Soby Mathew [Tue, 14 Nov 2017 14:10:10 +0000 (14:10 +0000)]
ARM platforms: Fixup AArch32 builds
This patch fixes a couple of issues for AArch32 builds on ARM reference
platforms :
1. The arm_def.h previously defined the same BL32_BASE value for AArch64 and
AArch32 build. Since BL31 is not present in AArch32 mode, this meant that
the BL31 memory is empty when built for AArch32. Hence this patch allocates
BL32 to the memory region occupied by BL31 for AArch32 builds.
As a side-effect of this change, the ARM_TSP_RAM_LOCATION macro cannot
be used to control the load address of BL32 in AArch32 mode which was
never the intention of the macro anyway.
2. A static assert is added to sp_min linker script to check that the progbits
are within the bounds expected when overlaid with other images.
3. Fix specifying `SPD` when building Juno for AArch32 mode. Due to the quirks
involved when building Juno for AArch32 mode, the build option SPD needed to
specifed. This patch corrects this and also updates the documentation in the
user-guide.
4. Exclude BL31 from the build and FIP when building Juno for AArch32 mode. As
a result the previous assumption that BL31 must be always present is removed
and the certificates for BL31 is only generated if `NEED_BL31` is defined.
Change-Id: I1c39bbc0abd2be8fbe9f2dea2e9cb4e3e3e436a8
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
davidcunado-arm [Wed, 29 Nov 2017 10:41:33 +0000 (10:41 +0000)]
Merge pull request #1170 from dp-arm/dp/amu
Add support for Activity Monitors
Dimitris Papastamos [Tue, 17 Oct 2017 13:03:14 +0000 (14:03 +0100)]
AMU: Implement support for aarch32
The `ENABLE_AMU` build option can be used to enable the
architecturally defined AMU counters. At present, there is no support
for the auxiliary counter group.
Change-Id: Ifc7532ef836f83e629f2a146739ab61e75c4abc8
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos [Thu, 12 Oct 2017 12:02:29 +0000 (13:02 +0100)]
AMU: Implement support for aarch64
The `ENABLE_AMU` build option can be used to enable the
architecturally defined AMU counters. At present, there is no support
for the auxiliary counter group.
Change-Id: I7ea0c0a00327f463199d1b0a481f01dadb09d312
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos [Tue, 14 Nov 2017 13:27:41 +0000 (13:27 +0000)]
fvp: Enable the Activity Monitor Unit extensions by default
Change-Id: I96de88f44c36681ad8a70430af8e01016394bd14
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos [Mon, 16 Oct 2017 10:40:10 +0000 (11:40 +0100)]
Implement support for the Activity Monitor Unit on Cortex A75
The Cortex A75 has 5 AMU counters. The first three counters are fixed
and the remaining two are programmable.
A new build option is introduced, `ENABLE_AMU`. When set, the fixed
counters will be enabled for use by lower ELs. The programmable
counters are currently disabled.
Change-Id: I4bd5208799bb9ed7d2596e8b0bfc87abbbe18740
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
davidcunado-arm [Fri, 24 Nov 2017 13:27:50 +0000 (13:27 +0000)]
Merge pull request #1172 from sandrine-bailleux-arm/sb/fix-makefile-aarch32
Fix Makefile for ARMv8-A AArch32 builds
Sandrine Bailleux [Fri, 24 Nov 2017 08:43:40 +0000 (08:43 +0000)]
Fix Makefile for ARMv8-A AArch32 build
Commit
26e63c4450 broke the Makefile for ARMv8-A AArch32 platforms.
This patch fixes it.
Change-Id: I49b8eb5b88f3a131aa4c8642ef970e92d90b6dd2
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
davidcunado-arm [Thu, 23 Nov 2017 23:50:06 +0000 (23:50 +0000)]
Merge pull request #1169 from antonio-nino-diaz-arm/an/spm-fixes
SPM fixes
davidcunado-arm [Thu, 23 Nov 2017 23:41:24 +0000 (23:41 +0000)]
Merge pull request #1145 from etienne-lms/rfc-armv7-2
Support ARMv7 architectures
davidcunado-arm [Thu, 23 Nov 2017 10:18:06 +0000 (10:18 +0000)]
Merge pull request #1164 from robertovargas-arm/psci-affinity
Flush the affinity data in psci_affinity_info
davidcunado-arm [Thu, 23 Nov 2017 00:39:55 +0000 (00:39 +0000)]
Merge pull request #1163 from antonio-nino-diaz-arm/an/parange
Add ARMv8.2 ID_AA64MMFR0_EL1.PARange value
davidcunado-arm [Wed, 22 Nov 2017 22:42:12 +0000 (22:42 +0000)]
Merge pull request #1165 from geesun/qx/support-sha512
Add support sha512 for hash algorithm
davidcunado-arm [Wed, 22 Nov 2017 13:57:03 +0000 (13:57 +0000)]
Merge pull request #1161 from jeenu-arm/sdei-fixes
SDEI fixes
davidcunado-arm [Wed, 22 Nov 2017 11:51:29 +0000 (11:51 +0000)]
Merge pull request #1162 from dp-arm/spe-rework
Move SPE code to lib/extensions
Qixiang Xu [Thu, 9 Nov 2017 05:56:29 +0000 (13:56 +0800)]
tbbr: Add build flag HASH_ALG to let the user to select the SHA
The flag support the following values:
- sha256 (default)
- sha384
- sha512
Change-Id: I7a49d858c361e993949cf6ada0a86575c3291066
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
Qixiang Xu [Thu, 9 Nov 2017 05:51:58 +0000 (13:51 +0800)]
tools: add an option -hash-alg for cert_create
This option enables the user to select the secure hash algorithm
to be used for generating the hash. It supports the following
options:
- sha256 (default)
- sha384
- sha512
Change-Id: Icb093cec1b5715e248c3d1c3749a2479a7ab4b89
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
Roberto Vargas [Mon, 13 Nov 2017 08:24:07 +0000 (08:24 +0000)]
Flush the affinity data in psci_affinity_info
There is an edge case where the cache maintaince done in
psci_do_cpu_off may not seen by some cores. This case is handled in
psci_cpu_on_start but it hasn't handled in psci_affinity_info.
