github
/
arm-trusted-firmware
mirror of https://github.com/ARM-software/arm-trusted-firmware.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6646 Commits
5 Branches
114 Tags
55 MiB
Tree: d6b44b10e9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd6b44b10e9'
${ noResults }
arm-trusted-firmware/bl2/bl2.ld.S

165 lines
4.4 KiB
Raw Normal View History

ARMv8 Trusted Firmware release v0.2
11 years ago
/*
Reduce space lost to object alignment Currently, sections within .text/.rodata/.data/.bss are emitted in the order they are seen by the linker. This leads to wasted space, when a section with a larger alignment follows one with a smaller alignment. We can avoid this wasted space by sorting the sections. To take full advantage of this, we must disable generation of common symbols, so "common" data can be sorted along with the rest of .bss. An example of the improvement, from `make DEBUG=1 PLAT=sun50i_a64 bl31`: .text => no change .rodata => 16 bytes saved .data => 11 bytes saved .bss => 576 bytes saved As a side effect, the addition of `-fno-common` in TF_CFLAGS makes it easier to spot bugs in header files. Signed-off-by: Samuel Holland <samuel@sholland.org> Change-Id: I073630a9b0b84e7302a7a500d4bb4b547be01d51
5 years ago
* Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
ARMv8 Trusted Firmware release v0.2
11 years ago
*
Use SPDX license identifiers To make software license auditing simpler, use SPDX[0] license identifiers instead of duplicating the license text in every file. NOTE: Files that have been imported by FreeBSD have not been modified. [0]: https://spdx.org/ Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
8 years ago
* SPDX-License-Identifier: BSD-3-Clause
ARMv8 Trusted Firmware release v0.2
11 years ago
*/
Split platform.h into separate headers Previously, platform.h contained many declarations and definitions used for different purposes. This file has been split so that: * Platform definitions used by common code that must be defined by the platform are now in platform_def.h. The exact include path is exported through $PLAT_INCLUDES in the platform makefile. * Platform definitions specific to the FVP platform are now in /plat/fvp/fvp_def.h. * Platform API declarations specific to the FVP platform are now in /plat/fvp/fvp_private.h. * The remaining platform API declarations that must be ported by each platform are still in platform.h but this file has been moved to /include/plat/common since this can be shared by all platforms. Change-Id: Ieb3bb22fbab3ee8027413c6b39a783534aee474a
11 years ago
#include <platform_def.h>
Sanitise includes across codebase Enforce full include path for includes. Deprecate old paths. The following folders inside include/lib have been left unchanged: - include/lib/cpus/${ARCH} - include/lib/el3_runtime/${ARCH} The reason for this change is that having a global namespace for includes isn&#39;t a good idea. It defeats one of the advantages of having folders and it introduces problems that are sometimes subtle (because you may not know the header you are actually including if there are two of them). For example, this patch had to be created because two headers were called the same way: e0ea0928d5b7 (&#34;Fix gpio includes of mt8173 platform to avoid collision.&#34;). More recently, this patch has had similar problems: 46f9b2c3a282 (&#34;drivers: add tzc380 support&#34;). This problem was introduced in commit 4ecca33988b9 (&#34;Move include and source files to logical locations&#34;). At that time, there weren&#39;t too many headers so it wasn&#39;t a real issue. However, time has shown that this creates problems. Platforms that want to preserve the way they include headers may add the removed paths to PLAT_INCLUDES, but this is discouraged. Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f Signed-off-by: Antonio Nino Diaz &lt;antonio.ninodiaz@arm.com&gt;
6 years ago
#include <lib/xlat_tables/xlat_tables_defs.h>
ARMv8 Trusted Firmware release v0.2
11 years ago
OUTPUT_FORMAT(PLATFORM_LINKER_FORMAT)
OUTPUT_ARCH(PLATFORM_LINKER_ARCH)
Specify image entry in linker script At present, the entry point for each BL image is specified via the Makefiles and provided on the command line to the linker. When using a link script the entry point should rather be specified via the ENTRY() directive in the link script. This patch updates linker scripts of all BL images to specify the entry point using the ENTRY() directive. It also removes the --entry flag passed to the linker through Makefile. Fixes issue ARM-software/tf-issues#66 Change-Id: I1369493ebbacea31885b51185441f6b628cf8da0
11 years ago
ENTRY(bl2_entrypoint)
ARMv8 Trusted Firmware release v0.2
11 years ago
MEMORY {
Fix LENGTH attribute value in linker scripts This patch fixes the incorrect value of the LENGTH attribute in the linker scripts. This attribute must define the memory size, not the limit address. Fixes ARM-software/tf-issues#252 Change-Id: I328c38b9ec502debe12046a8912d7dfc54610c46
10 years ago
RAM (rwx): ORIGIN = BL2_BASE, LENGTH = BL2_LIMIT - BL2_BASE
ARMv8 Trusted Firmware release v0.2
11 years ago
}
SECTIONS
{
. = BL2_BASE;
Replace magic numbers in linkerscripts by PAGE_SIZE When defining different sections in linker scripts it is needed to align them to multiples of the page size. In most linker scripts this is done by aligning to the hardcoded value 4096 instead of PAGE_SIZE. This may be confusing when taking a look at all the codebase, as 4096 is used in some parts that aren&#39;t meant to be a multiple of the page size. Change-Id: I36c6f461c7782437a58d13d37ec8b822a1663ec1 Signed-off-by: Antonio Nino Diaz &lt;antonio.ninodiaz@arm.com&gt;
7 years ago
ASSERT(. == ALIGN(PAGE_SIZE),
Various improvements/cleanups on the linker scripts - Check at link-time that bootloader images will fit in memory at run time and that they won&#39;t overlap each other. - Remove text and rodata orphan sections. - Define new linker symbols to remove the need for platform setup code to know the order of sections. - Reduce the size of the raw binary images by cutting some sections out of the disk image and allocating them at load time, whenever possible. - Rework alignment constraints on sections. - Remove unused linker symbols. - Homogenize linker symbols names across all BLs. - Add some comments in the linker scripts. Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
11 years ago
"BL2_BASE address is not aligned on a page boundary.")
