Dan Handley [Wed, 14 May 2014 16:44:19 +0000 (17:44 +0100)]
Split platform.h into separate headers
Previously, platform.h contained many declarations and definitions
used for different purposes. This file has been split so that:
* Platform definitions used by common code that must be defined
by the platform are now in platform_def.h. The exact include
path is exported through $PLAT_INCLUDES in the platform makefile.
* Platform definitions specific to the FVP platform are now in
/plat/fvp/fvp_def.h.
* Platform API declarations specific to the FVP platform are now
in /plat/fvp/fvp_private.h.
* The remaining platform API declarations that must be ported by
each platform are still in platform.h but this file has been
moved to /include/plat/common since this can be shared by all
platforms.
Change-Id: Ieb3bb22fbab3ee8027413c6b39a783534aee474a
Dan Handley [Wed, 14 May 2014 14:13:16 +0000 (15:13 +0100)]
Remove unused data declarations
Some data variables were declared but not used. These have been
removed.
Change-Id: I038632af3c32d88984cd25b886c43ff763269bf9
Dan Handley [Wed, 14 May 2014 11:38:32 +0000 (12:38 +0100)]
Remove extern keyword from function declarations
Function declarations implicitly have external linkage so do not
need the extern keyword.
Change-Id: Ia0549786796d8bf5956487e8996450a0b3d79f32
Andrew Thoelke [Fri, 23 May 2014 11:14:37 +0000 (12:14 +0100)]
Merge pull request #101 from sandrine-bailleux:sb/tf-issue-81-v2
Sandrine Bailleux [Wed, 21 May 2014 16:08:26 +0000 (17:08 +0100)]
doc: Update information about the memory layout
Rework the "Memory layout on FVP platforms" section in the Firmware
Design document. Add information about where the TSP image fits
in the memory layout when present.
Add documentation for the base addresses of each bootloader image
in the porting guide.
Change-Id: I4afb2605e008a1cb28c44a697804f2cb6bb4c9aa
Sandrine Bailleux [Thu, 22 May 2014 14:28:26 +0000 (15:28 +0100)]
Make the memory layout more flexible
Currently the platform code gets to define the base address of each
boot loader image. However, the linker scripts couteract this
flexibility by enforcing a fixed overall layout of the different
images. For example, they require that the BL3-1 image sits below
the BL2 image. Choosing BL3-1 and BL2 base addresses in such a way
that it violates this constraint makes the build fail at link-time.
This patch requires the platform code to now define a limit address
for each image. The linker scripts check that the image fits within
these bounds so they don't rely anymore on the position of a given
image in regard to the others.
Fixes ARM-software/tf-issues#163
Change-Id: I8c108646825da19a6a8dfb091b613e1dd4ae133c
Sandrine Bailleux [Thu, 22 May 2014 14:21:35 +0000 (15:21 +0100)]
Make BL1 RO and RW base addresses configurable
BL1 RO and RW base address used to be fixed, respectively to the first
address of the Trusted ROM and the first address of the Trusted RAM.
Introduce new platform defines to configure the BL1 RO and RW base
addresses.
Change-Id: If26616513a47798593a4bb845a4b0fb37c867cd6
Andrew Thoelke [Fri, 23 May 2014 10:00:04 +0000 (11:00 +0100)]
Merge pull request #104 from athoelke:at/tsp-entrypoints-v2
Andrew Thoelke [Fri, 23 May 2014 10:00:04 +0000 (11:00 +0100)]
Merge pull request #105 from athoelke:sm/support_normal_irq_in_tsp-v2
Andrew Thoelke [Fri, 23 May 2014 10:00:04 +0000 (11:00 +0100)]
Merge pull request #102 from achingupta:ag/tf-issues#104-v2
Andrew Thoelke [Fri, 23 May 2014 10:00:04 +0000 (11:00 +0100)]
Merge pull request #100 from jcastillo-arm:jc/tf-issues/149-v4
Andrew Thoelke [Fri, 23 May 2014 10:00:04 +0000 (11:00 +0100)]
Merge pull request #101 from sandrine-bailleux:sb/tf-issue-81-v2
Andrew Thoelke [Fri, 23 May 2014 10:00:04 +0000 (11:00 +0100)]
Merge pull request #103 from athoelke:dh/tf-issues#68-v3
Andrew Thoelke [Fri, 23 May 2014 10:00:04 +0000 (11:00 +0100)]
Merge pull request #99 from vikramkanigiri:vk/tf-issues-133_V3
Andrew Thoelke [Fri, 23 May 2014 10:00:04 +0000 (11:00 +0100)]
Merge pull request #67 from achingupta:ag/psci_standby_bug_fix
Andrew Thoelke [Thu, 22 May 2014 12:44:47 +0000 (13:44 +0100)]
Limit BL3-1 read/write access to SRAM
At present BL3-1 has access to all of the SRAM, including
regions that are mapped as read-only and non-cacheable by other
firmware images.
This patch restricts BL3-1 to only be able to read/write from
memory used for its own data sections
Change-Id: I26cda1b9ba803d91a9eacda768f3ce7032c6db94
Conflicts:
plat/fvp/bl31_plat_setup.c
Andrew Thoelke [Tue, 20 May 2014 20:43:27 +0000 (21:43 +0100)]
Use a vector table for TSP entrypoints
The TSP has a number of entrypoints used by the TSP on different
occasions. These were provided to the TSPD as a table of function
pointers, and required the TSPD to read the entry in the table,
which is in TSP memory, in order to program the exception return
address.
Ideally, the TSPD has no access to the TSP memory.
This patch changes the table of function pointers into a vector
table of single instruction entrypoints. This allows the TSPD to
calculate the entrypoint address instead of read it.
