The platform io policies array is now always accessed through a fconf getter.
This gives us an ideal spot to check for out-of-bound accesses.
Remove the assertion in plat_get_image_source(), which is now redundant.
Change-Id: Iefe808d530229073b68cbd164d927b8b6662a217
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The chain of trust array is now always accessed through a fconf getter.
This gives us an ideal spot to check for out-of-bound accesses.
Change-Id: Ic5ea20e43cf8ca959bb7f9b60de7c0839b390add
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Commit d5e97a1d2c ("Build: define IMAGE_AT_EL1 or IMAGE_AT_EL3
globally for C files") does not have commit 848a7e8ce1 ("Build:
introduce per-BL CPPFLAGS and ASFLAGS") as an ancestor because
they were pulled almost at the same time.
This is a follow-up conversion to be consistent with commit
11a3c5ee73 ("plat: pass -D option to BL*_CPPFLAGS instead of
BL*_CFLAGS").
With this change, the command line option, IMAGE_AT_EL3, will be
passed to .S files as well.
I remove the definition in include/lib/cpus/aarch64/cpu_macros.S
Otherwise, the following error would happen.
include/lib/cpus/aarch64/cpu_macros.S:29:0: error: "IMAGE_AT_EL3" redefined [-Werror]
Change-Id: I943c8f22356483c2ae3c57b515c69243a8fa6889
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
If PLAT_RO_XLAT_TABLES is defined, the base xlat table goes to the
.rodata section instead of .bss section.
This causes a warning like:
/tmp/ccswitLr.s: Assembler messages:
/tmp/ccswitLr.s:297: Warning: setting incorrect section attributes for .rodata
It is practically no problem, but I want to keep the build log clean.
Put the base table into the "base_xlat_table" section to suppress the
assembler warnings.
The linker script determines its final destination; rodata section if
PLAT_RO_XLAT_TABLES=1, or bss section otherwise. So, the result is the
same.
Change-Id: Ic85d1d2dddd9b5339289fc2378cbcb21dd7db02e
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Move the bss section to the common header. This adds BAKERY_LOCK_NORMAL
and PMF_TIMESTAMP, which previously existed only in BL31. This is not
a big deal because unused data should not be compiled in the first
place. I believe this should be controlled by BL*_SOURCES in Makefiles,
not by linker scripts.
I investigated BL1, BL2, BL2U, BL31 for plat=fvp, and BL2-AT-EL3,
BL31, BL31 for plat=uniphier. I did not see any more unexpected
code addition.
The bss section has bigger alignment. I added BSS_ALIGN for this.
Currently, SORT_BY_ALIGNMENT() is missing in sp_min.ld.S, and with this
change, the BSS symbols in SP_MIN will be sorted by the alignment.
This is not a big deal (or, even better in terms of the image size).
Change-Id: I680ee61f84067a559bac0757f9d03e73119beb33
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The common section data are repeated in many linker scripts (often
twice in each script to support SEPARATE_CODE_AND_RODATA). When you
add a new read-only data section, you end up with touching lots of
places.
After this commit, you will only need to touch bl_common.ld.h when
you add a new section to RODATA_COMMON.
Replace a series of RO section with RODATA_COMMON, which contains
6 sections, some of which did not exist before.
This is not a big deal because unneeded data should not be compiled
in the first place. I believe this should be controlled by BL*_SOURCES
in Makefiles, not by linker scripts.
When I was working on this commit, the BL1 image size increased
due to the fconf_populator. Commit c452ba159c ("fconf: exclude
fconf_dyn_cfg_getter.c from BL1_SOURCES") fixed this issue.
I investigated BL1, BL2, BL2U, BL31 for plat=fvp, and BL2-AT-EL3,
BL31, BL31 for plat=uniphier. I did not see any more unexpected
code addition.
Change-Id: I5d14d60dbe3c821765bce3ae538968ef266f1460
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
These are mostly used to collect data from special structure,
and repeated in many linker scripts.