Change-Id: I4d64f3d1ca9528e364aea8d04e2d254f201e1702
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Dimitris Papastamos [Fri, 13 Oct 2017 11:06:06 +0000 (12:06 +0100)]
Refactor Statistical Profiling Extensions implementation
Factor out SPE operations in a separate file. Use the publish
subscribe framework to drain the SPE buffers before entering secure
world. Additionally, enable SPE before entering normal world.
A side effect of this change is that the profiling buffers are now
only drained when a transition from normal world to secure world
happens. Previously they were drained also on return from secure
world, which is unnecessary as SPE is not supported in S-EL1.
Change-Id: I17582c689b4b525770dbb6db098b3a0b5777b70a
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos [Fri, 13 Oct 2017 14:07:45 +0000 (15:07 +0100)]
Change Statistical Profiling Extensions build option handling
It is not possible to detect at compile-time whether support for an
optional extension such as SPE should be enabled based on the
ARM_ARCH_MINOR build option value. Therefore SPE is now enabled by
default.
Change-Id: I670db164366aa78a7095de70a0962f7c0328ab7c
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Dimitris Papastamos [Tue, 7 Nov 2017 09:55:29 +0000 (09:55 +0000)]
Factor out extension enabling to a separate function
Factor out extension enabling to a separate function that is called
before exiting from EL3 for first entry into Non-secure world.
Change-Id: Ic21401ebba531134d08643c0a1ca9de0fc590a1b
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Jeenu Viswambharan [Thu, 16 Nov 2017 12:34:15 +0000 (12:34 +0000)]
SDEI: Update doc to clarify delegation
The explicit event dispatch sequence currently depicts handling done in
Secure EL1, although further error handling is typically done inside a
Secure Partition. Clarify the sequence diagram to that effect.
Change-Id: I53deedc6d5ee0706626890067950c2c541a62c78
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan [Thu, 16 Nov 2017 12:06:34 +0000 (12:06 +0000)]
SDEI: Assert that dynamic events have Normal priority
The SDEI specification requires that binding a client interrupt
dispatches SDEI Normal priority event. This means that dynamic events
can't have Critical priority. Add asserts for this.
Change-Id: I0bdd9e0e642fb2b61810cb9f4cbfbd35bba521d1
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan [Tue, 14 Nov 2017 15:35:41 +0000 (15:35 +0000)]
SDEI: Fix type of register count
Register count is currently declared as unsigned, where as there are
asserts in place to check it being negative during unregister. These are
flagged as never being true.
Change-Id: I34f00f0ac5bf88205791e9c1298a175dababe7c8
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan [Tue, 14 Nov 2017 10:52:20 +0000 (10:52 +0000)]
SDEI: Fix security state check for explicit dispatch
Change-Id: Ic381ab5d03ec68c7f6e8d357ac2e2cbf0cc6b2e8
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
davidcunado-arm [Fri, 17 Nov 2017 12:18:22 +0000 (12:18 +0000)]
Merge pull request #1160 from davidcunado-arm/dc/fp_regs
Move FPEXC32_EL2 to FP Context
Antonio Nino Diaz [Fri, 17 Nov 2017 09:52:53 +0000 (09:52 +0000)]
Add ARMv8.2 ID_AA64MMFR0_EL1.PARange value
If an implementation of ARMv8.2 includes ARMv8.2-LPA, the value 0b0110
is permitted in ID_AA64MMFR0_EL1.PARange, which means that the Physical
Address range supported is 52 bits (4 PiB). It is a reserved value
otherwise.
Change-Id: Ie0147218e9650aa09f0034a9ee03c1cca8db908a
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
David Cunado [Fri, 20 Oct 2017 10:30:57 +0000 (11:30 +0100)]
Move FPEXC32_EL2 to FP Context
The FPEXC32_EL2 register controls SIMD and FP functionality when the
lower ELs are executing in AArch32 mode. It is architecturally mapped
to AArch32 system register FPEXC.
This patch removes FPEXC32_EL2 register from the System Register context
and adds it to the floating-point context. EL3 only saves / restores the
floating-point context if the build option CTX_INCLUDE_FPREGS is set to 1.