Fixes ARM-software/tf-issues#160
Change-Id: Iec6e055d537ade78a45799fbc6f43765a4725ad3
Soby Mathew [Fri, 9 May 2014 19:49:17 +0000 (20:49 +0100)]
Non-Secure Interrupt support during Standard SMC processing in TSP
Implements support for Non Secure Interrupts preempting the
Standard SMC call in EL1. Whenever an IRQ is trapped in the
Secure world we securely handover to the Normal world
to process the interrupt. The normal world then issues
"resume" smc call to resume the previous interrupted SMC call.
Fixes ARM-software/tf-issues#105
Change-Id: I72b760617dee27438754cdfc9fe9bcf4cc024858
Dan Handley [Tue, 15 Apr 2014 10:38:38 +0000 (11:38 +0100)]
Allow BL3-2 platform definitions to be optional
The generic image loading and IO FIP code no longer forces the
platform to create BL3-2 (Secure-EL1 Payload) specific
definitions. The BL3-2 loading code in bl2/bl2main.c is wrapped
by a #ifdef BL32_BASE blocks, allowing the BL3-2 definitions to
be optional. Similarly for the name_uuid array defintion in
drivers/io/io_fip.c.
Also update the porting guide to reflect this change.
The BL3-2 platform definitions remain non-configurably present
in the FVP port.
Fixes ARM-software/tf-issues#68
Change-Id: Iea28b4e94d87a31f5522f271e290919a8a955460
Achin Gupta [Fri, 9 May 2014 12:33:42 +0000 (13:33 +0100)]
Enable secure timer to generate S-EL1 interrupts
This patch enables secure physical timer during TSP initialisation and
maintains it across power management operations so that a timer
interrupt is generated every half second.
Fixes ARM-software/tf-issues#104
Fixes ARM-software/tf-issues#134
Change-Id: I66c6cfd24bd5e6035ba75ebf0f047e568770a369
Achin Gupta [Fri, 9 May 2014 12:21:31 +0000 (13:21 +0100)]
Add S-EL1 interrupt handling support in the TSPD
This patch adds support in the TSPD for registering a handler for
S-EL1 interrupts. This handler ferries the interrupts generated in the
non-secure state to the TSP at 'tsp_fiq_entry'. Support has been added
to the smc handler to resume execution in the non-secure state once
interrupt handling has been completed by the TSP.
There is also support for resuming execution in the normal world if
the TSP receives a EL3 interrupt. This code is currently unused.
Change-Id: I816732595a2635e299572965179f11aa0bf93b69
Achin Gupta [Fri, 9 May 2014 11:17:56 +0000 (12:17 +0100)]
Add support for asynchronous FIQ handling in TSP
This patch adds support in the TSP to handle FIQ interrupts that are
generated when execution is in the TSP. S-EL1 interrupt are handled
normally and execution resumes at the instruction where the exception
was originally taken. S-EL3 interrupts i.e. any interrupt not
recognized by the TSP are handed to the TSPD. Execution resumes
normally once such an interrupt has been handled at EL3.
Change-Id: Ia3ada9a4fb15670afcc12538a6456f21efe58a8f
Achin Gupta [Fri, 9 May 2014 10:42:56 +0000 (11:42 +0100)]
Add support for synchronous FIQ handling in TSP
This patch adds support in the TSP for handling S-EL1 interrupts
handed over by the TSPD. It includes GIC support in its platform port,
updates various statistics related to FIQ handling, exports an entry
point that the TSPD can use to hand over interrupts and defines the
handover protocol w.r.t what context is the TSP expected to preserve
and the state in which the entry point is invoked by the TSPD.
Change-Id: I93b22e5a8133400e4da366f5fc862f871038df39
Achin Gupta [Fri, 9 May 2014 11:00:17 +0000 (12:00 +0100)]
Use secure timer to generate S-EL1 interrupts
This patch adds support in the TSP to program the secure physical
generic timer to generate a EL-1 interrupt every half second. It also
adds support for maintaining the timer state across power management
operations. The TSPD ensures that S-EL1 can access the timer by
programming the SCR_EL3.ST bit.
This patch does not actually enable the timer. This will be done in a
subsequent patch once the complete framework for handling S-EL1
interrupts is in place.
Change-Id: I1b3985cfb50262f60824be3a51c6314ce90571bc
Achin Gupta [Fri, 9 May 2014 10:07:09 +0000 (11:07 +0100)]
Introduce interrupt handling framework in BL3-1
This patch adds a common handler for FIQ and IRQ exceptions in the
BL3-1 runtime exception vector table. This function determines the
interrupt type and calls its handler. A crash is reported if an
inconsistency in the interrupt management framework is detected. In
the event of a spurious interrupt, execution resumes from the
instruction where the interrupt was generated.
This patch also removes 'cm_macros.S' as its contents have been moved
to 'runtime_exceptions.S'
Change-Id: I3c85ecf8eaf43a3fac429b119ed0bd706d2e2093
Achin Gupta [Sun, 4 May 2014 18:02:52 +0000 (19:02 +0100)]
Introduce platform api to access an ARM GIC
This patch introduces a set of functions which allow generic firmware
code e.g. the interrupt management framework to access the platform
interrupt controller. APIs for finding the type and id of the highest
pending interrupt, acknowledging and EOIing an interrupt and finding
the security state of an interrupt have been added. It is assumed that
the platform interrupt controller implements the v2.0 of the ARM GIC
architecture specification. Support for v3.0 of the specification for
managing interrupts in EL3 and the platform port will be added in the
future.
