aboutsummaryrefslogtreecommitdiff
path: root/common
AgeCommit message (Collapse)Author
2020-10-18Merge "Increase type widths to satisfy width requirements" into integrationJoanna Farley
2020-10-12Increase type widths to satisfy width requirementsJimmy Brisson
Usually, C has no problem up-converting types to larger bit sizes. MISRA rule 10.7 requires that you not do this, or be very explicit about this. This resolves the following required rule: bl1/aarch64/bl1_context_mgmt.c:81:[MISRA C-2012 Rule 10.7 (required)]<None> The width of the composite expression "0U | ((mode & 3U) << 2U) | 1U | 0x3c0U" (32 bits) is less that the right hand operand "18446744073709547519ULL" (64 bits). This also resolves MISRA defects such as: bl2/aarch64/bl2arch_setup.c:18:[MISRA C-2012 Rule 12.2 (required)] In the expression "3U << 20", shifting more than 7 bits, the number of bits in the essential type of the left expression, "3U", is not allowed. Further, MISRA requires that all shifts don't overflow. The definition of PAGE_SIZE was (1U << 12), and 1U is 8 bits. This caused about 50 issues. This fixes the violation by changing the definition to 1UL << 12. Since this uses 32bits, it should not create any issues for aarch32. This patch also contains a fix for a build failure in the sun50i_a64 platform. Specifically, these misra fixes removed a single and instruction, 92407e73 and x19, x19, #0xffffffff from the cm_setup_context function caused a relocation in psci_cpus_on_start to require a linker-generated stub. This increased the size of the .text section and caused an alignment later on to go over a page boundary and round up to the end of RAM before placing the .data section. This sectionn is of non-zero size and therefore causes a link error. The fix included in this reorders the functions during link time without changing their ording with respect to alignment. Change-Id: I76b4b662c3d262296728a8b9aab7a33b02087f16 Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
2020-10-09Don't return error information from console_flushJimmy Brisson
And from crash_console_flush. We ignore the error information return by console_flush in _every_ place where we call it, and casting the return type to void does not work around the MISRA violation that this causes. Instead, we collect the error information from the driver (to avoid changing that API), and don't return it to the caller. Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1 Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
2020-10-07fdt: Fix coverity complaint about 32-bit multiplicationAndre Przywara
Coverity raised an eyebrow over our GICR frame size calculation: ======== CID 362942: Integer handling issues (OVERFLOW_BEFORE_WIDEN) Potentially overflowing expression "nr_cores * gicr_frame_size" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned). ======== Even with a GICv4 (256KB frame size) we need 16384 cores to overflow 32-bit, so it's not a practical issue. But it's also easy to fix, so let's just do that: cast gicr_frame_size to an unsigned 64-bit integer, so that the multiplication is done in the 64-bit realm. Change-Id: Iad10e19b9e58d5fbf9d13205fbcef0aac5ae48af Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2020-09-30Merge changes from topic "stm32_exceptions" into integrationManish Pandey
* changes: stm32mp1: correct crash console GPIO alternate configuration stm32mp1: add plat_panic_handler function stm32mp1: update plat_report_exception Align AARCH32 version of debug.S with AARCH64
2020-09-29fdt: Add function to adjust GICv3 redistributor sizeAndre Przywara
We now have code to detect the CPU topology at runtime, and can also populate the CPU nodes in a devicetree accordingly. This is used by the ARM FPGA port, for instance. But also a GICv3 compatible interrupt controller provides MMIO frames per core, so the size of this region needs to be adjusted in the DT, to match the number of cores as well. Provide a generic function to find the GICv3 interrupt controller in the DT, then adjust the "reg" entry to match the number of detected cores. Since the size of the GICR frame per cores differs between GICv4 and GICv3, this size is supplied as a parameter to the function. The caller should determine the applicable value by either hardcoding it or by observing GICR_TYPER.VLPIS. Change-Id: Ic2a6445c2c5381a36bf24263f52fcbefad378c05 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2020-09-21Align AARCH32 version of debug.S with AARCH64Yann Gautier
