summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-10-13Init and save / restore of PMCR_EL0 / PMCRDavid Cunado
Currently TF does not initialise the PMCR_EL0 register in the secure context or save/restore the register. In particular, the DP field may not be set to one to prohibit cycle counting in the secure state, even though event counting generally is prohibited via the default setting of MDCR_EL3.SMPE to 0. This patch initialises PMCR_EL0.DP to one in the secure state to prohibit cycle counting and also initialises other fields that have an architectually UNKNOWN reset value. Additionally, PMCR_EL0 is added to the list of registers that are saved and restored during a world switch. Similar changes are made for PMCR for the AArch32 execution state. NOTE: secure world code at lower ELs that assume other values in PMCR_EL0 will be impacted. Change-Id: Iae40e8c0a196d74053accf97063ebc257b4d2f3a Signed-off-by: David Cunado <david.cunado@arm.com>
2017-10-11Merge pull request #1120 from ↵davidcunado-arm
michpappas/tf-issues#521_cert_tool_does_not_build_with_openssl_v1.1 cert_tool: update for compatibility with OpenSSL v1.1
2017-10-11Merge pull request #1100 from ajs-sun/masterdavidcunado-arm
trusty: save/restore FPU registers in world switch
2017-10-09Merge pull request #1117 from antonio-nino-diaz-arm/an/xlat-improvementsdavidcunado-arm
Improvements to the translation tables library v2
2017-10-09Merge pull request #1121 from geesun/qx/cert_ecdsa_fixdavidcunado-arm
cert_tool: Fix ECDSA certificates create failure
2017-10-09cert_tool: Fix ECDSA certificates create failureQixiang Xu
Commit a8eb286adaa73e86305317b9cae15d41c57de8e7 introduced the following error when creating ECDSA certificates. ERROR: Error creating key 'Trusted World key' Makefile:634: recipe for target 'certificates' failed make: *** [certificates] Error 1 this patch adds the function to create PKCS#1 v1.5. Change-Id: Ief96d55969d5e9877aeb528c6bb503b560563537 Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
2017-10-08cert_tool: update for compatibility with OpenSSL v1.1Michalis Pappas
This patch fixes incompatibility issues that prevent building the cert_tool with OpenSSL >= v1.1.0. The changes introduced are still backwards compatible with OpenSSL v1.0.2. Fixes arm-software/trusted-fw#521 Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>
2017-10-06Merge pull request #1119 from soby-mathew/sm/fix_its_assertiondavidcunado-arm
Fix assertion in GIC ITS helper
2017-10-06Fix assertion in GIC ITS helperSoby Mathew
This patch fixes an assertion check in the GICv3 ITS helper function. Change-Id: I75f50d7bf6d87c12c6e24a07c9a9889e5facf4a5 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2017-10-06Merge pull request #1118 from davidcunado-arm/dc/fix_coveritydavidcunado-arm
Increase PLAT_ARM_MMAP_ENTRIES and MAX_XLAT_TABLES
2017-10-06Increase PLAT_ARM_MMAP_ENTRIES and MAX_XLAT_TABLESDavid Cunado
The MEM_PROTECT support adds a MMAP region for DRAM2, which when building with TBBR support and OP-TEE tsp requires an additional entry in the MMAP region array in BL2 - PLAT_ARM_MMAP_ENTRIES is increased. The MEM_PROTECT support also adds a new region in BL31, and when BL31 is placed in DRAM, the memory mappings require an additional translation table - MAX_XLAT_TABLES is increased. Change-Id: I0b76260da817dcfd0b8f73a7193c36efda977625 Signed-off-by: David Cunado <david.cunado@arm.com>
2017-10-06Merge pull request #1116 from soby-mathew/sm/gicv3_save_restoredavidcunado-arm
GICv3 context save and restore
2017-10-05GICv3: Document GICv3 save/restore helpersDouglas Raillard
Give hints on how to use the GICv3 save/restore helpers in the implementation of the PSCI handlers. Change-Id: I86de1c27417b64c7ce290974964ef97ff678f676 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
2017-10-05GICv3: ITS architectural save and restore helpersSoby Mathew
