| d50ece03 | 20-Feb-2017 |
Antonio Nino Diaz <antonio.ninodiaz@arm.com> |
Simplify translation tables headers dependencies
The files affected by this patch don't really depend on `xlat_tables.h`.
By changing the included file it becomes easier to switch between the
two ve
Simplify translation tables headers dependencies
The files affected by this patch don't really depend on `xlat_tables.h`.
By changing the included file it becomes easier to switch between the
two versions of the translation tables library.
Change-Id: Idae9171c490e0865cb55883b19eaf942457c4ccc
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
show more ...
|
| 308d359b | 02-Dec-2016 |
Douglas Raillard <douglas.raillard@arm.com> |
Introduce unified API to zero memory
Introduce zeromem_dczva function on AArch64 that can handle unaligned
addresses and make use of DC ZVA instruction to zero a whole block at a
time. This zeroing
Introduce unified API to zero memory
Introduce zeromem_dczva function on AArch64 that can handle unaligned
addresses and make use of DC ZVA instruction to zero a whole block at a
time. This zeroing takes place directly in the cache to speed it up
without doing external memory access.
Remove the zeromem16 function on AArch64 and replace it with an alias to
zeromem. This zeromem16 function is now deprecated.
Remove the 16-bytes alignment constraint on __BSS_START__ in
firmware-design.md as it is now not mandatory anymore (it used to comply
with zeromem16 requirements).
Change the 16-bytes alignment constraints in SP min's linker script to a
8-bytes alignment constraint as the AArch32 zeromem implementation is now
more efficient on 8-bytes aligned addresses.
Introduce zero_normalmem and zeromem helpers in platform agnostic header
that are implemented this way:
* AArch32:
* zero_normalmem: zero using usual data access
* zeromem: alias for zero_normalmem
* AArch64:
* zero_normalmem: zero normal memory using DC ZVA instruction
(needs MMU enabled)
* zeromem: zero using usual data access
Usage guidelines: in most cases, zero_normalmem should be preferred.
There are 2 scenarios where zeromem (or memset) must be used instead:
* Code that must run with MMU disabled (which means all memory is
considered device memory for data accesses).
* Code that fills device memory with null bytes.
Optionally, the following rule can be applied if performance is
important:
* Code zeroing small areas (few bytes) that are not secrets should use
memset to take advantage of compiler optimizations.
Note: Code zeroing security-related critical information should use
zero_normalmem/zeromem instead of memset to avoid removal by
compilers' optimizations in some cases or misbehaving versions of GCC.
Fixes ARM-software/tf-issues#408
Change-Id: Iafd9663fc1070413c3e1904e54091cf60effaa82
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
show more ...
|
| bd83b41a | 20-Dec-2016 |
danh-arm <dan.handley@arm.com> |
Merge pull request #791 from jeenu-arm/asm-assert-32
AArch32: Print ASM_ASSERT and panic messages |
| 99c5ebaf | 08-Nov-2016 |
Sandrine Bailleux <sandrine.bailleux@arm.com> |
Export is_mem_free() function
The is_mem_free() function used to be local to bl_common.c.
This patch exports it so that it can be used outside of bl_common.c.
Change-Id: I01dcb4229f3a36f56a4724b567
Export is_mem_free() function
The is_mem_free() function used to be local to bl_common.c.
This patch exports it so that it can be used outside of bl_common.c.
Change-Id: I01dcb4229f3a36f56a4724b567c5e6c416dc5e98
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
show more ...
|
| e12cb61f | 28-Nov-2016 |
Jeenu Viswambharan <jeenu.viswambharan@arm.com> |
AArch32: Print ASM_ASSERT and panic messages
ASM_ASSERT failure and panic messages are suppressed at present. This
patch enables printing the PC location for panic messages, and file name
and line n
AArch32: Print ASM_ASSERT and panic messages
ASM_ASSERT failure and panic messages are suppressed at present. This
patch enables printing the PC location for panic messages, and file name
and line number upon assembly assert failure.
