The Secure Partition should be able to be used from any CPU, not just
the lead one. This patch point the secure contexts of all secondary
CPUs to the same one used by the lead CPU for the Secure Partition. This
way, they can also use it.
In order to prevent more than one CPU from using the Secure Partition at
the same time, a lock has been added.
Change-Id: Ica76373127c3626498b06c558a4874ce72201ff7
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Whether a Secure Partition is being initialized or not is something
related to that specific partition, so it should be saved with the
rest of the information related to it.
Change-Id: Ie8a780f70df83fb03ef9c01ba37960208d9b5319
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
It is not necessary to read data from stdin. The input file name
is ripped off by -n option, anyway. I still use the redirect for
the output to specify the output file name.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This patch adds padding bytes at the end of the last image in the
fip to be able to transfer by DMA the last image.
Change-Id: I8c6f07dee389cb3d1dc919936d9d52841d7e5723
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Signed-off-by: David Cunado <david.cunado@arm.com>
To allow BL31 to grow in SRAM, move TSP in TZC secured DRAM
by default.
Increase the BL31 max limit by one page.
Change-Id: Idd3479be02f0f9bafac2f275376d7db0c2015431
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
check_* targets just check necessary command line argument, not
build any images. They should be specified as .PHONY.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Commit 8f0617ef9e46 ("Apply TBBR naming convention to the fip_create
options") changed fiptool command options. We often forget to update
documentation.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
ARM TF has been tested as part of its CI system with the following
dependencies updated:
- Linaro binaries: 17.04 --> 17.10
- mbed TLS library: 2.4.2 --> 2.6.0
The version of AEM, Cortex-A and Foundation models that ARM TF is
tested on has also been updated:
- v11.1 build 11.1:22 --> v11.2 build 11.2:33
- v8.9 build 0.8:8805 --> v9.0 build 0.8:9005
This patch updates the user guide documentation to reflect these
changes to the dependencies.
Additionally, links to Linaro resources have been updated.
Change-Id: I9ea5cb76e7443c9dbb0c9525069f450a02f59e58
Signed-off-by: David Cunado <david.cunado@arm.com>
The current IO block buffer overlaps with BL2 image location.
So, BL2 may corrupt itself.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Commit 6f6257476754 ("Convert documentation to reStructuredText")
automatically converted all documents by a tool. I see some parts
were converted in an ugly way (or, at least, it is not my intention).
Also, the footnote is apparently broken.
I checked this document by my eyes, and reformated it so that it looks
nicer both in plain text and reST form.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
With this patch, ARM platforms are expected to define the macros
PLAT_ARM_SDEI_PRIVATE_EVENTS and PLAT_ARM_SDEI_SHARED_EVENTS as a list
of private and shared events, respectively. This allows for individual
platforms to define their own events.
Change-Id: I66851fdcbff83fd9568c2777ade9eb12df284b49
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Add support to formats %i, %d, %p, %x and %u for left-padding numbers
with zeroes (e.g. `%08x`).
Change-Id: Ifd4795a82a8d83da2c00b44b9e482a2d9be797e3
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch adds documentation that describes the design of the Secure
Partition Manager and the specific choices in their current
implementation.
The document "SPM User Guide" has been integrated into the design
document.
Change-Id: I0a4f21a2af631c8aa6c739d97a5b634f3cb39991
Co-authored-by: Achin Gupta <achin.gupta@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
ARM TF does not work correctly if built with a version of gcc
that is configured to use PIE by default (e.g. Debian Stretch).
This patch identifies when such a version of gcc is being used
(by searching for --enable-default-pie) and adds -fno-PIE option
to TF_CFLAGS.
fixesarm-software/tf-issues#519
Change-Id: I2322122c49841746d35d152694e14f6f73beb0fd
Signed-off-by: David Cunado <david.cunado@arm.com>
Co-Authored-by: Evan Lloyd <evan.lloyd@arm.com>
Tested-by: Steve Capper <steve.capper@arm.com>
Tested-by: Alexei Fedorov <alexei.fedorov@arm.com>
The block operations were trying to optimize the number of memory
copies, and it tried to use directly the buffer supplied by the user
to them. This was a mistake because it created too many corner cases:
1- It was possible to generate unaligned
operations to unaligned buffers. Drivers that were using
DMA transfer failed in that case.