The rationale for this change is that if the Secure world is using FP
functionality and EL3 is not managing the FP context, then the Secure
world will save / restore the appropriate FP registers.
NOTE - this is a break in behaviour in the unlikely case that
CTX_INCLUDE_FPREGS is set to 0 and the platform contains an AArch32
Secure Payload that modifies FPEXC, but does not save and restore
this register
Change-Id: Iab80abcbfe302752d52b323b4abcc334b585c184
Signed-off-by: David Cunado <david.cunado@arm.com>
Antonio Nino Diaz [Wed, 15 Nov 2017 10:36:21 +0000 (10:36 +0000)]
SPM: Fix SP_COMMUNICATE_AARCH32/64 parameters
The parameters passed to the Secure world from the Secure Partition
Manager when invoking SP_COMMUNICATE_AARCH32/64 were incorrect, as well
as the checks done on them.
Change-Id: I26e8c80cad0b83437db7aaada3d0d9add1c53a78
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz [Tue, 14 Nov 2017 13:41:27 +0000 (13:41 +0000)]
SPM: Fix calculation of max page granularity
The code was incorrectly reading from ID_AA64PRF0_EL1 instead of
ID_AA64MMFR0_EL1 causing the supported granularity sizes returned by the
code to be wrong.
This wasn't causing any problem because it's just used to check the
alignment of the base of the buffer shared between Non-secure and Secure
worlds, and it was aligned to more than 64 KiB, which is the maximum
granularity supported by the architecture.
Change-Id: Icc0d949d9521cc0ef13afb753825c475ea62d462
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
davidcunado-arm [Tue, 14 Nov 2017 09:25:50 +0000 (09:25 +0000)]
Merge pull request #1159 from jeenu-arm/sdei-fix
SDEI: Fix build error with logging enabled
Jeenu Viswambharan [Mon, 13 Nov 2017 12:30:45 +0000 (12:30 +0000)]
SDEI: Fix build error with logging enabled
Change-Id: Iee617a3528225349b6eede2f8abb26da96640678
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
davidcunado-arm [Mon, 13 Nov 2017 10:58:40 +0000 (10:58 +0000)]
Merge pull request #1152 from jeenu-arm/ehf-and-sdei
EHF and SDEI
Jeenu Viswambharan [Wed, 18 Oct 2017 13:35:20 +0000 (14:35 +0100)]
docs: Add SDEI dispatcher documentation
The document includes SDEI sequence diagrams that are generated using
PlantUML [1].
A shell script is introduced to generate SVG files from PlantUML files
supplied in arguments.
[1] http://plantuml.com/PlantUML_Language_Reference_Guide.pdf
Change-Id: I433897856810bf1927f2800a7b2b1d81827c69b2
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan [Mon, 2 Oct 2017 11:10:54 +0000 (12:10 +0100)]
SDEI: Add API for explicit dispatch
This allows for other EL3 components to schedule an SDEI event dispatch
to Normal world upon the next ERET. The API usage constrains are set out
in the SDEI dispatcher documentation.
Documentation to follow.
Change-Id: Id534bae0fd85afc94523490098c81f85c4e8f019
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan [Fri, 22 Sep 2017 07:32:10 +0000 (08:32 +0100)]
ARM platforms: Enable SDEI
Support SDEI on ARM platforms using frameworks implemented in earlier
patches by defining and exporting SDEI events: this patch defines the
standard event 0, and a handful of shared and private dynamic events.
Change-Id: I9d3d92a92cff646b8cc55eabda78e140deaa24e1
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan [Tue, 24 Oct 2017 10:47:13 +0000 (11:47 +0100)]
ARM platforms: Define exception macros
Define number of priority bits, and allocate priority levels for SDEI.
Change-Id: Ib6bb6c5c09397f7caef950c4caed5a737b3d4112
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan [Thu, 19 Oct 2017 08:15:15 +0000 (09:15 +0100)]
ARM platforms: Provide SDEI entry point validation
Provide a strong definition for plat_sdei_validate_sdei_entrypoint()
which translates client address to Physical Address, and then validating
the address to be present in DRAM.
Change-Id: Ib93eb66b413d638aa5524d1b3de36aa16d38ea11
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan [Tue, 19 Sep 2017 08:27:18 +0000 (09:27 +0100)]
ARM platforms: Make arm_validate_ns_entrypoint() common
The function arm_validate_ns_entrypoint() validates a given non-secure
physical address. This function however specifically returns PSCI error
codes.
Non-secure physical address validation is potentially useful across ARM
platforms, even for non-PSCI use cases. Therefore make this function
common by returning 0 for success or -1 otherwise.
Having made the function common, make arm_validate_psci_entrypoint() a
wrapper around arm_validate_ns_entrypoint() which only translates return
value into PSCI error codes. This wrapper is now used where
arm_validate_ns_entrypoint() was currently used for PSCI entry point
validation.
Change-Id: Ic781fc3105d6d199fd8f53f01aba5baea0ebc310
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan [Mon, 16 Oct 2017 07:43:14 +0000 (08:43 +0100)]
BL31: Add SDEI dispatcher
The implementation currently supports only interrupt-based SDEI events,
and supports all interfaces as defined by SDEI specification version
1.0 [1].
