| /rk3399_ARM-atf/plat/arm/common/ |
| H A D | plat_arm_sip_svc.c | 52 for (uint64_t it = base; it < (base + size); it += PAGE_SIZE_4KB) { in plat_protect_memory() local
58 ? gpt_delegate_pas(it, PAGE_SIZE_4KB, in plat_protect_memory()
60 : gpt_undelegate_pas(it, PAGE_SIZE_4KB, in plat_protect_memory()
65 last_updated = it; in plat_protect_memory()
|
| /rk3399_ARM-atf/docs/threat_model/firmware_threat_model/ |
| H A D | threat_model_fw_update_and_recovery.rst | 12 Although it is a separate document, it references the :ref:`Generic Threat
58 it may be stored in untrusted storage, which makes it possible for software
59 outside of TF-A security boundary or for a physical attacker to modify it
65 tries to modify it to prevent the execution of the updated firmware.
73 attacks on it, if this is a concern in the platform's threat model.
75 access from secure software, protecting it from physical, unauthenticated
|
| /rk3399_ARM-atf/docs/plat/ |
| H A D | rpi4.rst | 47 connect to it (for example, with ``screen /dev/ttyUSB0 115200``) you should
55 port, also it deviates quite a lot from the RPi3 port in many other ways.
63 filesystem, so it will load further components and configuration files
68 If bootcode.bin finds a file called ``armstub8.bin`` on the SD card or it gets
69 pointed to such code by finding a ``armstub=`` key in ``config.txt``, it will
70 load this file to the beginning of DRAM (address 0) and execute it in
72 But before doing that, it will also load a "kernel" and the device tree into
75 armstub image file, it will put those two load addresses in memory locations
82 would work as well, as long as it can cope with having the DT address in
83 register x0. If the payload has other means of finding the device tree, it
|
| H A D | rpi3.rst | 28 This explains why it is possible to change the execution state (AArch64/AArch32)
35 SD card, it will load it and execute in EL2 in AArch64. Basically, it executes
38 - If there is also a file called ``armstub8.bin``, it will load it at address
39 **0x0** (instead of the default stub) and execute it in EL3 in AArch64. All
43 `Raspbian`_ distribution by renaming it to ``kernel8.img``, while TF-A and
45 default bootstrap code. When using a AArch64 kernel, it is only needed to make
53 To get the most out of a AArch32 kernel, we want to boot it in Hypervisor mode
56 is used for EL2. When using a AArch64 kernel, it should simply start in EL2.
66 file, but we can specify the address it is loaded to in ``config.txt``.
76 that it is loaded above 32MiB in order to avoid the need to relocate
[all …]
|
| H A D | socionext-uniphier.rst | 8 image from a non-volatile storage to the on-chip SRAM, and jumps over to it.
15 expands BL2 there, and hands the control over to it. Therefore, all images
23 it can not verify the BL2 image by itself. Instead, the UniPhier BL assures
42 setup, it decompresses the appended BL2 image into the DRAM, then jumps to
50 After loading all the images, it jumps to the BL31 entry.
93 in FIP, BL2 loads it into DRAM and kicks the SCP. Most of UniPhier boards
|
| H A D | meson-axg.rst | 16 In order to build it:
23 This port has been tested on a A113D board. After building it, follow the
|
| H A D | meson-gxbb.rst | 16 In order to build it:
22 This port has been tested in a ODROID-C2. After building it, follow the
|
| H A D | meson-g12a.rst | 16 In order to build it:
22 This port has been tested on a SEI510 board. After building it, follow the
|
| H A D | meson-gxl.rst | 16 In order to build it:
28 This port has been tested on a Lepotato. After building it, follow the
|
| /rk3399_ARM-atf/ |
| H A D | dco.txt | 10 license document, but changing it is not allowed.
18 have the right to submit it under the open source license
31 it.
35 personal information I submit with it, including my sign-off) is
|
| /rk3399_ARM-atf/tools/cot_dt2c/ |
| H A D | .gitignore | 35 # before PyInstaller builds the exe, so as to inject date/other infos into it.
95 # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
102 # Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
109 # Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
111 # pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
|
| /rk3399_ARM-atf/docs/security_advisories/ |
| H A D | security-advisory-tfv-10.rst | 34 | | vulnerability per se but it is required for |
41 parse boot certificates in TF-A trusted boot: it is possible for a crafted
49 To fully understand this security advisory, it is recommended to refer to the
66 However, it passes the end of an extension as the end pointer to these
76 holds. The result is that it is possible for ``get_ext()`` to read memory past
85 read 6 bytes, it is possible to read up to 6 bytes past the end of the buffer.
103 case, no matter the order of the properties in the file. Therefore, it is not
108 which greatly reduces the range of inputs it will ever receive and thus the
119 it from unauthorized rollback to a previous version (see ``auth_nvctr()``).
145 - Taken from an untrusted source (meaning that it is read prior to
[all …]
|
| /rk3399_ARM-atf/docs/perf/ |
| H A D | performance-monitoring-unit.rst | 47 configures it. The cycle counter has the ``PMCCFILTR_EL0`` register, which has
84 - If equal to the ``P`` bit it enables the associated ``PMEVCNTR<n>`` at
97 - If different to the ``NSH`` bit it enables the associated ``PMEVCNTR<n>``
104 - If equal to the ``P`` bit it enables the associated ``PMEVCNTR<n>`` at
122 security state unless it is enabled here.