Change-Id: I80cb715988e7ce766f64da1e1d7065a74a096a0c
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
show more ...
|
| 1b5fa6ef | 12-Dec-2016 |
danh-arm <dan.handley@arm.com> |
Merge pull request #774 from jeenu-arm/no-return-macro
Define and use no_ret macro where no return is expected |
| a806dad5 | 30-Nov-2016 |
Jeenu Viswambharan <jeenu.viswambharan@arm.com> |
Define and use no_ret macro where no return is expected
There are many instances in ARM Trusted Firmware where control is
transferred to functions from which return isn't expected. Such jumps
are ma
Define and use no_ret macro where no return is expected
There are many instances in ARM Trusted Firmware where control is
transferred to functions from which return isn't expected. Such jumps
are made using 'bl' instruction to provide the callee with the location
from which it was jumped to. Additionally, debuggers infer the caller by
examining where 'lr' register points to. If a 'bl' of the nature
described above falls at the end of an assembly function, 'lr' will be
left pointing to a location outside of the function range. This misleads
the debugger back trace.
This patch defines a 'no_ret' macro to be used when jumping to functions
from which return isn't expected. The macro ensures to use 'bl'
instruction for the jump, and also, for debug builds, places a 'nop'
instruction immediately thereafter (unless instructed otherwise) so as
to leave 'lr' pointing within the function range.
Change-Id: Ib34c69fc09197cfd57bc06e147cc8252910e01b0
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
show more ...
|
| 0f325c67 | 22-Nov-2016 |
Antonio Nino Diaz <antonio.ninodiaz@arm.com> |
Optimize cache flush when authenticating images
When loading and authenticating an image, all parent images must also
be authenticated. The parent images are just certificates that don't
need to be
Optimize cache flush when authenticating images
When loading and authenticating an image, all parent images must also
be authenticated. The parent images are just certificates that don't
need to be used by any other CPU except the one loading the image, and
so there is no need to flush the cache of memory regions where they
are loaded.
Change-Id: Ice8d6979d1c02eabf1a543281ae1a07d098e4a99
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
show more ...
|
| 1a0a3f06 | 28-Jun-2016 |
Yatharth Kochar <yatharth.kochar@arm.com> |
AArch32: Common changes needed for BL1/BL2
This patch adds common changes to support AArch32 state in
BL1 and BL2. Following are the changes:
* Added functions for disabling MMU from Secure state.
AArch32: Common changes needed for BL1/BL2
This patch adds common changes to support AArch32 state in
BL1 and BL2. Following are the changes:
* Added functions for disabling MMU from Secure state.
* Added AArch32 specific SMC function.
* Added semihosting support.
* Added reporting of unhandled exceptions.
* Added uniprocessor stack support.
* Added `el3_entrypoint_common` macro that can be
shared by BL1 and BL32 (SP_MIN) BL stages. The
`el3_entrypoint_common` is similar to the AArch64
counterpart with the main difference in the assembly
instructions and the registers that are relevant to
AArch32 execution state.
* Enabled `LOAD_IMAGE_V2` flag in Makefile for
`ARCH=aarch32` and added check to make sure that
platform has not overridden to disable it.
Change-Id: I33c6d8dfefb2e5d142fdfd06a0f4a7332962e1a3
show more ...
|
| 72600226 | 12-Sep-2016 |
Yatharth Kochar <yatharth.kochar@arm.com> |
Add new version of image loading.
This patch adds capability to load BL images based on image
descriptors instead of hard coded way of loading BL images.
This framework is designed such that it can
Add new version of image loading.
This patch adds capability to load BL images based on image
descriptors instead of hard coded way of loading BL images.
This framework is designed such that it can be readily adapted
by any BL stage that needs to load images.
In order to provide the above capability the following new
platform functions are introduced:
bl_load_info_t *plat_get_bl_image_load_info(void);
This function returns pointer to the list of images that the
platform has populated to load.
bl_params_t *plat_get_next_bl_params(void);
This function returns a pointer to the shared memory that the
platform has kept aside to pass trusted firmware related
information that next BL image needs.
void plat_flush_next_bl_params(void);
This function flushes to main memory all the params that
are passed to next image.
int bl2_plat_handle_post_image_load(unsigned int image_id)
This function can be used by the platforms to update/use
image information for given `image_id`.
`desc_image_load.c` contains utility functions which can be used
by the platforms to generate, load and executable, image list
based on the registered image descriptors.
This patch also adds new version of `load_image/load_auth_image`
functions in-order to achieve the above capability.
