path: root/docs
AgeCommit message (Collapse)Author
2014-05-23Merge pull request #101 from sandrine-bailleux:sb/tf-issue-81-v2Andrew Thoelke
2014-05-23doc: Update information about the memory layoutSandrine Bailleux
Rework the "Memory layout on FVP platforms" section in the Firmware Design document. Add information about where the TSP image fits in the memory layout when present. Add documentation for the base addresses of each bootloader image in the porting guide. Change-Id: I4afb2605e008a1cb28c44a697804f2cb6bb4c9aa
2014-05-23Merge pull request #102 from achingupta:ag/tf-issues#104-v2Andrew Thoelke
2014-05-23Merge pull request #100 from jcastillo-arm:jc/tf-issues/149-v4Andrew Thoelke
2014-05-23Merge pull request #101 from sandrine-bailleux:sb/tf-issue-81-v2Andrew Thoelke
2014-05-23Merge pull request #103 from athoelke:dh/tf-issues#68-v3Andrew Thoelke
2014-05-22Allow BL3-2 platform definitions to be optionalDan Handley
The generic image loading and IO FIP code no longer forces the platform to create BL3-2 (Secure-EL1 Payload) specific definitions. The BL3-2 loading code in bl2/bl2main.c is wrapped by a #ifdef BL32_BASE blocks, allowing the BL3-2 definitions to be optional. Similarly for the name_uuid array defintion in drivers/io/io_fip.c. Also update the porting guide to reflect this change. The BL3-2 platform definitions remain non-configurably present in the FVP port. Fixes ARM-software/tf-issues#68 Change-Id: Iea28b4e94d87a31f5522f271e290919a8a955460
2014-05-22Introduce interrupt handling framework in BL3-1Achin Gupta
This patch adds a common handler for FIQ and IRQ exceptions in the BL3-1 runtime exception vector table. This function determines the interrupt type and calls its handler. A crash is reported if an inconsistency in the interrupt management framework is detected. In the event of a spurious interrupt, execution resumes from the instruction where the interrupt was generated. This patch also removes 'cm_macros.S' as its contents have been moved to 'runtime_exceptions.S' Change-Id: I3c85ecf8eaf43a3fac429b119ed0bd706d2e2093
2014-05-22Introduce interrupt registration framework in BL3-1Achin Gupta
This patch introduces a framework for registering interrupts routed to EL3. The interrupt routing model is governed by the SCR_EL3.IRQ and FIQ bits and the security state an interrupt is generated in. The framework recognizes three type of interrupts depending upon which exception level and security state they should be handled in i.e. Secure EL1 interrupts, Non-secure interrupts and EL3 interrupts. It provides an API and macros that allow a runtime service to register an handler for a type of interrupt and specify the routing model. The framework validates the routing model and uses the context management framework to ensure that it is applied to the SCR_EL3 prior to entry into the target security state. It saves the handler in internal data structures. An API is provided to retrieve the handler when an interrupt of a particular type is asserted. Registration is expected to be done once by the primary CPU. The same handler and routing model is used for all CPUs. Support for EL3 interrupts will be added to the framework in the future. A makefile flag has been added to allow the FVP port choose between ARM GIC v2 and v3 support in EL3. The latter version is currently unsupported. A framework for handling interrupts in BL3-1 will be introduced in subsequent patches. The default routing model in the absence of any handlers expects no interrupts to be routed to EL3. Change-Id: Idf7c023b34fcd4800a5980f2bef85e4b5c29e649
2014-05-22Doc: Add the "Building the Test Secure Payload" sectionSandrine Bailleux
Add a section in the user guide explaining how to compile the TSP image and include it into the FIP. This includes instructions to make the TSP run from Trusted DRAM (rather than Trusted SRAM) on FVP. Change-Id: I04780757a149eeb5482a12a61e821be947b882c0
2014-05-22TSP: Let the platform decide which secure memory to useSandrine Bailleux
The TSP's linker script used to assume that the TSP would execute from secure DRAM. Although it is currently the case on FVPs, platforms are free to use any secure memory they wish. This patch introduces the flexibility to load the TSP into any secure memory. The platform code gets to specify the extents of this memory in the platform header file, as well as the BL3-2 image limit address. The latter definition allows to check in a generic way that the BL3-2 image fits in its bounds. Change-Id: I9450f2d8b32d74bd00b6ce57a0a1542716ab449c
