The current IO block buffer overlaps with BL2 image location.
So, BL2 may corrupt itself.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Commit 6f62574767 ("Convert documentation to reStructuredText")
automatically converted all documents by a tool. I see some parts
were converted in an ugly way (or, at least, it is not my intention).
Also, the footnote is apparently broken.
I checked this document by my eyes, and reformated it so that it looks
nicer both in plain text and reST form.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
ARM TF does not work correctly if built with a version of gcc
that is configured to use PIE by default (e.g. Debian Stretch).
This patch identifies when such a version of gcc is being used
(by searching for --enable-default-pie) and adds -fno-PIE option
to TF_CFLAGS.
fixesarm-software/tf-issues#519
Change-Id: I2322122c49841746d35d152694e14f6f73beb0fd
Signed-off-by: David Cunado <david.cunado@arm.com>
Co-Authored-by: Evan Lloyd <evan.lloyd@arm.com>
Tested-by: Steve Capper <steve.capper@arm.com>
Tested-by: Alexei Fedorov <alexei.fedorov@arm.com>
The block operations were trying to optimize the number of memory
copies, and it tried to use directly the buffer supplied by the user
to them. This was a mistake because it created too many corner cases:
1- It was possible to generate unaligned
operations to unaligned buffers. Drivers that were using
DMA transfer failed in that case.
2- It was possible to generate read operations
with sizes that weren't a multiple of the block size. Some
low level drivers assumed that condition and they calculated
the number of blocks dividing the number of bytes by the
size of the block, without considering the remaining bytes.
3- The block_* operations didn't control the
number of bytes actually copied to memory, because the
low level drivers were writing directly to the user buffer.
This patch rewrite block_read and block_write to use always the device
buffer, which the platform ensures that has the correct aligment and
the correct size.
Change-Id: I5e479bb7bc137e6ec205a8573eb250acd5f40420
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
This partially reverts commit d6b532b50f, keeping only the fixes to
the assertions. The changes related to the order of arguments passed
to the secure partition were not correct and violated the
specification of the SP_EVENT_COMPLETE SMC.
This patch also improves the MM_COMMUNICATE argument validation. The
cookie argument, as it comes from normal world, can't be trusted and thus
needs to always be validated at run time rather than using an assertion.
Also validate the communication buffer address and return
INVALID_PARAMETER if it is zero, as per the MM specification.
Fix a few typos in comments and use the "secure partition" terminology
rather than "secure payload".
Change-Id: Ice6b7b5494b729dd44611f9a93d362c55ab244f7
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The security properties of some IP blocks are configured to secure mode
after reset. This means these IP blocks can only be accessed by cpus
in secure state by default. These should be configured correclty as needed.
Signed-off-by: y00241285 <yyangwei.yangwei@hisilicon.com>
Signed-off-by: Jiancheng Xue <xuejiancheng@hisilicon.com>
* Update the RockChip sub-maintainer from rkchrome to rockchip-linux
in maintainers.rst.
* Add missing documentation files and change extensions from `md` to `rst`.
* Add sub-maintainer for Socionext UniPhier platform.
Change-Id: I7f498316acb0f7947c6432dbe14988e61a8903fe
Co-Authored-By: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Dan Handley <dan.handley@arm.com>
A new platform define, `PLAT_SP_IMAGE_XLAT_SECTION_NAME`, has been
introduced to select the section where the translation tables used by
the S-EL1/S-EL0 are placed.
This define has been used to move the translation tables to DRAM secured
by TrustZone.
Most of the extra needed space in BL31 when SPM is enabled is due to the
large size of the translation tables. By moving them to this memory
region we can save 44 KiB.
A new argument has been added to REGISTER_XLAT_CONTEXT2() to specify the
region where the translation tables have to be placed by the linker.
Change-Id: Ia81709b4227cb8c92601f0caf258f624c0467719
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The document was being rendered incorrectly.
Change-Id: I6e243d17d7cb6247f91698bc195eb0f6efeb7d17
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
After returning from SYSTEM_SUSPEND state, BL31 reconfigures the
TrustZone Controller during the boot sequence. If BL31 is placed in
TZC-secured DRAM, it will try to change the permissions of the memory it
is being executed from, causing an exception.
The solution is to disable SYSTEM_SUSPEND when the Trusted Firmware has
been compiled with ``ARM_BL31_IN_DRAM=1``.
Change-Id: I96dc50decaacd469327c6b591d07964726e58db4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Common code mustn't include ARM platforms headers.
Change-Id: Ib6e4f5a77c2d095e6e8c3ad89c89cb1959cd3043
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
At present, both SDEI_PRIVATE_RESET and SDEI_SHARED_RESET returns
SDEI_PENDING if they fail to unregister an event. The SDEI specification
however requires that the APIs return SDEI_EDENY in these cases. This
patch fixes the return codes for the reset APIs.
Change-Id: Ic14484c91fa8396910387196c256d1ff13d03afd
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
ARM Power State Coordination Interface (ARM DEN 0022D) chapter
6.5 "Recommended StateID Encoding" defines the state ID which can be
used by platforms. The recommended power states can be presented by
below values; and it divides into three fields, every field has 4 bits
to present power states corresponding to core level, cluster level and
system level.
0: Run
1: Standby
2: Retention
3: Powerdown
This commit changes to use upper recommended power states definition on
Hikey960; and changes the power state validate function to check the
power state passed from kernel side.
