diff --git a/Makefile b/Makefile index 2b630b3..16f920c 100644 --- a/Makefile +++ b/Makefile @@ -32,7 +32,7 @@ # Trusted Firmware Version # VERSION_MAJOR := 1 -VERSION_MINOR := 2 +VERSION_MINOR := 3 # Default goal is build all images .DEFAULT_GOAL := all diff --git a/docs/change-log.md b/docs/change-log.md index 627b1c2..74edf98 100644 --- a/docs/change-log.md +++ b/docs/change-log.md @@ -1,3 +1,229 @@ + +ARM Trusted Firmware - version 1.3 +================================== + +New features +------------ + +* Added support for running Trusted Firmware in AArch32 execution state. + + The PSCI library has been refactored to allow integration with **EL3 Runtime + Software**. This is software that is executing at the highest secure + privilege which is EL3 in AArch64 or Secure SVC/Monitor mode in AArch32. See + [PSCI Integration Guide]. + + Included is a minimal AArch32 Secure Payload, **SP-MIN**, that illustrates + the usage and integration of the PSCI library with EL3 Runtime Software + running in AArch32 state. + + Booting to the BL1/BL2 images as well as booting straight to the Secure + Payload is supported. + +* Improvements to the initialization framework for the PSCI service and ARM + Standard Services in general. + + The PSCI service is now initialized as part of ARM Standard Service + initialization. This consolidates the initializations of any ARM Standard + Service that may be added in the future. + + A new function `get_arm_std_svc_args()` is introduced to get arguments + corresponding to each standard service and must be implemented by the EL3 + Runtime Software. + + For PSCI, a new versioned structure `psci_lib_args_t` is introduced to + initialize the PSCI Library. **Note** this is a compatibility break due to + the change in the prototype of `psci_setup()`. + +* To support AArch32 builds of BL1 and BL2, implemented a new, alternative + firmware image loading mechanism that adds flexibility. + + The current mechanism has a hard-coded set of images and execution order + (BL31, BL32, etc). The new mechanism is data-driven by a list of image + descriptors provided by the platform code. + + ARM platforms have been updated to support the new loading mechanism. + + The new mechanism is enabled by a build flag (`LOAD_IMAGE_V2`) which is + currently off by default for the AArch64 build. + + **Note** `TRUSTED_BOARD_BOOT` is currently not supported when + `LOAD_IMAGE_V2` is enabled. + +* Updated requirements for making contributions to ARM TF. + + Commits now must have a 'Signed-off-by:' field to certify that the + contribution has been made under the terms of the + [Developer Certificate of Origin]. + + A signed CLA is no longer required. + + The [Contribution Guide] has been updated to reflect this change. + +* Introduced Performance Measurement Framework (PMF) which provides support + for capturing, storing, dumping and retrieving time-stamps to measure the + execution time of critical paths in the firmware. This relies on defining + fixed sample points at key places in the code. + +* To support the QEMU platform port, imported libfdt v1.4.1 from + https://git.kernel.org/cgit/utils/dtc/dtc.git + +* Updated PSCI support: + + * Added support for PSCI NODE_HW_STATE API for ARM platforms. + + * New optional platform hook, `pwr_domain_pwr_down_wfi()`, in + `plat_psci_ops` to enable platforms to perform platform-specific actions + needed to enter powerdown, including the 'wfi' invocation. + + * PSCI STAT residency and count functions have been added on ARM platforms + by using PMF. + +* Enhancements to the translation table library: + + * Limited memory mapping support for region overlaps to only allow regions + to overlap that are identity mapped or have the same virtual to physical + address offset, and overlap completely but must not cover the same area. + + This limitation will enable future enhancements without having to + support complex edge cases that may not be necessary. + + * The initial translation lookup level is now inferred from the virtual + address space size. Previously, it was hard-coded. + + * Added support for mapping Normal, Inner Non-cacheable, Outer + Non-cacheable memory in the translation table library. + + This can be useful to map a non-cacheable memory region, such as a DMA + buffer. + + * Introduced the MT_EXECUTE/MT_EXECUTE_NEVER