Merge "SPM: build OP-TEE as an S-EL1 Secure Partition" into integration
diff --git a/Makefile b/Makefile
index 14fc85a..1d6c5f7 100644
--- a/Makefile
+++ b/Makefile
@@ -1205,7 +1205,7 @@
.PHONY: ${CRTTOOL}
${CRTTOOL}:
- ${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} COT=${COT} --no-print-directory -C ${CRTTOOLPATH}
+ ${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} COT=${COT} OPENSSL_DIR=${OPENSSL_DIR} --no-print-directory -C ${CRTTOOLPATH}
@${ECHO_BLANK_LINE}
@echo "Built $@ successfully"
@${ECHO_BLANK_LINE}
@@ -1271,7 +1271,7 @@
.PHONY: ${ENCTOOL}
${ENCTOOL}:
- ${Q}${MAKE} PLAT=${PLAT} BUILD_INFO=0 --no-print-directory -C ${ENCTOOLPATH}
+ ${Q}${MAKE} PLAT=${PLAT} BUILD_INFO=0 OPENSSL_DIR=${OPENSSL_DIR} --no-print-directory -C ${ENCTOOLPATH}
@${ECHO_BLANK_LINE}
@echo "Built $@ successfully"
@${ECHO_BLANK_LINE}
diff --git a/docs/components/debugfs-design.rst b/docs/components/debugfs-design.rst
index 2096bdb..2536515 100644
--- a/docs/components/debugfs-design.rst
+++ b/docs/components/debugfs-design.rst
@@ -80,8 +80,8 @@
The communication with the 9p layer in BL31 is made through an SMC conduit
(`SMC Calling Convention`_), using a specific SiP Function Id. An NS
shared buffer is used to pass path string parameters, or e.g. to exchange
-data on a read operation. Refer to `ARM SiP Services`_ for a description
-of the SMC interface.
+data on a read operation. Refer to :ref:`ARM SiP Services <arm sip services>`
+for a description of the SMC interface.
Security considerations
-----------------------
diff --git a/docs/components/exception-handling.rst b/docs/components/exception-handling.rst
index 4c63a8b..86ed87c 100644
--- a/docs/components/exception-handling.rst
+++ b/docs/components/exception-handling.rst
@@ -10,13 +10,9 @@
- Asynchronous External Aborts
|TF-A|'s handling of synchronous ``SMC`` exceptions raised from lower ELs is
-described in the `Firmware Design document`__. However, the |EHF| changes the
-semantics of `interrupt handling`__ and `synchronous exceptions`__ other than
-SMCs.
-
-.. __: firmware-design.rst#handling-an-smc
-.. __: `Interrupt handling`_
-.. __: `Effect on SMC calls`_
+described in the :ref:`Firmware Design document <handling-an-smc>`. However, the
+|EHF| changes the semantics of `Interrupt handling`_ and :ref:`synchronous
+exceptions <Effect on SMC calls>` other than SMCs.
The |EHF| is selected by setting the build option ``EL3_EXCEPTION_HANDLING`` to
``1``, and is only available for AArch64 systems.
@@ -77,10 +73,9 @@
independently depending on platform choice and the nature of the exception
received.
-.. [#spd] Not to be confused with `Secure Payload Dispatcher`__, which is an
- EL3 component that operates in EL3 on behalf of Secure OS.
-
-.. __: firmware-design.rst#secure-el1-payloads-and-dispatchers
+.. [#spd] Not to be confused with :ref:`Secure Payload Dispatcher
+ <firmware_design_sel1_spd>`, which is an EL3 component that operates in EL3
+ on behalf of Secure OS.
The role of Exception Handling Framework
----------------------------------------
@@ -139,6 +134,8 @@
the case; for non-interrupts, the |EHF| monitors and asserts this. See
`Transition of priority levels`_.
+.. _interrupt-handling:
+
Interrupt handling
------------------
@@ -151,15 +148,12 @@
sufficient priority are signalled as FIQs, and therefore will be routed to
EL3. As a result, S-EL1 software cannot expect to handle Non-secure
interrupts at S-EL1. Essentially, this deprecates the routing mode described
- as `CSS=0, TEL3=0`__.
-
- .. __: interrupt-framework-design.rst#el3-interrupts
+ as :ref:`CSS=0, TEL3=0 <EL3 interrupts>`.
In order for S-EL1 software to handle Non-secure interrupts while having
|EHF| enabled, the dispatcher must adopt a model where Non-secure interrupts
- are received at EL3, but are then `synchronously`__ handled over to S-EL1.
-
- .. __: interrupt-framework-design.rst#secure-payload
+ are received at EL3, but are then :ref:`synchronously <sp-synchronous-int>`
+ handled over to S-EL1.
- On GICv2 systems, it's required that the build option ``GICV2_G0_FOR_EL3`` is
set to ``1`` so that *Group 0* interrupts target EL3.
@@ -283,15 +277,13 @@
typedef int (*ehf_handler_t)(uint32_t intr_raw, uint32_t flags, void *handle,
void *cookie);
-The parameters are as obtained from the top-level `EL3 interrupt handler`__.
+The parameters are as obtained from the top-level :ref:`EL3 interrupt handler
+<el3-runtime-firmware>`.
-.. __: interrupt-framework-design.rst#el3-runtime-firmware
-
-The `SDEI dispatcher`__, for example, expects the platform to allocate two
-different priority levels—``PLAT_SDEI_CRITICAL_PRI``, and
-``PLAT_SDEI_NORMAL_PRI``—and registers the same handler to handle both levels.
-
-.. __: sdei.rst
+The :ref:`SDEI dispatcher<SDEI: Software Delegated Exception Interface>`, for
+example, expects the platform to allocate two different priority levels—
+``PLAT_SDEI_CRITICAL_PRI``, and ``PLAT_SDEI_NORMAL_PRI`` —and registers the
+same handler to handle both levels.
Interrupt handling example
--------------------------
@@ -374,11 +366,9 @@
A priority level is said to be *active* when an exception of that priority is
being handled: for interrupts, this is implied when the interrupt is
-acknowledged; for non-interrupt exceptions, such as SErrors or `SDEI explicit
-dispatches`__, this has to be done via calling ``ehf_activate_priority()``. See
-`Run-time flow`_.
-
-.. __: sdei.rst#explicit-dispatch-of-events
+acknowledged; for non-interrupt exceptions, such as SErrors or :ref:`SDEI
+explicit dispatches <explicit-dispatch-of-events>`, this has to be done via
+calling ``ehf_activate_priority()``. See `Run-time flow`_.
Conversely, when the dispatcher has reached a logical resolution for the cause
of the exception, the corresponding priority level ought to be deactivated. As
@@ -457,6 +447,8 @@
If these are violated, a panic will result.
+.. _Effect on SMC calls:
+
Effect on SMC calls
-------------------
@@ -542,10 +534,8 @@
interrupts belonging to different dispatchers.
