refactor(console): disable getc() by defaultThe ability to read a character from the console constitutes an attackvector into TF-A, as it gives attackers a means to inject arbitrarydata into TF-A
refactor(console): disable getc() by defaultThe ability to read a character from the console constitutes an attackvector into TF-A, as it gives attackers a means to inject arbitrarydata into TF-A. It is dangerous to keep that feature enabled if notstrictly necessary, especially in production firmware builds.Thus, we need a way to disable this feature. Moreover, when it isdisabled, all related code should be eliminated from the firmwarebinaries, such that no remnant/dead getc() code remains in memory,which could otherwise be used as a gadget as part of a bigger securityattack.This patch disables getc() feature by default. For legitimate getc()use cases [1], it can be explicitly enabled by building TF-A withENABLE_CONSOLE_GETC=1.The following changes are introduced when getc() is disabled:- The multi-console framework no longer provides the console_getc() function.- If the console driver selected by the platform attempts to register a getc() callback into the multi-console framework then TF-A will now fail to build. If registered through the assembly function finish_console_register(): - On AArch64, you'll get: Error: undefined symbol CONSOLE_T_GETC used as an immediate value. - On AArch32, you'll get: Error: internal_relocation (type: OFFSET_IMM) not fixed up If registered through the C function console_register(), this requires populating a struct console with a getc field, which will trigger: error: 'console_t' {aka 'struct console'} has no member named 'getc'- All console drivers which previously registered a getc() callback have been modified to do so only when ENABLE_CONSOLE_GETC=1.[1] Example of such use cases would be: - Firmware recovery: retrieving a golden BL2 image over the console in order to repair a broken firmware on a bricked board. - Factory CLI tool: Drive some soak tests through the console.Discussed on TF-A mailing list here:https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/YS7F6RCNTWBTEOBLAXIRTXWIOYINVRW7/Change-Id: Icb412304cd23dbdd7662df7cf8992267b7975cc5Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>Acked-by: Baruch Siach <baruch@tkos.co.il>
show more ...
Don't return error information from console_flushAnd from crash_console_flush.We ignore the error information return by console_flush in _every_place where we call it, and casting the return typ
Don't return error information from console_flushAnd from crash_console_flush.We ignore the error information return by console_flush in _every_place where we call it, and casting the return type to void does notwork around the MISRA violation that this causes. Instead, we collectthe error information from the driver (to avoid changing that API), anddon't return it to the caller.Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
16550: Use generic console_t data structureSince now the generic console_t structure holds the UART base address aswell, let's use that generic location and drop the UART driver specificdata stru
16550: Use generic console_t data structureSince now the generic console_t structure holds the UART base address aswell, let's use that generic location and drop the UART driver specificdata structure at all.Change-Id: I5c2fe3b6a667acf80c808cfec4a64059a2c9c25fSigned-off-by: Andre Przywara <andre.przywara@arm.com>
console: 16550: Prepare for skipping initialisationOn some platforms the UART might have already been initialised, forinstance by firmware running before TF-A or by a separate managementprocessor
console: 16550: Prepare for skipping initialisationOn some platforms the UART might have already been initialised, forinstance by firmware running before TF-A or by a separate managementprocessor. In this case it would not be need to initialise it again(doing so could create spurious characters). But more importantly thissaves us from knowing the right baudrate and the right base clock ratefor the UART. This can lead to more robust and versatile firmware builds.Allow to skip the 16550 UART initialisation and baud rate divisorprogramming, by interpreting an input clock rate of "0" to signify thiscase. This will just skip the call to console_16550_core_init, but stillwill register the console properly.Users should just pass 0 as the second parameter, the baudrate (thirdparameter) will then be ignored as well.Fix copy & paste typos in comments for the console_16550_register()function on the way.Signed-off-by: Andre Przywara <andre.przywara@arm.com>Change-Id: I9f8fca5b358f878fac0f31dc411358fd160786ee
Remove MULTI_CONSOLE_API flag and references to itThe new API becomes the default one.Change-Id: Ic1d602da3dff4f4ebbcc158b885295c902a24fecSigned-off-by: Ambroise Vincent <ambroise.vincent@arm.co
