Age | Commit message (Collapse) | Author |
|
Currently TF does not initialise the PMCR_EL0 register in
the secure context or save/restore the register.
In particular, the DP field may not be set to one to prohibit
cycle counting in the secure state, even though event counting
generally is prohibited via the default setting of MDCR_EL3.SMPE
to 0.
This patch initialises PMCR_EL0.DP to one in the secure state
to prohibit cycle counting and also initialises other fields
that have an architectually UNKNOWN reset value.
Additionally, PMCR_EL0 is added to the list of registers that are
saved and restored during a world switch.
Similar changes are made for PMCR for the AArch32 execution state.
NOTE: secure world code at lower ELs that assume other values in PMCR_EL0
will be impacted.
Change-Id: Iae40e8c0a196d74053accf97063ebc257b4d2f3a
Signed-off-by: David Cunado <david.cunado@arm.com>
|
|
michpappas/tf-issues#521_cert_tool_does_not_build_with_openssl_v1.1
cert_tool: update for compatibility with OpenSSL v1.1
|
|
trusty: save/restore FPU registers in world switch
|
|
Improvements to the translation tables library v2
|
|
cert_tool: Fix ECDSA certificates create failure
|
|
Commit a8eb286adaa73e86305317b9cae15d41c57de8e7 introduced the
following error when creating ECDSA certificates.
ERROR: Error creating key 'Trusted World key'
Makefile:634: recipe for target 'certificates' failed
make: *** [certificates] Error 1
this patch adds the function to create PKCS#1 v1.5.
Change-Id: Ief96d55969d5e9877aeb528c6bb503b560563537
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
|
|
This patch fixes incompatibility issues that prevent building the cert_tool
with OpenSSL >= v1.1.0. The changes introduced are still backwards
compatible with OpenSSL v1.0.2.
Fixes arm-software/trusted-fw#521
Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>
|
|
Fix assertion in GIC ITS helper
|
|
This patch fixes an assertion check in the GICv3 ITS helper function.
Change-Id: I75f50d7bf6d87c12c6e24a07c9a9889e5facf4a5
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
|
|
Increase PLAT_ARM_MMAP_ENTRIES and MAX_XLAT_TABLES
|
|
The MEM_PROTECT support adds a MMAP region for DRAM2, which when
building with TBBR support and OP-TEE tsp requires an additional
entry in the MMAP region array in BL2 - PLAT_ARM_MMAP_ENTRIES is
increased.
The MEM_PROTECT support also adds a new region in BL31, and when
BL31 is placed in DRAM, the memory mappings require an additional
translation table - MAX_XLAT_TABLES is increased.
Change-Id: I0b76260da817dcfd0b8f73a7193c36efda977625
Signed-off-by: David Cunado <david.cunado@arm.com>
|
|
GICv3 context save and restore
|
|
Give hints on how to use the GICv3 save/restore helpers in the
implementation of the PSCI handlers.
Change-Id: I86de1c27417b64c7ce290974964ef97ff678f676
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
|
|
This patch adds functions to save and restore GICv3 ITS registers during
system suspend. Please note that the power management of GIC ITS is
implementation defined. These functions only implements the
architectural part of the ITS power management and they do not restore
memory structures or register content required to support ITS. Even if
the ITS implementation stores structures in memory, an implementation
defined power down sequence is likely to be required to flush some
internal ITS caches to memory. If such implementation defined sequence
is not followed, the platform must ensure that the ITS is not power
gated during system suspend.
Change-Id: I5f31e5541975aa7dcaab69b0b7f67583c0e27678
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
|
|
During system suspend, the GICv3 Distributor and Redistributor context
can be lost due to power gating of the system power domain. This means
that the GICv3 context needs to be saved prior to system suspend and
restored on wakeup. Currently the consensus is that the Firmware should
be in charge of this. See tf-issues#464 for more details.
This patch introduces helper APIs in the GICv3 driver to save and
restore the Distributor and Redistributor contexts. The GICv3 ITS
context is not considered in this patch because the specification says
that the details of ITS power management is implementation-defined.
