| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| | |
Make TF compatible with Clang assembler and linker
|
| | |
| |
| |
| |
| | |
Change-Id: Ie65eb779b048940cf32ed5744ff40610b3c5499d
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The user guide didn't contain any information about the
requirements of the clang version needed by TF, which is
at least 4.0.
Change-Id: I1ea120aca0fb2c0950fbeaf6978c654ec277afde
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
|
| |/
|
|
|
| |
Change-Id: Ia7800dae52f152b2c3a3b41f1078ab7499d2f4b6
Signed-off-by: Sathees Balya <sathees.balya@arm.com>
|
| |\
| |
| | |
rpi3: Add support for Trusted Board Boot
|
| | |
| |
| |
| |
| |
| |
| | |
Add paragraph for how to enable Trusted Board Boot for rpi3
Tested-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| | |
For Trusted Board Boot we enlarge the BL1 size from 64k to 128k.
Tested-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
|
| |\ \
| | |
| | | |
allwinner: Add H6 SoC support
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The H6 is Allwinner's most recent SoC. It shares most peripherals with the
other ARMv8 Allwinner SoCs (A64/H5), but has a completely different memory
map.
Introduce a separate platform target, which includes a different header
file to cater for the address differences. Also add the new build target
to the documentation.
The new ATF platform name is "sun50i_h6".
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
|
| |\ \
| |/
|/| |
xlat v2: Update documentation
|
| | |
| |
| |
| |
| |
| |
| | |
Update documentation to reflect the current state of the library.
Change-Id: Ic72f90ee322d2ebd6ea7f4296315700d6bc434e6
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Add two empty lines to denote the paragraphs properly and improve
readability.
Reported-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
|
| |/
|
|
|
|
|
|
|
|
| |
This patch is an attempt to run Trusted OS (OP-TEE OS being one of them) along
side BL31 image.
ATF supports multiple SPD's that can take dispatcher name (opteed for OP-TEE OS)
as an input using the 'SPD=<dispatcher name>' option during bl31 build.
Signed-off-by: Amit Singh Tomar <amittomer25@gmail.com>
|
| |\
| |
| | |
Enable MMU without stack for xlat v2/DynamIQ
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Having an active stack while enabling MMU has shown coherency problems.
This patch builds on top of translation library changes that introduces
MMU-enabling without using stacks.
Previously, with HW_ASSISTED_COHERENCY, data caches were disabled while
enabling MMU only because of active stack. Now that we can enable MMU
without using stack, we can enable both MMU and data caches at the same
time.
NOTE: Since this feature depends on using translation table library v2,
disallow using translation table library v1 with HW_ASSISTED_COHERENCY.
Fixes ARM-software/tf-issues#566
Change-Id: Ie55aba0c23ee9c5109eb3454cb8fa45d74f8bbb2
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
|
| |/
|
|
|
|
|
|
|
|
| |
Currenly the CNTFRQ register and system timer is initialized in BL31 for
use by the normal world. During firmware update, the NS-BL1 or NS-BL2U
may need to access the system timer. Hence this patch duplicates the
CNTFRQ and system timer initialization in BL1 as well.
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I1ede78b4ae64080fb418cb93f3e48b26d7b724dc
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In the porting guide, there are blue boxes that describe the argument
types and the return type of each function. A small typo caused some of
these boxes not being properly rendered.
In the user guide, small typos were fixed that caused random text being
unintentionally rendered as bold. Also, a slight rewording was done in
the section describing the DYN_DISABLE_AUTH flag.
Change-Id: I57303ca609436a82162fa9b42c06b0d5a63da6df
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
|
| |\
| |
| | |
SDEI dispatch changes to enable RAS use cases
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
SDEI event dispatches currently only sets up the Non-secure context
before returning to the caller. The actual dispatch only happens upon
exiting EL3 next time.
However, for various error handling scenarios, it's beneficial to have
the dispatch happen synchronously. I.e. when receiving SDEI interrupt,
or for a successful sdei_dispatch_event() call, the event handler is
executed; and upon the event completion, dispatcher execution resumes
after the point of dispatch. The jump primitives introduced in the
earlier patch facilitates this feature.
With this patch:
- SDEI interrupts and calls to sdei_dispatch_event prepares the NS
context for event dispatch, then sets a jump point, and immediately
exits EL3. This results in the client handler executing in
Non-secure.
- When the SDEI client completes the dispatched event, the SDEI
dispatcher does a longjmp to the jump pointer created earlier. For
the caller of the sdei_dispatch_event() in particular, this would
appear as if call returned successfully.
The dynamic workaround for CVE_2018_3639 is slightly shifted around as
part of related minor refactoring. It doesn't affect the workaround
functionality.
Documentation updated.
NOTE: This breaks the semantics of the explicit dispatch API, and any
exiting usages should be carefully reviewed.
