Masahiro Yamada [Thu, 26 Jan 2017 18:56:58 +0000 (03:56 +0900)]
fiptool: embed fip_toc_entry in struct image
The struct image has "uuid" and "size" to memorize the field values
they had in the TOC entry. So, parse_fip() copies them from struct
fip_toc_entry to struct image, then pack_images() copies them back
to struct fip_toc_entry.
The next commit (support --align option) will require to save the
"offset" field as well. This makes me realize that struct image
can embed struct fip_toc_entry.
This commit will allow the "flags" field to persevere the "update"
command. At this moment, the "flags" is not used in a useful way.
(Yet, platforms can save their own parameters in the flags field.)
It makes sense to save it unless users explicitly replace the image.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada [Thu, 26 Jan 2017 18:54:02 +0000 (03:54 +0900)]
fiptool: add xfwrite() helper
We have same patterns for fwrite().
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada [Thu, 12 Jan 2017 17:13:06 +0000 (02:13 +0900)]
fiptool: fix the global option in usage
The global option --verbose should come after the "fiptool".
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada [Sat, 14 Jan 2017 02:04:36 +0000 (11:04 +0900)]
fiptool: simplify the top line of command usage
We need not mention like [--force], [--out <path>] because they are
included in [opts].
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada [Fri, 27 Jan 2017 04:31:40 +0000 (13:31 +0900)]
fiptool: refactor remove_image()
We need not handle the image_head as a special case. Just use
a double-pointer to simplify the traverse.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada [Fri, 27 Jan 2017 03:53:13 +0000 (12:53 +0900)]
fiptool: simplify assert() for add_image(_desc)
lookup_image(_desc)_from_uuid() traverses the linked list, so it
is not efficient. We just want to make sure *p points to NULL here.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada [Fri, 27 Jan 2017 02:57:54 +0000 (11:57 +0900)]
fiptool: revive replace_image() to keep the image order by update command
Commit
e0f083a09b29 ("fiptool: Prepare ground for expanding the set
of images at runtime") introduced another side effect; the "update"
command now changes the image order in the FIP.
Let's say you have an FIP with BL2, BL31, BL32, BL33. If you update
for example, BL32 with the "update" command, you will get a new FIP
with BL2, BL31, BL33, BL32, in this order.
It happens like this; remove_image() removes the old image from the
linked list, add_image() adds the new image at the tail of the list,
then images are packed in the new order. Prior to that commit,
images were updated by replace_image(), but it was deleted by the
re-work. Revive replace_image() that is re-implemented to work with
the linked list.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada [Sun, 15 Jan 2017 14:20:00 +0000 (23:20 +0900)]
fiptool: remove always true conditional
The conditional
if (desc != NULL)
...
is always true here because we assert it 6 lines above:
assert(desc != NULL);
Remove the if-conditional and concatenate the printf() calls.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada [Sun, 25 Dec 2016 03:41:41 +0000 (12:41 +0900)]
fiptool: fix existence check of FIP input file for update command
This line should check the existence of the input file, but it is
actually checking the output file. When -o option is given to the
"update" command, the outfile is unlikely to exist, then parse_fip()
is skipped and an empty FIP file is output. This is wrong behavior.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
danh-arm [Thu, 26 Jan 2017 14:50:34 +0000 (14:50 +0000)]
Merge pull request #814 from freedomtan/patches-for-8173-crbook-osi-0110
Patches for 8173 crbook
danh-arm [Tue, 24 Jan 2017 16:30:56 +0000 (16:30 +0000)]
Merge pull request #817 from antonio-nino-diaz-arm/an/timingsafe
Import constant-time bcmp() and use it where necessary
Antonio Nino Diaz [Fri, 13 Jan 2017 13:53:32 +0000 (13:53 +0000)]
tbbr: Use constant-time bcmp() to compare hashes
To avoid timing side-channel attacks, it is needed to use a constant
time memory comparison function when comparing hashes. The affected
code only cheks for equality so it isn't needed to use any variant of
memcmp(), bcmp() is enough.
Also, timingsafe_bcmp() is as fast as memcmp() when the two compared
regions are equal, so this change incurrs no performance hit in said
case. In case they are unequal, the boot sequence wouldn't continue as
normal, so performance is not an issue.
Change-Id: I1c7c70ddfa4438e6031c8814411fef79fd3bb4df
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz [Mon, 16 Jan 2017 13:25:38 +0000 (13:25 +0000)]
stdlib: Import timingsafe_bcmp() from FreeBSD
Some side-channel attacks involve an attacker inferring something from
the time taken for a memory compare operation to complete, for example
when comparing hashes during image authentication. To mitigate this,
timingsafe_bcmp() must be used for such operations instead of the
standard memcmp().
This function executes in constant time and so doesn't leak any timing
information to the caller.