Change-Id: Ib3a01c2cf3e3ab27806930f1be79db2b29f91bcf
Achin Gupta [Fri, 9 May 2014 09:03:15 +0000 (10:03 +0100)]
Introduce interrupt registration framework in BL3-1
This patch introduces a framework for registering interrupts routed to
EL3. The interrupt routing model is governed by the SCR_EL3.IRQ and
FIQ bits and the security state an interrupt is generated in. The
framework recognizes three type of interrupts depending upon which
exception level and security state they should be handled in
i.e. Secure EL1 interrupts, Non-secure interrupts and EL3
interrupts. It provides an API and macros that allow a runtime service
to register an handler for a type of interrupt and specify the routing
model. The framework validates the routing model and uses the context
management framework to ensure that it is applied to the SCR_EL3 prior
to entry into the target security state. It saves the handler in
internal data structures. An API is provided to retrieve the handler
when an interrupt of a particular type is asserted. Registration is
expected to be done once by the primary CPU. The same handler and
routing model is used for all CPUs.
Support for EL3 interrupts will be added to the framework in the
future. A makefile flag has been added to allow the FVP port choose
between ARM GIC v2 and v3 support in EL3. The latter version is
currently unsupported.
A framework for handling interrupts in BL3-1 will be introduced in
subsequent patches. The default routing model in the absence of any
handlers expects no interrupts to be routed to EL3.
Change-Id: Idf7c023b34fcd4800a5980f2bef85e4b5c29e649
Achin Gupta [Sun, 4 May 2014 17:38:28 +0000 (18:38 +0100)]
Add context library API to change a bit in SCR_EL3
This patch adds an API to write to any bit in the SCR_EL3 member of
the 'cpu_context' structure of the current CPU for a specified
security state. This API will be used in subsequent patches which
introduce interrupt management in EL3 to specify the interrupt routing
model when execution is not in EL3.
It also renames the cm_set_el3_elr() function to cm_set_elr_el3()
which is more in line with the system register name being targeted by
the API.
Change-Id: I310fa7d8f827ad3f350325eca2fb28cb350a85ed
Achin Gupta [Sun, 4 May 2014 17:23:26 +0000 (18:23 +0100)]
Rework 'state' field usage in per-cpu TSP context
This patch lays the foundation for using the per-cpu 'state' field in
the 'tsp_context' structure for other flags apart from the power state
of the TSP.
It allocates 2 bits for the power state, introduces the necessary
macros to manipulate the power state in the 'state' field and
accordingly reworks all use of the TSP_STATE_* states.
It also allocates a flag bit to determine if the TSP is handling a
standard SMC. If this flag is set then the TSP was interrupted due to
non-secure or EL3 interupt depending upon the chosen routing
model. Macros to get, set and clear this flag have been added as
well. This flag will be used by subsequent patches.
Change-Id: Ic6ee80bd5895812c83b35189cf2c3be70a9024a6
Sandrine Bailleux [Wed, 14 May 2014 15:45:27 +0000 (16:45 +0100)]
Doc: Add the "Building the Test Secure Payload" section
Add a section in the user guide explaining how to compile the TSP
image and include it into the FIP. This includes instructions to make
the TSP run from Trusted DRAM (rather than Trusted SRAM) on FVP.
Change-Id: I04780757a149eeb5482a12a61e821be947b882c0
Sandrine Bailleux [Tue, 20 May 2014 16:28:25 +0000 (17:28 +0100)]
fvp: Move TSP from Secure DRAM to Secure SRAM
The TSP used to execute from secure DRAM on the FVPs because there was
not enough space in Trusted SRAM to fit it in. Thanks to recent RAM
usage enhancements being implemented, we have made enough savings for
the TSP to execute in SRAM.
However, there is no contiguous free chunk of SRAM big enough to hold
the TSP. Therefore, the different bootloader images need to be moved
around to reduce memory fragmentation. This patch keeps the overall
memory layout (i.e. keeping BL1 R/W at the bottom, BL2 at the top and
BL3-1 in between) but moves the base addresses of all the bootloader
images in such a way that:
- memory fragmentation is reduced enough to fit BL3-2 in;
- new base addresses are suitable for release builds as well as debug
ones;
- each image has a few extra kilobytes for future growth.
BL3-1 and BL3-2 are the images which received the biggest slice
of the cake since they will most probably grow the most.
A few useful numbers for reference (valid at the time of this patch):
|-----------------------|-------------------------------
| image size (debug) | extra space for the future
--------|-----------------------|-------------------------------
BL1 R/W | 20 KB | 4 KB
BL2 | 44 KB | 4 KB
BL3-1 | 108 KB | 12 KB
BL3-2 | 56 KB | 8 KB
--------|-----------------------|-------------------------------
Total | 228 KB | 28 KB = 256 KB
--------|-----------------------|-------------------------------
Although on FVPs the TSP now executes from Trusted SRAM by default,
this patch keeps the option to execute it from Trusted DRAM. This is
controlled by the build configuration 'TSP_RAM_LOCATION'.
Fixes ARM-Software/tf-issues#81
Change-Id: Ifb9ef2befa9a2d5ac0813f7f79834df7af992b94
Sandrine Bailleux [Tue, 20 May 2014 16:22:24 +0000 (17:22 +0100)]
TSP: Let the platform decide which secure memory to use
The TSP's linker script used to assume that the TSP would
execute from secure DRAM. Although it is currently the case
on FVPs, platforms are free to use any secure memory they wish.
This patch introduces the flexibility to load the TSP into any
secure memory. The platform code gets to specify the extents of
this memory in the platform header file, as well as the BL3-2 image
limit address. The latter definition allows to check in a generic way
that the BL3-2 image fits in its bounds.
Change-Id: I9450f2d8b32d74bd00b6ce57a0a1542716ab449c
Juan Castillo [Fri, 16 May 2014 14:33:15 +0000 (15:33 +0100)]
Reserve some DDR DRAM for secure use on FVP platforms
TZC-400 is configured to set the last 16MB of DRAM1 as secure memory and
the rest of DRAM as non-secure. Non-secure software must not attempt to
access the 16MB secure area.
Device tree files (sources and binaries) have been updated to match this
configuration, removing that memory from the Linux physical memory map.
To use UEFI and Linux with this patch, the latest version of UEFI and
the updated device tree files are required. Check the user guide in the
documentation for more details.
