Assert a valid security state using the macro sec_state_is_valid().
Replace assert() with panic() in those cases that might arise
because of runtime errors and not programming errors.
Replace panic() with assert() in those cases that might arise
because of programming errors.
FixesARM-software/tf-issues#96
Change-Id: I51e9ef0439fd5ff5e0edfef49050b69804bf14d5
This patch adds the CPUECTLR_EL1 register and the CCI Snoop Control
register to the list of registers being reported when an unhandled
exception occurs.
Change-Id: I2d997f2d6ef3d7fa1fad5efe3364dc9058f9f22c
This patch reworks the crash reporting mechanism to further
optimise the stack and code size. The reporting makes use
of assembly console functions to avoid calling C Runtime
to report the CPU state. The crash buffer requirement is
reduced to 64 bytes with this implementation. The crash
buffer is now part of per-cpu data which makes retrieving
the crash buffer trivial.
Also now panic() will use crash reporting if
invoked from BL3-1.
FixesARM-software/tf-issues#199
Change-Id: I79d27a4524583d723483165dc40801f45e627da5
The patch implements a macro ASM_ASSERT() which can
be invoked from assembly code. When assertion happens,
file name and line number of the check is written
to the crash console.
FixesARM-software/tf-issues#95
Change-Id: I6f905a068e1c0fa4f746d723f18df60daaa00a86
This patch introduces platform APIs to initialise and
print a character on a designated crash console.
For the FVP platform, PL011_UART0 is the designated
crash console. The platform porting guide is also updated
to document the new APIs.
Change-Id: I5e97d8762082e0c88c8c9bbb479353eac8f11a66
This patch adds baud rate and UART clock frequency as parameters
to the pl011 driver api console_init(). This allows each platform
to specify UART clock and baud rate according to their specific
hardware implementation.
FixesARM-software/tf-issues#215
Change-Id: Id13eef70a1c530e709b34dd1e6eb84db0797ced2
This patch replaces the pl011 console family of functions
with their equivalents defined in assembly. The baud rate is
defined by the PL011_BAUDRATE macro and IBRD and FBRD values
for pl011 are computed statically. This patch will enable
us to invoke the console functions without the C Runtime Stack.
Change-Id: Ic3f7b7370ded38bf9020bf746b362081b76642c7
This patch reworks the manner in which the M,A, C, SA, I, WXN & EE bits of
SCTLR_EL3 & SCTLR_EL1 are managed. The EE bit is cleared immediately after reset
in EL3. The I, A and SA bits are set next in EL3 and immediately upon entry in
S-EL1. These bits are no longer managed in the blX_arch_setup() functions. They
do not have to be saved and restored either. The M, WXN and optionally the C
bit are set in the enable_mmu_elX() function. This is done during both the warm
and cold boot paths.
FixesARM-software/tf-issues#226
Change-Id: Ie894d1a07b8697c116960d858cd138c50bc7a069
This patch removes the allocation of memory for coherent stacks, associated
accessor function and some dead code which called the accessor function. It also
updates the porting guide to remove the concept and the motivation behind using
stacks allocated in coherent memory.
FixesARM-software/tf-issues#198
Change-Id: I00ff9a04f693a03df3627ba39727e3497263fc38
Print out Trusted Firmware version at runtime at each BL stage.
Message consists of TF version as defined statically in the Makefile
(e.g. v0.4), build mode (debug|release) and a customizable build
string:
1. By defining BUILD_STRING in command line when building TF
2. Default string is git commit ID
3. Empty if git meta-data is not available
FixesARM-software/tf-issues#203
Change-Id: I5c5ba438f66ab68810427d76b49c5b9177a957d6
This patch implements a "tf_printf" which supports only the commonly
used format specifiers in Trusted Firmware, which uses a lot less
stack space than the stdlib printf function.
FixesARM-software/tf-issues#116
Change-Id: I7dfa1944f4c1e634b3e2d571f49afe02d109a351
This patch uses stacks allocated in normal memory to enable the MMU early in the
warm boot path thus removing the dependency on stacks allocated in coherent
memory. Necessary cache and stack maintenance is performed when a cpu is being
powered down and up. This avoids any coherency issues that can arise from
reading speculatively fetched stale stack memory from another CPUs cache. These
changes affect the warm boot path in both BL3-1 and BL3-2.
The EL3 system registers responsible for preserving the MMU state are not saved
and restored any longer. Static values are used to program these system
registers when a cpu is powered on or resumed from suspend.
