The current implementation of the memory mapping API favours mapping
memory regions using the biggest possible block size in order to
reduce the number of translation tables needed.
In some cases, this behaviour might not be desirable. When translation
tables are edited at run-time, coarse-grain mappings like that might
need splitting into finer-grain tables. This operation has a
performance cost.
The MAP_REGION2() macro allows to specify the granularity of
translation tables used for the initial mapping of a memory region.
This might increase performance for memory regions that are likely to
be edited in the future, at the expense of a potentially increased
memory footprint.
The Translation Tables Library Design Guide has been updated to
explain the use case for this macro. Also added a few intermediate
titles to make the guide easier to digest.
Change-Id: I04de9302e0ee3d326b8877043a9f638766b81b7b
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Add new option rsa+ecdsa for TF_MBEDTLS_KEY_ALG, which selects
rsa or ecdsa depending on the certificate used.
Change-Id: I08d9e99bdbba361ed2ec5624248dc382c750ad47
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
The value of BL31_BASE currently depends on the size of BL31. This
causes problems in the RESET_TO_BL31 case because the value of
BL31_BASE is used in the model launch parameters, which often changes.
Therefore, this patch fixes BL31_BASE to the middle of Trusted SRAM,
to avoid further model parameter changes in future.
Change-Id: I6d7fa4fe293717d84768974679539c0e0cb6d935
Signed-off-by: David Cunado <david.cunado@arm.com>
This patch gives users control over logging messages printed from the C
code using the LOG macros defined in debug.h Users now have the ability
to reduce the log_level at run time using the tf_log_set_max_level()
function. The default prefix string can be defined by platform by
overriding the `plat_log_get_prefix()` platform API which is also
introduced in this patch.
The new log framework results in saving of some RO data. For example,
when BL1 is built for FVP with LOG_LEVEL=LOG_LEVEL_VERBOSE, resulted
in saving 384 bytes of RO data and increase of 8 bytes of RW data. The
framework also adds about 108 bytes of code to the release build of FVP.
FixesARM-software/tf-issues#462
Change-Id: I476013d9c3deedfdd4c8b0b0f125665ba6250554
Co-authored-by: Eleanor Bonnici <Eleanor.bonnici@arm.com>
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Erratum 855971 applies to revision r0p3 or earlier Cortex-A72 CPUs. The
recommended workaround is to disable instruction prefetch.
Change-Id: I7fde74ee2a8a23b2a8a1891b260f0eb909fad4bf
Signed-off-by: Eleanor Bonnici <Eleanor.bonnici@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Erratum 855972 applies to revision r1p3 or earlier Cortex-A57 CPUs. The
recommended workaround is to disable instruction prefetch.
Change-Id: I56eeac0b753eb1432bd940083372ad6f7e93b16a
Signed-off-by: Eleanor Bonnici <Eleanor.bonnici@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch does the required changes to enable CSS platforms
to build and use the SDS framework. Since SDS is always coupled with
SCMI protocol, the preexisting SCMI build flag is now renamed to
`CSS_USE_SCMI_SDS_DRIVER` which will enable both SCMI and SDS on
CSS platforms. Also some of the workarounds applied for SCMI are
now removed with SDS in place.
Change-Id: I94e8b93f05e3fe95e475c5501c25bec052588a9c
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch enables choice of RSA version at run time to be used for
generating signatures by the cert_tool. The RSA PSS as defined in
PKCS#1 v2.1 becomes the default version and this patch enables to specify
the RSA PKCS#1 v1.5 algorithm to `cert_create` through the command line
-a option. Also, the build option `KEY_ALG` can be used to pass this
option from the build system. Please note that RSA PSS is mandated
by Trusted Board Boot requirements (TBBR) and legacy RSA support is
being added for compatibility reasons.
FixesARM-Software/tf-issues#499
Change-Id: Ifaa3f2f7c9b43f3d7b3effe2cde76bf6745a5d73
Co-Authored-By: Eleanor Bonnici <Eleanor.bonnici@arm.com>
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The `KEY_ALG` variable is used to select the algorithm for key
generation by `cert_create` tool for signing the certificates. This
variable was previously undocumented and did not have a global default
value. This patch corrects this and also adds changes to derive the
value of `TF_MBEDTLS_KEY_ALG` based on `KEY_ALG` if it not set by the
platform. The corresponding assignment of these variables are also now
removed from the `arm_common.mk` makefile.
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I78e2d6f4fc04ed5ad35ce2266118afb63127a5a4
Fix the level of the section
"13. Function : plat_setup_psci_ops() [mandatory]",
including all the subsections.