Change-Id: I470a723dc3626a0ee6d5e3f7fd48d0a57b8aa5fd
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
danh-arm [Tue, 24 Jan 2017 14:28:19 +0000 (14:28 +0000)]
Merge pull request #818 from sandrine-bailleux-arm/sb/strnlen
Add strnlen() to local C library
Sandrine Bailleux [Tue, 24 Jan 2017 10:18:01 +0000 (10:18 +0000)]
Add strnlen() to local C library
This code has been imported and slightly adapted from FreeBSD:
https://github.com/freebsd/freebsd/blob/
6253393ad8df55730481bf2aafd76bdd6182e2f5/lib/libc/string/strnlen.c
Change-Id: Ie5ef5f92e6e904adb88f8628077fdf1d27470eb3
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Koan-Sin Tan [Mon, 18 Apr 2016 09:20:05 +0000 (17:20 +0800)]
Remove use of all deprecated APIs
Now it's possbile to build BL31 for MT8173 with ERROR_DEPRECATED=1.
Signed-off-by: Koan-Sin Tan <koansin.tan@gmail.com>
Koan-Sin Tan [Mon, 18 Apr 2016 07:17:57 +0000 (15:17 +0800)]
Get rid of use of old GIC APIs
Signed-off-by: Koan-Sin Tan <koansin.tan@gmail.com>
Koan-Sin Tan [Mon, 18 Apr 2016 06:28:03 +0000 (14:28 +0800)]
Add support of PSCI_EXTENDED_STATE_ID to MT8173
Signed-off-by: Koan-Sin Tan <koansin.tan@gmail.com>
Koan-Sin Tan [Thu, 19 Jan 2017 08:43:49 +0000 (16:43 +0800)]
Get rid of use of compatibility API
make 'make ARCH=aarch64 CROSS_COMPILE=aarch64-linux-gnu- PLAT=mt8173
ENABLE_PLAT_COMPAT=0' work.
Change-Id: I13f35d8aef23dfa0e65883fa0be43f1513c9fef5
Signed-off-by: Koan-Sin Tan <koansin.tan@gmail.com>
danh-arm [Mon, 23 Jan 2017 16:49:43 +0000 (16:49 +0000)]
Merge pull request #800 from masahir0y/ifdef
Correct preprocessor conditionals
danh-arm [Mon, 23 Jan 2017 16:47:55 +0000 (16:47 +0000)]
Merge pull request #815 from hzhuang1/dwmmc_v3.9
drivers: add designware emmc driver
Masahiro Yamada [Sun, 25 Dec 2016 15:22:47 +0000 (00:22 +0900)]
Use #ifdef for AARCH32 instead of #if
One nasty part of ATF is some of boolean macros are always defined
as 1 or 0, and the rest of them are only defined under certain
conditions.
For the former group, "#if FOO" or "#if !FOO" must be used because
"#ifdef FOO" is always true. (Options passed by $(call add_define,)
are the cases.)
For the latter, "#ifdef FOO" or "#ifndef FOO" should be used because
checking the value of an undefined macro is strange.
For AARCH32/AARCH64, these macros are defined in the top-level
Makefile as follows:
ifeq (${ARCH},aarch32)
$(eval $(call add_define,AARCH32))
else
$(eval $(call add_define,AARCH64))
endif
This means only one of the two is defined. So, AARCH32/AARCH64
belongs to the latter group where we should use #ifdef or #ifndef.
The conditionals are mostly coded correctly, but I see some mistakes.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada [Sun, 25 Dec 2016 14:36:24 +0000 (23:36 +0900)]
Use #ifdef for IMAGE_BL* instead of #if
One nasty part of ATF is some of boolean macros are always defined
as 1 or 0, and the rest of them are only defined under certain
conditions.
For the former group, "#if FOO" or "#if !FOO" must be used because
"#ifdef FOO" is always true. (Options passed by $(call add_define,)
are the cases.)
For the latter, "#ifdef FOO" or "#ifndef FOO" should be used because
checking the value of an undefined macro is strange.
Here, IMAGE_BL* is handled by make_helpers/build_macro.mk like
follows:
$(eval IMAGE := IMAGE_BL$(call uppercase,$(3)))
$(OBJ): $(2)
@echo " CC $$<"
$$(Q)$$(CC) $$(TF_CFLAGS) $$(CFLAGS) -D$(IMAGE) -c $$< -o $$@
This means, IMAGE_BL* is defined when building the corresponding
image, but *undefined* for the other images.
So, IMAGE_BL* belongs to the latter group where we should use #ifdef
or #ifndef.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
danh-arm [Mon, 23 Jan 2017 14:44:27 +0000 (14:44 +0000)]
Merge pull request #808 from masahir0y/build_fix
Fix parallel building
Haojian Zhuang [Fri, 18 Mar 2016 14:14:16 +0000 (22:14 +0800)]
drivers: add designware emmc driver
Support Designware eMMC driver. It's based on both IO block
and eMMC driver.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
danh-arm [Mon, 23 Jan 2017 12:00:50 +0000 (12:00 +0000)]
Merge pull request #810 from masahir0y/fiptool_fix
Fix fiptool bug introduced by recent rework
danh-arm [Mon, 23 Jan 2017 11:42:46 +0000 (11:42 +0000)]
Merge pull request #813 from antonio-nino-diaz-arm/an/libfdt
Update libfdt to version 1.4.2
danh-arm [Mon, 23 Jan 2017 11:39:17 +0000 (11:39 +0000)]
Merge pull request #812 from antonio-nino-diaz-arm/an/clear-static-vars
Clear static variables in X509 parser on error
Masahiro Yamada [Thu, 19 Jan 2017 10:31:00 +0000 (19:31 +0900)]
Build: strip trailing slashes from directory paths more simply
Append . then strip /. seems clumsy. Just use $(patsubst %/,%, ).