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Previously the cache flush happened in 2 different places in code
depending on whether TRUSTED_BOARD_BOOT is enabled or not. This
patch unifies this code path for both the cases. The `load_image()`
function is now made an internal static function.
Change-Id: I96a1da29d29236bbc34b1c95053e6a9a7fc98a54
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch allows non-secure bus masters to access TZC region0 as well
as the EL3 Payload itself.
Change-Id: I7e44f2673a2992920d41503fb4c57bd7fb30747a
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The defines have been renamed to match the names used in the
documentation.
Change-Id: I2f18b65112d2db040a89d5a8522e9790c3e21628
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This includes the stdint header to declare the various types used within
the file, preventing build errors with recent GCC versions.
Change-Id: I9e7e92bb31deb58d4ff2732067dd88b53124bcc9
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
Added design documentation and usage guide for the AArch64 port of the
Arm Trusted Firmware to the Raspberry Pi 3.
Change-Id: I1be60fbbd54c797b48a1bcebfb944d332616a0de
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This port can be compiled to boot an AArch64 or AArch32 payload with the
build option `RPI3_BL33_AARCH32`.
Note: This is not a secure port of the Trusted Firmware. This port is
only meant to be a reference implementation to experiment with an
inexpensive board in real hardware.
Change-Id: Ide58114299289bf765ef1366199eb05c46f81903
Co-authored-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Pre-v8.2 platforms such as the Juno platform does not have
the Scalable Vector Extensions implemented and so the build
option ENABLE_SVE is set to zero.
This has a minor performance improvement with no functional
impact.
Change-Id: Ib072735db7a0247406f8b60e325b7e28b1e04ad1
Signed-off-by: David Cunado <david.cunado@arm.com>
This patch adds a new build option, ENABLE_SVE_FOR_NS, which when set
to one EL3 will check to see if the Scalable Vector Extension (SVE) is
implemented when entering and exiting the Non-secure world.
If SVE is implemented, EL3 will do the following:
- Entry to Non-secure world: SIMD, FP and SVE functionality is enabled.
- Exit from Non-secure world: SIMD, FP and SVE functionality is
disabled. As SIMD and FP registers are part of the SVE Z-registers
then any use of SIMD / FP functionality would corrupt the SVE
registers.
The build option default is 1. The SVE functionality is only supported
on AArch64 and so the build option is set to zero when the target
archiecture is AArch32.
This build option is not compatible with the CTX_INCLUDE_FPREGS - an
assert will be raised on platforms where SVE is implemented and both
ENABLE_SVE_FOR_NS and CTX_INCLUDE_FPREGS are set to 1.
Also note this change prevents secure world use of FP&SIMD registers on
SVE-enabled platforms. Existing Secure-EL1 Payloads will not work on
such platforms unless ENABLE_SVE_FOR_NS is set to 0.
Additionally, on the first entry into the Non-secure world the SVE
functionality is enabled and the SVE Z-register length is set to the
maximum size allowed by the architecture. This includes the use case
where EL2 is implemented but not used.
Change-Id: Ie2d733ddaba0b9bef1d7c9765503155188fe7dae
Signed-off-by: David Cunado <david.cunado@arm.com>
This patch updates Xilinx maintainers details
as sorenb is no more the maintainer for xilinx
and the email id is invalid now.
Signed-off-by: Siva Durga Prasad Paladugu <sivadur@xilinx.com>
The bl2_early_platform_setup() and bl2_platform_setup() were
redefined for Juno AArch32 eventhough CSS platform layer had
same definition for them. The CSS definitions definitions were
previously restricted to EL3_PAYLOAD_BASE builds and this is now
modified to include the Juno AArch32 builds as well thus
allowing us to remove the duplicate definitions in Juno platform
layer.
Change-Id: Ibd1d8c1428cc1d51ac0ba90f19f5208ff3278ab5
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch fixes a couple of issues for AArch32 builds on ARM reference
platforms :
1. The arm_def.h previously defined the same BL32_BASE value for AArch64 and
AArch32 build. Since BL31 is not present in AArch32 mode, this meant that
the BL31 memory is empty when built for AArch32. Hence this patch allocates
BL32 to the memory region occupied by BL31 for AArch32 builds.
As a side-effect of this change, the ARM_TSP_RAM_LOCATION macro cannot
be used to control the load address of BL32 in AArch32 mode which was
never the intention of the macro anyway.
2. A static assert is added to sp_min linker script to check that the progbits
are within the bounds expected when overlaid with other images.
3. Fix specifying `SPD` when building Juno for AArch32 mode. Due to the quirks
involved when building Juno for AArch32 mode, the build option SPD needed to
specifed. This patch corrects this and also updates the documentation in the
user-guide.
4. Exclude BL31 from the build and FIP when building Juno for AArch32 mode. As
a result the previous assumption that BL31 must be always present is removed
and the certificates for BL31 is only generated if `NEED_BL31` is defined.
Change-Id: I1c39bbc0abd2be8fbe9f2dea2e9cb4e3e3e436a8
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Masahiro Yamada
davidcunado-arm
Roberto Vargas
Sandrine Bailleux
Victor Chong
Jiancheng Xue
Dan Handley
Antonio Nino Diaz
Jeenu Viswambharan
Leo Yan
Soby Mathew
Paul Kocialkowski
Siva Durga Prasad Paladugu