ARMv8 Trusted Firmware release v0.2
11 years ago
Introduce SEPARATE_CODE_AND_RODATA build flag At the moment, all BL images share a similar memory layout: they start with their code section, followed by their read-only data section. The two sections are contiguous in memory. Therefore, the end of the code section and the beginning of the read-only data one might share a memory page. This forces both to be mapped with the same memory attributes. As the code needs to be executable, this means that the read-only data stored on the same memory page as the code are executable as well. This could potentially be exploited as part of a security attack. This patch introduces a new build flag called SEPARATE_CODE_AND_RODATA, which isolates the code and read-only data on separate memory pages. This in turn allows independent control of the access permissions for the code and read-only data. This has an impact on memory footprint, as padding bytes need to be introduced between the code and read-only data to ensure the segragation of the two. To limit the memory cost, the memory layout of the read-only section has been changed in this case. - When SEPARATE_CODE_AND_RODATA=0, the layout is unchanged, i.e. the read-only section still looks like this (padding omitted): | ... | +-------------------+ | Exception vectors | +-------------------+ | Read-only data | +-------------------+ | Code | +-------------------+ BLx_BASE In this case, the linker script provides the limits of the whole read-only section. - When SEPARATE_CODE_AND_RODATA=1, the exception vectors and read-only data are swapped, such that the code and exception vectors are contiguous, followed by the read-only data. This gives the following new layout (padding omitted): | ... | +-------------------+ | Read-only data | +-------------------+ | Exception vectors | +-------------------+ | Code | +-------------------+ BLx_BASE In this case, the linker script now exports 2 sets of addresses instead: the limits of the code and the limits of the read-only data. Refer to the Firmware Design guide for more details. This provides platform code with a finer-grained view of the image layout and allows it to map these 2 regions with the appropriate access permissions. Note that SEPARATE_CODE_AND_RODATA applies to all BL images. Change-Id: I936cf80164f6b66b6ad52b8edacadc532c935a49
8 years ago
#if SEPARATE_CODE_AND_RODATA
.text . : {
__TEXT_START__ = .;
*bl2_entrypoint.o(.text*)
Reduce space lost to object alignment Currently, sections within .text/.rodata/.data/.bss are emitted in the order they are seen by the linker. This leads to wasted space, when a section with a larger alignment follows one with a smaller alignment. We can avoid this wasted space by sorting the sections. To take full advantage of this, we must disable generation of common symbols, so &#34;common&#34; data can be sorted along with the rest of .bss. An example of the improvement, from `make DEBUG=1 PLAT=sun50i_a64 bl31`: .text =&gt; no change .rodata =&gt; 16 bytes saved .data =&gt; 11 bytes saved .bss =&gt; 576 bytes saved As a side effect, the addition of `-fno-common` in TF_CFLAGS makes it easier to spot bugs in header files. Signed-off-by: Samuel Holland &lt;samuel@sholland.org&gt; Change-Id: I073630a9b0b84e7302a7a500d4bb4b547be01d51
5 years ago
*(SORT_BY_ALIGNMENT(.text*))
Introduce SEPARATE_CODE_AND_RODATA build flag At the moment, all BL images share a similar memory layout: they start with their code section, followed by their read-only data section. The two sections are contiguous in memory. Therefore, the end of the code section and the beginning of the read-only data one might share a memory page. This forces both to be mapped with the same memory attributes. As the code needs to be executable, this means that the read-only data stored on the same memory page as the code are executable as well. This could potentially be exploited as part of a security attack. This patch introduces a new build flag called SEPARATE_CODE_AND_RODATA, which isolates the code and read-only data on separate memory pages. This in turn allows independent control of the access permissions for the code and read-only data. This has an impact on memory footprint, as padding bytes need to be introduced between the code and read-only data to ensure the segragation of the two. To limit the memory cost, the memory layout of the read-only section has been changed in this case. - When SEPARATE_CODE_AND_RODATA=0, the layout is unchanged, i.e. the read-only section still looks like this (padding omitted): | ... | +-------------------+ | Exception vectors | +-------------------+ | Read-only data | +-------------------+ | Code | +-------------------+ BLx_BASE In this case, the linker script provides the limits of the whole read-only section. - When SEPARATE_CODE_AND_RODATA=1, the exception vectors and read-only data are swapped, such that the code and exception vectors are contiguous, followed by the read-only data. This gives the following new layout (padding omitted): | ... | +-------------------+ | Read-only data | +-------------------+ | Exception vectors | +-------------------+ | Code | +-------------------+ BLx_BASE In this case, the linker script now exports 2 sets of addresses instead: the limits of the code and the limits of the read-only data. Refer to the Firmware Design guide for more details. This provides platform code with a finer-grained view of the image layout and allows it to map these 2 regions with the appropriate access permissions. Note that SEPARATE_CODE_AND_RODATA applies to all BL images. Change-Id: I936cf80164f6b66b6ad52b8edacadc532c935a49
8 years ago
*(.vectors)
Use ALIGN instead of NEXT in linker scripts Clang linker doesn&#39;t support NEXT. As we are not using the MEMORY command to define discontinuous memory for the output file in any of the linker scripts, ALIGN and NEXT are equivalent. Change-Id: I867ffb9c9a76d4e81c9ca7998280b2edf10efea0 Signed-off-by: Roberto Vargas &lt;roberto.vargas@arm.com&gt;
7 years ago
. = ALIGN(PAGE_SIZE);
Introduce SEPARATE_CODE_AND_RODATA build flag At the moment, all BL images share a similar memory layout: they start with their code section, followed by their read-only data section. The two sections are contiguous in memory. Therefore, the end of the code section and the beginning of the read-only data one might share a memory page. This forces both to be mapped with the same memory attributes. As the code needs to be executable, this means that the read-only data stored on the same memory page as the code are executable as well. This could potentially be exploited as part of a security attack. This patch introduces a new build flag called SEPARATE_CODE_AND_RODATA, which isolates the code and read-only data on separate memory pages. This in turn allows independent control of the access permissions for the code and read-only data. This has an impact on memory footprint, as padding bytes need to be introduced between the code and read-only data to ensure the segragation of the two. To limit the memory cost, the memory layout of the read-only section has been changed in this case. - When SEPARATE_CODE_AND_RODATA=0, the layout is unchanged, i.e. the read-only section still looks like this (padding omitted): | ... | +-------------------+ | Exception vectors | +-------------------+ | Read-only data | +-------------------+ | Code | +-------------------+ BLx_BASE In this case, the linker script provides the limits of the whole read-only section. - When SEPARATE_CODE_AND_RODATA=1, the exception vectors and read-only data are swapped, such that the code and exception vectors are contiguous, followed by the read-only data. This gives the following new layout (padding omitted): | ... | +-------------------+ | Read-only data | +-------------------+ | Exception vectors | +-------------------+ | Code | +-------------------+ BLx_BASE In this case, the linker script now exports 2 sets of addresses instead: the limits of the code and the limits of the read-only data. Refer to the Firmware Design guide for more details. This provides platform code with a finer-grained view of the image layout and allows it to map these 2 regions with the appropriate access permissions. Note that SEPARATE_CODE_AND_RODATA applies to all BL images. Change-Id: I936cf80164f6b66b6ad52b8edacadc532c935a49