#. The |EHF|, during its initialisation, registers a top-level interrupt handler
- with the `Interrupt Management Framework`__ for EL3 interrupts. This also
- results in setting the routing bits in ``SCR_EL3``.
-
- .. __: interrupt-framework-design.rst#el3-runtime-firmware
+ with the :ref:`Interrupt Management Framework<el3-runtime-firmware>` for EL3
+ interrupts. This also results in setting the routing bits in ``SCR_EL3``.
#. When an interrupt belonging to a dispatcher fires, GIC raises an EL3/Group 0
interrupt, and is taken to EL3.
diff --git a/docs/components/platform-interrupt-controller-API.rst b/docs/components/platform-interrupt-controller-API.rst
index 9d02f45..069c87b 100644
--- a/docs/components/platform-interrupt-controller-API.rst
+++ b/docs/components/platform-interrupt-controller-API.rst
@@ -286,6 +286,8 @@
*Priority Mask Register*, and make sure memory updates are visible before
potential trigger due to mask update.
+.. _plat_ic_get_interrupt_id:
+
Function: unsigned int plat_ic_get_interrupt_id(unsigned int raw); [optional]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/docs/components/sdei.rst b/docs/components/sdei.rst
index c5275a0..60259c8 100644
--- a/docs/components/sdei.rst
+++ b/docs/components/sdei.rst
@@ -205,6 +205,8 @@
See the function ``sdei_client_el()`` in ``sdei_private.h``.
+.. _explicit-dispatch-of-events:
+
Explicit dispatch of events
---------------------------
diff --git a/docs/components/secure-partition-manager-mm.rst b/docs/components/secure-partition-manager-mm.rst
index 87fc91d..d532901 100644
--- a/docs/components/secure-partition-manager-mm.rst
+++ b/docs/components/secure-partition-manager-mm.rst
@@ -6,11 +6,9 @@
Two implementations of a Secure Partition Manager co-exist in the TF-A codebase:
-- SPM based on the PSA FF-A specification (`Secure Partition Manager`__).
+- SPM based on the PSA FF-A specification (:ref:`Secure Partition Manager`).
- SPM based on the MM interface.
-.. __: secure-partition-manager.html
-
Both implementations differ in their architectures and only one can be selected
at build time.
diff --git a/docs/components/secure-partition-manager.rst b/docs/components/secure-partition-manager.rst
index 2169f30..e09da53 100644
--- a/docs/components/secure-partition-manager.rst
+++ b/docs/components/secure-partition-manager.rst
@@ -833,9 +833,7 @@
.. _[2]:
-[2] `Secure Partition Manager using MM interface`__
-
-.. __: secure-partition-manager-mm.html
+[2] :ref:`Secure Partition Manager using MM interface<Secure Partition Manager (MM)>`
.. _[3]:
diff --git a/docs/design/firmware-design.rst b/docs/design/firmware-design.rst
index ae6dd46..a357d58 100644
--- a/docs/design/firmware-design.rst
+++ b/docs/design/firmware-design.rst
@@ -957,6 +957,8 @@
|Image 1|
+.. _handling-an-smc:
+
Handling an SMC
~~~~~~~~~~~~~~~
@@ -1300,6 +1302,8 @@
already been performed and act as appropriate. Possible courses of actions are,
e.g. skip the action the second time, or undo/redo it.
+.. _configuring-secure-interrupts:
+
Configuring secure interrupts
-----------------------------
diff --git a/docs/design/interrupt-framework-design.rst b/docs/design/interrupt-framework-design.rst
index 2e200aa..dfb2eac 100644
--- a/docs/design/interrupt-framework-design.rst
+++ b/docs/design/interrupt-framework-design.rst
@@ -150,10 +150,8 @@
However, when ``EL3_EXCEPTION_HANDLING`` is ``1``, this routing model is
invalid as EL3 interrupts are unconditionally routed to EL3, and EL3
- interrupts will always preempt Secure EL1/EL0 execution. See `exception
- handling`__ documentation.
-
- .. __: exception-handling.rst#interrupt-handling
+ interrupts will always preempt Secure EL1/EL0 execution. See :ref:`exception
+ handling<interrupt-handling>` documentation.
#. **CSS=0, TEL3=1**. Interrupt is routed to EL3 when execution is in
Secure-EL1/Secure-EL0. This is a valid routing model as secure software
@@ -303,6 +301,8 @@
`Software components`_) during the registration of a handler for an interrupt
type.
+.. _el3-runtime-firmware:
+
EL3 runtime firmware
~~~~~~~~~~~~~~~~~~~~
@@ -901,14 +901,14 @@
|Image 2|
-Secure payload
-~~~~~~~~~~~~~~
+.. _sp-synchronous-int:
+
+Secure payload interrupt handling
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The SP should implement one or both of the synchronous and asynchronous
interrupt handling models depending upon the interrupt routing model it has
-chosen (as described in section `Secure Payload`__).
-
-.. __: #sp-int-registration
+chosen (as described in section :ref:`Secure Payload <sp-int-registration>`).
In the synchronous model, it should begin handling a Secure-EL1 interrupt after
receiving control from the SPD service at an entrypoint agreed upon during build
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index bfc50df..b15ea1b 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -346,16 +346,14 @@
- ``GICV2_G0_FOR_EL3``: Unlike GICv3, the GICv2 architecture doesn't have
inherent support for specific EL3 type interrupts. Setting this build option
to ``1`` assumes GICv2 *Group 0* interrupts are expected to target EL3, both
- by `platform abstraction layer`__ and `Interrupt Management Framework`__.
+ by :ref:`platform abstraction layer<platform Interrupt Controller API>` and
+ :ref:`Interrupt Management Framework<Interrupt Management Framework>`.
This allows GICv2 platforms to enable features requiring EL3 interrupt type.
This also means that all GICv2 Group 0 interrupts are delivered to EL3, and
the Secure Payload interrupts needs to be synchronously handed over to Secure
EL1 for handling. The default value of this option is ``0``, which means the
Group 0 interrupts are assumed to be handled by Secure EL1.
- .. __: platform-interrupt-controller-API.rst
- .. __: interrupt-framework-design.rst
-
- ``HANDLE_EA_EL3_FIRST``: When set to ``1``, External Aborts and SError
Interrupts will be always trapped in EL3 i.e. in BL31 at runtime. When set to
``0`` (default), these exceptions will be trapped in the current exception
@@ -721,6 +719,10 @@
bit, to trap access to the RAS ERR and RAS ERX registers from lower ELs.
This flag is disabled by default.
+- ``OPENSSL_DIR``: This flag is used to provide the installed openssl directory
+ path on the host machine which is used to build certificate generation and
+ firmware encryption tool.
+
GICv3 driver options
--------------------
diff --git a/docs/getting_started/porting-guide.rst b/docs/getting_started/porting-guide.rst
index 7aaeae2..6b8bbc6 100644
--- a/docs/getting_started/porting-guide.rst
+++ b/docs/getting_started/porting-guide.rst
@@ -2482,9 +2482,7 @@
``FVP_USE_GIC_DRIVER`` (See :ref:`build_options_arm_fvp_platform` for more
details).
