Age | Commit message (Collapse) | Author |
|
ARMv8.6 adds virtual offset registers to support virtualization of the
event counters in EL1 and EL0. This patch enables support for this
feature in EL3 firmware.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I7ee1f3d9f554930bf5ef6f3d492e932e6d95b217
|
|
This adds the TRNG Firmware Interface Service to the standard
service dispatcher. This includes a method for dispatching entropy
requests to platforms and includes an entropy pool implementation to
avoid dropping any entropy requested from the platform.
Change-Id: I71cadb3cb377a507652eca9e0d68714c973026e9
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
|
|
* changes:
plat/qemu: Use RNDR in stack protector
Makefile: Add FEAT_RNG support define
Define registers for FEAT_RNG support
|
|
Define ENABLE_FEAT_RNG that describes whether the
armv8.5 FEAT_RNG is supported in this build. This
allows conditional inclusion of code targetting
RNDR and RNDRRS registers.
Signed-off-by: Tomas Pilar <tomas@nuviainc.com>
Change-Id: Idd632f8b9bc20ea3d8793f55ead88fa12cb08821
|
|
Currently ${FIP_DEPS} as prerequisite for ${BUILD_PLAT}/${FIP_NAME}
contains .PHONY targets check_$(1) and therefore ${BUILD_PLAT}/${FIP_NAME}
is always rebuilt even when other file target prerequisites are not
changed.
These changes fix above issue and ${BUILD_PLAT}/${FIP_NAME} target is
rebuilt only when its prerequisites are changed.
There are 3 changes:
Content of check_$(1) target is moved into check_$(1)_cmd variable so it
can be easily reused.
.PHONY check_$(1) targets are not put into ${FIP_DEPS} and ${FWU_FIP_DEPS}
dependencies anymore and required checks which are in ${CHECK_FIP_CMD} and
${CHECK_FWU_FIP_CMD} variables are executed as part of targets
${BUILD_PLAT}/${FIP_NAME} and ${BUILD_PLAT}/${FWU_FIP_NAME} itself.
To ensure that ${BUILD_PLAT}/${FIP_NAME} and ${BUILD_PLAT}/${FWU_FIP_NAME}
are rebuilt even when additional dependency file image added by
TOOL_ADD_IMG is changed, this file image (if exists) is added as file
dependency to ${FIP_DEPS} and ${FWU_FIP_DEPS}. If it does not exist then
FORCE target is added to ensure that FIP/FWU_FIP is rebuilt. Command
${CHECK_FIP_CMD}/${CHECK_FWU_FIP_CMD} will then thrown an error message if
the file is required but not present.
So this change ensures that if BL33 image is updated then final FIP image
is updated too. And if BL33 image is not specified or does not exist and is
required to be present then check_$(1)_cmd call from ${CHECK_FIP_CMD} would
ensure that error message is thrown during build.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I635cf82e2b667ff57e2af83500d4aca71d235e3e
|
|
Only non-file targets should be set a .PHONY. Otherwise if file target is
set as .PHONY then targets which depends on those file .PHONY targets would
be always rebuilt even when their prerequisites are not changed.
File target which needs to be always rebuilt can be specified in Make
system via having a prerequisite on some .PHONY target, instead of marking
whole target as .PHONY. In Makefile projects it is common to create empty
.PHONY target named FORCE for this purpose.
This patch changes all file targets which are set as .PHONY to depends on
new .PHONY target FORCE, to ensure that these file targets are always
rebuilt (as before). Basically they are those targets which calls external
make subprocess.
After FORCE target is specified in main Makefile, remove it from other
Makefile files to prevent duplicate definitions.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Iee3b4e0de93879b95eb29a1745a041538412e69e
|
|
|
|
If FEAT_PMUv3 is implemented and PMEVTYPER<n>(_EL0).MT bit is implemented
as well, it is possible to control whether PMU counters take into account
events happening on other threads.
If FEAT_MTPMU is implemented, EL3 (or EL2) can override the MT bit
leaving it to effective state of 0 regardless of any write to it.
This patch introduces the DISABLE_MTPMU flag, which allows to diable
multithread event count from EL3 (or EL2). The flag is disabled
by default so the behavior is consistent with those architectures
that do not implement FEAT_MTPMU.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: Iee3a8470ae8ba13316af1bd40c8d4aa86e0cb85e
|
|
This patch adds a new ARM_ARCH_FEATURE build option
to add support for compiler's feature modifiers.
It has the form '[no]feature+...' and defaults to
'none'. This option translates into compiler option
'-march=armvX[.Y]-a+[no]feature+...'.