Introduce the build option SDEI_SUPPORT to include SDEI dispatcher in
BL31.
Update user guide and porting guide. SDEI documentation to follow.
[1] http://infocenter.arm.com/help/topic/com.arm.doc.den0054a/ARM_DEN0054A_Software_Delegated_Exception_Interface.pdf
Change-Id: I758b733084e4ea3b27ac77d0259705565842241a
Co-authored-by: Yousuf A <yousuf.sait@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan [Wed, 4 Oct 2017 11:21:34 +0000 (12:21 +0100)]
BL31: Program Priority Mask for SMC handling
On GICv3 systems, as a side effect of adding provision to handle EL3
interrupts (unconditionally routing FIQs to EL3), pending Non-secure
interrupts (signalled as FIQs) may preempt execution in lower Secure ELs
[1]. This will inadvertently disrupt the semantics of Fast SMC
(previously called Atomic SMC) calls.
To retain semantics of Fast SMCs, the GIC PMR must be programmed to
prevent Non-secure interrupts from preempting Secure execution. To that
effect, two new functions in the Exception Handling Framework subscribe
to events introduced in an earlier commit:
- Upon 'cm_exited_normal_world', the Non-secure PMR is stashed, and
the PMR is programmed to the highest Non-secure interrupt priority.
- Upon 'cm_entering_normal_world', the previously stashed Non-secure
PMR is restored.
The above sequence however prevents Yielding SMCs from being preempted
by Non-secure interrupts as intended. To facilitate this, the public API
exc_allow_ns_preemption() is introduced that programs the PMR to the
original Non-secure PMR value. Another API
exc_is_ns_preemption_allowed() is also introduced to check if
exc_allow_ns_preemption() had been called previously.
API documentation to follow.
[1] On GICv2 systems, this isn't a problem as, unlike GICv3, pending NS
IRQs during Secure execution are signalled as IRQs, which aren't
routed to EL3.
Change-Id: Ief96b162b0067179b1012332cd991ee1b3051dd0
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan [Fri, 22 Sep 2017 07:32:10 +0000 (08:32 +0100)]
BL31: Introduce Exception Handling Framework
EHF is a framework that allows dispatching of EL3 interrupts to their
respective handlers in EL3.
This framework facilitates the firmware-first error handling policy in
which asynchronous exceptions may be routed to EL3. Such exceptions may
be handed over to respective exception handlers. Individual handlers
might further delegate exception handling to lower ELs.
The framework associates the delegated execution to lower ELs with a
priority value. For interrupts, this corresponds to the priorities
programmed in GIC; for other types of exceptions, viz. SErrors or
Synchronous External Aborts, individual dispatchers shall explicitly
associate delegation to a secure priority. In order to prevent lower
priority interrupts from preempting higher priority execution, the
framework provides helpers to control preemption by virtue of
programming Priority Mask register in the interrupt controller.
This commit allows for handling interrupts targeted at EL3. Exception
handlers own interrupts by assigning them a range of secure priorities,
and registering handlers for each priority range it owns.
Support for exception handling in BL31 image is enabled by setting the
build option EL3_EXCEPTION_HANDLING=1.
Documentation to follow.
NOTE: The framework assumes the priority scheme supported by platform
interrupt controller is compliant with that of ARM GIC architecture (v2
or later).
Change-Id: I7224337e4cea47c6ca7d7a4ca22a3716939f7e42
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan [Tue, 24 Oct 2017 14:13:59 +0000 (15:13 +0100)]
GIC: Introduce API to get interrupt ID
Acknowledging interrupt shall return a raw value from the interrupt
controller in which the actual interrupt ID may be encoded. Add a
platform API to extract the actual interrupt ID from the raw value
obtained from interrupt controller.
Document the new function. Also clarify the semantics of interrupt
acknowledge.
Change-Id: I818dad7be47661658b16f9807877d259eb127405
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan [Tue, 7 Nov 2017 08:38:23 +0000 (08:38 +0000)]
GIC: Fix Group 0 enabling
At present, the GIC drivers enable Group 0 interrupts only if there are
Secure SPIs listed in the interrupt properties/list. This means that,
even if there are Group 0 SGIs/PPIs configured, the group remained
disabled in the absence of a Group 0 SPI.
Modify both GICv2 and GICv3 SGI/PPI configuration to enable Group 0 when
corresponding SGIs/PPIs are present.
Change-Id: Id123e8aaee0c22b476eebe3800340906d83bbc6d
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan [Tue, 7 Nov 2017 16:10:19 +0000 (16:10 +0000)]
GICv2: Fix populating PE target data
This patch brings in the following fixes:
- The per-PE target data initialized during power up needs to be
flushed so as to be visible to other PEs.
- Setup per-PE target data for the primary PE as well. At present,
this was only setup for secondary PEs when they were powered on.