-See also: `Interrupt Controller Abstraction APIs`__.
-
-.. __: ../design/platform-interrupt-controller-API.rst
+See also: :ref:`Interrupt Controller Abstraction APIs<Platform Interrupt Controller API>`.
Function : plat_interrupt_type_to_line() [mandatory]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -2609,9 +2607,7 @@
the highest pending interrupt has begun. It should return the raw, unmodified
value obtained from the interrupt controller when acknowledging an interrupt.
The actual interrupt number shall be extracted from this raw value using the API
-`plat_ic_get_interrupt_id()`__.
-
-.. __: ../design/platform-interrupt-controller-API.rst#function-unsigned-int-plat-ic-get-interrupt-id-unsigned-int-raw-optional
+`plat_ic_get_interrupt_id()<plat_ic_get_interrupt_id>`.
This function in Arm standard platforms using GICv2, reads the *Interrupt
Acknowledge Register* (``GICC_IAR``). This changes the state of the highest
diff --git a/docs/plat/arm/fvp/index.rst b/docs/plat/arm/fvp/index.rst
index fd658bb..745e31f 100644
--- a/docs/plat/arm/fvp/index.rst
+++ b/docs/plat/arm/fvp/index.rst
@@ -635,7 +635,7 @@
*Copyright (c) 2019-2020, Arm Limited. All rights reserved.*
-.. _TB_FW_CONFIG for FVP: ../plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts
+.. _TB_FW_CONFIG for FVP: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts
.. _Arm's website: `FVP models`_
.. _FVP models: https://developer.arm.com/products/system-design/fixed-virtual-platforms
.. _Linaro Release 19.06: http://releases.linaro.org/members/arm/platforms/19.06
diff --git a/drivers/auth/dualroot/cot.c b/drivers/auth/dualroot/cot.c
index 31e5d65..68f3d46 100644
--- a/drivers/auth/dualroot/cot.c
+++ b/drivers/auth/dualroot/cot.c
@@ -693,8 +693,8 @@
* Secure Partitions
*/
#if defined(SPD_spmd)
-static const auth_img_desc_t sp_content_cert = {
- .img_id = SP_CONTENT_CERT_ID,
+static const auth_img_desc_t sip_sp_content_cert = {
+ .img_id = SIP_SP_CONTENT_CERT_ID,
.img_type = IMG_CERT,
.parent = &trusted_key_cert,
.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
@@ -775,14 +775,14 @@
}
};
-DEFINE_SP_PKG(1);
-DEFINE_SP_PKG(2);
-DEFINE_SP_PKG(3);
-DEFINE_SP_PKG(4);
-DEFINE_SP_PKG(5);
-DEFINE_SP_PKG(6);
-DEFINE_SP_PKG(7);
-DEFINE_SP_PKG(8);
+DEFINE_SIP_SP_PKG(1);
+DEFINE_SIP_SP_PKG(2);
+DEFINE_SIP_SP_PKG(3);
+DEFINE_SIP_SP_PKG(4);
+DEFINE_SIP_SP_PKG(5);
+DEFINE_SIP_SP_PKG(6);
+DEFINE_SIP_SP_PKG(7);
+DEFINE_SIP_SP_PKG(8);
#endif /* SPD_spmd */
#else /* IMAGE_BL2 */
@@ -914,15 +914,15 @@
[BL33_IMAGE_ID] = &bl33_image,
[NT_FW_CONFIG_ID] = &nt_fw_config,
#if defined(SPD_spmd)
- [SP_CONTENT_CERT_ID] = &sp_content_cert,
- [SP_CONTENT_CERT_ID + 1] = &sp_pkg1,
- [SP_CONTENT_CERT_ID + 2] = &sp_pkg2,
- [SP_CONTENT_CERT_ID + 3] = &sp_pkg3,
- [SP_CONTENT_CERT_ID + 4] = &sp_pkg4,
- [SP_CONTENT_CERT_ID + 5] = &sp_pkg5,
- [SP_CONTENT_CERT_ID + 6] = &sp_pkg6,
- [SP_CONTENT_CERT_ID + 7] = &sp_pkg7,
- [SP_CONTENT_CERT_ID + 8] = &sp_pkg8,
+ [SIP_SP_CONTENT_CERT_ID] = &sip_sp_content_cert,
+ [SP_PKG1_ID] = &sp_pkg1,
+ [SP_PKG2_ID] = &sp_pkg2,
+ [SP_PKG3_ID] = &sp_pkg3,
+ [SP_PKG4_ID] = &sp_pkg4,
+ [SP_PKG5_ID] = &sp_pkg5,
+ [SP_PKG6_ID] = &sp_pkg6,
+ [SP_PKG7_ID] = &sp_pkg7,
+ [SP_PKG8_ID] = &sp_pkg8,
#endif
};
#endif
diff --git a/drivers/auth/tbbr/tbbr_cot_bl2.c b/drivers/auth/tbbr/tbbr_cot_bl2.c
index 63c18fa..65a0478 100644
--- a/drivers/auth/tbbr/tbbr_cot_bl2.c
+++ b/drivers/auth/tbbr/tbbr_cot_bl2.c
@@ -558,8 +558,8 @@
};
/* Secure Partitions */
#if defined(SPD_spmd)
-static const auth_img_desc_t sp_content_cert = {
- .img_id = SP_CONTENT_CERT_ID,
+static const auth_img_desc_t sip_sp_content_cert = {
+ .img_id = SIP_SP_CONTENT_CERT_ID,
.img_type = IMG_CERT,
.parent = &trusted_key_cert,
.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
@@ -640,14 +640,14 @@
}
};
-DEFINE_SP_PKG(1);
-DEFINE_SP_PKG(2);
-DEFINE_SP_PKG(3);
-DEFINE_SP_PKG(4);
-DEFINE_SP_PKG(5);
-DEFINE_SP_PKG(6);
-DEFINE_SP_PKG(7);
-DEFINE_SP_PKG(8);
+DEFINE_SIP_SP_PKG(1);
+DEFINE_SIP_SP_PKG(2);
+DEFINE_SIP_SP_PKG(3);
+DEFINE_SIP_SP_PKG(4);
+DEFINE_SIP_SP_PKG(5);
+DEFINE_SIP_SP_PKG(6);
+DEFINE_SIP_SP_PKG(7);
+DEFINE_SIP_SP_PKG(8);
#endif /* SPD_spmd */
static const auth_img_desc_t * const cot_desc[] = {
@@ -672,15 +672,15 @@
[BL33_IMAGE_ID] = &bl33_image,
[NT_FW_CONFIG_ID] = &nt_fw_config,
#if defined(SPD_spmd)
- [SP_CONTENT_CERT_ID] = &sp_content_cert,
- [SP_CONTENT_CERT_ID + 1] = &sp_pkg1,