8 years ago
__TEXT_END__ = .;
} >RAM
Add .extab and .exidx sections These sections are required by clang when the code is compiled for aarch32. These sections are related to the unwind of the stack in exceptions, but in the way that clang defines and uses them, the garbage collector cannot get rid of them. Change-Id: I085efc0cf77eae961d522472f72c4b5bad2237ab Signed-off-by: Roberto Vargas &lt;roberto.vargas@arm.com&gt;
7 years ago
/* .ARM.extab and .ARM.exidx are only added because Clang need them */
.ARM.extab . : {
*(.ARM.extab* .gnu.linkonce.armextab.*)
} >RAM
.ARM.exidx . : {
*(.ARM.exidx* .gnu.linkonce.armexidx.*)
} >RAM
Introduce SEPARATE_CODE_AND_RODATA build flag At the moment, all BL images share a similar memory layout: they start with their code section, followed by their read-only data section. The two sections are contiguous in memory. Therefore, the end of the code section and the beginning of the read-only data one might share a memory page. This forces both to be mapped with the same memory attributes. As the code needs to be executable, this means that the read-only data stored on the same memory page as the code are executable as well. This could potentially be exploited as part of a security attack. This patch introduces a new build flag called SEPARATE_CODE_AND_RODATA, which isolates the code and read-only data on separate memory pages. This in turn allows independent control of the access permissions for the code and read-only data. This has an impact on memory footprint, as padding bytes need to be introduced between the code and read-only data to ensure the segragation of the two. To limit the memory cost, the memory layout of the read-only section has been changed in this case. - When SEPARATE_CODE_AND_RODATA=0, the layout is unchanged, i.e. the read-only section still looks like this (padding omitted): | ... | +-------------------+ | Exception vectors | +-------------------+ | Read-only data | +-------------------+ | Code | +-------------------+ BLx_BASE In this case, the linker script provides the limits of the whole read-only section. - When SEPARATE_CODE_AND_RODATA=1, the exception vectors and read-only data are swapped, such that the code and exception vectors are contiguous, followed by the read-only data. This gives the following new layout (padding omitted): | ... | +-------------------+ | Read-only data | +-------------------+ | Exception vectors | +-------------------+ | Code | +-------------------+ BLx_BASE In this case, the linker script now exports 2 sets of addresses instead: the limits of the code and the limits of the read-only data. Refer to the Firmware Design guide for more details. This provides platform code with a finer-grained view of the image layout and allows it to map these 2 regions with the appropriate access permissions. Note that SEPARATE_CODE_AND_RODATA applies to all BL images. Change-Id: I936cf80164f6b66b6ad52b8edacadc532c935a49
8 years ago
.rodata . : {
__RODATA_START__ = .;
Reduce space lost to object alignment Currently, sections within .text/.rodata/.data/.bss are emitted in the order they are seen by the linker. This leads to wasted space, when a section with a larger alignment follows one with a smaller alignment. We can avoid this wasted space by sorting the sections. To take full advantage of this, we must disable generation of common symbols, so &#34;common&#34; data can be sorted along with the rest of .bss. An example of the improvement, from `make DEBUG=1 PLAT=sun50i_a64 bl31`: .text =&gt; no change .rodata =&gt; 16 bytes saved .data =&gt; 11 bytes saved .bss =&gt; 576 bytes saved As a side effect, the addition of `-fno-common` in TF_CFLAGS makes it easier to spot bugs in header files. Signed-off-by: Samuel Holland &lt;samuel@sholland.org&gt; Change-Id: I073630a9b0b84e7302a7a500d4bb4b547be01d51
5 years ago
*(SORT_BY_ALIGNMENT(.rodata*))
Introduce SEPARATE_CODE_AND_RODATA build flag At the moment, all BL images share a similar memory layout: they start with their code section, followed by their read-only data section. The two sections are contiguous in memory. Therefore, the end of the code section and the beginning of the read-only data one might share a memory page. This forces both to be mapped with the same memory attributes. As the code needs to be executable, this means that the read-only data stored on the same memory page as the code are executable as well. This could potentially be exploited as part of a security attack. This patch introduces a new build flag called SEPARATE_CODE_AND_RODATA, which isolates the code and read-only data on separate memory pages. This in turn allows independent control of the access permissions for the code and read-only data. This has an impact on memory footprint, as padding bytes need to be introduced between the code and read-only data to ensure the segragation of the two. To limit the memory cost, the memory layout of the read-only section has been changed in this case. - When SEPARATE_CODE_AND_RODATA=0, the layout is unchanged, i.e. the read-only section still looks like this (padding omitted): | ... | +-------------------+ | Exception vectors | +-------------------+ | Read-only data | +-------------------+ | Code | +-------------------+ BLx_BASE In this case, the linker script provides the limits of the whole read-only section. - When SEPARATE_CODE_AND_RODATA=1, the exception vectors and read-only data are swapped, such that the code and exception vectors are contiguous, followed by the read-only data. This gives the following new layout (padding omitted): | ... | +-------------------+ | Read-only data | +-------------------+ | Exception vectors | +-------------------+ | Code | +-------------------+ BLx_BASE In this case, the linker script now exports 2 sets of addresses instead: the limits of the code and the limits of the read-only data. Refer to the Firmware Design guide for more details. This provides platform code with a finer-grained view of the image layout and allows it to map these 2 regions with the appropriate access permissions. Note that SEPARATE_CODE_AND_RODATA applies to all BL images. Change-Id: I936cf80164f6b66b6ad52b8edacadc532c935a49
8 years ago
/* Ensure 8-byte alignment for descriptors and ensure inclusion */
. = ALIGN(8);
__PARSER_LIB_DESCS_START__ = .;
KEEP(*(.img_parser_lib_descs))
__PARSER_LIB_DESCS_END__ = .;
Use ALIGN instead of NEXT in linker scripts Clang linker doesn&#39;t support NEXT. As we are not using the MEMORY command to define discontinuous memory for the output file in any of the linker scripts, ALIGN and NEXT are equivalent. Change-Id: I867ffb9c9a76d4e81c9ca7998280b2edf10efea0 Signed-off-by: Roberto Vargas &lt;roberto.vargas@arm.com&gt;
7 years ago
. = ALIGN(PAGE_SIZE);