Change-Id: I8357e2eb5eb6c5f448492c5094b82b8927603784
This patch adds a 'flags' parameter to each exception level specific function
responsible for enabling the MMU. At present only a single flag which indicates
whether the data cache should also be enabled is implemented. Subsequent patches
will use this flag when enabling the MMU in the warm boot paths.
Change-Id: I0eafae1e678c9ecc604e680851093f1680e9cefa
This patch reworks the cold boot path across the BL1, BL2, BL3-1 and BL3-2 boot
loader stages to not use stacks allocated in coherent memory for early platform
setup and enabling the MMU. Stacks allocated in normal memory are used instead.
Attributes for stack memory change from nGnRnE when the MMU is disabled to
Normal WBWA Inner-shareable when the MMU and data cache are enabled. It is
possible for the CPU to read stale stack memory after the MMU is enabled from
another CPUs cache. Hence, it is unsafe to turn on the MMU and data cache while
using normal stacks when multiple CPUs are a part of the same coherency
domain. It is safe to do so in the cold boot path as only the primary cpu
executes it. The secondary cpus are in a quiescent state.
This patch does not remove the allocation of coherent stack memory. That is done
in a subsequent patch.
Change-Id: I12c80b7c7ab23506d425c5b3a8a7de693498f830
The ARM_GIC_ARCH build option was supposed to default to 2 on all
platforms. However, the default value was set in the FVP makefile
so for all other platforms it wasn't even defined.
This patch moves the default value to the main Makefile. The platform
port can then override it if needed.
Change-Id: I8e2da1cce7ffa3ed18814bbdcbcf2578101f18a6
platform_get_entrypoint() did not consider that a wakeup due to
System Reset Pin (by reading the power controller's PSYSR) requires
a cold boot. As a result, the code would execute the warm boot path
and eventually panic because entrypoint mailboxes are empty.
This patch ensures that the following wake-up reasons result in cold
boot:
- Cold Power-on
- System Reset Pin (includes reset by software)
FixesARM-software/tf-issues#217
Change-Id: I65ae0a0f7a46548b575900a5aac107d352b0e2cd
Update the "Memory layout on FVP platforms" section in the Firmware
Design document to reflect the overlaying of BL1 and BL2 images
by BL3-1 and BL3-2.
Also update the Porting Guide document to mention the
BL31_PROGBITS_LIMIT and BL32_PROGBITS_LIMIT constants.
Change-Id: I0b23dae5b5b4490a01be7ff7aa80567cff34bda8
- Add support for loading a BL3-0 image in BL2. Information about
memory extents is populated by platform-specific code. Subsequent
handling of BL3-0 is also platform specific.
The BL2 main function has been broken down to improve readability.
The BL3-2 image is now loaded before the BL3-3 image to align with
the boot flow.
- Build system: Add support for specifying a BL3-0 image that will be
included into the FIP image.
- IO FIP driver: Add support for identifying a BL3-0 image inside a
FIP image.
- Update the documentation to reflect the above changes.
Change-Id: I067c184afd52ccaa86569f13664757570c86fc48
This patch re-organizes the memory layout on FVP as to give the
BL3-2 image as much memory as possible.
Considering these two facts:
- not all images need to live in memory at the same time. Once
in BL3-1, the memory used by BL1 and BL2 can be reclaimed.
- when BL2 loads the BL3-1 and BL3-2 images, it only considers the
PROGBITS sections of those 2 images. The memory occupied by the
NOBITS sections will be touched only at execution of the BL3-x
images;
Then it is possible to choose the different base addresses such that
the NOBITS sections of BL3-1 and BL3-2 overlay BL1 and BL2.
On FVP we choose to put:
- BL1 and BL3-1 at the top of the Trusted RAM, with BL3-1 NOBITS
sections overlaying BL1;
- BL3-2 at the bottom of the Trusted RAM, with its NOBITS sections
overlaying BL2;
This is illustrated by the following diagram:
0x0404_0000 ------------ ------------------
| BL1 | <= | BL3-1 NOBITS |
------------ <= ------------------
| | <= | BL3-1 PROGBITS |
------------ ------------------
| BL2 | <= | BL3-2 NOBITS |
------------ <= ------------------
| | <= | BL3-2 PROGBITS |
0x0400_0000 ------------ ------------------
New platform-specific constants have been introduced to easily check
at link time that BL3-1 and BL3-2 PROGBITS sections don't overwrite
BL1 and BL2. These are optional and the platform code is free to define
them or not. If not defined, the linker won't attempt to check
image overlaying.
