Yatharth Kochar [Wed, 14 Oct 2015 14:28:11 +0000 (15:28 +0100)]
FWU: Add Firmware Update support in BL2U for ARM platforms
This patch adds support for Firmware update in BL2U for ARM
platforms such that TZC initialization is performed on all
ARM platforms and (optionally) transfer of SCP_BL2U image on
ARM CSS platforms.
BL2U specific functions are added to handle early_platform and
plat_arch setup. The MMU is configured to map in the BL2U
code/data area and other required memory.
Change-Id: I57863295a608cc06e6cbf078b7ce34cbd9733e4f
Yatharth Kochar [Wed, 14 Oct 2015 14:27:24 +0000 (15:27 +0100)]
FWU: Add Generic BL2U FWU image support in BL2
The Firmware Update (FWU) feature needs support for an optional
secure world image, BL2U, to allow additional secure world
initialization required by FWU, for example DDR initialization.
This patch adds generic framework support to create BL2U.
NOTE: A platform makefile must supply additional `BL2U_SOURCES`
to build the bl2u target. A subsequent patch adds bl2u
support for ARM platforms.
Change-Id: If2ce036199bb40b39b7f91a9332106bcd4e25413
Yatharth Kochar [Sun, 11 Oct 2015 13:14:55 +0000 (14:14 +0100)]
FWU: Add Firmware Update support in BL1 for ARM platforms
This patch adds Firmware Update support for ARM platforms.
New files arm_bl1_fwu.c and juno_bl1_setup.c were added to provide
platform specific Firmware update code.
BL1 now includes mmap entry for `ARM_MAP_NS_DRAM1` to map DRAM for
authenticating NS_BL2U image(For both FVP and JUNO platform).
Change-Id: Ie116cd83f5dc00aa53d904c2f1beb23d58926555
Yatharth Kochar [Sat, 10 Oct 2015 18:06:53 +0000 (19:06 +0100)]
FWU: Add Generic Firmware Update framework support in BL1
Firmware update(a.k.a FWU) feature is part of the TBB architecture.
BL1 is responsible for carrying out the FWU process if platform
specific code detects that it is needed.
This patch adds support for FWU feature support in BL1 which is
included by enabling `TRUSTED_BOARD_BOOT` compile time flag.
This patch adds bl1_fwu.c which contains all the core operations
of FWU, which are; SMC handler, image copy, authentication, execution
and resumption. It also adds bl1.h introducing #defines for all
BL1 SMCs.
Following platform porting functions are introduced:
int bl1_plat_mem_check(uintptr_t mem_base, unsigned int mem_size,
unsigned int flags);
This function can be used to add platform specific memory checks
for the provided base/size for the given security state.
The weak definition will invoke `assert()` and return -ENOMEM.
__dead2 void bl1_plat_fwu_done(void *cookie, void *reserved);
This function can be used to initiate platform specific procedure
to mark completion of the FWU process.
The weak definition waits forever calling `wfi()`.
plat_bl1_common.c contains weak definitions for above functions.
FWU process starts when platform detects it and return the image_id
other than BL2_IMAGE_ID by using `bl1_plat_get_next_image_id()` in
`bl1_main()`.
NOTE: User MUST provide platform specific real definition for
bl1_plat_mem_check() in order to use it for Firmware update.
Change-Id: Ice189a0885d9722d9e1dd03f76cac1aceb0e25ed
Yatharth Kochar [Fri, 9 Oct 2015 17:06:13 +0000 (18:06 +0100)]
Add descriptor based image management support in BL1
As of now BL1 loads and execute BL2 based on hard coded information
provided in BL1. But due to addition of support for upcoming Firmware
Update feature, BL1 now require more flexible approach to load and
run different images using information provided by the platform.
This patch adds new mechanism to load and execute images based on
platform provided image id's. BL1 now queries the platform to fetch
the image id of the next image to be loaded and executed. In order
to achieve this, a new struct image_desc_t was added which holds the
information about images, such as: ep_info and image_info.
This patch introduces following platform porting functions:
unsigned int bl1_plat_get_next_image_id(void);
This is used to identify the next image to be loaded
and executed by BL1.
struct image_desc *bl1_plat_get_image_desc(unsigned int image_id);
This is used to retrieve the image_desc for given image_id.
void bl1_plat_set_ep_info(unsigned int image_id,
struct entry_point_info *ep_info);
This function allows platforms to update ep_info for given
image_id.
The plat_bl1_common.c file provides default weak implementations of
all above functions, the `bl1_plat_get_image_desc()` always return
BL2 image descriptor, the `bl1_plat_get_next_image_id()` always return
BL2 image ID and `bl1_plat_set_ep_info()` is empty and just returns.
These functions gets compiled into all BL1 platforms by default.
Platform setup in BL1, using `bl1_platform_setup()`, is now done
_after_ the initialization of authentication module. This change
provides the opportunity to use authentication while doing the
platform setup in BL1.
In order to store secure/non-secure context, BL31 uses percpu_data[]
to store context pointer for each core. In case of BL1 only the
primary CPU will be active hence percpu_data[] is not required to
store the context pointer.
This patch introduce bl1_cpu_context[] and bl1_cpu_context_ptr[] to
store the context and context pointers respectively. It also also
re-defines cm_get_context() and cm_set_context() for BL1 in
bl1/bl1_context_mgmt.c.
BL1 now follows the BL31 pattern of using SP_EL0 for the C runtime
environment, to support resuming execution from a previously saved
context.
NOTE: THE `bl1_plat_set_bl2_ep_info()` PLATFORM PORTING FUNCTION IS
NO LONGER CALLED BY BL1 COMMON CODE. PLATFORMS THAT OVERRIDE
THIS FUNCTION MAY NEED TO IMPLEMENT `bl1_plat_set_ep_info()`
INSTEAD TO MAINTAIN EXISTING BEHAVIOUR.
Change-Id: Ieee4c124b951c2e9bc1c1013fa2073221195d881
Yatharth Kochar [Fri, 2 Oct 2015 16:56:48 +0000 (17:56 +0100)]
Move context management code to common location
The upcoming Firmware Update feature needs transitioning across
Secure/Normal worlds to complete the FWU process and hence requires
context management code to perform this task.
Currently context management code is part of BL31 stage only.
This patch moves the code from (include)/bl31 to (include)/common.
Some function declarations/definitions and macros have also moved
to different files to help code sharing.
Change-Id: I3858b08aecdb76d390765ab2b099f457873f7b0c
Yatharth Kochar [Sun, 11 Oct 2015 14:03:51 +0000 (15:03 +0100)]
SoC security setup for CSS platforms in BL1
This patch adds support for secure setup of the SoC on CSS
platforms in BL1.
This change is required to provide memory access to normal
world images that take part in upcoming Firmware Update feature.
Change-Id: Ib202fb6cb82622c1874b700637d82ea72575e6fe
Yatharth Kochar [Thu, 29 Oct 2015 12:47:02 +0000 (12:47 +0000)]
Remove `RUN_IMAGE` usage as opcode passed to next EL.
The primary usage of `RUN_IMAGE` SMC function id, used by BL2 is to
make a request to BL1 to execute BL31. But BL2 also uses it as
opcode to check if it is allowed to execute which is not the
intended usage of `RUN_IMAGE` SMC.
This patch removes the usage of `RUN_IMAGE` as opcode passed to
next EL to check if it is allowed to execute.
Change-Id: I6aebe0415ade3f43401a4c8a323457f032673657
Yatharth Kochar [Fri, 2 Oct 2015 12:58:52 +0000 (13:58 +0100)]
Add uppercase macro to build_macros.mk
This patch adds `uppercase` macro to prepare IMAGE_BLxx defines
used for conditional compilation and to prepare variables used
for defining BL source and linker file names.