Replaced magic numbers with #define for memory region definition in the
platform security initialization function.
Fixes ARM-software/tf-issues#149
Change-Id: Ia5d070244aae6c5288ea0e6c8e89d92859522bfe
Vikram Kanigiri [Thu, 24 Apr 2014 10:02:16 +0000 (11:02 +0100)]
Add support for BL3-1 as a reset vector
This change adds optional reset vector support to BL3-1
which means BL3-1 entry point can detect cold/warm boot,
initialise primary cpu, set up cci and mail box.
When using BL3-1 as a reset vector it is assumed that
the BL3-1 platform code can determine the location of
the BL3-2 images, or load them as there are no parameters
that can be passed to BL3-1 at reset.
It also fixes the incorrect initialisation of mailbox
registers on the FVP platform
This feature can be enabled by building the code with
make variable RESET_TO_BL31 set as 1
Fixes ARM-software/TF-issues#133
Fixes ARM-software/TF-issues#20
Change-Id: I4e23939b1c518614b899f549f1e8d412538ee570
Vikram Kanigiri [Fri, 16 May 2014 17:48:12 +0000 (18:48 +0100)]
Rework memory information passing to BL3-x images
The issues addressed in this patch are:
1. Remove meminfo_t from the common interfaces in BL3-x,
expecting that platform code will find a suitable mechanism
to determine the memory extents in these images and provide
it to the BL3-x images.
2. Remove meminfo_t and bl31_plat_params_t from all FVP BL3-x
code as the images use link-time information to determine
memory extents.
meminfo_t is still used by common interface in BL1/BL2 for
loading images
Change-Id: I4e825ebf6f515b59d84dc2bdddf6edbf15e2d60f
Vikram Kanigiri [Tue, 15 Apr 2014 17:08:08 +0000 (18:08 +0100)]
Populate BL31 input parameters as per new spec
This patch is based on spec published at
https://github.com/ARM-software/tf-issues/issues/133
It rearranges the bl31_args struct into
bl31_params and bl31_plat_params which provide the
information needed for Trusted firmware and platform
specific data via x0 and x1
On the FVP platform BL3-1 params and BL3-1 plat params
and its constituents are stored at the start of TZDRAM.
The information about memory availability and size for
BL3-1, BL3-2 and BL3-3 is moved into platform specific data.
Change-Id: I8b32057a3d0dd3968ea26c2541a0714177820da9
Vikram Kanigiri [Thu, 15 May 2014 17:27:15 +0000 (18:27 +0100)]
Rework handover interface between BL stages
This patch reworks the handover interface from: BL1 to BL2 and
BL2 to BL3-1. It removes the raise_el(), change_el(), drop_el()
and run_image() functions as they catered for code paths that were
never exercised.
BL1 calls bl1_run_bl2() to jump into BL2 instead of doing the same
by calling run_image(). Similarly, BL2 issues the SMC to transfer
execution to BL3-1 through BL1 directly. Only x0 and x1 are used
to pass arguments to BL31. These arguments and parameters for
running BL3-1 are passed through a reference to a
'el_change_info_t' structure. They were being passed value in
general purpose registers earlier.
Change-Id: Id4fd019a19a9595de063766d4a66295a2c9307e1
Vikram Kanigiri [Tue, 13 May 2014 13:42:08 +0000 (14:42 +0100)]
Introduce macros to manipulate the SPSR
This patch introduces macros (SPSR_64 and SPSR_32) to
create a SPSR for both aarch32 and aarch64 execution
states. These macros allow the user to set fields
in the SPSR depending upon its format.
The make_spsr() function which did not allow
manipulation of all the fields in the aarch32 SPSR
has been replaced by these new macros.
Change-Id: I9425dda0923e8d5f03d03ddb8fa0e28392c4c61e
Andrew Thoelke [Thu, 22 May 2014 11:31:20 +0000 (12:31 +0100)]
Merge pull request #91 from linmaonly/lin_dev
Address issue 156: 64-bit addresses get truncated
Andrew Thoelke [Thu, 22 May 2014 11:30:37 +0000 (12:30 +0100)]
Merge pull request #83 from athoelke/at/tf-issues-126
Set SCR_EL3.RW correctly before exiting bl31_main
Andrew Thoelke [Thu, 22 May 2014 11:28:05 +0000 (12:28 +0100)]
Merge pull request #85 from hliebel/hl/bl30-doc
Improve BL3-0 documentation
Lin Ma [Tue, 20 May 2014 18:25:55 +0000 (11:25 -0700)]
Address issue 156: 64-bit addresses get truncated
Addresses were declared as "unsigned int" in drivers/arm/peripherals/pl011/pl011.h and in function init_xlation_table. Changed to use "unsigned long" instead
Fixes ARM-software/tf-issues#156
Harry Liebel [Thu, 1 May 2014 13:09:16 +0000 (14:09 +0100)]
Improve BL3-0 documentation
Provide some information about the expected use of BL3-0.
Fixes ARM-software/tf-issues#144
Change-Id: I5c8d59a675578394be89481ae4ec39ca37522750
Andrew Thoelke [Mon, 19 May 2014 11:54:05 +0000 (12:54 +0100)]
Merge pull request #78 from jeenuv:tf-issues-148
Jeenu Viswambharan [Mon, 12 May 2014 14:28:47 +0000 (15:28 +0100)]
Add build configuration for timer save/restore
At present, non-secure timer register contents are saved and restored as
part of world switch by BL3-1. This effectively means that the
non-secure timer stops, and non-secure timer interrupts are prevented
from asserting until BL3-1 switches back, introducing latency for
non-secure services. Often, secure world might depend on alternate
sources for secure interrupts (secure timer or platform timer) instead
of non-secure timers, in which case this save and restore is
unnecessary.
This patch introduces a boolean build-time configuration NS_TIMER_SWITCH
to choose whether or not to save and restore non-secure timer registers
upon world switch. The default choice is made not to save and restore
them.
