path: root/docs/firmware-design.rst
AgeCommit message (Collapse)Author
2019-05-21doc: Move documents into subdirectoriesPaul Beesley
This change creates the following directories under docs/ in order to provide a grouping for the content: - components - design - getting_started - perf - process In each of these directories an index.rst file is created and this serves as an index / landing page for each of the groups when the pages are compiled. Proper layout of the top-level table of contents relies on this directory/index structure. Without this patch it is possible to build the documents correctly with Sphinx but the output looks messy because there is no overall hierarchy. Change-Id: I3c9f4443ec98571a56a6edf775f2c8d74d7f429f Signed-off-by: Paul Beesley <paul.beesley@arm.com>
2019-04-25Doc: Update link to TBBR-CLIENT specificationSandrine Bailleux
Change-Id: Iafa79b6f7891d3eebec9908a8f7725131202beb3 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2019-03-18Declare PAuth for Secure world as experimentalAlexei Fedorov
Declare ENABLE_PAUTH and CTX_INCLUDE_PAUTH_REGS build options as experimental. Pointer Authentication is enabled for Non-secure world irrespective of the value of these build flags if the CPU supports it. The patch also fixes the description of fiptool 'help' command. Change-Id: I46de3228fbcce774a2624cd387798680d8504c38 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
2019-03-12Allow setting compiler's target architectureAlexei Fedorov
Change-Id: I56ea088f415bdb9077c385bd3450ff4b2cfa2eac Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
2019-03-06Remove todo from example codePaul Beesley
Keeping that in the docs is a bit untidy Change-Id: Ia95246208cee48df1536b4317a8c896ab2c84fc2 Signed-off-by: Paul Beesley <paul.beesley@arm.com>
2019-02-28Minor changes to documentation and commentsAntonio Nino Diaz
Fix some typos and clarify some sentences. Change-Id: Id276d1ced9a991b4eddc5c47ad9a825e6b29ef74 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2019-02-27Add support for pointer authenticationAntonio Nino Diaz
The previous commit added the infrastructure to load and save ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but didn't actually enable pointer authentication in the firmware. This patch adds the functionality needed for platforms to provide authentication keys for the firmware, and a new option (ENABLE_PAUTH) to enable pointer authentication in the firmware itself. This option is disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be enabled. Change-Id: I35127ec271e1198d43209044de39fa712ef202a5 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2019-02-27Add ARMv8.3-PAuth registers to CPU contextAntonio Nino Diaz
ARMv8.3-PAuth adds functionality that supports address authentication of the contents of a register before that register is used as the target of an indirect branch, or as a load. This feature is supported only in AArch64 state. This feature is mandatory in ARMv8.3 implementations. This feature adds several registers to EL1. A new option called CTX_INCLUDE_PAUTH_REGS has been added to select if the TF needs to save them during Non-secure <-> Secure world switches. This option must be enabled if the hardware has the registers or the values will be leaked during world switches. To prevent leaks, this patch also disables pointer authentication in the Secure world if CTX_INCLUDE_PAUTH_REGS is 0. Any attempt to use it will be trapped in EL3. Change-Id: I27beba9907b9a86c6df1d0c5bf6180c972830855 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2019-02-20Merge pull request #1832 from jts-arm/docsAntonio Niño Díaz
docs: Document romlib design
2019-02-19docs: Document romlib designSathees Balya
Change-Id: I2b75be16f452a8ab7c2445ccd519fb057a135812 Co-authored-by: John Tsichritzis <john.tsichritzis@arm.com> Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
2019-02-19docs: Update documentation about ARMv8.2-TTCNPAntonio Nino Diaz
Commit 2559b2c8256f ("xlat v2: Dynamically detect need for CnP bit") modified the code to convert the compile-time check for ARMv8.2-TTCNP to a runtime check, but forgot to update the documentation associated to it. Change-Id: I6d33a4de389d976dbdcce65d8fdf138959530669 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2019-02-08Doc: Remove useless escape charactersSandrine Bailleux
Just like has been done in the porting guide a couple of patches earlier, kill all escaped underscore characters in all documents. Change-Id: I7fb5b806412849761d9221a6ce3cbd95ec43d611 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2019-02-08Miscellaneous doc fixes/enhancementsSandrine Bailleux