2014-05-22Reserve some DDR DRAM for secure use on FVP platformsJuan Castillo
TZC-400 is configured to set the last 16MB of DRAM1 as secure memory and the rest of DRAM as non-secure. Non-secure software must not attempt to access the 16MB secure area. Device tree files (sources and binaries) have been updated to match this configuration, removing that memory from the Linux physical memory map. To use UEFI and Linux with this patch, the latest version of UEFI and the updated device tree files are required. Check the user guide in the documentation for more details. Replaced magic numbers with #define for memory region definition in the platform security initialization function. Fixes ARM-software/tf-issues#149 Change-Id: Ia5d070244aae6c5288ea0e6c8e89d92859522bfe
2014-05-22Merge pull request #85 from hliebel/hl/bl30-docAndrew Thoelke
Improve BL3-0 documentation
2014-05-19Improve BL3-0 documentationHarry Liebel
Provide some information about the expected use of BL3-0. Fixes ARM-software/tf-issues#144 Change-Id: I5c8d59a675578394be89481ae4ec39ca37522750
2014-05-19Merge pull request #78 from jeenuv:tf-issues-148Andrew Thoelke
2014-05-16Add build configuration for timer save/restoreJeenu Viswambharan
At present, non-secure timer register contents are saved and restored as part of world switch by BL3-1. This effectively means that the non-secure timer stops, and non-secure timer interrupts are prevented from asserting until BL3-1 switches back, introducing latency for non-secure services. Often, secure world might depend on alternate sources for secure interrupts (secure timer or platform timer) instead of non-secure timers, in which case this save and restore is unnecessary. This patch introduces a boolean build-time configuration NS_TIMER_SWITCH to choose whether or not to save and restore non-secure timer registers upon world switch. The default choice is made not to save and restore them. Fixes ARM-software/tf-issues#148 Change-Id: I1b9d623606acb9797c3e0b02fb5ec7c0a414f37e
2014-05-16Document summary of build options in user guideJeenu Viswambharan
Change-Id: I6bd077955bf3780168a874705974bbe72ea0f5f1
2014-05-16Rework BL3-1 unhandled exception handling and reportingSoby Mathew
This patch implements the register reporting when unhandled exceptions are taken in BL3-1. Unhandled exceptions will result in a dump of registers to the console, before halting execution by that CPU. The Crash Stack, previously called the Exception Stack, is used for this activity. This stack is used to preserve the CPU context and runtime stack contents for debugging and analysis. This also introduces the per_cpu_ptr_cache, referenced by tpidr_el3, to provide easy access to some of BL3-1 per-cpu data structures. Initially, this is used to provide a pointer to the Crash stack. panic() now prints the the error file and line number in Debug mode and prints the PC value in release mode. The Exception Stack is renamed to Crash Stack with this patch. The original intention of exception stack is no longer valid since we intend to support several valid exceptions like IRQ and FIQ in the trusted firmware context. This stack is now utilized for dumping and reporting the system state when a crash happens and hence the rename. Fixes ARM-software/tf-issues#79 Improve reporting of unhandled exception Change-Id: I260791dc05536b78547412d147193cdccae7811a
2014-05-12Fixes for TZC configuration on FVPAndrew Thoelke
The TZC configuration on FVP was incorrectly allowing both secure and non-secure accesses to the DRAM, which can cause aliasing problems for software. It was also not enabling virtio access on some models. This patch fixes both of those issues. The patch also enabless non-secure access to the DDR RAM for all devices with defined IDs. The third region of DDR RAM has been removed from the configuration as this is not used in any of the FVP models. Fixes ARM-software/tf-issues#150 Fixes ARM-software/tf-issues#151 Change-Id: I60ad5daaf55e14f178affb8afd95d17e7537abd7
2014-04-24FVP secure memory support documentationHarry Liebel