- [SP_CONTENT_CERT_ID + 2] = &sp_pkg2,
- [SP_CONTENT_CERT_ID + 3] = &sp_pkg3,
- [SP_CONTENT_CERT_ID + 4] = &sp_pkg4,
- [SP_CONTENT_CERT_ID + 5] = &sp_pkg5,
- [SP_CONTENT_CERT_ID + 6] = &sp_pkg6,
- [SP_CONTENT_CERT_ID + 7] = &sp_pkg7,
- [SP_CONTENT_CERT_ID + 8] = &sp_pkg8,
+ [SIP_SP_CONTENT_CERT_ID] = &sip_sp_content_cert,
+ [SP_PKG1_ID] = &sp_pkg1,
+ [SP_PKG2_ID] = &sp_pkg2,
+ [SP_PKG3_ID] = &sp_pkg3,
+ [SP_PKG4_ID] = &sp_pkg4,
+ [SP_PKG5_ID] = &sp_pkg5,
+ [SP_PKG6_ID] = &sp_pkg6,
+ [SP_PKG7_ID] = &sp_pkg7,
+ [SP_PKG8_ID] = &sp_pkg8,
#endif
};
diff --git a/fdts/cot_descriptors.dtsi b/fdts/cot_descriptors.dtsi
index 753d56a..9308e17 100644
--- a/fdts/cot_descriptors.dtsi
+++ b/fdts/cot_descriptors.dtsi
@@ -146,8 +146,8 @@
};
#if defined(SPD_spmd)
- sp_content_cert: sp_content_cert {
- image-id = <SP_CONTENT_CERT_ID>;
+ sip_sp_content_cert: sip_sp_content_cert {
+ image-id = <SIP_SP_CONTENT_CERT_ID>;
parent = <&trusted_key_cert>;
signing-key = <&trusted_world_pk>;
antirollback-counter = <&trusted_nv_counter>;
@@ -251,50 +251,50 @@
#if defined(SPD_spmd)
sp_pkg1 {
- image-id = <SP_CONTENT_CERT_ID + 1>;
- parent = <&sp_content_cert>;
+ image-id = <SP_PKG1_ID>;
+ parent = <&sip_sp_content_cert>;
hash = <&sp_pkg1_hash>;
};
sp_pkg2 {
- image-id = <SP_CONTENT_CERT_ID + 2>;
- parent = <&sp_content_cert>;
+ image-id = <SP_PKG2_ID>;
+ parent = <&sip_sp_content_cert>;
hash = <&sp_pkg2_hash>;
};
sp_pkg3 {
- image-id = <SP_CONTENT_CERT_ID + 3>;
- parent = <&sp_content_cert>;
+ image-id = <SP_PKG3_ID>;
+ parent = <&sip_sp_content_cert>;
hash = <&sp_pkg3_hash>;
};
sp_pkg4 {
- image-id = <SP_CONTENT_CERT_ID + 4>;
- parent = <&sp_content_cert>;
+ image-id = <SP_PKG4_ID>;
+ parent = <&sip_sp_content_cert>;
hash = <&sp_pkg4_hash>;
};
sp_pkg5 {
- image-id = <SP_CONTENT_CERT_ID + 5>;
- parent = <&sp_content_cert>;
+ image-id = <SP_PKG5_ID>;
+ parent = <&sip_sp_content_cert>;
hash = <&sp_pkg5_hash>;
};
sp_pkg6 {
- image-id = <SP_CONTENT_CERT_ID + 6>;
- parent = <&sp_content_cert>;
+ image-id = <SP_PKG6_ID>;
+ parent = <&sip_sp_content_cert>;
hash = <&sp_pkg6_hash>;
};
sp_pkg7 {
- image-id = <SP_CONTENT_CERT_ID + 7>;
- parent = <&sp_content_cert>;
+ image-id = <SP_PKG7_ID>;
+ parent = <&sip_sp_content_cert>;
hash = <&sp_pkg7_hash>;
};
sp_pkg8 {
- image-id = <SP_CONTENT_CERT_ID + 8>;
- parent = <&sp_content_cert>;
+ image-id = <SP_PKG8_ID>;
+ parent = <&sip_sp_content_cert>;
hash = <&sp_pkg8_hash>;
};
#endif
diff --git a/include/common/tbbr/tbbr_img_def.h b/include/common/tbbr/tbbr_img_def.h
index e057891..b29b135 100644
--- a/include/common/tbbr/tbbr_img_def.h
+++ b/include/common/tbbr/tbbr_img_def.h
@@ -10,7 +10,7 @@
#include <export/common/tbbr/tbbr_img_def_exp.h>
#if defined(SPD_spmd)
-#define SP_CONTENT_CERT_ID MAX_IMAGE_IDS
+#define SIP_SP_CONTENT_CERT_ID MAX_IMAGE_IDS
#define SP_PKG1_ID (MAX_IMAGE_IDS + 1)
#define SP_PKG2_ID (MAX_IMAGE_IDS + 2)
#define SP_PKG3_ID (MAX_IMAGE_IDS + 3)
diff --git a/include/drivers/auth/auth_mod.h b/include/drivers/auth/auth_mod.h
index 01d144d..504e539 100644
--- a/include/drivers/auth/auth_mod.h
+++ b/include/drivers/auth/auth_mod.h
@@ -51,11 +51,11 @@
extern unsigned int auth_img_flags[MAX_NUMBER_IDS];
#if defined(SPD_spmd)
-#define DEFINE_SP_PKG(n) \
+#define DEFINE_SIP_SP_PKG(n) \
static const auth_img_desc_t sp_pkg##n = { \
- .img_id = SP_CONTENT_CERT_ID + (n), \
+ .img_id = SP_PKG##n##_ID, \
.img_type = IMG_RAW, \
- .parent = &sp_content_cert, \
+ .parent = &sip_sp_content_cert, \
.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { \
[0] = { \
.type = AUTH_METHOD_HASH, \
diff --git a/lib/aarch32/misc_helpers.S b/lib/aarch32/misc_helpers.S
index 6d2ec1c..e9734ac 100644
--- a/lib/aarch32/misc_helpers.S
+++ b/lib/aarch32/misc_helpers.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -149,17 +149,16 @@
blo m_loop1
ldr r3, [r1], #4
str r3, [r0], #4
- sub r2, r2, #4
- b m_loop4
+ subs r2, r2, #4
+ bne m_loop4
+ bx lr
+
/* copy byte per byte */
m_loop1:
- cmp r2,#0
- beq m_end
ldrb r3, [r1], #1
strb r3, [r0], #1
subs r2, r2, #1
bne m_loop1
-m_end:
bx lr
endfunc memcpy4
diff --git a/lib/xlat_tables/aarch32/nonlpae_tables.c b/lib/xlat_tables/aarch32/nonlpae_tables.c
index b8c2686..7cd509d 100644
--- a/lib/xlat_tables/aarch32/nonlpae_tables.c
+++ b/lib/xlat_tables/aarch32/nonlpae_tables.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2016-2017, Linaro Limited. All rights reserved.