These APIs are expected to be appropriately invoked by the platform
layer during system suspend.
Fixes ARM-software/tf-issues#464
Change-Id: Iebb9c6770ab8c4d522546f161fa402d2fe02ec00
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
|
|
Tidy up the code a bit by turning some macros into inline functions
which allows to remove the do/while(0) idiom and backslashes at the end
of the line.
Change-Id: Ie41a4ea4a4da507f7b925247b53e85019101d717
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
|
|
Reindent the file using tabs as the mix of spaces and tabs confuses some
editors and leads them to use spaces instead of tabs for new code
although the coding style mandates tabs.
Change-Id: I87fa4a5d368a048340054b9b3622325f3f7befba
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
|
|
This patch introduces the ability of the xlat tables library to manage
EL0 and EL1 mappings from a higher exception level.
Attributes MT_USER and MT_PRIVILEGED have been added to allow the user
specify the target EL in the translation regime EL1&0.
REGISTER_XLAT_CONTEXT2 macro is introduced to allow creating a
xlat_ctx_t that targets a given translation regime (EL1&0 or EL3).
A new member is added to xlat_ctx_t to represent the translation regime
the xlat_ctx_t manages. The execute_never mask member is removed as it
is computed from existing information.
Change-Id: I95e14abc3371d7a6d6a358cc54c688aa9975c110
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Introduce a variant of the TLB invalidation helper function that
allows the targeted translation regime to be specified, rather than
defaulting to the current one.
This new function is useful in the context of EL3 software managing
translation tables for the S-EL1&0 translation regime, as then it
might need to invalidate S-EL1&0 TLB entries rather than EL3 ones.
Define a new enumeration to be able to represent translation regimes in
the xlat tables library.
Change-Id: Ibe4438dbea2d7a6e7470bfb68ff805d8bf6b07e5
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
TLB invalidation functions used to be conditionally compiled in.
They were enabled only when using the dynamic mapping feature.
because only then would we need to modify page tables on the fly.
Actually there are other use cases where invalidating TLBs is required.
When changing memory attributes in existing translation descriptors for
example. These other use cases do not necessarily depend on the dynamic
mapping feature.
This patch removes this dependency and always compile TLB invalidation
functions in. If they're not used, they will be removed from the binary
at link-time anyway so there's no consequence on the memory footprint
if these functions are not called.
Change-Id: I1c33764ae900eb00073ee23b7d0d53d4efa4dd21
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
|
|
The current implementation of the memory mapping API favours mapping
memory regions using the biggest possible block size in order to
reduce the number of translation tables needed.
In some cases, this behaviour might not be desirable. When translation
tables are edited at run-time, coarse-grain mappings like that might
need splitting into finer-grain tables. This operation has a
performance cost.
The MAP_REGION2() macro allows to specify the granularity of
translation tables used for the initial mapping of a memory region.
This might increase performance for memory regions that are likely to
be edited in the future, at the expense of a potentially increased
memory footprint.
The Translation Tables Library Design Guide has been updated to
explain the use case for this macro. Also added a few intermediate
titles to make the guide easier to digest.
Change-Id: I04de9302e0ee3d326b8877043a9f638766b81b7b
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Mem protect
|
|
TSP: Support multi-threading CPUs on FVP
|
|
Commit 11ad8f208db42f7729b0ce2bd16c631c293e665c added supporting
multi-threaded CPUs on FVP platform, including modifications for
calculating CPU IDs. This patch imports the strong definition of the
same CPU ID calculation on FVP platform for TSP.
Without this patch, TSP on FVP was using the default CPU ID calculation,
which would end up being wrong on CPUs with multi-threading.
Change-Id: If67fd492dfce1f57224c9e693988c4b0f89a9a9a
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
|
|
Add support for TBBR using ECDSA keys in ARM platforms
|
|
hikey*: Update docs
|
|
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
|
Uniphier: fix xlat tables lib inclusion
|
|
Uses the xlat tables library's Makefile instead of directly including
the source files in the Uniphier platform port.