Fixes ARM-software/tf-issues#148
Change-Id: I1b9d623606acb9797c3e0b02fb5ec7c0a414f37e
Jeenu Viswambharan [Thu, 15 May 2014 13:47:21 +0000 (14:47 +0100)]
Document summary of build options in user guide
Change-Id: I6bd077955bf3780168a874705974bbe72ea0f5f1
Jeenu Viswambharan [Thu, 15 May 2014 13:40:58 +0000 (14:40 +0100)]
Reorganize build options
At present, various build options are initialized at various places in
the Makefile. This patch gathers all build option declarations at the
top of the Makefile and assigns them default values.
Change-Id: I9f527bc8843bf69c00cb754dc60377bdb407a951
Jeenu Viswambharan [Fri, 16 May 2014 10:38:10 +0000 (11:38 +0100)]
Introduce convenience functions to build
This patch introduces two convenience functions to the build system:
- assert_boolean: asserts that a given option is assigned either 0 or
1 as values
- add_define: helps add/append macro definitions to build tool command
line. This also introduces the variable DEFINES which is used to
collect and pass all relevant configurations to build tools
Change-Id: I3126894b034470d39858ebb3bd183bda681c7126
Andrew Thoelke [Fri, 16 May 2014 14:38:04 +0000 (15:38 +0100)]
Set SCR_EL3.RW correctly before exiting bl31_main
SCR_EL3.RW was not updated immediately before exiting bl31_main() and
running BL3-3. If a AArch32 Secure-EL1 Payload had just been
initialised, then the SCR_EL3.RW bit would be left indicating a
32-bit BL3-3, which may not be correct.
This patch explicitly sets SCR_EL3.RW appropriately based on the
provided SPSR_EL3 value for the BL3-3 image.
Fixes ARM-software/tf-issues#126
Change-Id: Ic7716fe8bc87e577c4bfaeb46702e88deedd9895
Soby Mathew [Mon, 7 Apr 2014 14:28:55 +0000 (15:28 +0100)]
Rework BL3-1 unhandled exception handling and reporting
This patch implements the register reporting when unhandled exceptions are
taken in BL3-1. Unhandled exceptions will result in a dump of registers
to the console, before halting execution by that CPU. The Crash Stack,
previously called the Exception Stack, is used for this activity.
This stack is used to preserve the CPU context and runtime stack
contents for debugging and analysis.
This also introduces the per_cpu_ptr_cache, referenced by tpidr_el3,
to provide easy access to some of BL3-1 per-cpu data structures.
Initially, this is used to provide a pointer to the Crash stack.
panic() now prints the the error file and line number in Debug mode
and prints the PC value in release mode.
The Exception Stack is renamed to Crash Stack with this patch.
The original intention of exception stack is no longer valid
since we intend to support several valid exceptions like IRQ
and FIQ in the trusted firmware context. This stack is now
utilized for dumping and reporting the system state when a
crash happens and hence the rename.
Fixes ARM-software/tf-issues#79 Improve reporting of unhandled exception
Change-Id: I260791dc05536b78547412d147193cdccae7811a
Andrew Thoelke [Fri, 16 May 2014 11:27:33 +0000 (12:27 +0100)]
Merge pull request #71 from sandrine-bailleux:sb/fix-tsp-fvp-makefile
Andrew Thoelke [Fri, 16 May 2014 11:26:26 +0000 (12:26 +0100)]
Merge pull request #69 from sandrine-bailleux:sb/split-mmu-fcts-per-el
Andrew Thoelke [Fri, 16 May 2014 11:02:12 +0000 (12:02 +0100)]
Merge pull request #68 from jcastillo-arm/jc/tf-issues/137
Change-Id: If8744c38c2d5c50caa7454b055e2ba418cf1e8bf
danh-arm [Fri, 16 May 2014 08:12:25 +0000 (09:12 +0100)]
Merge pull request #66 from athoelke/tzc-config-fix
Fixes for TZC configuration on FVP
Sandrine Bailleux [Tue, 13 May 2014 15:41:25 +0000 (16:41 +0100)]
fvp: Use the right implem. of plat_report_exception() in BL3-2
On FVP, the file 'plat/fvp/aarch64/plat_helpers.S' contains an
FVP-specific implementation of the function 'plat_report_exception()',
which is meant to override the default implementation. However, this
file was not included into the BL3-2 image, meaning it was still
using the default implementation. This patch fixes the FVP makefile
to compile this file in.
Change-Id: I3d44b9ec3a9de7e2762e0887d3599b185d3e28d2
Juan Castillo [Mon, 28 Apr 2014 11:48:40 +0000 (12:48 +0100)]
Fix C accessors to GIC distributor registers with set/clear semantics
This patch fixes C accessors to GIC registers that follow a set/clear
semantic to change the state of an interrupt, instead of read/write/modify.
These registers are:
Set-Enable
Clear-Enable
Set-Pending
Clear-Pending
Set-Active
Clear-Active
For instance, to enable an interrupt we write a one to the corresponding bit
in the Set-Enable register, whereas to disable it we write a one to the
corresponding bit in the Clear-Enable register.
Fixes ARM-software/tf-issues#137
Change-Id: I3b66bad94d0b28e0fe08c9042bac0bf5ffa07944
Achin Gupta [Fri, 9 May 2014 18:32:25 +0000 (19:32 +0100)]
Fix broken standby state implementation in PSCI
This patch fixes the broken support for entry into standby states
introduced under commit-id '
d118f9f864' (tf-issues#94). Upon exit from
the platform defined standby state instead of returning to the caller
of the SMC, execution would get stuck in the wfi instruction meant for
entering a power down state. This patch ensures that exit from a
standby state and entry into a power down state do not interfere with
each other.