Introduce SEPARATE_CODE_AND_RODATA build flag At the moment, all BL images share a similar memory layout: they start with their code section, followed by their read-only data section. The two sections are contiguous in memory. Therefore, the end of the code section and the beginning of the read-only data one might share a memory page. This forces both to be mapped with the same memory attributes. As the code needs to be executable, this means that the read-only data stored on the same memory page as the code are executable as well. This could potentially be exploited as part of a security attack. This patch introduces a new build flag called SEPARATE_CODE_AND_RODATA, which isolates the code and read-only data on separate memory pages. This in turn allows independent control of the access permissions for the code and read-only data. This has an impact on memory footprint, as padding bytes need to be introduced between the code and read-only data to ensure the segragation of the two. To limit the memory cost, the memory layout of the read-only section has been changed in this case. - When SEPARATE_CODE_AND_RODATA=0, the layout is unchanged, i.e. the read-only section still looks like this (padding omitted): | ... | +-------------------+ | Exception vectors | +-------------------+ | Read-only data | +-------------------+ | Code | +-------------------+ BLx_BASE In this case, the linker script provides the limits of the whole read-only section. - When SEPARATE_CODE_AND_RODATA=1, the exception vectors and read-only data are swapped, such that the code and exception vectors are contiguous, followed by the read-only data. This gives the following new layout (padding omitted): | ... | +-------------------+ | Read-only data | +-------------------+ | Exception vectors | +-------------------+ | Code | +-------------------+ BLx_BASE In this case, the linker script now exports 2 sets of addresses instead: the limits of the code and the limits of the read-only data. Refer to the Firmware Design guide for more details. This provides platform code with a finer-grained view of the image layout and allows it to map these 2 regions with the appropriate access permissions. Note that SEPARATE_CODE_AND_RODATA applies to all BL images. Change-Id: I936cf80164f6b66b6ad52b8edacadc532c935a49
8 years ago
__RODATA_END__ = .;
} >RAM
#else
Various improvements/cleanups on the linker scripts - Check at link-time that bootloader images will fit in memory at run time and that they won&#39;t overlap each other. - Remove text and rodata orphan sections. - Define new linker symbols to remove the need for platform setup code to know the order of sections. - Reduce the size of the raw binary images by cutting some sections out of the disk image and allocating them at load time, whenever possible. - Rework alignment constraints on sections. - Remove unused linker symbols. - Homogenize linker symbols names across all BLs. - Add some comments in the linker scripts. Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
11 years ago
ro . : {
__RO_START__ = .;
Use --gc-sections during link All common functions are being built into all binary images, whether or not they are actually used. This change enables the use of -ffunction-sections, -fdata-sections and --gc-sections in the compiler and linker to remove unused code and data from the images. Change-Id: Ia9f78c01054ac4fa15d145af38b88a0d6fb7d409
11 years ago
*bl2_entrypoint.o(.text*)
Reduce space lost to object alignment Currently, sections within .text/.rodata/.data/.bss are emitted in the order they are seen by the linker. This leads to wasted space, when a section with a larger alignment follows one with a smaller alignment. We can avoid this wasted space by sorting the sections. To take full advantage of this, we must disable generation of common symbols, so &#34;common&#34; data can be sorted along with the rest of .bss. An example of the improvement, from `make DEBUG=1 PLAT=sun50i_a64 bl31`: .text =&gt; no change .rodata =&gt; 16 bytes saved .data =&gt; 11 bytes saved .bss =&gt; 576 bytes saved As a side effect, the addition of `-fno-common` in TF_CFLAGS makes it easier to spot bugs in header files. Signed-off-by: Samuel Holland &lt;samuel@sholland.org&gt; Change-Id: I073630a9b0b84e7302a7a500d4bb4b547be01d51
5 years ago
*(SORT_BY_ALIGNMENT(.text*))
*(SORT_BY_ALIGNMENT(.rodata*))
TBB: add authentication framework This patch adds the authentication framework that will be used as the base to implement Trusted Board Boot in the Trusted Firmware. The framework comprises the following modules: - Image Parser Module (IPM) This module is responsible for interpreting images, check their integrity and extract authentication information from them during Trusted Board Boot. The module currently supports three types of images i.e. raw binaries, X509v3 certificates and any type specific to a platform. An image parser library must be registered for each image type (the only exception is the raw image parser, which is included in the main module by default). Each parser library (if used) must export a structure in a specific linker section which contains function pointers to: 1. Initialize the library 2. Check the integrity of the image type supported by the library 3. Extract authentication information from the image - Cryptographic Module (CM) This module is responsible for verifying digital signatures and hashes. It relies on an external cryptographic library to perform the cryptographic operations. To register a cryptographic library, the library must use the REGISTER_CRYPTO_LIB macro, passing function pointers to: 1. Initialize the library 2. Verify a digital signature 3. Verify a hash Failing to register a cryptographic library will generate a build time error. - Authentication Module (AM) This module provides methods to authenticate an image, like hash comparison or digital signatures. It uses the image parser module to extract authentication parameters, the crypto module to perform cryptographic operations and the Chain of Trust to authenticate the images. The Chain of Trust (CoT) is a data structure that defines the dependencies between images and the authentication methods that must be followed to authenticate an image. The Chain of Trust, when added, must provide a header file named cot_def.h with the following definitions: - COT_MAX_VERIFIED_PARAMS Integer value indicating the maximum number of authentication parameters an image can present. This value will be used by the authentication module to allocate the memory required to load the parameters in the image descriptor. Change-Id: Ied11bd5cd410e1df8767a1df23bb720ce7e58178
10 years ago
/* Ensure 8-byte alignment for descriptors and ensure inclusion */
. = ALIGN(8);
__PARSER_LIB_DESCS_START__ = .;
KEEP(*(.img_parser_lib_descs))
__PARSER_LIB_DESCS_END__ = .;
Setup VBAR_EL3 incrementally This patch ensures that VBAR_EL3 points to the simple stack-less &#39;early_exceptions&#39; when the C runtime stack is not correctly setup to use the more complex &#39;runtime_exceptions&#39;. It is initialised to &#39;runtime_exceptions&#39; once this is done. This patch also moves all exception vectors into a &#39;.vectors&#39; section and modifies linker scripts to place all such sections together. This will minimize space wastage from alignment restrictions. Change-Id: I8c3e596ea3412c8bd582af9e8d622bb1cb2e049d
11 years ago
*(.vectors)
Various improvements/cleanups on the linker scripts - Check at link-time that bootloader images will fit in memory at run time and that they won&#39;t overlap each other. - Remove text and rodata orphan sections. - Define new linker symbols to remove the need for platform setup code to know the order of sections. - Reduce the size of the raw binary images by cutting some sections out of the disk image and allocating them at load time, whenever possible. - Rework alignment constraints on sections. - Remove unused linker symbols. - Homogenize linker symbols names across all BLs. - Add some comments in the linker scripts. Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
11 years ago
__RO_END_UNALIGNED__ = .;
/*
* Memory page(s) mapped to this section will be marked as
* read-only, executable. No RW data from the next section must
* creep in. Ensure the rest of the current memory page is unused.