Following are the changes for the new version as compared to old:
- Refactor the signature and only keep image_id and image_info_t
arguments. Removed image_base argument as it is already passed
through image_info_t. Given that the BL image base addresses and
limit/size are already provided by the platforms, the meminfo_t
and entry_point_info arguments are not needed to provide/reserve
the extent of free memory for the given BL image.
- Added check for the image size against the defined max size.
This is needed because the image size could come from an
unauthenticated source (e.g. the FIP header).
To make this check, new member is added to the image_info_t
struct for identifying the image maximum size.
New flag `LOAD_IMAGE_V2` is added in the Makefile.
Default value is 0.
NOTE: `TRUSTED_BOARD_BOOT` is currently not supported when
`LOAD_IMAGE_V2` is enabled.
Change-Id: Ia7b643f4817a170d5a2fbf479b9bc12e63112e79
show more ...
|
| 51c79b73 | 30-Aug-2016 |
Soby Mathew <soby.mathew@arm.com> |
AArch32: resolve build error when LOG_LEVEL=50
This patch resolves a build error in Trusted Firmware when `ARCH=aarch32`
and LOG_LEVEL >= 50.
Change-Id: I62a23ded4a25304533cdcc5ff11442aee041709b |
| f6ace15f | 31-Aug-2016 |
davidcunado-arm <david.cunado@arm.com> |
Merge pull request #689 from yatharth-arm/yk/plat_report_expn
Remove looping around `plat_report_exception` |
| 5bbc451e | 17-Aug-2016 |
Yatharth Kochar <yatharth.kochar@arm.com> |
Remove looping around `plat_report_exception`
This patch removes the tight loop that calls `plat_report_exception`
in unhandled exceptions in AArch64 state.
The new behaviour is to call the `plat_re
Remove looping around `plat_report_exception`
This patch removes the tight loop that calls `plat_report_exception`
in unhandled exceptions in AArch64 state.
The new behaviour is to call the `plat_report_exception` only
once followed by call to `plat_panic_handler`.
This allows platforms to take platform-specific action when
there is an unhandled exception, instead of always spinning
in a tight loop.
Note: This is a subtle break in behaviour for platforms that
expect `plat_report_exception` to be continuously executed
when there is an unhandled exception.
Change-Id: Ie2453804b9b7caf9b010ee73e1a90eeb8384e4e8
show more ...
|
| efc759ad | 18-Aug-2016 |
danh-arm <dan.handley@arm.com> |
Merge pull request #686 from danh-arm/dh/remove-inv-dcache-after-auth
Remove dcache invalidation after image authentication |
| ad4494dc | 28-Jul-2016 |
Dan Handley <dan.handley@arm.com> |
Remove dcache invalidation after image authentication
At the end of successful image authentication in load_auth_image(),
the data cache for the virtual address range corresponding to the
image is i
Remove dcache invalidation after image authentication
At the end of successful image authentication in load_auth_image(),
the data cache for the virtual address range corresponding to the
image is invalidated (by a call to inv_dcache_range()). The intent
seems to be to ensure the data caches do not contain any sensitive
data used during authentication, which subsequent code can read.
However, this same address range is already flushed (cleaned and
invalidated by a call to flush_dcache_range()) at the end of
load_image(), and the subsequent invalidate has no functional
effect.
This patch removes the redundant call to inv_dcache_range(). It
also moves the flush_dcache_range() call from the end of load_image()
to the end of load_auth_image(), so the image data will remain in
the caches during authentication, improving performance.
This also improves the comments that explain the rationale for
calling flush_dcache_range() after image loading/authentication.
Change-Id: I14f17ad2935075ef6f3d1327361c5088bfb2d284
show more ...
|
| 1ae0a49a | 05-May-2016 |
Soby Mathew <soby.mathew@arm.com> |
AArch32: Add API to invoke runtime service handler
This patch adds an API in runtime service framework to
invoke the registered handler corresponding to the SMC function
identifier. This is helpful
AArch32: Add API to invoke runtime service handler
This patch adds an API in runtime service framework to
invoke the registered handler corresponding to the SMC function
identifier. This is helpful for AArch32 because the number of
arguments required by the handler is more than registers
available as per AArch32 program calling conventions and
requires the use of stack. Hence this new API will do the
necessary argument setup and invoke the appropriate
handler. Although this API is primarily intended for AArch32,
it can be used for AArch64 as well.