This change is needed for upcoming BL images that can have names
which uses both letters and numbers.
Change-Id: I05ce9bcd0d221a54db92c0fe3ad28e9e0080ed2e
danh-arm [Wed, 9 Dec 2015 16:15:23 +0000 (16:15 +0000)]
Merge pull request #461 from yatharth-arm/yk/nvidia_patch
Include psci.h from tegra platform header
Yatharth Kochar [Wed, 9 Dec 2015 14:22:47 +0000 (14:22 +0000)]
Include psci.h from tegra platform header
The `plat/nvidia/tegra/include/tegra_private.h` file uses resources
from psci.h (for example, psci_power_state_t) but does not explicitly
include psci.h. This does not currently cause a problem since psci.h
is indirectly included via other headers. However, this may not be
the case in future.
This patch explicitly includes psci.h from tegra_private.h
Change-Id: Ia991147898dbd117c1d3496a95850995a5554c05
danh-arm [Wed, 9 Dec 2015 15:16:08 +0000 (15:16 +0000)]
Merge pull request #460 from sandrine-bailleux/sb/init-vttbrel2-vmid
Initialize VTTBR_EL2 when bypassing EL2
Sandrine Bailleux [Wed, 25 Nov 2015 17:00:44 +0000 (17:00 +0000)]
Initialize VTTBR_EL2 when bypassing EL2
In the situation that EL1 is selected as the exception level for the
next image upon BL31 exit for a processor that supports EL2, the
context management code must configure all essential EL2 register
state to ensure correct execution of EL1.
VTTBR_EL2 should be part of this set of EL2 registers because:
- The ARMv8-A architecture does not define a reset value for this
register.
- Cache maintenance operations depend on VTTBR_EL2.VMID even when
non-secure EL1&0 stage 2 address translation are disabled.
This patch initializes the VTTBR_EL2 register to 0 when bypassing EL2
to address this issue. Note that this bug has not yet manifested
itself on FVP or Juno because VTTBR_EL2.VMID resets to 0 on the
Cortex-A53 and Cortex-A57.
Change-Id: I58ce2d16a71687126f437577a506d93cb5eecf33
danh-arm [Wed, 9 Dec 2015 11:27:32 +0000 (11:27 +0000)]
Merge pull request #458 from soby-mathew/sm/rem_tzc_base_assert
Remove the assert for TZC base during initialization
danh-arm [Wed, 9 Dec 2015 11:27:12 +0000 (11:27 +0000)]
Merge pull request #457 from soby-mathew/sm/fix_fpregs_restore
Fix issue in Floating point register restore
danh-arm [Wed, 9 Dec 2015 10:41:08 +0000 (10:41 +0000)]
Merge pull request #456 from soby-mathew/sm/gicv3-tsp-plat-changes-v2
Modify TSP and ARM standard platforms for new GIC drivers v2
danh-arm [Wed, 9 Dec 2015 10:40:51 +0000 (10:40 +0000)]
Merge pull request #455 from jcastillo-arm/jc/fvp_delay_timer
Fix SP804 delay timer on FVP
Soby Mathew [Thu, 3 Dec 2015 09:42:50 +0000 (09:42 +0000)]
Fix issue in Floating point register restore
The `fpregs_context_restore()` function used to restore the floating point
regsiter context had a typo error wherein it was doing `str` instead of
`ldr` for a register. This issue remained undetected becuase none of the ARM
Standard development platforms save and restore the floating point register
context when a context switch is done. This patch corrects the issue.
Change-Id: Id178e0ba254a5e0a4a844f54b39d71dc34e0f6ea
Soby Mathew [Fri, 13 Nov 2015 02:08:43 +0000 (02:08 +0000)]
TSP: Allow preemption of synchronous S-EL1 interrupt handling
Earlier the TSP only ever expected to be preempted during Standard SMC
processing. If a S-EL1 interrupt triggered while in the normal world, it
will routed to S-EL1 `synchronously` for handling. The `synchronous` S-EL1
interrupt handler `tsp_sel1_intr_entry` used to panic if this S-EL1 interrupt
was preempted by another higher priority pending interrupt which should be
handled in EL3 e.g. Group0 interrupt in GICv3.
With this patch, the `tsp_sel1_intr_entry` now expects `TSP_PREEMPTED` as the
return code from the `tsp_common_int_handler` in addition to 0 (interrupt
successfully handled) and in both cases it issues an SMC with id
`TSP_HANDLED_S_EL1_INTR`. The TSPD switches the context and returns back
to normal world. In case a higher priority EL3 interrupt was pending, the
execution will be routed to EL3 where interrupt will be handled. On return
back to normal world, the pending S-EL1 interrupt which was preempted will
get routed to S-EL1 to be handled `synchronously` via `tsp_sel1_intr_entry`.
Change-Id: I2087c7fedb37746fbd9200cdda9b6dba93e16201
Soby Mathew [Mon, 23 Nov 2015 13:58:45 +0000 (13:58 +0000)]
Enable support for EL3 interrupt in IMF
This patch enables support for EL3 interrupts in the Interrupt Management
Framework (IMF) of ARM Trusted Firmware. Please note that although the
registration of the EL3 interrupt type is now supported, it has not been
tested on any of the ARM Standard platforms.
Change-Id: If4dcdc7584621522a2f3ea13ea9b1ad0a76bb8a1
Achin Gupta [Tue, 3 Nov 2015 14:18:34 +0000 (14:18 +0000)]
Rework use of ARM GIC drivers on ARM platforms
Suport for ARM GIC v2.0 and v3.0 drivers has been reworked to create three
separate drivers instead of providing a single driver that can work on both
versions of the GIC architecture. These drivers correspond to the following
software use cases:
1. A GICv2 only driver that can run only on ARM GIC v2.0 implementations
e.g. GIC-400
2. A GICv3 only driver that can run only on ARM GIC v3.0 implementations
e.g. GIC-500 in a mode where all interrupt regimes use GICv3 features
3. A deprecated GICv3 driver that operates in legacy mode. This driver can
operate only in the GICv2 mode in the secure world. On a GICv3 system, this
driver allows normal world to run in either GICv3 mode (asymmetric mode)
or in the GICv2 mode. Both modes of operation are deprecated on GICv3
systems.
ARM platforms implement both versions of the GIC architecture. This patch adds a
layer of abstraction to help ARM platform ports chose the right GIC driver and
corresponding platform support. This is as described below:
1. A set of ARM common functions have been introduced to initialise the GIC and
the driver during cold and warm boot. These functions are prefixed as
"plat_arm_gic_". Weak definitions of these functions have been provided for
each type of driver.
2. Each platform includes the sources that implement the right functions
directly into the its makefile. The FVP can be instantiated with different
versions of the GIC architecture. It uses the FVP_USE_GIC_DRIVER build option
to specify which of the three drivers should be included in the build.
3. A list of secure interrupts has to be provided to initialise each of the
three GIC drivers. For GIC v3.0 the interrupt ids have to be further
categorised as Group 0 and Group 1 Secure interrupts. For GIC v2.0, the two
types are merged and treated as Group 0 interrupts.
The two lists of interrupts are exported from the platform_def.h. The lists
are constructed by adding a list of board specific interrupt ids to a list of
ids common to all ARM platforms and Compute sub-systems.
This patch also makes some fields of `arm_config` data structure in FVP redundant
and these unused fields are removed.
Change-Id: Ibc8c087be7a8a6b041b78c2c3bd0c648cd2035d8
Soby Mathew [Mon, 26 Oct 2015 14:01:53 +0000 (14:01 +0000)]
Prepare platforms to use refactored ARM GIC drivers
This patch adds platform helpers for the new GICv2 and GICv3 drivers in
plat_gicv2.c and plat_gicv3.c. The platforms can include the appropriate
file in their build according to the GIC driver to be used. The existing
plat_gic.c is only meant for the legacy GIC driver.