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada [Thu, 12 Jan 2017 01:48:22 +0000 (10:48 +0900)]
Build: Fix parallel building
Soren reports build fails if -j option is given:
$ make -j16 CROSS_COMPILE=aarch64-linux-gnu-
Building fvp
make: *** No rule to make target 'build/fvp/release/bl1/',
needed by 'build/fvp/release/bl1/bl1.ld'. Stop.
make: *** Waiting for unfinished jobs....
The cause of the failure is that $(dir ) leaves a trailing / on the
directory names. It must be ripped off to let Make create the
directory.
There are some ways to fix the issue. Here, I chose to make MAKE_LD
look like MAKE_C and MAKE_S because bl*_dirs seems the central place
of making directories.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reported-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Tested-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Antonio Nino Diaz [Fri, 13 Jan 2017 15:03:19 +0000 (15:03 +0000)]
Clear static variables in X509 parser on error
In mbedtls_x509_parser.c there are some static arrays that are filled
during the integrity check and then read whenever an authentication
parameter is requested. However, they aren't cleared in case of an
integrity check failure, which can be problematic from a security
point of view. This patch clears these arrays in the case of failure.
Change-Id: I9d48f5bc71fa13e5a75d6c45b5e34796ef13aaa2
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz [Fri, 13 Jan 2017 15:03:07 +0000 (15:03 +0000)]
Fix declarations of cache maintenance functions
Fix the parameter type of the maintenance functions of data cache.
Add missing declarations for AArch32 versions of dcsw_op_louis and
dcsw_op_all to match the AAch64 ones.
Change-Id: I4226e8ea4f8b2b5bc2972992c83de659ee0da52c
davidcunado-arm [Wed, 18 Jan 2017 13:47:06 +0000 (13:47 +0000)]
Merge pull request #801 from masahir0y/cleanup
Macro cleanups
davidcunado-arm [Wed, 18 Jan 2017 11:42:42 +0000 (11:42 +0000)]
Merge pull request #811 from davidcunado-arm/dc/dc-scratch-pad
Correct system include order
danh-arm [Wed, 18 Jan 2017 10:55:01 +0000 (10:55 +0000)]
Merge pull request #809 from paulkocialkowski/integration
mt8173: Correct SPM MCDI firmware length
danh-arm [Wed, 18 Jan 2017 10:54:49 +0000 (10:54 +0000)]
Merge pull request #790 from masahir0y/utils
add utility macros to utils.h
Masahiro Yamada [Wed, 28 Dec 2016 09:32:02 +0000 (18:32 +0900)]
qemu: remove unused BL32_SIZE
I do not see any line that references BL32_SIZE.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada [Wed, 28 Dec 2016 07:11:41 +0000 (16:11 +0900)]
Move BL_COHERENT_RAM_BASE/END defines to common_def.h
We have lots of duplicated defines (and comment blocks too).
Move them to include/plat/common/common_def.h.
While we are here, suffix the end address with _END instead of
_LIMIT. The _END is a better fit to indicate the linker-derived
real end address.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada [Tue, 17 Jan 2017 17:10:08 +0000 (02:10 +0900)]
Use *_END instead of *_LIMIT for linker derived end addresses
The usage of _LIMIT seems odd here, so rename as follows:
BL_CODE_LIMIT --> BL_CODE_END
BL_RO_DATA_LIMIT --> BL_RO_DATA_END
BL1_CODE_LIMIT --> BL1_CODE_END
BL1_RO_DATA_LIMIT --> BL1_RO_DATA_END
Basically, we want to use _LIMIT and _END properly as follows:
*_SIZE + *_MAX_SIZE = *_LIMIT
*_SIZE + *_SIZE = *_END
The _LIMIT is generally defined by platform_def.h to indicate the
platform-dependent memory constraint. So, its typical usage is
ASSERT(. <= BL31_LIMIT, "BL31 image has exceeded its limit.")
in a linker script.
On the other hand, _END is used to indicate the end address of the
compiled image, i.e. we do not know it until the image is linked.
Here, all of these macros belong to the latter, so should be
suffixed with _END.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
David Cunado [Tue, 17 Jan 2017 14:40:15 +0000 (14:40 +0000)]
Correct system include order
NOTE - this is patch does not address all occurrences of system
includes not being in alphabetical order, just this one case.
Change-Id: I3cd23702d69b1f60a4a9dd7fd4ae27418f15b7a3
Antonio Nino Diaz [Mon, 16 Jan 2017 16:11:48 +0000 (16:11 +0000)]
libfdt: Replace v1.4.1 by v1.4.2
Delete old version of libfdt at lib/libfdt. Move new libfdt API
headers to include/lib/libfdt and all other files to lib/libfdt.
Change-Id: I32b7888f1f20d62205310e363accbef169ad7b1b
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz [Mon, 16 Jan 2017 16:08:19 +0000 (16:08 +0000)]
libfdt: Minor changes to enable TF integration
* Add libfdt.mk helper makefile
* Remove unused libfdt files
* Minor changes to fdt.h and libfdt.h to make them C99 compliant
Adapted from
754d78b1b331b07456c6ea439e401402a186c626.