Re-order code (put panic and report_exception at the end of the file). Export asm_print_* functions. Add asm_print_line_dec macro, and asm_print_newline func. Align comments in both AARCH32 and AARCH64 files. Add blank lines in AARCH64 files to align with AARCH32. Change-Id: I8e299a27c1390f71f04e260cd4a0e59b2384eb19 Signed-off-by: Yann Gautier <yann.gautier@st.com>
2020-09-01Add support to export a /cpus node to the device tree.Javier Almansa Sobrino
This patch creates and populates the /cpus node in a device tree based on the existing topology. It uses the minimum required nodes and properties to satisfy the binding as specified in https://www.kernel.org/doc/Documentation/devicetree/bindings/arm/cpus.txt Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com> Change-Id: I03bf4e9a6427da0a3b8ed013f93d7bc43b5c4df0
2020-08-18Add wrapper for AT instructionManish V Badarkhe
In case of AT speculative workaround applied, page table walk is disabled for lower ELs (EL1 and EL0) in EL3. Hence added a wrapper function which temporarily enables page table walk to execute AT instruction for lower ELs and then disables page table walk. Execute AT instructions directly for lower ELs (EL1 and EL0) assuming page table walk is enabled always when AT speculative workaround is not applied. Change-Id: I4ad4c0bcbb761448af257e9f72ae979473c0dde8 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2020-05-20plat/fvp: Support for extracting UART serial node info from DTMadhukar Pappireddy
This patch introduces the populate function which leverages a new driver to extract base address and clk frequency properties of the uart serial node from HW_CONFIG device tree. This patch also introduces fdt helper API fdtw_translate_address() which helps in performing address translation. Change-Id: I053628065ebddbde0c9cb3aa93d838619f502ee3 Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
2020-05-13SPMD: extract SPMC DTB header size from SPMDOlivier Deprez
Currently BL2 passes TOS_FW_CONFIG address and size through registers to BL31. This corresponds to SPMC manifest load address and size. The SPMC manifest is mapped in BL31 by dynamic mapping. This patch removes BL2 changes from generic code (which were enclosed by SPD=spmd) and retrieves SPMC manifest size directly from within SPMD. The SPMC manifest load address is still passed through a register by generic code. Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I35c5abd95c616ae25677302f0b1d0c45c51c042f
2020-05-05fdt/wrappers: Introduce code to find UART DT nodeAndre Przywara
The stdout-path property in the /chosen node of a DTB points to a device node, which is used for boot console output. On most (if not all) ARM based platforms this is the debug UART. The ST platform code contains a function to parse this property and chase down eventual aliases to learn the node offset of this UART node. Introduce a slightly more generalised version of this ST platform function in the generic fdt_wrappers code. This will be useful for other platforms as well. Change-Id: Ie6da47ace7833861b5e35fe8cba49835db3659a5 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2020-05-05plat/stm32: Use generic fdt_get_reg_props_by_name()Andre Przywara
The STM32 platform port parse DT nodes to find base address to peripherals. It does this by using its own implementation, even though this functionality is generic and actually widely useful outside of the STM32 code. Re-implement fdt_get_reg_props_by_name() on top of the newly introduced fdt_get_reg_props_by_index() function, and move it to fdt_wrapper.c. This is removes the assumption that #address-cells and #size-cells are always one. Change-Id: I6d584930262c732b6e0356d98aea50b2654f789d Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2020-04-30arm: fconf: Fix GICv3 dynamic configurationAndre Przywara
At the moment the fconf_populate_gicv3_config() implementation is somewhat incomplete: First it actually fails to store the retrieved information (the local addr[] array is going nowhere), but also it makes quite some assumptions about the device tree passed to it: it needs to use two address-cells and two size-cells, and also requires all five register regions to be specified, where actually only the first two are mandatory according to the binding (and needed by our code). Fix this by introducing a proper generic function to retrieve "reg" property information from a DT node: We retrieve the #address-cells and #size-cells properties from the parent node, then use those to extract the right values from the "reg" property. The function takes an index to select one region of a reg property. This is loosely based on the STM32 implementation using "reg-names", which we will subsume in a follow-up patch. Change-Id: Ia59bfdf80aea4e36876c7b6ed4d153e303f482e8 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2020-04-29plat/stm32: Implement fdt_read_uint32_default() as a wrapperAndre Przywara
