142b7feafa5546f1f4f9
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Artsem Artsemenka
committed
on 30 Sep 2019
|
2019-09-27 |
Merge changes from topic "a5ds-multicore" into integration
...
* changes:
a5ds: add multicore support
a5ds: Hold the secondary cpus in pen rather than panic
Soby Mathew
authored
on 27 Sep 2019
TrustedFirmware Code Review
committed
on 27 Sep 2019
|
Merge changes from topic "mp/giv3-discovery" into integration
...
* changes:
Migrate ARM platforms to use the new GICv3 API
Adding new optional PSCI hook pwr_domain_on_finish_late
GICv3: Enable multi socket GIC redistributor frame discovery
Soby Mathew
authored
on 27 Sep 2019
TrustedFirmware Code Review
committed
on 27 Sep 2019
|
2019-09-25 |
Migrate ARM platforms to use the new GICv3 API
...
This patch invokes the new function gicv3_rdistif_probe() in the
ARM platform specific gicv3 driver. Since this API modifies the
shared GIC related data structure, it must be invoked coherently
by using the platform specific pwr_domain_on_finish_late hook.
Change-Id: I6efb17d5da61545a1c5a6641b8f58472b31e62a8
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Madhukar Pappireddy
committed
on 25 Sep 2019
|
FVP: Fix plat_set_nv_ctr() function
...
The Fast Models provide a non-volatile counter component, which is used
in the Trusted Board Boot implementation to protect against rollback
attacks.
This component comes in 2 versions (see [1]).
- Version 0 is the default and models a locked non-volatile counter,
whose value is fixed.
- Version 1 of the counter may be incremented in a monotonic fashion.
plat_set_nv_ctr() must cope with both versions. This is achieved by:
1) Attempting to write the new value in the counter.
2) Reading the value back.
3) If there is a mismatch, we know the counter upgrade failed.
When using version 0 of the counter, no upgrade is possible so the
function is expected to fail all the time. However, the code is
missing a compiler barrier between the write operation and the next
read. Thus, the compiler may optimize and remove the read operation on
the basis that the counter value has not changed. With the default
optimization level used in TF-A (-Os), this is what's happening.
The fix introduced in this patch marks the write and subsequent read
accesses to the counter as volatile, such that the compiler makes no
assumption about the value of the counter.
Note that the comment above plat_set_nv_ctr() was clearly stating
that when using the read-only version of the non-volatile counter,
"we expect the values in the certificates to always match the RO
values so that this function is never called". However, the fact that
the counter value was read back seems to contradict this comment, as
it is implementing a counter-measure against misuse of the
function. The comment has been reworded to avoid any confusion.
Without this patch, this bug may be demonstrated on the Base AEM FVP:
- Using version 0 of the non-volatile counter (default version).
- With certificates embedding a revision number value of 32
(compiling TF-A with TFW_NVCTR_VAL=32).
In this configuration, the non-volatile counter is tied to value 31 by
default. When BL1 loads the Trusted Boot Firmware certificate, it
notices that the two values do not match and tries to upgrade the
non-volatile counter. This write operation is expected to fail
(because the counter is locked) and the function is expected to return
an error but it succeeds instead.
As a result, the trusted boot does not abort as soon as it should and
incorrectly boots BL2. The boot is finally aborted when BL2 verifies
the BL31 image and figures out that the version of the SoC Firmware
Key Certificate does not match. On Arm platforms, only certificates
signed with the Root-of-Trust Key may trigger an upgrade of the
non-volatile Trusted counter.
[1] https://developer.arm.com/docs/100964/1160/fast-models-components/peripheral-components/nonvolatilecounter
Change-Id: I9979f29c23b47b338b9b484013d1fb86c59db92f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Sandrine Bailleux
committed
on 25 Sep 2019
|
2019-09-23 |
a5ds: add multicore support
...
Enable cores 1-3 using psci. On receiving the smc call from kernel,
core 0 will bring the secondary cores out pen and signal an event for
the cores. Currently on switching the cores is enabled i.e. it is not
possible to suspend, switch cores off, etc.
Change-Id: I6087e1d2ec650e1d587fd543efc1b08cbb50ae5f
Signed-off-by: Usama Arif <usama.arif@arm.com>
Usama Arif
committed
on 23 Sep 2019
|
a5ds: Hold the secondary cpus in pen rather than panic
...
For the secondary CPUs, hold the cpu in wfe rather then panic.
This will be needed when multicore support is added to a5ds as
the smc call will write to the hold base and signal an event to
power on the secondary CPUs.