Fixes ARM-software/tf-issues#64 Change-Id: I4e56c25f9dc7f486fbf6fa2f7d8253874119b989
2014-04-15Allocate single stacks for BL1 and BL2Andrew Thoelke
The BL images share common stack management code which provides one coherent and one cacheable stack for every CPU. BL1 and BL2 just execute on the primary CPU during boot and do not require the additional CPU stacks. This patch provides separate stack support code for UP and MP images, substantially reducing the RAM usage for BL1 and BL2 for the FVP platform. This patch also provides macros for declaring stacks and calculating stack base addresses to improve consistency where this has to be done in the firmware. The stack allocation source files are now included via platform.mk rather than the common BLx makefiles. This allows each platform to select the appropriate MP/UP stack support for each BL image. Each platform makefile must be updated when including this commit. Fixes ARM-software/tf-issues#76 Change-Id: Ia251f61b8148ffa73eae3f3711f57b1ffebfa632
2014-04-08Define frequency of system counter in platform codeSandrine Bailleux
BL3-1 architecture setup code programs the system counter frequency into the CNTFRQ_EL0 register. This frequency is defined by the platform, though. This patch introduces a new platform hook that the architecture setup code can call to retrieve this information. In the ARM FVP port, this returns the first entry of the frequency modes table from the memory mapped generic timer. All system counter setup code has been removed from BL1 as some platforms may not have initialized the system counters at this stage. The platform specific settings done exclusively in BL1 have been moved to BL3-1. In the ARM FVP port, this consists in enabling and initializing the System level generic timer. Also, the frequency change request in the counter control register has been set to 0 to make it explicit it's using the base frequency. The CNTCR_FCREQ() macro has been fixed in this context to give an entry number rather than a bitmask. In future, when support for firmware update is implemented, there is a case where BL1 platform specific code will need to program the counter frequency. This should be implemented at that time. This patch also updates the relevant documentation. It properly fixes ARM-software/tf-issues#24 Change-Id: If95639b279f75d66ac0576c48a6614b5ccb0e84b
2014-04-08Revert "Move architecture timer setup to platform-specific code"Sandrine Bailleux
This reverts commit 1c297bf015226c182b66498d5a64b8b51c7624f5 because it introduced a bug: the CNTFRQ_EL0 register was no longer programmed by all CPUs. bl31_platform_setup() function is invoked only in the cold boot path and consequently only on the primary cpu. A subsequent commit will correctly implement the necessary changes to the counter frequency setup code. Fixes ARM-software/tf-issues#125 Conflicts: docs/firmware-design.md plat/fvp/bl31_plat_setup.c Change-Id: Ib584ad7ed069707ac04cf86717f836136ad3ab54
2014-03-26Initialise UART console in all bootloader stagesVikram Kanigiri
This patch reworks the console driver to ensure that each bootloader stage initializes it independently. As a result, both BL3-1 and BL2 platform code now calls console_init() instead of relying on BL1 to perform console setup Fixes ARM-software/tf-issues#120 Change-Id: Ic4d66e0375e40a2fc7434afcabc8bbb4715c14ab
2014-03-20Implement ARM Standard ServiceJeenu Viswambharan
This patch implements ARM Standard Service as a runtime service and adds support for call count, UID and revision information SMCs. The existing PSCI implementation is subsumed by the Standard Service calls and all PSCI calls are therefore dispatched by the Standard Service to the PSCI handler. At present, PSCI is the only specification under Standard Service. Thus call count returns the number of PSCI calls implemented. As this is the initial implementation, a revision number of 0.1 is returned for call revision. Fixes ARM-software/tf-issues#62 Change-Id: I6d4273f72ad6502636efa0f872e288b191a64bc1
2014-03-10Move architecture timer setup to platform-specific codeJeenu Viswambharan