The STM32 platform code uses its own set of FDT helper functions, although some of them are fairly generic. Remove the implementation of fdt_read_uint32_default() and implement it on top of the newly introduced fdt_read_uint32() function, then convert all users over. This also fixes two callers, which were slightly abusing the "default" semantic. Change-Id: I570533362b4846e58dd797a92347de3e0e5abb75 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2020-04-29fdt/wrappers: Replace fdtw_read_cells() implementationAndre Przywara
Our fdtw_read_cells() implementation goes to great lengths to sanity-check every parameter and result, but leaves a big hole open: The size of the storage the value pointer points at needs to match the number of cells given. This can't be easily checked at compile time, since we lose the size information by using a void pointer. Regardless the current usage of this function is somewhat wrong anyways, since we use it on single-element, fixed-length properties only, for which the DT binding specifies the size. Typically we use those functions dealing with a number of cells in DT context to deal with *dynamically* sized properties, which depend on other properties (#size-cells, #clock-cells, ...), to specify the number of cells needed. Another problem with the current implementation is the use of ambiguously sized types (uintptr_t, size_t) together with a certain expectation about their size. In general there is no relation between the length of a DT property and the bitness of the code that parses the DTB: AArch64 code could encounter 32-bit addresses (where the physical address space is limited to 4GB [1]), while AArch32 code could read 64-bit sized properties (/memory nodes on LPAE systems, [2]). To make this more clear, fix the potential issues and also align more with other DT users (Linux and U-Boot), introduce functions to explicitly read uint32 and uint64 properties. As the other DT consumers, we do this based on the generic "read array" function. Convert all users to use either of those two new functions, and make sure we never use a pointer to anything other than uint32_t or uint64_t variables directly. This reveals (and fixes) a bug in plat_spmd_manifest.c, where we write 4 bytes into a uint16_t variable (passed via a void pointer). Also we change the implementation of the function to better align with other libfdt users, by using the right types (fdt32_t) and common variable names (*prop, prop_names). [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi#n874 [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/boot/dts/ecx-2000.dts Change-Id: I718de960515117ac7a3331a1b177d2ec224a3890 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2020-04-28fdt/wrappers: Generalise fdtw_read_array()Andre Przywara
Currently our fdtw_read_array() implementation requires the length of the property to exactly match the requested size, which makes it less flexible for parsing generic device trees. Also the name is slightly misleading, since we treat the cells of the array as 32 bit unsigned integers, performing the endianess conversion. To fix those issues and align the code more with other DT users (Linux kernel or U-Boot), rename the function to "fdt_read_uint32_array", and relax the length check to only check if the property covers at least the number of cells we request. This also changes the variable names to be more in-line with other DT users, and switches to the proper data types. This makes this function more useful in later patches. Change-Id: Id86f4f588ffcb5106d4476763ecdfe35a735fa6c Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2020-04-01Add support to pass the nt_fw_config DTB to OP-TEE.Javier Almansa Sobrino
At the moment, OP-TEE has no support to receive a DTB in Secure Memory so it cannot receive TOS_FW_CONFIG_ID as it is supposed to happen on any BL32 image. Instead, when OP-TEE is enable as BL32 payload, NT_FW_CONFIG_ID is passed. This MUST be reverted as soon as OP-TEE has support for receiving DTBs from Secure Memory. Change-Id: I9a873f42e94f2f99a60b638333e7afba1505aec9 Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
2020-03-06Fix crash dump for lower ELAlexei Fedorov
