Merge pull request #1898 from hadi-asyrafi/watchdog
intel: Enable watchdog timer on Intel S10 platform
diff --git a/Makefile b/Makefile
index 8656da5..f3312c6 100644
--- a/Makefile
+++ b/Makefile
@@ -8,7 +8,7 @@
# Trusted Firmware Version
#
VERSION_MAJOR := 2
-VERSION_MINOR := 0
+VERSION_MINOR := 1
# Default goal is build all images
.DEFAULT_GOAL := all
@@ -478,6 +478,12 @@
ifeq ($(ENABLE_PAUTH),1)
ifeq ($(CTX_INCLUDE_PAUTH_REGS),0)
$(error ENABLE_PAUTH=1 requires CTX_INCLUDE_PAUTH_REGS=1)
+ else
+ $(info ENABLE_PAUTH and CTX_INCLUDE_PAUTH_REGS are experimental features)
+ endif
+else
+ ifeq ($(CTX_INCLUDE_PAUTH_REGS),1)
+ $(info CTX_INCLUDE_PAUTH_REGS is an experimental feature)
endif
endif
diff --git a/bl31/aarch64/bl31_entrypoint.S b/bl31/aarch64/bl31_entrypoint.S
index 065edff..f24458c 100644
--- a/bl31/aarch64/bl31_entrypoint.S
+++ b/bl31/aarch64/bl31_entrypoint.S
@@ -23,7 +23,6 @@
*/
func bl31_entrypoint
-#if !RESET_TO_BL31
/* ---------------------------------------------------------------
* Stash the previous bootloader arguments x0 - x3 for later use.
* ---------------------------------------------------------------
@@ -33,6 +32,18 @@
mov x22, x2
mov x23, x3
+ /* --------------------------------------------------------------------
+ * If PIE is enabled, fixup the Global descriptor Table and dynamic
+ * relocations
+ * --------------------------------------------------------------------
+ */
+#if ENABLE_PIE
+ mov_imm x0, BL31_BASE
+ mov_imm x1, BL31_LIMIT
+ bl fixup_gdt_reloc
+#endif /* ENABLE_PIE */
+
+#if !RESET_TO_BL31
/* ---------------------------------------------------------------------
* For !RESET_TO_BL31 systems, only the primary CPU ever reaches
* bl31_entrypoint() during the cold boot flow, so the cold/warm boot
@@ -50,6 +61,7 @@
_init_c_runtime=1 \
_exception_vectors=runtime_exceptions
#else
+
/* ---------------------------------------------------------------------
* For RESET_TO_BL31 systems which have a programmable reset address,
* bl31_entrypoint() is executed only on the cold boot path so we can
@@ -77,17 +89,6 @@
#endif /* RESET_TO_BL31 */
/* --------------------------------------------------------------------
- * If PIE is enabled, fixup the Global descriptor Table and dynamic
- * relocations
- * --------------------------------------------------------------------
- */
-#if ENABLE_PIE
- mov_imm x0, BL31_BASE
- mov_imm x1, BL31_LIMIT
- bl fixup_gdt_reloc
-#endif /* ENABLE_PIE */
-
- /* --------------------------------------------------------------------
* Perform BL31 setup
* --------------------------------------------------------------------
*/
diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S
index aa9d007..c295176 100644
--- a/bl31/aarch64/runtime_exceptions.S
+++ b/bl31/aarch64/runtime_exceptions.S
@@ -419,6 +419,9 @@
*/
mov x0, #SMC_UNK
str x0, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
+#if CTX_INCLUDE_PAUTH_REGS
+ bl pauth_context_save
+#endif
b restore_gp_registers_eret
smc_prohibited:
diff --git a/docs/change-log.rst b/docs/change-log.rst
index b0ef422..d652ff6 100644
--- a/docs/change-log.rst
+++ b/docs/change-log.rst
@@ -4,6 +4,450 @@
.. contents::
+Trusted Firmware-A - version 2.1
+================================
+
+New Features
+------------
+
+- Architecture
+ - Support for ARMv8.3 pointer authentication in the normal and secure worlds
+
+ The use of pointer authentication in the normal world is enabled whenever
+ architectural support is available, without the need for additional build
+ flags.
+
+ Use of pointer authentication in the secure world remains an
+ experimental configuration at this time. Using both the ``ENABLE_PAUTH``
+ and ``CTX_INCLUDE_PAUTH_REGS`` build flags, pointer authentication can be
+ enabled in EL3 and S-EL1/0.
+
+ See the `Firmware Design`_ document for additional details on the use of
+ pointer authentication.
+
+ - Enable Data Independent Timing (DIT) in EL3, where supported
+
+- Build System
+ - Support for BL-specific build flags
+
+ - Support setting compiler target architecture based on ``ARM_ARCH_MINOR``
+ build option.
+
+ - New ``RECLAIM_INIT_CODE`` build flag:
+
+ A significant amount of the code used for the initialization of BL31 is
+ not needed again after boot time. In order to reduce the runtime memory
+ footprint, the memory used for this code can be reclaimed after
+ initialization.
+
+ Certain boot-time functions were marked with the ``__init`` attribute to
+ enable this reclamation.
+
+- CPU Support
+ - cortex-a76: Workaround for erratum 1073348
+ - cortex-a76: Workaround for erratum 1220197
+ - cortex-a76: Workaround for erratum 1130799
+
+ - cortex-a75: Workaround for erratum 790748
+ - cortex-a75: Workaround for erratum 764081
+
+ - cortex-a73: Workaround for erratum 852427
+ - cortex-a73: Workaround for erratum 855423
+
+ - cortex-a57: Workaround for erratum 817169
+ - cortex-a57: Workaround for erratum 814670
+
+ - cortex-a55: Workaround for erratum 903758
+ - cortex-a55: Workaround for erratum 846532
+ - cortex-a55: Workaround for erratum 798797
+ - cortex-a55: Workaround for erratum 778703
+ - cortex-a55: Workaround for erratum 768277
+
+ - cortex-a53: Workaround for erratum 819472
+ - cortex-a53: Workaround for erratum 824069
+ - cortex-a53: Workaround for erratum 827319
+
+ - cortex-a17: Workaround for erratum 852423
+ - cortex-a17: Workaround for erratum 852421
+
+ - cortex-a15: Workaround for erratum 816470
+ - cortex-a15: Workaround for erratum 827671
+
+- Documentation
+ - Exception Handling Framework documentation
+
+ - Library at ROM (romlib) documentation
+
+ - RAS framework documentation
+
+ - Coding Guidelines document
+
+- Drivers
+ - ccn: Add API for setting and reading node registers
+ - Adds ``ccn_read_node_reg`` function
+ - Adds ``ccn_write_node_reg`` function
+
+ - partition: Support MBR partition entries
+
+ - scmi: Add ``plat_css_get_scmi_info`` function
+
+ Adds a new API ``plat_css_get_scmi_info`` which lets the platform
+ register a platform-specific instance of ``scmi_channel_plat_info_t`` and
+ remove the default values
+
+ - tzc380: Add TZC-380 TrustZone Controller driver
+
+ - tzc-dmc620: Add driver to manage the TrustZone Controller within the
+ DMC-620 Dynamic Memory Controller
+
+- Library at ROM (romlib)
+ - Add platform-specific jump table list
+
+ - Allow patching of romlib functions
+
+ This change allows patching of functions in the romlib. This can be done by
+ adding "patch" at the end of the jump table entry for the function that
+ needs to be patched in the file jmptbl.i.
+
+- Library Code
+ - Support non-LPAE-enabled MMU tables in AArch32
+
+ - mmio: Add ``mmio_clrsetbits_16`` function
+ - 16-bit variant of ``mmio_clrsetbits``
+
+ - object_pool: Add Object Pool Allocator
+ - Manages object allocation using a fixed-size static array
+ - Adds ``pool_alloc`` and ``pool_alloc_n`` functions
+ - Does not provide any functions to free allocated objects (by design)
+
+ - libc: Added ``strlcpy`` function
+
+ - libc: Import ``strrchr`` function from FreeBSD
+
+ - xlat_tables: Add support for ARMv8.4-TTST
+
+ - xlat_tables: Support mapping regions without an explicitly specified VA
+
+- Math
+ - Added softudiv macro to support software division
+
+- Memory Partitioning And Monitoring (MPAM)
+ - Enabled MPAM EL2 traps (``MPAMHCR_EL2`` and ``MPAM_EL2``)
+
+- Platforms
+ - amlogic: Add support for Meson S905 (GXBB)
+
+ - arm/fvp_ve: Add support for FVP Versatile Express platform
+
+ - arm/n1sdp: Add support for Neoverse N1 System Development platform
+
+ - arm/rde1edge: Add support for Neoverse E1 platform
+
+ - arm/rdn1edge: Add support for Neoverse N1 platform
+
+ - arm: Add support for booting directly to Linux without an intermediate
+ loader (AArch32)
+
+ - arm/juno: Enable new CPU errata workarounds for A53 and A57
+
+ - arm/juno: Add romlib support
+
+ Building a combined BL1 and ROMLIB binary file with the correct page
+ alignment is now supported on the Juno platform. When ``USE_ROMLIB`` is set
+ for Juno, it generates the combined file ``bl1_romlib.bin`` which needs to
+ be used instead of bl1.bin.
+
+ - intel/stratix: Add support for Intel Stratix 10 SoC FPGA platform
+
+ - marvell: Add support for Armada-37xx SoC platform
+
+ - nxp: Add support for i.MX8M and i.MX7 Warp7 platforms
+
+ - renesas: Add support for R-Car Gen3 platform
+
+ - xilinx: Add support for Versal ACAP platforms
+
+- Position-Independent Executable (PIE)
+
+ PIE support has initially been added to BL31. The ``ENABLE_PIE`` build flag is
+ used to enable or disable this functionality as required.
+
+- Secure Partition Manager
+ - New SPM implementation based on SPCI Alpha 1 draft specification
+
+ A new version of SPM has been implemented, based on the SPCI (Secure
+ Partition Client Interface) and SPRT (Secure Partition Runtime) draft
+ specifications.
+
+ The new implementation is a prototype that is expected to undergo intensive
+ rework as the specifications change. It has basic support for multiple
+ Secure Partitions and Resource Descriptions.
+
+ The older version of SPM, based on MM (ARM Management Mode Interface
+ Specification), is still present in the codebase. A new build flag,
+ ``SPM_MM`` has been added to allow selection of the desired implementation.
