aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-03-04fvp: plat_io_storage: remove duplicated coderyan-issue-41-v2Ryan Harkin
Fixes ARM-software/tf-issues#41 The policy functions for each file to be loaded were implemented by copy/pasting one method and then varying the data checked. This patch creates a generic function to check the policy based on the data stored in a table. This removes the amount of duplicated code but also makes the code simpler and more efficient. Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
2014-02-28Add v0.3 release documentationDan Handley
Update the readme.md and change-log.md with release information. Also, remove the "Detailed changes since last release" section of the change-log.md since the same information can be found in the GIT commit messages. Fixes ARM-software/tf-issues#22. Change-Id: I968cc8aaf588aa5c34ba8f1c12a5b797a46e04f5
2014-02-28Consolidate design and porting documentationDan Handley
Consolidate firmware-design.md and porting-guide.pm so that recently added sections fit better with pre-existing sections. Make the documentation more consistent in use of terminology. Change-Id: Id87050b096122fbd845189dc2fe1cd17c3003468
2014-02-28Add EL3 runtime services and SPD documentationDan Handley
1. Add design information on EL3 runtime services and Secure-EL1 Payload Dispatchers (SPD) to firmware-design.md. 2. Create new EL3 runtime service writer's guide (rt-svc-writers-guide.md) to ease creation of new runtime services. Change-Id: I670aeb5fc246e25c6e599a15139aac886a0074fd
2014-02-28Separate firmware design out of user-guide.mdDan Handley
Move the firmware design documentation out of user-guide.md and into a new file - firmware-design.md. Reformat the section headers. Change-Id: I664815dd47011c7c1cf2202aa4472a8fd78ebb92
2014-02-28Update versions of dependencies in user-guide.mdDan Handley
1. Update user-guide.md with the latest versions of dependent components required by the tested configurations of ARM Trusted Firmware. This includes the tested versions of Fixed Virtual Platforms (FVPs), toolchain, EFI Development Kit 2(EDK2), Linux kernel and Linux file system. 2. Remove the instructions to configure the Cortex Base FVP with the legacy GICv2 memory map as this is no longer supported since version 5.3 of the Base FVPs. 3. General tidyup of "Using the software" section. Change-Id: If8264cd29036b59dc5ff435b5f8b1d072dd36ef0
2014-02-26Remove duplicate xlat_table descriptionsJeenu Viswambharan
The BL31 and BL2 linker scripts ended up having duplicate descriptions for xlat_tables section. This patch removes those duplicate descriptions. Change-Id: Ibbdda0902c57fca5ea4e91e0baefa6df8f0a9bb1
2014-02-26fvp: Initialise UART earlierSandrine Bailleux
The UART used to be initialised in bl1_platform_setup(). This is too late because there are some calls to the assert() macro, which needs to print some messages on the console, before that. This patch moves the UART initialisation code to bl1_early_platform_setup(). Fixes ARM-software/tf-issues#49 Change-Id: I98c83a803866372806d2a9c2e1ed80f2ef5b3bcc
2014-02-26Tolerate runtime service initialization failureJeenu Viswambharan
At present, the firmware panics if a runtime service fails to initialize. An earlier patch had implemented late binding for all runtime service handlers. With that in place, this patch allows the firmware to proceed even when a service fails to initialize. Change-Id: I6cf4de2cecea9719f4cd48272a77cf459b080d4e
2014-02-26Implement late binding for runtime hooksJeenu Viswambharan
At present SPD power management hooks and BL3-2 entry are implemented using weak references. This would have the handlers bound and registered with the core framework at build time, but leaves them dangling if a service fails to initialize at runtime. This patch replaces implementation by requiring runtime handlers to register power management and deferred initialization hooks with the core framework at runtime. The runtime services are to register the hooks only as the last step, after having all states successfully initialized. Change-Id: Ibe788a2a381ef39aec1d4af5ba02376e67269782
2014-02-26Update contributing.md to new CLA locationDan Handley
This commit updates contributing.md to point to the ARM website for downloading copies of the Contribution License Agreement (CLA). It is no longer necessary to email ARM for these. Change-Id: Iaf58680631a626f26827577709ac5471e3b84566