To differentiate the alignment size between aarch32/aarch64, I added
a new macro STRUCT_ALIGN.
While I moved the PMF_SVC_DESCS, I dropped #if ENABLE_PMF conditional.
As you can see in include/lib/pmf/pmf_helpers.h, PMF_REGISTER_SERVICE*
are no-op when ENABLE_PMF=0. So, pmf_svc_descs and pmf_timestamp_array
data are not populated.
Change-Id: I3f4ab7fa18f76339f1789103407ba76bda7e56d0
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This patch changes the prototype cm_setup_context() to use struct entry_point_info
rather than the typedef'ed version of it. This fixes the following compilation error
seen with EL3_EXCEPTION_HANDLING = 1.
<snip>
In file included from bl31/ehf.c:19:
include/lib/el3_runtime/context_mgmt.h:35:49: error: unknown type name 'entry_point_info_t'
35 | void cm_setup_context(cpu_context_t *ctx, const entry_point_info_t *ep);
| ^~~~~~~~~~~~~~~~~~
<snip>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I73b059ff2dade2259cefd0f9a097c7ea4a88055d
Add Crypto 713 support as crypto module and NVM counter provider.
As files under include/drivers/arm/cryptocell/713/ are copied verbatim
from the CryptoCell SBROM lib project they are filtered from checkpatch
coding style check.
Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Change-Id: I7c361772f00ca7d96481f81ac6cbb2704467e52c
Add support to retrieve plat_toc_flags value from FIP header flags.
plat_toc_flags is for platform specific use. It is stored in
FIP header by fiptool using --plat-toc-flags option.
Change-Id: Ibadd91b4f28e6503f4426e4efd404bbe512ad124
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
enable_mmu_* has a different function name, so it is not handy in the
shared code. enable_mmu() calls an appropriate one depending on the
exception level.
Change-Id: I0657968bfcb91c32733f75f9259f550a5c35b1c3
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
There are some cases where we want to run EL-dependent code in the
shared code.
We could use #ifdef, but it leaves slight possibility where we do not
know the exception level at the build-time (e.g. library code).
The counter approach is to use get_current_el(), but it is run-time
detection, so all EL code is linked, some of which might be unneeded.
This commit adds get_current_el_maybe_constant(). This is a static
inline function that returns a constant value if we know the exception
level at build-time. This is mostly the case.
if (get_current_el_maybe_constant() == 1) {
/* do something for EL1 */
} else if (get_current_el_maybe_constant() == 3) {
/* do something for EL3 */
}
If get_current_el_maybe_constant() is build-time constant, the compiler
will optimize out the unreachable code.
If such code is included from the library code, it is not built-time
constant. In this case, it falls back to get_current_el(), so it still
works.
Change-Id: Idb03c20342a5b5173fe2d6b40e1fac7998675ad3
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Moved SMCCC defines from plat_arm.h to new <smccc_def.h> header
and include this header in all ARM platforms.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I4cbc69c7b9307461de87b7c7bf200dd9b810e485
This patch provides support for measured boot by adding calculation
of BL2 image hash in BL1 and writing these data in TB_FW_CONFIG DTB.
Change-Id: Ic074a7ed19b14956719c271c805b35d147b7cec1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Fixed below 'tautological-constant-compare' error when building the source
code with latest clang compiler <clang version 11.0.0>.
plat/common/plat_psci_common.c:36:2:
error: converting the result of '<<' to a boolean always evaluates
to true [-Werror,-Wtautological-constant-compare]
PMF_STORE_ENABLE)
^
include/lib/pmf/pmf.h:28:29: note: expanded from macro 'PMF_STORE_ENABLE'
PMF_STORE_ENABLE (1 << 0)
This error is observed beacuse of CASSERT placed in
"PMF_DEFINE_CAPTURE_TIMESTAMP" which do below stuff:
CASSERT(_flags, select_proper_config);
where _flags = PMF_STORE_ENABLE (1 << 0) which always results true.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ifa82ea202496a23fdf1d27ea1798d1f1b583a021
Correct the following warning given by sparse tool:
include/drivers/raw_nand.h:158:3: warning:
symbol '__packed' was not declared. Should it be static?