This patch provides a fix for incorrect crash dump data for lower EL when TF-A is built with HANDLE_EA_EL3_FIRST=1 option which enables routing of External Aborts and SErrors to EL3. Change-Id: I9d5e6775e6aad21db5b78362da6c3a3d897df977 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
2020-02-11Merge changes from topic "lm/fconf" into integrationSandrine Bailleux
* changes: arm-io: Panic in case of io setup failure MISRA fix: Use boolean essential type fconf: Add documentation fconf: Move platform io policies into fconf fconf: Add mbedtls shared heap as property fconf: Add TBBR disable_authentication property fconf: Add dynamic config DTBs info as property fconf: Populate properties from dtb during bl2 setup fconf: Load config dtb from bl1 fconf: initial commit
2020-02-11Merge changes from topic "spmd" into integrationOlivier Deprez
* changes: SPMD: enable SPM dispatcher support SPMD: hook SPMD into standard services framework SPMD: add SPM dispatcher based upon SPCI Beta 0 spec SPMD: add support to run BL32 in TDRAM and BL31 in secure DRAM on Arm FVP SPMD: add support for an example SPM core manifest SPMD: add SPCI Beta 0 specification header file
2020-02-10Merge "coverity: Fix MISRA null pointer violations" into integrationMark Dykes
2020-02-10SPMD: add support for an example SPM core manifestAchin Gupta
This patch repurposes the TOS FW configuration file as the manifest for the SPM core component which will reside at the secure EL adjacent to EL3. The SPM dispatcher component will use the manifest to determine how the core component must be initialised. Routines and data structure to parse the manifest have also been added. Signed-off-by: Achin Gupta <achin.gupta@arm.com> Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Change-Id: Id94f8ece43b4e05609f0a1d364708a912f6203cb
2020-02-07Make PAC demangling more genericAlexei Fedorov
At the moment, address demangling is only used by the backtrace functionality. However, at some point, other parts of the TF-A codebase may want to use it. The 'demangle_address' function is replaced with a single XPACI instruction which is also added in 'do_crash_reporting()'. Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com> Change-Id: I4424dcd54d5bf0a5f9b2a0a84c4e565eec7329ec
2020-02-07fconf: Add TBBR disable_authentication propertyLouis Mayencourt
Use fconf to retrieve the `disable_authentication` property. Move this access from arm dynamic configuration to bl common. Change-Id: Ibf184a5c6245d04839222f5457cf5e651f252b86 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
2020-02-05coverity: Fix MISRA null pointer violationsZelalem
Fix code that violates the MISRA rule: MISRA C-2012 Rule 11.9: Literal "0" shall not be used as null pointer constant. The fix explicitly checks whether a pointer is NULL. Change-Id: Ibc318dc0f464982be9a34783f24ccd1d44800551 Signed-off-by: Zelalem <zelalem.aweke@arm.com>
2020-02-03FDT wrappers: add functions for read/write bytesAlexei Fedorov
This patch adds 'fdtw_read_bytes' and 'fdtw_write_inplace_bytes' functions for read/write array of bytes from/to a given property. It also adds 'fdt_setprop_inplace_namelen_partial' to jmptbl.i files for builds with USE_ROMLIB=1 option. Change-Id: Ied7b5c8b38a0e21d508aa7bcf5893e656028b14d Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
2020-01-22FDT helper functions: Fix MISRA issuesAndre Przywara
Moving the FDT helper functions to the common/ directory exposed the file to MISRA checking, which is mandatory for common code. Fix the complaints that the test suite reported. Change-Id: Ica8c8a95218bba5a3fd92a55407de24df58e8476 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2019-11-14Refactor load_auth_image_internal().Sandrine Bailleux
The pre-processor directives make it hard to read the non-TBB version of this function. Refactor the code to improve readability. No functional change introduced. In particular, introduce a new helper function load_image_flush(), that simply loads an image and flushes it out to main memory. This is the only thing load_auth_image_internal() needs to do when TBB is disabled or when authentication is dynamically disabled. In other cases, we need to recursively authenticate the parent images up to the root of trust. To make this clearer, this code gets moved to a TBB-specific helper function called load_auth_image_recursive(). As a result, load_auth_image_internal() now boils down to calling the right helper function (depending on TBB enablement and dynamic authentication status). Change-Id: I20a39a3b833810b97ecf4219358e7d2cac263890 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2019-09-25FDT helper functions: Respect architecture in PSCI function IDsAndre Przywara