Change-Id: Iefa15947fe5a1df55b0859886e677446a0fd7241
show more ...
|
| bc202b44 | 05-May-2016 |
Soby Mathew <soby.mathew@arm.com> |
AArch32: Add tf_printf support
The tf_printf library uses 64 bit division to print numbers
in appropriate formats but AArch32 mode cannot do 64 bit division
natively. Hence this patch adds additiona
AArch32: Add tf_printf support
The tf_printf library uses 64 bit division to print numbers
in appropriate formats but AArch32 mode cannot do 64 bit division
natively. Hence this patch adds additional number printing routines
to handle AArch32 mode in tf_printf library. The decimal format
printing capability is limited to 32 bit integers whereas 64 bits
are supported in hexadecimal format. The library assumes that
secure world is running in Little-Endian mode to do bit
manipulations on 64 bit. Suitable assertions are present to
enforce this assumption.
Change-Id: I55a21e448cef4915d1834d76e48a84ccf0bec36d
show more ...
|
| f24307de | 05-May-2016 |
Soby Mathew <soby.mathew@arm.com> |
AArch32: Add assembly helpers
This patch adds various assembly helpers for AArch32 like :
* cache management : Functions to flush, invalidate and clean
cache by MVA. Also helpers to do cache operat
AArch32: Add assembly helpers
This patch adds various assembly helpers for AArch32 like :
* cache management : Functions to flush, invalidate and clean
cache by MVA. Also helpers to do cache operations by set-way
are also added.
* stack management: Macros to declare stack and get the current
stack corresponding to current CPU.
* Misc: Macros to access co processor registers in AArch32,
macros to define functions in assembly, assert macros, generic
`do_panic()` implementation and function to zero block of memory.
Change-Id: I7b78ca3f922c0eda39beb9786b7150e9193425be
show more ...
|
| 578b3ad7 | 28-Jul-2016 |
danh-arm <dan.handley@arm.com> |
Merge pull request #673 from soby-mathew/sm/coverity_issue
Improve debug assertion for runtime svc number |
| 5e5e4162 | 26-Jul-2016 |
Soby Mathew <soby.mathew@arm.com> |
Improve debug assertion for runtime svc number
This patch improves the debug assertion for runtime svc number
- Remove useless comparison ensuring that the number of descriptors
is a positive nu
Improve debug assertion for runtime svc number
This patch improves the debug assertion for runtime svc number
- Remove useless comparison ensuring that the number of descriptors
is a positive number. The variable is an unsigned integer so can't
be negative.
- Check that the end address of the descriptors is sane relative
to the start address.
Change-Id: Iea7be6b34e33b8b1cbd394eb923cc834ea964831
show more ...
|
| 7b6d330c | 12-Jul-2016 |
Sandrine Bailleux <sandrine.bailleux@arm.com> |
Ensure addresses in is_mem_free() don't overflow
This patch adds some runtime checks to prevent some potential
pointer overflow issues in the is_mem_free() function. The overflow
could happen in the
Ensure addresses in is_mem_free() don't overflow
This patch adds some runtime checks to prevent some potential
pointer overflow issues in the is_mem_free() function. The overflow
could happen in the case where the end addresses, computed as the
sum of a base address and a size, results in a value large enough
to wrap around. This, in turn, could lead to unpredictable behaviour.
If such an overflow is detected, the is_mem_free() function will now
declare the memory region as not free. The overflow is detected using
a new macro, called check_uptr_overflow().
This patch also modifies all other places in the 'bl_common.c' file
where an end address was computed as the sum of a base address and a
size and instead keeps the two values separate. This avoids the need
to handle pointer overflows everywhere. The code doesn't actually need
to compute any end address before the is_mem_free() function is called
other than to print information message to the serial output.
This patch also introduces 2 slight changes to the reserve_mem()
function:
- It fixes the end addresses passed to choose_mem_pos(). It was
incorrectly passing (base + size) instead of (base + size - 1).
- When the requested allocation size is 0, the function now exits
straight away and says so using a warning message.