Change-Id: I37742f270a898f5d6968e146cbcc04cbf53ef2ad
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
|
|
Updated the minor version to '4' to indicate 2.4 release
Change-Id: Ib142fa15baeb43025fae371c7649199b8121c18f
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
|
|
Include EL2 registers related to Nested Virtualization in EL2 context
save/restore routines if architecture supports it and platform wants to
use these features in Secure world.
Change-Id: If006ab83bbc2576488686f5ffdff88b91adced5c
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
|
|
Removed unused macro AARCH32 and AARCH64 from makefile
Change-Id: I6729e300f18d66dd7c6978d3bbd5a88937839c31
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
|
|
Removed '__ASSEMBLY__' deprecated macro from TF-A code
Change-Id: I9082a568b695acb5b903f509db11c8672b62d9d0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
|
|
|
|
Loop macros make it easier for developers to include new variables to
assert or define and also help code code readability on makefiles.
Change-Id: I0d21d6e67b3eca8976c4d856ac8ccc02c8bb5ffa
Signed-off-by: Leonardo Sandoval <leonardo.sandoval@linaro.org>
|
|
Although support for building fiptool on a Windows host was present,
the binary was not built when the top level makefile was invoked.
This patch makes the necessary changes to the to support building of
fiptool on a Windows host PC from the main makefile.
Change-Id: I0c01ba237fa3010a027a1b324201131210cf4d7c
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
|
|
Currently, the tool's makefile override the tool's binary name
which is already been defined in the main makefile.
Hence fix is provided so that the tool's makefile get the tool's
binary name from the main makefile instead of overriding it.
Change-Id: I8af2bd391a96bba2dbcddef711338a94ebf5f038
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
|
|
integration
|
|
SP804 TIMER is not platform specific, and current code base adds
multiple defines to use this driver. Like FVP_USE_SP804_TIMER and
FVP_VE_USE_SP804_TIMER.
This patch removes platform specific build flag and adds generic
flag `USE_SP804_TIMER` to be set to 1 by platform if needed.
Change-Id: I5ab792c189885fd1b98ddd187f3a38ebdd0baba2
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
|
|
With recently introduced dualroot CoT for SPs where they are owned
either by SiP or by Platform. SiP owned SPs index starts at SP_PKG1_ID
while Plat owned SPs index starts at SP_PKG5_ID.
This patch modifies SP makefile generator script to take CoT as an
argument and if it is "dualroot" then generates SP_PKG in order
mentioned above, otherwise generates it sequentially.
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: Iffad1131787be650a9462f6f8cc09b603cddb3b8
|
|
|
|
If the user tries to change BUILD_BASE to put the build products outside
the build tree the compile will fail due to hard coded assumptions that
$BUILD_BASE is a relative path. Fix by using $(abspath $(BUILD_BASE))
to rationalize to an absolute path every time and remove the relative
path assumptions.
This patch also adds documentation that BUILD_BASE can be specified by
the user.
Signed-off-by: Grant Likely <grant.likely@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib1af874de658484aaffc672f30029b852d2489c8
|
|
|
|
Provide manifest and build options to boot OP-TEE as a
guest S-EL1 Secure Partition on top of Hafnium in S-EL2.
Increase ARM_SP_MAX_SIZE to cope with OP-TEE debug build image.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Idd2686fa689a78fe2d05ed92b1d23c65e2edd4cb
|
|
Openssl directory path is hardcoded to '/usr' in the makefile
of certificate generation and firmware encryption tool using
'OPENSSL_DIR' variable.
Hence changes are done to make 'OPENSSL_DIR' variable as
a build option so that user can provide openssl directory
path while building the certificate generation and firmware
encryption tool.
Also, updated the document for this newly created build option
Change-Id: Ib1538370d2c59263417f5db3746d1087ee1c1339
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
|
|
Added a build option 'COT_DESC_IN_DTB' to create chain of trust
at runtime using fconf.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I92b257ac4ece8bbf56f05a41d1e4056e2422ab89
|
|
The TF-A firmware build system is capable of building on both Unix like
and Windows host PCs. The commit ID 7ff088 "Enable MTE support" updated
the Makefile to conditionally enable the MTE support if the AArch64
architecture revision was greater than 8.5. However, the Makefile changes
were dependent on shell commands that are only available on unix shells,
resulting in build failures on a Windows host PC.
This patch fixes the Makefile by using a more portable approach for
comparing the architecture revision.
Change-Id: Icb56cbecd8af5b0b9056d105970ff4a6edd1755a
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
|
|
This patch adds BRANCH_PROTECTION = 4 'bti' build option
which turns on branch target identification mechanism.
