This patch adds the functionality needed for platforms to provide
Branch Target Identification (BTI) extension, introduced to AArch64
in Armv8.5-A by adding BTI instruction used to mark valid targets
for indirect branches. The patch sets new GP bit [50] to the stage 1
Translation Table Block and Page entries to denote guarded EL3 code
pages which will cause processor to trap instructions in protected
pages trying to perform an indirect branch to any instruction other
than BTI.
BTI feature is selected by BRANCH_PROTECTION option which supersedes
the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication
and is disabled by default. Enabling BTI requires compiler support
and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0.
The assembly macros and helpers are modified to accommodate the BTI
instruction.
This is an experimental feature.
Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3
is now made as an internal flag and BRANCH_PROTECTION flag should be
used instead to enable Pointer Authentication.
Note. USE_LIBROM=1 option is currently not supported.
Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
1) Fix links in "about" page
2) Put back the "contents" page with adjusted links
Change-Id: Id09140b91df5cf0a275149801d05d8cfeeda1c6e
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
1) Replace references to "Arm Trusted Firmware" with "TF-A"
2) Update issue tracker link
Change-Id: I12d827d49f6cc34e46936d7f7ccf44e32b26a0bd
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
The documentation contains plenty of notes and warnings. Enable
special rendering of these blocks by converting the note prefix
into a .. note:: annotation.
Change-Id: I34e26ca6bf313d335672ab6c2645741900338822
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
- Make the list of contributors into an actual list
- Use note syntax for the note
- Remove the Individuals heading since there are none
This file could be considered for removal as it is a legacy
document, as its note explains.
Change-Id: Idf984bc192af7a0ec367a6642ab99ccccf5df1a8
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Several code blocks do not specify a language for syntax
highlighting. This results in Sphinx using a default highlighter
which is Python.
This patch adds the correct language to each code block that doesn't
already specify it.
Change-Id: Icce1949aabfdc11a334a42d49edf55fa673cddc3
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
One of the current issues with the documentation is that terms and
abbreviations are frequently redefined. For example, we might have
a sentence like "... the SCP (System Control Processor) will ...".
These definitions might be repeated several times across pages, or
even within the same document. Equally, some of these abbreviations
are missed and are never expanded.
Sphinx provides a :term: keyword that takes some text and,
if that text is defined in a glossary document, links to its glossary
entry. Using this functionality will prevent repeated definitions
and will make the docs more maintainable by using a single
definition source.
The glossary added in this patch was created from a quick scrub of
the source code - there may be missing entries. The SDEI abbreviation
was used as an example.
Note that a global_substitutions file was created. This file contains
the RST 'replace' statements that convert plain text terms into linked
terms (by adding the ':term:' keyword to them). An example is:
.. |TF-A| replace:: :term:`TF-A`
The 'rst_prolog' variable in conf.py is used to inject this list of
replacements into each page. Terms must be surrounded with the pipe
character to be turned into links - this means that we can still
prevent certain terms from being linked if we don't want them to be.
Change-Id: I87010ed9cfa4a60011a9b4a431b98cb4bb7baa28
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
These are no longer needed as there will always be a table of contents
rendered to the left of every page.
Some of these lists can be quite long and, when opening a page, the
reader sees nothing but a huge list of contents! After this patch,
the document contents are front-and-centre and the contents are
nicely rendered in the sidebar without duplication.
Change-Id: I444754d548ec91d00f2b04e861de8dde8856aa62
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Required so that the advisory documents are all valid RST files (with a
header) and that they all integrate into the document tree.
Change-Id: I68ca2b0b9e648e24b460deb772c471a38518da26
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The platform port documents are not very standardised right now and
they don't integrate properly into the document tree so:
1) Make sure each port has a proper name and title (incl. owner)
2) Correct use of headings, subheadings, etc in each port
3) Resolve any naming conflicts between documents
Change-Id: I4c2da6f57172b7f2af3512e766ae9ce3b840b50f
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Required work to make all documents sit at the correct levels within
the document tree and any derived content like the table of contents
and the categories in the sidebar.
Change-Id: I4885fbe30864a87c8822ee67482b71fb46a8fbc6
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
This patch attempts to standardise the document titles as well as
adding titles to documents that were missing one. The aim is to
remove needless references to "TF-A" or "Trusted Firmware" in the
title of every document and to make sure that the title matches
with the document content.
Change-Id: I9b93ccf43b5d57e8dc793a5311b8ed7c4dd245cc
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Previously the readme.rst file served as the entrypoint for the
documentation. With a Sphinx build the top-level document is set
to be index.rst as it contains the primary document index.
This patch moves some content from readme.rst into index.rst and
splits the license information out into license.rst.