Change-Id: I03bd9a8aee5cdc5212ce5225be8033f1a6e92bd9
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This patch adds support to handle following TLK SMCs:
{TLK_SET_BL_VERSION, TLK_LOCK_BL_INTERFACE, TLK_BL_RPMB_SERVICE}
These SMCs need to be supported in ATF in order to forward them to
TLK. Otherwise, these functionalities won't work.
Brief:
TLK_SET_BL_VERSION: This SMC is issued by the bootloader to supply its
version to TLK. TLK can use this to prevent rollback attacks.
TLK_LOCK_BL_INTERFACE: This SMC is issued by bootloader before handing off
execution to the OS. This allows preventing sensitive SMCs being used
by the OS.
TLK_BL_RPMB_SERVICE: bootloader issues this SMC to sign or verify RPMB
frames.
Tested by: Tests TLK can receive the new SMCs issued by bootloader
Change-Id: I57c2d189a5f7a77cea26c3f8921866f2a6f0f944
Signed-off-by: Mustafa Yigit Bilgen <mbilgen@nvidia.com>
TPIDR_EL2 is missing from the EL2 state register save/restore
sequence. This patch adds it to the context save restore routines.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I35fc5ee82f97b72bcedac57c791312e7b3a45251
TLK does not participate in the system off/reset process and so
has no use for the SYSTEM_OFF/RESET notifications.
This patch removes the system off/reset handlers as a result.
Change-Id: Icf1430b1400cea88000e6d54426eb604a43cbe6c
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch enables dual execution optimized translations for EL2 and EL3
CPU exception levels.
Change-Id: I28fe98bb05687400f247e94adf44a1f3a85c38b1
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
There is really no reason to use and pass around a struct when its only
member is the (fixed) base address.
Remove the struct and just use the base address on its own inside the
GPIO driver. Then set the base address automatically.
This simplifies GPIO setup for users, which now don't need to deal with
zeroing a struct and setting the base address anymore.
Change-Id: I3060f7859e3f8ef9a24cc8fb38307b5da943f127
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Implemented SMCCC_ARCH_SOC_ID call in order to get below
SOC information:
1. SOC revision
2. SOC version
Implementation done using below SMCCC specification document:
https://developer.arm.com/docs/den0028/c
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ie0595f1c345a6429a6fb4a7f05534a0ca9c9a48b
This patch introduces the `SPCI_ID_GET` interface which will return the
ID of the calling SPCI component. Returns 0 for requests from the
non-secure world and the SPCI component ID as specified in the manifest
for secure world requests.
Change-Id: Icf81eb1d0e1d7d5c521571e04972b6e2d356e0d1
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
This patch adds an interrupt handler for TLK. On receiving an
interrupt, the source of the interrupt is determined and the
interrupt is marked complete. The IRQ number is passed to
TLK along with a special SMC function ID. TLK issues an SMC
to notify completion of the interrupt handler in the S-EL1
world.
Change-Id: I76f28cee6537245c5e448d2078f86312219cea1a
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Necessary infrastructure added to integrate fconf framework in BL31 & SP_MIN.
Created few populator() functions which parse HW_CONFIG device tree
and registered them with fconf framework. Many of the changes are
only applicable for fvp platform.
This patch:
1. Adds necessary symbols and sections in BL31, SP_MIN linker script
2. Adds necessary memory map entry for translation in BL31, SP_MIN
3. Creates an abstraction layer for hardware configuration based on
fconf framework
4. Adds necessary changes to build flow (makefiles)
5. Minimal callback to read hw_config dtb for capturing properties
related to GIC(interrupt-controller node)
6. updates the fconf documentation
Change-Id: Ib6292071f674ef093962b9e8ba0d322b7bf919af
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
A populate() function essentially captures the value of a property,
defined by a platform, into a fconf related c structure. Such a
callback is usually platform specific and is associated to a specific
configuration source.
