AgeCommit message (Collapse)Author
2014-05-22Introduce interrupt handling framework in BL3-1Achin Gupta
This patch adds a common handler for FIQ and IRQ exceptions in the BL3-1 runtime exception vector table. This function determines the interrupt type and calls its handler. A crash is reported if an inconsistency in the interrupt management framework is detected. In the event of a spurious interrupt, execution resumes from the instruction where the interrupt was generated. This patch also removes 'cm_macros.S' as its contents have been moved to 'runtime_exceptions.S' Change-Id: I3c85ecf8eaf43a3fac429b119ed0bd706d2e2093
2014-05-22Introduce platform api to access an ARM GICAchin Gupta
This patch introduces a set of functions which allow generic firmware code e.g. the interrupt management framework to access the platform interrupt controller. APIs for finding the type and id of the highest pending interrupt, acknowledging and EOIing an interrupt and finding the security state of an interrupt have been added. It is assumed that the platform interrupt controller implements the v2.0 of the ARM GIC architecture specification. Support for v3.0 of the specification for managing interrupts in EL3 and the platform port will be added in the future. Change-Id: Ib3a01c2cf3e3ab27806930f1be79db2b29f91bcf
2014-05-22Introduce interrupt registration framework in BL3-1Achin Gupta
This patch introduces a framework for registering interrupts routed to EL3. The interrupt routing model is governed by the SCR_EL3.IRQ and FIQ bits and the security state an interrupt is generated in. The framework recognizes three type of interrupts depending upon which exception level and security state they should be handled in i.e. Secure EL1 interrupts, Non-secure interrupts and EL3 interrupts. It provides an API and macros that allow a runtime service to register an handler for a type of interrupt and specify the routing model. The framework validates the routing model and uses the context management framework to ensure that it is applied to the SCR_EL3 prior to entry into the target security state. It saves the handler in internal data structures. An API is provided to retrieve the handler when an interrupt of a particular type is asserted. Registration is expected to be done once by the primary CPU. The same handler and routing model is used for all CPUs. Support for EL3 interrupts will be added to the framework in the future. A makefile flag has been added to allow the FVP port choose between ARM GIC v2 and v3 support in EL3. The latter version is currently unsupported. A framework for handling interrupts in BL3-1 will be introduced in subsequent patches. The default routing model in the absence of any handlers expects no interrupts to be routed to EL3. Change-Id: Idf7c023b34fcd4800a5980f2bef85e4b5c29e649
2014-05-22Add context library API to change a bit in SCR_EL3Achin Gupta
This patch adds an API to write to any bit in the SCR_EL3 member of the 'cpu_context' structure of the current CPU for a specified security state. This API will be used in subsequent patches which introduce interrupt management in EL3 to specify the interrupt routing model when execution is not in EL3. It also renames the cm_set_el3_elr() function to cm_set_elr_el3() which is more in line with the system register name being targeted by the API. Change-Id: I310fa7d8f827ad3f350325eca2fb28cb350a85ed
2014-05-22Rework 'state' field usage in per-cpu TSP contextAchin Gupta
This patch lays the foundation for using the per-cpu 'state' field in the 'tsp_context' structure for other flags apart from the power state of the TSP. It allocates 2 bits for the power state, introduces the necessary macros to manipulate the power state in the 'state' field and accordingly reworks all use of the TSP_STATE_* states. It also allocates a flag bit to determine if the TSP is handling a standard SMC. If this flag is set then the TSP was interrupted due to non-secure or EL3 interupt depending upon the chosen routing model. Macros to get, set and clear this flag have been added as well. This flag will be used by subsequent patches. Change-Id: Ic6ee80bd5895812c83b35189cf2c3be70a9024a6
2014-05-22Doc: Add the "Building the Test Secure Payload" sectionSandrine Bailleux
Add a section in the user guide explaining how to compile the TSP image and include it into the FIP. This includes instructions to make the TSP run from Trusted DRAM (rather than Trusted SRAM) on FVP. Change-Id: I04780757a149eeb5482a12a61e821be947b882c0