Change-Id: I0ffc2059e9ef894c21375ca5c94def859bfa6599
Signed-off-by: Usama Arif <usama.arif@arm.com>
Usama Arif
committed
on 23 Sep 2019
|
2019-09-13 |
Merge "Refactor ARMv8.3 Pointer Authentication support code" into integration
Soby Mathew
authored
on 13 Sep 2019
TrustedFirmware Code Review
committed
on 13 Sep 2019
|
Refactor ARMv8.3 Pointer Authentication support code
...
This patch provides the following features and makes modifications
listed below:
- Individual APIAKey key generation for each CPU.
- New key generation on every BL31 warm boot and TSP CPU On event.
- Per-CPU storage of APIAKey added in percpu_data[]
of cpu_data structure.
- `plat_init_apiakey()` function replaced with `plat_init_apkey()`
which returns 128-bit value and uses Generic timer physical counter
value to increase the randomness of the generated key.
The new function can be used for generation of all ARMv8.3-PAuth keys
- ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`.
- New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions
generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively;
pauth_disable_el1()` and `pauth_disable_el3()` functions disable
PAuth for EL1 and EL3 respectively;
`pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from
cpu-data structure.
- Combined `save_gp_pauth_registers()` function replaces calls to
`save_gp_registers()` and `pauth_context_save()`;
`restore_gp_pauth_registers()` replaces `pauth_context_restore()`
and `restore_gp_registers()` calls.
- `restore_gp_registers_eret()` function removed with corresponding
code placed in `el3_exit()`.
- Fixed the issue when `pauth_t pauth_ctx` structure allocated space
for 12 uint64_t PAuth registers instead of 10 by removal of macro
CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h`
and assigning its value to CTX_PAUTH_REGS_END.
- Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions
in `msr spsel` instruction instead of hard-coded values.
- Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI.
Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Alexei Fedorov
committed
on 13 Sep 2019
|
2019-09-11 |
Modify FVP makefile for cores that support both AArch64/32
...
Some cores support only AArch64 from EL1 and above, e.g. A76, N1 etc. If
TF-A is compiled with CTX_INCLUDE_AARCH32_REGS=0 so as to properly
handle those cores, only the AArch64 cores' assembly is included in the
TF-A binary. In other words, for FVP, TF-A assumes that AArch64 only
cores will never exist in the same cluster with cores that also support
AArch32.
However, A55 and A75 can be used as AArch64 only cores, despite
supporting AArch32, too. This patch enables A55 and A75 to exist in
clusters together with AArch64 cores.
Change-Id: I58750ad6c3d76ce77eb354784c2a42f2c179031d
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
John Tsichritzis
committed
on 11 Sep 2019
|
2019-08-20 |
Merge "plat/arm: Introduce corstone700 platform." into integration
Paul Beesley
authored
on 20 Aug 2019
TrustedFirmware Code Review
committed
on 20 Aug 2019
|
plat/arm: Introduce corstone700 platform.
...
This patch adds support for Corstone-700 foundation IP, which integrates
both Cortex-M0+ and Cortex-A(Host) processors in one handy, flexible
subsystem.
This is an example implementation of Corstone-700 IP host firmware.
Cortex-M0+ will take care of boot stages 1 and 2(BL1/BL2) as well as
bringing Host out RESET. Host will start execution directly from BL32 and
then will jump to Linux.
It is an initial port and additional features are expected to be added
later.
Change-Id: I7b5c0278243d574284b777b2408375d007a7736e
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Manish Pandey
committed
on 20 Aug 2019
|
2019-08-16 |
Merge "FVP: Add Delay Timer driver to BL1 and BL31" into integration
Paul Beesley
authored
on 16 Aug 2019
TrustedFirmware Code Review
committed
on 16 Aug 2019
|
FVP: Add Delay Timer driver to BL1 and BL31
...
SMMUv3 driver functions which are called from BL1 and BL31
currently use counter-based poll method for testing status
bits. Adding Delay Timer driver to BL1 and BL31 is required
for timeout-based implementation using timer delay functions
for SMMU and other drivers.
This patch adds new function `fvp_timer_init()` which
initialises either System level generic or SP804 timer based on
FVP_USE_SP804_TIMER build flag.
In BL2U `bl2u_early_platform_setup()` function the call to
`arm_bl2u_early_platform_setup()` (which calls
`generic_delay_timer_init()` ignoring FVP_USE_SP804_TIMER flag),
is replaced with `arm_console_boot_init()` and `fvp_timer_init()`.
Change-Id: Ifd8dcebf4019e877b9bc5641551deef77a44c0d1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Alexei Fedorov
committed
on 16 Aug 2019
|
Merge changes from topic "lm/juno_dyn_cfg" into integration
...