+ This flag defaults to 1, selecting the MM-based implementation.
+
+- Security
+ - Spectre Variant-1 mitigations (``CVE-2017-5753``)
+
+ - Use Speculation Store Bypass Safe (SSBS) functionality where available
+
+ Provides mitigation against ``CVE-2018-19440`` (Not saving x0 to x3
+ registers can leak information from one Normal World SMC client to another)
+
+
+Changed
+-------
+
+- Build System
+ - Warning levels are now selectable with ``W=<1,2,3>``
+
+ - Removed unneeded include paths in PLAT_INCLUDES
+
+ - "Warnings as errors" (Werror) can be disabled using ``E=0``
+
+ - Support totally quiet output with ``-s`` flag
+
+ - Support passing options to checkpatch using ``CHECKPATCH_OPTS=<opts>``
+
+ - Invoke host compiler with ``HOSTCC / HOSTCCFLAGS`` instead of ``CC / CFLAGS``
+
+ - Make device tree pre-processing similar to U-boot/Linux by:
+ - Creating separate ``CPPFLAGS`` for DT preprocessing so that compiler
+ options specific to it can be accommodated.
+ - Replacing ``CPP`` with ``PP`` for DT pre-processing
+
+- CPU Support
+ - Errata report function definition is now mandatory for CPU support files
+
+ CPU operation files must now define a ``<name>_errata_report`` function to
+ print errata status. This is no longer a weak reference.
+
+- Documentation
+ - Migrated some content from GitHub wiki to ``docs/`` directory
+
+ - Security advisories now have CVE links
+
+ - Updated copyright guidelines
+
+- Drivers
+ - console: The ``MULTI_CONSOLE_API`` framework has been rewritten in C
+
+ - console: Ported multi-console driver to AArch32
+
+ - gic: Remove 'lowest priority' constants
+
+ Removed ``GIC_LOWEST_SEC_PRIORITY`` and ``GIC_LOWEST_NS_PRIORITY``.
+ Platforms should define these if required, or instead determine the correct
+ priority values at runtime.
+
+ - delay_timer: Check that the Generic Timer extension is present
+
+ - mmc: Increase command reply timeout to 10 milliseconds
+
+ - mmc: Poll eMMC device status to ensure ``EXT_CSD`` command completion
+
+ - mmc: Correctly check return code from ``mmc_fill_device_info``
+
+- External Libraries
+
+ - libfdt: Upgraded from 1.4.2 to 1.4.6-9
+
+ - mbed TLS: Upgraded from 2.12 to 2.16
+
+ This change incorporates fixes for security issues that should be reviewed
+ to determine if they are relevant for software implementations using
+ Trusted Firmware-A. See the `mbed TLS releases`_ page for details on
+ changes from the 2.12 to the 2.16 release.
+
+- Library Code
+ - compiler-rt: Updated ``lshrdi3.c`` and ``int_lib.h`` with changes from
+ LLVM master branch (r345645)
+
+ - cpu: Updated macro that checks need for ``CVE-2017-5715`` mitigation
+
+ - libc: Made setjmp and longjmp C standard compliant
+
+ - libc: Allowed overriding the default libc (use ``OVERRIDE_LIBC``)
+
+ - libc: Moved setjmp and longjmp to the ``libc/`` directory
+
+- Platforms
+ - Removed Mbed TLS dependency from plat_bl_common.c
+
+ - arm: Removed unused ``ARM_MAP_BL_ROMLIB`` macro
+
+ - arm: Removed ``ARM_BOARD_OPTIMISE_MEM`` feature and build flag
+
+ - arm: Moved several components into ``drivers/`` directory
+
+ This affects the SDS, SCP, SCPI, MHU and SCMI components
+
+ - arm/juno: Increased maximum BL2 image size to ``0xF000``
+
+ This change was required to accommodate a larger ``libfdt`` library
+
+- SCMI
+ - Optimized bakery locks when hardware-assisted coherency is enabled using the
+ ``HW_ASSISTED_COHERENCY`` build flag
+
+- SDEI
+ - Added support for unconditionally resuming secure world execution after
+ SDEI event processing completes
+
+ SDEI interrupts, although targeting EL3, occur on behalf of the non-secure
+ world, and may have higher priority than secure world
+ interrupts. Therefore they might preempt secure execution and yield
+ execution to the non-secure SDEI handler. Upon completion of SDEI event
+ handling, resume secure execution if it was preempted.
+
+- Translation Tables (XLAT)
+ - Dynamically detect need for ``Common not Private (TTBRn_ELx.CnP)`` bit
+
+ Properly handle the case where ``ARMv8.2-TTCNP`` is implemented in a CPU
+ that does not implement all mandatory v8.2 features (and so must claim to
+ implement a lower architecture version).
+
+
+Resolved Issues
+---------------
+
+- Architecture
+ - Incorrect check for SSBS feature detection
+
+ - Unintentional register clobber in AArch32 reset_handler function
+
+- Build System
+ - Dependency issue during DTB image build
+
+ - Incorrect variable expansion in Arm platform makefiles
+
+ - Building on Windows with verbose mode (``V=1``) enabled is broken
+
+ - AArch32 compilation flags is missing ``$(march32-directive)``
+
+- BL-Specific Issues
+ - bl2: ``uintptr_t is not defined`` error when ``BL2_IN_XIP_MEM`` is defined
+
+ - bl2: Missing prototype warning in ``bl2_arch_setup``
+
+ - bl31: Omission of Global Offset Table (GOT) section
+
+- Code Quality Issues
+ - Multiple MISRA compliance issues
+
+ - Potential NULL pointer dereference (Coverity-detected)
+
+- Drivers
+ - mmc: Local declaration of ``scr`` variable causes a cache issue when
+ invalidating after the read DMA transfer completes
+
+ - mmc: ``ACMD41`` does not send voltage information during initialization,
+ resulting in the command being treated as a query. This prevents the
+ command from initializing the controller.
+
+ - mmc: When checking device state using ``mmc_device_state()`` there are no
+ retries attempted in the event of an error
+
+ - ccn: Incorrect Region ID calculation for RN-I nodes
+
+ - console: ``Fix MULTI_CONSOLE_API`` when used as a crash console
+
+ - partition: Improper NULL checking in gpt.c
+
+ - partition: Compilation failure in ``VERBOSE`` mode (``V=1``)
+
+- Library Code
+ - common: Incorrect check for Address Authentication support
+
+ - xlat: Fix XLAT_V1 / XLAT_V2 incompatibility
+
+ The file ``arm_xlat_tables.h`` has been renamed to ``xlat_tables_compat.h``
+ and has been moved to a common folder. This header can be used to guarantee
+ compatibility, as it includes the correct header based on
+ ``XLAT_TABLES_LIB_V2``.
+
+ - xlat: armclang unused-function warning on ``xlat_clean_dcache_range``
+
+ - xlat: Invalid ``mm_cursor`` checks in ``mmap_add`` and ``mmap_add_ctx``
+
+ - sdei: Missing ``context.h`` header
+
+- Platforms
+ - common: Missing prototype warning for ``plat_log_get_prefix``
+
+ - arm: Insufficient maximum BL33 image size
+
+ - arm: Potential memory corruption during BL2-BL31 transition
+
+ On Arm platforms, the BL2 memory can be overlaid by BL31/BL32. The memory
+ descriptors describing the list of executable images are created in BL2
+ R/W memory, which could be possibly corrupted later on by BL31/BL32 due
+ to overlay. This patch creates a reserved location in SRAM for these
+ descriptors and are copied over by BL2 before handing over to next BL
+ image.
+
+ - juno: Invalid behaviour when ``CSS_USE_SCMI_SDS_DRIVER`` is not set
+
+ In ``juno_pm.c`` the ``css_scmi_override_pm_ops`` function was used
+ regardless of whether the build flag was set. The original behaviour has
+ been restored in the case where the build flag is not set.
+
+- Tools
+ - fiptool: Incorrect UUID parsing of blob parameters
+
+ - doimage: Incorrect object rules in Makefile
+
+
+Deprecations
+------------
+
+- Common Code
+ - ``plat_crash_console_init`` function
+
+ - ``plat_crash_console_putc`` function
+
+ - ``plat_crash_console_flush`` function
+
+ - ``finish_console_register`` macro
+
+- AArch64-specific Code
+ - helpers: ``get_afflvl_shift``
+
+ - helpers: ``mpidr_mask_lower_afflvls``
+
+ - helpers: ``eret``
+
+- Secure Partition Manager (SPM)
+ - Boot-info structure
+
+
+Known Issues
+------------
+
+- Build System Issues
+ - dtb: DTB creation not supported when building on a Windows host.
+
+ This step in the build process is skipped when running on a Windows host. A
+ known issue from the 1.6 release.
+
+- Platform Issues
+ - arm/juno: System suspend from Linux does not function as documented in the
+ user guide
+
+ Following the instructions provided in the user guide document does not
+ result in the platform entering system suspend state as expected. A message
+ relating to the hdlcd driver failing to suspend will be emitted on the
+ Linux terminal.
+
+ - arm/juno: The firmware update use-cases do not work with motherboard
+ firmware version < v1.5.0 (the reset reason is not preserved). The Linaro
+ 18.04 release has MB v1.4.9. The MB v1.5.0 is available in Linaro 18.10
+ release.
+
+ - mediatek/mt6795: This platform does not build in this release
+
Trusted Firmware-A - version 2.0
================================
@@ -1983,3 +2427,5 @@
.. _OP-TEE Dispatcher: optee-dispatcher.rst
.. _tf-issue#501: https://github.com/ARM-software/tf-issues/issues/501
.. _PR#1002: https://github.com/ARM-software/arm-trusted-firmware/pull/1002#issuecomment-312650193
+.. _mbed TLS releases: https://tls.mbed.org/tech-updates/releases
+.. _Firmware Design: firmware-design.rst
diff --git a/docs/contents.rst b/docs/contents.rst
new file mode 100644
index 0000000..4b3f74f
--- /dev/null
+++ b/docs/contents.rst
@@ -0,0 +1,165 @@
+Trusted Firmware-A Documentation Contents
+=========================================
+
+This document serves as a list of the documentation that is included with the
+Trusted Firmware-A source.