Change-Id: I32464a6b51726a100519f449a95aea5331f0e82d
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
|
|
This patch adds a build config 'RAS_TRAP_LOWER_EL_ERR_ACCESS' to set
SCR_EL3.TERR during CPU boot. This bit enables trapping RAS register
accesses from EL1 or EL2 to EL3.
RAS_TRAP_LOWER_EL_ERR_ACCESS is disabled by default.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ifb0fb0afedea7dd2a29a0b0491a1161ecd241438
|
|
* changes:
dualroot: add chain of trust for secure partitions
sptool: append cert_tool arguments.
cert_create: add SiP owned secure partitions support
|
|
Using the fconf framework, the Group 0 and Group 1 secure interrupt
descriptors are moved to device tree and retrieved in runtime. This
feature is enabled by the build flag SEC_INT_DESC_IN_FCONF.
Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
|
|
To support secure boot of SP's update cert tool arguments while
generating sp_gen.mk which in turn is consumed by build system.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I2293cee9b7c684c27d387aba18e0294c701fb1cc
|
|
This patch introduces dynamic configuration for SDEI setup and is supported
when the new build flag SDEI_IN_FCONF is enabled. Instead of using C arrays
and processing the configuration at compile time, the config is moved to
dts files. It will be retrieved at runtime during SDEI init, using the fconf
layer.
Change-Id: If5c35a7517ba00a9f258d7f3e7c8c20cee169a31
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Co-authored-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
|
|
During context switching from higher EL (EL2 or higher)
to lower EL can cause incorrect translation in TLB due to
speculative execution of AT instruction using out-of-context
translation regime.
Workaround is implemented as below during EL's (EL1 or EL2)
"context_restore" operation:
1. Disable page table walk using SCTLR.M and TCR.EPD0 & EPD1
bits for EL1 or EL2 (stage1 and stage2 disabled)
2. Save all system registers except TCR and SCTLR (for EL1 and EL2)
3. Do memory barrier operation (isb) to ensure all
system register writes are done.
4. Restore TCR and SCTLR registers (for EL1 and EL2)
Errata details are available for various CPUs as below:
Cortex-A76: 1165522
Cortex-A72: 1319367
Cortex-A57: 1319537
Cortex-A55: 1530923
Cortex-A53: 1530924
More details can be found in mail-chain:
https://lists.trustedfirmware.org/pipermail/tf-a/2020-April/000445.html
Currently, Workaround is implemented as build option which is default
disabled.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: If8545e61f782cb0c2dda7ffbaf50681c825bd2f0
|
|
Signed-off-by: Peiyuan Song <squallatf@gmail.com>
Change-Id: I97c2e6f8c12ecf828605811019d47a24293c1ebb
|
|
Change-Id: I27f7d92988fc16f68041c2ddaa8dd3a60362ddd1
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
|
|
* changes:
plat: remove redundant =1 from -D option
Pass more -D options to BL*_CPPFLAGS instead of BL*_CFLAGS
|
|
Commit d5e97a1d2c79 ("Build: define IMAGE_AT_EL1 or IMAGE_AT_EL3
globally for C files") does not have commit 848a7e8ce1d9 ("Build:
introduce per-BL CPPFLAGS and ASFLAGS") as an ancestor because
they were pulled almost at the same time.
This is a follow-up conversion to be consistent with commit
11a3c5ee7325 ("plat: pass -D option to BL*_CPPFLAGS instead of
BL*_CFLAGS").
With this change, the command line option, IMAGE_AT_EL3, will be
passed to .S files as well.
I remove the definition in include/lib/cpus/aarch64/cpu_macros.S
Otherwise, the following error would happen.
include/lib/cpus/aarch64/cpu_macros.S:29:0: error: "IMAGE_AT_EL3" redefined [-Werror]
Change-Id: I943c8f22356483c2ae3c57b515c69243a8fa6889
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
|
|
Add Crypto 713 support as crypto module and NVM counter provider.
As files under include/drivers/arm/cryptocell/713/ are copied verbatim
from the CryptoCell SBROM lib project they are filtered from checkpatch
coding style check.
Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Change-Id: I7c361772f00ca7d96481f81ac6cbb2704467e52c
|
|
Enable MTE support by adding memory tag option in Makefile
This option is available only when ARMv8.5-MemTag is implemented
MTE options are added in latest clang and armclang compiler which
support below options:
for clang <version 11.0.0>
1. -march=arm8.5-a+memtag
2. -fsanitize=memtag
for armclang <version 6.12>
1. -march=arm8.5-a+memtag
2. -mmemtag-stack
Set the option SUPPORT_STACK_MEMTAG=yes to enable memory stack tagging.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I4e0bbde4e9769ce03ead6f550158e22f32c1c413
|
|
integration
|
|
Unless specified in the environment, $(CC) expands to some generic
host C compiler like cc or c99. We set our own value for $(CC), but
only few lines later.