Change-Id: I0847f1c2e6e11f0c899b0b7ecc522c0ad7de210c
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz [Mon, 16 Jan 2017 15:55:44 +0000 (15:55 +0000)]
libfdt: Import libfdt v1.4.2
Import libfdt code from https://git.kernel.org/cgit/utils/dtc/dtc.git
tag "v1.4.2" commit
ec02b34c05be04f249ffaaca4b666f5246877dea.
This version includes commit
d0b3ab0a0f46ac929b4713da46f7fdcd893dd3bd,
which fixes a buffer overflow in fdt_offset_ptr().
Change-Id: I05a30511ea68417ee7ff26477da3f99e0bd4e06b
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz [Mon, 16 Jan 2017 17:20:45 +0000 (17:20 +0000)]
checkpatch: Fix regular expressions
When generating the list of files to check by checkpatch.pl, the list
generated by `git ls-files` is filtered by a regular expression with
grep. Due to a malformed regex, the dot of `.md` was considered a
wildcard instead of a dot. This patch fixes this so that it matches
only dots, thus allowing the two following files to be checked:
* tools/cert_create/include/cmd_opt.h
* tools/cert_create/src/cmd_opt.c
Also extended the list of library directories to check by checkpatch
to exclude any folder starting with libfdt.
Change-Id: Ie7bf18efe4df29e364e5d67ba1118515304ed9a4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Masahiro Yamada [Sat, 14 Jan 2017 14:22:02 +0000 (23:22 +0900)]
fiptool: fix add_image() and add_image_desc() implementation
The "make fip" shows the content of the generated FIP at the end of
the build. (This is shown by "fiptool info" command.)
Prior to commit
e0f083a09b29 ("fiptool: Prepare ground for expanding
the set of images at runtime"), the last part of the build log of
make CROSS_COMPILE=aarch64-linux-gnu- BL33=../u-boot/u-boot.bin fip
was like follows:
Trusted Boot Firmware BL2: offset=0xB0, size=0x4188, cmdline="--tb-fw"
EL3 Runtime Firmware BL31: offset=0x4238, size=0x6090, cmdline="--soc-fw"
Non-Trusted Firmware BL33: offset=0xA2C8, size=0x58B51, cmdline="--nt-fw"
With that commit, now it is displayed like follows:
Non-Trusted Firmware BL33: offset=0xB0, size=0x58B51, cmdline="--nt-fw"
EL3 Runtime Firmware BL31: offset=0x58C01, size=0x6090, cmdline="--soc-fw"
Trusted Boot Firmware BL2: offset=0x5EC91, size=0x4188, cmdline="--tb-fw"
You will notice two differences:
- the contents are displayed in BL33, BL31, BL2 order
- the offset values are wrong
The latter is more serious, and means "fiptool info" is broken.
Another interesting change is "fiptool update" every time reverses
the image order. For example, if you input FIP with BL2, BL31, BL33
in this order, the command will pack BL33, BL31, BL2 into FIP, in
this order. Of course, the order of components is not a big deal
except that users will have poor impression about this.
The root cause is in the implementation of add_image(); the
image_head points to the last added image. For example, if you call
add_image() for BL2, BL31, BL33 in this order, the resulted image
chain is:
image_head -> BL33 -> BL31 -> BL2
Then, they are processed from the image_head in "for" loops:
for (image = image_head; image != NULL; image = image->next) {
This means images are handled in Last-In First-Out manner.
Interestingly, "fiptool create" is still correct because
add_image_desc() also reverses the descriptor order and the command
works as before due to the double reverse.
The implementation of add_image() is efficient, but it made the
situation too complicated.
Let's make image_head point to the first added image. This will
add_image() inefficient because every call of add_image() follows
the ->next chain to get the tail. We can solve it by adopting a
nicer linked list structure, but I am not doing as far as that
because we handle only limited number of images anyway.
Do likewise for add_image_desc().
Fixes: e0f083a09b29 ("fiptool: Prepare ground for expanding the set of images at runtime")
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Paul Kocialkowski [Sun, 8 Jan 2017 10:23:58 +0000 (11:23 +0100)]
mt8173: Correct SPM MCDI firmware length
The actual length of the firmware is 1001 32 bit words.
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
Masahiro Yamada [Sat, 14 Jan 2017 15:50:41 +0000 (00:50 +0900)]
fiptool: introduce xzalloc() helper function
We often want to zero out allocated memory.
My main motivation for this commit is to set image::next and
image_desc::next to NULL automatically in the next commit.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
davidcunado-arm [Fri, 13 Jan 2017 17:18:59 +0000 (17:18 +0000)]
Merge pull request #807 from nmenon/upstream/fix-16650-rx
uart: 16550: Fix getc
davidcunado-arm [Fri, 13 Jan 2017 15:52:49 +0000 (15:52 +0000)]
Merge pull request #797 from dp-arm/dp/fiptool-improvements
fiptool: Add support for operating on binary blobs using the UUID
Masahiro Yamada [Mon, 5 Dec 2016 05:28:59 +0000 (14:28 +0900)]
utils: move BIT(n) macro to utils.h
We are duplicating this macro define, and it is useful enough
to be placed in the common place.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
danh-arm [Wed, 11 Jan 2017 14:54:29 +0000 (14:54 +0000)]
Merge pull request #796 from masahir0y/build
Improve dependency file generation
Nishanth Menon [Tue, 10 Jan 2017 15:34:07 +0000 (09:34 -0600)]
uart: 16550: Fix getc
tbz check for RDR status is to check for a bit being zero.