* changes:
Juno: Use shared mbedtls heap between bl1 and bl2
Juno: add basic support for dynamic config
Paul Beesley
authored
on 16 Aug 2019
TrustedFirmware Code Review
committed
on 16 Aug 2019
|
2019-08-13 |
Juno: Use shared mbedtls heap between bl1 and bl2
...
Change-Id: Ia1ecad58ebf9de3f3a44b17ad1de57424b431125
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Louis Mayencourt
committed
on 13 Aug 2019
|
Juno: add basic support for dynamic config
...
Add the disable_auth dynamic parameter, that allows to disable the
authentication when TBBR is enabled. This parameter is for development
only.
Change-Id: Ic24ad16738517f7e07c4f506dcf69a1ae8df7d2d
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Louis Mayencourt
committed
on 13 Aug 2019
|
2019-08-01 |
Switch AARCH32/AARCH64 to __aarch64__
...
NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__.
All common C compilers pre-define the same macros to signal which
architecture the code is being compiled for: __arm__ for AArch32 (or
earlier versions) and __aarch64__ for AArch64. There's no need for TF-A
to define its own custom macros for this. In order to unify code with
the export headers (which use __aarch64__ to avoid another dependency),
let's deprecate the AARCH32 and AARCH64 macros and switch the code base
over to the pre-defined standard macro. (Since it is somewhat
unintuitive that __arm__ only means AArch32, let's standardize on only
using __aarch64__.)
Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200
Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner
committed
on 1 Aug 2019
|
Replace __ASSEMBLY__ with compiler-builtin __ASSEMBLER__
...
NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__.
All common C compilers predefine a macro called __ASSEMBLER__ when
preprocessing a .S file. There is no reason for TF-A to define it's own
__ASSEMBLY__ macro for this purpose instead. To unify code with the
export headers (which use __ASSEMBLER__ to avoid one extra dependency),
let's deprecate __ASSEMBLY__ and switch the code base over to the
predefined standard.
Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417
Signed-off-by: Julius Werner <jwerner@chromium.org>
Julius Werner
committed
on 1 Aug 2019
|
2019-07-26 |
Merge "sgm775: Fix build fail for TSP support on sgm775" into integration
Soby Mathew
authored
on 26 Jul 2019
TrustedFirmware Code Review
committed
on 26 Jul 2019
|
2019-07-25 |
Merge changes from topic "gby/cryptocell-multi-vers" into integration
...
* changes:
cryptocell: add product version awareness support
cryptocell: move Cryptocell specific API into driver
Soby Mathew
authored
on 25 Jul 2019
TrustedFirmware Code Review
committed
on 25 Jul 2019
|
sgm775: Fix build fail for TSP support on sgm775
...
Fixed the path to a source file specified in tsp makefile
Created a platform specific tsp makefile
Change-Id: I89565127c67eff510e48e21fd450af4c3088c2d4
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Madhukar Pappireddy
committed
on 25 Jul 2019
|
cryptocell: move Cryptocell specific API into driver
...
Code using Cryptocell specific APIs was used as part of the
arm common board ROT support, instead of being abstracted
in Cryptocell specific driver code, creating two problems:
- Any none arm board that uses Cryptocell wuld need to
copy and paste the same code.
- Inability to cleanly support multiple versions of Cryptocell
API and products.
Move over Cryptocell specific API calls into the Cryptocell
driver, creating abstraction API where needed.
Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com>
Change-Id: I9e03ddce90fcc47cfdc747098bece86dbd11c58e
Gilad Ben-Yossef
committed
on 25 Jul 2019
|
2019-07-23 |
Merge "n1sdp: fix DMC ECC enablement sequence in N1SDP platform" into integration
Soby Mathew
authored
on 23 Jul 2019
TrustedFirmware Code Review
committed
on 23 Jul 2019
|
Merge "arm: Shorten the Firmware Update (FWU) process" into integration
Soby Mathew
authored
on 23 Jul 2019
TrustedFirmware Code Review
committed
on 23 Jul 2019
|
n1sdp: fix DMC ECC enablement sequence in N1SDP platform
...
The DMC-620 memory controllers in N1SDP platform has to be put
into CONFIG state before writing to ERR0CTLR0 register to enable
ECC.
This patch fixes the sequence so that DMCs are set to CONFIG
state before writing to ERR0CTLR0 register and moved back to
READY state after writing.
Change-Id: I1252f3ae0991603bb29234029cddb5fbf869c1b2
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Manoj Kumar
committed
on 23 Jul 2019
|