Change-Id: Ib9c876d27ea2af7fb22de49832e55a0da83da3f9
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The current macros only allow to define dynamic and statically-bound
SDEI events. However, there ought be a mechanism to define SDEI events
that are explicitly dispatched; i.e., events that are dispatched as a
result of a previous secure interrupt or other exception
This patch introduces SDEI_EXPLICIT_EVENT() macro to define an explicit
event. They must be placed under private mappings. Only the priority
flags are allowed to be additionally specified.
Documentation updated.
Change-Id: I2e12f5571381195d6234c9dfbd5904608ad41db3
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
|
| |\ \
| | |
| | | |
xlat: Remove mmap_attr_t enum type
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The values defined in this type are used in logical operations, which
goes against MISRA Rule 10.1: "Operands shall not be of an inappropriate
essential type".
Now, `unsigned int` is used instead. This also allows us to move the
dynamic mapping bit from 30 to 31. It was an undefined behaviour in the
past because an enum is signed by default, and bit 31 corresponds to the
sign bit. It is undefined behaviour to modify the sign bit. Now, bit 31
is free to use as it was originally meant to be.
mmap_attr_t is now defined as an `unsigned int` for backwards
compatibility.
Change-Id: I6b31218c14b9c7fdabebe432de7fae6e90a97f34
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
| |\ \
| |/
|/| |
Add support for Socionext Synquacer SC2A11 SoC based Developerbox platform.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add Makefile and plaform definations file.
My thanks to Daniel Thompson and Ard Biesheuvel for the bits and pieces
I've taken from their earlier work regarding build and deploy steps for
Developerbox based on Synquacer SoCs. They deserve much of the credit
for this work although, since I assembled and tested things, any blame
is probably mine.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Tested-by: Daniel Thompson <daniel.thompson@linaro.org>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
|
| |\ \
| |/
|/| |
Move to mbedtls-2.10.0 tag
|
| | |
| |
| |
| |
| |
| |
| |
| | |
To build with the new release, we pick couple of more files from mbedTLS
library.
Change-Id: I77dfe5723284cb26d4e5c717fb0e6f6dd803cb6b
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
|
| |\ \
| | |
| | | |
TI K3 platform support
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Create the baseline Makefile, platform definitions file and platform
specific assembly macros file. This includes first set of constants
for the platform including cache sizes and linker format and a stub for
BL31 and the basic memory layout
K3 SoC family of processors do not use require a BL1 or BL2 binary,
since such functions are provided by an system controller on the SoC.
This lowers the burden of ATF to purely managing the local ARM cores
themselves.
Signed-off-by: Benjamin Fair <b-fair@ti.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Andrew F. Davis <afd@ti.com>
|
| |\ \ \
| |/ /
|/| | |
rpi3: BL32 optee support
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Describe how to use BL32 build variable to load OP-TEE into FIP.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
|
| |\ \ \
| | | |
| | | | |
Add NXP's i.MX8QX and i.MX8QM SoC support
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
NXP's i.MX8QM is an ARMv8 SoC with 2 clusters, 2 Cortex-A72
cores in one cluster and 4 Cortex-A53 in the other cluster,
and also has system controller (Cortex-M4) inside, documentation
can be found in below link:
https://www.nxp.com/products/processors-and-microcontrollers/
applications-processors/i.mx-applications-processors/i.mx-8-processors:IMX8-SERIES
This patch adds support for booting up SMP linux kernel (v4.9).
Signed-off-by: Anson Huang <Anson.Huang@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
NXP's i.MX8QX is an ARMv8 SoC with 4 Cortex-A35 cores and
system controller (Cortex-M4) inside, documentation can
be found in below link:
https://www.nxp.com/products/processors-and-microcontrollers/
applications-processors/i.mx-applications-processors/i.mx-8-processors:IMX8-SERIES
This patch adds support for booting up SMP linux kernel (v4.9).
Signed-off-by: Anson Huang <Anson.Huang@nxp.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
Allwinner platform support
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The Allwinner A64 SoC is quite popular on single board computers.
It comes with four Cortex-A53 cores in a singe cluster and the usual
peripherals for set-top box/tablet SoC.
The ATF platform target is called "sun50i_a64".
[Andre: adapted to amended directory layout, removed unneeded definitions ]
Signed-off-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
|
| |\ \ \
| |/ /
|/| | |
rpi3: Fix kernel boot documentation
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The order of the arguments of memmap was swapped. The old command was
reserving 256 MiB from the 16 MiB barrier, it should be reserving only
16 MiB at the 256 MiB barrier.
It worked because the memory used by the Trusted Firmware was reserved
anyway.