In the case of ARM platforms, the major changes are as follows:
1. The crash reporting helper macro `arm_print_gic_regs` that prints the GIC CPU
interface register values has been modified to detect the type of CPU
interface being used (System register or memory mappped interface) before
using the right interface to print the registers.
2. The power management helper function that is called after a core is powered
up has been further refactored. This is to highlight that the per-cpu
distributor interface should be initialised only when the core was originally
powered down using the CPU_OFF PSCI API and not when the CPU_SUSPEND PSCI API
was used.
3. In the case of CSS platforms, the system power domain restore helper
`arm_system_pwr_domain_resume()` is now only invoked in the `suspend_finish`
handler as the system power domain is always expected to be initialized when
the `on_finish` handler is invoked.
Change-Id: I7fc27d61fc6c2a60cea2436b676c5737d0257df6
danh-arm [Tue, 8 Dec 2015 18:14:10 +0000 (18:14 +0000)]
Merge pull request #454 from yatharth-arm/vk/deprecate-cci-400
Add CCI-400 specific driver to deprecated driver list
Vikram Kanigiri [Thu, 3 Dec 2015 17:49:45 +0000 (17:49 +0000)]
Add CCI-400 specific driver to deprecated driver list
Add compile time `__warn_deprecated` flag to public api's in CCI-400
specific driver so that user is aware of the driver being deprecated.
Similarly, it also adds an error message when `ERROR_DEPRECATED` is set
to prevent succesful compilation if CCI-400 specific driver is used.
Change-Id: Id7e61a560262abc01cbbd432ca85b9bf448a194d
Soby Mathew [Mon, 7 Dec 2015 17:55:40 +0000 (17:55 +0000)]
Remove the assert for TZC base during initialization
When resuming from system suspend the TZC needs to be
re-initialized. Hence the assertion for TZC base address
to detect re-initialization is removed.
Change-Id: I53d64146f6c919e95526441bb997f7b309c68141
danh-arm [Tue, 8 Dec 2015 14:02:45 +0000 (14:02 +0000)]
Merge pull request #452 from vwadekar/tegra-new-platform-apis-v2
Tegra new platform apis v2
Varun Wadekar [Fri, 7 Aug 2015 04:33:00 +0000 (10:03 +0530)]
Tegra: remove support for legacy platform APIs
This patch modifies the Tegra port to support the new platform
APIs so that we can disable the compat layer. This includes
modifications to the power management and platform topology code.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Soby Mathew [Thu, 3 Sep 2015 17:29:38 +0000 (18:29 +0100)]
Enable use of FIQs and IRQs as TSP interrupts
On a GICv2 system, interrupts that should be handled in the secure world are
typically signalled as FIQs. On a GICv3 system, these interrupts are signalled
as IRQs instead. The mechanism for handling both types of interrupts is the same
in both cases. This patch enables the TSP to run on a GICv3 system by:
1. adding support for handling IRQs in the exception handling code.
2. removing use of "fiq" in the names of data structures, macros and functions.
The build option TSPD_ROUTE_IRQ_TO_EL3 is deprecated and is replaced with a
new build flag TSP_NS_INTR_ASYNC_PREEMPT. For compatibility reasons, if the
former build flag is defined, it will be used to define the value for the
new build flag. The documentation is also updated accordingly.
Change-Id: I1807d371f41c3656322dd259340a57649833065e
Soby Mathew [Tue, 22 Sep 2015 11:01:18 +0000 (12:01 +0100)]
Unify interrupt return paths from TSP into the TSPD
The TSP is expected to pass control back to EL3 if it gets preempted due to
an interrupt while handling a Standard SMC in the following scenarios:
1. An FIQ preempts Standard SMC execution and that FIQ is not a TSP Secure
timer interrupt or is preempted by a higher priority interrupt by the time
the TSP acknowledges it. In this case, the TSP issues an SMC with the ID
as `TSP_EL3_FIQ`. Currently this case is never expected to happen as only
the TSP Secure Timer is expected to generate FIQ.
2. An IRQ preempts Standard SMC execution and in this case the TSP issues
an SMC with the ID as `TSP_PREEMPTED`.
In both the cases, the TSPD hands control back to the normal world and returns
returns an error code to the normal world to indicate that the standard SMC it
had issued has been preempted but not completed.
This patch unifies the handling of these two cases in the TSPD and ensures that
the TSP only uses TSP_PREEMPTED instead of separate SMC IDs. Also instead of 2
separate error codes, SMC_PREEMPTED and TSP_EL3_FIQ, only SMC_PREEMPTED is
returned as error code back to the normal world.
Background information: On a GICv3 system, when the secure world has affinity
routing enabled, in 2. an FIQ will preempt TSP execution instead of an IRQ. The
FIQ could be a result of a Group 0 or a Group 1 NS interrupt. In both case, the
TSPD passes control back to the normal world upon receipt of the TSP_PREEMPTED
SMC. A Group 0 interrupt will immediately preempt execution to EL3 where it
will be handled. This allows for unified interrupt handling in TSP for both
GICv3 and GICv2 systems.
Change-Id: I9895344db74b188021e3f6a694701ad272fb40d4
Soby Mathew [Thu, 3 Dec 2015 14:12:54 +0000 (14:12 +0000)]
Rename GICv3 interrupt group macros
This patch renames the GICv3 interrupt group macros from
INT_TYPE_G0, INT_TYPE_G1S and INT_TYPE_G1NS to INTR_GROUP0,
INTR_GROUP1S and INTR_GROUP1NS respectively.
Change-Id: I40c66f589ce6234fa42205adcd91f7d6ad8f33d4
Juan Castillo [Tue, 1 Dec 2015 16:10:15 +0000 (16:10 +0000)]
Fix SP804 delay timer on FVP
This patch fixes several issues with the SP804 delay timer on FVP:
* By default, the SP804 dual timer on FVP runs at 32 KHz. In order
to run the timer at 35 MHz (as specified in the FVP user manual)
the Overwrite bit in the SP810 control register must be set.
* The CLKMULT and CLKDIV definitions are mixed up:
delta(us) = delta(ticks) * T(us) = delta(ticks) / f(MHz)
From the delay function:
delta_us = (delta * ops->clk_mult) / ops->clk_div;
Matching both expressions:
1 / f(MHz) = ops->clk_mult / ops->clk_div
And consequently:
f(MHz) = ops->clk_div / ops->clk_mult
Which, for a 35 MHz timer, translates to:
ops->clk_div = 35
ops->clk_mult = 1
* The comment in the delay timer header file has been corrected:
The ratio of the multiplier and the divider is the clock period
in microseconds, not the frequency.
Change-Id: Iffd5ce0a5a28fa47c0720c0336d81b678ff8fdf1
danh-arm [Wed, 2 Dec 2015 16:48:20 +0000 (16:48 +0000)]
Merge pull request #446 from vikramkanigiri/vk/tzc-400
Fix TZC-400 peripheral detection
danh-arm [Wed, 2 Dec 2015 16:42:33 +0000 (16:42 +0000)]
Merge pull request #449 from jcastillo-arm/jc/tbb_oid
TBB: add ARM OIDs
danh-arm [Wed, 2 Dec 2015 16:42:06 +0000 (16:42 +0000)]
Merge pull request #444 from jcastillo-arm/jc/tbb_wdog
Jc/tbb wdog
Juan Castillo [Tue, 6 Oct 2015 13:01:35 +0000 (14:01 +0100)]
TBB: add Trusted Watchdog support on ARM platforms
This patch adds watchdog support on ARM platforms (FVP and Juno).
A secure instance of SP805 is used as Trusted Watchdog. It is
entirely managed in BL1, being enabled in the early platform setup
hook and disabled in the exit hook. By default, the watchdog is
enabled in every build (even when TBB is disabled).