PSCI uses different function IDs for CPU_SUSPEND and CPU_ON, depending on the architecture used (AArch64 or AArch32). For recent PSCI versions the client will determine the right version, but for PSCI v0.1 we need to put some ID in the DT node. At the moment we always add the 64-bit IDs, which is not correct if TF-A is built for AArch32. Use the function IDs matching the TF-A build architecture, for the two IDs where this differs. This only affects legacy OSes using PSCI v0.1. On the way remove the sys_poweroff and sys_reset properties, which were never described in the official PSCI DT binding. Change-Id: If77bc6daec215faeb2dc67112e765aacafd17f33 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2019-09-25FDT helper functions: Add function documentationAndre Przywara
Since we moved some functions that amend a DT blob in memory to common code, let's add proper function documentation. This covers the three exported functions in common/fdt_fixup.c. Change-Id: I67d7d27344e62172c789d308662f78d54903cf57 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2019-09-16Merge changes from topic "raspberry-pi-4-support" into integrationSandrine Bailleux
* changes: Add fdt_add_reserved_memory() helper function qemu: Move and generalise FDT PSCI fixup
2019-09-13Add fdt_add_reserved_memory() helper functionAndre Przywara
If a firmware component like TF-A reserves special memory regions for its own or secure payload services, it should announce the location and size of those regions to the non-secure world. This will avoid disappointment when some rich OS tries to acccess this memory, which will likely end in a crash. The traditional way of advertising reserved memory using device tree is using the special memreserve feature of the device tree blob (DTB). However by definition those regions mentioned there do not prevent the rich OS to map this memory, which may lead to speculative accesses to this memory and hence spurious bus errors. A safer way of carving out memory is to use the /reserved-memory node as part of the normal DT structure. Besides being easier to setup, this also defines an explicit "no-map" property to signify the secure-only nature of certain memory regions, which avoids the rich OS to accidentally step on it. Add a helper function to allow platform ports to easily add a region. Change-Id: I2b92676cf48fd3bdacda05b5c6b1c7952ebed68c Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2019-09-13qemu: Move and generalise FDT PSCI fixupAndre Przywara
The QEMU platform port scans its device tree to advertise PSCI as the CPU enable method. It does this by scanning *every* node in the DT and check whether its compatible string starts with "arm,cortex-a". Then it sets the enable-method to PSCI, if it doesn't already have one. Other platforms might want to use this functionality as well, so let's move it out of the QEMU platform directory and make it more robust by fixing some shortcomings: - A compatible string starting with a certain prefix is not a good way to find the CPU nodes. For instance a "arm,cortex-a72-pmu" node will match as well and is in turn favoured with an enable-method. - If the DT already has an enable-method, we won't change this to PSCI. Those two issues will for instance fail on the Raspberry Pi 4 DT. To fix those problems, we adjust the scanning method: The DT spec says that all CPU nodes are subnodes of the mandatory /cpus node, which is a subnode of the root node. Also each CPU node has to have a device_type = "cpu" property. So we find the /cpus node, then scan for a subnode with the proper device_type, forcing the enable-method to "psci". We have to restart this search after a property has been patched, as the node offsets might have changed meanwhile. This allows this routine to be reused for the Raspberry Pi 4 later. Change-Id: I00cae16cc923d9f8bb96a9b2a2933b9a79b06139 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2019-09-13Refactor ARMv8.3 Pointer Authentication support codeAlexei Fedorov