2014-02-26Reduce GICv3 debug outputHarry Liebel
Change-Id: Ia8502f8d0566025d8bad150029f49cb63815261d
2014-02-26Revert accidental removal of BL2 from help messageJeenu Viswambharan
Commit 375f538a7 in Github accidentally removed the BL2 targets from the Makefile help message. This patch reverts that change. Change-Id: I825a9abe5b4ba0f15d02879dda1056912e2ad60c
2014-02-20Update .gitignoreJeenu Viswambharan
This patch updates .gitignore file to ignore potential build products, tool object files and binaries Also fixes issue ARM-software/tf-issues#35 Change-Id: I053dfba4ec8fecbcca081cad5b4bf94f8abfb15c
2014-02-20Fix semihosting with latest toolchainRyan Harkin
Fixes issues #10: https://github.com/ARM-software/tf-issues/issues/10 This patch changes all/most variables of type int to be size_t or long to fix the sizing and alignment problems found when building with the newer toolchains such as Linaro GCC 13.12 or later. Change-Id: Idc9d48eb2ff9b8c5bbd5b227e6907263d1ea188b Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
2014-02-20Cleanup FIP build targets and messagesJeenu Viswambharan
At present the fip.bin depends on phony targets for BL images, resulting in unconditional remake of fip.bin. Also the build messages doesn't match with the rest of build system. This patch modifies the fip.bin dependencies to the actual BL binary images so that fip.bin is remade only when the component images are rebuilt/modified. The build messages and FIP Makefile are modified to match the style of rest of the build system. Change-Id: I8dd08666ff766d106820a5b4b037c2161bcf140f
2014-02-20Report recoverable errors as warningsJeenu Viswambharan
At present many recoverable failures are reported as errors. This patch modifies all such failures to be reported as warnings instead. Change-Id: I5141653c82498defcada9b90fdf7498ba496b2f2
2014-02-20Rework arithmetic operations in Test Secure PayloadAchin Gupta
This patch reworks the service provided by the TSP to perform common arithmetic operations on a set of arguments provided by the non-secure world. For a addition, division, subtraction & multiplication operation requested on two arguments in x0 and x1 the steps are: 1. TSPD saves the non-secure context and passes the operation and its arguments to the TSP. 2. TSP asks the TSPD to return the same arguments once again. This exercises an additional SMC path. 3. TSP now has two copies of both x0 and x1. It performs the operation on the corresponding copies i.e. in case of addition it returns x0+x0 and x1+x1. 4. TSPD receives the result, saves the secure context, restores the non-secure context and passes the result back to the non-secure client. Change-Id: I6eebfa2ae0a6f28b1d2e11a31f575c7a4b96724b Co-authored-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2014-02-20Add power management support in the SPDAchin Gupta
This patch implements a set of handlers in the SPD which are called by the PSCI runtime service upon receiving a power management operation. These handlers in turn pass control to the Secure Payload image if required before returning control to PSCI. This ensures that the Secure Payload has complete visibility of all power transitions in the system and can prepare accordingly. Change-Id: I2d1dba5629b7cf2d53999d39fe807dfcf3f62fe2
2014-02-20Add Test Secure Payload Dispatcher (TSPD) serviceAchin Gupta
This patch adds the TSPD service which is responsible for managing communication between the non-secure state and the Test Secure Payload (TSP) executing in S-EL1. The TSPD does the following: 1. Determines the location of the TSP (BL3-2) image and passes control to it for initialization. This is done by exporting the 'bl32_init()' function. 2. Receives a structure containing the various entry points into the TSP image as a response to being initialized. The TSPD uses this information to determine how the TSP should be entered depending on the type of operation. 3. Implements a synchronous mechanism for entering into and returning from the TSP image. This mechanism saves the current C runtime context on top of the current stack and jumps to the TSP through an ERET instruction. The TSP issues an SMC to indicate completion of the previous request. The TSPD restores the saved C runtime context and resumes TSP execution. This patch also introduces a Make variable 'SPD' to choose the specific SPD to include in the build. By default, no SPDs are included in the build. Change-Id: I124da5695cdc510999b859a1bf007f4d049e04f3 Co-authored-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2014-02-20Fix FIP offset address when file not foundJeenu Viswambharan
