Include TLK Dispatcher's documentation and add NVIDIA to the
Acknowledgements file. TLK is now a supported Trusted OS with
the Trusted Firmware.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds support to open/close secure sessions with Trusted
Apps and later send commands/events. Modify TLK_NUM_FID to indicate
the total number of FIDs available to the NS world.
Change-Id: I3f1153dfa5510bd44fc25f1fee85cae475b1abf1
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch allows servicing of the non-secure world IRQs when the
CPU is in the secure world. Once the interrupt is handled, the
non-secure world issues the Resume FID to allow the secure payload
complete the preempted standard FID.
Change-Id: Ia52c41adf45014ab51d8447bed6605ca2f935587
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds functionality to translate virtual addresses from
secure or non-secure worlds. This functionality helps Trusted Apps
to share virtual addresses directly and allows the NS world to
pass virtual addresses to TLK directly.
Change-Id: I77b0892963e0e839c448b5d0532920fb7e54dc8e
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch registers NS memory buffer with the secure payload using
two different functions IDs - REGISTER_LOGBUF, REGISTER_REQBUF.
a. The SP uses the log-buffer to store its activity logs, in a
pre-decided format. This helps in debugging secure payload's issues.
b. The SP uses the req-buffer to get the parameters required by
sessions with Trusted Applications.
Change-Id: I6b0247cf7790524132ee0da24f1f35b1fccec5d5
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
TLK Dispatcher (tlkd) is based on the tspd and is the glue required
to run TLK as a Secure Payload with the Trusted Firmware.
Change-Id: I69e573d26d52342eb049feef773dd7d2a506f4ab
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch removes the `owner` field in bakery_lock_t structure which
is the data structure used in the bakery lock implementation that uses
coherent memory. The assertions to protect against recursive lock
acquisition were based on the 'owner' field. They are now done based
on the bakery lock ticket number. These assertions are also added
to the bakery lock implementation that uses normal memory as well.
Change-Id: If4850a00dffd3977e218c0f0a8d145808f36b470
This patch optimizes the data structure used with the bakery lock
implementation for coherent memory to save memory and minimize memory
accesses. These optimizations were already part of the bakery lock
implementation for normal memory and this patch now implements
it for the coherent memory implementation as well. Also
included in the patch is a cleanup to use the do-while loop while
waiting for other contenders to finish choosing their tickets.
Change-Id: Iedb305473133dc8f12126726d8329b67888b70f1
The shell command used to list all files but the libc's ones
introduced in commit 95d5353c33 was incorrect. It was listing
subdirectories without referencing their parent directories.
This patch fixes it.
Also, the command used to invoke the checkpatch.pl script is now
printed when V=1.
Change-Id: Ie2f1e74f60d77e38c25e717cffa44ca03baec7b2
For Juno r0, the platform reset handler needs to:
- Implement the workaround for defect #831273
- Increase the L2 Data and Tag RAM latencies for Cortex-A57.
Defect #831273 does not affect Juno r1. Also, the default value
for the L2 Tag RAM latency for Cortex-A57 is suitable on Juno r1.
The L2 Data RAM latency for Cortex-A57 still needs to be
increased, though.
This patch modifies the Juno platform reset handler to detect
the board revision and skip the unnecessary steps on Juno r1.
The behaviour on Juno r0 is unchanged.
Change-Id: I27542917223e680ef923ee860900806ffcd0357b
On a GICv2 system, the group status of PPIs and SGIs is set in the GICD_IGROUPR0
register. On a GICv3 system, if affinity routing is enabled for the non-secure
state, then the group status of PPIs and SGIs should be set in the GICR_IGROUPR0
register. ARM Trusted firmware sets the group status using the GICv2
sequence. On a GICv3 system, if the group status of an interrupt is set to Group
1 through a write to the GICD_IGROUPR0, then the GICR_IGROUPR0 is updated as
well.