134 - If set to ``1`` it disables the cycle counter ``PMCCNTR`` where event
|
| /rk3399_ARM-atf/docs/process/ |
| H A D | security-hardening.rst | 32 world from making it leak timing information. In general, higher privilege
42 Since the Non-secure world has access to the ``PMCR`` register, it can
44 Secure and Non-secure state. Thus, it attempts to leak timing information from
71 exception levels) it instructs counters to increment, obtaining event counts
72 would allow it to carry out side-channel timing attacks against the Secure
135 it is recommended to develop against ``W=2`` (which will eventually become the
144 point of view because it potentially allows an attacker to inject arbitrary
146 a use case for it, for example in a testing or factory environment.
|
| H A D | commit-style.rst | 6 describe in detail why it does it. This helps to ensure that changes to the
7 code-base are transparent and approachable to reviewers, and it allows us to
17 - What motivated it?
18 - What impact does it have?
19 - How was it tested?
22 - If it fixes an `issue`_, include a reference.
25 main repository are expected to adhere to these guidelines, so it is
107 greatest new platform `Bar` then you would add it to the `Platforms` changelog
|
| H A D | faq.rst | 7 Often it is necessary to update your patch set before it is merged. Refer to the
21 to get an estimate of when it will be merged.
44 How long will it take for my changes to go from ``integration`` to ``master``?
50 several things over the course of a few days, it might take up to a week.
51 Typically, it will be 1-2 days.
|
| H A D | platform-ports-policy.rst | 17 and a new interface introduced to replace it. In case the migration to the new
38 If a platform, driver or library interface is no longer maintained, it is best
39 to deprecate it to keep the projects' source tree clean and healthy. Deprecation
43 period before deleting it (typically 2 release cycles). In this case, we keep
|
| H A D | code-review-guidelines.rst | 15 help those that are less familiar with it.
32 it must get all of the following votes:
60 code review helps everyone in the long run, as it creates a culture of
78 may try the following actions to speed it up:
80 - Ping the reviewers on Gerrit or on the mailing list. If it is urgent,
94 directory to have the freedom to change it in any way. This way, your changes
110 need some clarifications, it's better to ask rather than letting a potential
116 - Improvements ("Would it be better if we did Y instead?")
139 - It adheres to the security model of the project. In particular, it does not
176 responsible for its quality and the effects it has for all TF-A users. Make
[all …]
|
| /rk3399_ARM-atf/docs/ |
| H A D | architecture_features.rst | 7 Exception Levels. For features with EL3 controls, it is relatively straightforward to examine the
8 code and determine whether TF-A support them. However, for features that are transparent to EL3, it
473 If it is defined to 1, the code will use the feature unconditionally, so the CPU
478 but its existence will be checked at runtime, so it works on CPUs with or
488 a) a feature is added to the architecture and it includes controls at EL3
503 - Add it to the ``assert_numerics`` and ``add_defines`` lists in the
506 - Add a default of ``0`` for it in ``make_helpers/arch_features.mk``. If the
508 add it to the appropriate list at the top of the same file.
521 code is to use it, a corresponding AArch32 version should be provided. It
559 can take, the default, and that it conforms to the ``ENABLE_FEAT`` mechanism.
[all …]
|
| /rk3399_ARM-atf/docs/components/spd/ |
| H A D | optee-dispatcher.rst | 10 load it as the BL32 payload during boot, and is the recommended technique for
16 way. ChromeOS uses a boot flow where it verifies the signature of the firmware
17 before executing it, and then only if the signature is valid will the 'secrets'
|
| /rk3399_ARM-atf/docs/plat/marvell/armada/misc/ |
| H A D | mvebu-iob.rst | 10 the enabled windows. If there is a hit and it passes the security checks, it is
|
| /rk3399_ARM-atf/docs/getting_started/ |
| H A D | image-terminology.rst | 16 - The main name change is to prefix each image with the processor it corresponds
18 ambiguity (for example, within AP specific code/documentation), it is
29 example, function names) it's not possible to use this character. All dashes
78 normal world. However, it may refer to a more abstract Secure-EL1 Payload (SP).
110 and uses it as the RMM image.
123 may directly load/authenticate its own firmware. In these systems, it doesn't
131 runtime firmware" but it could potentially be an intermediate firmware if the
154 it's in so it makes sense to encode "NS" in the normal world images. The absence
|
| /rk3399_ARM-atf/docs/design/ |
| H A D | alt-boot-flows.rst | 11 Although it is possible to implement some baremetal secure firmware from
49 place. In this case, booting it is just a matter of specifying the right
56 used. The infinite loop that it introduces in BL1 stops execution at the right
69 on TF-A to load it. This may simplify packaging of the normal world code and
|
| H A D | cpu-specific-build-macros.rst | 17 no performance benefit for non-affected platforms, it just helps to comply
74 for it to specify which errata workarounds should be enabled or not.
77 will enable it.
286 CPU. This needs to be enabled for revision r0p0 and r1p0 of the CPU and it is
290 CPU. This needs to be enabled for revision r0p0 and r1p0 of the CPU and it is
294 CPU. This needs to be enabled for revision r0p0 and r1p0 of the CPU and it is
313 CPU. This needs to be enabled for r0p0, r1p0, and r1p1, it is still open.
316 CPU. This needs to be enabled for r0p0, r1p0, and r1p1, it is still open.
322 CPU. This needs to be enabled for r0p0, r1p0, and r1p1, it is still open.
340 CPU. This needs to be enabled for revision r0p0, it is fixed in r1p0.
[all …]
|
| /rk3399_ARM-atf/docs/plat/arm/arm_fpga/ |
| H A D | index.rst | 25 it does not exist already.
31 Normally TF-A panics if it encounters a MPID value not matched to its
45 so it must describe at least the UART and a GICv3 interrupt controller.
55 detect it and copy it into the DTB passed on to BL33.
|