Fix the level of the section
"12.7. plat_psci_ops.pwr_domain_suspend_pwrdown_early() [optional]"
to lower it like the surrounding functions.
Change-Id: I781823bc96ece669f8fde4bd39c4e333c7bf4d1a
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
The internal synchronisation timings of the FVP model version
11.0 build 11.0.34 and version 8.5 build 0.8.5202 has been
changed compared to older version of the models.
This change may have an impact on how the model behaves depending
on the workload being run on the model. For example test failures
have been seen where the primary core has powered on a secondary
core but was then starved of host CPU time and so was not able to
update power status, resulting a test failure due to an incorrect
status. This, or similar behaviour, is not to be expected from
real hardware platforms.
This patch adds a usage note on how to launch these models so
that internal synchronisation timing matches that of the older
version of the models, specifically adding the -Q 100 option.
Change-Id: If922afddba1581b7246ec889b3f1598533ea1b7e
Signed-off-by: David Cunado <david.cunado@arm.com>
This patch enables the CnP (Common not Private) bit for secure page
tables so that multiple PEs in the same Inner Shareable domain can use
the same translation table entries for a given stage of translation in
a particular translation regime. This only takes effect when ARM
Trusted Firmware is built with ARM_ARCH_MINOR >= 2.
ARM Trusted Firmware Design has been updated to include a description
of this feature usage.
Change-Id: I698305f047400119aa1900d34c65368022e410b8
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
The format conversion wrongly formatted a couple of sections. These were
also missing from the Table of Contents.
Change-Id: I324216c27e7b4711e6cc5e25782f4b53842140cc
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
- Redraw the interrupt diagrams with dia tool
- Change TSP_HANDLED_S_EL1_FIQ to TSP_HANDLED_S_EL1_INTR in sec-int-handling.png
- Use the makefile generate the image to avoid unnessary generate
- Add dia source code
Change-Id: I016022ca964720e8497c27c88a3f371459abc284
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
Add support for a minimal secure interrupt service in sp_min for
the AArch32 implementation. Hard code that only FIQs are handled.
Introduce bolean build directive SP_MIN_WITH_SECURE_FIQ to enable
FIQ handling from SP_MIN.
Configure SCR[FIQ] and SCR[FW] from generic code for both cold and
warm boots to handle FIQ in secure state from monitor.
Since SP_MIN architecture, FIQ are always trapped when system executes
in non secure state. Hence discard relay of the secure/non-secure
state in the FIQ handler.
Change-Id: I1f7d1dc7b21f6f90011b7f3fcd921e455592f5e7
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Since Trusted OS firmware may have extra images, need to
assign new uuid and image id for them.
The TBBR chain of trust has been extended to add support
for the new images within the existing Trusted OS firmware
content certificate.
Change-Id: I678dac7ba1137e85c5779b05e0c4331134c10e06
Signed-off-by: Summer Qin <summer.qin@arm.com>
The documentation describes the design of the translation tables
library version 2 used by the ARM Trusted Firmware.
The diagram file has been created with Dia version 0.97.2. This tool
can be obtained from: https://wiki.gnome.org/Apps/Dia/Download
Inkscape has been used to generate the *.png file from the *.dia file
to work around a bug in the generation of *.png files in some versions
of Dia.
Change-Id: Ie67d9998d4ae881b2c060200a318ad3ac2fa5e91
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
With the migration to .rst from .md, the Issues Resolved and
Known Issues sections for v1.4 were using Header 1 format.
This patch changes to using Header 2 for these sections.
Change-Id: Ic3127d84eb169a65039fd4cc8284c6429302732d
Signed-off-by: David Cunado <david.cunado@arm.com>
The current build system and driver requires the CCI product to be
specified at build time. The device constraints can be determined at run
time from its ID registers, obviating the need for specifying them
ahead.
This patch adds changes to identify and validate CCI at run time. Some
global variables are renamed to be in line with the rest of the code
base.
The build option ARM_CCI_PRODUCT_ID is now removed, and user guide is
updated.
Change-Id: Ibb765e349d3bc95ff3eb9a64bde1207ab710a93d
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
ARM CPUs with multi-threading implementation has more than one
Processing Element in a single physical CPU. Such an implementation will
reflect the following changes in the MPIDR register:
- The MT bit set;
- Affinity levels pertaining to cluster and CPUs occupy one level
higher than in a single-threaded implementation, and the lowest
affinity level pertains to hardware threads. MPIDR affinity level
fields essentially appear shifted to left than otherwise.