This patch adds functions to save and restore GICv3 ITS registers during system suspend. Please note that the power management of GIC ITS is implementation defined. These functions only implements the architectural part of the ITS power management and they do not restore memory structures or register content required to support ITS. Even if the ITS implementation stores structures in memory, an implementation defined power down sequence is likely to be required to flush some internal ITS caches to memory. If such implementation defined sequence is not followed, the platform must ensure that the ITS is not power gated during system suspend. Change-Id: I5f31e5541975aa7dcaab69b0b7f67583c0e27678 Signed-off-by: Soby Mathew <soby.mathew@arm.com> Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
2017-10-05GICv3: add functions for save and restoreSoby Mathew
During system suspend, the GICv3 Distributor and Redistributor context can be lost due to power gating of the system power domain. This means that the GICv3 context needs to be saved prior to system suspend and restored on wakeup. Currently the consensus is that the Firmware should be in charge of this. See tf-issues#464 for more details. This patch introduces helper APIs in the GICv3 driver to save and restore the Distributor and Redistributor contexts. The GICv3 ITS context is not considered in this patch because the specification says that the details of ITS power management is implementation-defined. These APIs are expected to be appropriately invoked by the platform layer during system suspend. Fixes ARM-software/tf-issues#464 Change-Id: Iebb9c6770ab8c4d522546f161fa402d2fe02ec00 Signed-off-by: Soby Mathew <soby.mathew@arm.com> Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
2017-10-05GICv3: turn some macros into inline functionsDouglas Raillard
Tidy up the code a bit by turning some macros into inline functions which allows to remove the do/while(0) idiom and backslashes at the end of the line. Change-Id: Ie41a4ea4a4da507f7b925247b53e85019101d717 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
2017-10-05GICv3: Fix gic600.c indentationDouglas Raillard
Reindent the file using tabs as the mix of spaces and tabs confuses some editors and leads them to use spaces instead of tabs for new code although the coding style mandates tabs. Change-Id: I87fa4a5d368a048340054b9b3622325f3f7befba Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
2017-10-05xlat: Add support for EL0 and EL1 mappingsAntonio Nino Diaz
This patch introduces the ability of the xlat tables library to manage EL0 and EL1 mappings from a higher exception level. Attributes MT_USER and MT_PRIVILEGED have been added to allow the user specify the target EL in the translation regime EL1&0. REGISTER_XLAT_CONTEXT2 macro is introduced to allow creating a xlat_ctx_t that targets a given translation regime (EL1&0 or EL3). A new member is added to xlat_ctx_t to represent the translation regime the xlat_ctx_t manages. The execute_never mask member is removed as it is computed from existing information. Change-Id: I95e14abc3371d7a6d6a358cc54c688aa9975c110 Co-authored-by: Douglas Raillard <douglas.raillard@arm.com> Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2017-10-05xlat: Introduce function xlat_arch_tlbi_va_regime()Douglas Raillard
Introduce a variant of the TLB invalidation helper function that allows the targeted translation regime to be specified, rather than defaulting to the current one. This new function is useful in the context of EL3 software managing translation tables for the S-EL1&0 translation regime, as then it might need to invalidate S-EL1&0 TLB entries rather than EL3 ones. Define a new enumeration to be able to represent translation regimes in the xlat tables library. Change-Id: Ibe4438dbea2d7a6e7470bfb68ff805d8bf6b07e5 Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Co-authored-by: Douglas Raillard <douglas.raillard@arm.com> Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2017-10-05xlat: Always compile TLB invalidation functionsSandrine Bailleux
