| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch provides the following features and makes modifications
listed below:
- Individual APIAKey key generation for each CPU.
- New key generation on every BL31 warm boot and TSP CPU On event.
- Per-CPU storage of APIAKey added in percpu_data[]
of cpu_data structure.
- `plat_init_apiakey()` function replaced with `plat_init_apkey()`
which returns 128-bit value and uses Generic timer physical counter
value to increase the randomness of the generated key.
The new function can be used for generation of all ARMv8.3-PAuth keys
- ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`.
- New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions
generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively;
pauth_disable_el1()` and `pauth_disable_el3()` functions disable
PAuth for EL1 and EL3 respectively;
`pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from
cpu-data structure.
- Combined `save_gp_pauth_registers()` function replaces calls to
`save_gp_registers()` and `pauth_context_save()`;
`restore_gp_pauth_registers()` replaces `pauth_context_restore()`
and `restore_gp_registers()` calls.
- `restore_gp_registers_eret()` function removed with corresponding
code placed in `el3_exit()`.
- Fixed the issue when `pauth_t pauth_ctx` structure allocated space
for 12 uint64_t PAuth registers instead of 10 by removal of macro
CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h`
and assigning its value to CTX_PAUTH_REGS_END.
- Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions
in `msr spsel` instruction instead of hard-coded values.
- Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI.
Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* changes:
Remove RSA PKCS#1 v1.5 support from cert_tool
Add documentation for new KEY_SIZE option
Add cert_create tool support for RSA key sizes
Support larger RSA key sizes when using MBEDTLS
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Support for PKCS#1 v1.5 was deprecated in SHA 1001202 and fully removed
in SHA fe199e3, however, cert_tool is still able to generate
certificates in that form. This patch fully removes the ability for
cert_tool to generate these certificates.
Additionally, this patch also fixes a bug where the issuing certificate
was a RSA and the issued certificate was EcDSA. In this case, the issued
certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per
PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now
that PKCS#1 v1.5 support is removed, all certificates that are signed
with RSA now use the more modern padding scheme.
Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
This patch adds documentation for the new KEY_SIZE build option that is
exposed by cert_create, and instructions on how to use it.
Change-Id: I09b9b052bfdeeaca837e0f0026e2b01144f2472c
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
|
| |/
|
|
|
|
|
|
|
|
| |
Some of the platform (ie. Agilex) make use of CCU IPs which will only be
initialized during bl2_el3_early_platform_setup. Any operation to the
cache beforehand will crash the platform. Hence, this will provide an
option to skip the data cache invalidation upon bl2 entry at EL3
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I2c924ed0589a72d0034714c31be8fe57237d1f06
|
| |\
| |
| |
| | |
integration
|
| | |
| |
| |
| |
| | |
Signed-off-by: zelalem-aweke <zelalem.aweke@arm.com>
Change-Id: Ib12ecc0b283274c74cdfa57caf9e1a105dce3afe
|
| |\ \
| | |
| | |
| | |
| | |
| | | |
* changes:
Add documentation for CTX_INCLUDE_MTE_REGS
Enable MTE support in both secure and non-secure worlds
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A new build flag, CTX_INCLUDE_MTE_REGS, has been added; this patch adds
documentation for it in the User Guide along with instructions of what
different values mean.
Change-Id: I430a9c6ced06b1b6be317edbeff4f5530e30f63a
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
|
| |\ \ \ |
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch adds support for the Undefined Behaviour sanitizer. There are
two types of support offered - minimalistic trapping support which
essentially immediately crashes on undefined behaviour and full support
with full debug messages.
The full support relies on ubsan.c which has been adapted from code used
by OPTEE.