A new ARM platform specific build option `ARM_DISABLE_TRUSTED_WDOG`
has been introduced to allow the user to disable the watchdog at
build time. This feature may be used for testing or debugging
purposes.
Specific error handlers for Juno and FVP are also provided in this
patch. These handlers will be called after an image load or
authentication error. On FVP, the Table of Contents (ToC) in the FIP
is erased. On Juno, the corresponding error code is stored in the
V2M Non-Volatile flags register. In both cases, the CPU spins until
a watchdog reset is generated after 256 seconds (as specified in
the TBBR document).
Change-Id: I9ca11dcb0fe15af5dbc5407ab3cf05add962f4b4
Juan Castillo [Wed, 2 Dec 2015 09:48:34 +0000 (09:48 +0000)]
TBB: add ARM OIDs
This patch adds ARM specific OIDs which will be used to extract
the extension data from the certificates. These OIDs are arranged
as a subtree whose root node has been specifically allocated for
ARM Ltd.
{ iso(1) identified-organization(3) dod(6) internet(1)
private(4) enterprise(1) 4128 }
Change-Id: Ice20b3c8a31ddefe9102f3bd42f7429986f3ac34
danh-arm [Tue, 1 Dec 2015 19:02:24 +0000 (19:02 +0000)]
Merge pull request #443 from achingupta/sb/el3_payloads-cb_single_cpu
Add support to boot EL3 payloads and only a single CPU at cold reset
danh-arm [Tue, 1 Dec 2015 18:31:14 +0000 (18:31 +0000)]
Merge pull request #445 from jcastillo-arm/jc/tf-issues/320
Add NULL pointer check before reading BL32 entry point information
danh-arm [Tue, 1 Dec 2015 18:29:16 +0000 (18:29 +0000)]
Merge pull request #442 from soby-mathew/sm/remove_imf_read_intid
Remove the IMF_READ_INTERRUPT_ID build option
Vikram Kanigiri [Tue, 20 Oct 2015 15:55:26 +0000 (16:55 +0100)]
Fix TZC-400 peripheral detection
The TZC-400 driver implementation incorrectly uses the component
ID registers to detect the TZC-400 peripheral. As all ARM
peripherals share the same component ID, it doesn't allow to
uniquely identify the TZC-400 peripheral. This patch fixes the
TZC-400 driver by relying on the `part_number_0` and
`part_number_1` fields in the `PID` registers instead.
The `tzc_read_component_id` function has been replaced by
`tzc_read_peripheral_id`, which reads the 'part_number' values
and compares them with the TZC-400 peripheral ID.
Also, it adds a debug assertion to detect when the TZC driver
initialisation function is called multiple times.
Change-Id: I35949f6501a51c0a794144cd1c3a6db62440dce6
Juan Castillo [Tue, 8 Jul 2014 16:20:41 +0000 (17:20 +0100)]
Add a simple ARM SP805 watchdog driver
Based on SP805 Programmer's model (ARM DDI 0270B). This driver
provides three public APIs:
void sp805_start(uintptr_t base, unsigned long ticks);
void sp805_stop(uintptr_t base);
void sp805_refresh(uintptr_t base, unsigned long ticks);
Upon start, the watchdog starts counting down from the number of
ticks specified. When the count reaches 0 an interrupt is triggered.
The watchdog restarts counting down from the number of ticks
specified. If the count reaches 0 again, the system is reset. A
mechanism to handle the interrupt has not been implemented. Instead,
the API to refresh the watchdog should be used instead to prevent a
system reset.
Change-Id: I799d53f8d1213b10b341a4a67fde6486e89a3dab
Juan Castillo [Wed, 12 Aug 2015 11:53:02 +0000 (12:53 +0100)]
Add basic NOR flash driver for ARM platforms
FVP and Juno platforms include a NOR flash memory to store and
load the FIP, the kernel or a ramdisk. This NOR flash is arranged
as 2 x 16 bit flash devices and can be programmed using CFI
standard commands.
This patch provides a basic API to write single 32 bit words of
data into the NOR flash. Functions to lock/unlock blocks against
erase or write operations are also provided.
Change-Id: I1da7ad3105b1ea409c976adc863954787cbd90d2
Sandrine Bailleux [Wed, 11 Nov 2015 11:39:32 +0000 (11:39 +0000)]
User Guide: Remove reference to porting guide
The implications of the 'PROGRAMMABLE_RESET_ADDRESS' build option on
the platform porting layer are simple enough to be described in the
User Guide directly. This patch removes the reference to the Porting
Guide.
Change-Id: I7f753b18abd20effc4fd30836609e1fd51d9221d
Sandrine Bailleux [Fri, 30 Oct 2015 15:05:17 +0000 (15:05 +0000)]
Introduce COLD_BOOT_SINGLE_CPU build option
This patch introduces a new build option named COLD_BOOT_SINGLE_CPU,
which allows platforms that only release a single CPU out of reset to
slightly optimise their cold boot code, both in terms of code size
and performance.
COLD_BOOT_SINGLE_CPU defaults to 0, which assumes that the platform
may release several CPUs out of reset. In this case, the cold reset
code needs to coordinate all CPUs via the usual primary/secondary
CPU distinction.
If a platform guarantees that only a single CPU will ever be released
out of reset, there is no need to arbitrate execution ; the notion of
primary and secondary CPUs itself no longer exists. Such platforms
may set COLD_BOOT_SINGLE_CPU to 1 in order to compile out the
primary/secondary CPU identification in the cold reset code.
All ARM standard platforms can release several CPUs out of reset
so they use COLD_BOOT_SINGLE_CPU=0. However, on CSS platforms like
Juno, bringing up more than one CPU at reset should only be attempted
when booting an EL3 payload, as it is not fully supported in the
normal boot flow.
For platforms using COLD_BOOT_SINGLE_CPU=1, the following 2 platform
APIs become optional:
- plat_secondary_cold_boot_setup();
- plat_is_my_cpu_primary().
The Porting Guide has been updated to reflect that.
User Guide updated as well.
Change-Id: Ic5b474e61b7aec1377d1e0b6925d17dfc376c46b
Sandrine Bailleux [Thu, 1 Oct 2015 09:25:15 +0000 (10:25 +0100)]
Document the EL3 payload support
- Document the new build option EL3_PAYLOAD_BASE
- Document the EL3 payload boot flow
- Document the FVP model parameters to boot an EL3 payload
Change-Id: Ie6535914a9a68626e4401659bee4fcfd53d4bd37
Sandrine Bailleux [Fri, 2 Oct 2015 13:35:25 +0000 (14:35 +0100)]
FVP: Do not power off secondary CPUs when booting an EL3 payload
Normally, in the FVP port, secondary CPUs are immediately powered
down if they are powered on at reset. However, when booting an EL3
payload, we need to keep them powered on as the requirement is for
all CPUs to enter the EL3 payload image. This patch puts them in a
holding pen instead of powering them off.
Change-Id: I6526a88b907a0ddb820bead72f1d350a99b1692c
Sandrine Bailleux [Wed, 29 Apr 2015 15:28:52 +0000 (16:28 +0100)]
CSS: Put secondary CPUs in a pen when booting an EL3 payload
By default, only the primary CPU is powered on by SCP on CSS
platforms. Secondary CPUs are then powered on later using PSCI
calls.
However, it is possible to power on more than one CPU at boot time
using platform specific settings. In this case, several CPUs will
enter the Trusted Firmware and execute the cold boot path code.
This is currently not supported and secondary CPUs will panic.
This patch preserves this behaviour in the normal boot flow.
However, when booting an EL3 payload, secondary CPUs are now held in
a pen until their mailbox is populated, at which point they jump to
this address. Note that, since all CPUs share the same mailbox, they
will all be released from their holding pen at the same time and the
EL3 payload is responsible to arbitrate execution between CPUs if
required.