memory mapping attributes to + specify the access permissions for instruction execution of a memory + region. + +* Enabled support to isolate code and read-only data on separate memory pages, + allowing independent access control to be applied to each. + +* Enabled SCR_EL3.SIF (Secure Instruction Fetch) bit in BL1 and BL31 common + architectural setup code, preventing fetching instructions from non-secure + memory when in secure state. + +* Enhancements to FIP support: + + * Replaced `fip_create` with `fiptool` which provides a more consistent + and intuitive interface as well as additional support to remove an image + from a FIP file. + + * Enabled printing the SHA256 digest with info command, allowing quick + verification of an image within a FIP without having to extract the + image and running sha256sum on it. + + * Added support for unpacking the contents of an existing FIP file into + the working directory. + + * Aligned command line options for specifying images to use same naming + convention as specified by TBBR and already used in cert_create tool. + +* Refactored the TZC-400 driver to also support memory controllers that + integrate TZC functionality, for example ARM CoreLink DMC-500. Also added + DMC-500 specific support. + +* Implemented generic delay timer based on the system generic counter and + migrated all platforms to use it. + +* Enhanced support for ARM platforms: + + * Updated image loading support to make SCP images (SCP_BL2 and SCP_BL2U) + optional. + + * Enhanced topology description support to allow multi-cluster topology + definitions. + + * Added interconnect abstraction layer to help platform ports select the + right interconnect driver, CCI or CCN, for the platform. + + * Added support to allow loading BL31 in the TZC-secured DRAM instead of + the default secure SRAM. + + * Added support to use a System Security Control (SSC) Registers Unit + enabling ARM TF to be compiled to support multiple ARM platforms and + then select one at runtime. + + * Restricted mapping of Trusted ROM in BL1 to what is actually needed by + BL1 rather than entire Trusted ROM region. + + * Flash is now mapped as execute-never by default. This increases security + by restricting the executable region to what is strictly needed. + +* Applied following erratum workarounds for Cortex-A57: 833471, 826977, + 829520, 828024 and 826974. + +* Added support for Mediatek MT6795 platform. + +* Added support for QEMU virtualization ARMv8-A target. + +* Added support for Rockchip RK3368 and RK3399 platforms. + +* Added support for Xilinx Zynq UltraScale+ MPSoC platform. + +* Added support for ARM Cortex-A73 MPCore Processor. + +* Added support for ARM Cortex-A72 processor. + +* Added support for ARM Cortex-A35 processor. + +* Added support for ARM Cortex-A32 MPCore Processor. + +* Enabled preloaded BL33 alternative boot flow, in which BL2 does not load + BL33 from non-volatile storage and BL31 hands execution over to a preloaded + BL33. The User Guide has been updated with an example of how to use this + option with a bootwrapped kernel. + +* Added support to build ARM TF on a Windows-based host machine. + +* Updated Trusted Board Boot prototype implementation: + + * Enabled the ability for a production ROM with TBBR enabled to boot test + software before a real ROTPK is deployed (e.g. manufacturing mode). + Added support to use ROTPK in certificate without verifying against the + platform value when `ROTPK_NOT_DEPLOYED` bit is set. + + * Added support for non-volatile counter authentication to the + Authentication Module to protect against roll-back. + +* Updated GICv3 support: + + * Enabled processor power-down and automatic power-on using GICv3. + + * Enabled G1S or G0 interrupts to be configured independently. + + * Changed FVP default interrupt driver to be the GICv3-only driver. + **Note** the default build of Trusted Firmware will not be able to boot + Linux kernel with GICv2 FDT blob. + + * Enabled wake-up from CPU_SUSPEND to stand-by by temporarily re-routing + interrupts and then restoring after resume. + +Issues resolved since last release +---------------------------------- + +Known issues +------------ + +* The version of the AEMv8 Base FVP used in this release resets the model + instead of terminating its execution in response to a shutdown