Change-Id: I915303cea787d9fb188428b98ac6cfc610cc4470 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2019-01-23plat/arm: Save BL2 descriptors to reserved memory.Sathees Balya
On ARM platforms, the BL2 memory can be overlaid by BL31/BL32. The memory descriptors describing the list of executable images are created in BL2 R/W memory, which could be possibly corrupted later on by BL31/BL32 due to overlay. This patch creates a reserved location in SRAM for these descriptors and are copied over by BL2 before handing over to next BL image. Also this patch increases the PLAT_ARM_MAX_BL2_SIZE for juno when TBBR is enabled. Fixes ARM-Software/tf-issues#626 Change-Id: I755735706fa702024b4032f51ed4895b3687377f Signed-off-by: Sathees Balya <sathees.balya@arm.com>
2019-01-15Correct typographical errorsPaul Beesley
Corrects typos in core code, documentation files, drivers, Arm platforms and services. None of the corrections affect code; changes are limited to comments and other documentation. Change-Id: I5c1027b06ef149864f315ccc0ea473e2a16bfd1d Signed-off-by: Paul Beesley <paul.beesley@arm.com>
2018-11-26docs: Add Exception Handling Framework documentationJeenu Viswambharan
Change-Id: I77d38758d18ba6dda1652b1b1e644fbfb14386cc Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2018-10-16AArch64: Enable lower ELs to use pointer authenticationJeenu Viswambharan
Pointer authentication is an Armv8.3 feature that introduces instructions that can be used to authenticate and verify pointers. Pointer authentication instructions are allowed to be accessed from all ELs but only when EL3 explicitly allows for it; otherwise, their usage will trap to EL3. Since EL3 doesn't have trap handling in place, this patch unconditionally disables all related traps to EL3 to avoid potential misconfiguration leading to an unhandled EL3 exception. Fixes ARM-software/tf-issues#629 Change-Id: I9bd2efe0dc714196f503713b721ffbf05672c14d Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2018-10-03Introduce RECLAIM_INIT_CODE build flagDaniel Boulby
This patch introduces a build flag "RECLAIM_INIT_CODE" to mark boot time code which allows platforms to place this memory in an appropriate section to be reclaimed later. This features is primarily targeted for BL31. Appropriate documentation updates are also done. Change-Id: If0ca062851614805d769c332c771083d46599194 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
2018-10-02Merge pull request #1598 from soby-mathew/sm/docs_update_deprecate_1Soby Mathew
docs: update for removal of deprecated interfaces.
2018-10-01docs: update for removal of deprecated interfaces.Soby Mathew
Change-Id: I69e2720f534583a0f8d0e44f2e7b6f393f6fd093 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2018-09-28gic: Remove deprecated driver and interfacesAntonio Nino Diaz
Change-Id: I567a406edb090ae9d109382f6874846a79dd7473 Co-authored-by: Roberto Vargas <roberto.vargas@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-09-28Remove build option LOAD_IMAGE_V2Roberto Vargas
The code of LOAD_IMAGE_V2=0 has been removed. Change-Id: Iea03e5bebb90c66889bdb23f85c07d0c9717fffe Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-06-26ARM platforms: Initialize cntfrq for BL1 Firmware updateSoby Mathew
Currenly the CNTFRQ register and system timer is initialized in BL31 for use by the normal world. During firmware update, the NS-BL1 or NS-BL2U may need to access the system timer. Hence this patch duplicates the CNTFRQ and system timer initialization in BL1 as well. Signed-off-by: Soby Mathew <soby.mathew@arm.com> Change-Id: I1ede78b4ae64080fb418cb93f3e48b26d7b724dc
2018-06-11Adjust BL2_AT_EL3 memory layoutDimitris Papastamos
For the BL2_AT_EL3 configuration, move BL2 higher up to make more space for BL31. Adjust the BL31 limit to be up to BL2 base. This is because BL2 is always resident for the BL2_AT_EL3 configuration and thus we cannot overlay it with BL31. Change-Id: I71e89863ed48f5159e8b619f49c7c73b253397aa Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
2018-06-07docs: Firmware design update for BL memory layoutSoby Mathew
This patch updates the firmware design guide for the BL memory layout change on ARM platforms. Change-Id: Icbfe7249484bb8b4ba3c94421172d42f27605c52 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2018-03-15Update Arm TF references to TF-ADan Handley
Update Arm Trusted Firmware references in the upstream documents to Trusted Firmware-A (TF-A). This is for consistency with and disambiguation from Trusted Firmware-M (TF-M). Also update other Arm trademarks, e.g. ARM->Arm, ARMv8->Armv8-A. Change-Id: I8bb0e18af29c6744eeea2dc6c08f2c10b20ede22 Signed-off-by: Dan Handley <dan.handley@arm.com> Signed-off-by: David Cunado <david.cunado@arm.com>
2018-03-13Docs: Update design guide for dynamic configSoby Mathew