+
+Introduction
+------------
+
+`About Trusted Firmware-A`_
+
+Getting Started
+---------------
+
+`Frequently-Asked Questions (FAQ)`_
+
+`Image Terminology`_
+
+`Porting Guide`_
+
+`User Guide`_
+
+Contributing
+------------
+
+`Coding Style and Guidelines`_
+
+`Contributor Acknowledgements`_
+
+`Contributor's Guide`_
+
+`License`_
+
+`Maintainers`_
+
+Processes and Policies
+----------------------
+
+`Platform Compatibility Policy`_
+
+`Release Processes`_
+
+Secure Payload Dispatch
+-----------------------
+
+`OP-TEE Dispatcher`_
+
+`Trusted Little Kernel (TLK) Dispatcher`_
+
+`Trusty Dispatcher`_
+
+System Design and Components
+----------------------------
+
+`Arm CPU Specific Build Macros`_
+
+`Arm SiP Services`_
+
+`Authentication Framework & Chain of Trust`_
+
+`CPU Reset`_
+
+`EL3 Runtime Service Writer’s Guide`_
+
+`Exception Handling Framework`_
+
+`Firmware Design Overview`_
+
+`Firmware Update (FWU)`_
+
+`Interrupt Management Framework`_
+
+`Library at ROM`_
+
+`Platform Interrupt Controller API`_
+
+`PSCI Library Integration Guide for Armv8-A AArch32 systems`_
+
+`PSCI Power Domain Tree design`_
+
+`Reliability, Availability, and Serviceability (RAS) Extensions`_
+
+`Secure Partition Manager`_
+
+`Software Delegated Exception Interface`_
+
+`Translation (XLAT) Tables Library`_
+
+`Trusted Board Boot Design Guide`_
+
+Performance and Testing
+-----------------------
+
+`PSCI Performance Measurements on Arm Juno Development Platform`_
+
+Security and Advisories
+-----------------------
+
+`Security Processes`_
+
+`TFV-1`_
+
+`TFV-2`_
+
+`TFV-3`_
+
+`TFV-4`_
+
+`TFV-5`_
+
+`TFV-6`_
+
+`TFV-7`_
+
+`TFV-8`_
+
+Other Documents
+---------------
+
+`Change Log`_
+
+.. _About Trusted Firmware-A: ../readme.rst
+.. _Frequently-Asked Questions (FAQ): ./frequently-asked-questions.rst
+.. _Image Terminology: ./image-terminology.rst
+.. _Porting Guide: ./porting-guide.rst
+.. _User Guide: ./user-guide.rst
+.. _Coding Style and Guidelines: ./coding-guidelines.rst
+.. _Contributor Acknowledgements: ../acknowledgements.rst
+.. _`Contributor's Guide`: ../contributing.rst
+.. _License: ../license.rst
+.. _Maintainers: ../maintainers.rst
+.. _Platform Compatibility Policy: ./platform-compatibility-policy.rst
+.. _Release Processes: ./release-information.rst
+.. _Arm SiP Services: ./arm-sip-service.rst
+.. _Exception Handling Framework: ./exception-handling.rst
+.. _Firmware Update (FWU): ./firmware-update.rst
+.. _Interrupt Management Framework: ./interrupt-framework-design.rst
+.. _Library at ROM: ./romlib-design.rst
+.. _Platform Interrupt Controller API: ./platform-interrupt-controller-API.rst
+.. _`Reliability, Availability, and Serviceability (RAS) Extensions`: ./ras.rst
+.. _Secure Partition Manager: ./secure-partition-manager-design.rst
+.. _Software Delegated Exception Interface: ./sdei.rst
+.. _Translation (XLAT) Tables Library: ./xlat-tables-lib-v2-design.rst
+.. _OP-TEE Dispatcher: ./spd/optee-dispatcher.rst
+.. _Trusted Little Kernel (TLK) Dispatcher: ./spd/tlk-dispatcher.rst
+.. _Trusty Dispatcher: ./spd/trusty-dispatcher.rst
+.. _Arm CPU Specific Build Macros: ./cpu-specific-build-macros.rst
+.. _`Authentication Framework & Chain of Trust`: ./auth-framework.rst
+.. _CPU Reset: ./reset-design.rst
+.. _`EL3 Runtime Service Writer’s Guide`: ./rt-svc-writers-guide.rst
+.. _Firmware Design Overview: ./firmware-design.rst
+.. _PSCI Library Integration Guide for Armv8-A AArch32 systems: ./psci-lib-integration-guide.rst
+.. _PSCI Power Domain Tree design: ./psci-pd-tree.rst
+.. _Trusted Board Boot Design Guide: ./trusted-board-boot.rst
+.. _PSCI Performance Measurements on Arm Juno Development Platform: ./psci-performance-juno.rst
+.. _Security Processes: ./security-center.rst
+.. _Change Log: ./change-log.rst
+.. _TFV-1: ./security_advisories/security-advisory-tfv-1.rst
+.. _TFV-2: ./security_advisories/security-advisory-tfv-2.rst
+.. _TFV-3: ./security_advisories/security-advisory-tfv-3.rst
+.. _TFV-4: ./security_advisories/security-advisory-tfv-4.rst
+.. _TFV-5: ./security_advisories/security-advisory-tfv-5.rst
+.. _TFV-6: ./security_advisories/security-advisory-tfv-6.rst
+.. _TFV-7: ./security_advisories/security-advisory-tfv-7.rst
+.. _TFV-8: ./security_advisories/security-advisory-tfv-8.rst
diff --git a/docs/firmware-design.rst b/docs/firmware-design.rst
index 52520ea..66b16fa 100644
--- a/docs/firmware-design.rst
+++ b/docs/firmware-design.rst
@@ -2565,11 +2565,16 @@
must be set to 1. This will add all pointer authentication system registers
to the context that is saved when doing a world switch.
- The Trusted Firmware itself has support for pointer authentication at runtime
+ The TF-A itself has support for pointer authentication at runtime
that can be enabled by setting both options ``ENABLE_PAUTH`` and
``CTX_INCLUDE_PAUTH_REGS`` to 1. This enables pointer authentication in BL1,
BL2, BL31, and the TSP if it is used.
+ These options are experimental features.
+
+ Note that Pointer Authentication is enabled for Non-secure world irrespective
+ of the value of these build flags if the CPU supports it.
+
If ``ARM_ARCH_MAJOR == 8`` and ``ARM_ARCH_MINOR >= 3`` the code footprint of
enabling PAuth is lower because the compiler will use the optimized
PAuth instructions rather than the backwards-compatible ones.
diff --git a/docs/romlib-design.rst b/docs/romlib-design.rst
index 34a7980..4195721 100644
--- a/docs/romlib-design.rst
+++ b/docs/romlib-design.rst
@@ -85,12 +85,12 @@
1. ``gentbl.sh`` - Generates the jump table by parsing the index file.
2. ``genvar.sh`` - Generates the jump table global variable (**not** the jump
-table itself) with the absolute address in ROM. This global variable is,
-basically, a pointer to the jump table.
+ table itself) with the absolute address in ROM. This global variable is,
+ basically, a pointer to the jump table.
3. ``genwrappers.sh`` - Generates a wrapper function for each entry in the index
-file except for the ones that contain the keyword ``patch``. The generated
-wrapper file is called ``<lib>_<fn_name>.S``.
+ file except for the ones that contain the keyword ``patch``. The generated
+ wrapper file is called ``<lib>_<fn_name>.S``.
Patching of functions in library at ROM
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -108,6 +108,8 @@
~~~~~~~~~~~~~~~~~~~~~
The environment variable ``CROSS_COMPILE`` must be set as per the user guide.
+In the below example the usage of ROMLIB together with mbed TLS is demonstrated
+to showcase the benefits of library at ROM - it's not mandatory.
::
@@ -120,6 +122,12 @@
USE_ROMLIB=1 \
all fip
+Known issue
+-----------
+When building library at ROM, a clean build is always required. This is
+necessary when changes are made to the index files, e.g. adding new functions,
+patching existing ones etc.
+
--------------
*Copyright (c) 2019, Arm Limited. All rights reserved.*
diff --git a/docs/user-guide.rst b/docs/user-guide.rst
index de4611c..0848769 100644
--- a/docs/user-guide.rst
+++ b/docs/user-guide.rst
@@ -56,11 +56,12 @@
TF-A has been tested with Linaro Release 18.04.
-Download and install the AArch32 or AArch64 little-endian GCC cross compiler.
-The `Linaro Release Notes`_ documents which version of the compiler to use for a
-given Linaro Release. Also, these `Linaro instructions`_ provide further
-guidance and a script, which can be used to download Linaro deliverables
-automatically.
+Download and install the AArch32 or AArch64 little-endian GCC cross compiler. If
+you would like to use the latest features available, download GCC 8.2-2019.01
+compiler from `arm Developer page`_. Otherwise, the `Linaro Release Notes`_
+documents which version of the compiler to use for a given Linaro Release. Also,
+these `Linaro instructions`_ provide further guidance and a script, which can be
+used to download Linaro deliverables automatically.
Optionally, TF-A can be built using clang version 4.0 or newer or Arm
Compiler 6. See instructions below on how to switch the default compiler.
@@ -358,11 +359,12 @@
registers to be included when saving and restoring the CPU context. Default
is 0.
-- ``CTX_INCLUDE_PAUTH_REGS``: Boolean option that, when set to 1, will cause
- the ARMv8.3-PAuth registers to be included when saving and restoring the CPU
- context. Note that if the hardware supports this extension and this option is
- set to 0 the value of the registers will be leaked between Secure and
- Non-secure worlds if PAuth is used on both sides. The default is 0.
+- ``CTX_INCLUDE_PAUTH_REGS``: Boolean option that, when set to 1, enables
+ Pointer Authentication for Secure world. This will cause the ARMv8.3-PAuth
+ registers to be included when saving and restoring the CPU context as
+ part of world switch. Default value is 0 and this is an experimental feature.
+ Note that Pointer Authentication is enabled for Non-secure world irrespective
+ of the value of this flag if the CPU supports it.
- ``DEBUG``: Chooses between a debug and release build. It can take either 0
(release) or 1 (debug) as values. 0 is the default.
@@ -412,11 +414,11 @@
and use partitions in EL3 as required. This option defaults to ``0``.
- ``ENABLE_PAUTH``: Boolean option to enable ARMv8.3 Pointer Authentication
- (``ARMv8.3-PAuth``) support in the Trusted Firmware itself. Note that this
- option doesn't affect the saving of the registers introduced with this
- extension, they are always saved if they are detected regardless of the value
- of this option. If enabled, it is needed to use a compiler that supports the
- option ``-msign-return-address``. It defaults to 0.