Unfortunately, we are using a mask rather than the bit position.
Further as per http://www.ti.com/lit/ds/symlink/pc16550d.pdf (page 17),
LSR register bit 0 is Data ready status (RDR), not bit position 2.
Update the same to match the specification.
Reported-by: Sekhar Nori <nsekhar@ti.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
danh-arm [Tue, 10 Jan 2017 11:12:08 +0000 (11:12 +0000)]
Merge pull request #805 from Xilinx/zynqmp/addr_space_size
zynqmp: Migrate to new address space macros
danh-arm [Tue, 10 Jan 2017 11:11:54 +0000 (11:11 +0000)]
Merge pull request #803 from masahir0y/tbb
TBB: fix comment about MBEDTLS_KEY_ALG default
danh-arm [Tue, 10 Jan 2017 11:11:44 +0000 (11:11 +0000)]
Merge pull request #802 from pgeorgi/rk3399m0
rockchip: Build m0 firmware without standard libraries
Soren Brinkmann [Fri, 6 Jan 2017 19:07:00 +0000 (11:07 -0800)]
zynqmp: Migrate to new address space macros
Commit
0029624fe2d4c327ac885d04d5933f82f38e7071 ("Add
PLAT_xxx_ADDR_SPACE_SIZE definition") deprecates 'ADDR_SPACE_SIZE' in
favor of PLAT_(PHY|VIRT)_ADDRESS_SPACE_SIZE. Migrate the zynqmp platform
to use the new interface.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Masahiro Yamada [Fri, 6 Jan 2017 07:51:34 +0000 (16:51 +0900)]
TBB: fix comment about MBEDTLS_KEY_ALG default
This comment block says the default algorithm is ESDSA, while the
code obviously sets the default to RSA:
ifeq (${MBEDTLS_KEY_ALG},)
MBEDTLS_KEY_ALG := rsa
endif
The git log of commit
7d37aa171158 ("TBB: add mbedTLS authentication
related libraries") states available options are:
* 'rsa' (for RSA-2048) (default option)
* 'ecdsa' (for ECDSA-SECP256R1)
So, my best guess is the comment block is wrong.
The mismatch between the code and the comment is confusing. Fix it.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada [Thu, 22 Dec 2016 06:23:05 +0000 (15:23 +0900)]
Build: add -MP option to add dummy rules to *.d files
This adds a phony target for each dependency other than the main
file, causing each to depend on nothing.
Without this, the incremental build will fail when a header file
is removed.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada [Thu, 22 Dec 2016 05:02:27 +0000 (14:02 +0900)]
Build: generate .d file at the same time as object is created
Currently, .d files are generated before any objects are built.
So, IS_ANYTHING_TO_BUILD flag is needed to avoid such processing for
non-build targets.
There is a cleverer way; just create a .d file simultaneously when
the corresponding object is created. No need to have separate rules
for .d files.
This commit will also fix a bug; -D$(IMAGE) is defined for $(OBJ),
but not for $(PREREQUISITES). So, .d files are generated with
different macro sets from those for .o files, then wrong .d files
are generated.
For example, in lib/cpus/aarch64/cpu_helpers.S
#if IMAGE_BL31
#include <cpu_data.h>
#endif
<cpu_data.h> is parsed for the object when built for BL31, but the
.d file does not pick up that dependency.
With this commit, the compiler will generate .o and .d at the same
time, guaranteeing they are generated under the same circumstances.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada [Thu, 22 Dec 2016 03:51:53 +0000 (12:51 +0900)]
Build: use CPP just for pre-processing
Using AS for pre-processing looks a bit weird, and some assembly
specific options are given for nothing. Rather, use CPP.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Masahiro Yamada [Thu, 22 Dec 2016 03:39:55 +0000 (12:39 +0900)]
Build: exclude -c flag from TF_CFLAGS
The -c flag should not be included in the global variable TF_CFLAGS;
it should be specified in the build rule only when its target is a
*.o file.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Patrick Georgi [Wed, 4 Jan 2017 18:06:14 +0000 (19:06 +0100)]
rockchip: Build m0 firmware without standard libraries
Depending on the compiler used, it might try to link in libc even though
it's not required. Stop it from doing that.
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
dp-arm [Fri, 30 Dec 2016 09:55:48 +0000 (09:55 +0000)]
fiptool: Factor out setting of image descriptor action
An image descriptor contains an action and an argument. The action
indicates the intended operation, as requested by the user. It can be
pack, unpack or remove. Factor out setting those fields to a separate
function to minimize code duplication across the various commands that
modify these fields.