- * Copyright (c) 2014-2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2014-2020, Arm Limited. All rights reserved.
* Copyright (c) 2014, STMicroelectronics International N.V.
* All rights reserved.
*
@@ -30,8 +30,8 @@
CASSERT(PLAT_VIRT_ADDR_SPACE_SIZE == (1ULL << 32), invalid_vaddr_space_size);
CASSERT(PLAT_PHY_ADDR_SPACE_SIZE == (1ULL << 32), invalid_paddr_space_size);
-#define MMU32B_UNSET_DESC ~0ul
-#define MMU32B_INVALID_DESC 0ul
+#define MMU32B_UNSET_DESC ~0UL
+#define MMU32B_INVALID_DESC 0UL
#define MT_UNKNOWN ~0U
@@ -40,38 +40,38 @@
*/
/* Sharable */
-#define MMU32B_TTB_S (1 << 1)
+#define MMU32B_TTB_S (1U << 1)
/* Not Outer Sharable */
-#define MMU32B_TTB_NOS (1 << 5)
+#define MMU32B_TTB_NOS (1U << 5)
/* Normal memory, Inner Non-cacheable */
-#define MMU32B_TTB_IRGN_NC 0
+#define MMU32B_TTB_IRGN_NC 0U
/* Normal memory, Inner Write-Back Write-Allocate Cacheable */
-#define MMU32B_TTB_IRGN_WBWA (1 << 6)
+#define MMU32B_TTB_IRGN_WBWA (1U << 6)
/* Normal memory, Inner Write-Through Cacheable */
-#define MMU32B_TTB_IRGN_WT 1
+#define MMU32B_TTB_IRGN_WT 1U
/* Normal memory, Inner Write-Back no Write-Allocate Cacheable */
-#define MMU32B_TTB_IRGN_WB (1 | (1 << 6))
+#define MMU32B_TTB_IRGN_WB (1U | (1U << 6))
/* Normal memory, Outer Write-Back Write-Allocate Cacheable */
-#define MMU32B_TTB_RNG_WBWA (1 << 3)
+#define MMU32B_TTB_RNG_WBWA (1U << 3)
#define MMU32B_DEFAULT_ATTRS \
(MMU32B_TTB_S | MMU32B_TTB_NOS | \
MMU32B_TTB_IRGN_WBWA | MMU32B_TTB_RNG_WBWA)
/* armv7 memory mapping attributes: section mapping */
-#define SECTION_SECURE (0 << 19)
-#define SECTION_NOTSECURE (1 << 19)
-#define SECTION_SHARED (1 << 16)
-#define SECTION_NOTGLOBAL (1 << 17)
-#define SECTION_ACCESS_FLAG (1 << 10)
-#define SECTION_UNPRIV (1 << 11)
-#define SECTION_RO (1 << 15)
+#define SECTION_SECURE (0U << 19)
+#define SECTION_NOTSECURE (1U << 19)
+#define SECTION_SHARED (1U << 16)
+#define SECTION_NOTGLOBAL (1U << 17)
+#define SECTION_ACCESS_FLAG (1U << 10)
+#define SECTION_UNPRIV (1U << 11)
+#define SECTION_RO (1U << 15)
#define SECTION_TEX(tex) ((((tex) >> 2) << 12) | \
((((tex) >> 1) & 0x1) << 3) | \
(((tex) & 0x1) << 2))
@@ -80,16 +80,16 @@
#define SECTION_NORMAL_CACHED \
SECTION_TEX(MMU32B_ATTR_IWBWA_OWBWA_INDEX)
-#define SECTION_XN (1 << 4)
-#define SECTION_PXN (1 << 0)
-#define SECTION_SECTION (2 << 0)
+#define SECTION_XN (1U << 4)
+#define SECTION_PXN (1U << 0)
+#define SECTION_SECTION (2U << 0)
-#define SECTION_PT_NOTSECURE (1 << 3)
-#define SECTION_PT_PT (1 << 0)
+#define SECTION_PT_NOTSECURE (1U << 3)
+#define SECTION_PT_PT (1U << 0)
-#define SMALL_PAGE_SMALL_PAGE (1 << 1)
-#define SMALL_PAGE_SHARED (1 << 10)
-#define SMALL_PAGE_NOTGLOBAL (1 << 11)
+#define SMALL_PAGE_SMALL_PAGE (1U << 1)
+#define SMALL_PAGE_SHARED (1U << 10)
+#define SMALL_PAGE_NOTGLOBAL (1U << 11)
#define SMALL_PAGE_TEX(tex) ((((tex) >> 2) << 6) | \
((((tex) >> 1) & 0x1) << 3) | \
(((tex) & 0x1) << 2))
@@ -99,39 +99,39 @@
SMALL_PAGE_TEX(MMU32B_ATTR_DEVICE_INDEX)
#define SMALL_PAGE_NORMAL_CACHED \
SMALL_PAGE_TEX(MMU32B_ATTR_IWBWA_OWBWA_INDEX)
-#define SMALL_PAGE_ACCESS_FLAG (1 << 4)
-#define SMALL_PAGE_UNPRIV (1 << 5)
-#define SMALL_PAGE_RO (1 << 9)
-#define SMALL_PAGE_XN (1 << 0)
+#define SMALL_PAGE_ACCESS_FLAG (1U << 4)
+#define SMALL_PAGE_UNPRIV (1U << 5)
+#define SMALL_PAGE_RO (1U << 9)
+#define SMALL_PAGE_XN (1U << 0)
/* The TEX, C and B bits concatenated */
-#define MMU32B_ATTR_DEVICE_INDEX 0x0
-#define MMU32B_ATTR_IWBWA_OWBWA_INDEX 0x1
+#define MMU32B_ATTR_DEVICE_INDEX 0U
+#define MMU32B_ATTR_IWBWA_OWBWA_INDEX 1U
#define MMU32B_PRRR_IDX(idx, tr, nos) (((tr) << (2 * (idx))) | \
((uint32_t)(nos) << ((idx) + 24)))
#define MMU32B_NMRR_IDX(idx, ir, or) (((ir) << (2 * (idx))) | \
((uint32_t)(or) << (2 * (idx) + 16)))
-#define MMU32B_PRRR_DS0 (1 << 16)
-#define MMU32B_PRRR_DS1 (1 << 17)
-#define MMU32B_PRRR_NS0 (1 << 18)
-#define MMU32B_PRRR_NS1 (1 << 19)
+#define MMU32B_PRRR_DS0 (1U << 16)
+#define MMU32B_PRRR_DS1 (1U << 17)
+#define MMU32B_PRRR_NS0 (1U << 18)
+#define MMU32B_PRRR_NS1 (1U << 19)
#define DACR_DOMAIN(num, perm) ((perm) << ((num) * 2))
-#define DACR_DOMAIN_PERM_NO_ACCESS 0x0
-#define DACR_DOMAIN_PERM_CLIENT 0x1
-#define DACR_DOMAIN_PERM_MANAGER 0x3
+#define DACR_DOMAIN_PERM_NO_ACCESS 0U
+#define DACR_DOMAIN_PERM_CLIENT 1U
+#define DACR_DOMAIN_PERM_MANAGER 3U
-#define NUM_1MB_IN_4GB (1U << 12)
-#define NUM_4K_IN_1MB (1U << 8)
+#define NUM_1MB_IN_4GB (1UL << 12)
+#define NUM_4K_IN_1MB (1UL << 8)
#define ONE_MB_SHIFT 20
/* mmu 32b integration */
#define MMU32B_L1_TABLE_SIZE (NUM_1MB_IN_4GB * 4)
#define MMU32B_L2_TABLE_SIZE (NUM_4K_IN_1MB * 4)
-#define MMU32B_L1_TABLE_ALIGN (1 << 14)
-#define MMU32B_L2_TABLE_ALIGN (1 << 10)
+#define MMU32B_L1_TABLE_ALIGN (1U << 14)
+#define MMU32B_L2_TABLE_ALIGN (1U << 10)
static unsigned int next_xlat;
static unsigned long long xlat_max_pa;
@@ -190,8 +190,9 @@
assert(IS_PAGE_ALIGNED(base_va));
assert(IS_PAGE_ALIGNED(size));
- if (size == 0U)
+ if (size == 0U) {
return;
+ }
assert(base_pa < end_pa); /* Check for overflows */
assert(base_va < end_va);
@@ -249,8 +250,9 @@
#endif /* ENABLE_ASSERTIONS */
/* Find correct place in mmap to insert new region */
- while ((mm->base_va < base_va) && (mm->size != 0U))
+ while ((mm->base_va < base_va) && (mm->size != 0U)) {
++mm;
+ }
/*
* If a section is contained inside another one with the same base
@@ -263,8 +265,9 @@
* This is required for mmap_region_attr() to get the attributes of the
* small region correctly.