+ support for TF-A BL images itself. If enabled, it is needed to use a compiler
+ that supports the option ``-msign-return-address``. This flag defaults to 0
+ and this is an experimental feature.
+ Note that Pointer Authentication is enabled for Non-secure world irrespective
+ of the value of this flag if the CPU supports it.
- ``ENABLE_PIE``: Boolean option to enable Position Independent Executable(PIE)
support within generic code in TF-A. This option is currently only supported
@@ -741,6 +743,11 @@
(Coherent memory region is included) or 0 (Coherent memory region is
excluded). Default is 1.
+- ``USE_ROMLIB``: This flag determines whether library at ROM will be used.
+ This feature creates a library of functions to be placed in ROM and thus
+ reduces SRAM usage. Refer to `Library at ROM`_ for further details. Default
+ is 0.
+
- ``V``: Verbose build. If assigned anything other than 0, the build commands
are printed. Default is 0.
@@ -1008,18 +1015,13 @@
::
- make PLAT=fvp BL33=<path/to/bl33.bin> fip
+ make PLAT=fvp BL33=<path-to>/bl33.bin fip
For AArch32:
::
- make PLAT=fvp ARCH=aarch32 AARCH32_SP=sp_min BL33=<path/to/bl33.bin> fip
-
-Note that AArch32 support for Normal world boot loader (BL33), like U-boot or
-UEFI, on FVP is not available upstream. Hence custom solutions are required to
-allow Linux boot on FVP. These instructions assume such a custom boot loader
-(BL33) is available.
+ make PLAT=fvp ARCH=aarch32 AARCH32_SP=sp_min BL33=<path-to>/bl33.bin fip
The resulting FIP may be found in:
@@ -1049,7 +1051,7 @@
./tools/fiptool/fiptool
-Invoking the tool with ``--help`` will print a help message with all available
+Invoking the tool with ``help`` will print a help message with all available
options.
Example 1: create a new Firmware package ``fip.bin`` that contains BL2 and BL31:
@@ -1270,8 +1272,7 @@
make [DEBUG=1] [V=1] fiptool
# Unpack firmware images from Linaro FIP
- ./tools/fiptool/fiptool unpack \
- <path/to/linaro/release>/fip.bin
+ ./tools/fiptool/fiptool unpack <path-to-linaro-release>/fip.bin
The unpack operation will result in a set of binary images extracted to the
current working directory. The SCP_BL2 image corresponds to
@@ -1281,8 +1282,8 @@
exist in the current directory. If that is the case, either delete those
files or use the ``--force`` option to overwrite.
- Note: For AArch32, the instructions below assume that nt-fw.bin is a custom
- Normal world boot loader that supports AArch32.
+ Note: For AArch32, the instructions below assume that nt-fw.bin is a normal
+ world boot loader that supports AArch32.
#. Build TF-A images and create a new FIP for FVP
@@ -1303,9 +1304,7 @@
::
- make PLAT=juno all fip \
- BL33=<path-to-juno-oe-uboot>/SOFTWARE/bl33-uboot.bin \
- SCP_BL2=<path-to-juno-busybox-uboot>/SOFTWARE/scp_bl2.bin
+ make PLAT=juno BL33=nt-fw.bin SCP_BL2=scp-fw.bin all fip
For AArch32:
@@ -1327,6 +1326,13 @@
make ARCH=aarch32 PLAT=juno AARCH32_SP=sp_min \
RESET_TO_SP_MIN=1 JUNO_AARCH32_EL3_RUNTIME=1 bl32
+ - Save ``bl32.bin`` to a temporary location and clean the build products.
+
+ ::
+
+ cp <path-to-build>/bl32.bin <path-to-temporary>
+ make realclean
+
- Before building BL1 and BL2, the environment variable ``CROSS_COMPILE``
must point to the AArch64 Linaro cross compiler.
@@ -1340,9 +1346,8 @@
::
make ARCH=aarch64 PLAT=juno JUNO_AARCH32_EL3_RUNTIME=1 \
- BL33=<path-to-juno32-oe-uboot>/SOFTWARE/bl33-uboot.bin \
- SCP_BL2=<path-to-juno32-oe-uboot>/SOFTWARE/scp_bl2.bin \
- BL32=<path-to-bl32>/bl32.bin all fip
+ BL33=nt-fw.bin SCP_BL2=scp-fw.bin \
+ BL32=<path-to-temporary>/bl32.bin all fip
The resulting BL1 and FIP images may be found in:
@@ -1498,7 +1503,7 @@
::
- -C bp.flashloader1.fname="/path/to/el3-payload"
+ -C bp.flashloader1.fname="<path-to>/<el3-payload>"
On Foundation FVP, there is no flash loader component and the EL3 payload
may be programmed anywhere in flash using method 3 below.
@@ -1508,15 +1513,15 @@
::
- load /path/to/el3-payload.elf
+ load <path-to>/el3-payload.elf
#. The EL3 payload may be pre-loaded in volatile memory using the following
model parameters:
::
- --data cluster0.cpu0="/path/to/el3-payload"@address [Base FVPs]
- --data="/path/to/el3-payload"@address [Foundation FVP]
+ --data cluster0.cpu0="<path-to>/el3-payload>"@address [Base FVPs]
+ --data="<path-to>/<el3-payload>"@address [Foundation FVP]
The address provided to the FVP must match the ``EL3_PAYLOAD_BASE`` address
used when building TF-A.
@@ -1644,18 +1649,18 @@
Arm FVPs without shifted affinities, and that do not support threaded CPU cores
(64-bit host machine only).
-NOTE: Unless otherwise stated, the model version is Version 11.4 Build 37.
+The FVP models used are Version 11.5 Build 33, unless otherwise stated.
-- ``FVP_Base_Aresx4``
- ``FVP_Base_AEMv8A-AEMv8A``
- ``FVP_Base_AEMv8A-AEMv8A-AEMv8A-AEMv8A-CCN502``
-- ``FVP_Base_AEMv8A-AEMv8A``
- ``FVP_Base_RevC-2xAEMv8A``
- ``FVP_Base_Cortex-A32x4``
- ``FVP_Base_Cortex-A35x4``
- ``FVP_Base_Cortex-A53x4``
- ``FVP_Base_Cortex-A55x4+Cortex-A75x4``
- ``FVP_Base_Cortex-A55x4``
+- ``FVP_Base_Cortex-A57x1-A53x1``
+- ``FVP_Base_Cortex-A57x2-A53x4``
- ``FVP_Base_Cortex-A57x4-A53x4``
- ``FVP_Base_Cortex-A57x4``
- ``FVP_Base_Cortex-A72x4-A53x4``
@@ -1664,7 +1669,12 @@
- ``FVP_Base_Cortex-A73x4``
- ``FVP_Base_Cortex-A75x4``
- ``FVP_Base_Cortex-A76x4``
-- ``FVP_CSS_SGI-575`` (Version 11.3 build 40)
+- ``FVP_Base_Neoverse-N1x4`` (Tested with internal model)
+- ``FVP_Base_Deimos``
+- ``FVP_CSS_SGI-575`` (Version 11.3 build 42)
+- ``FVP_CSS_SGM-775`` (Version 11.3 build 42)
+- ``FVP_RD_E1Edge`` (Version 11.3 build 42)
+- ``FVP_RD_N1Edge`` (Version 11.3 build 42)
- ``Foundation_Platform``
The latest version of the AArch32 build of TF-A has been tested on the following
@@ -1826,6 +1836,9 @@
--data cluster0.cpu0="<path-to>/<kernel-binary>"@0x80080000 \
--data cluster0.cpu0="<path-to>/<ramdisk>"@0x84000000
+Note: The ``FVP_Base_RevC-2xAEMv8A`` has shifted affinities and requires a
+specific DTS for all the CPUs to be loaded.
+
Running on the AEMv8 Base FVP (AArch32) with reset to BL1 entrypoint
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -1922,7 +1935,7 @@
Notes:
-- Since Position Independent Executable (PIE) support is enabled for BL31
+- If Position Independent Executable (PIE) support is enabled for BL31
in this config, it can be loaded at any valid address for execution.
- Since a FIP is not loaded when using BL31 as reset entrypoint, the
@@ -1933,6 +1946,9 @@
and loaded via the ``--data cluster0.cpu0="<path-to>/<fdt>"@0x82000000``
parameter.
+- The ``FVP_Base_RevC-2xAEMv8A`` has shifted affinities and requires a
+ specific DTS for all the CPUs to be loaded.
+
- The ``-C cluster<X>.cpu<Y>.RVBAR=@<base-address-of-bl31>`` parameter, where
X and Y are the cluster and CPU numbers respectively, is used to set the
reset vector for each core.
@@ -2077,6 +2093,7 @@
*Copyright (c) 2013-2019, Arm Limited and Contributors. All rights reserved.*
+.. _arm Developer page: https://developer.arm.com/open-source/gnu-toolchain/gnu-a/downloads
.. _Linaro: `Linaro Release Notes`_
.. _Linaro Release: `Linaro Release Notes`_
.. _Linaro Release Notes: https://community.arm.com/dev-platforms/w/docs/226/old-release-notes
@@ -2101,3 +2118,4 @@
.. _PSCI: http://infocenter.arm.com/help/topic/com.arm.doc.den0022d/Power_State_Coordination_Interface_PDD_v1_1_DEN0022D.pdf
.. _Secure Partition Manager Design guide: secure-partition-manager-design.rst
.. _`Trusted Firmware-A Coding Guidelines`: coding-guidelines.rst
+ _`Library at ROM`: romlib-design.rst
diff --git a/drivers/synopsys/emmc/dw_mmc.c b/drivers/synopsys/emmc/dw_mmc.c
index 4cd1226..b0dcaa7 100644
--- a/drivers/synopsys/emmc/dw_mmc.c
+++ b/drivers/synopsys/emmc/dw_mmc.c
@@ -426,8 +426,7 @@
memcpy(&dw_params, params, sizeof(dw_mmc_params_t));
mmio_write_32(dw_params.reg_base + DWMMC_FIFOTH, 0x103ff);
+ dw_params.mmc_dev_type = info->mmc_dev_type;
mmc_init(&dw_mmc_ops, params->clk_rate, params->bus_width,
params->flags, info);
-
- dw_params.mmc_dev_type = info->mmc_dev_type;
}
diff --git a/include/lib/cpus/aarch64/neoverse_e1.h b/include/lib/cpus/aarch64/neoverse_e1.h
index 7084604..96b4661 100644
--- a/include/lib/cpus/aarch64/neoverse_e1.h
+++ b/include/lib/cpus/aarch64/neoverse_e1.h
@@ -9,7 +9,7 @@
#include <lib/utils_def.h>
-#define NEOVERSE_E1_MIDR U(0x410FD060)
+#define NEOVERSE_E1_MIDR U(0x410FD4A0)
/*******************************************************************************
* CPU Extended Control register specific definitions.
diff --git a/lib/cpus/aarch64/cortex_a76.S b/lib/cpus/aarch64/cortex_a76.S
index ac51343..e544018 100644
--- a/lib/cpus/aarch64/cortex_a76.S
+++ b/lib/cpus/aarch64/cortex_a76.S
@@ -13,20 +13,17 @@
#include <plat_macros.S>
#include <services/arm_arch_svc.h>
-#if !DYNAMIC_WORKAROUND_CVE_2018_3639
-#error Cortex A76 requires DYNAMIC_WORKAROUND_CVE_2018_3639=1
-#endif
-
#define ESR_EL3_A64_SMC0 0x5e000000
#define ESR_EL3_A32_SMC0 0x4e000000
+#if DYNAMIC_WORKAROUND_CVE_2018_3639
/*
* This macro applies the mitigation for CVE-2018-3639.