Change-Id: Ibe3a57c14864e37b2326dd7ab321a5c7bf80e8af
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
davidcunado-arm [Fri, 10 Nov 2017 16:11:32 +0000 (16:11 +0000)]
Merge pull request #1158 from antonio-nino-diaz-arm/an/spm-fix
SPM: Fix pointer to MP info in boot info struct
Antonio Nino Diaz [Fri, 10 Nov 2017 12:25:49 +0000 (12:25 +0000)]
SPM: Fix pointer to MP info in boot info struct
The MP info struct is placed right after the boot info struct. However,
when calculating the address of the MP info, the size of the boot info
struct was being multiplied by the size of the MP boot info. This left
a big gap of empty space between the structs.
This didn't break any code because the boot info struct has a pointer to
the MP info struct. It was just wasting space.
Change-Id: I1668e3540d9173261968f6740623549000bd48db
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
davidcunado-arm [Thu, 9 Nov 2017 22:38:37 +0000 (22:38 +0000)]
Merge pull request #1148 from antonio-nino-diaz-arm/an/spm
Introduce Secure Partition Manager
Antonio Nino Diaz [Thu, 9 Nov 2017 11:34:09 +0000 (11:34 +0000)]
SPM: FVP: Introduce port of SPM
This initial port of the Secure Partitions Manager to FVP supports BL31
in both SRAM and Trusted DRAM.
A document with instructions to build the SPM has been added.
Change-Id: I4ea83ff0a659be77f2cd72eaf2302cdf8ba98b32
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Achin Gupta <achin.gupta@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz [Tue, 24 Oct 2017 09:07:35 +0000 (10:07 +0100)]
SPM: Introduce Secure Partition Manager
A Secure Partition is a software execution environment instantiated in
S-EL0 that can be used to implement simple management and security
services. Since S-EL0 is an unprivileged exception level, a Secure
Partition relies on privileged firmware e.g. ARM Trusted Firmware to be
granted access to system and processor resources. Essentially, it is a
software sandbox that runs under the control of privileged software in
the Secure World and accesses the following system resources:
- Memory and device regions in the system address map.
- PE system registers.
- A range of asynchronous exceptions e.g. interrupts.
- A range of synchronous exceptions e.g. SMC function identifiers.
A Secure Partition enables privileged firmware to implement only the
absolutely essential secure services in EL3 and instantiate the rest in
a partition. Since the partition executes in S-EL0, its implementation
cannot be overly complex.
The component in ARM Trusted Firmware responsible for managing a Secure
Partition is called the Secure Partition Manager (SPM). The SPM is
responsible for the following:
- Validating and allocating resources requested by a Secure Partition.
- Implementing a well defined interface that is used for initialising a
Secure Partition.
- Implementing a well defined interface that is used by the normal world
and other secure services for accessing the services exported by a
Secure Partition.
- Implementing a well defined interface that is used by a Secure
Partition to fulfil service requests.
- Instantiating the software execution environment required by a Secure
Partition to fulfil a service request.
Change-Id: I6f7862d6bba8732db5b73f54e789d717a35e802f
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Achin Gupta <achin.gupta@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz [Wed, 25 Oct 2017 10:53:25 +0000 (11:53 +0100)]
xlat: Make function to calculate TCR PA bits public
This function can be useful to setup TCR_ELx by callers that don't use
the translation tables library to setup the system registers related
to them. By making it common, it can be reused whenever it is needed
without duplicating code.
Change-Id: Ibfada9e846d2a6cd113b1925ac911bb27327d375
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz [Thu, 19 Oct 2017 15:55:48 +0000 (16:55 +0100)]
spd: Use `ENABLE_ASSERTIONS` instead of `DEBUG`
A line in the upstream SPDs is only compiled in in `DEBUG` builds. This
line is used to help with assertions and so assertion failures can
happen in release builds with assertions enabled. Use
`ENABLE_ASSERTIONS` instead of `DEBUG`.
This bug was introduced in commit
aa61368eb5, which introduced the build
option `ENABLE_ASSERTIONS`.
Change-Id: I7977df9c89c68677b00099b2a1926fa3cb0937c6
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
davidcunado-arm [Wed, 8 Nov 2017 14:17:01 +0000 (14:17 +0000)]
Merge pull request #1154 from soby-mathew/sm/fix_psci_stat
Fix PSCI STAT time stamp collection
Etienne Carriere [Sun, 5 Nov 2017 21:57:56 +0000 (22:57 +0100)]
ARMv7: division support for missing __aeabi_*divmod
ARMv7-A architectures that do not support the Virtualization extensions
do not support instructions for the 32bit division. This change provides
a software implementation for 32bit division.
The division implementation is dumped from the OP-TEE project
http://github.com/OP-TEE/optee_os. The code was slightly modified
to pass trusted firmware checkpatch requirements and copyright is
given to the ARM trusted firmware initiative and its contributors.
Change-Id: Idae0c7b80a0d75eac9bd41ae121921d4c5af3fa3
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Etienne Carriere [Sun, 5 Nov 2017 21:57:38 +0000 (22:57 +0100)]
ARMv7: GICv2 driver can manage GICv1 with security extension
Some SoCs integrate a GIC in version 1 that is currently not supported
by the trusted firmware. This change hijacks GICv2 driver to handle the
GICv1 as GICv1 is compatible enough with GICv2 as far as the platform
does not attempt to play with virtualization support or some GICv2
specific power features.