2014-05-22fvp: Move TSP from Secure DRAM to Secure SRAMSandrine Bailleux
The TSP used to execute from secure DRAM on the FVPs because there was not enough space in Trusted SRAM to fit it in. Thanks to recent RAM usage enhancements being implemented, we have made enough savings for the TSP to execute in SRAM. However, there is no contiguous free chunk of SRAM big enough to hold the TSP. Therefore, the different bootloader images need to be moved around to reduce memory fragmentation. This patch keeps the overall memory layout (i.e. keeping BL1 R/W at the bottom, BL2 at the top and BL3-1 in between) but moves the base addresses of all the bootloader images in such a way that: - memory fragmentation is reduced enough to fit BL3-2 in; - new base addresses are suitable for release builds as well as debug ones; - each image has a few extra kilobytes for future growth. BL3-1 and BL3-2 are the images which received the biggest slice of the cake since they will most probably grow the most. A few useful numbers for reference (valid at the time of this patch): |-----------------------|------------------------------- | image size (debug) | extra space for the future --------|-----------------------|------------------------------- BL1 R/W | 20 KB | 4 KB BL2 | 44 KB | 4 KB BL3-1 | 108 KB | 12 KB BL3-2 | 56 KB | 8 KB --------|-----------------------|------------------------------- Total | 228 KB | 28 KB = 256 KB --------|-----------------------|------------------------------- Although on FVPs the TSP now executes from Trusted SRAM by default, this patch keeps the option to execute it from Trusted DRAM. This is controlled by the build configuration 'TSP_RAM_LOCATION'. Fixes ARM-Software/tf-issues#81 Change-Id: Ifb9ef2befa9a2d5ac0813f7f79834df7af992b94
2014-05-22TSP: Let the platform decide which secure memory to useSandrine Bailleux
The TSP's linker script used to assume that the TSP would execute from secure DRAM. Although it is currently the case on FVPs, platforms are free to use any secure memory they wish. This patch introduces the flexibility to load the TSP into any secure memory. The platform code gets to specify the extents of this memory in the platform header file, as well as the BL3-2 image limit address. The latter definition allows to check in a generic way that the BL3-2 image fits in its bounds. Change-Id: I9450f2d8b32d74bd00b6ce57a0a1542716ab449c
2014-05-22Reserve some DDR DRAM for secure use on FVP platformsJuan Castillo
TZC-400 is configured to set the last 16MB of DRAM1 as secure memory and the rest of DRAM as non-secure. Non-secure software must not attempt to access the 16MB secure area. Device tree files (sources and binaries) have been updated to match this configuration, removing that memory from the Linux physical memory map. To use UEFI and Linux with this patch, the latest version of UEFI and the updated device tree files are required. Check the user guide in the documentation for more details. Replaced magic numbers with #define for memory region definition in the platform security initialization function. Fixes ARM-software/tf-issues#149 Change-Id: Ia5d070244aae6c5288ea0e6c8e89d92859522bfe
2014-05-22Add support for BL3-1 as a reset vectorVikram Kanigiri
This change adds optional reset vector support to BL3-1 which means BL3-1 entry point can detect cold/warm boot, initialise primary cpu, set up cci and mail box. When using BL3-1 as a reset vector it is assumed that the BL3-1 platform code can determine the location of the BL3-2 images, or load them as there are no parameters that can be passed to BL3-1 at reset. It also fixes the incorrect initialisation of mailbox registers on the FVP platform This feature can be enabled by building the code with make variable RESET_TO_BL31 set as 1 Fixes ARM-software/TF-issues#133 Fixes ARM-software/TF-issues#20 Change-Id: I4e23939b1c518614b899f549f1e8d412538ee570
2014-05-22Rework memory information passing to BL3-x imagesVikram Kanigiri
The issues addressed in this patch are: 1. Remove meminfo_t from the common interfaces in BL3-x, expecting that platform code will find a suitable mechanism to determine the memory extents in these images and provide it to the BL3-x images. 2. Remove meminfo_t and bl31_plat_params_t from all FVP BL3-x code as the images use link-time information to determine memory extents. meminfo_t is still used by common interface in BL1/BL2 for loading images Change-Id: I4e825ebf6f515b59d84dc2bdddf6edbf15e2d60f
2014-05-22Populate BL31 input parameters as per new specVikram Kanigiri