- * It implements a fash path where `SMCCC_ARCH_WORKAROUND_2`
+ * It implements a fast path where `SMCCC_ARCH_WORKAROUND_2`
* SMC calls from a lower EL running in AArch32 or AArch64
* will go through the fast and return early.
*
- * The macro saves x2-x3 to the context. In the fast path
+ * The macro saves x2-x3 to the context. In the fast path
* x0-x3 registers do not need to be restored as the calling
* context will have saved them.
*/
@@ -63,7 +60,7 @@
* When the calling context wants mitigation disabled,
* we program the mitigation disable function in the
* CPU context, which gets invoked on subsequent exits from
- * EL3 via the `el3_exit` function. Otherwise NULL is
+ * EL3 via the `el3_exit` function. Otherwise NULL is
* programmed in the CPU context, which results in caller's
* inheriting the EL3 mitigation state (enabled) on subsequent
* `el3_exit`.
@@ -82,7 +79,7 @@
.endif
1:
/*
- * Always enable v4 mitigation during EL3 execution. This is not
+ * Always enable v4 mitigation during EL3 execution. This is not
* required for the fast path above because it does not perform any
* memory loads.
*/
@@ -188,6 +185,7 @@
apply_cve_2018_3639_wa _is_sync_exception=0 _esr_el3_val=ESR_EL3_A32_SMC0
b serror_aarch32
end_vector_entry cortex_a76_serror_aarch32
+#endif /* DYNAMIC_WORKAROUND_CVE_2018_3639 */
/* --------------------------------------------------
* Errata Workaround for Cortex A76 Errata #1073348.
@@ -319,9 +317,13 @@
/* If the PE implements SSBS, we don't need the dynamic workaround */
mrs x0, id_aa64pfr1_el1
lsr x0, x0, #ID_AA64PFR1_EL1_SSBS_SHIFT
- and x0, x0, #ID_AA64PFR1_EL1_SSBS_MASK
+ and x0, x0, #ID_AA64PFR1_EL1_SSBS_MASK
+#if !DYNAMIC_WORKAROUND_CVE_2018_3639 && ENABLE_ASSERTIONS
+ cmp x0, 0
+ ASM_ASSERT(ne)
+#endif
+#if DYNAMIC_WORKAROUND_CVE_2018_3639
cbnz x0, 1f
-
mrs x0, CORTEX_A76_CPUACTLR2_EL1
orr x0, x0, #CORTEX_A76_CPUACTLR2_EL1_DISABLE_LOAD_PASS_STORE
msr CORTEX_A76_CPUACTLR2_EL1, x0
@@ -330,16 +332,17 @@
#ifdef IMAGE_BL31
/*
* The Cortex-A76 generic vectors are overwritten to use the vectors
- * defined above. This is required in order to apply mitigation
+ * defined above. This is required in order to apply mitigation
* against CVE-2018-3639 on exception entry from lower ELs.
*/
adr x0, cortex_a76_wa_cve_2018_3639_a76_vbar
msr vbar_el3, x0
isb
-#endif
+#endif /* IMAGE_BL31 */
1:
-#endif
+#endif /* DYNAMIC_WORKAROUND_CVE_2018_3639 */
+#endif /* WORKAROUND_CVE_2018_3639 */
#if ERRATA_DSU_936184
bl errata_dsu_936184_wa
diff --git a/lib/el3_runtime/aarch64/context.S b/lib/el3_runtime/aarch64/context.S
index 4371cb2..e6ab19b 100644
--- a/lib/el3_runtime/aarch64/context.S
+++ b/lib/el3_runtime/aarch64/context.S
@@ -356,7 +356,7 @@
msr APIAKeyLo_EL1, x9
msr APIAKeyHi_EL1, x10
- ldp x9, x10, [x11, #CTX_PACIAKEY_LO]
+ ldp x9, x10, [x11, #CTX_PACIBKEY_LO]
msr APIBKeyLo_EL1, x9
msr APIBKeyHi_EL1, x10
diff --git a/lib/romlib/Makefile b/lib/romlib/Makefile
index 0e5d447..12fdfa8 100644
--- a/lib/romlib/Makefile
+++ b/lib/romlib/Makefile
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -58,18 +58,15 @@
@echo " VAR $@"
$(Q)./genvar.sh -o $@ $(BUILD_DIR)/romlib.elf
-$(LIB_DIR)/libwrappers.a: jmptbl.i $(WRAPPER_DIR)/jmpvar.o
+$(LIB_DIR)/libwrappers.a: $(BUILD_DIR)/jmptbl.i $(WRAPPER_DIR)/jmpvar.o
@echo " AR $@"
$(Q)./genwrappers.sh -b $(WRAPPER_DIR) -o $@ $(BUILD_DIR)/jmptbl.i
-$(BUILD_DIR)/jmptbl.s: jmptbl.i
+$(BUILD_DIR)/jmptbl.i: $(BUILD_DIR)/jmptbl.s
+
+$(BUILD_DIR)/jmptbl.s: ../../$(PLAT_DIR)/jmptbl.i
@echo " TBL $@"
- if [ -e "../../$(PLAT_DIR)/jmptbl.i" ] ; \
- then \
- $(Q)./gentbl.sh -o $@ -b $(BUILD_DIR) ../../$(PLAT_DIR)/jmptbl.i; \
- else \
- @echo "USE_ROMLIB=1 requires jump table list file: jmptbl.i in platform directory"; \
- fi
+ $(Q)./gentbl.sh -o $@ -b $(BUILD_DIR) ../../$(PLAT_DIR)/jmptbl.i
clean:
@rm -f $(BUILD_DIR)/*
diff --git a/lib/romlib/genwrappers.sh b/lib/romlib/genwrappers.sh
index 746e4ba..07d59ac 100755
--- a/lib/romlib/genwrappers.sh
+++ b/lib/romlib/genwrappers.sh
@@ -1,5 +1,5 @@
#!/bin/sh
-# Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
@@ -31,7 +31,7 @@
done
awk '{sub(/[:blank:]*#.*/,"")}
-!/^$/ && !/\\tpatch$/ !/\\treserved$/ {print $1*4, $2, $3}' "$@" |
+!/^$/ && $NF != "patch" && $NF != "reserved" {print $1*4, $2, $3}' "$@" |
while read idx lib sym
do
file=$build/${lib}_$sym
@@ -41,7 +41,7 @@
$sym:
ldr x17, =jmptbl
ldr x17, [x17]
- mov x16, $idx
+ mov x16, #$idx
add x16, x16, x17
br x16
EOF
diff --git a/lib/xlat_tables_v2/xlat_tables_core.c b/lib/xlat_tables_v2/xlat_tables_core.c
index 7957b61..0e6a6fa 100644
--- a/lib/xlat_tables_v2/xlat_tables_core.c
+++ b/lib/xlat_tables_v2/xlat_tables_core.c
@@ -325,9 +325,8 @@
return action;
}
-
/*
- * Function that writes to the translation tables and unmaps the
+ * Recursive function that writes to the translation tables and unmaps the
* specified region.
*/
static void xlat_tables_unmap_region(xlat_ctx_t *ctx, mmap_region_t *mm,
@@ -338,137 +337,70 @@
{
assert((level >= ctx->base_level) && (level <= XLAT_TABLE_LEVEL_MAX));
- /*
- * data structure to track DESC_TABLE entry before iterate into subtable
- * of next translation level. it will be used to restore previous level
- * after finish subtable iteration.
- */
- struct desc_table_unmap {
- uint64_t *table_base;
- uintptr_t table_idx_va;
- unsigned int idx;
- } desc_tables[XLAT_TABLE_LEVEL_MAX + 1] = {
- {NULL, 0U, XLAT_TABLE_ENTRIES}, };
+ uint64_t *subtable;
+ uint64_t desc;
- unsigned int this_level = level;
- uint64_t *this_base = table_base;
- unsigned int max_entries = table_entries;
- size_t level_size = XLAT_BLOCK_SIZE(this_level);
- unsigned int table_idx;
uintptr_t table_idx_va;
+ uintptr_t table_idx_end_va; /* End VA of this entry */
uintptr_t region_end_va = mm->base_va + mm->size - 1U;
+ unsigned int table_idx;
+
table_idx_va = xlat_tables_find_start_va(mm, table_base_va, level);
table_idx = xlat_tables_va_to_index(table_base_va, table_idx_va, level);
- while (this_base != NULL) {
-
- uint64_t desc;
- uint64_t desc_type;
- uintptr_t table_idx_end_va; /* End VA of this entry */
- action_t action;
-
- /* finish current xlat level iteration. */
- if (table_idx >= max_entries) {
- if (this_level > ctx->base_level) {
- xlat_table_dec_regions_count(ctx, this_base);
- }
-
- if (this_level > level) {
- uint64_t *subtable;
-
- /* back from subtable iteration, restore
- * previous DESC_TABLE entry.
- */
- this_level--;
- this_base = desc_tables[this_level].table_base;
- table_idx = desc_tables[this_level].idx;
- table_idx_va =
- desc_tables[this_level].table_idx_va;
- level_size = XLAT_BLOCK_SIZE(this_level);
-
- if (this_level == level) {
- max_entries = table_entries;
- } else {
- max_entries = XLAT_TABLE_ENTRIES;
- }
-
- desc = this_base[table_idx];
- subtable = (uint64_t *)(uintptr_t)(desc & TABLE_ADDR_MASK);
- /*
- * If the subtable is now empty, remove its reference.