Change-Id: I417c810f4fc43dcb56db6a6a555bfd0b38440727
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
|
| |\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* changes:
amlogic: Fix includes order
amlogic: Fix header guards
amlogic: Fix prefixes in the SoC specific files
amlogic: Fix prefixes in the PM code
amlogic: Fix prefixes in the SCPI related code
amlogic: Fix prefixes in the MHU code
amlogic: Fix prefixes in the SIP/SVC code
amlogic: Fix prefixes in the thermal driver
amlogic: Fix prefixes in the private header file
amlogic: Fix prefixes in the efuse driver
amlogic: Fix prefixes in the platform macros file
amlogic: Fix prefixes in the helpers file
amlogic: Rework Makefiles
amlogic: Move the SIP SVC code to common directory
amlogic: Move topology file to common directory
amlogic: Move thermal code to common directory
amlogic: Move MHU code to common directory
amlogic: Move efuse code to common directory
amlogic: Move platform macros assembly file to common directory
amlogic: Introduce unified private header file
amlogic: Move SCPI code to common directory
amlogic: Move the SHA256 DMA driver to common directory
amlogic: Move assembly helpers to common directory
amlogic: Introduce directory parameters in the makefiles
meson: Rename platform directory to amlogic
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
Meson is the internal code name for the SoC family. The correct name for
the platform should be Amlogic. Change the name of the platform
directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Icc140e1ea137f12117acbf64c7dcb1a8b66b345d
|
| |/
|
|
|
| |
Change-Id: I576ae161477f4a69336d15a7741e566bb103124a
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
At the time of writting, GCC 8.3-2019.03 is the latest version available
on developer.arm.com.
Switch to bare-metal toolchain (arm-eabi-) for AArch32. This allows to
have a finer control on the use of floating-point and SIMD instructions.
Change-Id: I4438401405eae1e5f6d531b0162e8fa06f69135e
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The features of the previously existing gentbl, genvar and genwrappers
scripts were reimplemented in the romlib_generator.py Python script.
This resulted in more readable and maintainable code and the script
introduces additional features that help dependency handling in
makefiles. The assembly templates were separated from the script logic
and were collected in the 'templates' directory.
The targets and their dependencies were reorganized in the makefile and
the dependency handling of included index files is possible now.
Incremental build is available in case of modifying the index files.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I79f65fab9dc5c70d1f6fc8f57b2a3009bf842dc5
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
px30 is a Quad-core soc and Cortex-a53 inside.
This patch supports the following functions:
1. basic platform setup
2. power up/off cpus
3. suspend/resume cpus
4. suspend/resume system
5. reset system
6. power off system
Change-Id: I73d55aa978096c078242be921abe0ddca9e8f67e
Signed-off-by: XiaoDong Huang <derrick.huang@rock-chips.com>
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ib2ad2068abdf0b204c5cb021ea919581adaca4ef
|
| | |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | | |
Add uml sequence and class diagram to illustrate the behavior of the
storage abstraction layer.
Change-Id: I338262729f8034cc3d3eea1d0ce19cca973a91bb
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently we have some pre-rendered versions of certain diagrams
in SVG format. These diagrams have corresponding PlantUML source
that can be rendered automatically as part of the documentation
build, removing the need for any intermediate files.
This patch adds the Sphinx "plantuml" extension, replaces
references to the pre-rendered SVG files within the documents,
and finally removes the SVG files and helper script.
New requirements for building the docs are the
"sphinxcontrib-plantuml" Python module (added to the pip
requirements.txt file) and the Graphviz package (provides the
"dot" binary) which is in the Ubuntu package repositories.
Change-Id: I24b52ee40ff79676212ed7cff350294945f1b50d
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The project has been renamed from "Arm Trusted Firmware (ATF)" to
"Trusted Firmware-A (TF-A)" long ago. A few references to the old
project name that still remained in various places have now been
removed.
This change doesn't affect any platform files. Any "ATF" references
inside platform files, still remain.