2- It was possible to generate read operations
with sizes that weren't a multiple of the block size. Some
low level drivers assumed that condition and they calculated
the number of blocks dividing the number of bytes by the
size of the block, without considering the remaining bytes.
3- The block_* operations didn't control the
number of bytes actually copied to memory, because the
low level drivers were writing directly to the user buffer.
This patch rewrite block_read and block_write to use always the device
buffer, which the platform ensures that has the correct aligment and
the correct size.
Change-Id: I5e479bb7bc137e6ec205a8573eb250acd5f40420
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
This patch overhauls the console API to allow for multiple console
instances of different drivers that are active at the same time. Instead
of binding to well-known function names (like console_core_init),
consoles now provide a register function (e.g. console_16550_register())
that will hook them into the list of active consoles. All console
operations will be dispatched to all consoles currently in the list.
The new API will be selected by the build-time option MULTI_CONSOLE_API,
which defaults to ${ERROR_DEPRECATED} for now. The old console API code
will be retained to stay backwards-compatible to older platforms, but
should no longer be used for any newly added platforms and can hopefully
be removed at some point in the future.
The new console API is intended to be used for both normal (bootup) and
crash use cases, freeing platforms of the need to set up the crash
console separately. Consoles can be individually configured to be active
active at boot (until first handoff to EL2), at runtime (after first
handoff to EL2), and/or after a crash. Console drivers should set a sane
default upon registration that can be overridden with the
console_set_scope() call. Code to hook up the crash reporting mechanism
to this framework will be added with a later patch.
This patch only affects AArch64, but the new API could easily be ported
to AArch32 as well if desired.
Change-Id: I35c5aa2cb3f719cfddd15565eb13c7cde4162549
Signed-off-by: Julius Werner <jwerner@chromium.org>
The current Rockchip platform code retains the "common" default panic
handler which simply hangs the system (until the watchdog kicks in, if
enabled). This is usually not a great user experience.
This patch implements a Rockchip-specific panic handler that calls the
platform's reboot implementation to reset the system.
Change-Id: I4cbe09c48f1b3f86ebdfc0108c186565f9ffc119
Signed-off-by: Julius Werner <jwerner@chromium.org>
In assembly code it can be useful to have a constant for the width of a
register in the current architecture, so this patch adds one to
<utils_def.h> and replaces the existing custom one in crash_reporting.S
with that. It also fixes up the BIT() macro in the same file so that it
can be safely used in assembly code.
Change-Id: I10513a311f3379e767396e6ddfbae8d2d8201464
Signed-off-by: Julius Werner <jwerner@chromium.org>
This partially reverts commit d6b532b50f8, keeping only the fixes to
the assertions. The changes related to the order of arguments passed
to the secure partition were not correct and violated the
specification of the SP_EVENT_COMPLETE SMC.
This patch also improves the MM_COMMUNICATE argument validation. The
cookie argument, as it comes from normal world, can't be trusted and thus
needs to always be validated at run time rather than using an assertion.
Also validate the communication buffer address and return
INVALID_PARAMETER if it is zero, as per the MM specification.
Fix a few typos in comments and use the "secure partition" terminology
rather than "secure payload".
Change-Id: Ice6b7b5494b729dd44611f9a93d362c55ab244f7
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The security properties of some IP blocks are configured to secure mode
after reset. This means these IP blocks can only be accessed by cpus
in secure state by default. These should be configured correclty as needed.
Signed-off-by: y00241285 <yyangwei.yangwei@hisilicon.com>
Signed-off-by: Jiancheng Xue <xuejiancheng@hisilicon.com>