At present, bl1_arch_setup() and bl31_arch_setup() program the counter frequency using a value from the memory mapped generic timer. The generic timer however is not necessarily present on all ARM systems (although it is architected to be present on all server systems). This patch moves the timer setup to platform-specific code and updates the relevant documentation. Also, CNTR.FCREQ is set as the specification requires the bit corresponding to the counter's frequency to be set when enabling. Since we intend to use the base frequency, set bit 8. Fixes ARM-software/tf-issues#24 Change-Id: I32c52cf882253e01f49056f47c58c23e6f422652
2014-03-05Enable platforms to omit some bootloadersJon Medhurst
If a platform doesn't specify a BLx_SOURCE variable, then building of the corresponding bootloader isn't attempted. Also allow BL3-3 to be omitted from the FIP. Note, this change also removes support for PLAT=all and the 'fip' target from the 'all' recipe. Fixes ARM-software/tf-issues#30 Change-Id: Ibdfead0440256eaf364617ecff65290ca6fe6240 Signed-off-by: Jon Medhurst <tixy@linaro.org>
2014-02-28Add v0.3 release documentationDan Handley
Update the readme.md and change-log.md with release information. Also, remove the "Detailed changes since last release" section of the change-log.md since the same information can be found in the GIT commit messages. Fixes ARM-software/tf-issues#22. Change-Id: I968cc8aaf588aa5c34ba8f1c12a5b797a46e04f5
2014-02-28Consolidate design and porting documentationDan Handley
Consolidate firmware-design.md and porting-guide.pm so that recently added sections fit better with pre-existing sections. Make the documentation more consistent in use of terminology. Change-Id: Id87050b096122fbd845189dc2fe1cd17c3003468
2014-02-28Add EL3 runtime services and SPD documentationDan Handley
1. Add design information on EL3 runtime services and Secure-EL1 Payload Dispatchers (SPD) to firmware-design.md. 2. Create new EL3 runtime service writer's guide (rt-svc-writers-guide.md) to ease creation of new runtime services. Change-Id: I670aeb5fc246e25c6e599a15139aac886a0074fd
2014-02-28Separate firmware design out of user-guide.mdDan Handley
Move the firmware design documentation out of user-guide.md and into a new file - firmware-design.md. Reformat the section headers. Change-Id: I664815dd47011c7c1cf2202aa4472a8fd78ebb92
2014-02-28Update versions of dependencies in user-guide.mdDan Handley
1. Update user-guide.md with the latest versions of dependent components required by the tested configurations of ARM Trusted Firmware. This includes the tested versions of Fixed Virtual Platforms (FVPs), toolchain, EFI Development Kit 2(EDK2), Linux kernel and Linux file system. 2. Remove the instructions to configure the Cortex Base FVP with the legacy GICv2 memory map as this is no longer supported since version 5.3 of the Base FVPs. 3. General tidyup of "Using the software" section. Change-Id: If8264cd29036b59dc5ff435b5f8b1d072dd36ef0
2014-02-26fvp: Initialise UART earlierSandrine Bailleux
The UART used to be initialised in bl1_platform_setup(). This is too late because there are some calls to the assert() macro, which needs to print some messages on the console, before that. This patch moves the UART initialisation code to bl1_early_platform_setup(). Fixes ARM-software/tf-issues#49 Change-Id: I98c83a803866372806d2a9c2e1ed80f2ef5b3bcc
2014-02-20Add support for BL3-2 in BL3-1Achin Gupta
This patch adds the following support to the BL3-1 stage: 1. BL3-1 allows runtime services to specify and determine the security state of the next image after BL3-1. This has been done by adding the `bl31_set_next_image_type()` & `bl31_get_next_image_type()` apis. The default security state is non-secure. The platform api `bl31_get_next_image_info()` has been modified to let the platform decide which is the next image in the desired security state. 2. BL3-1 exports the `bl31_prepare_next_image_entry()` function to program entry into the target security state. It uses the apis introduced in 1. to do so. 3. BL3-1 reads the information populated by BL2 about the BL3-2 image into its internal data structures. 4. BL3-1 introduces a weakly defined reference `bl32_init()` to allow initialisation of a BL3-2 image. A runtime service like the Secure payload dispatcher will define this function if present. Change-Id: Icc46dcdb9e475ce6575dd3f9a5dc7a48a83d21d1
2014-02-20Add support for BL3-2 in BL2Achin Gupta