This patch is based on spec published at https://github.com/ARM-software/tf-issues/issues/133 It rearranges the bl31_args struct into bl31_params and bl31_plat_params which provide the information needed for Trusted firmware and platform specific data via x0 and x1 On the FVP platform BL3-1 params and BL3-1 plat params and its constituents are stored at the start of TZDRAM. The information about memory availability and size for BL3-1, BL3-2 and BL3-3 is moved into platform specific data. Change-Id: I8b32057a3d0dd3968ea26c2541a0714177820da9
2014-05-22Rework handover interface between BL stagesVikram Kanigiri
This patch reworks the handover interface from: BL1 to BL2 and BL2 to BL3-1. It removes the raise_el(), change_el(), drop_el() and run_image() functions as they catered for code paths that were never exercised. BL1 calls bl1_run_bl2() to jump into BL2 instead of doing the same by calling run_image(). Similarly, BL2 issues the SMC to transfer execution to BL3-1 through BL1 directly. Only x0 and x1 are used to pass arguments to BL31. These arguments and parameters for running BL3-1 are passed through a reference to a 'el_change_info_t' structure. They were being passed value in general purpose registers earlier. Change-Id: Id4fd019a19a9595de063766d4a66295a2c9307e1
2014-05-22Introduce macros to manipulate the SPSRVikram Kanigiri
This patch introduces macros (SPSR_64 and SPSR_32) to create a SPSR for both aarch32 and aarch64 execution states. These macros allow the user to set fields in the SPSR depending upon its format. The make_spsr() function which did not allow manipulation of all the fields in the aarch32 SPSR has been replaced by these new macros. Change-Id: I9425dda0923e8d5f03d03ddb8fa0e28392c4c61e
2014-05-22Merge pull request #91 from linmaonly/lin_devAndrew Thoelke
Address issue 156: 64-bit addresses get truncated
2014-05-22Merge pull request #83 from athoelke/at/tf-issues-126Andrew Thoelke
Set SCR_EL3.RW correctly before exiting bl31_main
2014-05-22Merge pull request #85 from hliebel/hl/bl30-docAndrew Thoelke
Improve BL3-0 documentation
2014-05-20Address issue 156: 64-bit addresses get truncatedLin Ma
Addresses were declared as "unsigned int" in drivers/arm/peripherals/pl011/pl011.h and in function init_xlation_table. Changed to use "unsigned long" instead Fixes ARM-software/tf-issues#156
2014-05-19Improve BL3-0 documentationHarry Liebel
Provide some information about the expected use of BL3-0. Fixes ARM-software/tf-issues#144 Change-Id: I5c8d59a675578394be89481ae4ec39ca37522750
2014-05-19Merge pull request #78 from jeenuv:tf-issues-148Andrew Thoelke
2014-05-16Add build configuration for timer save/restoreJeenu Viswambharan
At present, non-secure timer register contents are saved and restored as part of world switch by BL3-1. This effectively means that the non-secure timer stops, and non-secure timer interrupts are prevented from asserting until BL3-1 switches back, introducing latency for non-secure services. Often, secure world might depend on alternate sources for secure interrupts (secure timer or platform timer) instead of non-secure timers, in which case this save and restore is unnecessary. This patch introduces a boolean build-time configuration NS_TIMER_SWITCH to choose whether or not to save and restore non-secure timer registers upon world switch. The default choice is made not to save and restore them. Fixes ARM-software/tf-issues#148 Change-Id: I1b9d623606acb9797c3e0b02fb5ec7c0a414f37e
2014-05-16Document summary of build options in user guideJeenu Viswambharan
Change-Id: I6bd077955bf3780168a874705974bbe72ea0f5f1
2014-05-16Reorganize build optionsJeenu Viswambharan
At present, various build options are initialized at various places in the Makefile. This patch gathers all build option declarations at the top of the Makefile and assigns them default values. Change-Id: I9f527bc8843bf69c00cb754dc60377bdb407a951
2014-05-16Introduce convenience functions to buildJeenu Viswambharan
This patch introduces two convenience functions to the build system: - assert_boolean: asserts that a given option is assigned either 0 or 1 as values - add_define: helps add/append macro definitions to build tool command line. This also introduces the variable DEFINES which is used to collect and pass all relevant configurations to build tools Change-Id: I3126894b034470d39858ebb3bd183bda681c7126
2014-05-16Set SCR_EL3.RW correctly before exiting bl31_mainAndrew Thoelke