Change-Id: I83737e0c9f15ca5e73afbed2e9c761bc580735b9
Sandrine Bailleux [Thu, 26 Nov 2015 16:31:34 +0000 (16:31 +0000)]
CSS: Enable booting of EL3 payloads
This patch adds support for booting EL3 payloads on CSS platforms,
for example Juno. In this scenario, the Trusted Firmware follows
its normal boot flow up to the point where it would normally pass
control to the BL31 image. At this point, it jumps to the EL3
payload entry point address instead.
Before handing over to the EL3 payload, the data SCP writes for AP
at the beginning of the Trusted SRAM is restored, i.e. we zero the
first 128 bytes and restore the SCP Boot configuration. The latter
is saved before transferring the BL30 image to SCP and is restored
just after the transfer (in BL2). The goal is to make it appear that
the EL3 payload is the first piece of software to run on the target.
The BL31 entrypoint info structure is updated to make the primary
CPU jump to the EL3 payload instead of the BL31 image.
The mailbox is populated with the EL3 payload entrypoint address,
which releases the secondary CPUs out of their holding pen (if the
SCP has powered them on). The arm_program_trusted_mailbox() function
has been exported for this purpose.
The TZC-400 configuration in BL2 is simplified: it grants secure
access only to the whole DRAM. Other security initialization is
unchanged.
This alternative boot flow is disabled by default. A new build option
EL3_PAYLOAD_BASE has been introduced to enable it and provide the EL3
payload's entry point address. The build system has been modified
such that BL31 and BL33 are not compiled and/or not put in the FIP in
this case, as those images are not used in this boot flow.
Change-Id: Id2e26fa57988bbc32323a0effd022ab42f5b5077
Sandrine Bailleux [Tue, 10 Nov 2015 15:01:57 +0000 (15:01 +0000)]
Pass the entry point info to bl1_plat_prepare_exit()
This patch modifies the prototype of the bl1_plat_prepare_exit()
platform API to pass the address of the entry point info structure
received from BL2. The structure contains information that can be
useful, depending on the kind of clean up or bookkeeping operations
to perform.
The weak implementation of this function ignores this argument to
preserve platform backwards compatibility.
NOTE: THIS PATCH MAY BREAK PLATFORM PORTS THAT ARE RELYING ON THE
FORMER PROTOTYPE OF THE BL1_PLAT_PREPARE_EXIT() API.
Change-Id: I3fc18f637de06c85719c4ee84c85d6a4572a0fdb
Sandrine Bailleux [Tue, 10 Nov 2015 10:01:19 +0000 (10:01 +0000)]
Introduce SPIN_ON_BL1_EXIT build flag
This patch introduces a new build flag, SPIN_ON_BL1_EXIT, which
puts an infinite loop in BL1. It is intended to help debugging
the post-BL2 phase of the Trusted Firmware by stopping execution
in BL1 just before handing over to BL31. At this point, the
developer may take control of the target using a debugger.
This feature is disabled by default and can be enabled by
rebuilding BL1 with SPIN_ON_BL1_EXIT=1.
User Guide updated accordingly.
Change-Id: I6b6779d5949c9e5571dd371255520ef1ac39685c
Soby Mathew [Tue, 27 Oct 2015 10:01:06 +0000 (10:01 +0000)]
Remove the IMF_READ_INTERRUPT_ID build option
The IMF_READ_INTERRUPT_ID build option enables a feature where the interrupt
ID of the highest priority pending interrupt is passed as a parameter to the
interrupt handler registered for that type of interrupt. This additional read
of highest pending interrupt id from GIC is problematic as it is possible that
the original interrupt may get deasserted and another interrupt of different
type maybe become the highest pending interrupt. Hence it is safer to prevent
such behaviour by removing the IMF_READ_INTERRUPT_ID build option.
The `id` parameter of the interrupt handler `interrupt_type_handler_t` is
now made a reserved parameter with this patch. It will always contain
INTR_ID_UNAVAILABLE.
Fixes ARM-software/tf-issues#307
Change-Id: I2173aae1dd37edad7ba6bdfb1a99868635fa34de
Achin Gupta [Thu, 26 Nov 2015 16:30:24 +0000 (16:30 +0000)]
Merge pull request #439 from soby-mathew/sm/new-gic-driver
Introduce new GICv3 and GICv2 drivers
Soby Mathew [Mon, 26 Oct 2015 14:32:09 +0000 (14:32 +0000)]
Deprecate the GIC Legacy driver.
This patch deprecates the legacy ARM GIC driver and related header files
(arm_gic.h, gic_v2.h, gic_v3.h). For GICv2 systems, platform ports should
use the GICv2 driver in include/drivers/arm/gicv2.h and for GICv3 systems,
platform ports should use the GICv3 driver in include/drivers/arm/gicv3.h
NOTE: The ARM Legacy GIC drivers have been deprecated with this patch.
Platform ports are encouraged to migrate to the new GIC drivers.
Change-Id: Ic0460ef0427b54a6aac476279a7f29b81943e942
Soby Mathew [Wed, 7 Oct 2015 08:45:27 +0000 (09:45 +0100)]
Add ARM GICv2 driver
This patch adds a driver for ARM GICv2 systems, example GIC-400. Unlike
the existing GIC driver in `include/drivers/arm/arm_gic.h`, this driver
is optimised for GICv2 and does not support GICv3 systems in GICv2
compatibility mode. The driver interface has been implemented in
`drivers/arm/gic/v2/gicv2_main.c`. The corresponding header is in
`include/drivers/arm/gicv2.h`. Helper functions are implemented in
`drivers/arm/gic/v2/gicv2_helpers.c` and are accessible through the
`drivers/arm/gic/v2/gicv2_private.h` header.
Change-Id: I09fffa4e621fb99ba3c01204839894816cd89a2a
Achin Gupta [Thu, 3 Sep 2015 13:18:02 +0000 (14:18 +0100)]
Add ARM GICv3 driver without support for legacy operation
This patch adds a driver for ARM GICv3 systems that need to run software
stacks where affinity routing is enabled across all privileged exception
levels for both security states. This driver is a partial implementation
of the ARM Generic Interrupt Controller Architecture Specification, GIC
architecture version 3.0 and version 4.0 (ARM IHI 0069A). The driver does
not cater for legacy support of interrupts and asymmetric configurations.
The existing GIC driver has been preserved unchanged. The common code for
GICv2 and GICv3 systems has been refactored into a new file,
`drivers/arm/gic/common/gic_common.c`. The corresponding header is in
`include/drivers/arm/gic_common.h`.
The driver interface is implemented in `drivers/arm/gic/v3/gicv3_main.c`.
The corresponding header is in `include/drivers/arm/gicv3.h`. Helper
functions are implemented in `drivers/arm/gic/v3/arm_gicv3_helpers.c`
and are accessible through the `drivers/arm/gic/v3/gicv3_private.h`
header.
Change-Id: I8c3c834a1d049d05b776b4dcb76b18ccb927444a
Achin Gupta [Thu, 26 Nov 2015 12:25:54 +0000 (12:25 +0000)]
Merge pull request #438 from soby-mathew/sm/error_deprecate
Replace build macro WARN_DEPRECATED with ERROR_DEPRECATED
Varun Wadekar [Thu, 27 Aug 2015 04:55:29 +0000 (10:25 +0530)]
Tegra: flowctrl: rename tegra_fc_cpu_idle() to tegra_fc_cpu_powerdn()
This patch renames the tegra_fc_cpu_idle() function to a more appropriate
tegra_fc_cpu_powerdn() to better reflect its usage.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Soby Mathew [Mon, 26 Oct 2015 14:29:21 +0000 (14:29 +0000)]
Replace build macro WARN_DEPRECATED with ERROR_DEPRECATED
This patch changes the build time behaviour when using deprecated API within
Trusted Firmware. Previously the use of deprecated APIs would only trigger a
build warning (which was always treated as a build error), when
WARN_DEPRECATED = 1. Now, the use of deprecated C declarations will always
trigger a build time warning. Whether this warning is treated as error or not
is determined by the build flag ERROR_DEPRECATED which is disabled by default.