The current sequence is incorrect since it first marks all PPIs and SGIs as
Group 1. It then clears the bits in GICD_IGROUPR0 corresponding to secure
interrupts to set their group status to Group 0. This operation is a no-op. It
leaves the secure generic timer interrupt (#29) used by the TSP marked as Group
1. This causes the interrupt to interfere with the execution of non-secure
software. Once an interrupt has been marked as Group 1, the GICR_IGROUPR0 should
be programmed to change its group status.
This patch rectifies this issue by setting the group status of only the
non-secure PPI and SGIs to Group 1 in the first place. GICD_IGROUPR0 resets to
0. So secure interrupts are marked as Group 0 by default.
Change-Id: I958b4b15f3e2b2444ce4c17764def36216498d00
This patch updates the FVP and Juno platform ports to use the common
driver for ARM Cache Coherent Interconnects.
Change-Id: Ib142f456b9b673600592616a2ec99e9b230d6542
Even though both CCI-400 and CCI-500 IPs have different configurations
with respect to the number and types of supported interfaces, their
register offsets and programming sequences are similar. This patch
creates a common driver for enabling and disabling snoop transactions
and DVMs with both the IPs.
New platform ports which implement one of these IPs should use this
common driver. Existing platform ports which implement CCI-400 should
migrate to the common driver as the standalone CCI-400 will be
deprecated in the future.
Change-Id: I3ccd0eb7b062922d2e4a374ff8c21e79fa357556
This patch defines the ARRAY_SIZE macro for calculating number of elements
in an array and uses it where appropriate.
Change-Id: I72746a9229f0b259323972b498b9a3999731bc9b
The cpu-ops pointer was initialized before enabling the data cache in the cold
and warm boot paths. This required a DCIVAC cache maintenance operation to
invalidate any stale cache lines resident in other cpus.
This patch moves this initialization to the bl31_arch_setup() function
which is always called after the data cache and MMU has been enabled.
This change removes the need:
1. for the DCIVAC cache maintenance operation.
2. to initialise the CPU ops upon resumption from a PSCI CPU_SUSPEND
call since memory contents are always preserved in this case.
Change-Id: Ibb2fa2f7460d1a1f1e721242025e382734c204c6
By default, the checkpatch script requires that commit references
included in commit messages follow a predefined format. Github
merge commits do not follow this convention, causing the code
style test to fail when a new pull request is created.
This patch adds the ignore GIT_COMMIT_ID option to the checkpatch
parameters. This flag indicates the tool to ignore the commit
message format.
Change-Id: I37133cc5cf803f664b8ff00f62d458b39f06918c
Cortex-A57 erratum #806969 applies to revision r0p0 of the CPU
but does not manifest itself on Juno r0. It is not applicable
to Juno r1 in any case.
This patch modifies the Juno platform Makefile to no longer
compile this erratum workaround in.
Change-Id: I32b16835b2ac897e639e869ab2b78b62a51a0139
Commit ea4ec3aad5 ("TBB: use SHA256 to generate the certificate
signatures") updated the cert_create tool to generate the
signatures using SHA256 instead of SHA1. Therefore, SHA1 is no
longer required.
This patch removes the SHA1 option from the PolarSSL configuration
file. The source file sha1.c is no longer needed and has been
excluded from the build. The SHA1 functions are no longer included
in the binary, reducing the memory footprint of BL1 and BL2 by
approximately 6 KB.
Change-Id: I72ea2cff03c0964c3eaadce148ec2ad2c6dde2e3
The 'libssl-dev' package must be installed on the host to build the
certificate generation tool. This patch adds it to the list of
required tools in the User Guide.
Change-Id: I018381fb14b7c2d2bd6f2b7929aaad0571f7eb2e
The message printed by 'make help' is incomplete. It doesn't
mention all relevant supported targets. This patch updates it.
The format of the first line of the help message has been changed
so that it no longer lists all supported targets. This eases the
maintenance as we don't need to update the list in 2 places
anymore whenever a new target is added.
Also add a reference to the user guide to get the list of
supported options.