TLB invalidation functions used to be conditionally compiled in. They were enabled only when using the dynamic mapping feature. because only then would we need to modify page tables on the fly. Actually there are other use cases where invalidating TLBs is required. When changing memory attributes in existing translation descriptors for example. These other use cases do not necessarily depend on the dynamic mapping feature. This patch removes this dependency and always compile TLB invalidation functions in. If they're not used, they will be removed from the binary at link-time anyway so there's no consequence on the memory footprint if these functions are not called. Change-Id: I1c33764ae900eb00073ee23b7d0d53d4efa4dd21 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-10-05xlat: Introduce MAP_REGION2() macroSandrine Bailleux
The current implementation of the memory mapping API favours mapping memory regions using the biggest possible block size in order to reduce the number of translation tables needed. In some cases, this behaviour might not be desirable. When translation tables are edited at run-time, coarse-grain mappings like that might need splitting into finer-grain tables. This operation has a performance cost. The MAP_REGION2() macro allows to specify the granularity of translation tables used for the initial mapping of a memory region. This might increase performance for memory regions that are likely to be edited in the future, at the expense of a potentially increased memory footprint. The Translation Tables Library Design Guide has been updated to explain the use case for this macro. Also added a few intermediate titles to make the guide easier to digest. Change-Id: I04de9302e0ee3d326b8877043a9f638766b81b7b Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2017-10-04Merge pull request #1109 from robertovargas-arm/mem_protectdavidcunado-arm
Mem protect
2017-10-04Merge pull request #1115 from jeenu-arm/tsp-mtdavidcunado-arm
TSP: Support multi-threading CPUs on FVP
2017-10-04TSP: Support multi-threading CPUs on FVPJeenu Viswambharan
Commit 11ad8f208db42f7729b0ce2bd16c631c293e665c added supporting multi-threaded CPUs on FVP platform, including modifications for calculating CPU IDs. This patch imports the strong definition of the same CPU ID calculation on FVP platform for TSP. Without this patch, TSP on FVP was using the default CPU ID calculation, which would end up being wrong on CPUs with multi-threading. Change-Id: If67fd492dfce1f57224c9e693988c4b0f89a9a9a Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2017-10-02Merge pull request #1107 from geesun/qx/add_ecdsa_supportdavidcunado-arm
Add support for TBBR using ECDSA keys in ARM platforms
2017-10-02Merge pull request #1114 from vchong/updt_docsdavidcunado-arm
hikey*: Update docs
2017-09-29hikey*: Update docsVictor Chong
Signed-off-by: Victor Chong <victor.chong@linaro.org>
2017-09-27Merge pull request #1111 from douglas-raillard-arm/dr/fix_uniphier_xlat_includedavidcunado-arm
Uniphier: fix xlat tables lib inclusion
2017-09-27Uniphier: fix xlat tables lib inclusionDouglas Raillard
Uses the xlat tables library's Makefile instead of directly including the source files in the Uniphier platform port. Change-Id: I27294dd71bbf9bf3e82973c75324652b037e5bce Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
2017-09-26Merge pull request #1110 from masahir0y/xlatdavidcunado-arm
Fix MAP_REGION for GCC 4.9
2017-09-26xlat: remove cast in MAP_REGION to get back building with GCC 4.9Masahiro Yamada
Since commit 769d65da778b ("xlat: Use MAP_REGION macro as compatibility layer"), building with GCC 4.9 fails. CC plat/arm/board/fvp/fvp_common.c plat/arm/board/fvp/fvp_common.c:60:2: error: initializer element is not constant ARM_MAP_SHARED_RAM, ^ plat/arm/board/fvp/fvp_common.c:60:2: error: (near initialization for 'plat_arm_mmap[0]') make: *** [Makefile:535: build/fvp/release/bl1/fvp_common.o] Error 1 Taking into account that MAP_REGION(_FLAT) is widely used in array initializers, do not use cast. Fixes: 769d65da778b ("xlat: Use MAP_REGION macro as compatibility layer") Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2017-09-25Merge pull request #1108 from sandrine-bailleux-arm/sb/fvp-utils-defdavidcunado-arm
FVP: Include utils_def.h instead of utils.h
2017-09-25Merge pull request #1105 from antonio-nino-diaz-arm/an/epd1-bitdavidcunado-arm
Set TCR_EL1.EPD1 bit to 1
2017-09-25Merge pull request #1106 from antonio-nino-diaz-arm/an/bit-macrodavidcunado-arm
Fix type of `unsigned long` constants