*/
- while ((mm->base_va == base_va) && (mm->size > size))
+ while ((mm->base_va == base_va) && (mm->size > size)) {
++mm;
+ }
/* Make room for new region by moving other regions up by one place */
(void)memmove(mm + 1, mm, (uintptr_t)mm_last - (uintptr_t)mm);
@@ -277,10 +280,12 @@
mm->size = size;
mm->attr = attr;
- if (end_pa > xlat_max_pa)
+ if (end_pa > xlat_max_pa) {
xlat_max_pa = end_pa;
- if (end_va > xlat_max_va)
+ }
+ if (end_va > xlat_max_va) {
xlat_max_va = end_va;
+ }
}
/* map all memory as shared/global/domain0/no-usr access */
@@ -290,42 +295,44 @@
uint32_t desc;
switch (level) {
- case 1:
- assert(!(addr_pa & (MMU32B_L1_TABLE_ALIGN - 1)));
+ case 1U:
+ assert((addr_pa & (MMU32B_L1_TABLE_ALIGN - 1)) == 0U);
desc = SECTION_SECTION | SECTION_SHARED;
- desc |= attr & MT_NS ? SECTION_NOTSECURE : 0;
+ desc |= (attr & MT_NS) != 0U ? SECTION_NOTSECURE : 0U;
desc |= SECTION_ACCESS_FLAG;
- desc |= attr & MT_RW ? 0 : SECTION_RO;
+ desc |= (attr & MT_RW) != 0U ? 0U : SECTION_RO;
- desc |= attr & MT_MEMORY ?
+ desc |= (attr & MT_MEMORY) != 0U ?
SECTION_NORMAL_CACHED : SECTION_DEVICE;
- if ((attr & MT_RW) || !(attr & MT_MEMORY))
+ if (((attr & MT_RW) != 0U) || ((attr & MT_MEMORY) == 0U)) {
desc |= SECTION_XN;
+ }
break;
- case 2:
- assert(!(addr_pa & (MMU32B_L2_TABLE_ALIGN - 1)));
+ case 2U:
+ assert((addr_pa & (MMU32B_L2_TABLE_ALIGN - 1)) == 0U);
desc = SMALL_PAGE_SMALL_PAGE | SMALL_PAGE_SHARED;
desc |= SMALL_PAGE_ACCESS_FLAG;
- desc |= attr & MT_RW ? 0 : SMALL_PAGE_RO;
+ desc |= (attr & MT_RW) != 0U ? 0U : SMALL_PAGE_RO;
- desc |= attr & MT_MEMORY ?
+ desc |= (attr & MT_MEMORY) != 0U ?
SMALL_PAGE_NORMAL_CACHED : SMALL_PAGE_DEVICE;
- if ((attr & MT_RW) || !(attr & MT_MEMORY))
+ if (((attr & MT_RW) != 0U) || ((attr & MT_MEMORY) == 0U)) {
desc |= SMALL_PAGE_XN;
+ }
break;
default:
panic();
}
#if LOG_LEVEL >= LOG_LEVEL_VERBOSE
/* dump only the non-lpae level 2 tables */
- if (level == 2) {
+ if (level == 2U) {
printf(attr & MT_MEMORY ? "MEM" : "dev");
printf(attr & MT_RW ? "-rw" : "-RO");
printf(attr & MT_NS ? "-NS" : "-S");
@@ -357,26 +364,31 @@
*/
for ( ; ; ++mm) {
- if (mm->size == 0U)
+ if (mm->size == 0U) {
return ret; /* Reached end of list */
+ }
- if (mm->base_va > (base_va + size - 1U))
+ if (mm->base_va > (base_va + size - 1U)) {
return ret; /* Next region is after area so end */
+ }
- if ((mm->base_va + mm->size - 1U) < base_va)
+ if ((mm->base_va + mm->size - 1U) < base_va) {
continue; /* Next region has already been overtaken */
+ }
- if ((ret == 0U) && (mm->attr == *attr))
+ if ((ret == 0U) && (mm->attr == *attr)) {
continue; /* Region doesn't override attribs so skip */
+ }
if ((mm->base_va > base_va) ||
- ((mm->base_va + mm->size - 1U) < (base_va + size - 1U)))
+ ((mm->base_va + mm->size - 1U) <
+ (base_va + size - 1U))) {
return MT_UNKNOWN; /* Region doesn't fully cover area */
+ }
*attr = mm->attr;
ret = 0U;
}
- return ret;
}
static mmap_region_t *init_xlation_table_inner(mmap_region_t *mm,
@@ -384,16 +396,16 @@
uint32_t *table,
unsigned int level)
{
- unsigned int level_size_shift = (level == 1) ?
+ unsigned int level_size_shift = (level == 1U) ?
ONE_MB_SHIFT : FOUR_KB_SHIFT;
- unsigned int level_size = 1 << level_size_shift;
- unsigned int level_index_mask = (level == 1) ?
+ unsigned int level_size = 1U << level_size_shift;
+ unsigned int level_index_mask = (level == 1U) ?