Change-Id: I3fefcfc0105ecf05ba5606517bc3236f4eb24ceb
Tested-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
Changed the ordering of the log levels in the documentation to
mate the code
Change-Id: Ief1930b73d833fdf675b039c98046591c0c264c1
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
|
| |/
|
|
|
|
|
|
|
|
| |
For the BL2_AT_EL3 configuration, move BL2 higher up to make more
space for BL31. Adjust the BL31 limit to be up to BL2 base. This is
because BL2 is always resident for the BL2_AT_EL3 configuration and
thus we cannot overlay it with BL31.
Change-Id: I71e89863ed48f5159e8b619f49c7c73b253397aa
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
|
| |\
| |
| | |
ARM platforms: Change memory layout and update documentation
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This patch updates the firmware design guide for the BL memory
layout change on ARM platforms.
Change-Id: Icbfe7249484bb8b4ba3c94421172d42f27605c52
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The patch changes the layout of BL images in memory to enable
more efficient use of available space. Previously BL31 was loaded
with the expectation that BL2 memory would be reclaimed by BL32
loaded in SRAM. But with increasing memory requirements in the
firmware, we can no longer fit BL32 in SRAM anymore which means the
BL2 memory is not reclaimed by any runtime image. Positioning BL2
below BL1-RW and above BL31 means that the BL31 NOBITS can be
overlaid on BL2 and BL1-RW.
This patch also propogates the same memory layout to BL32 for AArch32
mode. The reset addresses for the following configurations are also
changed :
* When RESET_TO_SP_MIN=1 for BL32 in AArch32 mode
* When BL2_AT_EL3=1 for BL2
The restriction on BL31 to be only in DRAM when SPM is enabled
is now removed with this change. The update to the firmware design
guide for the BL memory layout is done in the following patch.
Change-Id: Icca438e257abe3e4f5a8215f945b9c3f9fbf29c9
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
|
| |\ \
| |/
|/| |
Implement workaround for CVE-2018-3639 on Cortex A57/A72/A73 and A75
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some CPUS may benefit from using a dynamic mitigation approach for
CVE-2018-3639. A new SMC interface is defined to allow software
executing in lower ELs to enable or disable the mitigation for their
execution context.
It should be noted that regardless of the state of the mitigation for
lower ELs, code executing in EL3 is always mitigated against
CVE-2018-3639.
NOTE: This change is a compatibility break for any platform using
the declare_cpu_ops_workaround_cve_2017_5715 macro. Migrate to
the declare_cpu_ops_wa macro instead.
Change-Id: I3509a9337ad217bbd96de9f380c4ff8bf7917013
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For affected CPUs, this approach enables the mitigation during EL3
initialization, following every PE reset. No mechanism is provided to
disable the mitigation at runtime.
This approach permanently mitigates the entire software stack and no
additional mitigation code is required in other software components.
TF-A implements this approach for the following affected CPUs:
* Cortex-A57 and Cortex-A72, by setting bit 55 (Disable load pass store) of
`CPUACTLR_EL1` (`S3_1_C15_C2_0`).
* Cortex-A73, by setting bit 3 of `S3_0_C15_C0_0` (not documented in the
Technical Reference Manual (TRM)).
* Cortex-A75, by setting bit 35 (reserved in TRM) of `CPUACTLR_EL1`
(`S3_0_C15_C1_0`).
Additionally, a new SMC interface is implemented to allow software
executing in lower ELs to discover whether the system is mitigated
against CVE-2018-3639.
Refer to "Firmware interfaces for mitigating cache speculation
vulnerabilities System Software on Arm Systems"[0] for more
information.
[0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification
Change-Id: I084aa7c3bc7c26bf2df2248301270f77bed22ceb
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
|
| |\ \
| |/
|/| |
SPM: Refactor codebase
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
BL31 is running out of space, and the use-case of SPM doesn't require it
to be in SRAM. To prevent BL31 from running out of space in the future,
move BL31 to DRAM if SPM is enabled.
Secure Partition Manager design document updated to reflect the changes.
Increased the size of the stack of BL31 for builds with SPM.
The translation tables used by SPM in Arm platforms have been moved back
to the 'xlat_tables' region instead of 'arm_el3_tzc_dram'. Everything is
in DRAM now, so it doesn't make sense to treat them in a different way.
Change-Id: Ia6136c8e108b8da9edd90e9d72763dada5e5e5dc
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
| |\ \
| |/
|/| |
Extend dynamic configuration
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch allows platforms to dynamically disable authentication of
images during cold boot. This capability is controlled via the
DYN_DISABLE_AUTH build flag and is only meant for development
purposes.
Change-Id: Ia3df8f898824319bb76d5cc855b5ad6c3d227260
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
|
| |/
|
|
|
|
|
|
|
|
| |
From TF-A v1.5, FVP supports loading the kernel FDT through
firmware as part of dynamic configuration feature. This means
that the FDT no longer needs to be loaded via Model parameters.
This patch updates the user guide to reflect the same.
Change-Id: I79833beeaae44a1564f6512c3a473625e5959f65
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
|