Change-Id: I5c50250b81136fe36aa9ceedaae302b44ec11e47
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
This change creates the following directories under docs/
in order to provide a grouping for the content:
- components
- design
- getting_started
- perf
- process
In each of these directories an index.rst file is created
and this serves as an index / landing page for each of the
groups when the pages are compiled. Proper layout of the
top-level table of contents relies on this directory/index
structure.
Without this patch it is possible to build the documents
correctly with Sphinx but the output looks messy because
there is no overall hierarchy.
Change-Id: I3c9f4443ec98571a56a6edf775f2c8d74d7f429f
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Add the essentials for supporting a Sphinx documentation build:
- A makefile under docs/ to invoke Sphinx with the desired output
format
- A Sphinx master configuration file (conf.py)
- A single, top-level index page (index.rst)
- The TF.org logo that is integrated in the the sidebar of the
rendered output
Change-Id: I85e67e939658638337ca7972936a354878083a25
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
1) One space was missing from the indentation and, hence, rendering error
was generated in the user guide.
2) Partially reword Pointer Authentication related info.
Change-Id: Id5e65d419ec51dd7764f24d1b96b6c9942d63ba4
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
The workarounds for errata 1257314, 1262606, 1262888 and 1275112 are
added to the Cortex-A76 cpu specific file. The workarounds are disabled
by default and have to be explicitly enabled by the platform integrator.
Change-Id: I70474927374cb67725f829d159ddde9ac4edc343
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch fixes this issue:
https://github.com/ARM-software/tf-issues/issues/660
The introduced changes are the following:
1) Some cores implement cache coherency maintenance operation on the
hardware level. For those cores, such as - but not only - the DynamIQ
cores, it is mandatory that TF-A is compiled with the
HW_ASSISTED_COHERENCY flag. If not, the core behaviour at runtime is
unpredictable. To prevent this, compile time checks have been added and
compilation errors are generated, if needed.
2) To enable this change for FVP, a logical separation has been done for
the core libraries. A system cannot contain cores of both groups, i.e.
cores that manage coherency on hardware and cores that don't do it. As
such, depending on the HW_ASSISTED_COHERENCY flag, FVP includes the
libraries only of the relevant cores.
3) The neoverse_e1.S file has been added to the FVP sources.
Change-Id: I787d15819b2add4ec0d238249e04bf0497dc12f3
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
On certain platforms it does not make sense to generate
TF-A binary images. For example a platform could make use of serveral
memory areas, which are non-continuous and the resulting binary
therefore would suffer from the padding-bytes.
Typically these platforms use the ELF image.
This patch introduces a variable DISABLE_BIN_GENERATION, which
can be set to '1' in the platform makefile to prevent the binary
generation.
Signed-off-by: Christoph Müllner <christophm30@gmail.com>
Change-Id: I62948e88bab685bb055fe6167d9660d14e604462
The current stack-protector support is for none, "strong" or "all".
The default use of the flag enables the stack-protection to all
functions that declare a character array of eight bytes or more in
length on their stack.
This option can be tuned with the --param=ssp-buffer-size=N option.
Change-Id: I11ad9568187d58de1b962b8ae04edd1dc8578fb0
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Since STM32MP1 platform supports different boards, it is necessary
to build for a particular board. With the current instructions, the
user has to modify the DTB_FILE_NAME variable in platform.mk for
building for a particular board, but this can be avoided by passing
the appropriate board DTB name via DTB_FILE_NAME make variable.
Hence document the same in platform doc.
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Change-Id: I16797e7256c7eb699a7b8846356fe430d0fe0aa1
This adds a rockchip.rst to docs/plat documenting the general
approach to using the Rockchip ATF platforms together with the
supported bootloaders and also adds myself as maintainer after
making sure Tony Xie is ok with that.
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Change-Id: Idce53d15eff4ac6de05bbb35d86e57ed50d0cbb9
Support booting OP-TEE as BL32 boot stage and secure runtime
service.
OP-TEE executes in internal RAM and uses a secure DDR area to store
the pager pagestore. Memory mapping and TZC are configured accordingly
prior OP-TEE boot. OP-TEE image is expected in OP-TEE v2 format where
a header file describes the effective boot images. This change
post processes header file content to get OP-TEE load addresses
and set OP-TEE boot arguments.
Change-Id: I02ef8b915e4be3e95b27029357d799d70e01cd44
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Under certain near idle conditions, DSU may miss response transfers on
the ACE master or Peripheral port, leading to deadlock. This workaround
disables high-level clock gating of the DSU to prevent this.
Change-Id: I820911d61570bacb38dd325b3519bc8d12caa14b
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Under specific conditions, the processor might issue an eviction and an
L2 cache clean operation to the interconnect in the wrong order. Set
the CPUACTLR.ENDCCASCI bit to 1 to avoid this.
