1ARM Trusted Firmware - version 0.3 2================================== 3 4New features 5------------ 6 7* Support for Foundation FVP Version 2.0 added. 8 The documented UEFI configuration disables some devices that are unavailable 9 in the Foundation FVP, including MMC and CLCD. The resultant UEFI binary can 10 be used on the AEMv8 and Cortex-A57-A53 Base FVPs, as well as the Foundation 11 FVP. 12 13 NOTE: The software will not work on Version 1.0 of the Foundation FVP. 14 15* Enabled third party contributions. Added a new contributing.md containing 16 instructions for how to contribute and updated copyright text in all files 17 to acknowledge contributors. 18 19* The PSCI CPU_SUSPEND API has been stabilised to the extent where it can be 20 used for entry into power down states with the following restrictions: 21 - Entry into standby states is not supported. 22 - The API is only supported on the AEMv8 and Cortex-A57-A53 Base FVPs. 23 24* The PSCI AFFINITY_INFO api has undergone limited testing on the Base FVPs to 25 allow experimental use. 26 27* Required C library and runtime header files are now included locally in ARM 28 Trusted Firmware instead of depending on the toolchain standard include 29 paths. The local implementation has been cleaned up and reduced in scope. 30 31* Added I/O abstraction framework, primarily to allow generic code to load 32 images in a platform-independent way. The existing image loading code has 33 been reworked to use the new framework. Semi-hosting and NOR flash I/O 34 drivers are provided. 35 36* Introduced Firmware Image Package (FIP) handling code and tools. A FIP 37 combines multiple firmware images with a Table of Contents (ToC) into a 38 single binary image. The new FIP driver is another type of I/O driver. The 39 Makefile builds a FIP by default and the FVP platform code expect to load a 40 FIP from NOR flash, although some support for image loading using semi- 41 hosting is retained. 42 43 NOTE: Building a FIP by default is a non-backwards-compatible change. 44 45 NOTE: Generic BL2 code now loads a BL3-3 (non-trusted firmware) image into 46 DRAM instead of expecting this to be pre-loaded at known location. This is 47 also a non-backwards-compatible change. 48 49 NOTE: Some non-trusted firmware (e.g. UEFI) will need to be rebuilt so that 50 it knows the new location to execute from and no longer needs to copy 51 particular code modules to DRAM itself. 52 53* Reworked BL2 to BL3-1 handover interface. A new composite structure 54 (bl31_args) holds the superset of information that needs to be passed from 55 BL2 to BL3-1, including information on how handover execution control to 56 BL3-2 (if present) and BL3-3 (non-trusted firmware). 57 58* Added library support for CPU context management, allowing the saving and 59 restoring of 60 - Shared system registers between Secure-EL1 and EL1. 61 - VFP registers. 62 - Essential EL3 system registers. 63 64* Added a framework for implementing EL3 runtime services. Reworked the PSCI 65 implementation to be one such runtime service. 66 67* Reworked the exception handling logic, making use of both SP_EL0 and SP_EL3 68 stack pointers for determining the type of exception, managing general 69 purpose and system register context on exception entry/exit, and handling 70 SMCs. SMCs are directed to the correct EL3 runtime service. 71 72* Added support for a Test Secure-EL1 Payload (TSP) and a corresponding 73 Dispatcher (TSPD), which is loaded as an EL3 runtime service. The TSPD 74 implements Secure Monitor functionality such as world switching and 75 EL1 context management, and is responsible for communication with the TSP. 76 NOTE: The TSPD does not yet contain support for secure world interrupts. 77 NOTE: The TSP/TSPD is not built by default. 78 79 80Issues resolved since last release 81---------------------------------- 82 83* Support has been added for switching context between secure and normal 84 worlds in EL3. 85 86* PSCI API calls `AFFINITY_INFO` & `PSCI_VERSION` have now been tested (to 87 a limited extent). 88 89* The ARM Trusted Firmware build artifacts are now placed in the `./build` 90 directory and sub-directories instead of being placed in the root of the 91 project. 92 93* The ARM Trusted Firmware is now free from build warnings. Build warnings 94 are now treated as errors. 95 96* The ARM Trusted Firmware now provides C library support locally within the 97 project to maintain compatibility between toolchains/systems. 98 99* The PSCI locking code has been reworked so it no longer takes locks in an 100 incorrect sequence. 101 102* The RAM-disk method of loading a Linux file-system has been confirmed to 103 work with the ARM Trusted Firmware and Linux kernel version (based on 104 version 3.13) used in this release, for both Foundation and Base FVPs. 105 106 107Known issues 108------------ 109 110The following is a list of issues which are expected to be fixed in the future 111releases of the ARM Trusted Firmware. 112 113* The TrustZone Address Space Controller (TZC-400) is not being programmed 114 yet. Use of model parameter `-C bp.secure_memory=1` is not supported. 