The value of BL31_BASE currently depends on the size of BL31. This
causes problems in the RESET_TO_BL31 case because the value of
BL31_BASE is used in the model launch parameters, which often changes.
Therefore, this patch fixes BL31_BASE to the middle of Trusted SRAM,
to avoid further model parameter changes in future.
Change-Id: I6d7fa4fe293717d84768974679539c0e0cb6d935
Signed-off-by: David Cunado <david.cunado@arm.com>
This patch provides helper macros for both Device and Normal memory MAIR
encodings as defined by the ARM Architecture Reference Manual for ARMv8-A
(ARM DDI0487B.A).
Change-Id: I5faae7f2cf366390ad4ba1d9253c6f3b60fd5e20
Signed-off-by: David Cunado <david.cunado@arm.com>
Use the MAP_REGION to build the mmap_region_t argument in wrappers like
mmap_add_region(). Evolution of the mmap_region_t might require adding
new members with a non-zero default value. Users of MAP_REGION are
protected against such evolution. This commit also protects users of
mmap_add_region() and mmap_add_dynamic_region() functions against these
evolutions.
Also make the MAP_REGION macro implementation more explicit and make it
a mmap_region_t compound literal to make it useable as a function
parameter on its own and to prevent using it in initialization of
variables of different type.
Change-Id: I7bfc4689f6dd4dd23c895b65f628d8ee991fc161
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Erratum 855971 applies to revision r0p3 or earlier Cortex-A72 CPUs. The
recommended workaround is to disable instruction prefetch.
Change-Id: I7fde74ee2a8a23b2a8a1891b260f0eb909fad4bf
Signed-off-by: Eleanor Bonnici <Eleanor.bonnici@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Erratum 855972 applies to revision r1p3 or earlier Cortex-A57 CPUs. The
recommended workaround is to disable instruction prefetch.
Change-Id: I56eeac0b753eb1432bd940083372ad6f7e93b16a
Signed-off-by: Eleanor Bonnici <Eleanor.bonnici@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch does the required changes to enable CSS platforms
to build and use the SDS framework. Since SDS is always coupled with
SCMI protocol, the preexisting SCMI build flag is now renamed to
`CSS_USE_SCMI_SDS_DRIVER` which will enable both SCMI and SDS on
CSS platforms. Also some of the workarounds applied for SCMI are
now removed with SDS in place.
Change-Id: I94e8b93f05e3fe95e475c5501c25bec052588a9c
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch fixes the inconsistency with regards as to how
BL2_BASE/BL2U_BASE and BL2_LIMIT/BL2U_LIMIT macros are defined
when building Juno to run in AArch32 mode at EL3. In this case,
BL32 is compiled for AArch32 whereas BL1 and BL2 are compiled
for AArch64. This resulted in BL32 conditionally compiling a
different definition of the above mentioned macros from BL1/BL2.
This is fixed by taking into consideration the
JUNO_AARCH32_EL3_RUNTIME build flag as well in the conditional
compilation check.
Change-Id: I27ac68aa4df0502089c1739c05366a9c509eb5be
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The commit 3eb2d67 optimizes the memory map for BL2 when TSP
is not present. But this also broke OP-TEE as it was reusing
the TSP mapping. This patch fixes this problem by adding a
separate mapping for OP-TEE in the BL2 memory map table.
Change-Id: I130a2ea552b7b62d8478081feb1f4ddf5292a118
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Platform may use specific cache line sizes. Since CACHE_WRITEBACK_GRANULE
defines the platform specific cache line size, it is used to define the
size of the cpu data structure CPU_DATA_SIZE aligned on cache line size.
Introduce assembly macro 'mov_imm' for AArch32 to simplify implementation
of function '_cpu_data_by_index'.
Change-Id: Ic2d49ffe0c3e51649425fd9c8c99559c582ac5a1
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
This patch ensures that the ARM_MAP_TSP_SEC_MEM memory region is mapped
in BL2 only if the TSPD has been included in the build. This saves one
entry in the plat_arm_mmap[] array and avoids to map extra memory when
it's not needed.