For example, a populate() function which captures the hardware topology
of the platform can only parse HW_CONFIG DTB. Hence each populator
function must be registered with a specific 'config_type' identifier.
It broadly represents a logical grouping of configuration properties
which is usually a device tree source file.
Example:
> TB_FW: properties related to trusted firmware such as IO policies,
base address of other DTBs, mbedtls heap info etc.
> HW_CONFIG: properties related to hardware configuration of the SoC
such as topology, GIC controller, PSCI hooks, CPU ID etc.
This patch modifies FCONF_REGISTER_POPULATOR macro and fconf_populate()
to register and invoke the appropriate callbacks selectively based on
configuration type.
Change-Id: I6f63b1fd7a8729c6c9137d5b63270af1857bb44a
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
TF-A has so many linker scripts, at least one linker script for each BL
image, and some platforms have their own ones. They duplicate quite
similar code (and comments).
When we add some changes to linker scripts, we end up with touching
so many files. This is not nice in the maintainability perspective.
When you look at Linux kernel, the common code is macrofied in
include/asm-generic/vmlinux.lds.h, which is included from each arch
linker script, arch/*/kernel/vmlinux.lds.S
TF-A can follow this approach. Let's factor out the common code into
include/common/bl_common.ld.h
As a start point, this commit factors out the xlat_table section.
Change-Id: Ifa369e9b48e8e12702535d721cc2a16d12397895
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
With this, it is clearer that .base_table_entries and .tables_num
are the array size of .base_table and .tables, respectively.
Change-Id: I634e65aba835ab9908cc3919355df6bc6e18d42a
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
xlat_tables_v2_helpers.h defines two quite similar macros,
REGISTER_XLAT_CONTEXT_FULL_SPEC and REGISTER_XLAT_CONTEXT_RO_BASE_TABLE.
Only the difference is the section of _ctx_name##_base_xlat_table.
Parameterize it and unify these two macros.
The base xlat table goes into the .bss section by default.
If PLAT_RO_XLAT_TABLES is defined, it goes into the .rodata section.
Change-Id: I8b02f4da98f0c272e348a200cebd89f479099c55
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This patch provides separation of GICD, GICR accessor
functions and adds new macros for GICv3 registers access
as a preparation for GICv3.1 and GICv4 support.
NOTE: Platforms need to modify to include both
'gicdv3_helpers.c' and 'gicrv3_helpers.c' instead of the
single helper file previously.
Change-Id: I1641bd6d217d6eb7d1228be3c4177b2d556da60a
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch provides a fix for incorrect crash dump data for
lower EL when TF-A is built with HANDLE_EA_EL3_FIRST=1 option
which enables routing of External Aborts and SErrors to EL3.
Change-Id: I9d5e6775e6aad21db5b78362da6c3a3d897df977
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
TBBR spec advocates for optional encryption of firmwares (see optional
requirement: R060_TBBR_FUNCTION). So add an IO abstaction layer to
support firmware decryption that can be stacked above any underlying IO/
packaging layer like FIP etc. It aims to provide a framework to load any
encrypted IO payload.
Also, add plat_get_enc_key_info() to be implemented in a platform
specific manner as handling of encryption key may vary from one platform
to another.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I9892e0ddf00ebecb8981301dbfa41ea23e078b03
Add framework for autheticated decryption of data. Currently this
patch optionally imports mbedtls library as a backend if build option
"DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption
using AES-GCM algorithm.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271
This patch implements loading of Secure Partition packages using
existing framework of loading other bl images.
The current framework uses a statically defined array to store all the
possible image types and at run time generates a link list and traverse
through it to load different images.