request using + the PSCI `SYSTEM_OFF` API. This issue will be fixed in a future version of + the model. + +* Building TF with compiler optimisations disabled (`-O0`) fails. + + +* ARM TF cannot be built with mbed TLS version v2.3.0 due to build warnings + that the ARM TF build system interprets as errors. + +* TBBR is not currently supported when running Trusted Firmware in AArch32 + state. + + ARM Trusted Firmware - version 1.2 ================================== @@ -860,7 +1086,7 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - -_Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved._ +_Copyright (c) 2013-2016, ARM Limited and Contributors. All rights reserved._ [OP-TEE Dispatcher]: optee-dispatcher.md [Power Domain Topology Design]: psci-pd-tree.md @@ -868,3 +1094,10 @@ [Authentication Framework]: auth-framework.md [Firmware Update]: firmware-update.md [TF Reset Design]: reset-design.md +[PSCI Integration Guide]: psci-lib-integration-guide.md +[Firmware Design]: firmware-design.md +[CPU Specific Build Macros]: cpu-specific-build-macros.md +[User Guide]: user-guide.md +[Porting Guide]: porting-guide.md +[Developer Certificate of Origin]: ../dco.txt +[Contribution Guide]: ../contributing.md diff --git a/readme.md b/readme.md index cc2294b..d9a1714 100644 --- a/readme.md +++ b/readme.md @@ -1,4 +1,4 @@ -ARM Trusted Firmware - version 1.2 +ARM Trusted Firmware - version 1.3 ================================== ARM Trusted Firmware provides a reference implementation of secure world @@ -17,17 +17,25 @@ License ------- -The software is provided under a BSD 3-Clause [license]. Certain source files -are derived from FreeBSD code: the original license is included in these -source files. +The software is provided under a BSD-3-Clause [license]. Contributions to this +project are accepted under the same license with developer sign-off as +described in the [Contributing Guidelines]. + +This project contains code from other projects as listed below. The original +license text is included in those source files. + +* The stdlib source code is derived from FreeBSD code. + +* The libfdt source code is dual licensed. It is used by this project under + the terms of the BSD-2-Clause license. This Release ------------ This release provides a suitable starting point for productization of secure -world boot and runtime firmware. Future versions will contain new features, -optimizations and quality improvements. +world boot and runtime firmware, executing in either the AArch32 or AArch64 +execution state. Users are encouraged to do their own security validation, including penetration testing, on any secure world code derived from ARM Trusted Firmware. @@ -42,7 +50,7 @@ * Library support for CPU specific reset and power down sequences. This includes support for errata workarounds. -* Drivers for both the version 2.0 and version 3.0 ARM Generic Interrupt +* Drivers for both versions 2.0 and 3.0 of the ARM Generic Interrupt Controller specifications (GICv2 and GICv3). The latter also enables GICv3 hardware systems that do not contain legacy GICv2 support. @@ -53,18 +61,26 @@ * SMC (Secure Monitor Call) handling, conforming to the [SMC Calling Convention][SMCCC] using an EL3 runtime services framework. -* SMC handling relating to [PSCI] for the Secondary CPU Boot, CPU Hotplug, - CPU Idle and System Shutdown/Reset/Suspend use-cases. +* [PSCI] library support for the Secondary CPU Boot, CPU Hotplug, CPU Idle + and System Shutdown/Reset/Suspend use-cases. + This library is pre-integrated with the provided AArch64 EL3 Runtime + Software, and is also suitable for integration into other EL3 Runtime + Software. + +* A minimal AArch32 Secure Payload to demonstrate [PSCI] library integration + on platforms with AArch32 EL3 Runtime Software. * Secure Monitor library code such as world switching, EL1 context management - and interrupt routing. This must be integrated with a Secure-EL1 Payload - Dispatcher (SPD) component to customize the interaction with a Secure-EL1 - Payload (SP), for example a Secure OS. + and interrupt routing. + When using the provided AArch64 EL3 Runtime Software, this must be + integrated with a Secure-EL1 Payload Dispatcher (SPD) component to + customize the interaction with a Secure-EL1 Payload (SP), for example a + Secure OS. -* A Test Secure-EL1 Payload and