SCR_EL3.RW was not updated immediately before exiting bl31_main() and running BL3-3. If a AArch32 Secure-EL1 Payload had just been initialised, then the SCR_EL3.RW bit would be left indicating a 32-bit BL3-3, which may not be correct. This patch explicitly sets SCR_EL3.RW appropriately based on the provided SPSR_EL3 value for the BL3-3 image. Fixes ARM-software/tf-issues#126 Change-Id: Ic7716fe8bc87e577c4bfaeb46702e88deedd9895
2014-05-16Rework BL3-1 unhandled exception handling and reportingSoby Mathew
This patch implements the register reporting when unhandled exceptions are taken in BL3-1. Unhandled exceptions will result in a dump of registers to the console, before halting execution by that CPU. The Crash Stack, previously called the Exception Stack, is used for this activity. This stack is used to preserve the CPU context and runtime stack contents for debugging and analysis. This also introduces the per_cpu_ptr_cache, referenced by tpidr_el3, to provide easy access to some of BL3-1 per-cpu data structures. Initially, this is used to provide a pointer to the Crash stack. panic() now prints the the error file and line number in Debug mode and prints the PC value in release mode. The Exception Stack is renamed to Crash Stack with this patch. The original intention of exception stack is no longer valid since we intend to support several valid exceptions like IRQ and FIQ in the trusted firmware context. This stack is now utilized for dumping and reporting the system state when a crash happens and hence the rename. Fixes ARM-software/tf-issues#79 Improve reporting of unhandled exception Change-Id: I260791dc05536b78547412d147193cdccae7811a
2014-05-16Merge pull request #71 from sandrine-bailleux:sb/fix-tsp-fvp-makefileAndrew Thoelke
2014-05-16Merge pull request #69 from sandrine-bailleux:sb/split-mmu-fcts-per-elAndrew Thoelke
2014-05-16Merge pull request #68 from jcastillo-arm/jc/tf-issues/137Andrew Thoelke
Change-Id: If8744c38c2d5c50caa7454b055e2ba418cf1e8bf
2014-05-16Merge pull request #66 from athoelke/tzc-config-fixdanh-arm
Fixes for TZC configuration on FVP
2014-05-13fvp: Use the right implem. of plat_report_exception() in BL3-2Sandrine Bailleux
On FVP, the file 'plat/fvp/aarch64/plat_helpers.S' contains an FVP-specific implementation of the function 'plat_report_exception()', which is meant to override the default implementation. However, this file was not included into the BL3-2 image, meaning it was still using the default implementation. This patch fixes the FVP makefile to compile this file in. Change-Id: I3d44b9ec3a9de7e2762e0887d3599b185d3e28d2
2014-05-13Fix C accessors to GIC distributor registers with set/clear semanticsJuan Castillo
This patch fixes C accessors to GIC registers that follow a set/clear semantic to change the state of an interrupt, instead of read/write/modify. These registers are: Set-Enable Clear-Enable Set-Pending Clear-Pending Set-Active Clear-Active For instance, to enable an interrupt we write a one to the corresponding bit in the Set-Enable register, whereas to disable it we write a one to the corresponding bit in the Clear-Enable register. Fixes ARM-software/tf-issues#137 Change-Id: I3b66bad94d0b28e0fe08c9042bac0bf5ffa07944
2014-05-12Fix broken standby state implementation in PSCIAchin Gupta
This patch fixes the broken support for entry into standby states introduced under commit-id 'd118f9f864' (tf-issues#94). Upon exit from the platform defined standby state instead of returning to the caller of the SMC, execution would get stuck in the wfi instruction meant for entering a power down state. This patch ensures that exit from a standby state and entry into a power down state do not interfere with each other. Fixes ARM-software/tf-issues#154 Change-Id: I56e5df353368e44d6eefc94ffedefe21929f5cfe
2014-05-12Fixes for TZC configuration on FVPAndrew Thoelke
The TZC configuration on FVP was incorrectly allowing both secure and non-secure accesses to the DRAM, which can cause aliasing problems for software. It was also not enabling virtio access on some models. This patch fixes both of those issues. The patch also enabless non-secure access to the DDR RAM for all devices with defined IDs. The third region of DDR RAM has been removed from the configuration as this is not used in any of the FVP models. Fixes ARM-software/tf-issues#150 Fixes ARM-software/tf-issues#151 Change-Id: I60ad5daaf55e14f178affb8afd95d17e7537abd7
2014-05-09fvp: Provide per-EL MMU setup functionsSandrine Bailleux