This patch adds support for loading a BL3-2 image in BL2. In case a BL3-2 image is found, it also passes information to BL3-1 about where it is located and the extents of memory available to it. Information about memory extents is populated by platform specific code. The documentation has also been updated to reflect the above changes. Change-Id: I526b2efb80babebab1318f2b02e319a86d6758b0 Co-authored-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2014-02-20Rework BL2 to BL3-1 hand over interfaceAchin Gupta
This patch reworks BL2 to BL3-1 hand over interface by introducing a composite structure (bl31_args) that holds the superset of information that needs to be passed from BL2 to BL3-1. - The extents of secure memory available to BL3-1 - The extents of memory available to BL3-2 (not yet implemented) and BL3-3 - Information to execute BL3-2 (not yet implemented) and BL3-3 images This patch also introduces a new platform API (bl2_get_bl31_args_ptr) that needs to be implemented by the platform code to export reference to bl31_args structure which has been allocated in platform-defined memory. The platform will initialize the extents of memory available to BL3-3 during early platform setup in bl31_args structure. This obviates the need for bl2_get_ns_mem_layout platform API. BL2 calls the bl2_get_bl31_args_ptr function to get a reference to bl31_args structure. It uses the 'bl33_meminfo' field of this structure to load the BL3-3 image. It sets the entry point information for the BL3-3 image in the 'bl33_image_info' field of this structure. The reference to this structure is passed to the BL3-1 image. Also fixes issue ARM-software/tf-issues#25 Change-Id: Ic36426196dd5ebf89e60ff42643bed01b3500517
2014-02-17Add Firmware Image Package (FIP) documentationHarry Liebel
This fixes ARM-software/tf-issues#9 Change-Id: Id57037115b8762efc9eaf5ff41887b71d6494c5d
2014-01-30Allow style checking of tree and local changesIan Spray
New phony Makefile targets have been added: * checkcodebase * checkpatch The checkcodebase target will run a Linux style compliance check over the entire codebase, and honours the V=1 Makefile verbose setting and so will show more information when this is enabled. If the local directory is a git checkout then the output of git ls-files is used to decide which files to test for compliance. If the local directory is not under git control then a 'best attempt' is made, but in this case it should be noted that it is possible for additional non-codebase files to be tested, so care should be taken when parsing the output. The checkpatch target will compare local changes against the git origin/master to allow issues with the last set of changes to be identified. To override the change comparision location, set the BASE_COMMIT variable to your desired git branch. Both targets rely on the Linux source tree script checkpatch.pl to do the syntax checking, and expects that the CHECKPATCH environment variable points to the location of this file. Notes on the usage of these targets have been added to the contributing.md and docs/user-guide.md text files. Change-Id: I6d73c97af578e24a34226d972afadab9d30f1d8d
2014-01-20psci: fix affinity level upgrade issueAchin Gupta
The psci implementation does not track target affinity level requests specified during cpu_suspend calls correctly as per the following example. 1. cpu0.cluster0 calls cpu_suspend with the target affinity level as 0 2. Only the cpu0.cluster0 is powered down while cluster0 remains powered up 3. cpu1.cluster0 calls cpu_off to power itself down to highest possible affinity level 4. cluster0 will be powered off even though cpu0.cluster0 does not allow cluster shutdown This patch introduces reference counts at affinity levels > 0 to track the number of cpus which want an affinity instance at level X to remain powered up. This instance can be turned off only if its reference count is 0. Cpus still undergo the normal state transitions (ON, OFF, ON_PENDING, SUSPEND) but the higher levels can only be either ON or OFF depending upon their reference count. The above issue is thus fixed as follows: 1. cluster0's reference count is incremented by two when cpu0 and cpu1 are initially powered on. 2. cpu0.cluster0 calls cpu_suspend with the target affinity level as 0. This does not affect the cluster0 reference count. 3. Only the cpu0.cluster0 is powered down while cluster0 remains powered up as it has a non-zero reference count. 4. cpu1.cluster0 call cpu_off to power itself down to highest possible affinity level. This decrements the cluster0 reference count. 5. cluster0 is still not powered off since its reference count will at least be 1 due to the restriction placed by cpu0. Change-Id: I433dfe82b946f5f6985b1602c2de87800504f7a9