If there is a request to open a file from FIP, and that file is not found, the driver fails to reset the offset address. This causes subsequent file loads to fail. This patch resets the offset address to zero if a file is not found so that subsequent file loads are unaffected. Change-Id: I16418e35f92fb7c85fb12e2acc071990520cdef8
2014-02-20Add Test Secure Payload (BL3-2) imageAchin Gupta
This patch adds a simple TSP as the BL3-2 image. The secure payload executes in S-EL1. It paves the way for the addition of the TSP dispatcher runtime service to BL3-1. The TSP and the dispatcher service will serve as an example of the runtime firmware's ability to toggle execution between the non-secure and secure states in response to SMC request from the non-secure state. The TSP will be replaced by a Trusted OS in a real system. The TSP also exports a set of handlers which should be called in response to a PSCI power management event e.g a cpu being suspended or turned off. For now it runs out of Secure DRAM on the ARM FVP port and will be moved to Secure SRAM later. The default translation table setup code assumes that the caller is executing out of secure SRAM. Hence the TSP exports its own translation table setup function. The TSP only services Fast SMCs, is non-reentrant and non-interruptible. It does arithmetic operations on two sets of four operands, one set supplied by the non-secure client, and the other supplied by the TSP dispatcher in EL3. It returns the result according to the Secure Monitor Calling convention standard. This TSP has two functional entry points: - An initial, one-time entry point through which the TSP is initialized and prepares for receiving further requests from secure monitor/dispatcher - A fast SMC service entry point through which the TSP dispatcher requests secure services on behalf of the non-secure client Change-Id: I24377df53399307e2560a025eb2c82ce98ab3931 Co-authored-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2014-02-20Move PSCI to runtime services directoryAchin Gupta
This patch creates a 'services' directory and moves the PSCI under it. Other runtime services e.g. the Secure Payload Dispatcher service will be placed under the same directory in the future. Also fixes issue ARM-software/tf-issues#12 Change-Id: I187f83dcb660b728f82155d91882e961d2255068
2014-02-20Specify address of UART device to use as a consoleAchin Gupta
This patch adds the ability to specify the base address of a UART device for initialising the console. This allows a boot loader stage to use a different UART device from UART0 (default) for the console. Change-Id: Ie60b927389ae26085cfc90d22a564ff83ba62955
2014-02-20Factor out translation table setup in ARM FVP portAchin Gupta
This patch factors out the ARM FVP specific code to create MMU translation tables so that it is possible for a boot loader stage to create a different set of tables instead of using the default ones. The default translation tables are created with the assumption that the calling boot loader stage executes out of secure SRAM. This might not be true for the BL3_2 stage in the future. A boot loader stage can define the `fill_xlation_tables()` function as per its requirements. It returns a reference to the level 1 translation table which is used by the common platform code to setup the TTBR_EL3. This patch is a temporary solution before a larger rework of translation table creation logic is introduced. Change-Id: I09a075d5da16822ee32a411a9dbe284718fb4ff6
2014-02-20Add support for BL3-2 in BL3-1Achin Gupta
This patch adds the following support to the BL3-1 stage: 1. BL3-1 allows runtime services to specify and determine the security state of the next image after BL3-1. This has been done by adding the `bl31_set_next_image_type()` & `bl31_get_next_image_type()` apis. The default security state is non-secure. The platform api `bl31_get_next_image_info()` has been modified to let the platform decide which is the next image in the desired security state. 2. BL3-1 exports the `bl31_prepare_next_image_entry()` function to program entry into the target security state. It uses the apis introduced in 1. to do so. 3. BL3-1 reads the information populated by BL2 about the BL3-2 image into its internal data structures. 4. BL3-1 introduces a weakly defined reference `bl32_init()` to allow initialisation of a BL3-2 image. A runtime service like the Secure payload dispatcher will define this function if present. Change-Id: Icc46dcdb9e475ce6575dd3f9a5dc7a48a83d21d1