Change-Id: I79d8b815b0ffc0c43b4c05124378fce0e938365c
This patch modifies the declarations of the functions printf() et al.
and adds the right GCC attribute to request the compiler to check
the type of the arguments passed to these functions against the given
format string. This will ensure that the compiler outputs warning
messages like the following whenever it detects an inconsistency:
file.c:42: warning: format ‘%d’ expects type ‘int’, but argument 3 has type ‘long int’
It also fixes the type mismatch inconsistencies that it revealed
across the code base.
NOTE: THIS PATCH MAY FORCE PLATFORM PORTS OR SP/SPDS THAT USE THE
PRINTF FAMILY OF FUNCTIONS TO FIX ANY TYPE MISMATCH INCONSISTENCIES.
Change-Id: If36bb54ec7d6dd2cb4791d89b02a24ac13fd2df6
This patch replaces SHA1 by SHA256 in the 'cert_create' tool, so
certificate signatures are generated according to the NSA Suite B
cryptographic algorithm requirements.
Documentation updated accordingly.
Change-Id: I7be79e6b2b62dac8dc78a4f4f5006e37686bccf6
Build target 'all' fails when GENERATE_COT=1 and no BL3-3 or
BL3-0 (if required) images are specified. The reason is that,
when GENERATE_COT=1, a dependency on the certificates is added
to the target 'all', and the certificates depend on the BL3-3
and BL3-0 images, causing the build process to fail if the
images are not specified.
This patch moves the dependency on the certificates from 'all' to
'fip'. Target 'all' may be used to build the individual images.
The certificates will be created by calling the target 'fip', where
BL3-3 and BL3-0 (if required) must be specified.
Change-Id: I870beb4e8f9f1bfad1d35b09c850a7ce3c9f4ec6
All coding style violations have been fixed in a previous patch and
since then, each individual patch has been checked in this regard.
However, the latest version of the checkpatch.pl script from the Linux
kernel is more advanced and it is able to flag new errors in the
Trusted Firmware codebase. This patch fixes them.
Change-Id: I1f332f2440984be85d36b231bb83260368987077
The C library source files embedded into the Trusted Firmware
tree are not required to comply to the Linux Coding Style.
Unfortunately, 'make checkpatch' does take them into account.
This patch modifies the Makefile so that the C library source
and header files are now ignored by 'make checkpatch'.
It also instructs the checkpatch.pl script to not treat the
presence of a 'Change-Id' line in the commit message as an error.
Change-Id: I38196202efe518bae3a57c2affe2ed7758c9f69c
By default the SMMU for the DMA-330 is configured to mark some stream IDs
as always belonging to the Secure world. As a result, if EL1 software turns
the SMMU on, certain Non-Secure accesses get rewritten as Secure, making
them bypass translation and access Secure physical addresses directly.
Since the current Juno board firmware configures the DMA-330 hardware as
Non-Secure, rewrite the SMMU's default SSD table as well to prevent any
unexpected behaviour in EL1.
Change-Id: Iaa81d883eecf28d80eb182b9ce475684bf9c718c
This patch removes the plat_get_max_afflvl() platform API
and instead replaces it with a platform macro PLATFORM_MAX_AFFLVL.
This is done because the maximum affinity level for a platform
is a static value and it is more efficient for it to be defined
as a platform macro.
NOTE: PLATFORM PORTS NEED TO BE UPDATED ON MERGE OF THIS COMMIT
FixesARM-Software/tf-issues#265
Change-Id: I31d89b30c2ccda30d28271154d869060d50df7bf
This patch defines MAX_MMAP_REGIONS separately for each BL stage
as per its requirements. This minimizes the size of the mmap[]
array.
FixesARM-Software/tf-issues#201
Change-Id: I19b15e1a91a8365b2ecf24e2cd71937cb73916b2
The command line options specified in the User Guide to run the AEMv8 Base FVP
with the legacy VE memory map apply only when the model is configured to use GIC
v2.0. This patch adds the 'gicv3.gicv2-only=1' to the command line to ensure
that the right version of GIC is used.
Change-Id: I34c44e19fd42c29818b734ac8f6aa9bf97b4e891
danh-arm
Varun Wadekar
Soby Mathew
Sandrine Bailleux
achingupta
Vikram Kanigiri
Juan Castillo
Robin Murphy