| #
6d8db46b |
| 21-Mar-2018 |
davidcunado-arm <david.cunado@arm.com> |
Merge pull request #1314 from antonio-nino-diaz-arm/an/smccc-header
Rename 'smcc' to 'smccc'
|
| #
085e80ec |
| 21-Mar-2018 |
Antonio Nino Diaz <antonio.ninodiaz@arm.com> |
Rename 'smcc' to 'smccc'
When the source code says 'SMCC' it is talking about the SMC Calling
Convention. The correct acronym is SMCCC. This affects a few definitions
and file names.
Some files hav
Rename 'smcc' to 'smccc'
When the source code says 'SMCC' it is talking about the SMC Calling
Convention. The correct acronym is SMCCC. This affects a few definitions
and file names.
Some files have been renamed (smcc.h, smcc_helpers.h and smcc_macros.S)
but the old files have been kept for compatibility, they include the
new ones with an ERROR_DEPRECATED guard.
Change-Id: I78f94052a502436fdd97ca32c0fe86bd58173f2f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
show more ...
|
| #
c7aa7fdf |
| 26-Feb-2018 |
davidcunado-arm <david.cunado@arm.com> |
Merge pull request #1263 from soby-mathew/sm/dyn_config
Dynamic Configuration Prototype
|
| #
566034fc |
| 08-Feb-2018 |
Soby Mathew <soby.mathew@arm.com> |
Add image_id to bl1_plat_handle_post/pre_image_load()
This patch adds an argument to bl1_plat_post/pre_image_load() APIs
to make it more future proof. The default implementation of
these are moved t
Add image_id to bl1_plat_handle_post/pre_image_load()
This patch adds an argument to bl1_plat_post/pre_image_load() APIs
to make it more future proof. The default implementation of
these are moved to `plat_bl1_common.c` file.
These APIs are now invoked appropriately in the FWU code path prior
to or post image loading by BL1 and are not restricted
to LOAD_IMAGE_V2.
The patch also reorganizes some common platform files. The previous
`plat_bl2_el3_common.c` and `platform_helpers_default.c` files are
merged into a new `plat_bl_common.c` file.
NOTE: The addition of an argument to the above mentioned platform APIs
is not expected to have a great impact because these APIs were only
recently added and are unlikely to be used.
Change-Id: I0519caaee0f774dd33638ff63a2e597ea178c453
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
show more ...
|
| #
aa965e15 |
| 20-Jul-2017 |
davidcunado-arm <david.cunado@arm.com> |
Merge pull request #1029 from islmit01/im/fix_includes
Fix order of includes
|
| #
2a4b4b71 |
| 11-Jul-2017 |
Isla Mitchell <isla.mitchell@arm.com> |
Fix order of #includes
This fix modifies the order of system includes to meet the ARM TF coding
standard. There are some exceptions in order to retain header groupings,
minimise changes to imported
Fix order of #includes
This fix modifies the order of system includes to meet the ARM TF coding
standard. There are some exceptions in order to retain header groupings,
minimise changes to imported headers, and where there are headers within
the #if and #ifndef statements.
Change-Id: I65085a142ba6a83792b26efb47df1329153f1624
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
show more ...
|
| #
d70a7d0c |
| 28-Jun-2017 |
danh-arm <dan.handley@arm.com> |
Merge pull request #978 from etienne-lms/minor-build
Minor build fixes
|
| #
ccf39111 |
| 26-Jun-2017 |
davidcunado-arm <david.cunado@arm.com> |
Merge pull request #994 from soby-mathew/sm/fwu_fix
Fix FWU and cache helper optimization
|
| #
2ed7b71e |
| 23-Jun-2017 |
Etienne Carriere <etienne.carriere@st.com> |
context_mgmt: declare extern cm_set_next_context() for AArch32
This change avoids warning when setting -Wmissing-prototypes to
compile bl1_context_mgmt.c.
Reported-by: Yann Gautier <yann.gautier@st
context_mgmt: declare extern cm_set_next_context() for AArch32
This change avoids warning when setting -Wmissing-prototypes to
compile bl1_context_mgmt.c.
Reported-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
show more ...
|
| #
ee05ae16 |
| 15-Jun-2017 |
Soby Mathew <soby.mathew@arm.com> |
Fix issues in FWU code
This patch fixes the following issues in Firmware Update (FWU) code:
1. The FWU layer maintains a list of loaded image ids and
while checking for image overlaps, INVALID_I
Fix issues in FWU code
This patch fixes the following issues in Firmware Update (FWU) code:
1. The FWU layer maintains a list of loaded image ids and
while checking for image overlaps, INVALID_IMAGE_IDs were not
skipped. The patch now adds code to skip INVALID_IMAGE_IDs.