- */
- if (xlat_table_is_empty(ctx, subtable)) {
- this_base[table_idx] = INVALID_DESC;
- xlat_arch_tlbi_va(table_idx_va,
- ctx->xlat_regime);
- }
- table_idx++;
- table_idx_va += level_size;
-
- } else {
- /* reached end of top level, exit.*/
- this_base = NULL;
- break;
- }
-
- }
-
- /* If reached the end of the region, stop iterating entries in
- * current xlat level.
- */
- if (region_end_va <= table_idx_va) {
- table_idx = max_entries;
- continue;
- }
-
+ while (table_idx < table_entries) {
- table_idx_end_va = table_idx_va + XLAT_BLOCK_SIZE(this_level) - 1U;
+ table_idx_end_va = table_idx_va + XLAT_BLOCK_SIZE(level) - 1U;
- desc = this_base[table_idx];
- desc_type = desc & DESC_MASK;
+ desc = table_base[table_idx];
+ uint64_t desc_type = desc & DESC_MASK;
- action = xlat_tables_unmap_region_action(mm, table_idx_va,
- table_idx_end_va,
- this_level,
- desc_type);
+ action_t action = xlat_tables_unmap_region_action(mm,
+ table_idx_va, table_idx_end_va, level,
+ desc_type);
if (action == ACTION_WRITE_BLOCK_ENTRY) {
- this_base[table_idx] = INVALID_DESC;
+
+ table_base[table_idx] = INVALID_DESC;
xlat_arch_tlbi_va(table_idx_va, ctx->xlat_regime);
- table_idx++;
- table_idx_va += level_size;
} else if (action == ACTION_RECURSE_INTO_TABLE) {
- uint64_t *subtable;
- uintptr_t base_va;
-
subtable = (uint64_t *)(uintptr_t)(desc & TABLE_ADDR_MASK);
- desc_tables[this_level].table_base = this_base;
- desc_tables[this_level].table_idx_va = table_idx_va;
- base_va = table_idx_va;
- desc_tables[this_level].idx = table_idx;
-
- this_base = subtable;
- this_level++;
-
- max_entries = XLAT_TABLE_ENTRIES;
- level_size = XLAT_BLOCK_SIZE(this_level);
+ /* Recurse to write into subtable */
+ xlat_tables_unmap_region(ctx, mm, table_idx_va,
+ subtable, XLAT_TABLE_ENTRIES,
+ level + 1U);
+#if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
+ xlat_clean_dcache_range((uintptr_t)subtable,
+ XLAT_TABLE_ENTRIES * sizeof(uint64_t));
+#endif
+ /*
+ * If the subtable is now empty, remove its reference.
+ */
+ if (xlat_table_is_empty(ctx, subtable)) {
+ table_base[table_idx] = INVALID_DESC;
+ xlat_arch_tlbi_va(table_idx_va,
+ ctx->xlat_regime);
+ }
- table_idx_va = xlat_tables_find_start_va(mm,
- base_va, this_level);
- table_idx = xlat_tables_va_to_index(base_va,
- table_idx_va, this_level);
} else {
assert(action == ACTION_NONE);
-
- table_idx++;
- table_idx_va += level_size;
}
+
+ table_idx++;
+ table_idx_va += XLAT_BLOCK_SIZE(level);
+
+ /* If reached the end of the region, exit */
+ if (region_end_va <= table_idx_va)
+ break;
}
+
+ if (level > ctx->base_level)
+ xlat_table_dec_regions_count(ctx, table_base);
}
#endif /* PLAT_XLAT_TABLES_DYNAMIC */
@@ -605,169 +537,105 @@
}
/*
- * Function that writes to the translation tables and maps the
+ * Recursive function that writes to the translation tables and maps the
* specified region. On success, it returns the VA of the last byte that was
* successfully mapped. On error, it returns the VA of the next entry that
* should have been mapped.
*/
static uintptr_t xlat_tables_map_region(xlat_ctx_t *ctx, mmap_region_t *mm,
- const uintptr_t table_base_va,
+ uintptr_t table_base_va,
uint64_t *const table_base,
unsigned int table_entries,
unsigned int level)
{
-
assert((level >= ctx->base_level) && (level <= XLAT_TABLE_LEVEL_MAX));
- /*
- * data structure to track DESC_TABLE entry before iterate into subtable
- * of next translation level. it will be used to restore previous level
- * after finish subtable iteration.
- */
- struct desc_table_map {
- uint64_t *table_base;
- uintptr_t table_idx_va;
- unsigned int idx;
- } desc_tables[XLAT_TABLE_LEVEL_MAX + 1] = {
- {NULL, 0U, XLAT_TABLE_ENTRIES}, };
-
- unsigned int this_level = level;
- uint64_t *this_base = table_base;
- unsigned int max_entries = table_entries;
- size_t level_size = XLAT_BLOCK_SIZE(this_level);
uintptr_t mm_end_va = mm->base_va + mm->size - 1U;
uintptr_t table_idx_va;
+ unsigned long long table_idx_pa;
+
+ uint64_t *subtable;
+ uint64_t desc;
+
unsigned int table_idx;
table_idx_va = xlat_tables_find_start_va(mm, table_base_va, level);
table_idx = xlat_tables_va_to_index(table_base_va, table_idx_va, level);
- while (this_base != NULL) {
-
- uint64_t desc;
- uint64_t desc_type;
- unsigned long long table_idx_pa;
- action_t action;
-
- /* finish current xlat level iteration. */
- if (table_idx >= max_entries) {
- if (this_level <= level) {
- this_base = NULL;
- break;
- } else {
-
- /* back from subtable iteration, restore
- * previous DESC_TABLE entry.
- */
- this_level--;
- level_size = XLAT_BLOCK_SIZE(this_level);
- this_base = desc_tables[this_level].table_base;
- table_idx = desc_tables[this_level].idx;
- if (this_level == level) {
- max_entries = table_entries;
- } else {
- max_entries = XLAT_TABLE_ENTRIES;
- }
-#if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
- uintptr_t subtable;
- desc = this_base[table_idx];
- subtable = (uintptr_t)(desc & TABLE_ADDR_MASK);
- xlat_clean_dcache_range(subtable,
- XLAT_TABLE_ENTRIES * sizeof(uint64_t));
+#if PLAT_XLAT_TABLES_DYNAMIC
+ if (level > ctx->base_level)
+ xlat_table_inc_regions_count(ctx, table_base);
#endif
- table_idx++;
- table_idx_va =
- desc_tables[this_level].table_idx_va +
- level_size;
- }
- }
+ while (table_idx < table_entries) {
- desc = this_base[table_idx];
- desc_type = desc & DESC_MASK;
+ desc = table_base[table_idx];
table_idx_pa = mm->base_pa + table_idx_va - mm->base_va;
- /* If reached the end of the region, simply exit since we
- * already write all BLOCK entries and create all required
- * subtables.
- */
- if (mm_end_va <= table_idx_va) {
- this_base = NULL;
- break;
- }
-
- action = xlat_tables_map_region_action(mm, desc_type,
- table_idx_pa, table_idx_va, this_level);
+ action_t action = xlat_tables_map_region_action(mm,
+ (uint32_t)(desc & DESC_MASK), table_idx_pa,
+ table_idx_va, level);
if (action == ACTION_WRITE_BLOCK_ENTRY) {
- this_base[table_idx] = xlat_desc(ctx, mm->attr,
- table_idx_pa, this_level);
- table_idx++;
- table_idx_va += level_size;
- } else if (action == ACTION_CREATE_NEW_TABLE) {
- uintptr_t base_va;
+ table_base[table_idx] =
+ xlat_desc(ctx, (uint32_t)mm->attr, table_idx_pa,
+ level);
- uint64_t *subtable = xlat_table_get_empty(ctx);
+ } else if (action == ACTION_CREATE_NEW_TABLE) {
+ uintptr_t end_va;
+
+ subtable = xlat_table_get_empty(ctx);
if (subtable == NULL) {
- /* Not enough free tables to map this region. */
+ /* Not enough free tables to map this region */
return table_idx_va;
}
/* Point to new subtable from this one. */
- this_base[table_idx] = TABLE_DESC | (unsigned long)subtable;
-
- desc_tables[this_level].table_base = this_base;
- desc_tables[this_level].table_idx_va = table_idx_va;
- desc_tables[this_level].idx = table_idx;
- base_va = table_idx_va;
+ table_base[table_idx] = TABLE_DESC | (unsigned long)subtable;
- this_level++;
- this_base = subtable;
- level_size = XLAT_BLOCK_SIZE(this_level);
- table_idx_va = xlat_tables_find_start_va(mm, base_va,
- this_level);
- table_idx = xlat_tables_va_to_index(base_va,
- table_idx_va, this_level);
- max_entries = XLAT_TABLE_ENTRIES;
-
-#if PLAT_XLAT_TABLES_DYNAMIC
- if (this_level > ctx->base_level) {
- xlat_table_inc_regions_count(ctx, subtable);
- }
+ /* Recurse to write into subtable */
+ end_va = xlat_tables_map_region(ctx, mm, table_idx_va,
+ subtable, XLAT_TABLE_ENTRIES,
+ level + 1U);
+#if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
+ xlat_clean_dcache_range((uintptr_t)subtable,
+ XLAT_TABLE_ENTRIES * sizeof(uint64_t));
#endif
+ if (end_va !=
+ (table_idx_va + XLAT_BLOCK_SIZE(level) - 1U))
+ return end_va;
} else if (action == ACTION_RECURSE_INTO_TABLE) {
-
- uintptr_t base_va;
- uint64_t *subtable = (uint64_t *)(uintptr_t)(desc & TABLE_ADDR_MASK);
+ uintptr_t end_va;
- desc_tables[this_level].table_base = this_base;
- desc_tables[this_level].table_idx_va = table_idx_va;
- desc_tables[this_level].idx = table_idx;
- base_va = table_idx_va;
-
- this_level++;
- level_size = XLAT_BLOCK_SIZE(this_level);
- table_idx_va = xlat_tables_find_start_va(mm, base_va,
- this_level);
- table_idx = xlat_tables_va_to_index(base_va,
- table_idx_va, this_level);
- this_base = subtable;
- max_entries = XLAT_TABLE_ENTRIES;
-
-#if PLAT_XLAT_TABLES_DYNAMIC
- if (this_level > ctx->base_level) {
- xlat_table_inc_regions_count(ctx, subtable);
- }
+ subtable = (uint64_t *)(uintptr_t)(desc & TABLE_ADDR_MASK);
+ /* Recurse to write into subtable */
+ end_va = xlat_tables_map_region(ctx, mm, table_idx_va,
+ subtable, XLAT_TABLE_ENTRIES,
+ level + 1U);
+#if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
+ xlat_clean_dcache_range((uintptr_t)subtable,
+ XLAT_TABLE_ENTRIES * sizeof(uint64_t));
#endif
+ if (end_va !=
+ (table_idx_va + XLAT_BLOCK_SIZE(level) - 1U))
+ return end_va;
+
} else {
+
assert(action == ACTION_NONE);
- table_idx++;
- table_idx_va += level_size;
+
}
+
+ table_idx++;
+ table_idx_va += XLAT_BLOCK_SIZE(level);
+
+ /* If reached the end of the region, exit */
+ if (mm_end_va <= table_idx_va)
+ break;
}
return table_idx_va - 1U;
diff --git a/lib/xlat_tables_v2/xlat_tables_utils.c b/lib/xlat_tables_v2/xlat_tables_utils.c
index 7d0449a..f5848a2 100644
--- a/lib/xlat_tables_v2/xlat_tables_utils.c
+++ b/lib/xlat_tables_v2/xlat_tables_utils.c
@@ -109,7 +109,7 @@
"%s(%d invalid descriptors omitted)\n";
/*
- * Function that reads the translation tables passed as an argument
+ * Recursive function that reads the translation tables passed as an argument
* and prints their status.