To load SPs, a new array of fixed size is introduced which will be
dynamically populated based on number of SPs available in the system
and it will be appended to the loadable images list.
Change-Id: I8309f63595f2a71b28a73b922d20ccba9c4f6ae4
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Added SPMD_SPM_AT_SEL2 build command line parameter.
Set to 1 to run SPM at S-EL2.
Set to 0 to run SPM at S-EL1 (pre-v8.4 or S-EL2 is disabled).
Removed runtime EL from SPM core manifest.
Change-Id: Icb4f5ea4c800f266880db1d410d63fe27a1171c0
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
This patch adds EL2 registers that are supported up to ARMv8.6.
ARM_ARCH_MINOR has to specified to enable save/restore routine.
Note: Following registers are still not covered in save/restore.
* AMEVCNTVOFF0<n>_EL2
* AMEVCNTVOFF1<n>_EL2
* ICH_AP0R<n>_EL2
* ICH_AP1R<n>_EL2
* ICH_LR<n>_EL2
Change-Id: I4813f3243e56e21cb297b31ef549a4b38d4876e1
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Use the firmware configuration framework to retrieve information about
Secure Partitions to facilitate loading them into memory.
To load a SP image we need UUID look-up into FIP and the load address
where it needs to be loaded in memory.
This patch introduces a SP populator function which gets UUID and load
address from firmware config device tree and updates its C data
structure.
Change-Id: I17faec41803df9a76712dcc8b67cadb1c9daf8cd
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
NOTE: Not all EL-2 system registers are saved/restored.
This subset includes registers recognized by ARMv8.0
Change-Id: I9993c7d78d8f5f8e72d1c6c8d6fd871283aa3ce0
Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
aarch32 CPUs speculatively execute instructions following a
ERET as if it was not a jump instruction. This could lead to
cache-based side channel vulnerabilities. The software fix is
to place barrier instructions following ERET.
The counterpart patch for aarch64 is merged:
https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=f461fe346b728d0e88142fd7b8f2816415af18bc
Change-Id: I2aa3105bee0b92238f389830b3a3b8650f33af3d
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
MISRA C-2012 Rule 20.7:
Macro parameter expands into an expression without being wrapped by parentheses.
MISRA C-2012 Rule 12.1:
Missing explicit parentheses on sub-expression.
MISRA C-2012 Rule 18.4:
Essential type of the left hand operand is not the same as that of the right
operand.
Include does not provide any needed symbols.
Change-Id: Ie1c6451cfbc8f519146c28b2cf15c50b1f36adc8
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location for the coreboot memory console.
This removes the base member from the coreboot specific data structure,
but keeps the struct console_cbmc_t and its size member.
Change-Id: I7f1dffd41392ba3fe5c07090aea761a42313fb5b
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: I7a23327394d142af4b293ea7ccd90b843c54587c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: I07a07677153d3671ced776671e4f107824d3df16
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
*All* UART drivers in TF-A are storing their base address as a uintptr_t
pointer in the first location of the UART specific driver data.
Since the base address is a pretty natural and generic data item, we
should integrate this into the generic console_t structure.
That will not only allow to remove a lot of seemingly UART specific data
structures, but also enables to simplify runtime choices between different
UARTs, since they can share the same pointer.
This patch just adds the new member, the existing data structures will
be handled on a per-UART base in follow-up patches.
Change-Id: I59ce49471ccc8f3b870f2cfd8a72ebfd0cb14d12
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Sheetal Tigadoli
Sandrine Bailleux
Masahiro Yamada
Varun Wadekar
Gilad Ben-Yossef
Scott Branden
Manish V Badarkhe
Alexei Fedorov
Yann Gautier
Mustafa Yigit Bilgen
Olivier Deprez
Kalyani Chidambaram
Andre Przywara
Max Shvetsov
Madhukar Pappireddy
Sumit Garg
Manish Pandey
Louis Mayencourt