From commit: 21571b1d140ae7bb44e94c0afba2ec61456b275b
The coding guidelines[1] in TF-A forbid the use of ato*() functions
in favour of strto*(). However, the TF-A libc does not provide an
implementation of strto*(), making this rule impossible to satisfy.
Also made small changes to fit into TF-A project. Added the source
files to the libc makefile
[1] https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-guidelines.html#libc-functions-that-are-banned-or-to-be-used-with-caution
Change-Id: I2e94a0b227ec39f6f4530dc50bb477999d27730f
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
From commit: 21571b1d140ae7bb44e94c0afba2ec61456b275b
The coding guidelines[1] in TF-A forbid the use of ato*() functions
in favour of strto*(). However, the TF-A libc does not provide an
implementation of strto*(), making this rule impossible to satisfy.
Also made small changes to fit into TF-A project. Added the source
files to the libc makefile
[1] https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-guidelines.html#libc-functions-that-are-banned-or-to-be-used-with-caution
Change-Id: I9cb581574d46de73c3d6917ebf78935fc5ac075a
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
From commit: 21571b1d140ae7bb44e94c0afba2ec61456b275b
The coding guidelines[1] in TF-A forbid the use of ato*() functions
in favour of strto*(). However, the TF-A libc does not provide an
implementation of strto*(), making this rule impossible to satisfy.
Also made small changes to fit into TF-A project. Added the source
files to the libc makefile
[1] https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-guidelines.html#libc-functions-that-are-banned-or-to-be-used-with-caution
Change-Id: I8c3b92751d1ce226c966f7c81fedd83f0846865e
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
From commit: 21571b1d140ae7bb44e94c0afba2ec61456b275b
The coding guidelines[1] in TF-A forbid the use of ato*() functions
in favour of strto*(). However, the TF-A libc does not provide an
implementation of strto*(), making this rule impossible to satisfy.
Also made small changes to fit into TF-A project. Added the source
files to the libc makefile
[1] https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-guidelines.html#libc-functions-that-are-banned-or-to-be-used-with-caution
Change-Id: Ica95bf5da722913834fe90bf3fe743aa34e01e80
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Trace analysis of FVP_Base_AEMv8A 0.0/6063 model
running in Aarch32 mode with the build options
listed below:
TRUSTED_BOARD_BOOT=1 GENERATE_COT=1
ARM_ROTPK_LOCATION=devel_ecdsa KEY_ALG=ecdsa
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_ecdsa.pem
shows that when auth_signature() gets called
71.99% of CPU execution time is spent in memset() function
written in C using single byte write operations,
see lib\libc\memset.c.
This patch introduces new libc_asm.mk makefile which
replaces C memset() implementation with assembler
version giving the following results:
- for Aarch32 in auth_signature() call memset() CPU time
reduced to 20.56%.
The number of CPU instructions (Inst) executed during
TF-A boot stage before start of BL33 in RELEASE builds
for different versions is presented in the tables below,
where:
- C TF-A: existing TF-A C code;
- C musl: "lightweight code" C "implementation of the
standard library for Linux-based systems"
https://git.musl-libc.org/cgit/musl/tree/src/string/memset.c
- Asm Opt: assemler version from "Arm Optimized Routines"
project
https://github.com/ARM-software/optimized-routines/blob/
master/string/arm/memset.S
- Asm Linux: assembler version from Linux kernel
https://github.com/torvalds/linux/blob/master/arch/arm/lib/memset.S
- Asm TF-A: assembler version from this patch
Aarch32:
+-----------+------+------+--------------+----------+
| Variant | Set | Size | Inst | Ratio |
+-----------+------+------+--------------+----------+
| C TF-A | T32 | 16 | 2122110003 | 1.000000 |
| C musl | T32 | 156 | 1643917668 | 0.774662 |
| Asm Opt | T32 | 84 | 1604810003 | 0.756233 |
| Asm Linux | A32 | 168 | 1566255018 | 0.738065 |
| Asm TF-A | A32 | 160 | 1525865101 | 0.719032 |
+-----------+------+------+--------------+----------+
AArch64:
+-----------+------+------------+----------+
| Variant | Size | Inst | Ratio |
+-----------+------+------------+----------+
| C TF-A | 28 | 2732497518 | 1.000000 |
| C musl | 212 | 1802999999 | 0.659836 |
| Asm TF-A | 140 | 1680260003 | 0.614917 |
+-----------+------+------------+----------+
This patch modifies 'plat\arm\common\arm_common.mk'
by overriding libc.mk makefile with libc_asm.mk and
does not effect other platforms.