Change-Id: I27294dd71bbf9bf3e82973c75324652b037e5bce
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
|
|
Fix MAP_REGION for GCC 4.9
|
|
Since commit 769d65da778b ("xlat: Use MAP_REGION macro as compatibility
layer"), building with GCC 4.9 fails.
CC plat/arm/board/fvp/fvp_common.c
plat/arm/board/fvp/fvp_common.c:60:2: error: initializer element is not constant
ARM_MAP_SHARED_RAM,
^
plat/arm/board/fvp/fvp_common.c:60:2: error: (near initialization for 'plat_arm_mmap[0]')
make: *** [Makefile:535: build/fvp/release/bl1/fvp_common.o] Error 1
Taking into account that MAP_REGION(_FLAT) is widely used in array
initializers, do not use cast.
Fixes: 769d65da778b ("xlat: Use MAP_REGION macro as compatibility layer")
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
|
|
FVP: Include utils_def.h instead of utils.h
|
|
Set TCR_EL1.EPD1 bit to 1
|
|
Fix type of `unsigned long` constants
|
|
On ARM platforms, the maximum size of the address space is limited
to 32-bits as defined in arm_def.h. In order to access DRAM2, which
is defined beyond the 32-bit address space, the maximum address space
is increased to 36-bits in AArch64. It is possible to increase the
virtual space for AArch32, but it is more difficult and not supported
for now.
NOTE - the actual maximum memory address space is platform dependent
and is checked at run-time by querying the PARange field in the
ID_AA64MMFR0_EL1 register.
Change-Id: I6cb05c78a63b1fed96db9a9773faca04a5b93d67
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
|
|
mem_protect needs some kind of non-volatile memory because it has
to remember its state across reset and power down events.
The most suitable electronic part for this feature is a NVRAM
which should be only accesible from the secure world. Juno and
FVP lack such hardware and for this reason the MEM_PROTECT
functionality is implemented with Flash EEPROM memory on both
boards, even though this memory is accesible from the non-secure
world. This is done only to show a full implementation of
these PSCI features, but an actual system shouldn't use a
non-secure NVRAM to implement it.
The EL3 runtime software will write the mem_protect flag and BL2
will read and clear the memory ranges if enabled. It is done in
BL2 because it reduces the time that TF needs access to the full
non-secure memory.
The memory layout of both boards is defined using macros which
take different values in Juno and FVP platforms. Generic platform
helpers are added that use the platform specific macros to generate
a mem_region_t that is valid for the platform.
Change-Id: I2c6818ac091a2966fa07a52c5ddf8f6fde4941e9
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
|
|
This commit introduces a new type (mem_region_t) used to describe
memory regions and it adds two utility functions:
- clear_mem_regions: This function clears (write 0) to a set
of regions described with an array of mem_region_t.
- mem_region_in_array_chk This function checks if a
region is covered by some of the regions described
with an array of mem_region_t.
Change-Id: I12ce549f5e81dd15ac0981645f6e08ee7c120811
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
|
|
This patch adds the generic code that links the psci smc handler
with the platform function that implements the mem_protect and
mem_check_range functionalities. These functions are optional
APIs added in PSCI v1.1 (ARM DEN022D).
Change-Id: I3bac1307a5ce2c7a196ace76db8317e8d8c8bb3f
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
|
|
Add new option rsa+ecdsa for TF_MBEDTLS_KEY_ALG, which selects
rsa or ecdsa depending on the certificate used.
Change-Id: I08d9e99bdbba361ed2ec5624248dc382c750ad47
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
|
|
- fixed compile error when KEY_ALG=ecdsa
- add new option ecdsa for TF_MBEDTLS_KEY_ALG
- add new option devel_ecdsa for ARM_ROTPK_LOCATION
- add ecdsa key at plat/arm/board/common/rotpk/
- reduce the mbedtls heap memory size to 13k
Change-Id: I3f7a6170af93fdbaaa7bf2fffb4680a9f6113c13
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
|
|
For Trusted Board Boot, BL1 RW section and BL2 need more space to
support the ECDSA algorithm. Specifically, PLAT_ARM_MAX_BL1_RW_SIZE
is increased on ARM platforms.