Change-Id: I6ae60822ff8f0de198145925b0b0d45355179a94
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Add Call Frame Information assembler directives to vector entries so
that debuggers display the backtrace of functions that triggered a
synchronous exception. For example, a function triggering a data abort
will be easier to debug if the backtrace can be displayed from a
breakpoint at the beginning of the synchronous exception vector.
DS-5 needs CFI otherwise it will not attempt to display the backtrace.
Other debuggers might have other needs. These debug information are
stored in the ELF file but not in the final binary.
Change-Id: I32dc4e4b7af02546c93c1a45c71a1f6d710d36b1
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Assembly routines are usually defined by using "func" and "endfunc":
func foo
...
endfunc foo
Currently, the "func" macro does not specify ".align" directive
by default. It causes unaligned instruction under some circumstances.
As far as I tested, this problem happens for GCC 5 or older. It did
not happen for GCC 6 or newer. Taking into account that GCC 4.x / 5.x
is still used, make sure that assembly code is at least 4 byte aligned.
[ How to reproduce the problem ]
For example, use GCC 5.3 downloaded from Linaro:
http://releases.linaro.org/components/toolchain/binaries/5.3-2016.05/
aarch64-linux-gnu/gcc-linaro-5.3.1-2016.05-x86_64_aarch64-linux-gnu.tar.xz
Expand mbedtls-2.4.2 to the current directory.
Try the following:
$ git log --oneline -1
77544ef Merge pull request #1071 from jeenu-arm/syntax-fix
$ aarch64-linux-gnu-gcc --version | head -1
aarch64-linux-gnu-gcc (Linaro GCC 5.3-2016.05) 5.3.1 20160412
$ make CROSS_COMPILE=aarch64-linux-gnu- PLAT=uniphier \
TRUSTED_BOARD_BOOT=1 MBEDTLS_DIR=mbedtls-2.4.2
( snip build log )
$ aarch64-linux-gnu-nm build/uniphier/release/bl1/bl1.elf | grep handler
00000000800088f4 T bl1_fwu_smc_handler
00000000800084c8 T bl1_smc_handler
000000008000a6e0 t _panic_handler
000000008000a8e0 W plat_error_handler
000000008000a8e8 W plat_panic_handler
000000008000a8d8 W plat_reset_handler
000000008000a39f T reset_handler
000000008000a367 t smc_handler
000000008000a2ef t smc_handler64
You will notice "smc_handler64", "reset_handler", etc. are not properly
aligned.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
At present, various CPU register macros that refer to CPUACTLR are named
ACTLR. This patch fixes that.
The previous register names are retained, but guarded by the
ERROR_DEPRECATED macro, so as not to break platforms that continue using
the old names.
Change-Id: Ia872196d81803f8f390b887d149e0fd054df519b
Signed-off-by: Eleanor Bonnici <Eleanor.bonnici@arm.com>
In order to avoid Undefined behavior, left operand in left-shift
expressions needs to be unsigned, and of sufficient size. The safest and
most consistent approach is to use unsigned long long type.
Change-Id: I9612f16a6e6ea4c7df62a02497d862abf19b8e1b
Signed-off-by: Eleanor Bonnici <Eleanor.bonnici@arm.com>
The current definition of ARM_INSTANTIATE_LOCK macro includes a
semicolon, which means it's omitted where it's used. This is anomalous
for a C statement in global scope.
Fix this by removing semicolon from the definition; and where it's a
NOP, declare a file-scoped variable explicitly tagged as unused to avoid
compiler warning.
No functional changes.
Change-Id: I2c1d92ece4777e272a025011e03b8003f3543335
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Changes ARM_OPTEE_PAGEABLE_LOAD_BASE to end of ARM_AP_TZC_DRAM1.
ARM_OPTEE_PAGEABLE_LOAD_SIZE is also increased to 4MB to optimize
translation table usage.
This change makes loading of paged part easier inside OP-TEE OS as the
previous location of ARM_OPTEE_PAGEABLE_LOAD_BASE normally isn't mapped
if paging is enabled.
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
This patch enables the CnP (Common not Private) bit for secure page
tables so that multiple PEs in the same Inner Shareable domain can use
the same translation table entries for a given stage of translation in
a particular translation regime. This only takes effect when ARM
Trusted Firmware is built with ARM_ARCH_MINOR >= 2.