*/
static void xlat_tables_print_internal(xlat_ctx_t *ctx, uintptr_t table_base_va,
@@ -118,23 +118,10 @@
{
assert(level <= XLAT_TABLE_LEVEL_MAX);
- /*
- * data structure to track DESC_TABLE entry before iterate into subtable
- * of next translation level. it will be restored after return from
- * subtable iteration.
- */
- struct desc_table {
- const uint64_t *table_base;
- uintptr_t table_idx_va;
- unsigned int idx;
- } desc_tables[XLAT_TABLE_LEVEL_MAX + 1] = {
- {NULL, 0U, XLAT_TABLE_ENTRIES}, };
- unsigned int this_level = level;
- const uint64_t *this_base = table_base;
- unsigned int max_entries = table_entries;
- size_t level_size = XLAT_BLOCK_SIZE(this_level);
- unsigned int table_idx = 0U;
+ uint64_t desc;
uintptr_t table_idx_va = table_base_va;
+ unsigned int table_idx = 0U;
+ size_t level_size = XLAT_BLOCK_SIZE(level);
/*
* Keep track of how many invalid descriptors are counted in a row.
@@ -144,110 +131,67 @@
*/
int invalid_row_count = 0;
- while (this_base != NULL) {
- /* finish current xlat level */
- if (table_idx >= max_entries) {
- if (invalid_row_count > 1) {
- printf(invalid_descriptors_ommited,
- level_spacers[this_level],
- invalid_row_count - 1);
- }
- invalid_row_count = 0;
+ while (table_idx < table_entries) {
- /* no parent level to iterate. */
- if (this_level <= level) {
- this_base = NULL;
- table_idx = max_entries + 1;
- } else {
- /* retore previous DESC_TABLE entry and start
- * to iterate.
- */
- this_level--;
- level_size = XLAT_BLOCK_SIZE(this_level);
- this_base = desc_tables[this_level].table_base;
- table_idx = desc_tables[this_level].idx;
- table_idx_va =
- desc_tables[this_level].table_idx_va;
- if (this_level == level) {
- max_entries = table_entries;
- } else {
- max_entries = XLAT_TABLE_ENTRIES;
- }
+ desc = table_base[table_idx];
- assert(this_base != NULL);
+ if ((desc & DESC_MASK) == INVALID_DESC) {
+
+ if (invalid_row_count == 0) {
+ printf("%sVA:0x%lx size:0x%zx\n",
+ level_spacers[level],
+ table_idx_va, level_size);
}
+ invalid_row_count++;
+
} else {
- uint64_t desc = this_base[table_idx];
- if ((desc & DESC_MASK) == INVALID_DESC) {
- if (invalid_row_count == 0) {
- printf("%sVA:0x%lx size:0x%zx\n",
- level_spacers[this_level],
- table_idx_va, level_size);
- }
- invalid_row_count++;
- table_idx++;
- table_idx_va += level_size;
- } else {
- if (invalid_row_count > 1) {
- printf(invalid_descriptors_ommited,
- level_spacers[this_level],
- invalid_row_count - 1);
- }
- invalid_row_count = 0;
+ if (invalid_row_count > 1) {
+ printf(invalid_descriptors_ommited,
+ level_spacers[level],
+ invalid_row_count - 1);
+ }
+ invalid_row_count = 0;
+
+ /*
+ * Check if this is a table or a block. Tables are only
+ * allowed in levels other than 3, but DESC_PAGE has the
+ * same value as DESC_TABLE, so we need to check.
+ */
+ if (((desc & DESC_MASK) == TABLE_DESC) &&
+ (level < XLAT_TABLE_LEVEL_MAX)) {
/*
- * Check if this is a table or a block. Tables
- * are only allowed in levels other than 3, but
- * DESC_PAGE has the same value as DESC_TABLE,
- * so we need to check.
+ * Do not print any PA for a table descriptor,
+ * as it doesn't directly map physical memory
+ * but instead points to the next translation
+ * table in the translation table walk.
*/
-
- if (((desc & DESC_MASK) == TABLE_DESC) &&
- (this_level < XLAT_TABLE_LEVEL_MAX)) {
- uintptr_t addr_inner;
+ printf("%sVA:0x%lx size:0x%zx\n",
+ level_spacers[level],
+ table_idx_va, level_size);
- /*
- * Do not print any PA for a table
- * descriptor, as it doesn't directly
- * map physical memory but instead
- * points to the next translation
- * table in the translation table walk.
- */
- printf("%sVA:0x%lx size:0x%zx\n",
- level_spacers[this_level],
- table_idx_va, level_size);
+ uintptr_t addr_inner = desc & TABLE_ADDR_MASK;
- addr_inner = desc & TABLE_ADDR_MASK;
- /* save current xlat level */
- desc_tables[this_level].table_base =
- this_base;
- desc_tables[this_level].idx =
- table_idx + 1;
- desc_tables[this_level].table_idx_va =
- table_idx_va + level_size;
-
- /* start iterating next level entries */
- this_base = (uint64_t *)addr_inner;
- max_entries = XLAT_TABLE_ENTRIES;
- this_level++;
- level_size =
- XLAT_BLOCK_SIZE(this_level);
- table_idx = 0U;
- } else {
- printf("%sVA:0x%lx PA:0x%llx size:0x%zx ",
- level_spacers[this_level],
- table_idx_va,
- (uint64_t)(desc & TABLE_ADDR_MASK),
- level_size);
- xlat_desc_print(ctx, desc);
- printf("\n");
-
- table_idx++;
- table_idx_va += level_size;
-
- }
+ xlat_tables_print_internal(ctx, table_idx_va,
+ (uint64_t *)addr_inner,
+ XLAT_TABLE_ENTRIES, level + 1U);
+ } else {
+ printf("%sVA:0x%lx PA:0x%llx size:0x%zx ",
+ level_spacers[level], table_idx_va,
+ (uint64_t)(desc & TABLE_ADDR_MASK),
+ level_size);
+ xlat_desc_print(ctx, desc);
+ printf("\n");
}
}
+
+ table_idx++;
+ table_idx_va += level_size;
+ }
+
+ if (invalid_row_count > 1) {
+ printf(invalid_descriptors_ommited,
+ level_spacers[level], invalid_row_count - 1);
}
}
diff --git a/plat/arm/board/fvp/jmptbl.i b/plat/arm/board/fvp/jmptbl.i
index 8d232d5..bfa9b56 100644
--- a/plat/arm/board/fvp/jmptbl.i
+++ b/plat/arm/board/fvp/jmptbl.i
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -14,4 +14,32 @@
# rom rom_lib_init
# fdt fdt_getprop_namelen patch
-include ../../lib/romlib/jmptbl.i
+rom rom_lib_init
+fdt fdt_getprop_namelen
+fdt fdt_setprop_inplace
+fdt fdt_check_header
+fdt fdt_node_offset_by_compatible
+mbedtls mbedtls_asn1_get_alg
+mbedtls mbedtls_asn1_get_alg_null
+mbedtls mbedtls_asn1_get_bitstring_null
+mbedtls mbedtls_asn1_get_bool
+mbedtls mbedtls_asn1_get_int
+mbedtls mbedtls_asn1_get_tag
+mbedtls mbedtls_free
+mbedtls mbedtls_md
+mbedtls mbedtls_md_get_size
+mbedtls mbedtls_memory_buffer_alloc_init
+mbedtls mbedtls_oid_get_md_alg
+mbedtls mbedtls_oid_get_numeric_string
+mbedtls mbedtls_oid_get_pk_alg
+mbedtls mbedtls_oid_get_sig_alg
+mbedtls mbedtls_pk_free
+mbedtls mbedtls_pk_init
+mbedtls mbedtls_pk_parse_subpubkey
+mbedtls mbedtls_pk_verify_ext
+mbedtls mbedtls_platform_set_snprintf
+mbedtls mbedtls_x509_get_rsassa_pss_params
+mbedtls mbedtls_x509_get_sig_alg
+mbedtls mbedtls_md_info_from_type
+c exit
+c atexit
diff --git a/plat/arm/board/juno/jmptbl.i b/plat/arm/board/juno/jmptbl.i
index 8d232d5..bfa9b56 100644
--- a/plat/arm/board/juno/jmptbl.i
+++ b/plat/arm/board/juno/jmptbl.i
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -14,4 +14,32 @@
# rom rom_lib_init
# fdt fdt_getprop_namelen patch
-include ../../lib/romlib/jmptbl.i
+rom rom_lib_init
+fdt fdt_getprop_namelen
+fdt fdt_setprop_inplace
+fdt fdt_check_header
+fdt fdt_node_offset_by_compatible
+mbedtls mbedtls_asn1_get_alg
+mbedtls mbedtls_asn1_get_alg_null
+mbedtls mbedtls_asn1_get_bitstring_null
+mbedtls mbedtls_asn1_get_bool
+mbedtls mbedtls_asn1_get_int
+mbedtls mbedtls_asn1_get_tag
+mbedtls mbedtls_free
+mbedtls mbedtls_md
+mbedtls mbedtls_md_get_size
+mbedtls mbedtls_memory_buffer_alloc_init
+mbedtls mbedtls_oid_get_md_alg
+mbedtls mbedtls_oid_get_numeric_string
+mbedtls mbedtls_oid_get_pk_alg
+mbedtls mbedtls_oid_get_sig_alg
+mbedtls mbedtls_pk_free
+mbedtls mbedtls_pk_init
+mbedtls mbedtls_pk_parse_subpubkey
+mbedtls mbedtls_pk_verify_ext
+mbedtls mbedtls_platform_set_snprintf
+mbedtls mbedtls_x509_get_rsassa_pss_params
+mbedtls mbedtls_x509_get_sig_alg
+mbedtls mbedtls_md_info_from_type
+c exit
+c atexit
diff --git a/plat/arm/common/aarch64/arm_pauth.c b/plat/arm/common/aarch64/arm_pauth.c
index c847119..a685c31 100644
--- a/plat/arm/common/aarch64/arm_pauth.c
+++ b/plat/arm/common/aarch64/arm_pauth.c
@@ -9,11 +9,9 @@
/*
* Instruction pointer authentication key A. The low 64-bit are at [0], and the
- * high bits at [1]. They are run-time constants so they are placed in the
- * rodata section. They are written before MMU is turned on and the permissions
- * are effective.