*/
Use ALIGN instead of NEXT in linker scripts Clang linker doesn&#39;t support NEXT. As we are not using the MEMORY command to define discontinuous memory for the output file in any of the linker scripts, ALIGN and NEXT are equivalent. Change-Id: I867ffb9c9a76d4e81c9ca7998280b2edf10efea0 Signed-off-by: Roberto Vargas &lt;roberto.vargas@arm.com&gt;
7 years ago
. = ALIGN(PAGE_SIZE);
Various improvements/cleanups on the linker scripts - Check at link-time that bootloader images will fit in memory at run time and that they won&#39;t overlap each other. - Remove text and rodata orphan sections. - Define new linker symbols to remove the need for platform setup code to know the order of sections. - Reduce the size of the raw binary images by cutting some sections out of the disk image and allocating them at load time, whenever possible. - Rework alignment constraints on sections. - Remove unused linker symbols. - Homogenize linker symbols names across all BLs. - Add some comments in the linker scripts. Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
11 years ago
__RO_END__ = .;
ARMv8 Trusted Firmware release v0.2
11 years ago
} >RAM
Introduce SEPARATE_CODE_AND_RODATA build flag At the moment, all BL images share a similar memory layout: they start with their code section, followed by their read-only data section. The two sections are contiguous in memory. Therefore, the end of the code section and the beginning of the read-only data one might share a memory page. This forces both to be mapped with the same memory attributes. As the code needs to be executable, this means that the read-only data stored on the same memory page as the code are executable as well. This could potentially be exploited as part of a security attack. This patch introduces a new build flag called SEPARATE_CODE_AND_RODATA, which isolates the code and read-only data on separate memory pages. This in turn allows independent control of the access permissions for the code and read-only data. This has an impact on memory footprint, as padding bytes need to be introduced between the code and read-only data to ensure the segragation of the two. To limit the memory cost, the memory layout of the read-only section has been changed in this case. - When SEPARATE_CODE_AND_RODATA=0, the layout is unchanged, i.e. the read-only section still looks like this (padding omitted): | ... | +-------------------+ | Exception vectors | +-------------------+ | Read-only data | +-------------------+ | Code | +-------------------+ BLx_BASE In this case, the linker script provides the limits of the whole read-only section. - When SEPARATE_CODE_AND_RODATA=1, the exception vectors and read-only data are swapped, such that the code and exception vectors are contiguous, followed by the read-only data. This gives the following new layout (padding omitted): | ... | +-------------------+ | Read-only data | +-------------------+ | Exception vectors | +-------------------+ | Code | +-------------------+ BLx_BASE In this case, the linker script now exports 2 sets of addresses instead: the limits of the code and the limits of the read-only data. Refer to the Firmware Design guide for more details. This provides platform code with a finer-grained view of the image layout and allows it to map these 2 regions with the appropriate access permissions. Note that SEPARATE_CODE_AND_RODATA applies to all BL images. Change-Id: I936cf80164f6b66b6ad52b8edacadc532c935a49
8 years ago
#endif
ARMv8 Trusted Firmware release v0.2
11 years ago
Make generic code work in presence of system caches On the ARMv8 architecture, cache maintenance operations by set/way on the last level of integrated cache do not affect the system cache. This means that such a flush or clean operation could result in the data being pushed out to the system cache rather than main memory. Another CPU could access this data before it enables its data cache or MMU. Such accesses could be serviced from the main memory instead of the system cache. If the data in the sysem cache has not yet been flushed or evicted to main memory then there could be a loss of coherency. The only mechanism to guarantee that the main memory will be updated is to use cache maintenance operations to the PoC by MVA(See section D3.4.11 (System level caches) of ARMv8-A Reference Manual (Issue A.g/ARM DDI0487A.G). This patch removes the reliance of Trusted Firmware on the flush by set/way operation to ensure visibility of data in the main memory. Cache maintenance operations by MVA are now used instead. The following are the broad category of changes: 1. The RW areas of BL2/BL31/BL32 are invalidated by MVA before the C runtime is initialised. This ensures that any stale cache lines at any level of cache are removed. 2. Updates to global data in runtime firmware (BL31) by the primary CPU are made visible to secondary CPUs using a cache clean operation by MVA. 3. Cache maintenance by set/way operations are only used prior to power down. NOTE: NON-UPSTREAM TRUSTED FIRMWARE CODE SHOULD MAKE EQUIVALENT CHANGES IN ORDER TO FUNCTION CORRECTLY ON PLATFORMS WITH SUPPORT FOR SYSTEM CACHES. Fixes ARM-software/tf-issues#205 Change-Id: I64f1b398de0432813a0e0881d70f8337681f6e9a
9 years ago
/*
* Define a linker symbol to mark start of the RW memory area for this
* image.
*/
__RW_START__ = . ;
Add support for GCC stack protection Introduce new build option ENABLE_STACK_PROTECTOR. It enables compilation of all BL images with one of the GCC -fstack-protector-* options. A new platform function plat_get_stack_protector_canary() is introduced. It returns a value that is used to initialize the canary for stack corruption detection. Returning a random value will prevent an attacker from predicting the value and greatly increase the effectiveness of the protection. A message is printed at the ERROR level when a stack corruption is detected. To be effective, the global data must be stored at an address lower than the base of the stacks. Failure to do so would allow an attacker to overwrite the canary as part of an attack which would void the protection. FVP implementation of plat_get_stack_protector_canary is weak as there is no real source of entropy on the FVP. It therefore relies on a timer&#39;s value, which could be predictable. Change-Id: Icaaee96392733b721fa7c86a81d03660d3c1bc06 Signed-off-by: Douglas Raillard &lt;douglas.raillard@arm.com&gt;
8 years ago
/*
* .data must be placed at a lower address than the stacks if the stack
* protector is enabled. Alternatively, the .data.stack_protector_canary
* section can be placed independently of the main .data section.