2. While resetting the state corresponding to an image, the code
now resets the memory used by the image only if the image were
copied previously via IMAGE_COPY smc. This prevents the invalid
zeroing of image memory which are not copied but are directly
authenticated via IMAGE_AUTH smc.
Change-Id: Idf18e69bcba7259411c88807bd0347d59d9afb8f
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
show more ...
|
| #
4d96cad5 |
| 05-Jun-2017 |
danh-arm <dan.handley@arm.com> |
Merge pull request #962 from antonio-nino-diaz-arm/an/fwu-checks
FWU: Check for overlaps when loading images, introduce `FWU_SMC_IMAGE_RESET`
|
| #
9d6fc3c3 |
| 12-May-2017 |
Antonio Nino Diaz <antonio.ninodiaz@arm.com> |
FWU: Introduce FWU_SMC_IMAGE_RESET
This SMC is as a means for the image loading state machine to go from
COPYING, COPIED or AUTHENTICATED states to RESET state. Previously, this
was only done when t
FWU: Introduce FWU_SMC_IMAGE_RESET
This SMC is as a means for the image loading state machine to go from
COPYING, COPIED or AUTHENTICATED states to RESET state. Previously, this
was only done when the authentication of an image failed or when the
execution of the image finished.
Documentation updated.
Change-Id: Ida6d4c65017f83ae5e27465ec36f54499c6534d9
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
show more ...
|
| #
128daee2 |
| 01-Jun-2017 |
Antonio Nino Diaz <antonio.ninodiaz@arm.com> |
FWU: Check for overlaps when loading images
Added checks to FWU_SMC_IMAGE_COPY to prevent loading data into a
memory region where another image data is already loaded.
Without this check, if two im
FWU: Check for overlaps when loading images
Added checks to FWU_SMC_IMAGE_COPY to prevent loading data into a
memory region where another image data is already loaded.
Without this check, if two images are configured to be loaded in
overlapping memory regions, one of them can be loaded and
authenticated and the copy function is still able to load data from
the second image on top of the first one. Since the first image is
still in authenticated state, it can be executed, which could lead to
the execution of unauthenticated arbitrary code of the second image.
Firmware update documentation updated.
Change-Id: Ib6871e569794c8e610a5ea59fe162ff5dcec526c
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
show more ...
|
| #
81602a97 |
| 22-May-2017 |
danh-arm <dan.handley@arm.com> |
Merge pull request #939 from dp-arm/dp/AArch32_tbbr
Add TBBR and FWU support for AArch32
|
| #
a4409008 |
| 15-Feb-2017 |
dp-arm <dimitris.papastamos@arm.com> |
AArch32: Add `TRUSTED_BOARD_BOOT` support
This patch adds `TRUSTED_BOARD_BOOT` support for AArch32 mode.
To build this patch the "mbedtls/include/mbedtls/bignum.h"
needs to be modified to remove `#
AArch32: Add `TRUSTED_BOARD_BOOT` support
This patch adds `TRUSTED_BOARD_BOOT` support for AArch32 mode.
To build this patch the "mbedtls/include/mbedtls/bignum.h"
needs to be modified to remove `#define MBEDTLS_HAVE_UDBL`
when `MBEDTLS_HAVE_INT32` is defined. This is a workaround
for "https://github.com/ARMmbed/mbedtls/issues/708"
NOTE: TBBR support on Juno AArch32 is not currently supported.
Change-Id: I86d80e30b9139adc4d9663f112801ece42deafcf
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Co-Authored-By: Yatharth Kochar <yatharth.kochar@arm.com>
show more ...
|
| #
f132b4a0 |
| 04-May-2017 |
davidcunado-arm <david.cunado@arm.com> |
Merge pull request #925 from dp-arm/dp/spdx
Use SPDX license identifiers
|
| #
82cb2c1a |
| 03-May-2017 |
dp-arm <dimitris.papastamos@arm.com> |
Use SPDX license identifiers
To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.
NOTE: Files that have been imported by
Use SPDX license identifiers
To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.
NOTE: Files that have been imported by FreeBSD have not been modified.
[0]: https://spdx.org/
Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
show more ...
|
| #
0f22bef3 |
| 29-Apr-2017 |
Scott Branden <sbranden@users.noreply.github.com> |
Merge branch 'integration' into tf_issue_461
|
| #
79199f70 |
| 26-Apr-2017 |
davidcunado-arm <david.cunado@arm.com> |
Merge pull request #907 from antonio-nino-diaz-arm/an/smc-ret0
tspd:FWU:Fix usage of SMC_RET0
|
| #
7a317a70 |
| 04-Apr-2017 |
Antonio Nino Diaz <antonio.ninodiaz@arm.com> |
tspd:FWU:Fix usage of SMC_RET0
SMC_RET0 should only be used when the SMC code works as a function that
returns void. If the code of the SMC uses SMC_RET1 to return a value to
signify success and doe
tspd:FWU:Fix usage of SMC_RET0
SMC_RET0 should only be used when the SMC code works as a function that
returns void. If the code of the SMC uses SMC_RET1 to return a value to
signify success and doesn't return anything in case of an error (or the
other way around) SMC_RET1 should always be used to return clearly
identifiable values.