(NUM_1MB_IN_4GB - 1) << ONE_MB_SHIFT :
(NUM_4K_IN_1MB - 1) << FOUR_KB_SHIFT;
- assert(level == 1 || level == 2);
+ assert((level == 1U) || (level == 2U));
- VERBOSE("init xlat table at %p (level%1d)\n", (void *)table, level);
+ VERBOSE("init xlat table at %p (level%1u)\n", (void *)table, level);
do {
uint32_t desc = MMU32B_UNSET_DESC;
@@ -405,15 +417,17 @@
}
#if LOG_LEVEL >= LOG_LEVEL_VERBOSE
/* dump only non-lpae level 2 tables content */
- if (level == 2)
+ if (level == 2U) {
printf(" 0x%lx %x " + 6 - 2 * level,
base_va, level_size);
+ }
#endif
if (mm->base_va >= base_va + level_size) {
/* Next region is after area so nothing to map yet */
desc = MMU32B_INVALID_DESC;
- } else if (mm->base_va <= base_va && mm->base_va + mm->size >=
- base_va + level_size) {
+ } else if ((mm->base_va <= base_va) &&
+ (mm->base_va + mm->size) >=
+ (base_va + level_size)) {
/* Next region covers all of area */
unsigned int attr = mm->attr;
unsigned int r = mmap_region_attr(mm, base_va,
@@ -436,8 +450,8 @@
*/
if (*table) {
assert((*table & 3) == SECTION_PT_PT);
- assert(!(*table & SECTION_PT_NOTSECURE) ==
- !(mm->attr & MT_NS));
+ assert(((*table & SECTION_PT_NOTSECURE) == 0U)
+ == ((mm->attr & MT_NS) == 0U));
xlat_table = (*table) &
~(MMU32B_L1_TABLE_ALIGN - 1);
@@ -447,11 +461,11 @@
next_xlat * MMU32B_L2_TABLE_SIZE;
next_xlat++;
assert(next_xlat <= MAX_XLAT_TABLES);
- memset((char *)xlat_table, 0,
+ (void)memset((char *)xlat_table, 0,
MMU32B_L2_TABLE_SIZE);
desc = xlat_table | SECTION_PT_PT;
- desc |= mm->attr & MT_NS ?
+ desc |= (mm->attr & MT_NS) != 0U ?
SECTION_PT_NOTSECURE : 0;
}
/* Recurse to fill in new table */
@@ -461,12 +475,13 @@
}
#if LOG_LEVEL >= LOG_LEVEL_VERBOSE
/* dump only non-lpae level 2 tables content */
- if (level == 2)
+ if (level == 2U) {
printf("\n");
+ }
#endif
*table++ = desc;
base_va += level_size;
- } while (mm->size && (base_va & level_index_mask));
+ } while ((mm->size != 0U) && ((base_va & level_index_mask) != 0U));
return mm;
}
@@ -475,17 +490,16 @@
{
print_mmap();
- assert(!((unsigned int)mmu_l1_base & (MMU32B_L1_TABLE_ALIGN - 1)));
- assert(!((unsigned int)mmu_l2_base & (MMU32B_L2_TABLE_ALIGN - 1)));
+ assert(((unsigned int)mmu_l1_base & (MMU32B_L1_TABLE_ALIGN - 1)) == 0U);
+ assert(((unsigned int)mmu_l2_base & (MMU32B_L2_TABLE_ALIGN - 1)) == 0U);
- memset(mmu_l1_base, 0, MMU32B_L1_TABLE_SIZE);
+ (void)memset(mmu_l1_base, 0, MMU32B_L1_TABLE_SIZE);
init_xlation_table_inner(mmap, 0, (uint32_t *)mmu_l1_base, 1);
VERBOSE("init xlat - max_va=%p, max_pa=%llx\n",
(void *)xlat_max_va, xlat_max_pa);
- assert(xlat_max_va <= PLAT_VIRT_ADDR_SPACE_SIZE - 1);
- assert(xlat_max_pa <= PLAT_VIRT_ADDR_SPACE_SIZE - 1);
+ assert(xlat_max_pa <= (PLAT_VIRT_ADDR_SPACE_SIZE - 1));
}
/*******************************************************************************
@@ -499,7 +513,7 @@
unsigned int sctlr;
assert(IS_IN_SECURE());
- assert((read_sctlr() & SCTLR_M_BIT) == 0);
+ assert((read_sctlr() & SCTLR_M_BIT) == 0U);
/* Enable Access flag (simplified access permissions) and TEX remap */
write_sctlr(read_sctlr() | SCTLR_AFE_BIT | SCTLR_TRE_BIT);
@@ -522,7 +536,7 @@
/* set MMU base xlat table entry (use only TTBR0) */
write_ttbr0((uint32_t)mmu_l1_base | MMU32B_DEFAULT_ATTRS);
- write_ttbr1(0);
+ write_ttbr1(0U);
/*
* Ensure all translation table writes have drained
@@ -535,14 +549,15 @@
sctlr = read_sctlr();
sctlr |= SCTLR_M_BIT;
-#if ARMV7_SUPPORTS_VIRTUALIZATION
+#ifdef ARMV7_SUPPORTS_VIRTUALIZATION
sctlr |= SCTLR_WXN_BIT;
#endif
- if (flags & DISABLE_DCACHE)
+ if ((flags & DISABLE_DCACHE) != 0U) {
sctlr &= ~SCTLR_C_BIT;
- else
+ } else {
sctlr |= SCTLR_C_BIT;
+ }
write_sctlr(sctlr);
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index 9a6fd58..caf5990 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -308,3 +308,6 @@
# Build option to create cot descriptors using fconf
COT_DESC_IN_DTB := 0
+
+# Build option to provide openssl directory path
+OPENSSL_DIR := /usr
diff --git a/plat/arm/board/arm_fpga/fpga_bl31_setup.c b/plat/arm/board/arm_fpga/fpga_bl31_setup.c
index 6eeff45..9db107c 100644
--- a/plat/arm/board/arm_fpga/fpga_bl31_setup.c
+++ b/plat/arm/board/arm_fpga/fpga_bl31_setup.c
@@ -128,6 +128,84 @@
FPGA_DEFAULT_TIMER_FREQUENCY);
}
+static void fpga_prepare_dtb(void)
+{
+ void *fdt = (void *)(uintptr_t)FPGA_PRELOADED_DTB_BASE;
+ const char *cmdline = (void *)(uintptr_t)FPGA_PRELOADED_CMD_LINE;
+ int err;
+
+ err = fdt_open_into(fdt, fdt, FPGA_MAX_DTB_SIZE);
+ if (err < 0) {
+ ERROR("cannot open devicetree at %p: %d\n", fdt, err);
+ panic();
+ }
+
+ /* Check for the command line signature. */
+ if (!strncmp(cmdline, "CMD:", 4)) {
+ int chosen;
+
+ INFO("using command line at 0x%x\n", FPGA_PRELOADED_CMD_LINE);
+
+ chosen = fdt_add_subnode(fdt, 0, "chosen");
+ if (chosen == -FDT_ERR_EXISTS) {
+ chosen = fdt_path_offset(fdt, "/chosen");
+ }
+ if (chosen < 0) {
+ ERROR("cannot find /chosen node: %d\n", chosen);
+ } else {
+ const char *eol;
+ char nul = 0;
+ int slen;
+
+ /*
+ * There is most likely an EOL at the end of the
+ * command line, make sure we terminate the line there.