ARM Trusted Firmware Design has been updated to include a description
of this feature usage.
Change-Id: I698305f047400119aa1900d34c65368022e410b8
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
The macro concisely expresses and requires architecture version to be at
least as required by its arguments. This would be useful when extending
Trusted Firmware functionality for future architecture revisions.
Replace similar usage in the current code base with the new macro.
Change-Id: I9dcd0aa71a663eabd02ed9632b8ce87611fa5a57
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
NOR memory only supports setting bits to 1. To clear a bit, set to zero,
the NOR memory needs to be erased.
Change-Id: Ia82eb15a5af9a6d4fc7e5ea2b58e6db87226b351
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
lock/unlock operation must wait until WSM bit
is set. Since we do not allow to loop forever then these functions
must return an error if WSM bit isn't enabled after a number of tries.
Change-Id: I21c9e292b514b28786ff4a225128bcd8c1bfa999
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Assembler programmers are used to being able to define functions with a
specific aligment with a pattern like this:
.align X
myfunction:
However, this pattern is subtly broken when instead of a direct label
like 'myfunction:', you use the 'func myfunction' macro that's standard
in Trusted Firmware. Since the func macro declares a new section for the
function, the .align directive written above it actually applies to the
*previous* section in the assembly file, and the function it was
supposed to apply to is linked with default alignment.
An extreme case can be seen in Rockchip's plat_helpers.S which contains
this code:
[...]
endfunc plat_crash_console_putc
.align 16
func platform_cpu_warmboot
[...]
This assembles into the following plat_helpers.o:
Sections:
Idx Name Size [...] Algn
9 .text.plat_crash_console_putc 00010000 [...] 2**16
10 .text.platform_cpu_warmboot 00000080 [...] 2**3
As can be seen, the *previous* function actually got the alignment
constraint, and it is also 64KB big even though it contains only two
instructions, because the .align directive at the end of its section
forces the assembler to insert a giant sled of NOPs. The function we
actually wanted to align has the default constraint. This code only
works at all because the linker just happens to put the two functions
right behind each other when linking the final image, and since the end
of plat_crash_console_putc is aligned the start of platform_cpu_warmboot
will also be. But it still wastes almost 64KB of image space
unnecessarily, and it will break under certain circumstances (e.g. if
the plat_crash_console_putc function becomes unused and its section gets
garbage-collected out).
There's no real way to fix this with the existing func macro. Code like
func myfunc
.align X
happens to do the right thing, but is still not really correct code
(because the function label is inserted before the .align directive, so
the assembler is technically allowed to insert padding at the beginning
of the function which would then get executed as instructions if the
function was called). Therefore, this patch adds a new parameter with a
default value to the func macro that allows overriding its alignment.
Also fix up all existing instances of this dangerous antipattern.
Change-Id: I5696a07e2fde896f21e0e83644c95b7b6ac79a10
Signed-off-by: Julius Werner <jwerner@chromium.org>
Add support for a minimal secure interrupt service in sp_min for
the AArch32 implementation. Hard code that only FIQs are handled.
Introduce bolean build directive SP_MIN_WITH_SECURE_FIQ to enable
FIQ handling from SP_MIN.
Configure SCR[FIQ] and SCR[FW] from generic code for both cold and
warm boots to handle FIQ in secure state from monitor.
Since SP_MIN architecture, FIQ are always trapped when system executes
in non secure state. Hence discard relay of the secure/non-secure
state in the FIQ handler.
Change-Id: I1f7d1dc7b21f6f90011b7f3fcd921e455592f5e7
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Trusted OS may have extra images to be loaded. Load them one by one
and do the parsing. In this patch, ARM TF need to load up to 3 images
for optee os: header, pager and paged images. Header image is the info
about optee os and images. Pager image include pager code and data.
Paged image include the paging parts using virtual memory.
Change-Id: Ia3bcfa6d8a3ed7850deb5729654daca7b00be394
Signed-off-by: Summer Qin <summer.qin@arm.com>
Since Trusted OS firmware may have extra images, need to
assign new uuid and image id for them.