Change-Id: Ie89dd0b74ba1079420733a0d76b7366ad0157c2e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This reverts commit e7d344de01.
This reverts the patch https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/5313 due to a timing issue with the merge. The merge occurred at the same time as the additional comments and thusly were were not seen until the merge was done. This reverts the change and additional patches from Alexei will follow to address the concerns expressed in the orignal patch.
Change-Id: Iae5f6403c93ac13ceeda29463883fcd4c437f2b7
Trace analysis of FVP_Base_AEMv8A model running in
Aarch32 mode with the build options listed below:
TRUSTED_BOARD_BOOT=1 GENERATE_COT=1
ARM_ROTPK_LOCATION=devel_ecdsa KEY_ALG=ecdsa
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_ecdsa.pem
shows that when auth_signature() gets called
71.84% of CPU execution time is spent in memset() function
written in C using single byte write operations,
see lib\libc\memset.c.
This patch replaces C memset() implementation with assembler
version giving the following results:
- for Aarch32 in auth_signature() call memset() CPU time
reduced to 24.84%.
- Number of CPU instructions executed during TF-A
boot stage before start of BL33 in RELEASE builds:
----------------------------------------------
| Arch | C | assembler | % |
----------------------------------------------
| Aarch32 | 2073275460 | 1487400003 | -28.25 |
| Aarch64 | 2056807158 | 1244898303 | -39.47 |
----------------------------------------------
The patch also replaces memset.c with aarch64/memset.S
in plat\nvidia\tegra\platform.mk.
Change-Id: Ifbf085a2f577a25491e2d28446ee95a4ac891597
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This function scans a string backwards from the end for the first
instance of a character.
Change-Id: I46b21573ed25a0ff222eac340e1e1fb93b040763
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Now that setjmp() and longjmp() are compliant with the standard they can
be moved with the other libc files.
Change-Id: Iea3b91c34eb353ace5e171e72f331602d57774d5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Change their names to printf and snprintf. They are much smaller than
the previous versions we had, which makes them better suited for the
Trusted Firmware.
Change-Id: Ia872af91b7b967c47fce012eccecede7873a3daf
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The existing files had some style problems that this patch fixes.
Change-Id: I794e0d96e52f8da0ffa0d70a41f36c4432b4e563
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
sscanf() is unused and it doesn't work, so it doesn't make sense to
keep it.
timingsafe_bcmp() isn't used anywhere.
Change-Id: Ib5d28ff21d0f3ccc36c5c0fb5474b3384105cf80
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
TF Makefile was linking all the objects files generated for the
c library instead of creating a static library that could be
used in the linking stage.
Change-Id: I721daea097e9b13cbb42c9f8eaa2af8fea0799cf
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.
NOTE: Files that have been imported by FreeBSD have not been modified.
[0]: https://spdx.org/
Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Some side-channel attacks involve an attacker inferring something from
the time taken for a memory compare operation to complete, for example
when comparing hashes during image authentication. To mitigate this,
timingsafe_bcmp() must be used for such operations instead of the
standard memcmp().
This function executes in constant time and so doesn't leak any timing
information to the caller.
Change-Id: I470a723dc3626a0ee6d5e3f7fd48d0a57b8aa5fd
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This code has been imported and slightly adapted from FreeBSD:
6253393ad8/lib/libc/string/strnlen.c
Change-Id: Ie5ef5f92e6e904adb88f8628077fdf1d27470eb3
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
* Move stdlib header files from include/stdlib to include/lib/stdlib for
consistency with other library headers.
* Fix checkpatch paths to continue excluding stdlib files.
* Create stdlib.mk to define the stdlib source files and include directories.
* Include stdlib.mk from the top level Makefile.
* Update stdlib header path in the fip_create Makefile.
* Update porting-guide.md with the new paths.
Change-Id: Ia92c2dc572e9efb54a783e306b5ceb2ce24d27fa
In some build environments executable programs have a specific file
extension. The value of BIN_EXT is appended to the relevant tool file
names to allow for this.