2017-09-25mem_protect: Add DRAM2 to the list of mem protected rangesRoberto Vargas
On ARM platforms, the maximum size of the address space is limited to 32-bits as defined in arm_def.h. In order to access DRAM2, which is defined beyond the 32-bit address space, the maximum address space is increased to 36-bits in AArch64. It is possible to increase the virtual space for AArch32, but it is more difficult and not supported for now. NOTE - the actual maximum memory address space is platform dependent and is checked at run-time by querying the PARange field in the ID_AA64MMFR0_EL1 register. Change-Id: I6cb05c78a63b1fed96db9a9773faca04a5b93d67 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
2017-09-25mem_protect: Add mem_protect support in Juno and FVP for DRAM1Roberto Vargas
mem_protect needs some kind of non-volatile memory because it has to remember its state across reset and power down events. The most suitable electronic part for this feature is a NVRAM which should be only accesible from the secure world. Juno and FVP lack such hardware and for this reason the MEM_PROTECT functionality is implemented with Flash EEPROM memory on both boards, even though this memory is accesible from the non-secure world. This is done only to show a full implementation of these PSCI features, but an actual system shouldn't use a non-secure NVRAM to implement it. The EL3 runtime software will write the mem_protect flag and BL2 will read and clear the memory ranges if enabled. It is done in BL2 because it reduces the time that TF needs access to the full non-secure memory. The memory layout of both boards is defined using macros which take different values in Juno and FVP platforms. Generic platform helpers are added that use the platform specific macros to generate a mem_region_t that is valid for the platform. Change-Id: I2c6818ac091a2966fa07a52c5ddf8f6fde4941e9 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
2017-09-25Add mem_region utility functionsRoberto Vargas
This commit introduces a new type (mem_region_t) used to describe memory regions and it adds two utility functions: - clear_mem_regions: This function clears (write 0) to a set of regions described with an array of mem_region_t. - mem_region_in_array_chk This function checks if a region is covered by some of the regions described with an array of mem_region_t. Change-Id: I12ce549f5e81dd15ac0981645f6e08ee7c120811 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
2017-09-25mem_protect: Add mem_protect APIRoberto Vargas
This patch adds the generic code that links the psci smc handler with the platform function that implements the mem_protect and mem_check_range functionalities. These functions are optional APIs added in PSCI v1.1 (ARM DEN022D). Change-Id: I3bac1307a5ce2c7a196ace76db8317e8d8c8bb3f Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
2017-09-22Dynamic selection of ECDSA or RSAQixiang Xu
Add new option rsa+ecdsa for TF_MBEDTLS_KEY_ALG, which selects rsa or ecdsa depending on the certificate used. Change-Id: I08d9e99bdbba361ed2ec5624248dc382c750ad47 Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
2017-09-22Add support for TBBR using ECDSA keys in ARM platformsQixiang Xu
- fixed compile error when KEY_ALG=ecdsa - add new option ecdsa for TF_MBEDTLS_KEY_ALG - add new option devel_ecdsa for ARM_ROTPK_LOCATION - add ecdsa key at plat/arm/board/common/rotpk/ - reduce the mbedtls heap memory size to 13k Change-Id: I3f7a6170af93fdbaaa7bf2fffb4680a9f6113c13 Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
2017-09-22plat/arm : update BL size macros to give BL1 and BL2 more space for TBBQixiang Xu
For Trusted Board Boot, BL1 RW section and BL2 need more space to support the ECDSA algorithm. Specifically, PLAT_ARM_MAX_BL1_RW_SIZE is increased on ARM platforms. And on the Juno platform: - BL2 size, PLAT_ARM_MAX_BL2_SIZE is increased. - SCP_BL2 is loaded into the space defined by BL31_BASE -> BL31_RW_BASE. In order to maintain the same size space for SCP_BL2,PLAT_ARM_MAX_BL31_SIZE is increased. Change-Id: I379083f918b40ab1c765da4e71780d89f0058040 Co-Authored-By: David Cunado <david.cunado@arm.com> Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