115 116* No support yet for secure world interrupt handling. 117 118* GICv3 support is experimental. The Linux kernel patches to support this are 119 not widely available. There are known issues with GICv3 initialization in 120 the ARM Trusted Firmware. 121 122* Dynamic image loading is not available yet. The current image loader 123 implementation (used to load BL2 and all subsequent images) has some 124 limitations. Changing BL2 or BL3-1 load addresses in certain ways can lead 125 to loading errors, even if the images should theoretically fit in memory. 126 127* The ARM Trusted Firmware uses too much on-chip Trusted SRAM. Currently the 128 Test Secure-EL1 Payload (BL3-2) executes in Trusted DRAM since there is not 129 enough SRAM. A number of RAM usage enhancements have been identified to 130 rectify this situation. 131 132* CPU idle does not work on the advertised version of the Foundation FVP. 133 Some FVP fixes are required that are not available externally at the time 134 of writing. 135 136* Various bugs in ARM Trusted Firmware, UEFI and the Linux kernel have been 137 observed when using Linaro toolchain versions later than 13.11. Although 138 most of these have been fixed, some remain at the time of writing. These 139 mainly seem to relate to a subtle change in the way the compiler converts 140 between 64-bit and 32-bit values (e.g. during casting operations), which 141 reveals previously hidden bugs in client code. 142 143* The tested filesystem used for this release (Linaro AArch64 OpenEmbedded 144 14.01) does not report progress correctly in the console. It only seems to 145 produce error output, not standard output. It otherwise appears to function 146 correctly. Other filesystem versions on the same software stack do not 147 exhibit the problem. 148 149* The Makefile structure doesn't make it easy to separate out parts of the 150 Trusted Firmware for re-use in platform ports, for example if only BL3-1 is 151 required in a platform port. Also, dependency checking in the Makefile is 152 flawed. 153 154* The firmware design documentation for the Test Secure-EL1 Payload (TSP) and 155 its dispatcher (TSPD) is incomplete. Similarly for the PSCI section. 156 157 158ARM Trusted Firmware - version 0.2 159================================== 160 161New features 162------------ 163 164* First source release. 165 166* Code for the PSCI suspend feature is supplied, although this is not enabled 167 by default since there are known issues (see below). 168 169 170Issues resolved since last release 171---------------------------------- 172 173* The "psci" nodes in the FDTs provided in this release now fully comply 174 with the recommendations made in the PSCI specification. 175 176 177Known issues 178------------ 179 180The following is a list of issues which are expected to be fixed in the future 181releases of the ARM Trusted Firmware. 182 183* The TrustZone Address Space Controller (TZC-400) is not being programmed 184 yet. Use of model parameter `-C bp.secure_memory=1` is not supported. 185 186* No support yet for secure world interrupt handling or for switching context 187 between secure and normal worlds in EL3. 188 189* GICv3 support is experimental. The Linux kernel patches to support this are 190 not widely available. There are known issues with GICv3 initialization in 191 the ARM Trusted Firmware. 192 193* Dynamic image loading is not available yet. The current image loader 194 implementation (used to load BL2 and all subsequent images) has some 195 limitations. Changing BL2 or BL3-1 load addresses in certain ways can lead 196 to loading errors, even if the images should theoretically fit in memory. 197 198* Although support for PSCI `CPU_SUSPEND` is present, it is not yet stable 199 and ready for use. 200 201* PSCI API calls `AFFINITY_INFO` & `PSCI_VERSION` are implemented but have not 202 been tested. 203 204* The ARM Trusted Firmware make files result in all build artifacts being 205 placed in the root of the project. These should be placed in appropriate 206 sub-directories. 207 208* The compilation of ARM Trusted Firmware is not free from compilation 209 warnings. Some of these warnings have not been investigated yet so they 210 could mask real bugs. 211 212* The ARM Trusted Firmware currently uses toolchain/system include files like 213 stdio.h. It should provide versions of these within the project to maintain 214 compatibility between toolchains/systems. 215 216* The PSCI code takes some locks in an incorrect sequence. This may cause 217 problems with suspend and hotplug in certain conditions. 218 219* The Linux kernel used in this release is based on version 3.12-rc4. Using 220 this kernel with the ARM Trusted Firmware fails to start the file-system as 221 a RAM-disk. It fails to execute user-space `init` from the RAM-disk. As an 222 alternative, the VirtioBlock mechanism can be used to provide a file-system 223 to the kernel. 224 225 226- - - - - - - - - - - - - - - - - - - - - - - - - - 227 228_Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved._ 229