The value of BIN_EXT is set, where appropriate, by the build environment
specific make helper (to .exe for Windows build environments).
.gitignore is updated to hide the new (.exe) files.
Change-Id: Icc32f64b750e425265075ad4e0dea18129640b86
Add make helper files to select the appropriate settings for the build
environment. Selection is made in make_helpers/build_env.mk, which
selects other files to include using generic build environment settings.
The Trusted Firmware Makefile and supporting tool Makefiles are updated
to include build_env.mk instead of unix.mk.
NOTE: This change does not fully enable builds in other build
environments. It facilitates this without compromising the
existing build environments.
Change-Id: Ic4064ffe6ce158bbd16d7cc9f27dd4655a3580f6
This patch extends the platform port by adding an API that returns
either the Root of Trust public key (ROTPK) or its hash. This is
usually stored in ROM or eFUSE memory. The ROTPK returned must be
encoded in DER format according to the following ASN.1 structure:
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING
}
In case the platform returns a hash of the key:
DigestInfo ::= SEQUENCE {
digestAlgorithm AlgorithmIdentifier,
keyDigest OCTET STRING
}
An implementation for ARM development platforms is provided in this
patch. When TBB is enabled, the ROTPK hash location must be specified
using the build option 'ARM_ROTPK_LOCATION'. Available options are:
- 'regs' : return the ROTPK hash stored in the Trusted
root-key storage registers.
- 'devel_rsa' : return a ROTPK hash embedded in the BL1 and
BL2 binaries. This hash has been obtained from the development
RSA public key located in 'plat/arm/board/common/rotpk'.
On FVP, the number of MMU tables has been increased to map and
access the ROTPK registers.
A new file 'board_common.mk' has been added to improve code sharing
in the ARM develelopment platforms.
Change-Id: Ib25862e5507d1438da10773e62bd338da8f360bf
This major change pulls out the common functionality from the
FVP and Juno platform ports into the following categories:
* (include/)plat/common. Common platform porting functionality that
typically may be used by all platforms.
* (include/)plat/arm/common. Common platform porting functionality
that may be used by all ARM standard platforms. This includes all
ARM development platforms like FVP and Juno but may also include
non-ARM-owned platforms.
* (include/)plat/arm/board/common. Common platform porting
functionality for ARM development platforms at the board
(off SoC) level.
* (include/)plat/arm/css/common. Common platform porting
functionality at the ARM Compute SubSystem (CSS) level. Juno
is an example of a CSS-based platform.
* (include/)plat/arm/soc/common. Common platform porting
functionality at the ARM SoC level, which is not already defined
at the ARM CSS level.
No guarantees are made about the backward compatibility of
functionality provided in (include/)plat/arm.
Also remove any unnecessary variation between the ARM development
platform ports, including:
* Unify the way BL2 passes `bl31_params_t` to BL3-1. Use the
Juno implementation, which copies the information from BL2 memory
instead of expecting it to persist in shared memory.
* Unify the TZC configuration. There is no need to add a region
for SCP in Juno; it's enough to simply not allow any access to
this reserved region. Also set region 0 to provide no access by
default instead of assuming this is the case.
* Unify the number of memory map regions required for ARM
development platforms, although the actual ranges mapped for each
platform may be different. For the FVP port, this reduces the
mapped peripheral address space.
These latter changes will only be observed when the platform ports
are migrated to use the new common platform code in subsequent
patches.
Change-Id: Id9c269dd3dc6e74533d0e5116fdd826d53946dc8
TLK Dispatcher (tlkd) is based on the tspd and is the glue required
to run TLK as a Secure Payload with the Trusted Firmware.
Change-Id: I69e573d26d52342eb049feef773dd7d2a506f4ab
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch introduces a framework which will allow CPUs to perform
implementation defined actions after a CPU reset, during a CPU or cluster power
down, and when a crash occurs. CPU specific reset handlers have been implemented
in this patch. Other handlers will be implemented in subsequent patches.
Also moved cpu_helpers.S to the new directory lib/cpus/aarch64/.
Change-Id: I1ca1bade4d101d11a898fb30fea2669f9b37b956
Remove all usage of the vpath keyword in makefiles as it was prone
to mistakes. Specify the relative paths to source files instead.