The FVP port henceforth assumes that both properties above to be
concomitant on a given FVP platform.
To accommodate for varied MPIDR formats at run time, this patch
re-implements the FVP platform-specific functions that translates MPIDR
values to a linear indices, along with required validation. The same
treatment is applied for GICv3 MPIDR hashing function as well.
An FVP-specific build option FVP_MAX_PE_PER_CPU is introduced which
specifies the maximum number of threads implemented per CPU. For
backwards compatibility, its value defaults to 1.
Change-Id: I729b00d3e121d16ce9a03de4f9db36dfac580e3f
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch adds an early suspend handler, that executes with
SMP and data cache enabled. This handler allows platforms to
perform any early actions during the CPU suspend entry sequence.
This handler is optional and platforms can choose to implement it
depending on their needs. The `pwr_domain_suspend` handler still
exists and platforms can keep on using it without any side effects.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
At the moment, various parts of the Trusted Firmware code assume
that the granule size used is 4 KB. For example, the linker scripts
enforce 4 KB alignment restrictions on some sections.
However, the ARMv8-A architecture allows 16 KB and 64 KB granule
sizes as well. Some other parts of the TF code, particularly the
architectural code and definitions, have been implemented with
this in mind and cater for all 3 cases.
This discrepancy creates some confusion as to what is effectively
supported in TF. This patch adds some code comments and clarification
in the documentation to make this limitation clearer.
Change-Id: I1f202369b240d8bed9d43d57ecd2a548c86c8598
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Add documentation for errata 835769 and 843419 workarounds introduced in
commit a94cc374abFixesARM-software/tf-issues#504
Change-Id: I7f3db53dfc5f3827b32663f483d3302bc9679b19
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
The board features the Hi3798C V200 with an integrated quad-core
64-bit ARM Cortex A53 processor and high performance Mali T720 GPU,
making it capable of running any commercial set-top solution based on
Linux or Android. Its high performance specification also supports a
premium user experience with up to H.265 HEVC decoding of 4K video at
60 frames per second.
SOC Hisilicon Hi3798CV200
CPU Quad-core ARM Cortex-A53 64 bit
DRAM DDR3/3L/4 SDRAM interface, maximum 32-bit data width 2 GB
USB Two USB 2.0 ports One USB 3.0 ports
CONSOLE USB-micro port for console support
ETHERNET 1 GBe Ethernet
PCIE One PCIe 2.0 interfaces
JTAG 8-Pin JTAG
EXPANSION INTERFACE Linaro 96Boards Low Speed Expansion slot
DIMENSION Standard 160×120 mm 96Boards Enterprice Edition form factor
WIFI 802.11AC 2*2 with Bluetooth
CONNECTORS One connector for Smart Card One connector for TSI
The platform boot sequence is as follows:
l-loader --> arm_trusted_firmware --> u-boot
Repositories:
- https://github.com/Linaro/poplar-l-loader.git
- https://github.com/Linaro/poplar-u-boot.git
U-Boot is also upstream in the project's master branch.
Make sure you are using the correct branch on each one of these
repositories. The definition of "correct" might change over time (at
this moment in time this would be the "latest" branch).
Build Line:
make CROSS_COMPILE=aarch64-linux-gnu- all fip SPD=none DEBUG=1
PLAT=poplar BL33=/path/to/u-boot.bin
Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Signed-off-by: Alex Elder <elder@linaro.org>
Tested-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
Tested-by: Leo Yan <leo.yan@linaro.org>
Tested-by: Alex Elder <elder@linaro.org>
Updated change-log.rst with summary of changes since release v1.3.
Change-Id: Iecd31ed315bd9ad7ffe8bce6550f7c90e1e3a9b0
Signed-off-by: David Cunado <david.cunado@arm.com>
ARM TF has been tested against Linaro Release 17.04 - the Linaro
binaries have been update and also the version of the compiler.
Linaro binaries: 17.01 --> 17.04
AArch64 & AArch32 compilers: 5.3-2015.05 (gcc 5.3) -> 6.2-2016.11 (gcc 6.2)
This patch updates the User Guide is to state that Linaro
release 17.04 is supported.
Additionally, the following fixes are made to the User Guide:
- Removed out of date reference to Linaro release 16.06.
- Updated the Juno variant coverage to include r2.
Change-Id: Iebbced3356f8c6b3c2bff2df62574db9f937ca7b
Signed-off-by: David Cunado <david.cunado@arm.com>
Trusted Firmware has been tested as part of its CI system against Cortex
and Foundation models in the 11.0 Model release available on
developer.arm.com. Trusted Firmware has also been tested against the v8.5
AEM model.