+ * We can't replace the EOL with a NUL byte in the
+ * source, as this is in read-only memory. So we first
+ * create the property without any termination, then
+ * append a single NUL byte.
+ */
+ eol = strchr(cmdline, '\n');
+ if (!eol) {
+ eol = strchr(cmdline, 0);
+ }
+ /* Skip the signature and omit the EOL/NUL byte. */
+ slen = eol - (cmdline + 4);
+
+ /*
+ * Let's limit the size of the property, just in case
+ * we find the signature by accident. The Linux kernel
+ * limits to 4096 characters at most (in fact 2048 for
+ * arm64), so that sounds like a reasonable number.
+ */
+ if (slen > 4095) {
+ slen = 4095;
+ }
+ err = fdt_setprop(fdt, chosen, "bootargs",
+ cmdline + 4, slen);
+ if (!err) {
+ err = fdt_appendprop(fdt, chosen, "bootargs",
+ &nul, 1);
+ }
+ if (err) {
+ ERROR("Could not set command line: %d\n", err);
+ }
+ }
+ }
+
+ err = fdt_pack(fdt);
+ if (err < 0) {
+ ERROR("Failed to pack Device Tree at %p: error %d\n", fdt, err);
+ }
+
+ clean_dcache_range((uintptr_t)fdt, fdt_blob_size(fdt));
+}
+
+void bl31_plat_runtime_setup(void)
+{
+ fpga_prepare_dtb();
+}
+
void bl31_plat_enable_mmu(uint32_t flags)
{
/* TODO: determine if MMU needs to be enabled */
diff --git a/plat/arm/board/arm_fpga/fpga_private.h b/plat/arm/board/arm_fpga/fpga_private.h
index 46287ad..47059d6 100644
--- a/plat/arm/board/arm_fpga/fpga_private.h
+++ b/plat/arm/board/arm_fpga/fpga_private.h
@@ -12,6 +12,7 @@
#define C_RUNTIME_READY_KEY (0xaa55aa55)
#define VALID_MPID (1U)
+#define FPGA_MAX_DTB_SIZE 0x10000
#ifndef __ASSEMBLER__
diff --git a/plat/arm/board/arm_fpga/platform.mk b/plat/arm/board/arm_fpga/platform.mk
index e57912c..1e7badf 100644
--- a/plat/arm/board/arm_fpga/platform.mk
+++ b/plat/arm/board/arm_fpga/platform.mk
@@ -29,6 +29,9 @@
FPGA_PRELOADED_DTB_BASE := 0x80070000
$(eval $(call add_define,FPGA_PRELOADED_DTB_BASE))
+FPGA_PRELOADED_CMD_LINE := 0x1000
+$(eval $(call add_define,FPGA_PRELOADED_CMD_LINE))
+
# Treating this as a memory-constrained port for now
USE_COHERENT_MEM := 0
diff --git a/plat/arm/common/fconf/arm_fconf_io.c b/plat/arm/common/fconf/arm_fconf_io.c
index 48cc4fe..350ecd1 100644
--- a/plat/arm/common/fconf/arm_fconf_io.c
+++ b/plat/arm/common/fconf/arm_fconf_io.c
@@ -51,7 +51,7 @@
[TRUSTED_OS_FW_CONTENT_CERT_ID] = {UUID_TRUSTED_OS_FW_CONTENT_CERT},
[NON_TRUSTED_FW_CONTENT_CERT_ID] = {UUID_NON_TRUSTED_FW_CONTENT_CERT},
#if defined(SPD_spmd)
- [SP_CONTENT_CERT_ID] = {UUID_SIP_SECURE_PARTITION_CONTENT_CERT},
+ [SIP_SP_CONTENT_CERT_ID] = {UUID_SIP_SECURE_PARTITION_CONTENT_CERT},
#endif
#endif /* ARM_IO_IN_DTB */
#endif /* TRUSTED_BOARD_BOOT */
@@ -184,9 +184,9 @@
open_fip
},
#if defined(SPD_spmd)
- [SP_CONTENT_CERT_ID] = {
+ [SIP_SP_CONTENT_CERT_ID] = {
&fip_dev_handle,
- (uintptr_t)&arm_uuid_spec[SP_CONTENT_CERT_ID],
+ (uintptr_t)&arm_uuid_spec[SIP_SP_CONTENT_CERT_ID],
open_fip
},
#endif
@@ -233,7 +233,7 @@
{TRUSTED_OS_FW_CONTENT_CERT_ID, "tos_fw_content_cert_uuid"},
{NON_TRUSTED_FW_CONTENT_CERT_ID, "nt_fw_content_cert_uuid"},
#if defined(SPD_spmd)
- {SP_CONTENT_CERT_ID, "sp_content_cert_uuid"},
+ {SIP_SP_CONTENT_CERT_ID, "sip_sp_content_cert_uuid"},
#endif
#endif /* TRUSTED_BOARD_BOOT */
};
diff --git a/plat/arm/common/fconf/arm_fconf_sp.c b/plat/arm/common/fconf/arm_fconf_sp.c
index 64e873e..4459264 100644
--- a/plat/arm/common/fconf/arm_fconf_sp.c
+++ b/plat/arm/common/fconf/arm_fconf_sp.c
@@ -30,7 +30,7 @@
union uuid_helper_t uuid_helper;
unsigned int index = 0;
uint32_t val32;
- const unsigned int sp_start_index = SP_CONTENT_CERT_ID + 1;
+ const unsigned int sp_start_index = SP_PKG1_ID;
/* As libfdt use void *, we can't avoid this cast */
const void *dtb = (void *)config;
@@ -45,6 +45,11 @@
}
fdt_for_each_subnode(sp_node, dtb, node) {
+ if (index == MAX_SP_IDS) {
+ ERROR("FCONF: Reached max number of SPs\n");
+ return -1;
+ }
+
err = fdt_read_uint32_array(dtb, sp_node, "uuid", 4,
uuid_helper.word);
if (err < 0) {
@@ -87,15 +92,10 @@
policies[sp_start_index + index].check = open_fip;
index++;
-
- if (index >= MAX_SP_IDS) {
- ERROR("FCONF: reached max number of SPs\n");
- return -1;
- }
}
if ((sp_node < 0) && (sp_node != -FDT_ERR_NOTFOUND)) {
- ERROR("%d: fdt_for_each_subnode(): %d\n", __LINE__, node);
+ ERROR("%u: fdt_for_each_subnode(): %d\n", __LINE__, node);
return sp_node;
}