Fixes ARM-software/tf-issues#154
Change-Id: I56e5df353368e44d6eefc94ffedefe21929f5cfe
Andrew Thoelke [Fri, 9 May 2014 14:36:13 +0000 (15:36 +0100)]
Fixes for TZC configuration on FVP
The TZC configuration on FVP was incorrectly allowing both secure
and non-secure accesses to the DRAM, which can cause aliasing
problems for software. It was also not enabling virtio access on
some models.
This patch fixes both of those issues. The patch also enabless
non-secure access to the DDR RAM for all devices with defined IDs.
The third region of DDR RAM has been removed from the configuration
as this is not used in any of the FVP models.
Fixes ARM-software/tf-issues#150
Fixes ARM-software/tf-issues#151
Change-Id: I60ad5daaf55e14f178affb8afd95d17e7537abd7
Sandrine Bailleux [Fri, 9 May 2014 10:35:36 +0000 (11:35 +0100)]
fvp: Provide per-EL MMU setup functions
Instead of having a single version of the MMU setup functions for all
bootloader images that can execute either in EL3 or in EL1, provide
separate functions for EL1 and EL3. Each bootloader image can then
call the appropriate version of these functions. The aim is to reduce
the amount of code compiled in each BL image by embedding only what's
needed (e.g. BL1 to embed only EL3 variants).
Change-Id: Ib86831d5450cf778ae78c9c1f7553fe91274c2fa
Sandrine Bailleux [Fri, 9 May 2014 10:23:11 +0000 (11:23 +0100)]
Introduce IS_IN_ELX() macros
The goal of these macros is to improve code readability by providing
a concise way to check whether we are running in the expected
exception level.
Change-Id: If9aebadfb6299a5196e9a582b442f0971d9909b1
danh-arm [Thu, 8 May 2014 11:27:15 +0000 (12:27 +0100)]
Merge pull request #65 from vikramkanigiri/vk/console_init
Ensure a console is initialized before it is used
danh-arm [Thu, 8 May 2014 11:25:02 +0000 (12:25 +0100)]
Merge pull request #63 from soby-mathew/sm/save_callee_saved_registers_in_cpu_context-1
Preserve x19-x29 across world switch for exception handling
Vikram Kanigiri [Thu, 27 Mar 2014 14:33:15 +0000 (14:33 +0000)]
Ensure a console is initialized before it is used
This patch moves console_init() to bl32_early_platform_setup(). It
also ensures that console_init() is called in each
blX_early_platform_setup() function before the console is used
e.g. through a printf call in an assert() statement.
Fixes ARM-software/TF-issues#127
Change-Id: I5b1f17e0152bab674d807d2a95ff3689c5d4794e
danh-arm [Thu, 8 May 2014 11:01:24 +0000 (12:01 +0100)]
Merge pull request #62 from athoelke/set-little-endian-v2
Set processor endianness immediately after RESET v2
Soby Mathew [Wed, 30 Apr 2014 14:36:37 +0000 (15:36 +0100)]
Preserve x19-x29 across world switch for exception handling
Previously exception handlers in BL3-1, X19-X29 were not saved
and restored on every SMC/trap into EL3. Instead these registers
were 'saved as needed' as a side effect of the A64 ABI used by the C
compiler.
That approach failed when world switching but was not visible
with the TSP/TSPD code because the TSP is 64-bit, did not
clobber these registers when running and did not support pre-emption
by normal world interrupts. These scenarios showed
that the values in these registers can be passed through a world
switch, which broke the normal and trusted world assumptions
about these registers being preserved.
The Ideal solution saves and restores these registers when a
world switch occurs - but that type of implementation is more complex.
So this patch always saves and restores these registers on entry and
exit of EL3.
Fixes ARM-software/tf-issues#141
Change-Id: I9a727167bbc594454e81cf78a97ca899dfb11c27
danh-arm [Thu, 8 May 2014 11:01:10 +0000 (12:01 +0100)]
Merge pull request #58 from athoelke/optimise-cache-flush-v2
Optimise data cache clean/invalidate operation v2
danh-arm [Thu, 8 May 2014 11:00:10 +0000 (12:00 +0100)]
Merge pull request #61 from athoelke/use-mrs-msr-from-assembler-v2
Use MRS/MSR instructions in assembler code v2
danh-arm [Thu, 8 May 2014 10:55:19 +0000 (11:55 +0100)]
Merge pull request #60 from athoelke/disable-mmu-v2
Replace disable_mmu with assembler version v2
danh-arm [Thu, 8 May 2014 10:55:13 +0000 (11:55 +0100)]
Merge pull request #59 from athoelke/review-barriers-v2
Correct usage of data and instruction barriers v2
danh-arm [Thu, 8 May 2014 09:13:01 +0000 (10:13 +0100)]
Merge pull request #57 from sandrine-bailleux/sb/remove-pl011-base
Remove unused 'PL011_BASE' macro
Sandrine Bailleux [Tue, 6 May 2014 12:25:37 +0000 (13:25 +0100)]
Remove unused 'PL011_BASE' macro
'PL011_BASE' macro is no longer used because the right UART base
address is now directly given to the 'console_init()' function.
This patch removes it.
Change-Id: I94759c99602df4876291a56f9f6a75de337a65ec
Andrew Thoelke [Fri, 25 Apr 2014 09:49:30 +0000 (10:49 +0100)]
Optimise data cache clean/invalidate operation
The data cache clean and invalidate operations dcsw_op_all()
and dcsw_op_loius() were implemented to invoke a DSB and ISB
barrier for every set/way operation. This adds a substantial
performance penalty to an already expensive operation.
These functions have been reworked to provide an optimised
implementation derived from the code in section D3.4 of the
ARMv8 ARM. The helper macro setup_dcsw_op_args has been moved
and reworked alongside the implementation.