Instead of having a single version of the MMU setup functions for all bootloader images that can execute either in EL3 or in EL1, provide separate functions for EL1 and EL3. Each bootloader image can then call the appropriate version of these functions. The aim is to reduce the amount of code compiled in each BL image by embedding only what's needed (e.g. BL1 to embed only EL3 variants). Change-Id: Ib86831d5450cf778ae78c9c1f7553fe91274c2fa
2014-05-09Introduce IS_IN_ELX() macrosSandrine Bailleux
The goal of these macros is to improve code readability by providing a concise way to check whether we are running in the expected exception level. Change-Id: If9aebadfb6299a5196e9a582b442f0971d9909b1
2014-05-08Merge pull request #65 from vikramkanigiri/vk/console_initdanh-arm
Ensure a console is initialized before it is used
2014-05-08Merge pull request #63 from ↵danh-arm
soby-mathew/sm/save_callee_saved_registers_in_cpu_context-1 Preserve x19-x29 across world switch for exception handling
2014-05-08Ensure a console is initialized before it is usedVikram Kanigiri
This patch moves console_init() to bl32_early_platform_setup(). It also ensures that console_init() is called in each blX_early_platform_setup() function before the console is used e.g. through a printf call in an assert() statement. Fixes ARM-software/TF-issues#127 Change-Id: I5b1f17e0152bab674d807d2a95ff3689c5d4794e
2014-05-08Merge pull request #62 from athoelke/set-little-endian-v2danh-arm
Set processor endianness immediately after RESET v2
2014-05-08Preserve x19-x29 across world switch for exception handlingSoby Mathew
Previously exception handlers in BL3-1, X19-X29 were not saved and restored on every SMC/trap into EL3. Instead these registers were 'saved as needed' as a side effect of the A64 ABI used by the C compiler. That approach failed when world switching but was not visible with the TSP/TSPD code because the TSP is 64-bit, did not clobber these registers when running and did not support pre-emption by normal world interrupts. These scenarios showed that the values in these registers can be passed through a world switch, which broke the normal and trusted world assumptions about these registers being preserved. The Ideal solution saves and restores these registers when a world switch occurs - but that type of implementation is more complex. So this patch always saves and restores these registers on entry and exit of EL3. Fixes ARM-software/tf-issues#141 Change-Id: I9a727167bbc594454e81cf78a97ca899dfb11c27
2014-05-08Merge pull request #58 from athoelke/optimise-cache-flush-v2danh-arm
Optimise data cache clean/invalidate operation v2
2014-05-08Merge pull request #61 from athoelke/use-mrs-msr-from-assembler-v2danh-arm
Use MRS/MSR instructions in assembler code v2
2014-05-08Merge pull request #60 from athoelke/disable-mmu-v2danh-arm
Replace disable_mmu with assembler version v2
2014-05-08Merge pull request #59 from athoelke/review-barriers-v2danh-arm
Correct usage of data and instruction barriers v2
2014-05-08Merge pull request #57 from sandrine-bailleux/sb/remove-pl011-basedanh-arm
Remove unused 'PL011_BASE' macro
2014-05-08Remove unused 'PL011_BASE' macroSandrine Bailleux
'PL011_BASE' macro is no longer used because the right UART base address is now directly given to the 'console_init()' function. This patch removes it. Change-Id: I94759c99602df4876291a56f9f6a75de337a65ec
2014-05-07Optimise data cache clean/invalidate operationAndrew Thoelke
The data cache clean and invalidate operations dcsw_op_all() and dcsw_op_loius() were implemented to invoke a DSB and ISB barrier for every set/way operation. This adds a substantial performance penalty to an already expensive operation. These functions have been reworked to provide an optimised implementation derived from the code in section D3.4 of the ARMv8 ARM. The helper macro setup_dcsw_op_args has been moved and reworked alongside the implementation. Fixes ARM-software/tf-issues#146 Change-Id: Icd5df57816a83f0a842fce935320a369f7465c7f
2014-05-07Remove unused or invalid asm helper functionsAndrew Thoelke
There are a small number of non-EL specific helper functions which are no longer used, and also some unusable helper functions for non-existant registers. This change removes all of these functions. Change-Id: Idd656cef3b59cf5c46fe2be4029d72288b649c24
2014-05-07Access system registers directly in assemblerAndrew Thoelke
Instead of using the system register helper functions to read or write system registers, assembler coded functions should use MRS/MSR instructions. This results in faster and more compact code. This change replaces all usage of the helper functions with direct register accesses. Change-Id: I791d5f11f257010bb3e6a72c6c5ab8779f1982b3