This patch provides the following features and makes modifications listed below: - Individual APIAKey key generation for each CPU. - New key generation on every BL31 warm boot and TSP CPU On event. - Per-CPU storage of APIAKey added in percpu_data[] of cpu_data structure. - `plat_init_apiakey()` function replaced with `plat_init_apkey()` which returns 128-bit value and uses Generic timer physical counter value to increase the randomness of the generated key. The new function can be used for generation of all ARMv8.3-PAuth keys - ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`. - New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively; pauth_disable_el1()` and `pauth_disable_el3()` functions disable PAuth for EL1 and EL3 respectively; `pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from cpu-data structure. - Combined `save_gp_pauth_registers()` function replaces calls to `save_gp_registers()` and `pauth_context_save()`; `restore_gp_pauth_registers()` replaces `pauth_context_restore()` and `restore_gp_registers()` calls. - `restore_gp_registers_eret()` function removed with corresponding code placed in `el3_exit()`. - Fixed the issue when `pauth_t pauth_ctx` structure allocated space for 12 uint64_t PAuth registers instead of 10 by removal of macro CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h` and assigning its value to CTX_PAUTH_REGS_END. - Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions in `msr spsel` instruction instead of hard-coded values. - Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI. Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
2019-08-29Move assembly newline function into common debug codeJustin Chadwell
Printing a newline is a relatively common functionality for code to want to do. Therefore, this patch now moves this function into a common part of the code that anyone can use. Change-Id: I2cad699fde00ef8d2aabf8bf35742ddd88d090ba Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
2019-08-15AArch64: Align crash reporting outputAlexei Fedorov
This patch modifies crash reporting for AArch64 to provide aligned output of register dump and GIC registers. Change-Id: I8743bf1d2d6d56086e735df43785ef28051c5fc3 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
2019-08-01Switch AARCH32/AARCH64 to __aarch64__Julius Werner
NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__. All common C compilers pre-define the same macros to signal which architecture the code is being compiled for: __arm__ for AArch32 (or earlier versions) and __aarch64__ for AArch64. There's no need for TF-A to define its own custom macros for this. In order to unify code with the export headers (which use __aarch64__ to avoid another dependency), let's deprecate the AARCH32 and AARCH64 macros and switch the code base over to the pre-defined standard macro. (Since it is somewhat unintuitive that __arm__ only means AArch32, let's standardize on only using __aarch64__.) Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200 Signed-off-by: Julius Werner <jwerner@chromium.org>
2019-07-25Merge changes I0d17ba6c,I540741d2,I9e6475ad,Ifd769320,I12c04a85, ... into ↵Soby Mathew
integration * changes: plat/mediatek/mt81*: Use new bl31_params_parse() helper plat/rockchip: Use new bl31_params_parse_helper() Add helper to parse BL31 parameters (both versions) Factor out cross-BL API into export headers suitable for 3rd party code Use explicit-width data types in AAPCS parameter structs plat/rockchip: Switch to use new common BL aux parameter library Introduce lightweight BL platform parameter library
2019-07-23Add helper to parse BL31 parameters (both versions)Julius Werner
BL31 used to take a single bl31_params_t parameter structure with entry point information in arg0. In commit 726002263 (Add new version of image loading.) this API was changed to a more flexible linked list approach, and the old parameter structure was copied into all platforms that still used the old format. This duplicated code unnecessarily among all these platforms. This patch adds a helper function that platforms can optionally link to outsource the task of interpreting arg0. Many platforms are just interested in the BL32 and BL33 entry point information anyway. Since some platforms still need to support the old version 1 parameters, the helper will support both formats when ERROR_DEPRECATED == 0. This allows those platforms to drop a bunch of boilerplate code and asynchronously update their BL2 implementation to the newer format. Change-Id: I9e6475adb1a7d4bccea666118bd1c54962e9fc38 Signed-off-by: Julius Werner <jwerner@chromium.org>
2019-07-17Merge "backtrace: Strip PAC field when PAUTH is enabled" into integrationSoby Mathew
2019-07-17backtrace: Strip PAC field when PAUTH is enabledLouis Mayencourt
When pointer authentication is enabled, the LR value saved on the stack contains a Pointer Authentication Code (PAC). It must be stripped to retrieve the return address. The PAC field is stored on the high bits of the address and defined as: - PAC field = Xn[54:bottom_PAC_bit], when address tagging is used. - PAC field = Xn[63:56, 54:bottom_PAC_bit], without address tagging. With bottom_PAC_bit = 64 - TCR_ELx.TnSZ Change-Id: I21d804e58200dfeca1da4c2554690bed5d191936 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