Change-Id: Id97895faa5b1845e851d4d50f5750de7a55bf99e
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
|
| |\ \ \ |
|
| | | |/
| |/|
| | |
| | |
| | | |
Change-Id: Ic5aab23b549d0bf8e0f7053b46fd59243214aac1
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
|
| | |/
|/|
| |
| |
| | |
Change-Id: I755e4c42242d9a052570fd1132ca3d937acadb13
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
|
| |/
|
|
|
| |
Change-Id: Ibdee91ad337ee362872924d93e82f5b5e47e63d9
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* changes:
Removing redundant ISB instructions
Workaround for Neoverse N1 erratum 1275112
Workaround for Neoverse N1 erratum 1262888
Workaround for Neoverse N1 erratum 1262606
Workaround for Neoverse N1 erratum 1257314
Workaround for Neoverse N1 erratum 1220197
Workaround for Neoverse N1 erratum 1207823
Workaround for Neoverse N1 erratum 1165347
Workaround for Neoverse N1 erratum 1130799
Workaround for Neoverse N1 erratum 1073348
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Neoverse N1 erratum 1275112 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR_EL1 system register, which delays instruction fetch after
branch misprediction.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: If7fe55fe92e656fa6aea12327ab297f2e6119833
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Neoverse N1 erratum 1262888 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUECTLR_EL1 system register, which disables the MMU hardware prefetcher.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: Ib733d748e32a7ea6a2783f3d5a9c5e13eee01105
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Neoverse N1 erratum 1262606 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR_EL1 system register, which delays instruction fetch after
branch misprediction.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: Idd980e9d5310232d38f0ce272862e1fb0f02ce9a
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Neoverse N1 erratum 1257314 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR3_EL1 system register, which prevents parallel
execution of divide and square root instructions.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: I54f0f40ff9043efee40d51e796b92ed85b394cbb
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Neoverse N1 erratum 1220197 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set two bits in the implementation defined
CPUECTLR_EL1 system register, which disables write streaming to the L2.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: I9c3373f1b6d67d21ee71b2b80aec5e96826818e8
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Neoverse N1 erratum 1207823 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR2_EL1 system register.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: Ia932337821f1ef0d644db3612480462a8d924d21
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Neoverse N1 erratum 1165347 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set two bits in the implementation defined
CPUACTLR2_EL1 system register.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: I163d0ea00578245c1323d2340314cdc3088c450d
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Neoverse N1 erratum 1130799 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR2_EL1 system register.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: I252bc45f9733443ba0503fefe62f50fdea61da6d
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Neoverse N1 erratum 1073348 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR_EL1 system register, which disables static prediction.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: I674126c0af6e068eecb379a190bcf7c75dcbca8e
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
|
| |\ \
| | |
| | |
| | |
| | |
| | | |
* changes:
Fix the License header template in imx_aipstz.c
docs: Add the list of banned/use with caution APIs
|
| | |/
| |
| |
| |
| |
| |
| | |
Credit to sam.ellis@arm.com for the input to create the list.
Change-Id: Id70a8eddc5f2490811bebb278482c61950f10cce
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
|
| |\ \ |
|
| | |/
| |
| |
| |
| | |
Signed-off-by: Peng Donglin <dolinux.peng@gmail.com>
Change-Id: I459e7d056735222f6f34e275dbdaf9a389d193fc
|
| |/
|
|
|
| |
Change-Id: Ifef4d634b4a34d23f42f61df5e326a1cc05d3844
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
Reference security specific build options from the user guide.
Change-Id: I0e1efbf47d914cf3c473104175c702ff1a80eb67
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
U-Boot should be compiled with stm32mp15_trusted_defconfig which is
supported since tag v2019.07-rc1 with commit [1].
The creation of the U-Boot binary with stm32 header is done at U-Boot
compilation step, it is no more required to call the extra command.
[1] https://git.denx.de/?p=u-boot.git;a=commit;h=015289580f81
Change-Id: Ia875c22184785fc2e02ad07993a649069cd5ce34
Signed-off-by: Yann Gautier <yann.gautier@st.com>
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Also sort alphabetically the links at the bottom, a couple of them were
not sorted.
Change-Id: I49a1dbe9e56a36c5fdbace8e4c8b9a5270bc2984
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
|