When the build flag ERROR_DEPRECATED=1, the invocation of deprecated API or
inclusion of deprecated headers will result in a build error.
Also the deprecated context management helpers in context_mgmt.c are now
conditionally compiled depending on the value of ERROR_DEPRECATED flag
so that the APIs themselves do not result in a build error when the
ERROR_DEPRECATED flag is set.
NOTE: Build systems that use the macro WARN_DEPRECATED must migrate to
using ERROR_DEPRECATED, otherwise deprecated API usage will no longer
trigger a build error.
Change-Id: I843bceef6bde979af7e9b51dddf861035ec7965a
Achin Gupta [Thu, 19 Nov 2015 21:46:43 +0000 (21:46 +0000)]
Merge pull request #435 from sandrine-bailleux/sb/juno-r2
Changes to platform reset handler for Juno r2
Achin Gupta [Thu, 19 Nov 2015 15:03:17 +0000 (15:03 +0000)]
Merge pull request #429 from vikramkanigiri/vk/fix_sctlr_res1
Add missing RES1 bit in SCTLR_EL1
Achin Gupta [Thu, 19 Nov 2015 15:03:01 +0000 (15:03 +0000)]
Merge pull request #430 from jcastillo-arm/jc/tf-issues/333
Fix build error when `BL32` is not defined
Sandrine Bailleux [Wed, 18 Nov 2015 11:59:35 +0000 (11:59 +0000)]
Juno R2: Configure the correct L2 RAM latency values
The default reset values for the L2 Data & Tag RAM latencies on the
Cortex-A72 on Juno R2 are not suitable. This patch modifies
the Juno platform reset handler to configure the right settings
on Juno R2.
Change-Id: I20953de7ba0619324a389e0b7bbf951b64057db8
Sandrine Bailleux [Wed, 18 Nov 2015 11:10:30 +0000 (11:10 +0000)]
Juno: Rework platform reset handler
This patch splits the Juno reset handler in 4 distinct pieces:
- Detection of the board revision;
- Juno R0 specific handler;
- Juno R1 specific handler;
- Juno R2 specific handler.
Depending on the board revision, the appropriate handler is called.
This makes the code easier to understand and maintain.
This patch is mainly cosmetic. The only functional change introduced
is that the Juno platform reset handler will now spin infinitely if
the board revision is not recognised. Previously, it would have
assumed that it was running on Juno R1 in this case.
Change-Id: I54ed77c4665085ead9d1573316c9c884d7d3ffa0
Juan Castillo [Thu, 12 Nov 2015 10:59:26 +0000 (10:59 +0000)]
Fix build error when `BL32` is not defined
If an SPD wants to use a prebuilt binary as BL32 image (for example,
the OPTEE Dispatcher), it must point the `BL32` variable to the
image file. This dependency should apply only to the `fip` target.
However, it also applies to the `all` target at the moment. If the
user tries to build all individual TF images using `make all`
without setting BL32, the build fails. The following command will
throw the error:
make CROSS_COMPILE=aarch64-linux-gnu- SPD=opteed all
...
...
aarch64-linux-gnu-gcc: fatal error: no input files
compilation terminated.
make: *** [build/fvp/release/bl32/bl32.ld] Error 1
The reason is that the build system checks if BL32 is defined, and
if it is not, it will try to build BL32 from source. If the SPD
makefile does not provide support for that (as is the case of the
OPTEE Dispatcher, since OPTEE is provided as an external binary),
the build will fail.
This patch fixes the issue by checking if `BL32_SOURCES` has been
defined by the SPD before attempting to build BL32 from source.
If neither `BL32` nor `BL32_SOURCES` is defined when building the
FIP, a warning message will be printed and the process aborted.
Fixes ARM-software/tf-issues#333
Change-Id: I5e801ad333103ed9b042e5c4757424c8df2ff6e4
Vikram Kanigiri [Wed, 22 Jul 2015 10:53:52 +0000 (11:53 +0100)]
Add missing RES1 bit in SCTLR_EL1
As per Section D7.2.81 in the ARMv8-A Reference Manual (DDI0487A Issue A.h),
bits[29:28], bits[23:22], bit[20] and bit[11] in the SCTLR_EL1 are RES1. This
patch adds the missing bit[20] to the SCTLR_EL1_RES1 macro.
Change-Id: I827982fa2856d04def6b22d8200a79fe6922a28e
Juan Castillo [Fri, 6 Nov 2015 10:01:37 +0000 (10:01 +0000)]
Add NULL pointer check before reading BL32 entry point information
BL2 is responsible for loading BL32 and passing a pointer to the
BL32 entrypoint info to BL31 in the BL31 parameters. If no BL32
image is loaded, a NULL pointer is passed. The platform is
responsible for accessing BL31 parameters and extracting the
corresponding BL32 EP info.
In ARM platforms, arm_bl31_early_platform_setup() dereferences the
pointer to the BL32 EP info without checking first if the pointer
is NULL. This will cause an exception if a BL32 entrypoint has not
been populated by BL2. FVP and Juno are not affected because they
always define BL32_BASE, irrespective of whether a BL32 image is
included in the FIP or not.
This patches fixes the issue by checking the BL32 ep_info pointer
before trying to access the data.
If `RESET_TO_BL31` is enabled, the BL32 entrypoint is not
populated if BL32_BASE is not defined.
NOTE: Maintainers of partner platforms should check for this issue
in their ports.
Fixes ARM-software/tf-issues#320
Change-Id: I31456155503f2765766e8b7cd30ab4a40958fb96
Achin Gupta [Wed, 11 Nov 2015 21:48:03 +0000 (21:48 +0000)]
Merge pull request #427 from jcastillo-arm/jc/tf-issues/294
Add -mstrict-align to the gcc options
Achin Gupta [Wed, 11 Nov 2015 21:46:19 +0000 (21:46 +0000)]
Merge pull request #428 from vwadekar/per-soc-system-reset-v2
Tegra: introduce per-soc system reset handler
Varun Wadekar [Tue, 10 Nov 2015 01:39:28 +0000 (17:39 -0800)]
Tegra: introduce per-soc system reset handler
This patch adds a per-soc system reset handler for Tegra chips. The
handler gets executed before the actual system resets. This allows
for custom handling of the system reset sequence on each SoC.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Achin Gupta [Tue, 10 Nov 2015 13:46:00 +0000 (13:46 +0000)]
Merge pull request #424 from jcastillo-arm/jc/tf-issues/327
IMF: postpone SCR_EL3 update if context is not initialized
Juan Castillo [Fri, 6 Nov 2015 12:43:56 +0000 (12:43 +0000)]
Add -mstrict-align to the gcc options
ARMv8 architecture allows unaligned memory accesses. However,
Trusted Firmware disables such feature by setting the SCTLR_A_BIT
and SCTLR_SA_BIT in the SCTLR_EL3 register (it enables alignment
checks).
This patch adds -mstrict-align to the gcc build options. Although
there are not explicit unaligned memory accesses in Trusted Firmware,
this flag will tell the compiler not to use them.