Remove MULTI_CONSOLE_API flag and references to itThe new API becomes the default one.Change-Id: Ic1d602da3dff4f4ebbcc158b885295c902a24fecSigned-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
drivers: ti: uart: add a aarch32 variantRockchip re-uses the ti uart console driver and for aarch32 needs aspecific variant, so add it.There are also aarch32 ti socs, so it may be useful for them
drivers: ti: uart: add a aarch32 variantRockchip re-uses the ti uart console driver and for aarch32 needs aspecific variant, so add it.There are also aarch32 ti socs, so it may be useful for them as wellat some point.Signed-off-by: Heiko Stuebner <heiko@sntech.de>Change-Id: I31ede7cc7b10347b3691cff051db2b985fd59e17
Console: remove deprecated finish_console_registerThe old version of the macro is deprecated.Commit cc5859ca19ff ("Multi-console: Deprecate the`finish_console_register` macro") provides more det
Console: remove deprecated finish_console_registerThe old version of the macro is deprecated.Commit cc5859ca19ff ("Multi-console: Deprecate the`finish_console_register` macro") provides more details.Change-Id: I3d1cdf6496db7d8e6cfbb5804f508ff46ae7e67eSigned-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Sanitise includes across codebaseEnforce full include path for includes. Deprecate old paths.The following folders inside include/lib have been left unchanged:- include/lib/cpus/${ARCH}- inclu
Sanitise includes across codebaseEnforce full include path for includes. Deprecate old paths.The following folders inside include/lib have been left unchanged:- include/lib/cpus/${ARCH}- include/lib/el3_runtime/${ARCH}The reason for this change is that having a global namespace forincludes isn't a good idea. It defeats one of the advantages of havingfolders and it introduces problems that are sometimes subtle (becauseyou may not know the header you are actually including if there are twoof them).For example, this patch had to be created because two headers werecalled the same way: e0ea0928d5b7 ("Fix gpio includes of mt8173 platformto avoid collision."). More recently, this patch has had similarproblems: 46f9b2c3a282 ("drivers: add tzc380 support").This problem was introduced in commit 4ecca33988b9 ("Move include andsource files to logical locations"). At that time, there weren't toomany headers so it wasn't a real issue. However, time has shown thatthis creates problems.Platforms that want to preserve the way they include headers may add theremoved paths to PLAT_INCLUDES, but this is discouraged.Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8fSigned-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Multi-console: Deprecate the `finish_console_register` macroThe `finish_console_register` macro is used by the multi consoleframework to register the `console_t` driver callbacks. It reliedon wea
Multi-console: Deprecate the `finish_console_register` macroThe `finish_console_register` macro is used by the multi consoleframework to register the `console_t` driver callbacks. It reliedon weak references to the `ldr` instruction to populate 0 to thecallback in case the driver has not defined the appropriatefunction. Use of `ldr` instruction to load absolute address to areference makes the binary position dependant. These instructionsshould be replaced with adrp/adr instruction for position independantexecutable(PIE). But adrp/adr instructions don't work well with weakreferences as described in GNU ld bugzilla issue 22589.This patch defines a new version of `finish_console_register` macrowhich can spcify which driver callbacks are valid and deprecates theold one. If any of the argument is not specified, then the macropopulates 0 for that callback. Hence the functionality of the previousdeprecated macro is preserved. The USE_FINISH_CONSOLE_REG_2 defineis used to select the new variant of the macro and will be removedonce the deprecated variant is removed.All the upstream console drivers have been migrated to use the newmacro in this patch.NOTE: Platforms be aware that the new variant of the`finish_console_register` should be used and the old variant isdeprecated.Change-Id: Ia6a67aaf2aa3ba93932992d683587bbd0ad25259Signed-off-by: Soby Mathew <soby.mathew@arm.com>
pl011: cnds: cbmem: 16550: Fix commentsThe comments with the prototypes of the register functions of theconsole drivers are incorrect. The arguments are wrong. This patch fixesthem.Change-Id: I
pl011: cnds: cbmem: 16550: Fix commentsThe comments with the prototypes of the register functions of theconsole drivers are incorrect. The arguments are wrong. This patch fixesthem.Change-Id: I38c4b481ee69e840780111c42f03c0752eb6315cSigned-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
console: Remove deprecated filesChange-Id: Ib9eebbdff6f7868e1d1b8c41761cacc7501a25bdSigned-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
drivers: ti: uart: Add TI specific 16550 initializationOn TI platforms the UART is disabled by default and must be explicitlyenabled using the MDR1 register.NOTE: The original definition ofhttp