2014-02-20Add support for BL3-2 in BL2Achin Gupta
This patch adds support for loading a BL3-2 image in BL2. In case a BL3-2 image is found, it also passes information to BL3-1 about where it is located and the extents of memory available to it. Information about memory extents is populated by platform specific code. The documentation has also been updated to reflect the above changes. Change-Id: I526b2efb80babebab1318f2b02e319a86d6758b0 Co-authored-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2014-02-20Rework BL2 to BL3-1 hand over interfaceAchin Gupta
This patch reworks BL2 to BL3-1 hand over interface by introducing a composite structure (bl31_args) that holds the superset of information that needs to be passed from BL2 to BL3-1. - The extents of secure memory available to BL3-1 - The extents of memory available to BL3-2 (not yet implemented) and BL3-3 - Information to execute BL3-2 (not yet implemented) and BL3-3 images This patch also introduces a new platform API (bl2_get_bl31_args_ptr) that needs to be implemented by the platform code to export reference to bl31_args structure which has been allocated in platform-defined memory. The platform will initialize the extents of memory available to BL3-3 during early platform setup in bl31_args structure. This obviates the need for bl2_get_ns_mem_layout platform API. BL2 calls the bl2_get_bl31_args_ptr function to get a reference to bl31_args structure. It uses the 'bl33_meminfo' field of this structure to load the BL3-3 image. It sets the entry point information for the BL3-3 image in the 'bl33_image_info' field of this structure. The reference to this structure is passed to the BL3-1 image. Also fixes issue ARM-software/tf-issues#25 Change-Id: Ic36426196dd5ebf89e60ff42643bed01b3500517
2014-02-20Add exception vector guardsJeenu Viswambharan
This patch adds guards so that an exception vector exceeding 32 instructions will generate a compile-time error. This keeps the exception handlers in check from spilling over. Change-Id: I7aa56dd0071a333664e2814c656d3896032046fe
2014-02-17Increase coherent stack sizesAchin Gupta
This patch increases coherent stack size for both debug and release builds in order to accommodate stack-heavy printf() and extended EL3 functionality Change-Id: I30ef30530a01517a97e63d703873374828c09f20
2014-02-17Add support for handling runtime service requestsJeenu Viswambharan
This patch uses the reworked exception handling support to handle runtime service requests through SMCs following the SMC calling convention. This is a giant commit since all the changes are inter-related. It does the following: 1. Replace the old exception handling mechanism with the new one 2. Enforce that SP_EL0 is used C runtime stacks. 3. Ensures that the cold and warm boot paths use the 'cpu_context' structure to program an ERET into the next lower EL. 4. Ensures that SP_EL3 always points to the next 'cpu_context' structure prior to an ERET into the next lower EL 5. Introduces a PSCI SMC handler which completes the use of PSCI as a runtime service Change-Id: I661797f834c0803d2c674d20f504df1b04c2b852 Co-authored-by: Achin Gupta <achin.gupta@arm.com>
2014-02-17Introduce new exception handling frameworkAchin Gupta
This patch introduces the reworked exception handling logic which lays the foundation for accessing runtime services in later patches. The type of an exception has a greater say in the way it is handled. SP_EL3 is used as the stack pointer for: 1. Determining the type of exception and handling the unexpected ones on the exception stack 2. Saving and restoring the essential general purpose and system register state after exception entry and prior to exception exit. SP_EL0 is used as the stack pointer for handling runtime service requests e.g. SMCs. A new structure for preserving general purpose register state has been added to the 'cpu_context' structure. All assembler ensures that it does not use callee saved registers (x19-x29). The C runtime preserves them across functions calls. Hence EL3 code does not have to save and restore them explicitly. Since the exception handling framework has undergone substantial change, the changes have been kept in separate files to aid readability. These files will replace the existing ones in subsequent patches. Change-Id: Ice418686592990ff7a4260771e8d6676e6c8c5ef