Change-Id: Ide7393adeae04581fa70eb9173b742049fc3e050
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
On Cortex A9 an errata can cause the processor to violate the rules for
speculative fetches when the MMU is off but branch prediction has not
been disabled. The workaround for this is to execute an Invalidate
Entire Branch Prediction Array (BPIALL) followed by a DSB.
see:http://arminfo.emea.arm.com/help/topic/com.arm.doc.uan0009d/UAN0009_cortex_a9_errata_r4.pdf
for more details.
Change-Id: I9146c1fa7563a79f4e15b6251617b9620a587c93
Signed-off-by: Joel Hutton <Joel.Hutton@arm.com>
The implementation of the heap function plat_get_mbedtls_heap() becomes
mandatory for platforms supporting TRUSTED_BOARD_BOOT.
The shared Mbed TLS heap default weak function implementation is
converted to a helper function get_mbedtls_heap_helper() which can be
used by the platforms for their own function implementation.
Change-Id: Ic8f2994e25e3d9fcd371a21ac459fdcafe07433e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
The user guide documentation for the cert_create tool needs to
mention that a platform must have a platform_oid.h header file
in order to successfully build the cert_create tool when
USE_TBBR_DEFS is 0.
Change-Id: I77f86a022d207e88a79c97741be3eafbfa0c86f1
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The data structures in the auth-framework were changed by the previous
patch, and need to be updated.
Change-Id: Icfad2ac688d03d32aa93e45f930a375abbc164a9
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
The change-log.rst file does not use the same symbols
as the other documents when organising its headings,
sub-headings and so on. In order to compile these
documents together with Sphinx, forming a top-level
index and a consistent structure, it is necessary to
normalise these.
Change-Id: Ib4620ff03a9e76fec9e36e95549016c7b3fe12bb
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Update the documentation for trustedfirmware.org migration
Change-Id: Ibb7052b0becbec3326164f1503806ca2c2fd4dcc
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
These SPM-related specifications are mentioned in the readme and
the change log. Update references to these specs to make it clear
that they are in draft form and are expected to change.
Change-Id: Ia2791c48c371a828246d96f102a402747cd69f96
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The latest version of GCC are required to use the new features of TF-A.
Suggest to use the latest version available on developer.arm.com instead
of the version specified on the Linaro Release notes.
At the time of writing, GCC 8.2-2019.01 is the latest version available.
Change-Id: Idd5c00749e39ca9dc8b7c5623b5d64356c9ce6e5
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Update both the readme and user guide on their shared "platform"
section.
Change-Id: Ia1f30acda45ac8facdcb7d540800191cdf6cdacf
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Make sure the steps in the user guide are up to date and can be
performed out of the box.
Change-Id: Ib4d959aa771cf515f74e150aaee2fbad24c18c38
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
This is the temporary contents page that links
to all other documents (except platform ports).
This page is needed during the
trustedfirmware.org migration, before we have a
Sphinx rendering pipeline set up, because cgit
doesn't offer a good way to view rendered docs
while browsing the tree. We need to have a links
page that can be opened from the cgit 'about'
view.
Change-Id: I3ad87a9fa8a14dc8e371aac7ee473575fed316bf
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Fixed the below bugs:
1) Bug related to build flag V=1: if the flag was V=0, building with
ROMLIB would fail.
2) Due to a syntax bug in genwrappers.sh, index file entries marked as
"patch" or "reserved" were ignored.
3) Added a prepending hash to constants that genwrappers is generating.
4) Due to broken dependencies, currently the inclusion functionality is
intentionally not utilised. This is why the contents of romlib/jmptbl.i
have been copied to platform specific jmptbl.i files. As a result of the
broken dependencies, when changing the index files, e.g. patching
functions, a clean build is always required. This is a known issue that
will be fixed in the future.
Change-Id: I9d92aa9724e86d8f90fcd3e9f66a27aa3cab7aaa
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
Declare ENABLE_PAUTH and CTX_INCLUDE_PAUTH_REGS
build options as experimental.
Pointer Authentication is enabled for Non-secure world
irrespective of the value of these build flags if the
CPU supports it.
The patch also fixes the description of fiptool 'help' command.
Change-Id: I46de3228fbcce774a2624cd387798680d8504c38
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
John Tsichritzis
Alexei Fedorov
Paul Beesley
kenny liang
Soby Mathew
Christoph Müllner
Louis Mayencourt
Manivannan Sadhasivam
Heiko Stuebner
Sandrine Bailleux
Yann Gautier
Joel Hutton
Ambroise Vincent
Remi Pommarel