This patch fixes two cases in which the code used SMC_RET0 instead of
SMC_RET1.
It also introduces the define SMC_OK to use when an SMC must return a
value to tell that it succeeded, the same way as SMC_UNK is used in case
of failure.
Change-Id: Ie4278b51559e4262aced13bbde4e844023270582
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
show more ...
|
| #
108e4df7 |
| 16-Feb-2017 |
davidcunado-arm <david.cunado@arm.com> |
Merge pull request #834 from douglas-raillard-arm/dr/use_dc_zva_zeroing
Use DC ZVA instruction to zero memory
|
| #
308d359b |
| 02-Dec-2016 |
Douglas Raillard <douglas.raillard@arm.com> |
Introduce unified API to zero memory
Introduce zeromem_dczva function on AArch64 that can handle unaligned
addresses and make use of DC ZVA instruction to zero a whole block at a
time. This zeroing
Introduce unified API to zero memory
Introduce zeromem_dczva function on AArch64 that can handle unaligned
addresses and make use of DC ZVA instruction to zero a whole block at a
time. This zeroing takes place directly in the cache to speed it up
without doing external memory access.
Remove the zeromem16 function on AArch64 and replace it with an alias to
zeromem. This zeromem16 function is now deprecated.
Remove the 16-bytes alignment constraint on __BSS_START__ in
firmware-design.md as it is now not mandatory anymore (it used to comply
with zeromem16 requirements).
Change the 16-bytes alignment constraints in SP min's linker script to a
8-bytes alignment constraint as the AArch32 zeromem implementation is now
more efficient on 8-bytes aligned addresses.
Introduce zero_normalmem and zeromem helpers in platform agnostic header
that are implemented this way:
* AArch32:
* zero_normalmem: zero using usual data access
* zeromem: alias for zero_normalmem
* AArch64:
* zero_normalmem: zero normal memory using DC ZVA instruction
(needs MMU enabled)
* zeromem: zero using usual data access
Usage guidelines: in most cases, zero_normalmem should be preferred.
There are 2 scenarios where zeromem (or memset) must be used instead:
* Code that must run with MMU disabled (which means all memory is
considered device memory for data accesses).
* Code that fills device memory with null bytes.
Optionally, the following rule can be applied if performance is
important:
* Code zeroing small areas (few bytes) that are not secrets should use
memset to take advantage of compiler optimizations.
Note: Code zeroing security-related critical information should use
zero_normalmem/zeromem instead of memset to avoid removal by
compilers' optimizations in some cases or misbehaving versions of GCC.
Fixes ARM-software/tf-issues#408
Change-Id: Iafd9663fc1070413c3e1904e54091cf60effaa82
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
show more ...
|
| #
9e75fddc |
| 20-Dec-2016 |
Dan Handley <dan.handley@arm.com> |
Merge pull request #783 from danh-arm/sb/bl1-fwu-copy
|
| #
949a52d2 |
| 11-Nov-2016 |
Sandrine Bailleux <sandrine.bailleux@arm.com> |
Fix integer overflows in BL1 FWU code
Before adding a base address and a size to compute the end
address of an image to copy or authenticate, check this
won't result in an integer overflow. If it do
Fix integer overflows in BL1 FWU code
Before adding a base address and a size to compute the end
address of an image to copy or authenticate, check this
won't result in an integer overflow. If it does then consider
the input arguments are invalid.
As a result, bl1_plat_mem_check() can now safely assume the
end address (computed as the sum of the base address and size
of the memory region) doesn't overflow, as the validation is
done upfront in bl1_fwu_image_copy/auth(). A debug assertion
has been added nonetheless in the ARM implementation in order
to help catching such problems, should bl1_plat_mem_check()
be called in a different context in the future.
Fixes TFV-1: Malformed Firmware Update SMC can result in copy
of unexpectedly large data into secure memory
Change-Id: I8b8f8dd4c8777705722c7bd0e8b57addcba07e25
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Dan Handley <dan.handley@arm.com>
show more ...
|
| #
1bfb7068 |
| 14-Nov-2016 |
Sandrine Bailleux <sandrine.bailleux@arm.com> |
Add some debug assertions in BL1 FWU copy code
These debug assertions sanity check the state of the internal
FWU state machine data when resuming an incomplete image copy
operation.
Change-Id: I38a
Add some debug assertions in BL1 FWU copy code
These debug assertions sanity check the state of the internal
FWU state machine data when resuming an incomplete image copy
operation.
Change-Id: I38a125b0073658c3e2b4b1bdc623ec221741f43e
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
show more ...
|