Change-Id: I1682958e8e83c4884e435cff6d0833c67726461f
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
dp-arm [Fri, 30 Dec 2016 09:22:44 +0000 (09:22 +0000)]
fiptool: Remove unreferenced variable `toc_entries_len`
Change-Id: If279680a71e7fa1f801d79b8bc2cd47cd9905d33
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
dp-arm [Wed, 21 Dec 2016 14:59:30 +0000 (14:59 +0000)]
fiptool: Fix format specifier for malloc/strdup wrappers
Change-Id: Ife8f198b4c45961e85ed6f4d463daa59009dab1c
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
dp-arm [Thu, 3 Nov 2016 13:59:26 +0000 (13:59 +0000)]
fiptool: Add support for operating on binary blobs using the UUID
Previously, fiptool only understood a fixed set of images as
specified in tbbr_config.c. It preserved unknown images during
the update, unpack and remove operations but it was not possible to
explicitly refer to one of those unknown images.
Add a new --blob option to create/update/unpack/remove images that
are not known at compile time. This is accomplished by specifying
the UUID and filename pair as shown below:
$ ./fiptool create --blob uuid=
01234567-89ab-cdef-0123-
456789abcdef,file=foo.bin fip.bin
$ ./fiptool info fip.bin
01234567-89ab-cdef-0123-
456789abcdef: offset=0x60, size=0x1AA68
Fixes ARM-software/tf-issues#420
Change-Id: Iaac2504b9a4252289c09e73d29645cbe240f3a82
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
dp-arm [Mon, 14 Nov 2016 15:54:32 +0000 (15:54 +0000)]
fiptool: Prepare ground for expanding the set of images at runtime
To allow operating on images with unknown UUIDs, fiptool needs to
be able to track an arbitrary amount of images and not be limited
to the set of images described by the builtin table.
Convert the table to a list to accommodate this scenario.
Change-Id: I0e6d738eece7795d74fc72d165a3098f223d4414
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
davidcunado-arm [Fri, 23 Dec 2016 11:20:16 +0000 (11:20 +0000)]
Merge pull request #798 from douglas-raillard-arm/dr/fix_std_smc_after_suspend
Abort preempted TSP STD SMC after PSCI CPU suspend
Douglas Raillard [Thu, 24 Nov 2016 15:43:19 +0000 (15:43 +0000)]
Abort preempted TSP STD SMC after PSCI CPU suspend
Standard SMC requests that are handled in the secure-world by the Secure
Payload can be preempted by interrupts that must be handled in the
normal world. When the TSP is preempted the secure context is stored and
control is passed to the normal world to handle the non-secure
interrupt. Once completed the preempted secure context is restored. When
restoring the preempted context, the dispatcher assumes that the TSP
preempted context is still stored as the SECURE context by the context
management library.
However, PSCI power management operations causes synchronous entry into
TSP. This overwrites the preempted SECURE context in the context
management library. When restoring back the SECURE context, the Secure
Payload crashes because this context is not the preempted context
anymore.
This patch avoids corruption of the preempted SECURE context by aborting
any preempted SMC during PSCI power management calls. The
abort_std_smc_entry hook of the TSP is called when aborting the SMC
request.
It also exposes this feature as a FAST SMC callable from normal world to
abort preempted SMC with FID TSP_FID_ABORT.
Change-Id: I7a70347e9293f47d87b5de20484b4ffefb56b770
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
danh-arm [Wed, 21 Dec 2016 09:58:56 +0000 (09:58 +0000)]
Merge pull request #794 from douglas-raillard-arm/dr/fix_TSP_STD_FID_macro
Fix TSP_STD_FID macro
Douglas Raillard [Mon, 12 Dec 2016 14:37:34 +0000 (14:37 +0000)]
Fix TSP_STD_FID macro
Enforce valid FID input in TSP_STD_FID and TSP_FAST_FID macros.
Also remove an undefined behavior by using unsigned literals.
Change-Id: Id37e908da861980a4eaa3a70b37a729f416ce272
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
danh-arm [Tue, 20 Dec 2016 17:00:59 +0000 (17:00 +0000)]
Merge pull request #792 from masahir0y/zynqmp
zynqmp: add "override" directive to mandatory options
danh-arm [Tue, 20 Dec 2016 17:00:32 +0000 (17:00 +0000)]
Merge pull request #791 from jeenu-arm/asm-assert-32
AArch32: Print ASM_ASSERT and panic messages
Masahiro Yamada [Mon, 19 Dec 2016 08:41:47 +0000 (17:41 +0900)]
zynqmp: add "override" directive to mandatory options
The platform.mk sets build options required for ZynqMP, but users
can still change them from the command line, like:
make PLAT=zynqmp RESET_TO_BL31=0 CROSS_COMPILE=...
Then, the makefile shows an error message in that case:
Using BL31 as the reset vector is only one option supported on ZynqMP.
Please set RESET_TO_BL31 to 1.
If the option is not user-configurable, the makefile can specify
"override" to prevent users from changing it. We do not need the
error message for the case that never happens.
Likewise, ENABLE_PLAT_COMPAT := 0 and PROGRAMMABLE_RESET_ADDRESS := 1
are mandatory to avoid build error.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Acked-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
danh-arm [Tue, 20 Dec 2016 12:27:58 +0000 (12:27 +0000)]
Merge pull request #788 from jeenu-arm/cpuops-framework
Add provision to extend CPU operations at more levels
danh-arm [Tue, 20 Dec 2016 12:26:23 +0000 (12:26 +0000)]
Merge pull request #793 from jeenu-arm/gic-changes
GIC driver changes for extended power management
Dan Handley [Tue, 20 Dec 2016 11:45:15 +0000 (11:45 +0000)]
Merge pull request #783 from danh-arm/sb/bl1-fwu-copy
Sandrine Bailleux [Fri, 11 Nov 2016 16:58:59 +0000 (16:58 +0000)]
Improve FWU documentation
- Clarify the documentation of the 'FWU_SMC_IMAGE_COPY' SMC in the
Firmware Update guide. Also extend the list of pre-conditions to
include the additional input validation implemented by previous
patches.