The TBBR chain of trust has been extended to add support
for the new images within the existing Trusted OS firmware
content certificate.
Change-Id: I678dac7ba1137e85c5779b05e0c4331134c10e06
Signed-off-by: Summer Qin <summer.qin@arm.com>
Revision C of the Base FVP has the same memory map as earlier revisions,
but has the following differences:
- Implements CCI550 instead of CCI400,
- Has a single instantiation of SMMUv3,
- CPU MPIDs are shifted left by one level, and has MT bit set in them.
The correct interconnect to program is chosen at run time based on the
FVP revision. Therefore, this patch implements FVP functions for
interconnect programming, rather than depending on ARM generic ones. The
macros used have been renamed to reflect this change.
Additionally, this patch initializes SMMUv3 as part of FVP early
platform setup.
New ARM config flags are introduced for feature queries at run time.
Change-Id: Ic7b7f080953a51fceaf62ce7daa6de0573801f09
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The driver has only one API: to initialize an SMMUv3 device. This
operates on a device that implements secure state, by invalidating
secure caches and TLBs.
Change-Id: Ief32800419ddf0f1fe38c8f0da8f5ba75c72c826
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The current build system and driver requires the CCI product to be
specified at build time. The device constraints can be determined at run
time from its ID registers, obviating the need for specifying them
ahead.
This patch adds changes to identify and validate CCI at run time. Some
global variables are renamed to be in line with the rest of the code
base.
The build option ARM_CCI_PRODUCT_ID is now removed, and user guide is
updated.
Change-Id: Ibb765e349d3bc95ff3eb9a64bde1207ab710a93d
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch adds an early suspend handler, that executes with
SMP and data cache enabled. This handler allows platforms to
perform any early actions during the CPU suspend entry sequence.
This handler is optional and platforms can choose to implement it
depending on their needs. The `pwr_domain_suspend` handler still
exists and platforms can keep on using it without any side effects.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
At the moment, various parts of the Trusted Firmware code assume
that the granule size used is 4 KB. For example, the linker scripts
enforce 4 KB alignment restrictions on some sections.
However, the ARMv8-A architecture allows 16 KB and 64 KB granule
sizes as well. Some other parts of the TF code, particularly the
architectural code and definitions, have been implemented with
this in mind and cater for all 3 cases.
This discrepancy creates some confusion as to what is effectively
supported in TF. This patch adds some code comments and clarification
in the documentation to make this limitation clearer.
Change-Id: I1f202369b240d8bed9d43d57ecd2a548c86c8598
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Fix the type length and signedness of some of the constants and
variables used in the translation table library.
This patch supersedes Pull Request #1018:
https://github.com/ARM-software/arm-trusted-firmware/pull/1018
Change-Id: Ibd45faf7a4fb428a0bf71c752551d35800212fb2
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
In a previous patch, the xlat_ctx_t type has been made public.
This patch now makes the *_ctx() APIs public.
Each API now has a *_ctx() variant. Most of them were already implemented
and this patch just makes them public. However, some of them were missing
so this patch introduces them.
Now that all these APIs are public, there's no good reason for splitting
them accross 2 files (xlat_tables_internal.c and xlat_tables_common.c).
Therefore, this patch moves all code into xlat_tables_internal.c and
removes xlat_tables_common.c. It removes it from the library's makefile
as well.
This last change introduces a compatibility break for platform ports
that specifically include the xlat_tables_common.c file instead of
including the library's Makefile. The UniPhier platform makefile has
been updated to now omit this file from the list of source files.
The prototype of mmap_add_region_ctx() has been slightly changed. The
mmap_region_t passed in argument needs to be constant because it gets
called from map_add(), which receives a constant region. The former
implementation of mmap_add() used to cast the const qualifier away,
which is not a good practice.
Also remove init_xlation_table(), which was a sub-function of
init_xlat_tables(). Now there's just init_xlat_tables() (and
init_xlat_tables_ctx()). Both names were too similar, which was
confusing. Besides, now that all the code is in a single file,
it's no longer needed to have 2 functions for that.
Change-Id: I4ed88c68e44561c3902fbebb89cb197279c5293b
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