drivers: ti: uart: Add TI specific 16550 initializationOn TI platforms the UART is disabled by default and must be explicitlyenabled using the MDR1 register.NOTE: The original definition ofhttp://www.ti.com/lit/ds/symlink/pc16550d.pdf has no MDR register, butmany TI SoCs implementing 16550 do have a quirky MDR registerimplemented. So, this should be enabled with TI_16550_MDR_QUIRKNOTE: In such implementation, the CSR register does not exist.Signed-off-by: Benjamin Fair <b-fair@ti.com>Signed-off-by: Nishanth Menon <nm@ti.com>Signed-off-by: Andrew F. Davis <afd@ti.com>
drivers: ti: 16550: Implement console flushReplace placeholder by actual implementation.Change-Id: I0861b1ac5304b0d2d7c32d7d9a48bd985e258e92Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm
drivers: ti: 16550: Implement console flushReplace placeholder by actual implementation.Change-Id: I0861b1ac5304b0d2d7c32d7d9a48bd985e258e92Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
drivers: ti: uart: Update 16550 UART driver to support MULTI_CONSOLE_APIThis patch updates the TI 16550 console driver to support the newconsole API. The driver will continue to support the old AP
drivers: ti: uart: Update 16550 UART driver to support MULTI_CONSOLE_APIThis patch updates the TI 16550 console driver to support the newconsole API. The driver will continue to support the old API as well bychecking the MULTI_CONSOLE_API compile-time flag.Change-Id: I60a44b7ba3c35c74561824c04b8dbe3e3039324cSigned-off-by: Julius Werner <jwerner@chromium.org>
Use SPDX license identifiersTo make software license auditing simpler, use SPDX[0] licenseidentifiers instead of duplicating the license text in every file.NOTE: Files that have been imported by
Use SPDX license identifiersTo make software license auditing simpler, use SPDX[0] licenseidentifiers instead of duplicating the license text in every file.NOTE: Files that have been imported by FreeBSD have not been modified.[0]: https://spdx.org/Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761aSigned-off-by: dp-arm <dimitris.papastamos@arm.com>
drivers: ti: uart: remove UART_FCR writesThis patch removes the code that touched UART_FCR, fromconsole_core_putc(). The check for whether transmit FIFO isfull is sufficient before writing to UAR
drivers: ti: uart: remove UART_FCR writesThis patch removes the code that touched UART_FCR, fromconsole_core_putc(). The check for whether transmit FIFO isfull is sufficient before writing to UART TX FIFO. In factsetting UARTFCR_TXCLR immediately after a byte is written toFIFO might even result in loss of that byte, if UART hasn'tsent that byte out yet.Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Add console_core_flush() in upstream platformsIt is needed to add placeholders for this function because, as this isnot a `plat_xxx()` function, there aren't weak definitions of it in anyfile.I
Add console_core_flush() in upstream platformsIt is needed to add placeholders for this function because, as this isnot a `plat_xxx()` function, there aren't weak definitions of it in anyfile.If `console_flush()` is used and there isn't an implementation of`console_core_flush()` in any file, the compilation will fail.Change-Id: I50eb56d085c4c9fbc85d40c343e86af6412f3020Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
uart: 16550: Fix getctbz check for RDR status is to check for a bit being zero.Unfortunately, we are using a mask rather than the bit position.Further as per http://www.ti.com/lit/ds/symlink/pc1
uart: 16550: Fix getctbz check for RDR status is to check for a bit being zero.Unfortunately, we are using a mask rather than the bit position.Further as per http://www.ti.com/lit/ds/symlink/pc16550d.pdf (page 17),LSR register bit 0 is Data ready status (RDR), not bit position 2.Update the same to match the specification.Reported-by: Sekhar Nori <nsekhar@ti.com>Signed-off-by: Nishanth Menon <nm@ti.com>
Move console drivers to AArch64 folderThis patch moves the various assembly console driversinto `aarch64` architecture specific folder. Stub files,which include files from new location, are retai
Move console drivers to AArch64 folderThis patch moves the various assembly console driversinto `aarch64` architecture specific folder. Stub files,which include files from new location, are retained at theoriginal location for platform compatibility reasons.Change-Id: I0069b6c1c0489ca47f5204d4e26e3bc3def533a8
Driver for 16550 UART interfaceThis patch adds driver for the 16550 UART interface. The driver is exposedas a console, which platforms can use to dump their boot/crash logs.Signed-off-by: Varun
Driver for 16550 UART interfaceThis patch adds driver for the 16550 UART interface. The driver is exposedas a console, which platforms can use to dump their boot/crash logs.Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>