2014-01-20fvp: rename fvp_* files to plat_*Ryan Harkin
The FVP platform has a few filenames that begin with fvp_. These are renamed to plat_ to make it easier to use the FVP port as a template. Change-Id: I601e6256d5ef3bae81a2e1f5df6de56db5b27069 Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
2014-01-20Build system: Fixes #2: Add multi-platform supportRyan Harkin
Move all explicit platform or architecture specific references into a new platform.mk file that is defined for each platform. Change-Id: I9d6320d1ba957e0cc8d9b316b3578132331fa428 Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
2014-01-17Probe for GICv3 re-distributors on core bring-upHarry Liebel
The GICv3 distributor can have more ports than CPUs are available in the system. Probe all re-distributors and use the matching affinity levels as specified by each core and re-distributor to decide which re-distributor to use with which CPU core. If a core cannot be matched with a re-distributor, the core panics and is placed in an endless loop. Change-Id: Ie393cfe07c7449a2383959e3c968664882e18afc
2014-01-17Do not trap access to floating point registersHarry Liebel
Traps when accessing architectural features are disabled by clearing bits in CPTR_EL3 during early boot, including accesses to floating point registers. The value of this register was previously undetermined, causing unwanted traps to EL3. Future EL3 code (for example, context save/restore code) may use floating point registers, although they are not used by current code. Also, the '-mgeneral-regs-only' flag is enabled in the GCC settings to prevent generation of code that uses floating point registers. Change-Id: I9a03675f6387bbbee81a6f2c9ccf81150db03747
2014-01-17Update year in copyright text to 2014Dan Handley
Change-Id: Ic7fb61aabae1d515b9e6baf3dd003807ff42da60
2014-01-17Refer to separate issue tracking repositoryDan Handley
Update documentation to refer to separate issue tracking repository, https://github.com/ARM-software/tf-issues/issues. Change-Id: Ib1cef65b0da420bec58290d8743eb069b1226c96
2014-01-17Do not let GCC use built-in functionsHarry Liebel
In order to reduce the software dependency on the compiler, the project is now compiled with the '-ffreestanding' flag. This is to prevent GCC from replacing functions with more optimised versions. An example is where GCC replaces a simple printf() with a puts(). Change-Id: I1973fe6957cd708e8432a0039af9d50e037bd884
2013-12-20Local C library documentation updatesHarry Liebel
- Update porting guide to describe where files live and how to get FreeBSD source code. - Update change-log to describe relocation and new functions. Change-Id: Id8f30cc7bafdd1064b3a5c5aae958c5aa3fb79f3
2013-12-12Remove useless copies of meminfo structuresSandrine Bailleux
Platform setup code has to reserve some memory for storing the memory layout information. It is populated in early platform setup code. blx_get_sec_mem_layout() functions used to return a copy of this structure. This patch modifies blx_get_sec_mem_layout() functions so that they now directly return a pointer to their memory layout structure. It ensures that the memory layout returned by blx_get_sec_mem_layout() is always up-to-date and also avoids a useless copy of the meminfo structure. Also rename blx_get_sec_mem_layout() to blx_plat_sec_mem_layout() to make it clear those functions are platform specific. Change-Id: Ic7a6f9d6b6236b14865ab48a9f5eff545ce56551
2013-12-05psci: update docs with status of cpu_suspend apiAchin Gupta
This patch makes changes to the documents to reflect the current state of play of the psci cpu_suspend function. Change-Id: I086509fb75111b6e9f93b7f6dbcd33cc4591b9f3
2013-12-05remove check on non-secure entrypoint parameterAchin Gupta
In fvp_affinst_on/suspend, the non-secure entrypoint is always expected to lie in the DRAM. This check will not be valid if non-secure code executes directly out of flash e.g. a baremetal test. This patch removes this check. Change-Id: I0436e1138fc394aae8ff1ea59ebe38b46a440b61