On some systems, the AMU counters might reset to 0 when a CPU
powerdown happens. This behaviour conflicts with the intended
use-case of AMU as lower ELs are only expected to see non-decreasing
counter values.
Change-Id: If25519965d4e6e47e09225d0e732947986cbb5ec
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Add some AMU helper functions to allow configuring, reading and
writing of the Group 0 and Group 1 counters. Documentation for these
helpers will come in a separate patch.
Change-Id: I656e070d2dae830c22414f694aa655341d4e2c40
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
A new platform macro `PLAT_AMU_GROUP1_COUNTERS_MASK` controls which
group 1 counters should be enabled. The maximum number of group 1
counters supported by AMUv1 is 16 so the mask can be at most 0xffff.
If the platform does not define this mask, no group 1 counters are
enabled.
A related platform macro `PLAT_AMU_GROUP1_NR_COUNTERS` is used by
generic code to allocate an array to save and restore the counters on
CPU suspend.
Change-Id: I6d135badf4846292de931a43bb563077f42bb47b
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
The suspend hook is published at the start of a CPU powerdown
operation. The resume hook is published at the end of a CPU powerup
operation.
Change-Id: I50c05e2dde0d33834095ac41b4fcea4c161bb434
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Use zynqmp_ipi APIs to access IPI registers in pm_service.
As the zynqmp_ipi APIs doesn't cover IPI buffers, the pm_ipi
in pm_service will still directly access the IPI buffers.
Signed-off-by: Wendy Liang <jliang@xilinx.com>
Previously, ZynqMP IPI in ATF is only for ZynqMP PM,
This patch is to have a ZynqMP IPI implementation to handle
both ZynqMP PM IPI requirement and IPI mailbox service requirement
which will be introduced next.
We control IPI agents registers access but not IPI buffers access in
this implementation. Each IPI mailbox user will directly access the
IPI buffers.
Signed-off-by: Wendy Liang <jliang@xilinx.com>
The Secure Partition should be able to be used from any CPU, not just
the lead one. This patch point the secure contexts of all secondary
CPUs to the same one used by the lead CPU for the Secure Partition. This
way, they can also use it.
In order to prevent more than one CPU from using the Secure Partition at
the same time, a lock has been added.
Change-Id: Ica76373127c3626498b06c558a4874ce72201ff7
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Whether a Secure Partition is being initialized or not is something
related to that specific partition, so it should be saved with the
rest of the information related to it.
Change-Id: Ie8a780f70df83fb03ef9c01ba37960208d9b5319
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch adds padding bytes at the end of the last image in the
fip to be able to transfer by DMA the last image.
Change-Id: I8c6f07dee389cb3d1dc919936d9d52841d7e5723
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Signed-off-by: David Cunado <david.cunado@arm.com>
To allow BL31 to grow in SRAM, move TSP in TZC secured DRAM
by default.
Increase the BL31 max limit by one page.
Change-Id: Idd3479be02f0f9bafac2f275376d7db0c2015431
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
check_* targets just check necessary command line argument, not
build any images. They should be specified as .PHONY.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Commit 8f0617ef9e ("Apply TBBR naming convention to the fip_create
options") changed fiptool command options. We often forget to update
documentation.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
ARM TF has been tested as part of its CI system with the following
dependencies updated:
- Linaro binaries: 17.04 --> 17.10
- mbed TLS library: 2.4.2 --> 2.6.0
The version of AEM, Cortex-A and Foundation models that ARM TF is
tested on has also been updated:
- v11.1 build 11.1:22 --> v11.2 build 11.2:33
- v8.9 build 0.8:8805 --> v9.0 build 0.8:9005
This patch updates the user guide documentation to reflect these
changes to the dependencies.
Additionally, links to Linaro resources have been updated.
Change-Id: I9ea5cb76e7443c9dbb0c9525069f450a02f59e58
Signed-off-by: David Cunado <david.cunado@arm.com>
The current IO block buffer overlaps with BL2 image location.
So, BL2 may corrupt itself.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Commit 6f62574767 ("Convert documentation to reStructuredText")
automatically converted all documents by a tool. I see some parts
were converted in an ugly way (or, at least, it is not my intention).
Also, the footnote is apparently broken.
I checked this document by my eyes, and reformated it so that it looks
nicer both in plain text and reST form.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
With this patch, ARM platforms are expected to define the macros
PLAT_ARM_SDEI_PRIVATE_EVENTS and PLAT_ARM_SDEI_SHARED_EVENTS as a list
of private and shared events, respectively. This allows for individual
platforms to define their own events.
Change-Id: I66851fdcbff83fd9568c2777ade9eb12df284b49
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Add support to formats %i, %d, %p, %x and %u for left-padding numbers
with zeroes (e.g. `%08x`).
Change-Id: Ifd4795a82a8d83da2c00b44b9e482a2d9be797e3
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch adds documentation that describes the design of the Secure
Partition Manager and the specific choices in their current
implementation.
The document "SPM User Guide" has been integrated into the design
document.
Change-Id: I0a4f21a2af631c8aa6c739d97a5b634f3cb39991
Co-authored-by: Achin Gupta <achin.gupta@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
ARM TF does not work correctly if built with a version of gcc
that is configured to use PIE by default (e.g. Debian Stretch).
This patch identifies when such a version of gcc is being used
(by searching for --enable-default-pie) and adds -fno-PIE option
to TF_CFLAGS.
fixesarm-software/tf-issues#519
Change-Id: I2322122c49841746d35d152694e14f6f73beb0fd
Signed-off-by: David Cunado <david.cunado@arm.com>
Co-Authored-by: Evan Lloyd <evan.lloyd@arm.com>
Tested-by: Steve Capper <steve.capper@arm.com>
Tested-by: Alexei Fedorov <alexei.fedorov@arm.com>
The block operations were trying to optimize the number of memory
copies, and it tried to use directly the buffer supplied by the user
to them. This was a mistake because it created too many corner cases:
1- It was possible to generate unaligned
operations to unaligned buffers. Drivers that were using
DMA transfer failed in that case.
2- It was possible to generate read operations
with sizes that weren't a multiple of the block size. Some
low level drivers assumed that condition and they calculated
the number of blocks dividing the number of bytes by the
size of the block, without considering the remaining bytes.
3- The block_* operations didn't control the
number of bytes actually copied to memory, because the
low level drivers were writing directly to the user buffer.
This patch rewrite block_read and block_write to use always the device
buffer, which the platform ensures that has the correct aligment and
the correct size.
Change-Id: I5e479bb7bc137e6ec205a8573eb250acd5f40420
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
This partially reverts commit d6b532b50f, keeping only the fixes to
the assertions. The changes related to the order of arguments passed
to the secure partition were not correct and violated the
specification of the SP_EVENT_COMPLETE SMC.
This patch also improves the MM_COMMUNICATE argument validation. The
cookie argument, as it comes from normal world, can't be trusted and thus
needs to always be validated at run time rather than using an assertion.
Also validate the communication buffer address and return
INVALID_PARAMETER if it is zero, as per the MM specification.
Fix a few typos in comments and use the "secure partition" terminology
rather than "secure payload".
Change-Id: Ice6b7b5494b729dd44611f9a93d362c55ab244f7
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The security properties of some IP blocks are configured to secure mode
after reset. This means these IP blocks can only be accessed by cpus
in secure state by default. These should be configured correclty as needed.
Signed-off-by: y00241285 <yyangwei.yangwei@hisilicon.com>
Signed-off-by: Jiancheng Xue <xuejiancheng@hisilicon.com>