Previously, it used to actually reserve some memory. A zero-byte
allocation was not considered as a special case so the function
was using the same top/bottom allocation mechanism as for any
other allocation. As a result, the smallest area of memory starting
from the requested base address within the free region was
reserved.
Change-Id: I0e695f961e24e56ffe000718014e0496dc6e1ec6
show more ...
|
| 3a26a28c | 28-Jun-2016 |
Sandrine Bailleux <sandrine.bailleux@arm.com> |
Make runtime_svc_init() function more robust
- Added some debug assertions checking that the runtime services
indexes computed by get_unique_oen() are sane.
- Do not print the name of the serv
Make runtime_svc_init() function more robust
- Added some debug assertions checking that the runtime services
indexes computed by get_unique_oen() are sane.
- Do not print the name of the service when its descriptor is
invalid. If the descriptor is corrupted then its name field
could be corrupted as well and we would end up reading an
arbitrary amount of invalid memory.
Change-Id: I16f61065277d01fe1555d5a9cf743f7b52ccaa60
show more ...
|
| 9d24d353 | 28-Jun-2016 |
Sandrine Bailleux <sandrine.bailleux@arm.com> |
Improvements to runtime service init code
Light refactoring of the code in runtime_svc.c file.
- Declare validate_rt_svc_desc()'s argument as const.
- Remove 'goto' path in runtime_svc_init(). I
Improvements to runtime service init code
Light refactoring of the code in runtime_svc.c file.
- Declare validate_rt_svc_desc()'s argument as const.
- Remove 'goto' path in runtime_svc_init(). It was used in one
place only.
- Improve code readability by declaring a local variable holding the
service pointer.
Change-Id: I3b15c5adb9f37b786b5b993a9be70ea9dd017a83
show more ...
|
| 532ed618 | 24-Mar-2016 |
Soby Mathew <soby.mathew@arm.com> |
Introduce `el3_runtime` and `PSCI` libraries
This patch moves the PSCI services and BL31 frameworks like context
management and per-cpu data into new library components `PSCI` and
`el3_runtime` resp
Introduce `el3_runtime` and `PSCI` libraries
This patch moves the PSCI services and BL31 frameworks like context
management and per-cpu data into new library components `PSCI` and
`el3_runtime` respectively. This enables PSCI to be built independently from
BL31. A new `psci_lib.mk` makefile is introduced which adds the relevant
PSCI library sources and gets included by `bl31.mk`. Other changes which
are done as part of this patch are:
* The runtime services framework is now moved to the `common/` folder to
enable reuse.
* The `asm_macros.S` and `assert_macros.S` helpers are moved to architecture
specific folder.
* The `plat_psci_common.c` is moved from the `plat/common/aarch64/` folder
to `plat/common` folder. The original file location now has a stub which
just includes the file from new location to maintain platform compatibility.
Most of the changes wouldn't affect platform builds as they just involve
changes to the generic bl1.mk and bl31.mk makefiles.
NOTE: THE `plat_psci_common.c` FILE HAS MOVED LOCATION AND THE STUB FILE AT
THE ORIGINAL LOCATION IS NOW DEPRECATED. PLATFORMS SHOULD MODIFY THEIR
MAKEFILES TO INCLUDE THE FILE FROM THE NEW LOCATION.
Change-Id: I6bd87d5b59424995c6a65ef8076d4fda91ad5e86
show more ...
|
| 4c0d0390 | 16-Jun-2016 |
Soby Mathew <soby.mathew@arm.com> |
Rework type usage in Trusted Firmware
This patch reworks type usage in generic code, drivers and ARM platform files
to make it more portable. The major changes done with respect to
type usage are as
Rework type usage in Trusted Firmware
This patch reworks type usage in generic code, drivers and ARM platform files
to make it more portable. The major changes done with respect to
type usage are as listed below:
* Use uintptr_t for storing address instead of uint64_t or unsigned long.
* Review usage of unsigned long as it can no longer be assumed to be 64 bit.
* Use u_register_t for register values whose width varies depending on
whether AArch64 or AArch32.
* Use generic C types where-ever possible.
In addition to the above changes, this patch also modifies format specifiers
in print invocations so that they are AArch64/AArch32 agnostic. Only files
related to upcoming feature development have been reworked.
Change-Id: I9f8c78347c5a52ba7027ff389791f1dad63ee5f8
show more ...
|