2014-02-17Add runtime services frameworkAchin Gupta
This patch introduces the framework to enable registration and initialisation of runtime services. PSCI is registered and initialised as a runtime service. Handling of runtime service requests will be implemented in subsequent patches. Change-Id: Id21e7ddc5a33d42b7d6e455b41155fc5441a9547
2014-02-17psci: Use context library for preserving EL3 stateAchin Gupta
This patch uses the context library to save and restore EL3 state on the 'cpu_context' data structures allocated by PSCI for managing non-secure state context on each cpu. Change-Id: I19c1f26578204a7cd9e0a6c582ced0d97ee4cf80
2014-02-17Add context management libraryAchin Gupta
This patch adds support for a cpu context management library. This library will be used to: 1. Share pointers to secure and non-secure state cpu contexts between runtime services e.g. PSCI and Secure Payload Dispatcher services 2. Set SP_EL3 to a context structure which will be used for programming an ERET into a lower EL 3. Provide wrapper functions to save and restore EL3 & EL1 state. These functions will in turn use the helper functions in context.S Change-Id: I655eeef83dcd2a0c6f2eb2ac23efab866ac83ca0
2014-02-17Add helper library for cpu context managementAchin Gupta
This patch introduces functions for saving and restoring shared system registers between secure and non-secure EL1 exception levels, VFP registers and essential EL3 system register and other state. It also defines the 'cpu_context' data structure which will used for saving and restoring execution context for a given security state. These functions will allow runtime services like PSCI and Secure payload dispatcher to implement logic for switching between the secure and non-secure states. The save and restore functions follow AArch64 PCS and only use caller-saved temporary registers. Change-Id: I8ee3aaa061d3caaedb28ae2c5becb9a206b6fd74
2014-02-17Setup VBAR_EL3 incrementallyAchin Gupta
This patch ensures that VBAR_EL3 points to the simple stack-less 'early_exceptions' when the C runtime stack is not correctly setup to use the more complex 'runtime_exceptions'. It is initialised to 'runtime_exceptions' once this is done. This patch also moves all exception vectors into a '.vectors' section and modifies linker scripts to place all such sections together. This will minimize space wastage from alignment restrictions. Change-Id: I8c3e596ea3412c8bd582af9e8d622bb1cb2e049d
2014-02-17Fix spilled-over BL1 exception vectorJeenu Viswambharan
The SynchronousExceptionA64 vector has gone beyond the 32-instruction limit for individual exception vector. This patch splits and relocates the exception handler so that it fits into the 32-instruction window. Change-Id: Ic60c4fc3f09a1cb071d63ff0e58353ecaecbb62f
2014-02-17Move translation tables into separate sectionJeenu Viswambharan
This patch moves the translation tables into their own section. This saves space that would otherwise have been lost in padding due to page table alignment constraints. The BL31 and BL32 bases have been consequently adjusted. Change-Id: Ibd65ae8a5ce4c4ea9a71a794c95bbff40dc63e65
2014-02-17Add Firmware Image Package (FIP) documentationHarry Liebel
This fixes ARM-software/tf-issues#9 Change-Id: Id57037115b8762efc9eaf5ff41887b71d6494c5d
2014-02-17Add Firmware Image Package (FIP) driverHarry Liebel
The Firmware Image Package (FIP) driver allows for data to be loaded from a FIP on platform storage. The FVP supports loading bootloader images from a FIP located in NOR FLASH. The implemented FVP policy states that bootloader images will be loaded from a FIP in NOR FLASH if available and fall back to loading individual images from semi-hosting. NOTE: - BL3-3(e.g. UEFI) is loaded into DRAM and needs to be configured to run from the BL33_BASE address. This is currently set to DRAM_BASE+128MB for the FVP. Change-Id: I2e4821748e3376b5f9e467cf3ec09509e43579a0
2014-02-17Add Firmware Image Package creation toolHarry Liebel
This tool can be used to create a Firmware Image Packages (FIP). These FIPs store a combined set of firmware images with a Table of Contents (ToC) that can be loaded by the firmware from platform storage. - Add uuid.h from FreeBSD. - Use symbolic links to shared headers otherwise unwanted headers and definitions are pulled in. - A FIP is created as part of the default FVP build. - A BL3-3 image(e.g. UEFI) must be provided. Change-Id: Ib73feee181df2dba68bf6abec115a83cfa5e26cb