This patch updates the user guide documentation to reflect the version of
the Foundation, AEM and Cortex Models that Trusted Firmware has been
tested against.
Change-Id: I3b5b4d1e4220bda1dcc88aa9cfa01fa711ed92cd
Signed-off-by: David Cunado <david.cunado@arm.com>
Removed Markdown documents as they have been converted to
reStructuredText.
Change-Id: I3148222eb31258f158f64de4ddcdda4b232ce483
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Non-automated fixes to the converted documentation.
Change-Id: I61f3d37c7a8d6a56a7351048060b970c5b3751e4
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Due to recent issues in the rendering of the documentation on GitHub and
some long-standing issues like the lack of automatic table of content in
Markdown, the documentation has been converted to reStructuredText.
Basic constructs looks pretty similar to Markdown.
Automatically convert GitHub markdown documentation to reStructuredText
using pandoc.
Change-Id: If20b695acedc6d1b49c8d9fb64efd6b6ba23f4a9
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Change some hard-to-convert constructs to cleaner ones.
Fix a broken link.
Change-Id: Ida70aa1da0af7a107b0e05eb20b8d46669a0380b
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
This patch makes the necessary changes to enable ARM platform to
successfully integrate CryptoCell during Trusted Board Boot. The
changes are as follows:
* A new build option `ARM_CRYPTOCELL_INTEG` is introduced to select
the CryptoCell crypto driver for Trusted Board boot.
* The TrustZone filter settings for Non Secure DRAM is modified
to allow CryptoCell to read this memory. This is required to
authenticate BL33 which is loaded into the Non Secure DDR.
* The CSS platforms are modified to use coherent stacks in BL1 and BL2
when CryptoCell crypto is selected. This is because CryptoCell makes
use of DMA to transfer data and the CryptoCell SBROM library allocates
buffers on the stack during signature/hash verification.
Change-Id: I1e6f6dcd1899784f1edeabfa2a9f279bbfb90e31
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
CFLAGS content can be set on the command line to allow passing extra
options to the compiler. Its content is appended after the options set
by the Makefile (TF_CFLAGS).
The Makefiles must use TF_CFLAGS instead of CFLAGS, as the latter can be
completely overriden by setting it on the command line.
Also tell about LDFLAGS in the "Debugging options" section.
Change-Id: Iaf27b424002898ef3040133f78cb133983a37aee
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Use TF_LDFLAGS from the Makefiles, and still append LDFLAGS as well to
the compiler's invocation. This allows passing extra options from the
make command line using LDFLAGS.
Document new LDFLAGS Makefile option.
Change-Id: I88c5ac26ca12ac2b2d60a6f150ae027639991f27
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Updated section 6, building a FIP for Juno and FVP, adding
instructions for AArch32 and AArch64.
Updated section 4.1, summary of build options, to include a
description of the `JUNO_AARCH32_EL3_RUNTIME` build flag.
Change-Id: I4ed006522cab981371c382859063f088fbfcb8f7
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
Without the additional newlines all the text becomes a single paragraph
and next newlines are ignored.
Change-Id: I783198477f654e3923fcabb21248f2bc62c33e9d
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
SPE is only supported in non-secure state. Accesses to SPE specific
registers from SEL1 will trap to EL3. During a world switch, before
`TTBR` is modified the SPE profiling buffers are drained. This is to
avoid a potential invalid memory access in SEL1.
SPE is architecturally specified only for AArch64.
Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
This patch updates the el3_arch_init_common macro so that it fully
initialises essential control registers rather then relying on hardware
to set the reset values.
The context management functions are also updated to fully initialise
the appropriate control registers when initialising the non-secure and
secure context structures and when preparing to leave EL3 for a lower
EL.
This gives better alignement with the ARM ARM which states that software
must initialise RES0 and RES1 fields with 0 / 1.
This patch also corrects the following typos:
"NASCR definitions" -> "NSACR definitions"
Change-Id: Ia8940b8351dc27bc09e2138b011e249655041cfc
Signed-off-by: David Cunado <david.cunado@arm.com>
Sandrine Bailleux
Victor Chong
Qixiang Xu
Soby Mathew
Eleanor Bonnici
Douglas Raillard
David Cunado
Isla Mitchell
Jeenu Viswambharan
Etienne Carriere
Etienne Carriere
Summer Qin
Antonio Nino Diaz
Varun Wadekar
Jorge Ramirez-Ortiz
Roberto Vargas
dp-arm
Masahiro Yamada