*/
Various improvements/cleanups on the linker scripts - Check at link-time that bootloader images will fit in memory at run time and that they won&#39;t overlap each other. - Remove text and rodata orphan sections. - Define new linker symbols to remove the need for platform setup code to know the order of sections. - Reduce the size of the raw binary images by cutting some sections out of the disk image and allocating them at load time, whenever possible. - Rework alignment constraints on sections. - Remove unused linker symbols. - Homogenize linker symbols names across all BLs. - Add some comments in the linker scripts. Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
11 years ago
.data . : {
__DATA_START__ = .;
Reduce space lost to object alignment Currently, sections within .text/.rodata/.data/.bss are emitted in the order they are seen by the linker. This leads to wasted space, when a section with a larger alignment follows one with a smaller alignment. We can avoid this wasted space by sorting the sections. To take full advantage of this, we must disable generation of common symbols, so &#34;common&#34; data can be sorted along with the rest of .bss. An example of the improvement, from `make DEBUG=1 PLAT=sun50i_a64 bl31`: .text =&gt; no change .rodata =&gt; 16 bytes saved .data =&gt; 11 bytes saved .bss =&gt; 576 bytes saved As a side effect, the addition of `-fno-common` in TF_CFLAGS makes it easier to spot bugs in header files. Signed-off-by: Samuel Holland &lt;samuel@sholland.org&gt; Change-Id: I073630a9b0b84e7302a7a500d4bb4b547be01d51
5 years ago
*(SORT_BY_ALIGNMENT(.data*))
Various improvements/cleanups on the linker scripts - Check at link-time that bootloader images will fit in memory at run time and that they won&#39;t overlap each other. - Remove text and rodata orphan sections. - Define new linker symbols to remove the need for platform setup code to know the order of sections. - Reduce the size of the raw binary images by cutting some sections out of the disk image and allocating them at load time, whenever possible. - Rework alignment constraints on sections. - Remove unused linker symbols. - Homogenize linker symbols names across all BLs. - Add some comments in the linker scripts. Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
11 years ago
__DATA_END__ = .;
ARMv8 Trusted Firmware release v0.2
11 years ago
} >RAM
Various improvements/cleanups on the linker scripts - Check at link-time that bootloader images will fit in memory at run time and that they won&#39;t overlap each other. - Remove text and rodata orphan sections. - Define new linker symbols to remove the need for platform setup code to know the order of sections. - Reduce the size of the raw binary images by cutting some sections out of the disk image and allocating them at load time, whenever possible. - Rework alignment constraints on sections. - Remove unused linker symbols. - Homogenize linker symbols names across all BLs. - Add some comments in the linker scripts. Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
11 years ago
stacks (NOLOAD) : {
__STACKS_START__ = .;
*(tzfw_normal_stacks)
__STACKS_END__ = .;
ARMv8 Trusted Firmware release v0.2
11 years ago
} >RAM
Various improvements/cleanups on the linker scripts - Check at link-time that bootloader images will fit in memory at run time and that they won&#39;t overlap each other. - Remove text and rodata orphan sections. - Define new linker symbols to remove the need for platform setup code to know the order of sections. - Reduce the size of the raw binary images by cutting some sections out of the disk image and allocating them at load time, whenever possible. - Rework alignment constraints on sections. - Remove unused linker symbols. - Homogenize linker symbols names across all BLs. - Add some comments in the linker scripts. Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
11 years ago
/*
* The .bss section gets initialised to 0 at runtime.
Introduce unified API to zero memory Introduce zeromem_dczva function on AArch64 that can handle unaligned addresses and make use of DC ZVA instruction to zero a whole block at a time. This zeroing takes place directly in the cache to speed it up without doing external memory access. Remove the zeromem16 function on AArch64 and replace it with an alias to zeromem. This zeromem16 function is now deprecated. Remove the 16-bytes alignment constraint on __BSS_START__ in firmware-design.md as it is now not mandatory anymore (it used to comply with zeromem16 requirements). Change the 16-bytes alignment constraints in SP min&#39;s linker script to a 8-bytes alignment constraint as the AArch32 zeromem implementation is now more efficient on 8-bytes aligned addresses. Introduce zero_normalmem and zeromem helpers in platform agnostic header that are implemented this way: * AArch32: * zero_normalmem: zero using usual data access * zeromem: alias for zero_normalmem * AArch64: * zero_normalmem: zero normal memory using DC ZVA instruction (needs MMU enabled) * zeromem: zero using usual data access Usage guidelines: in most cases, zero_normalmem should be preferred. There are 2 scenarios where zeromem (or memset) must be used instead: * Code that must run with MMU disabled (which means all memory is considered device memory for data accesses). * Code that fills device memory with null bytes. Optionally, the following rule can be applied if performance is important: * Code zeroing small areas (few bytes) that are not secrets should use memset to take advantage of compiler optimizations. Note: Code zeroing security-related critical information should use zero_normalmem/zeromem instead of memset to avoid removal by compilers&#39; optimizations in some cases or misbehaving versions of GCC. Fixes ARM-software/tf-issues#408 Change-Id: Iafd9663fc1070413c3e1904e54091cf60effaa82 Signed-off-by: Douglas Raillard &lt;douglas.raillard@arm.com&gt;
8 years ago
* Its base address should be 16-byte aligned for better performance of the
* zero-initialization code.
Various improvements/cleanups on the linker scripts - Check at link-time that bootloader images will fit in memory at run time and that they won&#39;t overlap each other. - Remove text and rodata orphan sections. - Define new linker symbols to remove the need for platform setup code to know the order of sections. - Reduce the size of the raw binary images by cutting some sections out of the disk image and allocating them at load time, whenever possible. - Rework alignment constraints on sections. - Remove unused linker symbols. - Homogenize linker symbols names across all BLs. - Add some comments in the linker scripts. Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
11 years ago
*/
.bss : ALIGN(16) {
__BSS_START__ = .;
Use --gc-sections during link All common functions are being built into all binary images, whether or not they are actually used. This change enables the use of -ffunction-sections, -fdata-sections and --gc-sections in the compiler and linker to remove unused code and data from the images. Change-Id: Ia9f78c01054ac4fa15d145af38b88a0d6fb7d409
11 years ago
*(SORT_BY_ALIGNMENT(.bss*))
ARMv8 Trusted Firmware release v0.2
11 years ago
*(COMMON)
Various improvements/cleanups on the linker scripts - Check at link-time that bootloader images will fit in memory at run time and that they won&#39;t overlap each other. - Remove text and rodata orphan sections. - Define new linker symbols to remove the need for platform setup code to know the order of sections. - Reduce the size of the raw binary images by cutting some sections out of the disk image and allocating them at load time, whenever possible. - Rework alignment constraints on sections. - Remove unused linker symbols. - Homogenize linker symbols names across all BLs. - Add some comments in the linker scripts. Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
11 years ago
__BSS_END__ = .;
ARMv8 Trusted Firmware release v0.2
11 years ago
} >RAM
Factor out translation table setup in ARM FVP port This patch factors out the ARM FVP specific code to create MMU translation tables so that it is possible for a boot loader stage to create a different set of tables instead of using the default ones. The default translation tables are created with the assumption that the calling boot loader stage executes out of secure SRAM. This might not be true for the BL3_2 stage in the future. A boot loader stage can define the `fill_xlation_tables()` function as per its requirements. It returns a reference to the level 1 translation table which is used by the common platform code to setup the TTBR_EL3. This patch is a temporary solution before a larger rework of translation table creation logic is introduced. Change-Id: I09a075d5da16822ee32a411a9dbe284718fb4ff6
11 years ago
/*
Remove duplicate xlat_table descriptions The BL31 and BL2 linker scripts ended up having duplicate descriptions for xlat_tables section. This patch removes those duplicate descriptions. Change-Id: Ibbdda0902c57fca5ea4e91e0baefa6df8f0a9bb1
11 years ago
* The xlat_table section is for full, aligned page tables (4K).