FixesARM-software/tf-issues#117
Change-Id: I5981d1c3d66ee70eaac8bd052630c9ac6dd8b042
CTX_INCLUDE_FPREGS make variable allows us to include or exclude FP
registers from context structure, in case FP is not used by TSPD.
FixesARM-software/tf-issues#194
Change-Id: Iee41af382d691340c7ae21830ad1bbf95dad1f4b
Refactor the FVP gic code in plat/fvp/fvp_gic.c to be a generic ARM
GIC driver in drivers/arm/gic/arm_gic.c. Provide the platform
specific inputs in the arm_gic_setup() function so that the driver
has no explicit dependency on platform code.
Provide weak implementations of the platform interrupt controller
API in a new file, plat/common/plat_gic.c. These simply call through
to the ARM GIC driver.
Move the only remaining FVP GIC function, fvp_gic_init() to
plat/fvp/aarch64/fvp_common.c and remove plat/fvp/fvp_gic.c
FixesARM-software/tf-issues#182
Change-Id: Iea82fe095fad62dd33ba9efbddd48c57717edd21
Changed the fvp_config array in fvp_common.c into a struct and
moved into a new optional common platform header,
include/plat/common/plat_config.h. Removed the config definitions
in fvp_def.h and updated all references to the platform config.
This makes the interface to the platform config cleaner and uses
a little less RAM.
FixesARM-software/tf-issues#180
Change-Id: I58dd7b3c150f24f7ee230a26fd57c827853ba803
Currently the TCR bits are hardcoded in xlat_tables.c. In order to
map higher physical address into low virtual address, the TCR bits
need to be configured accordingly.
This patch is to save the max VA and PA and calculate the TCR.PS/IPS
and t0sz bits in init_xlat_tables function.
Change-Id: Ia7a58e5372b20200153057d457f4be5ddbb7dae4
There was already a rudimentary mechanism to detect whether BL1
R/W data was loaded at the top or bottom of memory. Basically,
- either BL1 was loaded at the very end of the trusted RAM
- in all other cases BL1 was considered sitting at the bottom of
the memory and the memory usage structure was updated accordingly,
potentially resulting in critical memory waste.
For instance, if BL1 R/W base address was set to
(TZRAM_END - 4096 - bl1_size), it would virtually occupy the whole
memory.
This patch improves the mechanism to detect the location of BL1
to avoid such scenarios.
Change-Id: I224a9edf0fe8d34208545d84b28b63f2bb830d03
This concept is no longer required since we now support loading of
images at fixed addresses only.
The image loader now automatically detects the position of the image
inside the current memory layout and updates the layout such that
memory fragmentation is minimised.
The 'attr' field of the meminfo data structure, which used to hold
the bottom/top loading information, has been removed. Also the 'next'
field has been removed as it wasn't used anywhere.
The 'init_bl2_mem_layout()' function has been moved out of common
code and put in BL1-specific code. It has also been renamed into
'bl1_init_bl2_mem_layout'.
FixesARM-software/tf-issues#109
Change-Id: I3f54642ce7b763d5ee3b047ad0ab59eabbcf916d
The code in the FVP port which checks the platform type and
revision information in the SYS_ID register strictly supported
only the first revision of the Base and Foundation FVPs.
The current check also does not reflect the fact that the
board revision field is 'local' to the board type (HBI field).
Support for a new Foundation model is required now, and the
checking code is relaxed to allow execution (with a diagnostic)
on unrecognised revisions of the Base and Foundation FVP.
Change-Id: I7cd3519dfb56954aafe5f52ce1fcea0ee257ba9f
Many of the interfaces internal to PSCI pass the current CPU
MPIDR_EL1 value from function to function. This is not required,
and with inline access to the system registers is less efficient
than requiring the code to read that register whenever required.
This patch remove the mpidr parameter from the affected interfaces
and reduces code in FVP BL3-1 size by 160 bytes.
Change-Id: I16120a7c6944de37232016d7e109976540775602
Making the simple mmio_read_*() and mmio_write_*() functions inline
saves 360 bytes of code in FVP release build.
FixesARM-software/tf-issues#210
Change-Id: I65134f9069f3b2d8821d882daaa5fdfe16355e2f
danh-arm
Juan Castillo
Soby Mathew
Achin Gupta
Sandrine Bailleux
Lin Ma
Andrew Thoelke