Note that current trusted firmware does not use these GICv2 features
that are not available in GICv1 Security Extension.
Change-Id: Ic2cb3055f1319a83455571d6d918661da583f179
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Etienne Carriere [Sun, 5 Nov 2017 21:57:29 +0000 (22:57 +0100)]
aarch32: add missing dmb() macro
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Etienne Carriere [Sun, 5 Nov 2017 21:57:20 +0000 (22:57 +0100)]
aarch32: add few missing weak platform specific function
Adds weak functions for plat_report_exception, bl1_plat_prepare_exit
and plat_error_handler in AArch32 mode.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Etienne Carriere [Wed, 8 Nov 2017 13:41:47 +0000 (14:41 +0100)]
ARMv7 may not support Generic Timer Extension
If ARMv7 based platform does not set ARM_CORTEX_Ax=yes, platform
shall define ARMV7_SUPPORTS_GENERIC_TIMER to enable generic timer
support.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Etienne Carriere [Wed, 8 Nov 2017 13:38:33 +0000 (14:38 +0100)]
ARMv7 may not support Virtualization Extensions
ARMv7-A Virtualization extensions brings new instructions and resources
that were supported by later architectures. Reference ARM ARM Issue C.c
[DDI0406C_C].
ERET and extended MSR/MRS instructions, as specified in [DDI0406C_C] in
ID_PFR1 description of bits[15:12] (Virtualization Extensions):
A value of 0b0001 implies implementation of the HVC, ERET, MRS
(Banked register), and MSR (Banked register) instructions. The ID_ISARs
do not identify whether these instructions are implemented.
UDIV/SDIV were introduced with the Virtualization extensions, even if
not strictly related to the virtualization extensions.
If ARMv7 based platform does not set ARM_CORTEX_Ax=yes, platform
shall define ARMV7_SUPPORTS_VIRTUALIZATION to enable virtualization
extension related resources.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Etienne Carriere [Wed, 8 Nov 2017 12:53:47 +0000 (13:53 +0100)]
ARMv7 may not support large page addressing
ARCH_SUPPORTS_LARGE_PAGE_ADDRESSING allows build environment to
handle specific case when target ARMv7 core only supports 32bit MMU
descriptor mode.
If ARMv7 based platform does not set ARM_CORTEX_Ax=yes, platform
shall define ARMV7_SUPPORTS_LARGE_PAGE_ADDRESSING to enable
large page addressing support.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Etienne Carriere [Sun, 5 Nov 2017 21:56:50 +0000 (22:56 +0100)]
ARMv7: introduce Cortex-A12
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Etienne Carriere [Sun, 5 Nov 2017 21:56:41 +0000 (22:56 +0100)]
ARMv7: introduce Cortex-A17
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Etienne Carriere [Sun, 5 Nov 2017 21:56:34 +0000 (22:56 +0100)]
ARMv7: introduce Cortex-A7
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Etienne Carriere [Sun, 5 Nov 2017 21:56:26 +0000 (22:56 +0100)]
ARMv7: introduce Cortex-A5
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Etienne Carriere [Sun, 5 Nov 2017 21:56:19 +0000 (22:56 +0100)]
ARMv7: introduce Cortex-A9
As Cortex-A9 needs to manually enable program flow prediction,
do not reset SCTLR[Z] at entry. Platform should enable it only
once MMU is enabled.
Change-Id: I34e1ee2da73221903f7767f23bc6fc10ad01e3de
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Etienne Carriere [Sun, 5 Nov 2017 21:56:10 +0000 (22:56 +0100)]
ARMv7: introduce Cortex-A15
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Etienne Carriere [Sun, 5 Nov 2017 21:56:03 +0000 (22:56 +0100)]
ARMv7 architecture have specific system registers
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Etienne Carriere [Sun, 5 Nov 2017 21:55:55 +0000 (22:55 +0100)]
ARMv7 does not support SDCR
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Etienne Carriere [Sun, 5 Nov 2017 21:55:47 +0000 (22:55 +0100)]
ARMv7 does not support STL instruction
Also need to add a SEV instruction in ARMv7 spin_unlock which
is implicit in ARMv8.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Etienne Carriere [Wed, 8 Nov 2017 12:49:12 +0000 (13:49 +0100)]
ARMv7 requires the clear exclusive access at monitor entry
Clear exclusive monitor on SMC and FIQ entry for ARMv7 cores.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Etienne Carriere [Wed, 8 Nov 2017 12:48:40 +0000 (13:48 +0100)]
ARMv7 target is driven by ARM_ARCH_MAJOR==7
External build environment shall sets directive ARM_ARCH_MAJOR to 7
to specify a target ARMv7-A core.
As ARM-TF expects AARCH to be set, ARM_ARCH_MAJOR==7 mandates
AARCH=aarch32.
The toolchain target architecture/cpu is delegated after the platform
configuration is parsed. Platform shall define target core through
ARM_CORTEX_A<x>=yes, <x> being 5, 7, 9, 12, 15 and/or 17.