2019-07-10Remove references to old project name from common filesJohn Tsichritzis
The project has been renamed from "Arm Trusted Firmware (ATF)" to "Trusted Firmware-A (TF-A)" long ago. A few references to the old project name that still remained in various places have now been removed. This change doesn't affect any platform files. Any "ATF" references inside platform files, still remain. Change-Id: Id97895faa5b1845e851d4d50f5750de7a55bf99e Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
2019-03-01Correctly check for support of Address AuthenticationAntonio Nino Diaz
Check for both IMPLEMENTATION_DEFINED and Architected algorithms of Address Authentication. Change-Id: I209dcc6087172cfef7baf8d09e0454628f02cbd0 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2019-02-27Add support for pointer authenticationAntonio Nino Diaz
The previous commit added the infrastructure to load and save ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but didn't actually enable pointer authentication in the firmware. This patch adds the functionality needed for platforms to provide authentication keys for the firmware, and a new option (ENABLE_PAUTH) to enable pointer authentication in the firmware itself. This option is disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be enabled. Change-Id: I35127ec271e1198d43209044de39fa712ef202a5 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2019-01-31Remove dead code related to LOAD_IMAGE_V2=0Sandrine Bailleux
Commit ed51b51f7a9163a ("Remove build option LOAD_IMAGE_V2") intended to remove all code related to LOAD_IMAGE_V2=0 but missed a few things. Change-Id: I16aaf52779dd4af1e134e682731328c5f1e5d622 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2019-01-30Remove support for the SMC Calling Convention 2.0Antonio Nino Diaz
This reverts commit 2f370465241c ("Add support for the SMC Calling Convention 2.0"). SMCCC v2.0 is no longer required for SPM, and won't be needed in the future. Removing it makes the SMC handling code less complicated. The SPM implementation based on SPCI and SPRT was using it, but it has been adapted to SMCCC v1.0. Change-Id: I36795b91857b2b9c00437cfbfed04b3c1627f578 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2019-01-23plat/arm: Save BL2 descriptors to reserved memory.Sathees Balya
On ARM platforms, the BL2 memory can be overlaid by BL31/BL32. The memory descriptors describing the list of executable images are created in BL2 R/W memory, which could be possibly corrupted later on by BL31/BL32 due to overlay. This patch creates a reserved location in SRAM for these descriptors and are copied over by BL2 before handing over to next BL image. Also this patch increases the PLAT_ARM_MAX_BL2_SIZE for juno when TBBR is enabled. Fixes ARM-Software/tf-issues#626 Change-Id: I755735706fa702024b4032f51ed4895b3687377f Signed-off-by: Sathees Balya <sathees.balya@arm.com>
2019-01-15Correct typographical errorsPaul Beesley
Corrects typos in core code, documentation files, drivers, Arm platforms and services. None of the corrections affect code; changes are limited to comments and other documentation. Change-Id: I5c1027b06ef149864f315ccc0ea473e2a16bfd1d Signed-off-by: Paul Beesley <paul.beesley@arm.com>
2019-01-04Sanitise includes across codebaseAntonio Nino Diaz
Enforce full include path for includes. Deprecate old paths. The following folders inside include/lib have been left unchanged: - include/lib/cpus/${ARCH} - include/lib/el3_runtime/${ARCH} The reason for this change is that having a global namespace for includes isn't a good idea. It defeats one of the advantages of having folders and it introduces problems that are sometimes subtle (because you may not know the header you are actually including if there are two of them). For example, this patch had to be created because two headers were called the same way: e0ea0928d5b7 ("Fix gpio includes of mt8173 platform to avoid collision."). More recently, this patch has had similar problems: 46f9b2c3a282 ("drivers: add tzc380 support"). This problem was introduced in commit 4ecca33988b9 ("Move include and source files to logical locations"). At that time, there weren't too many headers so it wasn't a real issue. However, time has shown that this creates problems. Platforms that want to preserve the way they include headers may add the removed paths to PLAT_INCLUDES, but this is discouraged. Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>