2017-09-21FVP: Include utils_def.h instead of utils.hSandrine Bailleux
platform_def.h doesn't need all the definitions in utils.h, the ones in utils_def.h are enough. This patch is related to the changes introduced by commit 53d9c9c85b. Change-Id: I4b2ff237a2d7fe07a7230e0e49b44b3fc2ca8abe Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-09-21Fix type of `unsigned long` constantsAntonio Nino Diaz
The type `unsigned long` is 32 bit wide in AArch32, but 64 bit wide in AArch64. This is inconsistent and that's why we avoid using it as per the Coding Guidelines. This patch changes all `UL` occurrences to `U` or `ULL` depending on the context so that the size of the constant is clear. This problem affected the macro `BIT(nr)`. As long as this macro is used to fill fields of registers, that's not a problem, since all registers are 32 bit wide in AArch32 and 64 bit wide in AArch64. However, if the macro is used to fill the fields of a 64-bit integer, it won't be able to set the upper 32 bits in AArch32. By changing the type of this macro to `unsigned long long` the behaviour is always the same regardless of the architecture, as this type is 64-bit wide in both cases. Some Tegra platform files have been modified by this patch. Change-Id: I918264c03e7d691a931f0d1018df25a2796cc221 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2017-09-21Set TCR_EL1.EPD1 bit to 1Antonio Nino Diaz
In the S-EL1&0 translation regime we aren't using the higher VA range, whose translation table base address is held in TTBR1_EL1. The bit TCR_EL1.EPD1 can be used to disable translations using TTBR1_EL1, but the code wasn't setting it to 1. Additionally, other fields in TCR1_EL1 associated with the higher VA range (TBI1, TG1, SH1, ORGN1, IRGN1 and A1) weren't set correctly as they were left as 0. In particular, 0 is a reserved value for TG1. Also, TBBR1_EL1 was not explicitly set and its reset value is UNKNOWN. Therefore memory accesses to the higher VA range would result in unpredictable behaviour as a translation table walk would be attempted using an UNKNOWN value in TTBR1_EL1. On the FVP and Juno platforms accessing the higher VA range resulted in a translation fault, but this may not always be the case on all platforms. This patch sets the bit TCR_EL1.EPD1 to 1 so that any kind of unpredictable behaviour is prevented. This bug only affects the AArch64 version of the code, the AArch32 version sets this bit to 1 as expected. Change-Id: I481c000deda5bc33a475631301767b9e0474a303 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2017-09-21xlat: simplify mmap_add_region_check parameters (#1101)Douglas Raillard
Use a mmap_region_t as parameter instead of getting a parameter for each structure member. This reduces the scope of changes when adding members to mmap_region_t. Also align on the convention of using mm_cursor as a variable name for the currently inspected region when iterating on the region array. Change-Id: If40bc4351b56c64b214e60dda27276d11ce9dbb3 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
2017-09-19Merge pull request #1099 from douglas-raillard-arm/dr/fix_mm_copydavidcunado-arm
xlat: fix mm copy when adding a region
2017-09-19Merge pull request #1102 from Xilinx/fpga_loaddavidcunado-arm
zynqmp: Sync function declaration and definition
2017-09-19trusty: save/restore FPU registers in world switchAijun Sun
Currently, Trusty OS/LK implemented FPU context switch in internal thread switch but does not implement the proper mechanism for world switch. This commit just simply saves/restores FPU registes in world switch to prevent FPU context from being currupted when Trusty OS uses VFP in its applications. It should be noted that the macro *CTX_INCLUDE_FPREGS* must be defined in trusty.mk if Trusty OS uses VFP Signed-off-by: Aijun Sun <aijun.sun@spreadtrum.com>
2017-09-18zynqmp: Sync function declaration and definitionSoren Brinkmann
Synchronize argument order between function definition and declaration of pm_fpga_load. Fixes ARM-software/tf-issues#514 Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
2017-09-18Merge pull request #1093 from soby-mathew/eb/log_fwdavidcunado-arm
Implement log framework