Platform can bypass ARM_CORTEX_A<x>=yes directive and provide straight
the toolchain target directive through MARCH32_DIRECTIVE.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
davidcunado-arm [Tue, 7 Nov 2017 16:16:51 +0000 (16:16 +0000)]
Merge pull request #1155 from masahir0y/uniphier
Fix build error when creating ROT key for UniPhier platform
Masahiro Yamada [Fri, 3 Nov 2017 18:14:03 +0000 (03:14 +0900)]
uniphier: make sure to create build directory before ROT key
Building the UniPhier platform in parallel with TRUSTED_BOARD_BOOT=1
could fail due to non-existing directory. It might be difficult to
reproduce, but here is an easier way to trigger the problem:
$ make PLAT=uniphier TRUSTED_BOARD_BOOT=1 MBEDTLS_DIR=mbedtls certificates
OPENSSL build/uniphier/release/rot_key.pem
/bin/sh: 1: cannot create build/uniphier/release/rot_key.pem: Directory nonexistent
make: *** [build/uniphier/release/rot_key.pem] Error 2
The $(ROT_KEY) must depend on $(BUILD_PLAT) so that the build directory
is created before the key.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada [Fri, 3 Nov 2017 18:12:28 +0000 (03:12 +0900)]
Build: introduce ${BUILD_PLAT} target to create the top build directory
Some platforms (for ex. UniPhier) want to create files in the very
top of the build directory. Add ${BUILD_PLAT} so such files can
depend on it.
Make existing directory targets depend on ${BUILD_PLAT} because
they are sub-directories of ${BUILD_PLAT}.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
davidcunado-arm [Mon, 6 Nov 2017 13:59:42 +0000 (13:59 +0000)]
Merge pull request #1153 from robertovargas-arm/fix-macros
Avoid use of undefined macros
davidcunado-arm [Fri, 3 Nov 2017 20:59:57 +0000 (20:59 +0000)]
Merge pull request #1151 from JoelHutton/jh/MISRA-Mandatory
Change sizeof to use type of struct not function
davidcunado-arm [Fri, 3 Nov 2017 16:27:42 +0000 (16:27 +0000)]
Merge pull request #1142 from etienne-lms/qemu-int
qemu: update deprecated interrupt registering
Soby Mathew [Mon, 16 Oct 2017 14:19:31 +0000 (15:19 +0100)]
Fix PSCI STAT time stamp collection
This patch includes various fixes for PSCI STAT functionality
relating to timestamp collection:
1. The PSCI stat accounting for retention states for higher level
power domains were done outside the locks which could lead to
spurious values in some race conditions. This is moved inside
the locks. Also, the call to start the stat accounting was redundant
which is now removed.
2. The timestamp wrap-around case when calculating residency did
not cater for AArch32. This is now fixed.
3. In the warm boot path, `plat_psci_stat_accounting_stop()` was
getting invoked prior to population of target power states. This
is now corrected.
Change-Id: I851526455304fb74ff0a724f4d5318cd89e19589
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
davidcunado-arm [Fri, 3 Nov 2017 13:12:48 +0000 (13:12 +0000)]
Merge pull request #1137 from soby-mathew/sm/arm_plat_en_gicv3_save
Enable GICv3 save for ARM platforms
Etienne Carriere [Thu, 2 Nov 2017 11:05:12 +0000 (12:05 +0100)]
qemu: update deprecated interrupt registering
Registered interrupts are configured in edge detection as the default
previous configuration assumed in previous code.
Not target mask required as Qemu BL31 will not send/route SGIs.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
davidcunado-arm [Wed, 1 Nov 2017 08:46:02 +0000 (08:46 +0000)]
Merge pull request #1150 from dp-arm/dp/events
aarch64: Add PubSub events to capture security state transitions
Roberto Vargas [Mon, 23 Oct 2017 07:22:17 +0000 (08:22 +0100)]
Fix usage of IMAGE_BLx macros
These macros are only defined for corresponding image,
and they are undefined for other images. It means that we have
to use ifdef or defined() instead of relying on being 0 by default.
Change-Id: Iad11efab9830ddf471599b46286e1c56581ef5a7
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas [Fri, 20 Oct 2017 09:46:23 +0000 (10:46 +0100)]
Always define ARM_TSP_RAM_LOCATION_ID
ARM_TSP_RAM_LOCATION_ID was defined only in AARCH64, but the macro
was also used in AARCH32, and it meant that it was taking the value 0,
which happened to equal ARM_TRUSTED_SRAM_ID.
Change-Id: If9f4dbee1a2ba15e7806f2a03305b554bd327363
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas [Fri, 20 Oct 2017 09:37:48 +0000 (10:37 +0100)]
Include debug.h in debug.S
debug.S was using macros defined in debug.h, but since it didn't
include it, these macros were taking the value 0, which means that
all the preprocessor conditionals were wrong.