Also reorder source files in makefiles alphabetically.
FixesARM-software/tf-issues#121
Change-Id: Id15f60655444bae60e0e2165259efac71a50928b
Move almost all system include files to a logical sub-directory
under ./include. The only remaining system include directories
not under ./include are specific to the platform. Move the
corresponding source files to match the include directory
structure.
Also remove pm.h as it is no longer used.
Change-Id: Ie5ea6368ec5fad459f3e8a802ad129135527f0b3
bl1/aarch64/early_exceptions.S used to be re-used by BL2, BL3-1 and
BL3-2. There was some early SMC handling code in there that was not
required by the other bootloader stages. Therefore this patch
introduces an even simpler exception vector source file for BL2,
BL3-1 and BL3-2.
FixesARM-software/tf-issues#38
Change-Id: I0244b80e9930b0f8035156a0bf91cc3e9a8f995d
At present, the entry point for each BL image is specified via the
Makefiles and provided on the command line to the linker. When using a
link script the entry point should rather be specified via the ENTRY()
directive in the link script.
This patch updates linker scripts of all BL images to specify the entry
point using the ENTRY() directive. It also removes the --entry flag
passed to the linker through Makefile.
Fixes issue ARM-software/tf-issues#66
Change-Id: I1369493ebbacea31885b51185441f6b628cf8da0
This change requires all platforms to now specify a list of source files
rather than object files.
New source files should preferably be specified by using the path as
well and we should add this in the future for all files so we can remove
use of vpath. This is desirable because vpath hides issues like the fact
that BL2 currently pulls in a BL1 file bl1/aarch64/early_exceptions.S
and if in the future we added bl2/aarch64/early_exceptions.S then it's
likely only one of the two version would be used for both bootloaders.
This change also removes the 'dump' build target and simply gets
bootloaders to always generate a dump file. At the same time the -x
option is added so the section headers and symbols table are listed.
FixesARM-software/tf-issues#11
Change-Id: Ie38f7be76fed95756c8576cf3f3ea3b7015a18dc
Signed-off-by: Jon Medhurst <tixy@linaro.org>
This patch factors out the ARM FVP specific code to create MMU
translation tables so that it is possible for a boot loader stage to
create a different set of tables instead of using the default ones.
The default translation tables are created with the assumption that
the calling boot loader stage executes out of secure SRAM. This might
not be true for the BL3_2 stage in the future.
A boot loader stage can define the `fill_xlation_tables()` function as
per its requirements. It returns a reference to the level 1
translation table which is used by the common platform code to setup
the TTBR_EL3.
This patch is a temporary solution before a larger rework of
translation table creation logic is introduced.
Change-Id: I09a075d5da16822ee32a411a9dbe284718fb4ff6
Tidy up the spacing of variable definitions within the makefiles to make
them more consistent, easier to read and amend.
Change-Id: Ic6d7c8489ca4330824abb5cd1ead8f1d449d1a85
Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
Move all explicit platform or architecture specific references
into a new platform.mk file that is defined for each platform.
Change-Id: I9d6320d1ba957e0cc8d9b316b3578132331fa428
Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
- This change is split into two separate patches in order to
simplify the history as interpreted by 'git'. The split is
between the move/rename and addition of new files.
- Remove dependency on toolchain C library headers and functions in
order to ensure behavioural compatibility between toolchains.
- Use FreeBSD as reference for C library implementation.
- Do not let GCC use default library include paths.
- Remove unused definitions in modified headers and implementations.
- Move C library files to 'lib/stdlib' and 'include/stdlib'.
- Break std.c functions out into separate files.
Change-Id: I91cddfb3229775f770ad781589670c57d347a154
- Add instructions for contributing to ARM Trusted Firmware.
- Update copyright text in all files to acknowledge contributors.
Change-Id: I9311aac81b00c6c167d2f8c889aea403b84450e5
Madhukar Pappireddy
Alexei Fedorov
Mark Dykes
Ambroise Vincent
Antonio Nino Diaz
Roberto Vargas
dp-arm
Sandrine Bailleux
Dan Handley
Evan Lloyd
Juan Castillo
Varun Wadekar
Soby Mathew
Jeenu Viswambharan
Jon Medhurst
Achin Gupta
Ryan Harkin
Harry Liebel