Move the first use of the $(CC) variable behind the definition to
correct this.
Change-Id: I45344e063d21ddfe22b7ad77954e85c1c46087bd
Fixes: 1684b8733 ("Use clang assembler when clang compiler is used")
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
|
|
The build system defines the IMAGE_BL* macro when compiling each image.
This is useful to distinguish which image the current file is being
built for by using #if defined(IMAGE_BL2) or #if defined(IMAGE_BL31),
or whatever.
There are some cases where we are more interested in which exception
level the current file is being built for.
include/lib/cpus/{aarch32,aarch64}/cpu_macros.S defines IMAGE_AT_EL3,
but we do not have it globally.
Pass IMAGE_AT_EL1 or IMAGE_AT_EL3 to BL*_CFLAGS so that it is available
from all C code.
The library code (libc.a, libmbedtls.a, etc.) is exceptional cases,
where the code can be shared between BL images.
Other than that, we know the exception level at the build time, and
this macro will be useful in the shared code.
Change-Id: I7c8a1da10726906adfba981cfe8464dff111d6b0
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
|
|
This patch provides support for measured boot by adding calculation
of BL2 image hash in BL1 and writing these data in TB_FW_CONFIG DTB.
Change-Id: Ic074a7ed19b14956719c271c805b35d147b7cec1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
|
|
|
|
When SPD=spmd and SPMD_SPM_AT_SEL2=0, that is SPMC sits at S-EL1
then there is no need for TF-A to load secure partitions individually.
In this configuration, SPMC handles secure partition loading at
S-EL1/EL0 levels.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I06a0d88a4811274a8c347ce57b56bb5f64e345df
|
|
Merge the previously introduced arm_fconf_io_storage into arm_io_storage. This
removes the duplicate io_policies and functions definition.
This patch:
- replace arm_io_storage.c with the content of arm_fconf_io_storage.c
- rename the USE_FCONF_BASED_IO option into ARM_IO_IN_DTB.
- use the ARM_IO_IN_DTB option to compile out io_policies moved in dtb.
- propagate DEFINES when parsing dts.
- use ARM_IO_IN_DTB to include or not uuid nodes in fw_config dtb.
- set the ARM_IO_IN_DTB to 0 by default for fvp. This ensure that the behavior
of fvp stays the same as it was before the introduction of fconf.
Change-Id: Ia774a96d1d3a2bccad29f7ce2e2b4c21b26c080e
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
|
|
Necessary infrastructure added to integrate fconf framework in BL31 & SP_MIN.
Created few populator() functions which parse HW_CONFIG device tree
and registered them with fconf framework. Many of the changes are
only applicable for fvp platform.
This patch:
1. Adds necessary symbols and sections in BL31, SP_MIN linker script
2. Adds necessary memory map entry for translation in BL31, SP_MIN
3. Creates an abstraction layer for hardware configuration based on
fconf framework
4. Adds necessary changes to build flow (makefiles)
5. Minimal callback to read hw_config dtb for capturing properties
related to GIC(interrupt-controller node)
6. updates the fconf documentation
Change-Id: Ib6292071f674ef093962b9e8ba0d322b7bf919af
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
|
|
Following build flags have been added to support optional firmware
encryption:
- FW_ENC_STATUS: Top level firmware's encryption numeric flag, values:
0: Encryption is done with Secret Symmetric Key (SSK) which is
common for a class of devices.
1: Encryption is done with Binding Secret Symmetric Key (BSSK) which
is unique per device.
- ENC_KEY: A 32-byte (256-bit) symmetric key in hex string format. It
could be SSK or BSSK depending on FW_ENC_STATUS flag.
- ENC_NONCE: A 12-byte (96-bit) encryption nonce or Initialization Vector
(IV) in hex string format.
- ENCRYPT_BL31: Binary flag to enable encryption of BL31 firmware.
- ENCRYPT_BL32: Binary flag to enable encryption of Secure BL32 payload.
Similar flags can be added to encrypt other firmwares as well depending
on use-cases.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I94374d6830ad5908df557f63823e58383d8ad670
|
|
Add firmware authenticated encryption tool which utilizes OpenSSL
library to encrypt firmwares using a key provided via cmdline. Currently
this tool supports AES-GCM as an authenticated encryption algorithm.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I60e296af1b98f1912a19d5f91066be7ea85836e4
|