Change-Id: If4ca81cc5a1662991589f914a2557ceff0eaaede
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
davidcunado-arm [Tue, 31 Oct 2017 23:23:56 +0000 (23:23 +0000)]
Merge pull request #1149 from robertovargas-arm/fwu-testing
Add FWU booting instructions to the user guide
davidcunado-arm [Tue, 31 Oct 2017 23:21:39 +0000 (23:21 +0000)]
Merge pull request #1141 from robertovargas-arm/boot_redundancy
Add platform hooks for boot redundancy support
Joel Hutton [Fri, 20 Oct 2017 09:31:14 +0000 (10:31 +0100)]
Change sizeof to use type of struct not function
Change sizeof call so it references a static type instead of return of
a function in order to be MISRA compliant.
Change-Id: I6f1adb206073d6cd200156e281b8d76249e3af0e
Signed-off-by: Joel Hutton <joel.hutton@arm.com>
Dimitris Papastamos [Fri, 13 Oct 2017 14:27:58 +0000 (15:27 +0100)]
aarch64: Add PubSub events to capture security state transitions
Add events that trigger before entry to normal/secure world. The
events trigger after the normal/secure context has been restored.
Similarly add events that trigger after leaving normal/secure world.
The events trigger after the normal/secure context has been saved.
Change-Id: I1b48a7ea005d56b1f25e2b5313d77e67d2f02bc5
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Roberto Vargas [Tue, 17 Oct 2017 09:19:00 +0000 (10:19 +0100)]
Add FWU booting instructions to the user guide
FWU uses additional images that have to be loaded,
and this patch adds the documentation of how to do
it in FVP and Juno.
Change-Id: I1a40641c11c5a4c8db0aadeaeb2bec30c9279e28
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
davidcunado-arm [Mon, 30 Oct 2017 16:56:07 +0000 (16:56 +0000)]
Merge pull request #1144 from geesun/qx/resize_bl2_size
Change the default option of ARM_TSP_RAM_LOCATION and Enlarge the BL2 size on ARM platforms
davidcunado-arm [Fri, 27 Oct 2017 00:07:39 +0000 (01:07 +0100)]
Merge pull request #1147 from etienne-lms/qemu-optee-load
qemu/optee: load OP-TEE pageable part 2MB above OP-TEE image
davidcunado-arm [Thu, 26 Oct 2017 15:10:36 +0000 (16:10 +0100)]
Merge pull request #1143 from etienne-lms/qemu-hpen
qemu: fix holding pen mailbox sequence
Etienne Carriere [Thu, 26 Oct 2017 10:05:01 +0000 (12:05 +0200)]
qemu/optee: load OP-TEE pageable part 2MB above OP-TEE image
OP-TEE dedicates the end of the Qemu secure DRAM as specific out-of-TEE
secure RAM. To support this configuration the trusted firmware should
not load OP-TEE resources in this area.
To overcome the issue, OP-TEE pageable image is now loaded 2MByte above
the secure RAM base address.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
davidcunado-arm [Thu, 26 Oct 2017 08:35:35 +0000 (09:35 +0100)]
Merge pull request #1138 from michpappas/tf-issues#526_qemu_does_not_support_TBB
qemu: Add support for Trusted Board Boot
Michalis Pappas [Wed, 18 Oct 2017 01:43:37 +0000 (09:43 +0800)]
qemu: Add support for Trusted Board Boot
This patch adds support for TBB to qemu. An RSA ROT keypair is generated at
build time and is included into BL1/BL2. The key and content certificates
are read over semihosting.
Fixes ARM-software/tf-issues#526
Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>
Qixiang Xu [Fri, 13 Oct 2017 01:23:42 +0000 (09:23 +0800)]
plat/arm: enlarge the BL2 size on Arm platforms when TBB is enabled
For Trusted Board Boot, BL2 needs more space to support the ECDSA
and ECDSA+RSA algorithms.
Change-Id: Ie7eda9a1315ce836dbc6d18d6588f8d17891a92d
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
Qixiang Xu [Fri, 13 Oct 2017 01:04:12 +0000 (09:04 +0800)]
plat/arm: change the default option of ARM_TSP_RAM_LOCATION
On Arm standard platforms, it runs out of SRAM space when TBB is
enabled, so the TSP default location is changed to dram when TBB
is enabled.
Change-Id: I516687013ad436ef454d2055d4e6fce06e467044
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
Roberto Vargas [Tue, 26 Sep 2017 11:53:01 +0000 (12:53 +0100)]
Add platform hooks for boot redundancy support
These hooks are intended to allow one platform to try load
images from alternative places. There is a hook to initialize
the sequence of boot locations and a hook to pass to the next
sequence.
Change-Id: Ia0f84c415208dc4fa4f9d060d58476db23efa5b2
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Etienne Carriere [Mon, 23 Oct 2017 23:09:52 +0000 (01:09 +0200)]
qemu: fix holding pen mailbox sequence
Before this change, plat_secondary_cold_boot_setup reads wake up mailbox
as a byte array but through 64bit accesses on unaligned 64bit addresses.
In the other hand qemu_pwr_domain_on wakes secondary cores by writing
into a 64bit array.
This change forces the 64bit mailbox format as PLAT_QEMU_HOLD_ENTRY_SIZE
explicitly specifies it.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
davidcunado-arm [Mon, 23 Oct 2017 15:45:59 +0000 (16:45 +0100)]
Merge pull request #1139 from hzhuang1/fix_edmac
Fix edmac