Fixes ARM-software/tf-issues#294
Change-Id: I69748c6cf28504be9ca3dc975a331d14459c9ef1
Achin Gupta [Mon, 9 Nov 2015 13:06:44 +0000 (13:06 +0000)]
Merge pull request #425 from achingupta/ag/tf-issues#332
Re-introduce evaluation of ENABLE_PLAT_COMPAT build flag
Achin Gupta [Sat, 7 Nov 2015 16:19:23 +0000 (16:19 +0000)]
Re-introduce evaluation of ENABLE_PLAT_COMPAT build flag
Commit #
73c99d4eb377e0e25f7951be53087bf92e7b4b18 had refactored the top level
Makefile. This commit also broke platform ports that still rely on an enabled
ENABLE_PLAT_COMPAT build option since the evaluation of this option was also
accidentally removed from the Makefile.
This patch fixes this break by re-introducing the necessary support to ensure
that this build option is enabled by default if a platform port does not disable
it explicitly.
Fixes ARM-software/tf-issues#332
Change-Id: I2217595d2e0bccae7de98cc6c0ea448b5bf3dae2
Juan Castillo [Fri, 30 Oct 2015 14:53:24 +0000 (14:53 +0000)]
IMF: postpone SCR_EL3 update if context is not initialized
The set_routing_model() function in the Interrupt Management
Framework calls the context management library to update the
SCR_EL3 register. This context management library assumes that
the context has been previously initialized. Consequently, if
a Secure Payload Dispatcher (SPD) tries to set the routing model
before initializing the context, the system will fail (in debug
mode, an assertion will be raised).
This patch fixes the issue by checking if the context has been
initialized before updating SCR_EL3. If a valid context is not
available, SCR_EL3 update will be done when the SPD calls the
context initialization function. This function will call
get_scr_el3_from_routing_model() to obtain the SCR_EL3 value.
If the SPD does not call the context initialization function
then it is SPD's responsibility to obtain SCR_EL3 from the IMF
and update the context accordingly.
Fixes ARM-software/tf-issues#327
Change-Id: Ic2f1c6e899e578a8db858ec43747c63a8539c16f
Achin Gupta [Wed, 4 Nov 2015 22:32:50 +0000 (22:32 +0000)]
Merge pull request #423 from jcastillo-arm/jc/genfw/1211
Remove deprecated IO return definitions
Achin Gupta [Wed, 4 Nov 2015 17:27:16 +0000 (17:27 +0000)]
Merge pull request #421 from sandrine-bailleux/sb/improve-display_boot_progress
Improve images transitions debugging messages
Achin Gupta [Wed, 4 Nov 2015 17:18:16 +0000 (17:18 +0000)]
Merge pull request #422 from achingupta/bj/juno_r2_support
Add Cortex-A72 support for Juno R2
Brendan Jackman [Fri, 30 Oct 2015 16:25:12 +0000 (16:25 +0000)]
Add A72 support for Juno R2
Cortex-A72 library support is now compiled into the Juno platform port to go
with the existing A53/A57 support. This enables a single set of Juno TF
binaries to run on Juno R0, R1 and R2 boards.
Change-Id: I4a601dc4f671e98bdb19d98bbb66f02f0d8b7fc7
Juan Castillo [Mon, 2 Nov 2015 10:47:01 +0000 (10:47 +0000)]
Remove deprecated IO return definitions
Patch
7e26fe1f deprecates IO specific return definitions in favour
of standard errno codes. This patch removes those definitions
and its usage from the IO framework, IO drivers and IO platform
layer. Following this patch, standard errno codes must be used
when checking the return value of an IO function.
Change-Id: Id6e0e9d0a7daf15a81ec598cf74de83d5768650f
Sandrine Bailleux [Tue, 27 Oct 2015 15:52:33 +0000 (15:52 +0000)]
Improve display_boot_progress() function
- Remove out-dated information about the use of printf() in the
function comment.
- Make the argument const, as the function doesn't need to modify it.
- Rename the function into bl1_print_bl31_ep_info() to make its
purpose clearer.
Change-Id: I2a9d215a37f0ec11aefce0c5c9e050473b7a6b25
Sandrine Bailleux [Mon, 28 Sep 2015 16:03:06 +0000 (17:03 +0100)]
Introduce print_entry_point_info() function
This patch introduces a new function called 'print_entry_point_info'
that prints an entry_point_t structure for debugging purposes.
As such, it can be used to display the entry point address, SPSR and
arguments passed from a firmware image to the next one.
This function is now called in the following images transitions:
- BL1 to BL2
- BL1 to BL31
- BL31 to the next image (typically BL32 or BL33)
The following changes have been introduced:
- Fix the output format of the SPSR value : SPSR is a 32-bit value,
not a 64-bit one.
- Print all arguments values.
The entry_point_info_t structure allows to pass up to 8 arguments.
In most cases, only the first 2 arguments were printed.
print_entry_point_info() now prints all of them as 'VERBOSE'
traces.
Change-Id: Ieb384bffaa7849e6cb95a01a47c0b7fc2308653a
danh-arm [Fri, 30 Oct 2015 16:57:32 +0000 (16:57 +0000)]
Merge pull request #418 from soby-mathew/sm/sys_suspend
Support SYSTEM SUSPEND on Juno
danh-arm [Fri, 30 Oct 2015 16:56:25 +0000 (16:56 +0000)]
Merge pull request #419 from soby-mathew/sm/tf-issues#318
Include xlat_tables.h in plat_arm.h
Soby Mathew [Tue, 27 Oct 2015 10:31:35 +0000 (10:31 +0000)]
Include xlat_tables.h in plat_arm.h
This patch fixes a compilation issue for platforms that are aligned to ARM
Standard platforms and include the `plat_arm.h` header in their platform port.
The compilation would fail for such a platform because `xlat_tables.h` which
has the definition for `mmap_region_t` is not included in `plat_arm.h`. This
patch fixes this by including `xlat_tables.h` in `plat_arm.h` header.
Fixes ARM-Software/tf-issues#318
Change-Id: I75f990cfb4078b3996fc353c8cd37c9de61d555e
Soby Mathew [Tue, 13 Oct 2015 10:39:21 +0000 (11:39 +0100)]
Doc: Add instructions to test SYSTEM SUSPEND
This patch adds instructions to the user-guide.md to test SYSTEM SUSPEND
on Juno.
Change-Id: Icd01d10e1c1fb14b0db880d0ff134e505f097d2b
Soby Mathew [Mon, 12 Oct 2015 16:32:29 +0000 (17:32 +0100)]
Support PSCI SYSTEM SUSPEND on Juno
This patch adds the capability to power down at system power domain level
on Juno via the PSCI SYSTEM SUSPEND API. The CSS power management helpers
are modified to add support for power management operations at system
power domain level. A new helper for populating `get_sys_suspend_power_state`
handler in plat_psci_ops is defined. On entering the system suspend state,
the SCP powers down the SYSTOP power domain on the SoC and puts the memory
into retention mode. On wakeup from the power down, the system components
on the CSS will be reinitialized by the platform layer and the PSCI client
is responsible for restoring the context of these system components.
According to PSCI Specification, interrupts targeted to cores in PSCI CPU
SUSPEND should be able to resume it. On Juno, when the system power domain
is suspended, the GIC is also powered down. The SCP resumes the final core
to be suspend when an external wake-up event is received. But the other
cores cannot be woken up by a targeted interrupt, because GIC doesn't
forward these interrupts to the SCP. Due to this hardware limitation,
we down-grade PSCI CPU SUSPEND requests targeted to the system power domain
level to cluster power domain level in `juno_validate_power_state()`
and the CSS default `plat_arm_psci_ops` is overridden in juno_pm.c.
A system power domain resume helper `arm_system_pwr_domain_resume()` is
defined for ARM standard platforms which resumes/re-initializes the
system components on wakeup from system suspend. The security setup also
needs to be done on resume from system suspend, which means
`plat_arm_security_setup()` must now be included in the BL3-1 image in
addition to previous BL images if system suspend need to be supported.