This patch updates the `firmware-design.rst` document for changes in ARM-TF for supporting dynamic configuration features as presented in `Secure Firmware BoF SFO'17`[1]. The patch also updates the user-guide for 2 build options for FVP pertaining to dynamic config. [1] https://www.slideshare.net/linaroorg/bof-device-tree-and-secure-firmware-bof-sfo17310 Change-Id: Ic099cf41e7f1a98718c39854e6286d884011d445 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2018-01-29Fix documentation for CnP bitSandrine Bailleux
The CnP bit documentation in the Firmware Design Guide incorrectly used the term "Page Entries" instead of "Processing Elements". Fix that. Change-Id: Ie44ee99c281b7b1a9ad90fba2c7d109f12425507 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2018-01-19Merge pull request #1200 from robertovargas-arm/bl2-el3davidcunado-arm
Add BL2_AT_EL3 build option
2018-01-18bl2-el3: Add documentation for BL2 at EL3Roberto Vargas
Update firmware-design.rst, porting-guide.rst and user-guide.rst with the information about BL2 at EL3. Firmware-design.rst is also update to explain how to test this feauture with FVP. Change-Id: I86d64bc64594e13eb041cea9cefa3f7f3fa745bd Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
2018-01-03docs: Update the ToC end marker description in the documentJett Zhou
Change-Id: I2e29a63f08aed3b8ea0bb10170a3d55b8d033e62 Signed-off-by: Jett Zhou <jett.zhou@arm.com> Signed-off-by: David Cunado <david.cunado@arm.com>
2017-11-23Merge pull request #1145 from etienne-lms/rfc-armv7-2davidcunado-arm
Support ARMv7 architectures
2017-11-15Move FPEXC32_EL2 to FP ContextDavid Cunado
The FPEXC32_EL2 register controls SIMD and FP functionality when the lower ELs are executing in AArch32 mode. It is architecturally mapped to AArch32 system register FPEXC. This patch removes FPEXC32_EL2 register from the System Register context and adds it to the floating-point context. EL3 only saves / restores the floating-point context if the build option CTX_INCLUDE_FPREGS is set to 1. The rationale for this change is that if the Secure world is using FP functionality and EL3 is not managing the FP context, then the Secure world will save / restore the appropriate FP registers. NOTE - this is a break in behaviour in the unlikely case that CTX_INCLUDE_FPREGS is set to 0 and the platform contains an AArch32 Secure Payload that modifies FPEXC, but does not save and restore this register Change-Id: Iab80abcbfe302752d52b323b4abcc334b585c184 Signed-off-by: David Cunado <david.cunado@arm.com>
2017-11-08ARMv7 target is driven by ARM_ARCH_MAJOR==7Etienne Carriere
External build environment shall sets directive ARM_ARCH_MAJOR to 7 to specify a target ARMv7-A core. As ARM-TF expects AARCH to be set, ARM_ARCH_MAJOR==7 mandates AARCH=aarch32. The toolchain target architecture/cpu is delegated after the platform configuration is parsed. Platform shall define target core through ARM_CORTEX_A<x>=yes, <x> being 5, 7, 9, 12, 15 and/or 17. Platform can bypass ARM_CORTEX_A<x>=yes directive and provide straight the toolchain target directive through MARCH32_DIRECTIVE. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
2017-10-31aarch64: Add PubSub events to capture security state transitionsDimitris Papastamos
Add events that trigger before entry to normal/secure world. The events trigger after the normal/secure context has been restored. Similarly add events that trigger after leaving normal/secure world. The events trigger after the normal/secure context has been saved. Change-Id: I1b48a7ea005d56b1f25e2b5313d77e67d2f02bc5 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
2017-10-23PSCI: Publish CPU ON eventJeenu Viswambharan
This allows other EL3 components to subscribe to CPU on events. Update Firmware Design guide to list psci_cpu_on_finish as an available event. Change-Id: Ida774afe0f9cdce4021933fcc33a9527ba7aaae2 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2017-10-23BL31: Introduce Publish and Subscribe frameworkJeenu Viswambharan
This light-weight framework enables some EL3 components to publish events which other EL3 components can subscribe to. Publisher can optionally pass opaque data for subscribers. The order in which subscribers are called is not defined. Firmware design updated. Change-Id: I24a3a70b2b1dedcb1f73cf48313818aebf75ebb6 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2017-10-21Merge pull request #1130 from jeenu-arm/gic-patchesdavidcunado-arm
New GIC APIs and specifying interrupt propertes
2017-10-17Merge pull request #1133 from geesun/qx/fixed_tbbr_doc_verdavidcunado-arm
docs: Update Trusted Board Boot Requirements document number
2017-10-16GIC: Allow specifying interrupt propertiesJeenu Viswambharan