Dispatcher to demonstrate Secure Monitor - functionality and Secure-EL1 interaction with PSCI. +* A Test Secure-EL1 Payload and Dispatcher to demonstrate AArch64 Secure + Monitor functionality and Secure-EL1 interaction with PSCI. -* SPDs for the [OP-TEE Secure OS] and [NVidia Trusted Little Kernel] +* AArch64 SPDs for the [OP-TEE Secure OS] and [NVidia Trusted Little Kernel] [NVidia TLK]. * A Trusted Board Boot implementation, conforming to all mandatory TBBR @@ -72,11 +88,12 @@ Firmware Update (or recovery mode) boot flow, and packaging of the various firmware images into a Firmware Image Package (FIP) to be loaded from non-volatile storage. + The TBBR implementation is currently only supported in the AArch64 build. * Support for alternative boot flows. Some platforms have their own boot - firmware and only require the ARM Trusted Firmware Secure Monitor - functionality. Other platforms require minimal initialization before - booting into an arbitrary EL3 payload. + firmware and only require the AArch64 EL3 Runtime Software provided by this + project. Other platforms require minimal initialization before booting + into an arbitrary EL3 payload. For a full description of functionality and implementation details, please see the [Firmware Design] and supporting documentation. The [Change Log] @@ -84,36 +101,46 @@ ### Platforms -This release of the Trusted Firmware has been tested on variants r0 and r1 of -the [Juno ARM Development Platform] [Juno] with [Linaro Release 15.10] -[Linaro Release Notes]. +The AArch64 build of this release has been tested on variants r0, r1 and r2 +of the [Juno ARM Development Platform] [Juno] with [Linaro Release 16.06]. -The Trusted Firmware has also been tested on the 64-bit Linux versions of the -following ARM [FVP]s: +The AArch64 build of this release has been tested on the following ARM +[FVP]s (64-bit host machine only): -* `Foundation_Platform` (Version 9.4, Build 9.4.59) -* `FVP_Base_AEMv8A-AEMv8A` (Version 7.0, Build 0.8.7004) -* `FVP_Base_Cortex-A57x4-A53x4` (Version 7.0, Build 0.8.7004) -* `FVP_Base_Cortex-A57x1-A53x1` (Version 7.0, Build 0.8.7004) -* `FVP_Base_Cortex-A57x2-A53x4` (Version 7.0, Build 0.8.7004) +* `Foundation_Platform` (Version 10.1, Build 10.1.32) +* `FVP_Base_AEMv8A-AEMv8A` (Version 7.7, Build 0.8.7701) +* `FVP_Base_Cortex-A57x4-A53x4` (Version 7.7, Build 0.8.7701) +* `FVP_Base_Cortex-A57x1-A53x1` (Version 7.7, Build 0.8.7701) +* `FVP_Base_Cortex-A57x2-A53x4` (Version 7.7, Build 0.8.7701) + +The AArch32 build of this release has been tested on the following ARM +[FVP]s (64-bit host machine only): + +* `FVP_Base_AEMv8A-AEMv8A` (Version 7.7, Build 0.8.7701) +* `FVP_Base_Cortex-A32x4` (Version 10.1, Build 10.1.32) The Foundation FVP can be downloaded free of charge. The Base FVPs can be licensed from ARM: see [www.arm.com/fvp] [FVP]. This release also contains the following platform support: +* MediaTek MT6795 and MT8173 SoCs * NVidia T210 and T132 SoCs -* MediaTek MT8173 SoC +* QEMU emulator +* RockChip RK3368 and RK3399 SoCs +* Xilinx Zynq UltraScale + MPSoC ### Still to Come -* Complete implementation of the [PSCI] v1.0 specification. - -* Support for new CPUs and System IP. +* AArch32 TBBR support and ongoing TBBR alignment. * More platform support. -* Optimization and quality improvements. +* Ongoing support for new architectural features, CPUs and System IP. + +* Ongoing [PSCI] alignment and feature support. + +* Ongoing security hardening, optimization and quality improvements. For a full list of detailed issues in the current code, please see the [Change Log] and the [GitHub issue tracker]. @@ -147,7 +174,7 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - -_Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved._ +_Copyright (c) 2013-2016, ARM Limited and Contributors. All rights reserved._ [License]: ./license.md "BSD license for ARM Trusted Firmware" @@ -167,4 +194,4 @@ [GitHub issue tracker]: https://github.com/ARM-software/tf-issues/issues [OP-TEE Secure OS]: https://github.com/OP-TEE/optee_os [NVidia TLK]: http://nv-tegra.nvidia.com/gitweb/?p=3rdparty/ote_partner/tlk.git;a=summary -[Linaro Release Notes]: https://community.arm.com/docs/DOC-10952#jive_content_id_Linaro_Release_1510 +[Linaro Release 16.06]: https://community.arm.com/docs/DOC-10952#jive_content_id_Linaro_Release_1606