- Improve documentation of bl1_plat_mem_check() in the porting
guide. It now specifies that the generic FWU code protects
bl1_plat_mem_check() from integer overflows resulting from
the addition of the base address and size passed in arguments.
Change-Id: I07b47a3778df7b9c089529b2dd2135707640a91c
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Sandrine Bailleux [Fri, 11 Nov 2016 16:44:37 +0000 (16:44 +0000)]
Fix integer overflows in BL1 FWU code
Before adding a base address and a size to compute the end
address of an image to copy or authenticate, check this
won't result in an integer overflow. If it does then consider
the input arguments are invalid.
As a result, bl1_plat_mem_check() can now safely assume the
end address (computed as the sum of the base address and size
of the memory region) doesn't overflow, as the validation is
done upfront in bl1_fwu_image_copy/auth(). A debug assertion
has been added nonetheless in the ARM implementation in order
to help catching such problems, should bl1_plat_mem_check()
be called in a different context in the future.
Fixes TFV-1: Malformed Firmware Update SMC can result in copy
of unexpectedly large data into secure memory
Change-Id: I8b8f8dd4c8777705722c7bd0e8b57addcba07e25
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Dan Handley <dan.handley@arm.com>
Sandrine Bailleux [Mon, 14 Nov 2016 14:58:05 +0000 (14:58 +0000)]
Add some debug assertions in BL1 FWU copy code
These debug assertions sanity check the state of the internal
FWU state machine data when resuming an incomplete image copy
operation.
Change-Id: I38a125b0073658c3e2b4b1bdc623ec221741f43e
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Sandrine Bailleux [Mon, 14 Nov 2016 14:56:51 +0000 (14:56 +0000)]
bl1_fwu_image_copy() refactoring
This patch refactors the code of the function handling a FWU_AUTH_COPY
SMC in BL1. All input validation has been moved upfront so it is now
shared between the RESET and COPYING states.
Change-Id: I6a86576b9ce3243c401c2474fe06f06687a70e2f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Dan Handley <dan.handley@arm.com>
Sandrine Bailleux [Fri, 11 Nov 2016 15:56:20 +0000 (15:56 +0000)]
Minor refactoring of BL1 FWU code
This patch introduces no functional change, it just changes
the serial console output.
- Improve accuracy of error messages by decoupling some
error cases;
- Improve comments;
- Move declaration of 'mem_layout' local variable closer to
where it is used and make it const;
- Rename a local variable to clarify whether it is a source
or a destination address (base_addr -> dest_addr).
Change-Id: I349fcf053e233f316310892211d49e35ef2c39d9
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Dan Handley <dan.handley@arm.com>
Sandrine Bailleux [Tue, 8 Nov 2016 14:27:10 +0000 (14:27 +0000)]
Export is_mem_free() function
The is_mem_free() function used to be local to bl_common.c.
This patch exports it so that it can be used outside of bl_common.c.
Change-Id: I01dcb4229f3a36f56a4724b567c5e6c416dc5e98
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Dan Handley [Tue, 20 Dec 2016 11:36:54 +0000 (11:36 +0000)]
Merge pull request #785 from dp-arm/dp/nvcounter
danh-arm [Mon, 19 Dec 2016 15:39:55 +0000 (15:39 +0000)]
Merge pull request #781 from yatharth-arm/yk/aarch64_tbbr_load_img_v2
Enable TRUSTED_BOARD_BOOT support for LOAD_IMAGE_V2=1
danh-arm [Mon, 19 Dec 2016 15:39:33 +0000 (15:39 +0000)]
Merge pull request #779 from dp-arm/dp/rtinstr-cache
Add two timestamps to measure PSCI cache flush overhead
danh-arm [Mon, 19 Dec 2016 15:39:01 +0000 (15:39 +0000)]
Merge pull request #778 from antonio-nino-diaz-arm/an/xlat-fixes
Fixes and improvements to translation tables library
Jeenu Viswambharan [Mon, 28 Nov 2016 09:59:27 +0000 (09:59 +0000)]
AArch32: Print ASM_ASSERT and panic messages
ASM_ASSERT failure and panic messages are suppressed at present. This
patch enables printing the PC location for panic messages, and file name
and line number upon assembly assert failure.
Change-Id: I80cb715988e7ce766f64da1e1d7065a74a096a0c
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
danh-arm [Thu, 15 Dec 2016 17:49:49 +0000 (17:49 +0000)]
Merge pull request #786 from davidcunado-arm/dc/update_foundation_model
Update Foundation Model version
danh-arm [Thu, 15 Dec 2016 17:49:21 +0000 (17:49 +0000)]
Merge pull request #782 from antonio-nino-diaz-arm/an/fix-copyright
Fix incorrect copyright notices
David Cunado [Tue, 6 Dec 2016 17:35:09 +0000 (17:35 +0000)]
Update Foundation Model version
Foundation Model release 10.2 has been made available and Trusted
Firmware has been tested against that it as part of its CI system.