+ * high bits at [1].
*/
-uint64_t plat_apiakey[2] __section("rodata.apiakey");
+uint64_t plat_apiakey[2];
/*
* This is only a toy implementation to generate a seemingly random 128-bit key
diff --git a/readme.rst b/readme.rst
index 1df8637..41ffc0f 100644
--- a/readme.rst
+++ b/readme.rst
@@ -1,4 +1,4 @@
-Trusted Firmware-A - version 2.0
+Trusted Firmware-A - version 2.1
================================
Trusted Firmware-A (TF-A) provides a reference implementation of secure world
@@ -15,6 +15,13 @@
Where possible, the code is designed for reuse or porting to other Armv7-A and
Armv8-A model and hardware platforms.
+This release provides a suitable starting point for productization of secure
+world boot and runtime firmware, in either the AArch32 or AArch64 execution
+states.
+
+Users are encouraged to do their own security validation, including penetration
+testing, on any secure world code derived from TF-A.
+
Arm will continue development in collaboration with interested parties to
provide a full reference implementation of Secure Monitor code and Arm standards
to the benefit of all developers working with Armv7-A and Armv8-A TrustZone
@@ -53,18 +60,8 @@
BSD-3-Clause license. Any contributions to this code must be made under the
terms of both licenses.
-This release
-------------
-
-This release provides a suitable starting point for productization of secure
-world boot and runtime firmware, in either the AArch32 or AArch64 execution
-states.
-
-Users are encouraged to do their own security validation, including penetration
-testing, on any secure world code derived from TF-A.
-
Functionality
-~~~~~~~~~~~~~
+-------------
- Initialization of the secure world, for example exception vectors, control
registers and interrupts for the platform.
@@ -136,37 +133,50 @@
- Support for the GCC, LLVM and Arm Compiler 6 toolchains.
-- Support for combining several libraries into a self-called "romlib" image
- that may be shared across images to reduce memory footprint. The romlib image
- is stored in ROM but is accessed through a jump-table that may be stored
+- Support for combining several libraries into a "romlib" image that may be
+ shared across images to reduce memory footprint. The romlib image is stored
+ in ROM but is accessed through a jump-table that may be stored
in read-write memory, allowing for the library code to be patched.
+- A prototype implementation of a Secure Partition Manager (SPM) that is based
+ on the SPCI Alpha 1 and SPRT draft specifications.
+
+- Support for ARMv8.3 pointer authentication in the normal and secure worlds.
+ The use of pointer authentication in the normal world is enabled whenever
+ architectural support is available, without the need for additional build
+ flags. Use of pointer authentication in the secure world remains an
+ experimental configuration at this time and requires the ``ENABLE_PAUTH``
+ build flag to be set.
+
+- Position-Independent Executable (PIE) support. Initially for BL31 only, with
+ further support to be added in a future release.
+
For a full description of functionality and implementation details, please
see the `Firmware Design`_ and supporting documentation. The `Change Log`_
provides details of changes made since the last release.
Platforms
-~~~~~~~~~
+---------
Various AArch32 and AArch64 builds of this release have been tested on r0, r1
and r2 variants of the `Juno Arm Development Platform`_.
-Various AArch64 builds of this release have been tested on the following Arm
-Fixed Virtual Platforms (`FVP`_) without shifted affinities that do not
-support threaded CPU cores (64-bit host machine only):
+The latest version of the AArch64 build of TF-A has been tested on the following
+Arm FVPs without shifted affinities, and that do not support threaded CPU cores
+(64-bit host machine only).
-NOTE: Unless otherwise stated, the model version is Version 11.4 Build 37.
+The FVP models used are Version 11.5 Build 33, unless otherwise stated.
-- ``FVP_Base_Aresx4``
- ``FVP_Base_AEMv8A-AEMv8A``
- ``FVP_Base_AEMv8A-AEMv8A-AEMv8A-AEMv8A-CCN502``
-- ``FVP_Base_AEMv8A-AEMv8A``
- ``FVP_Base_RevC-2xAEMv8A``
- ``FVP_Base_Cortex-A32x4``
- ``FVP_Base_Cortex-A35x4``
- ``FVP_Base_Cortex-A53x4``
- ``FVP_Base_Cortex-A55x4+Cortex-A75x4``
- ``FVP_Base_Cortex-A55x4``
+- ``FVP_Base_Cortex-A57x1-A53x1``
+- ``FVP_Base_Cortex-A57x2-A53x4``
- ``FVP_Base_Cortex-A57x4-A53x4``
- ``FVP_Base_Cortex-A57x4``
- ``FVP_Base_Cortex-A72x4-A53x4``
@@ -175,16 +185,23 @@
- ``FVP_Base_Cortex-A73x4``
- ``FVP_Base_Cortex-A75x4``
- ``FVP_Base_Cortex-A76x4``
-- ``FVP_CSS_SGI-575`` (Version 11.3 build 40)
+- ``FVP_Base_Neoverse-N1x4`` (Tested with internal model)
+- ``FVP_Base_Deimos``
+- ``FVP_CSS_SGI-575`` (Version 11.3 build 42)
+- ``FVP_CSS_SGM-775`` (Version 11.3 build 42)
+- ``FVP_RD_E1Edge`` (Version 11.3 build 42)
+- ``FVP_RD_N1Edge`` (Version 11.3 build 42)
- ``Foundation_Platform``
The latest version of the AArch32 build of TF-A has been tested on the following
-Arm FVPs without shifted affinities that do not support threaded CPU cores
+Arm FVPs without shifted affinities, and that do not support threaded CPU cores
(64-bit host machine only).
- ``FVP_Base_AEMv8A-AEMv8A``
- ``FVP_Base_Cortex-A32x4``
+NOTE: The ``FVP_Base_RevC-2xAEMv8A`` FVP only supports shifted affinities.
+
The Foundation FVP can be downloaded free of charge. The Base FVPs can be
licensed from Arm. See the `Arm FVP website`_.
@@ -192,18 +209,23 @@
This release also contains the following platform support:
-- Allwinner sun50i_64 and sun50i_h6
+- Allwinner sun50i_a64 and sun50i_h6
- Amlogic Meson S905 (GXBB)
-- Arm SGI-575, RDN1Edge, RDE1Edge and SGM-775
-- Arm Neoverse N1 System Development Platform
+- Arm Juno Software Development Platform
+- Arm Neoverse N1 System Development Platform (N1SDP)
+- Arm Neoverse Reference Design N1 Edge (RD-N1-Edge) FVP
+- Arm Neoverse Reference Design E1 Edge (RD-E1-Edge) FVP
+- Arm SGI-575 and SGM-775
+- Arm Versatile Express FVP
- HiKey, HiKey960 and Poplar boards
+- Intel Stratix 10 SoC FPGA
- Marvell Armada 3700 and 8K
- MediaTek MT6795 and MT8173 SoCs
- NVIDIA T132, T186 and T210 SoCs
-- NXP QorIQ LS1043A, i.MX8MQ, i.MX8QX, i.MX8QM and i.MX7Solo WaRP7
+- NXP QorIQ LS1043A, i.MX8MM, i.MX8MQ, i.MX8QX, i.MX8QM and i.MX7Solo WaRP7
- QEMU
- Raspberry Pi 3
-- R-Car Generation 3
+- Renesas R-Car Generation 3
- RockChip RK3328, RK3368 and RK3399 SoCs
- Socionext UniPhier SoC family and SynQuacer SC2A11 SoCs
- STMicroelectronics STM32MP1
@@ -211,11 +233,16 @@
- Xilinx Versal and Zynq UltraScale + MPSoC
Still to come
-~~~~~~~~~~~~~
+-------------
+
+- Support for additional platforms.
-- More platform support.
+- Refinements to Position Independent Executable (PIE) support.
-- Position independent executable (PIE) support.
+- Refinements to the SPCI-based SPM implementation as the draft SPCI and SPRT
+ specifications continue to evolve.
+
+- Documentation enhancements.
- Ongoing support for new architectural features, CPUs and System IP.
@@ -243,6 +270,12 @@
project and the `Acknowledgments`_ file for a list of contributors to the
project.
+Documentation contents
+~~~~~~~~~~~~~~~~~~~~~~
+
+The `Trusted Firmware-A Documentation Contents`_ page contains an overview of
+the documentation that is available, with links to facilitate easier browsing.
+
IRC channel
~~~~~~~~~~~
@@ -261,7 +294,7 @@
Arm licensees may contact Arm directly via their partner managers.
Security advisories
-~~~~~~~~~~~~~~~~~~~
+-------------------
- `Security Advisory TFV-1`_
- `Security Advisory TFV-2`_
@@ -313,3 +346,4 @@
.. _Security Advisory TFV-6: ./docs/security_advisories/security-advisory-tfv-6.rst
.. _Security Advisory TFV-7: ./docs/security_advisories/security-advisory-tfv-7.rst
.. _Security Advisory TFV-8: ./docs/security_advisories/security-advisory-tfv-8.rst
+.. _Trusted Firmware-A Documentation Contents: ./docs/contents.rst