Fixes ARM-software/tf-issues#146
Change-Id: Icd5df57816a83f0a842fce935320a369f7465c7f
Andrew Thoelke [Mon, 28 Apr 2014 11:33:52 +0000 (12:33 +0100)]
Remove unused or invalid asm helper functions
There are a small number of non-EL specific helper functions
which are no longer used, and also some unusable helper
functions for non-existant registers.
This change removes all of these functions.
Change-Id: Idd656cef3b59cf5c46fe2be4029d72288b649c24
Andrew Thoelke [Mon, 28 Apr 2014 11:32:02 +0000 (12:32 +0100)]
Access system registers directly in assembler
Instead of using the system register helper functions to read
or write system registers, assembler coded functions should
use MRS/MSR instructions. This results in faster and more
compact code.
This change replaces all usage of the helper functions with
direct register accesses.
Change-Id: I791d5f11f257010bb3e6a72c6c5ab8779f1982b3
Andrew Thoelke [Mon, 28 Apr 2014 11:06:18 +0000 (12:06 +0100)]
Replace disable_mmu with assembler version
disable_mmu() cannot work as a C function as there is no control
over data accesses generated by the compiler between disabling and
cleaning the data cache. This results in reading stale data from
main memory.
As assembler version is provided for EL3, and a variant that also
disables the instruction cache which is now used by the BL1
exception handling function.
Fixes ARM-software/tf-issues#147
Change-Id: I0cf394d2579a125a23c2f2989c2e92ace6ddb1a6
Andrew Thoelke [Mon, 28 Apr 2014 11:28:39 +0000 (12:28 +0100)]
Correct usage of data and instruction barriers
The current code does not always use data and instruction
barriers as required by the architecture and frequently uses
barriers excessively due to their inclusion in all of the
write_*() helper functions.
Barriers should be used explicitly in assembler or C code
when modifying processor state that requires the barriers in
order to enable review of correctness of the code.
This patch removes the barriers from the helper functions and
introduces them as necessary elsewhere in the code.
PORTING NOTE: check any port of Trusted Firmware for use of
system register helper functions for reliance on the previous
barrier behaviour and add explicit barriers as necessary.
Fixes ARM-software/tf-issues#92
Change-Id: Ie63e187404ff10e0bdcb39292dd9066cb84c53bf
Andrew Thoelke [Thu, 24 Apr 2014 14:33:24 +0000 (15:33 +0100)]
Set processor endianness immediately after RESET
SCTLR_EL3.EE is being configured too late in bl1_arch_setup() and
bl31_arch_setup() after data accesses have already occured on
the cold and warm boot paths.
This control bit must be configured immediately on CPU reset to
match the endian state of the firmware (little endian).
Fixes ARM-software/tf-issues#145
Change-Id: Ie12e46fbbed6baf024c30beb50751591bb8c8655
danh-arm [Tue, 6 May 2014 16:57:34 +0000 (17:57 +0100)]
Merge pull request #49 from danh-arm/dh/remove-non-const-data
Remove variables from .data section
Dan Handley [Wed, 23 Apr 2014 12:47:06 +0000 (13:47 +0100)]
Remove variables from .data section
Update code base to remove variables from the .data section,
mainly by using const static data where possible and adding
the const specifier as required. Most changes are to the IO
subsystem, including the framework APIs. The FVP power
management code is also affected.
Delay initialization of the global static variable,
next_image_type in bl31_main.c, until it is realy needed.
Doing this moves the variable from the .data to the .bss
section.
Also review the IO interface for inconsistencies, using
uintptr_t where possible instead of void *. Remove the
io_handle and io_dev_handle typedefs, which were
unnecessary, replacing instances with uintptr_t.
Fixes ARM-software/tf-issues#107.
Change-Id: I085a62197c82410b566e4698e5590063563ed304
danh-arm [Tue, 6 May 2014 16:54:03 +0000 (17:54 +0100)]
Merge pull request #48 from danh-arm/dh/major-refactoring
dh/major refactoring
Dan Handley [Wed, 9 Apr 2014 12:14:54 +0000 (13:14 +0100)]
Reduce deep nesting of header files
Reduce the number of header files included from other header
files as much as possible without splitting the files. Use forward
declarations where possible. This allows removal of some unnecessary
"#ifndef __ASSEMBLY__" statements.
Also, review the .c and .S files for which header files really need
including and reorder the #include statements alphabetically.
Fixes ARM-software/tf-issues#31
Change-Id: Iec92fb976334c77453e010b60bcf56f3be72bd3e
Dan Handley [Thu, 10 Apr 2014 14:37:22 +0000 (15:37 +0100)]
Always use named structs in header files
Add tag names to all unnamed structs in header files. This
allows forward declaration of structs, which is necessary to
reduce header file nesting (to be implemented in a subsequent
commit).
Also change the typedef names across the codebase to use the _t
suffix to be more conformant with the Linux coding style. The
coding style actually prefers us not to use typedefs at all but
this is considered a step too far for Trusted Firmware.
Also change the IO framework structs defintions to use typedef'd
structs to be consistent with the rest of the codebase.
Change-Id: I722b2c86fc0d92e4da3b15e5cab20373dd26786f
Dan Handley [Wed, 23 Apr 2014 14:22:18 +0000 (15:22 +0100)]
Move PSCI global functions out of private header
Move the PSCI global functions out of psci_private.h and into
psci.h to allow the standard service to only depend on psci.h.
Change-Id: I8306924a3814b46e70c1dcc12524c7aefe06eed1
Dan Handley [Thu, 17 Apr 2014 17:53:42 +0000 (18:53 +0100)]
Separate BL functions out of arch.h
Move the BL function prototypes out of arch.h and into the
appropriate header files to allow more efficient header file
inclusion. Create new BL private header files where there is no
sensible existing header file.
Change-Id: I45f3e10b72b5d835254a6f25a5e47cf4cfb274c3
Dan Handley [Thu, 17 Apr 2014 16:48:52 +0000 (17:48 +0100)]
Refactor GIC header files
Move the function prototypes from gic.h into either gic_v2.h or
gic_v3.h as appropriate. Update the source files to include the
correct headers.