2014-02-17Implement load_image in terms of IO abstractionJames Morrissey
The modified implementation uses the IO abstraction rather than making direct semi-hosting calls. The semi-hosting driver is now registered for the FVP platform during initialisation of each boot stage where it is used. Additionally, the FVP platform includes a straightforward implementation of 'plat_get_image_source' which provides a generic means for the 'load_image' function to determine how to access the image data. Change-Id: Ia34457b471dbee990c7b3c79de7aee4ceea51aa6
2014-02-17Add IO abstraction frameworkJames Morrissey
This is intended primarily for use as a storage abstraction. It allows operations such as image-loading to be implemented in a platform-independent fashion. Each platform registers a set of IO drivers during initialisation. The platform must also provide a function that will return a device and a specifier that can be used to access specified content. Clients of the API will primarily use device and entity handles. The term "entity" is deliberately vague, to allow for different representations of content accessed using different types of specifier, but will often be interpreted as a "file" where the specifier will normally be its path. This commit builds, but is intended to be paired with a sample implementation of "load_image" using a semi-hosting driver on FVP. Change-Id: Id3b52f1c0eb9ce76b44b99fc6b6460803668cc86
2014-02-17Fix asserts appearing in release buildsJames Morrissey
Also fix warnings generated in release builds when assert code is absent. Change-Id: I45b9173d3888f9e93e98eb5b4fdc06727ba5cbf4
2014-02-17Compile assembly files with -DDEBUG flagSandrine Bailleux
Change-Id: Ic6cf19402a0936161baf6b91bf75d64d95269a3c
2014-01-30Fix memmove and memcpyJon Medhurst
memmove needs to allow for overlapping memory regions and, together with memcpy, should return the input destination pointer, not the address after the end of the copied data. fixes ARM-software/tf-issues#18 Signed-off-by: Jon Medhurst <tixy@linaro.org>
2014-01-30Allow style checking of tree and local changesIan Spray
New phony Makefile targets have been added: * checkcodebase * checkpatch The checkcodebase target will run a Linux style compliance check over the entire codebase, and honours the V=1 Makefile verbose setting and so will show more information when this is enabled. If the local directory is a git checkout then the output of git ls-files is used to decide which files to test for compliance. If the local directory is not under git control then a 'best attempt' is made, but in this case it should be noted that it is possible for additional non-codebase files to be tested, so care should be taken when parsing the output. The checkpatch target will compare local changes against the git origin/master to allow issues with the last set of changes to be identified. To override the change comparision location, set the BASE_COMMIT variable to your desired git branch. Both targets rely on the Linux source tree script checkpatch.pl to do the syntax checking, and expects that the CHECKPATCH environment variable points to the location of this file. Notes on the usage of these targets have been added to the contributing.md and docs/user-guide.md text files. Change-Id: I6d73c97af578e24a34226d972afadab9d30f1d8d
2014-01-30Build system: Add cscope target to the MakefileJoakim Bech
Fixes arm-software/tf-issues#15 Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
2014-01-23fvp: clear a pending cluster power off requestAchin Gupta
The last CPU in a cluster is responsible for issuing the cluster power down request to the FVP power controller. If another CPU in this cluster wakes up before the last CPU enters WFI then the cluster power down request remains pending. If this request is not cancelled and the newly woken up CPU enters a simple WFI later, the power controller powers the cluster down. This leads to unpredictable behaviour. This patch fixes this issue by ensuring that the first CPU to wake up in a cluster writes its MPIDR to the power controller's PPONR. This cancels any pending cluster power down request. Change-Id: I7e787adfd6c9a0bd7308390e3309d46f35c01086