Factor out translation table setup in ARM FVP port This patch factors out the ARM FVP specific code to create MMU translation tables so that it is possible for a boot loader stage to create a different set of tables instead of using the default ones. The default translation tables are created with the assumption that the calling boot loader stage executes out of secure SRAM. This might not be true for the BL3_2 stage in the future. A boot loader stage can define the `fill_xlation_tables()` function as per its requirements. It returns a reference to the level 1 translation table which is used by the common platform code to setup the TTBR_EL3. This patch is a temporary solution before a larger rework of translation table creation logic is introduced. Change-Id: I09a075d5da16822ee32a411a9dbe284718fb4ff6
11 years ago
* Removing them from .bss avoids forcing 4K alignment on
Add comments about mismatched TCR_ELx and xlat tables When the MMU is enabled and the translation tables are mapped, data read/writes to the translation tables are made using the attributes specified in the translation tables themselves. However, the MMU performs table walks with the attributes specified in TCR_ELx. They are completely independent, so special care has to be taken to make sure that they are the same. This has to be done manually because it is not practical to have a test in the code. Such a test would need to know the virtual memory region that contains the translation tables and check that for all of the tables the attributes match the ones in TCR_ELx. As the tables may not even be mapped at all, this isn&#39;t a test that can be made generic. The flags used by enable_mmu_xxx() have been moved to the same header where the functions are. Also, some comments in the linker scripts related to the translation tables have been fixed. Change-Id: I1754768bffdae75f53561b1c4a5baf043b45a304 Signed-off-by: Antonio Nino Diaz &lt;antonio.ninodiaz@arm.com&gt;
7 years ago
* the .bss section. The tables are initialized to zero by the translation
* tables library.
Factor out translation table setup in ARM FVP port This patch factors out the ARM FVP specific code to create MMU translation tables so that it is possible for a boot loader stage to create a different set of tables instead of using the default ones. The default translation tables are created with the assumption that the calling boot loader stage executes out of secure SRAM. This might not be true for the BL3_2 stage in the future. A boot loader stage can define the `fill_xlation_tables()` function as per its requirements. It returns a reference to the level 1 translation table which is used by the common platform code to setup the TTBR_EL3. This patch is a temporary solution before a larger rework of translation table creation logic is introduced. Change-Id: I09a075d5da16822ee32a411a9dbe284718fb4ff6
11 years ago
*/
xlat_table (NOLOAD) : {
*(xlat_table)
} >RAM
Remove coherent memory from the BL memory maps This patch extends the build option `USE_COHERENT_MEMORY` to conditionally remove coherent memory from the memory maps of all boot loader stages. The patch also adds necessary documentation for coherent memory removal in firmware-design, porting and user guides. Fixes ARM-Software/tf-issues#106 Change-Id: I260e8768c6a5c2efc402f5804a80657d8ce38773
10 years ago
#if USE_COHERENT_MEM
Various improvements/cleanups on the linker scripts - Check at link-time that bootloader images will fit in memory at run time and that they won&#39;t overlap each other. - Remove text and rodata orphan sections. - Define new linker symbols to remove the need for platform setup code to know the order of sections. - Reduce the size of the raw binary images by cutting some sections out of the disk image and allocating them at load time, whenever possible. - Rework alignment constraints on sections. - Remove unused linker symbols. - Homogenize linker symbols names across all BLs. - Add some comments in the linker scripts. Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
11 years ago
/*
* The base address of the coherent memory section must be page-aligned (4K)
* to guarantee that the coherent data are stored on their own pages and
* are not mixed with normal data. This is required to set up the correct
* memory attributes for the coherent data page tables.
*/
Replace magic numbers in linkerscripts by PAGE_SIZE When defining different sections in linker scripts it is needed to align them to multiples of the page size. In most linker scripts this is done by aligning to the hardcoded value 4096 instead of PAGE_SIZE. This may be confusing when taking a look at all the codebase, as 4096 is used in some parts that aren&#39;t meant to be a multiple of the page size. Change-Id: I36c6f461c7782437a58d13d37ec8b822a1663ec1 Signed-off-by: Antonio Nino Diaz &lt;antonio.ninodiaz@arm.com&gt;
7 years ago
coherent_ram (NOLOAD) : ALIGN(PAGE_SIZE) {
Various improvements/cleanups on the linker scripts - Check at link-time that bootloader images will fit in memory at run time and that they won&#39;t overlap each other. - Remove text and rodata orphan sections. - Define new linker symbols to remove the need for platform setup code to know the order of sections. - Reduce the size of the raw binary images by cutting some sections out of the disk image and allocating them at load time, whenever possible. - Rework alignment constraints on sections. - Remove unused linker symbols. - Homogenize linker symbols names across all BLs. - Add some comments in the linker scripts. Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
11 years ago
__COHERENT_RAM_START__ = .;
*(tzfw_coherent_mem)
__COHERENT_RAM_END_UNALIGNED__ = .;
/*
* Memory page(s) mapped to this section will be marked
* as device memory. No other unexpected data must creep in.
* Ensure the rest of the current memory page is unused.