Change-Id: I368cfda175cdcbd3a68f46e2332738ec49048e19
Dan Handley [Thu, 17 Apr 2014 16:29:58 +0000 (17:29 +0100)]
Separate out CASSERT macro into own header
Separate out the CASSERT macro out of bl_common.h into its own
header to allow more efficient header inclusion.
Change-Id: I291be0b6b8f9879645e839a8f0dd1ec9b3db9639
Dan Handley [Tue, 15 Apr 2014 17:20:09 +0000 (18:20 +0100)]
Remove vpath usage in makefiles
Remove all usage of the vpath keyword in makefiles as it was prone
to mistakes. Specify the relative paths to source files instead.
Also reorder source files in makefiles alphabetically.
Fixes ARM-software/tf-issues#121
Change-Id: Id15f60655444bae60e0e2165259efac71a50928b
Dan Handley [Wed, 9 Apr 2014 12:13:04 +0000 (13:13 +0100)]
Make use of user/system includes more consistent
Make codebase consistent in its use of #include "" syntax for
user includes and #include <> syntax for system includes.
Fixes ARM-software/tf-issues#65
Change-Id: If2f7c4885173b1fd05ac2cde5f1c8a07000c7a33
Dan Handley [Fri, 11 Apr 2014 10:52:12 +0000 (11:52 +0100)]
Move FVP power driver to FVP platform
Move the FVP power driver to a directory under the FVP platform
port as this is not a generically usable driver.
Change-Id: Ibc78bd88752eb3e3964336741488349ac345f4f0
Dan Handley [Wed, 9 Apr 2014 11:48:25 +0000 (12:48 +0100)]
Move include and source files to logical locations
Move almost all system include files to a logical sub-directory
under ./include. The only remaining system include directories
not under ./include are specific to the platform. Move the
corresponding source files to match the include directory
structure.
Also remove pm.h as it is no longer used.
Change-Id: Ie5ea6368ec5fad459f3e8a802ad129135527f0b3
achingupta [Thu, 1 May 2014 12:16:33 +0000 (13:16 +0100)]
Merge pull request #50 from vikramkanigiri/vk/tf-issues#26
Preserve PSCI cpu_suspend 'power_state' parameter.
Vikram Kanigiri [Tue, 1 Apr 2014 18:26:26 +0000 (19:26 +0100)]
Preserve PSCI cpu_suspend 'power_state' parameter.
This patch saves the 'power_state' parameter prior to suspending
a cpu and invalidates it upon its resumption. The 'affinity level'
and 'state id' fields of this parameter can be read using a set of
public and private apis. Validation of power state parameter is
introduced which checks for SBZ bits are zero.
This change also takes care of flushing the parameter from the cache
to main memory. This ensures that it is available after cpu reset
when the caches and mmu are turned off. The earlier support for
saving only the 'affinity level' field of the 'power_state' parameter
has also been reworked.
Fixes ARM-Software/tf-issues#26
Fixes ARM-Software/tf-issues#130
Change-Id: Ic007ccb5e39bf01e0b67390565d3b4be33f5960a
danh-arm [Thu, 24 Apr 2014 18:38:28 +0000 (19:38 +0100)]
Merge pull request #33 from hliebel/hl/secure-memory
Hl/secure memory
Harry Liebel [Tue, 1 Apr 2014 18:28:07 +0000 (19:28 +0100)]
FVP secure memory support documentation
Fixes ARM-software/tf-issues#64
Change-Id: I4e56c25f9dc7f486fbf6fa2f7d8253874119b989
Harry Liebel [Tue, 1 Apr 2014 18:27:38 +0000 (19:27 +0100)]
Enable secure memory support for FVPs
- Use the TrustZone controller on Base FVP to program DRAM access
permissions. By default no access to DRAM is allowed if
'secure memory' is enabled on the Base FVP.
- The Foundation FVP does not have a TrustZone controller but instead
has fixed access permissions.
- Update FDTs for Linux to use timers at the correct security level.
- Starting the FVPs with 'secure memory' disabled is also supported.
Limitations:
Virtio currently uses a reserved NSAID. This will be corrected in
future FVP releases.
Change-Id: I0b6c003a7b5982267815f62bcf6eb82aa4c50a31
Harry Liebel [Tue, 1 Apr 2014 18:19:22 +0000 (19:19 +0100)]
Add TrustZone (TZC-400) driver
The TZC-400 performs security checks on transactions to memory or
peripherals. Separate regions can be created in the address space each
with individual security settings.
Limitations:
This driver does not currently support raising an interrupt on access
violation.
Change-Id: Idf8ed64b4d8d218fc9b6f9d75acdb2cd441d2449
danh-arm [Tue, 22 Apr 2014 10:02:13 +0000 (11:02 +0100)]
Merge pull request #43 from danh-arm/dh/tf-issues#129
Move console.c to pl011 specific driver location
danh-arm [Tue, 22 Apr 2014 10:01:58 +0000 (11:01 +0100)]
Merge pull request #44 from danh-arm/dh/tf-issues#136
Remove redundant code from bl1_plat_helpers.S
danh-arm [Wed, 16 Apr 2014 16:20:11 +0000 (17:20 +0100)]
Merge pull request #45 from danh-arm/dh/tf-issues#114
Rename FVP "mmap" array to avoid name confusion
Dan Handley [Tue, 15 Apr 2014 11:25:28 +0000 (12:25 +0100)]
Remove redundant code from bl1_plat_helpers.S
Remove redundant code in plat_secondary_cold_boot_setup() in
plat/fvp/aarch64/bl1_plat_helpers.S.
Fixes ARM-software/tf-issues#136
Change-Id: I98c0a46d95cfea33125e34e609c83dc2c97cd86e