Change-Id: Ie293f75f09bad24223af47ab6c6e1268f77bcc47
Soby Mathew [Fri, 8 May 2015 09:18:59 +0000 (10:18 +0100)]
CSS: Implement topology support for System power domain
This patch implements the necessary topology changes for supporting
system power domain on CSS platforms. The definition of PLAT_MAX_PWR_LVL and
PLAT_NUM_PWR_DOMAINS macros are removed from arm_def.h and are made platform
specific. In addition, the `arm_power_domain_tree_desc[]` and
`arm_pm_idle_states[]` are modified to support the system power domain
at level 2. With this patch, even though the power management operations
involving the system power domain will not return any error, the platform
layer will silently ignore any operations to the power domain. The actual
power management support for the system power domain will be added later.
Change-Id: I791867eded5156754fe898f9cdc6bba361e5a379
danh-arm [Wed, 28 Oct 2015 09:54:44 +0000 (09:54 +0000)]
Merge pull request #415 from jcastillo-arm/jc/plat_err_handler
Add optional platform error handler API
danh-arm [Wed, 28 Oct 2015 09:50:21 +0000 (09:50 +0000)]
Merge pull request #416 from davwan01/dw/css-common
Allow CSS to redefine function `plat_arm_calc_core_pos`
Juan Castillo [Fri, 25 Sep 2015 14:41:14 +0000 (15:41 +0100)]
Add optional platform error handler API
This patch adds an optional API to the platform port:
void plat_error_handler(int err) __dead2;
The platform error handler is called when there is a specific error
condition after which Trusted Firmware cannot continue. While panic()
simply prints the crash report (if enabled) and spins, the platform
error handler can be used to hand control over to the platform port
so it can perform specific bookeeping or post-error actions (for
example, reset the system). This function must not return.
The parameter indicates the type of error using standard codes from
errno.h. Possible errors reported by the generic code are:
-EAUTH : a certificate or image could not be authenticated
(when Trusted Board Boot is enabled)
-ENOENT : the requested image or certificate could not be found
or an IO error was detected
-ENOMEM : resources exhausted. Trusted Firmware does not use
dynamic memory, so this error is usually an indication
of an incorrect array size
A default weak implementation of this function has been provided.
It simply implements an infinite loop.
Change-Id: Iffaf9eee82d037da6caa43b3aed51df555e597a3
danh-arm [Tue, 27 Oct 2015 17:08:22 +0000 (17:08 +0000)]
Merge pull request #417 from jcastillo-arm/jc/makefile_2
Makefile rework and bug fix #2
Juan Castillo [Thu, 22 Oct 2015 10:34:44 +0000 (11:34 +0100)]
Make: fix dependency files generation
Currently, if no make goal is specified in the command line, 'all'
is assumed by default, but the dependency files are not generated.
This might lead to a successful but inconsistent build. This patch
provides a fix to the problem.
Change-Id: I0148719e114dbdbe46f8a57c7d05da7cbc212c92
Juan Castillo [Tue, 18 Aug 2015 13:23:04 +0000 (14:23 +0100)]
Rework Makefile
This patch is a complete rework of the main Makefile. Functionality
remains the same but the code has been reorganized in sections in
order to improve readability and facilitate adding future extensions.
A new file 'build_macros.mk' has been created and will contain common
definitions (variables, macros, etc) that may be used from the main
Makefile and other platform specific makefiles.
A new macro 'FIP_ADD_IMG' has been introduced and it will allow the
platform to specify binary images and the necessary checks for a
successful build. Platforms that require a BL30 image no longer need
to specify the NEED_BL30 option. The main Makefile is now completely
unaware of additional images not built as part of Trusted Firmware,
like BL30. It is the platform responsibility to specify images using
the macro 'FIP_ADD_IMG'. Juno uses this macro to include the BL30
image in the build.
BL33 image is specified in the main Makefile to preserve backward
compatibility with the NEED_BL33 option. Otherwise, platform ports
that rely on the definition of NEED_BL33 might break.
All Trusted Board Boot related definitions have been moved to a
separate file 'tbbr_tools.mk'. The main Makefile will include this
file unless the platform indicates otherwise by setting the variable
'INCLUDE_TBBR_MK := 0' in the corresponding platform.mk file. This
will keep backward compatibility but ideally each platform should
include the corresponding TBB .mk file in platform.mk.
Change-Id: I35e7bc9930d38132412e950e20aa2a01e2b26801
David Wang [Thu, 22 Oct 2015 05:30:50 +0000 (13:30 +0800)]
Allow CSS to redefine function `plat_arm_calc_core_pos`
Currently all ARM CSS platforms which include css_helpers.S use the same
strong definition of `plat_arm_calc_core_pos`. This patch allows these CSS
platforms to define their own strong definition of this function.
* Replace the strong definition of `plat_arm_calc_core_pos` in
css_helpers.S with a utility function `css_calc_core_pos_swap_cluster`
does the same thing (swaps cluster IDs). ARM CSS platforms may choose
to use this function or not.
* Add a Juno strong definition of `plat_arm_calc_core_pos`, which uses
`css_calc_core_pos_swap_cluster`.
Change-Id: Ib5385ed10e44adf6cd1398a93c25973eb3506d9d
danh-arm [Mon, 26 Oct 2015 11:10:13 +0000 (11:10 +0000)]
Merge pull request #413 from jcastillo-arm/jc/tbb_cert_opt
Certificate create tool flexibility improvements
danh-arm [Mon, 26 Oct 2015 11:02:40 +0000 (11:02 +0000)]
Merge pull request #414 from jcastillo-arm/jc/io_ret_values
Use standard error code definitions
Juan Castillo [Thu, 1 Oct 2015 17:37:40 +0000 (18:37 +0100)]
Use standard errno definitions in load_auth_image()
This patch replaces custom definitions used as return values for
the load_auth_image() function with standard error codes defined
in errno.h. The custom definitions have been removed.
It also replaces the usage of IO framework error custom definitions,
which have been deprecated. Standard errno definitions are used
instead.
Change-Id: I1228477346d3876151c05b470d9669c37fd231be
Juan Castillo [Thu, 1 Oct 2015 16:55:11 +0000 (17:55 +0100)]
IO Framework: use standard errno codes as return values
This patch redefines the values of IO_FAIL, IO_NOT_SUPPORTED and
IO_RESOURCES_EXHAUSTED to match the corresponding definitions in
errno.h:
#define IO_FAIL (-ENOENT)
#define IO_NOT_SUPPORTED (-ENODEV)
#define IO_RESOURCES_EXHAUSTED (-ENOMEM)
NOTE: please note that the IO_FAIL, IO_NOT_SUPPORTED and
IO_RESOURCES_EXHAUSTED definitions are considered deprecated
and their usage should be avoided. Callers should rely on errno.h
definitions when checking the return values of IO functions.
Change-Id: Ic8491aa43384b6ee44951ebfc053a3ded16a80be
Juan Castillo [Fri, 3 Jul 2015 15:23:16 +0000 (16:23 +0100)]
cert_create: specify command line options in the CoT
This patch introduces a new API that allows to specify command
line options in the Chain of Trust description. These command line
options may be used to specify parameters related to the CoT (i.e.
keys or certificates), instead of keeping a hardcoded list of
options in main.c.
Change-Id: I282b0b01cb9add557b26bddc238a28253ce05e44
Juan Castillo [Wed, 8 Jul 2015 11:11:38 +0000 (12:11 +0100)]
cert_create: improve command line argument check
The certificate generation tool currently checks if all command
line options required to create all certificates in the CoT have
been specified. This prevents using the tool to create individual
certificates when the whole CoT is not required.
This patch improves the checking function so only those options
required by the certificates specified in the command line are
verified.
Change-Id: I2c426a8e2e2dec85b15f2d98fd4ba949c1aed385
projects / project / bcm63xx / atf.git / log