The GIC driver initialization currently allows an array of interrupts to be configured as secure. Future use cases would require more interrupt configuration other than just security, such as priority. This patch introduces a new interrupt property array as part of both GICv2 and GICv3 driver data. The platform can populate the array with interrupt numbers and respective properties. The corresponding driver initialization iterates through the array, and applies interrupt configuration as required. This capability, and the current way of supplying array (or arrays, in case of GICv3) of secure interrupts, are however mutually exclusive. Henceforth, the platform should supply either: - A list of interrupts to be mapped as secure (the current way). Platforms that do this will continue working as they were. With this patch, this scheme is deprecated. - A list of interrupt properties (properties include interrupt group). Individual interrupt properties are specified via. descriptors of type 'interrupt_prop_desc_t', which can be populated with the macro INTR_PROP_DESC(). A run time assert checks that the platform doesn't specify both. Henceforth the old scheme of providing list of secure interrupts is deprecated. When built with ERROR_DEPRECATED=1, GIC drivers will require that the interrupt properties are supplied instead of an array of secure interrupts. Add a section to firmware design about configuring secure interrupts. Fixes ARM-software/tf-issues#262 Change-Id: I8eec29e72eb69dbb6bce77879febf32c95376942 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2017-10-16docs: Update Trusted Board Boot Requirements document numberQixiang Xu
Update DEN0006B-5(2013) to DEN0006C-1(2015) Change-Id: I753a14214dde827d004fd04c47b5ba112df38d73 Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
2017-10-13Update documentation to PSCI v1.1Roberto Vargas
This patch adds documentation about the new PCSI API to the porting guide and it also update the version and function list in the firmware design. Change-Id: Ie4edd190926a501922c061f5fcad53c9b389e331 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
2017-08-30Merge pull request #1066 from islmit01/im/enable_cnp_bitdanh-arm
Enable CnP bit for ARMv8.2 CPUs
2017-08-25Merge pull request #1067 from jeenu-arm/rst-fixdavidcunado-arm
firmware-design.rst: Fix formatting
2017-08-24Enable CnP bit for ARMv8.2 CPUsIsla Mitchell
This patch enables the CnP (Common not Private) bit for secure page tables so that multiple PEs in the same Inner Shareable domain can use the same translation table entries for a given stage of translation in a particular translation regime. This only takes effect when ARM Trusted Firmware is built with ARM_ARCH_MINOR >= 2. ARM Trusted Firmware Design has been updated to include a description of this feature usage. Change-Id: I698305f047400119aa1900d34c65368022e410b8 Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
2017-08-24firmware-design.rst: Fix formattingJeenu Viswambharan
The format conversion wrongly formatted a couple of sections. These were also missing from the Table of Contents. Change-Id: I324216c27e7b4711e6cc5e25782f4b53842140cc Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2017-08-23doc: minor typo fixEtienne Carriere
Change-Id: I00fae047dea0eaf7e60037598af020817c66f659 Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
2017-08-08Add documentation of the xlat tables library V2Antonio Nino Diaz
The documentation describes the design of the translation tables library version 2 used by the ARM Trusted Firmware. The diagram file has been created with Dia version 0.97.2. This tool can be obtained from: https://wiki.gnome.org/Apps/Dia/Download Inkscape has been used to generate the *.png file from the *.dia file to work around a bug in the generation of *.png files in some versions of Dia. Change-Id: Ie67d9998d4ae881b2c060200a318ad3ac2fa5e91 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-06-29Manual fixes to reST documentationsDouglas Raillard
Non-automated fixes to the converted documentation. Change-Id: I61f3d37c7a8d6a56a7351048060b970c5b3751e4 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
2017-06-29Convert documentation to reStructuredTextDouglas Raillard
Due to recent issues in the rendering of the documentation on GitHub and some long-standing issues like the lack of automatic table of content in Markdown, the documentation has been converted to reStructuredText. Basic constructs looks pretty similar to Markdown. Automatically convert GitHub markdown documentation to reStructuredText using pandoc. Change-Id: If20b695acedc6d1b49c8d9fb64efd6b6ba23f4a9 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>