*/
Use ALIGN instead of NEXT in linker scripts Clang linker doesn&#39;t support NEXT. As we are not using the MEMORY command to define discontinuous memory for the output file in any of the linker scripts, ALIGN and NEXT are equivalent. Change-Id: I867ffb9c9a76d4e81c9ca7998280b2edf10efea0 Signed-off-by: Roberto Vargas &lt;roberto.vargas@arm.com&gt;
7 years ago
. = ALIGN(PAGE_SIZE);
Various improvements/cleanups on the linker scripts - Check at link-time that bootloader images will fit in memory at run time and that they won&#39;t overlap each other. - Remove text and rodata orphan sections. - Define new linker symbols to remove the need for platform setup code to know the order of sections. - Reduce the size of the raw binary images by cutting some sections out of the disk image and allocating them at load time, whenever possible. - Rework alignment constraints on sections. - Remove unused linker symbols. - Homogenize linker symbols names across all BLs. - Add some comments in the linker scripts. Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
11 years ago
__COHERENT_RAM_END__ = .;
ARMv8 Trusted Firmware release v0.2
11 years ago
} >RAM
Remove coherent memory from the BL memory maps This patch extends the build option `USE_COHERENT_MEMORY` to conditionally remove coherent memory from the memory maps of all boot loader stages. The patch also adds necessary documentation for coherent memory removal in firmware-design, porting and user guides. Fixes ARM-Software/tf-issues#106 Change-Id: I260e8768c6a5c2efc402f5804a80657d8ce38773
10 years ago
#endif
ARMv8 Trusted Firmware release v0.2
11 years ago
Make generic code work in presence of system caches On the ARMv8 architecture, cache maintenance operations by set/way on the last level of integrated cache do not affect the system cache. This means that such a flush or clean operation could result in the data being pushed out to the system cache rather than main memory. Another CPU could access this data before it enables its data cache or MMU. Such accesses could be serviced from the main memory instead of the system cache. If the data in the sysem cache has not yet been flushed or evicted to main memory then there could be a loss of coherency. The only mechanism to guarantee that the main memory will be updated is to use cache maintenance operations to the PoC by MVA(See section D3.4.11 (System level caches) of ARMv8-A Reference Manual (Issue A.g/ARM DDI0487A.G). This patch removes the reliance of Trusted Firmware on the flush by set/way operation to ensure visibility of data in the main memory. Cache maintenance operations by MVA are now used instead. The following are the broad category of changes: 1. The RW areas of BL2/BL31/BL32 are invalidated by MVA before the C runtime is initialised. This ensures that any stale cache lines at any level of cache are removed. 2. Updates to global data in runtime firmware (BL31) by the primary CPU are made visible to secondary CPUs using a cache clean operation by MVA. 3. Cache maintenance by set/way operations are only used prior to power down. NOTE: NON-UPSTREAM TRUSTED FIRMWARE CODE SHOULD MAKE EQUIVALENT CHANGES IN ORDER TO FUNCTION CORRECTLY ON PLATFORMS WITH SUPPORT FOR SYSTEM CACHES. Fixes ARM-software/tf-issues#205 Change-Id: I64f1b398de0432813a0e0881d70f8337681f6e9a
9 years ago
/*
* Define a linker symbol to mark end of the RW memory area for this
* image.
*/
__RW_END__ = .;
Various improvements/cleanups on the linker scripts - Check at link-time that bootloader images will fit in memory at run time and that they won&#39;t overlap each other. - Remove text and rodata orphan sections. - Define new linker symbols to remove the need for platform setup code to know the order of sections. - Reduce the size of the raw binary images by cutting some sections out of the disk image and allocating them at load time, whenever possible. - Rework alignment constraints on sections. - Remove unused linker symbols. - Homogenize linker symbols names across all BLs. - Add some comments in the linker scripts. Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
11 years ago
__BL2_END__ = .;
ARMv8 Trusted Firmware release v0.2
11 years ago
Various improvements/cleanups on the linker scripts - Check at link-time that bootloader images will fit in memory at run time and that they won&#39;t overlap each other. - Remove text and rodata orphan sections. - Define new linker symbols to remove the need for platform setup code to know the order of sections. - Reduce the size of the raw binary images by cutting some sections out of the disk image and allocating them at load time, whenever possible. - Rework alignment constraints on sections. - Remove unused linker symbols. - Homogenize linker symbols names across all BLs. - Add some comments in the linker scripts. Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
11 years ago
__BSS_SIZE__ = SIZEOF(.bss);
Remove coherent memory from the BL memory maps This patch extends the build option `USE_COHERENT_MEMORY` to conditionally remove coherent memory from the memory maps of all boot loader stages. The patch also adds necessary documentation for coherent memory removal in firmware-design, porting and user guides. Fixes ARM-Software/tf-issues#106 Change-Id: I260e8768c6a5c2efc402f5804a80657d8ce38773
10 years ago
#if USE_COHERENT_MEM
Various improvements/cleanups on the linker scripts - Check at link-time that bootloader images will fit in memory at run time and that they won&#39;t overlap each other. - Remove text and rodata orphan sections. - Define new linker symbols to remove the need for platform setup code to know the order of sections. - Reduce the size of the raw binary images by cutting some sections out of the disk image and allocating them at load time, whenever possible. - Rework alignment constraints on sections. - Remove unused linker symbols. - Homogenize linker symbols names across all BLs. - Add some comments in the linker scripts. Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
11 years ago
__COHERENT_RAM_UNALIGNED_SIZE__ =
__COHERENT_RAM_END_UNALIGNED__ - __COHERENT_RAM_START__;
Remove coherent memory from the BL memory maps This patch extends the build option `USE_COHERENT_MEMORY` to conditionally remove coherent memory from the memory maps of all boot loader stages. The patch also adds necessary documentation for coherent memory removal in firmware-design, porting and user guides. Fixes ARM-Software/tf-issues#106 Change-Id: I260e8768c6a5c2efc402f5804a80657d8ce38773
10 years ago
#endif
Make the memory layout more flexible Currently the platform code gets to define the base address of each boot loader image. However, the linker scripts couteract this flexibility by enforcing a fixed overall layout of the different images. For example, they require that the BL3-1 image sits below the BL2 image. Choosing BL3-1 and BL2 base addresses in such a way that it violates this constraint makes the build fail at link-time. This patch requires the platform code to now define a limit address for each image. The linker scripts check that the image fits within these bounds so they don&#39;t rely anymore on the position of a given image in regard to the others. Fixes ARM-software/tf-issues#163 Change-Id: I8c108646825da19a6a8dfb091b613e1dd4ae133c
11 years ago
ASSERT(. <= BL2_LIMIT, "BL2 image has exceeded its limit.")
ARMv8 Trusted Firmware release v0.2
11 years ago
}