This patch updates the user guide documentation to reflect the version
of Foundation Model that Trusted Firmware has been tested against.
Change-Id: I8571e1027b24892b41d04b93b24245a371ca2cae
Signed-off-by: David Cunado <david.cunado@arm.com>
Jeenu Viswambharan [Fri, 18 Nov 2016 12:58:28 +0000 (12:58 +0000)]
Add provision to extend CPU operations at more levels
Various CPU drivers in ARM Trusted Firmware register functions to handle
power-down operations. At present, separate functions are registered to
power down individual cores and clusters.
This scheme operates on the basis of core and cluster, and doesn't cater
for extending the hierarchy for power-down operations. For example,
future CPUs might support multiple threads which might need powering
down individually.
This patch therefore reworks the CPU operations framework to allow for
registering power down handlers on specific level basis. Henceforth:
- Generic code invokes CPU power down operations by the level
required.
- CPU drivers explicitly mention CPU_NO_RESET_FUNC when the CPU has no
reset function.
- CPU drivers register power down handlers as a list: a mandatory
handler for level 0, and optional handlers for higher levels.
All existing CPU drivers are adapted to the new CPU operations framework
without needing any functional changes within.
Also update firmware design guide.
Change-Id: I1826842d37a9e60a9e85fdcee7b4b8f6bc1ad043
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
dp-arm [Mon, 12 Dec 2016 14:48:13 +0000 (14:48 +0000)]
tbbr: Fix updating of Non-Trusted NV counter
The previous code required that a certificate be signed with the ROT
key before the platform's NV counter could be updated with the value
in the certificate. This implies that the Non-Trusted NV counter was
not being updated for Non-Trusted content certificates, as they cannot
be signed with the ROT key in the TBBR CoT scheme.
The code is reworked to only allow updating the platform's Trusted NV
counter when a certificate protected by the Trusted NV counter is
signed with the ROT key.
Content certificates protected by the Non-Trusted NV counter are
allowed to update the platform's Non-Trusted NV counter, assuming
that the certificate value is higher than the platform's value.
A new optional platform API has been introduced, named
plat_set_nv_ctr2(). Platforms may choose to implement it and perform
additional checks based on the authentication image descriptor before
modifying the NV counters. A default weak implementation is available
that just calls into plat_set_nv_ctr().
Fixes ARM-software/tf-issues#426
Change-Id: I4fc978fd28a3007bc0cef972ff1f69ad0413b79c
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Jeenu Viswambharan [Fri, 9 Dec 2016 11:14:34 +0000 (11:14 +0000)]
FVP: Avail GIC Redistributor power management
Earlier patches introduced GIC Redistributor power management for ARM
platforms. This patch modifies FVP power management to power down
Redistributor during CPU power on/off.
Change-Id: I2adb9c50a7dd750019fe3b4e576b5d5fc364bffb
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan [Fri, 9 Dec 2016 11:12:34 +0000 (11:12 +0000)]
Introduce ARM platform APIs for GICv3 Redistributor
As with other ARM platform GIC APIs, these directly invoke the GICv3
driver APIs for Redistributor power management.
For the sake of uniform GIC API, empty stubs are placed for those GIC
drivers that lack Redistributor component.
Change-Id: Iad0d760d4dbca790998f7768cda621ff3b15a864
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan [Fri, 9 Dec 2016 11:03:15 +0000 (11:03 +0000)]
GICv3: Introduce power management APIs for Redistributor
Some GICv3 implementations have provision for power management
operations at Redistributor level. This patch introduces and provides
place-holders for Redistributor power management. The default
implementations are empty stubs, but are weakly bound so as to enable
implementation-specific drivers to override them.
Change-Id: I4fec1358693d3603ca5dce242a2f7f0e730516d8
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
danh-arm [Wed, 14 Dec 2016 15:59:18 +0000 (15:59 +0000)]
Merge pull request #780 from douglas-raillard-arm/dr/fix_asm_signed_comparison
Fix integer comparison in memcpy16
Yatharth Kochar [Fri, 11 Nov 2016 13:57:50 +0000 (13:57 +0000)]
Enable TRUSTED_BOARD_BOOT support for LOAD_IMAGE_V2=1
This patch enables TRUSTED_BOARD_BOOT (Authentication and FWU)
support, for AArch64, when LOAD_IMAGE_V2 is enabled.
This patch also enables LOAD_IMAGE_V2 for ARM platforms.
Change-Id: I294a2eebce7a30b6784c80c9d4ac7752808ee3ad
Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>
Antonio Nino Diaz [Wed, 14 Dec 2016 14:31:32 +0000 (14:31 +0000)]
Fix incorrect copyright notices
Some files have incorrect copyright notices, this patch fixes all
files with deviations from the standard notice.
Change-Id: I66b73e78a50a235acb55f1e2ec2052a42c0570d2
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Douglas Raillard [Fri, 2 Dec 2016 13:56:06 +0000 (13:56 +0000)]
Fix integer comparison in memcpy16
Unsigned conditions should be used instead of signed ones when comparing
addresses or sizes in assembly.
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Change-Id: Id3bd9ccaf58c37037761af35ac600907c4bb0580