And on the Juno platform:
- BL2 size, PLAT_ARM_MAX_BL2_SIZE is increased.
- SCP_BL2 is loaded into the space defined by BL31_BASE ->
BL31_RW_BASE. In order to maintain the same size space for
SCP_BL2,PLAT_ARM_MAX_BL31_SIZE is increased.
Change-Id: I379083f918b40ab1c765da4e71780d89f0058040
Co-Authored-By: David Cunado <david.cunado@arm.com>
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
|
|
platform_def.h doesn't need all the definitions in utils.h,
the ones in utils_def.h are enough. This patch is related
to the changes introduced by commit 53d9c9c85b.
Change-Id: I4b2ff237a2d7fe07a7230e0e49b44b3fc2ca8abe
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
|
|
The type `unsigned long` is 32 bit wide in AArch32, but 64 bit wide in
AArch64. This is inconsistent and that's why we avoid using it as per
the Coding Guidelines. This patch changes all `UL` occurrences to `U`
or `ULL` depending on the context so that the size of the constant is
clear.
This problem affected the macro `BIT(nr)`. As long as this macro is used
to fill fields of registers, that's not a problem, since all registers
are 32 bit wide in AArch32 and 64 bit wide in AArch64. However, if the
macro is used to fill the fields of a 64-bit integer, it won't be able
to set the upper 32 bits in AArch32.
By changing the type of this macro to `unsigned long long` the behaviour
is always the same regardless of the architecture, as this type is
64-bit wide in both cases.
Some Tegra platform files have been modified by this patch.
Change-Id: I918264c03e7d691a931f0d1018df25a2796cc221
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
In the S-EL1&0 translation regime we aren't using the higher VA range,
whose translation table base address is held in TTBR1_EL1. The bit
TCR_EL1.EPD1 can be used to disable translations using TTBR1_EL1, but
the code wasn't setting it to 1. Additionally, other fields in TCR1_EL1
associated with the higher VA range (TBI1, TG1, SH1, ORGN1, IRGN1 and
A1) weren't set correctly as they were left as 0. In particular, 0 is a
reserved value for TG1. Also, TBBR1_EL1 was not explicitly set and its
reset value is UNKNOWN.
Therefore memory accesses to the higher VA range would result in
unpredictable behaviour as a translation table walk would be attempted
using an UNKNOWN value in TTBR1_EL1.
On the FVP and Juno platforms accessing the higher VA range resulted in
a translation fault, but this may not always be the case on all
platforms.
This patch sets the bit TCR_EL1.EPD1 to 1 so that any kind of
unpredictable behaviour is prevented.
This bug only affects the AArch64 version of the code, the AArch32
version sets this bit to 1 as expected.
Change-Id: I481c000deda5bc33a475631301767b9e0474a303
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Use a mmap_region_t as parameter instead of getting a parameter for each
structure member. This reduces the scope of changes when adding members
to mmap_region_t.
Also align on the convention of using mm_cursor as a variable name for
the currently inspected region when iterating on the region array.
Change-Id: If40bc4351b56c64b214e60dda27276d11ce9dbb3
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
|
|
xlat: fix mm copy when adding a region
|
|
zynqmp: Sync function declaration and definition
|
|
Currently, Trusty OS/LK implemented FPU context switch in internal
thread switch but does not implement the proper mechanism for world
switch. This commit just simply saves/restores FPU registes in world
switch to prevent FPU context from being currupted when Trusty OS uses
VFP in its applications.
It should be noted that the macro *CTX_INCLUDE_FPREGS* must be defined
in trusty.mk if Trusty OS uses VFP
Signed-off-by: Aijun Sun <aijun.sun@spreadtrum.com>
|
|
Synchronize argument order between function definition and declaration
of pm_fpga_load.
Fixes ARM-software/tf-issues#514
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
|
|
Implement log framework
|